Merge commit 'origin/v3-2-test' into v3-2-stable

Conflicts:

	WHATSNEW.txt
(This used to be commit a390bcf9403df4cf4d5eef42b35ebccbe253882e)

501 files changed, 80586 insertions, 53595 deletions

diff --git a/.gitignore b/.gitignore
index f11de08838..516fd45fe9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,7 @@
 *.o
 *.po
 *~
+source/TAGS
 source/client/client_proto.h
 source/libnet/libnet_proto.h
 source/include/build_env.h
@@ -45,3 +46,19 @@ examples/VFS/module_config.h.in
 examples/VFS/shadow_copy_test.so
 examples/VFS/skel_opaque.so
 examples/VFS/skel_transparent.so
+examples/libsmbclient/smbwrapper/smbsh
+examples/libsmbclient/smbwrapper/smbwrapper.so
+examples/libsmbclient/testacl
+examples/libsmbclient/testacl2
+examples/libsmbclient/testacl3
+examples/libsmbclient/testbrowse
+examples/libsmbclient/testbrowse2
+examples/libsmbclient/testchmod
+examples/libsmbclient/testread
+examples/libsmbclient/testsmbc
+examples/libsmbclient/teststat
+examples/libsmbclient/teststat2
+examples/libsmbclient/teststat3
+examples/libsmbclient/testutime
+examples/libsmbclient/testwrite
+examples/libsmbclient/testtruncate
diff --git a/PFIF.txt b/PFIF.txt
new file mode 100644
index 0000000000..09f1458e44
--- /dev/null
+++ b/PFIF.txt
@@ -0,0 +1,7 @@
+This code was developed in participation with the Protocol Freedom
+Information Foundation.
+
+Please see 
+  http://protocolfreedom.org/ and
+  http://samba.org/samba/PFIF/ 
+for more details.
diff --git a/README b/README
index 1d55a1040c..e6634febc0 100644
--- a/README
+++ b/README
@@ -102,16 +102,16 @@ for more details) and are always glad to receive feedback or
 suggestions to the address samba@lists.samba.org.  More information
 on the various Samba mailing lists can be found at http://lists.samba.org/.
 
-You can also get the Samba sourcecode straight from the Subversion tree - see
-http://samba.org/samba/subversion.html.
+You can also get the Samba sourcecode straight from the git repository - see
+http://wiki.samba.org/index.php/Using_Git_for_Samba_Development.
 
 You could also send hardware/software/money/jewelry or pre-paid pizza
 vouchers directly to Andrew. The pizza vouchers would be especially
 welcome, in fact there is a special field in the survey for people who
 have paid up their pizza :-)
 
-If you like a particular feature then look through the Subversion change-log
-(on the web at http://websvn.samba.org/cgi-bin/viewcvs.cgi) and see
+If you like a particular feature then look through the git change-log
+(on the web at http://gitweb.samba.org/?p=samba.git;a=summary) and see
 who added it, then send them an email.
 
 Remember that free software of this kind lives or dies by the response
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 253fe260de..2ac227d141 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,6 +1,6 @@
                    =================================
                    Release Notes for Samba 3.2.0pre2
-                               Jan 16, 2008
+                               Feb 29, 2008
                    =================================
 
 This is the second preview release of Samba 3.2.0.  This is *not*
@@ -22,18 +22,19 @@ Major enhancements in Samba 3.2.0 include:
   o Introduction of a registry based configuration system.
   o Improved CIFS Unix Extensions support.
   o Experimental support for file serving clusters.
-  o Support for IPv6 connections.
-
+  o Support for IPv6 in the server, and client tools and libraries.
+  o Support for storing alternate data streams in xattrs.
+  o Encrypted SMB transport in client tools and libraries, and server.
 
   Winbind and Active Directory Integration:
   o Full support for Windows 2003 cross-forest, transitive trusts
-    and one-way domain trusts
+    and one-way domain trusts.
   o Support for userPrincipalName logons via pam_winbind and NSS
     lookups.
   o Support in pam_winbind for logging on using the userPrincipalName.
   o Expansion of nested domain groups via NSS calls.
   o Support for Active Directory LDAP Signing policy.
-  o New LGPL Winbind client library (libwbclient.so)
+  o New LGPL Winbind client library (libwbclient.so).
 
 
   Users & Groups:
@@ -74,13 +75,12 @@ to the "Changes" section for details on the exact parameters that were
 updated.
 
 
-
 Registry Configuration Backend
 ==============================
 
 Samba is now able to use a registry based configuration backed to
 supplement smb.conf setting.  This feature may be enabled by setting
-"include = registry" and "registry shares = yes" in the [global]
+"config backend = registry" and "registry shares = yes" in the [global]
 section of smb.conf and may be managed using the "net conf" command.
 
 More information may be obtained from the smb.conf(5) and net(8) man
@@ -93,6 +93,11 @@ Removed Features
 Both the Python bindings and the libmsrpc shared library have been
 removed from the tree due to lack of an official maintainer.
 
+As smbfs is no longer supported in current kernel versions, smbmount has
+been removed in this Samba version. Please use cifs (mount.cifs) instead.
+See examples/scripts/mount/mount.smbfs as an example for a wrapper which
+calls mount.cifs instead of smbmount/mount.smbfs.
+
 
 
 ######################################################################
@@ -109,16 +114,20 @@ smb.conf changes
     client plaintext auth		Changed Default	No
     clustering				New		No
     cluster addresses			New		""
-    debug class                         New             No
+    config backend			New		file
     ctdb socket				New		""
+    debug class				New		No
+    hidden				New		No
     lanman auth				Changed Default	No
-    mangle map                          Removed
-    min receive file size                New             0
-    open files database hash size	Removed
-    read bmpx                           Removed
+    ldap debug level			New		0
+    ldap debug threshold		New		10
+    mangle map				Removed
+    min receive file size		New             0
+    open files database hashsize	Removed
+    read bmpx				Removed				
     registry shares			New		No
-    winbind expand groups               New             1
-    winbind rpc only                    New             No
+    winbind expand groups		New		1
+    winbind rpc only			New		No
 
 
 Changes since 3.2.0pre1:
@@ -130,13 +139,24 @@ o   Michael Adam <obnox@samba.org>
     * BUG 4308: Fix Excel save operation ACL bug.
     * Refactor and consolidate logic for retrieving the machine
       trust password information.
-    * VFS API cleanup.
+    * VFS API cleanup (remove redundant parameter).
     * BUG 4801: Correctly implement LSA lookup levels for LookupNames.
     * Add new option "debug class" to control printing of the debug class.
       in debug headers.
     * Enable building of the zfsacl and notify_fam vfs modules.
     * BUG 5083: Fix memleak in solarisacl module.
     * BUG 5063: Fix build on RHEL5.
+    * New smb.conf parameter "config backend = registry" to enable registry
+      only configuration.
+    * Move "net conf" functionality into a separate module libnet_conf.c
+    * Restructure registry code, eliminating the dynamic overlay.
+      Make use of reg_api instead of backend code in most places.
+    * Add support for intercepting LDAP libraries' debug output and print
+      it in Samba's debugging system.
+    * Libreplace fixes.
+    * Build fixes.
+    * Initial support for using subsystems as shared libraries.
+      Use talloc, tdb, and libnetapi as shared libraries internally.
 
 
 o   Jeremy Allison <jra@samba.org>
@@ -146,8 +166,15 @@ o   Jeremy Allison <jra@samba.org>
     * Remove unused utilities: smbctool and rpctorture.
     * Fix service principal detection to match Windows Vista
       (based on work from Andreas Schneider).
-    * Additional work on the session data privacy for clients
-      implementing the Unix CIFS Extensions.
+    * Encrypted SMB transport in client tools and libraries, and server.
+
+
+o   Kai Blin <kai@samba.org>
+    * Added support for an SMB_CONF_PATH environment variable
+      containing the path to smb.conf.
+    * Various fixes to ntlm_auth.
+    * make test now supports more extensive SPOOLSS testing using vlp.
+    * Correctly handle mixed-case hostnames in NTLMv2 authentication.
 
 
 o   Gerald (Jerry) Carter <jerry@samba.org>
@@ -175,7 +202,12 @@ o   Volker Lendecke <vl@samba.org>
     * Add generic a in-memory cache.
     * Import the Linux red-black tree implementation.
     * Remove large amount of global variables.
-    * Add vfs_xattr_tdb module for file systems that do not implement xattrs.
+    * Support for storing xattrs in tdb files.
+    * Support for storing alternate data streams in xattrs.
+    * Implement a generic in-memory cache based on rb-trees.
+    * Add implicit temporary talloc contexts via talloc_stack().
+    * Speed up the smbclient "get" command
+    * Add the aio_fork module
 
 
 o   Stefan Metzmacher <metze@samba.org>
@@ -185,6 +217,18 @@ o   Stefan Metzmacher <metze@samba.org>
     * Networking fixes to the libreplace library.
     * Pidl fixes.
     * Remove unused Winbind pipe calls.
+    * Build fixes.
+    * Fix for a crash bug in pidl generated client code.
+      This could have happend with [in,out,unique] pointers
+      when the client sends a valid pointer, but the server
+      responds with a NULL pointer (as samba-3.0.26a does for some calls).
+    * Change NTSTATUS into enum ndr_err_code in librpc/ndr.
+    * Remove unused calls in the struct based winbindd protocol.
+    * Add --configfile option to wbinfo.
+    * Convert winbind_env_set(), winbind_on() and winbind_off() into macros.
+    * Return rids and other_sids arrays in WBFLAG_PAM_INFO3_TEXT mode.
+    * Implement wbcErrorString() and wbcAuthenticateUserEx().
+    * Convert auth_winbind to use wbcAuthenticateUserEx().
 
 
 o   James Peach <jpeach@samba.org>
@@ -195,10 +239,16 @@ o   James Peach <jpeach@samba.org>
 o   Andreas Schneider <anschneider@suse.de>
     * Don't restart winbind if a corrupted tdb is found during
       initialization.
+    * Fix Windows 2008 (Longhorn) join.
+    * Add share parameter "hidden".
 
 
 o   Karolin Seeger <ks@sernet.de>
-    * Add net rap file user.
+    * Improve error messages of net subcommands.
+    * Add 'net rap file user'.
+    * Change LDAP search filter to find machine accounts which
+      are not located in the user suffix.
+    * Remove smbmount.
 
 
 o   David Shaw <dshaw@jabberwocky.com>
@@ -223,6 +273,9 @@ o   Jelmer Vernooij <jelmer@samba.org>
     * Additional portability support for building shared libraries.
 
 
+o   Corinna Vinschen <corinna@vinschen.de>
+    * Get Samba version or capability information from Windows user space.
+
 
 Original 3.2.0pre1 commits:
 ---------------------------
@@ -301,7 +354,7 @@ o   Volker Lendecke <vl@samba.org>
 
 
 o   Steve French <sfrench@samba.org>
-    * Fixes for mount.cfs Linux utility.
+    * Fixes for mount.cifs Linux utility.
 
 
 o   Stefan Metzmacher <metze@samba.org>
@@ -322,7 +375,7 @@ o   James Peach <jpeach@apple.com>
 
 
 o   Jiri Sasek <Jiri.Sasek@Sun.COM>
-    * Added vfs_vfsacl module.
+    * Added vfs_zfsacl module.
 
 
 o   Karolin Seeger <ks@sernet.de>
diff --git a/examples/VFS/skel_opaque.c b/examples/VFS/skel_opaque.c
index 5b196af5eb..4a6e6be42f 100644
--- a/examples/VFS/skel_opaque.c
+++ b/examples/VFS/skel_opaque.c
@@ -580,6 +580,21 @@ static int skel_aio_suspend(struct vfs_handle_struct *handle, struct files_struc
 	return vfswrap_aio_suspend(NULL, fsp, aiocb, n, ts);
 }
 
+static bool skel_aio_force(struct vfs_handle_struct *handle, struct files_struct *fsp)
+{
+	return vfswrap_aio_force(NULL, fsp);
+}
+
+static bool skel_is_offline(struct vfs_handle_struct *handle, const char *path, SMB_STRUCT_STAT *sbuf)
+{
+	return vfswrap_is_offline(NULL, path, sbuf);
+}
+
+static int skel_set_offline(struct vfs_handle_struct *handle, const char *path)
+{
+	return vfswrap_set_offline(NULL, path);
+}
+
 /* VFS operations structure */
 
 static vfs_op_tuple skel_op_tuples[] = {
@@ -676,7 +691,7 @@ static vfs_op_tuple skel_op_tuples[] = {
 	{SMB_VFS_OP(skel_sys_acl_free_text),		SMB_VFS_OP_SYS_ACL_FREE_TEXT,		SMB_VFS_LAYER_OPAQUE},
 	{SMB_VFS_OP(skel_sys_acl_free_acl),		SMB_VFS_OP_SYS_ACL_FREE_ACL,		SMB_VFS_LAYER_OPAQUE},
 	{SMB_VFS_OP(skel_sys_acl_free_qualifier),	SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,	SMB_VFS_LAYER_OPAQUE},
-	
+
 	/* EA operations. */
 	{SMB_VFS_OP(skel_getxattr),			SMB_VFS_OP_GETXATTR,			SMB_VFS_LAYER_OPAQUE},
 	{SMB_VFS_OP(skel_lgetxattr),			SMB_VFS_OP_LGETXATTR,			SMB_VFS_LAYER_OPAQUE},
@@ -699,6 +714,11 @@ static vfs_op_tuple skel_op_tuples[] = {
 	{SMB_VFS_OP(skel_aio_error),			SMB_VFS_OP_AIO_ERROR,			SMB_VFS_LAYER_OPAQUE},
 	{SMB_VFS_OP(skel_aio_fsync),			SMB_VFS_OP_AIO_FSYNC,			SMB_VFS_LAYER_OPAQUE},
 	{SMB_VFS_OP(skel_aio_suspend),			SMB_VFS_OP_AIO_SUSPEND,			SMB_VFS_LAYER_OPAQUE},
+	{SMB_VFS_OP(skel_aio_force),			SMB_VFS_OP_AIO_FORCE,			SMB_VFS_LAYER_OPAQUE},
+
+        /* offline operations */
+	{SMB_VFS_OP(skel_is_offline),		        SMB_VFS_OP_IS_OFFLINE,			SMB_VFS_LAYER_OPAQUE},
+	{SMB_VFS_OP(skel_set_offline),			SMB_VFS_OP_SET_OFFLINE,			SMB_VFS_LAYER_OPAQUE},
 
 	{NULL,						SMB_VFS_OP_NOOP,			SMB_VFS_LAYER_NOOP}
 };
diff --git a/examples/VFS/skel_transparent.c b/examples/VFS/skel_transparent.c
index 55407be10c..f4cb9b15ba 100644
--- a/examples/VFS/skel_transparent.c
+++ b/examples/VFS/skel_transparent.c
@@ -539,6 +539,26 @@ static int skel_aio_suspend(struct vfs_handle_struct *handle, struct files_struc
 	return SMB_VFS_NEXT_AIO_SUSPEND(handle, fsp, aiocb, n, ts);
 }
 
+static bool skel_aio_force(struct vfs_handle_struct *handle, struct files_struct *fsp)
+{
+        return SMB_VFS_NEXT_AIO_FORCE(handle, fsp);
+}
+
+static bool skel_is_offline(struct vfs_handle_struct *handle, const char *path, SMB_STRUCT_STAT *sbuf)
+{
+	return SMB_VFS_NEXT_IS_OFFLINE(handle, path, sbuf);
+}
+
+static int skel_set_offline(struct vfs_handle_struct *handle, const char *path)
+{
+	return SMB_VFS_NEXT_SET_OFFLINE(handle, path);
+}
+
+static bool skel_is_remotestorage(struct vfs_handle_struct *handle, const char *path)
+{
+	return SMB_VFS_NEXT_IS_REMOTESTORAGE(handle, path);
+}
+
 /* VFS operations structure */
 
 static vfs_op_tuple skel_op_tuples[] = {
@@ -633,7 +653,7 @@ static vfs_op_tuple skel_op_tuples[] = {
 	{SMB_VFS_OP(skel_sys_acl_free_text),		SMB_VFS_OP_SYS_ACL_FREE_TEXT,		SMB_VFS_LAYER_TRANSPARENT},
 	{SMB_VFS_OP(skel_sys_acl_free_acl),		SMB_VFS_OP_SYS_ACL_FREE_ACL,		SMB_VFS_LAYER_TRANSPARENT},
 	{SMB_VFS_OP(skel_sys_acl_free_qualifier),	SMB_VFS_OP_SYS_ACL_FREE_QUALIFIER,	SMB_VFS_LAYER_TRANSPARENT},
-	
+
 	/* EA operations. */
 	{SMB_VFS_OP(skel_getxattr),			SMB_VFS_OP_GETXATTR,			SMB_VFS_LAYER_TRANSPARENT},
 	{SMB_VFS_OP(skel_lgetxattr),			SMB_VFS_OP_LGETXATTR,			SMB_VFS_LAYER_TRANSPARENT},
@@ -656,6 +676,11 @@ static vfs_op_tuple skel_op_tuples[] = {
 	{SMB_VFS_OP(skel_aio_error),			SMB_VFS_OP_AIO_ERROR,			SMB_VFS_LAYER_TRANSPARENT},
 	{SMB_VFS_OP(skel_aio_fsync),			SMB_VFS_OP_AIO_FSYNC,			SMB_VFS_LAYER_TRANSPARENT},
 	{SMB_VFS_OP(skel_aio_suspend),			SMB_VFS_OP_AIO_SUSPEND,			SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(skel_aio_force),			SMB_VFS_OP_AIO_FORCE,			SMB_VFS_LAYER_TRANSPARENT},
+
+	/* offline operations */
+	{SMB_VFS_OP(skel_is_offline),			SMB_VFS_OP_IS_OFFLINE,			SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(skel_set_offline),			SMB_VFS_OP_SET_OFFLINE,			SMB_VFS_LAYER_TRANSPARENT},
 
 	{NULL,						SMB_VFS_OP_NOOP,			SMB_VFS_LAYER_NOOP}
 };
diff --git a/examples/libsmbclient/Makefile b/examples/libsmbclient/Makefile
index 26b80575fb..e2d8b6895f 100644
--- a/examples/libsmbclient/Makefile
+++ b/examples/libsmbclient/Makefile
@@ -18,13 +18,17 @@ LIBSMBCLIENT = -lwbclient -lsmbclient -ldl -lresolv
 TESTS=	testsmbc \
 	testacl \
 	testacl2 \
+	testacl3 \
 	testbrowse \
 	testbrowse2 \
 	teststat \
 	teststat2 \
+	teststat3 \
+	testtruncate \
 	testchmod \
 	testutime \
-	testread
+	testread \
+	testwrite
 
 #	tree \
 
@@ -46,6 +50,10 @@ testacl2: testacl2.o
 	@echo Linking testacl2
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< $(LIBSMBCLIENT) -lpopt
 
+testacl3: testacl3.o
+	@echo Linking testacl3
+	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< $(LIBSMBCLIENT) -lpopt
+
 testbrowse: testbrowse.o
 	@echo Linking testbrowse
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< $(LIBSMBCLIENT) -lpopt
@@ -62,6 +70,14 @@ teststat2: teststat2.o
 	@echo Linking teststat2
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< $(LIBSMBCLIENT) -lpopt
 
+teststat3: teststat3.o
+	@echo Linking teststat3
+	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< $(LIBSMBCLIENT) -lpopt
+
+testtruncate: testtruncate.o
+	@echo Linking testtruncate
+	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< $(LIBSMBCLIENT) -lpopt
+
 testchmod: testchmod.o
 	@echo Linking testchmod
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< $(LIBSMBCLIENT) -lpopt
@@ -74,6 +90,10 @@ testread: testread.o
 	@echo Linking testread
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< $(LIBSMBCLIENT) -lpopt
 
+testwrite: testwrite.o
+	@echo Linking testwrite
+	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< $(LIBSMBCLIENT) -lpopt
+
 smbsh:
 	make -C smbwrapper
 
diff --git a/examples/libsmbclient/get_auth_data_fn.h b/examples/libsmbclient/get_auth_data_fn.h
index eb493885af..b1d36c8bea 100644
--- a/examples/libsmbclient/get_auth_data_fn.h
+++ b/examples/libsmbclient/get_auth_data_fn.h
@@ -8,7 +8,23 @@ get_auth_data_fn(const char * pServer,
                  char * pPassword,
                  int maxLenPassword)
 {
-    char temp[128];
+    char            temp[128];
+    char            server[256] = { '\0' };
+    char            share[256] = { '\0' };
+    char            workgroup[256] = { '\0' };
+    char            username[256] = { '\0' };
+    char            password[256] = { '\0' };
+
+    if (strcmp(server, pServer) == 0 &&
+        strcmp(share, pShare) == 0 &&
+        *workgroup != '\0' &&
+        *username != '\0')
+    {
+        strncpy(pWorkgroup, workgroup, maxLenWorkgroup - 1);
+        strncpy(pUsername, username, maxLenUsername - 1);
+        strncpy(pPassword, password, maxLenPassword - 1);
+        return;
+    }
     
     fprintf(stdout, "Workgroup: [%s] ", pWorkgroup);
     fgets(temp, sizeof(temp), stdin);
@@ -48,4 +64,8 @@ get_auth_data_fn(const char * pServer,
     {
         strncpy(pPassword, temp, maxLenPassword - 1);
     }
+
+    strncpy(workgroup, pWorkgroup, sizeof(workgroup) - 1);
+    strncpy(username, pUsername, sizeof(username) - 1);
+    strncpy(password, pPassword, sizeof(password) - 1);
 }
diff --git a/examples/libsmbclient/smbwrapper/select.c b/examples/libsmbclient/smbwrapper/select.c
index 4e87a2e2e8..bb7a25f13e 100644
--- a/examples/libsmbclient/smbwrapper/select.c
+++ b/examples/libsmbclient/smbwrapper/select.c
@@ -72,13 +72,12 @@ int sys_select_intr(int maxfd, fd_set *readfds, fd_set *writefds, fd_set *errorf
 	int ret;
 	fd_set *readfds2, readfds_buf, *writefds2, writefds_buf, *errorfds2, errorfds_buf;
 	struct timeval tval2, *ptval, end_time, now_time;
-        extern void GetTimeOfDay(struct timeval *tval);
 
 	readfds2 = (readfds ? &readfds_buf : NULL);
 	writefds2 = (writefds ? &writefds_buf : NULL);
 	errorfds2 = (errorfds ? &errorfds_buf : NULL);
         if (tval) {
-                GetTimeOfDay(&end_time);
+                gettimeofday(&end_time, NULL);
                 end_time.tv_sec += tval->tv_sec;
                 end_time.tv_usec += tval->tv_usec;
                 end_time.tv_sec += end_time.tv_usec / 1000000;
@@ -96,7 +95,7 @@ int sys_select_intr(int maxfd, fd_set *readfds, fd_set *writefds, fd_set *errorf
 		if (errorfds)
 			errorfds_buf = *errorfds;
 		if (tval) {
-                        GetTimeOfDay(&now_time);
+                        gettimeofday(&now_time, NULL);
                         tval2.tv_sec = end_time.tv_sec - now_time.tv_sec;
 			tval2.tv_usec = end_time.tv_usec - now_time.tv_usec;
                         if ((signed long) tval2.tv_usec < 0) {
diff --git a/examples/libsmbclient/testacl3.c b/examples/libsmbclient/testacl3.c
new file mode 100644
index 0000000000..9102405659
--- /dev/null
+++ b/examples/libsmbclient/testacl3.c
@@ -0,0 +1,62 @@
+#include <sys/types.h>
+#include <stdio.h> 
+#include <unistd.h>
+#include <string.h> 
+#include <time.h> 
+#include <errno.h>
+#include <libsmbclient.h> 
+#include "get_auth_data_fn.h"
+
+
+int main(int argc, char * argv[]) 
+{ 
+    int             i;
+    int             fd;
+    int             ret;
+    int             debug = 0;
+    int             mode = 0666;
+    int             savedErrno;
+    char            value[2048]; 
+    char            path[2048];
+    char *          the_acl;
+    char *          p;
+    time_t          t0;
+    time_t          t1;
+    struct stat     st; 
+    SMBCCTX *       context;
+    
+    smbc_init(get_auth_data_fn, debug); 
+    
+    context = smbc_set_context(NULL);
+    smbc_option_set(context, "full_time_names", 1);
+    
+    for (;;)
+    {
+        fprintf(stdout, "Path: ");
+        *path = '\0';
+        fgets(path, sizeof(path) - 1, stdin);
+        if (strlen(path) == 0)
+        {
+            return 0;
+        }
+
+        p = path + strlen(path) - 1;
+        if (*p == '\n')
+        {
+            *p = '\0';
+        }
+    
+        the_acl = strdup("system.nt_sec_desc.*+");
+        ret = smbc_getxattr(path, the_acl, value, sizeof(value));
+        if (ret < 0)
+        {
+            printf("Could not get attributes for [%s] %d: %s\n",
+                   path, errno, strerror(errno));
+            return 1;
+        }
+    
+        printf("Attributes for [%s] are:\n%s\n", path, value);
+    }
+
+    return 0; 
+}
diff --git a/examples/libsmbclient/testread.c b/examples/libsmbclient/testread.c
index d59fc70ec1..3f94884895 100644
--- a/examples/libsmbclient/testread.c
+++ b/examples/libsmbclient/testread.c
@@ -10,66 +10,58 @@
 
 int main(int argc, char * argv[]) 
 { 
+    int             i;
     int             fd;
     int             ret;
     int             debug = 0;
     int             mode = 0666;
     int             savedErrno;
     char            buffer[2048]; 
-    char *          pSmbPath = NULL;
+    char            path[2048];
+    char *          p;
     time_t          t0;
     time_t          t1;
     struct stat     st; 
     
-    if (argc == 1)
-    {
-        pSmbPath = "smb://RANDOM/Public/bigfile";
-    }
-    else if (argc == 2)
-    {
-        pSmbPath = argv[1];
-    }
-    else
-    {
-        printf("usage: "
-               "%s [ smb://path/to/file ]\n",
-               argv[0]);
-        return 1;
-    }
-
     smbc_init(get_auth_data_fn, debug); 
     
-    printf("Open file %s\n", pSmbPath);
-    
-    t0 = time(NULL);
-
-    if ((fd = smbc_open(pSmbPath, O_RDONLY, 0)) < 0)
+    for (;;)
     {
-        perror("smbc_open");
-        return 1;
-    }
+        fprintf(stdout, "Path: ");
+        *path = '\0';
+        fgets(path, sizeof(path) - 1, stdin);
+        if (strlen(path) == 0)
+        {
+            return 0;
+        }
 
-    printf("Beginning read loop.\n");
+        p = path + strlen(path) - 1;
+        if (*p == '\n')
+        {
+            *p = '\0';
+        }
+    
+        if ((fd = smbc_open(path, O_RDONLY, 0)) < 0)
+        {
+            perror("smbc_open");
+            continue;
+        }
 
-    do
-    {
-        ret = smbc_read(fd, buffer, sizeof(buffer));
-        savedErrno = errno;
-        if (ret > 0) fwrite(buffer, 1, ret, stdout);
-    } while (ret > 0);
+        do
+        {
+            ret = smbc_read(fd, buffer, sizeof(buffer));
+            savedErrno = errno;
+            if (ret > 0) fwrite(buffer, 1, ret, stdout);
+        } while (ret > 0);
 
-    smbc_close(fd);
+        smbc_close(fd);
 
-    if (ret < 0)
-    {
-        errno = savedErrno;
-        perror("read");
-        return 1;
+        if (ret < 0)
+        {
+            errno = savedErrno;
+            perror("read");
+        }
     }
 
-    t1 = time(NULL);
-
-    printf("Elapsed time: %d seconds\n", t1 - t0);
-
     return 0; 
 }
diff --git a/examples/libsmbclient/teststat3.c b/examples/libsmbclient/teststat3.c
new file mode 100644
index 0000000000..26348b335c
--- /dev/null
+++ b/examples/libsmbclient/teststat3.c
@@ -0,0 +1,78 @@
+#include <libsmbclient.h>
+#include <sys/stat.h>
+#include <string.h>
+#include <stdio.h>
+#include <time.h>
+#include "get_auth_data_fn.h"
+
+/*
+ * This test is intended to ensure that the timestamps returned by
+ * libsmbclient using smbc_stat() are the same as those returned by
+ * smbc_fstat().
+ */
+
+
+int main(int argc, char* argv[])
+{
+        int             fd;
+        struct stat     st1;
+        struct stat     st2;
+        char            mtime[32];
+        char            ctime[32];
+        char            atime[32];
+        char *          pUrl = argv[1];
+
+        if(argc != 2)
+        {
+                printf("usage: %s <file_url>\n", argv[0]);
+                return 1;
+        }
+
+        
+        smbc_init(get_auth_data_fn, 0);
+        
+        if (smbc_stat(pUrl, &st1) < 0)
+        {
+                perror("smbc_stat");
+                return 1;
+        }
+        
+        if ((fd = smbc_open(pUrl, O_RDONLY, 0)) < 0)
+        {
+                perror("smbc_open");
+                return 1;
+        }
+
+        if (smbc_fstat(fd, &st2) < 0)
+        {
+                perror("smbc_fstat");
+                return 1;
+        }
+        
+        smbc_close(fd);
+
+#define COMPARE(name, field)                                            \
+        if (st1.field != st2.field)                                     \
+        {                                                               \
+                printf("Field " name " MISMATCH: st1=%lu, st2=%lu\n",   \
+                       (unsigned long) st1.field,                       \
+                       (unsigned long) st2.field);                      \
+        }
+
+        COMPARE("st_dev", st_dev);
+        COMPARE("st_ino", st_ino);
+        COMPARE("st_mode", st_mode);
+        COMPARE("st_nlink", st_nlink);
+        COMPARE("st_uid", st_uid);
+        COMPARE("st_gid", st_gid);
+        COMPARE("st_rdev", st_rdev);
+        COMPARE("st_size", st_size);
+        COMPARE("st_blksize", st_blksize);
+        COMPARE("st_blocks", st_blocks);
+        COMPARE("st_atime", st_atime);
+        COMPARE("st_mtime", st_mtime);
+        COMPARE("st_ctime", st_ctime);
+
+        return 0;
+}
+
diff --git a/examples/libsmbclient/testtruncate.c b/examples/libsmbclient/testtruncate.c
new file mode 100644
index 0000000000..8882acd85d
--- /dev/null
+++ b/examples/libsmbclient/testtruncate.c
@@ -0,0 +1,82 @@
+#include <stdio.h> 
+#include <unistd.h>
+#include <string.h> 
+#include <time.h> 
+#include <errno.h>
+#include <libsmbclient.h> 
+#include "get_auth_data_fn.h"
+
+
+int main(int argc, char * argv[]) 
+{ 
+    int             fd;
+    int             ret;
+    int             debug = 0;
+    int             savedErrno;
+    char            buffer[128];
+    char *          pSmbPath = NULL;
+    char *          pLocalPath = NULL;
+    struct stat     st; 
+    
+    if (argc != 2)
+    {
+        printf("usage: "
+               "%s smb://path/to/file\n",
+               argv[0]);
+        return 1;
+    }
+
+    smbc_init(get_auth_data_fn, debug); 
+    
+    if ((fd = smbc_open(argv[1], O_WRONLY | O_CREAT | O_TRUNC, 0)) < 0)
+    {
+        perror("smbc_open");
+        return 1;
+    }
+
+    strcpy(buffer, "Hello world.\nThis is a test.\n");
+
+    ret = smbc_write(fd, buffer, strlen(buffer));
+    savedErrno = errno;
+    smbc_close(fd);
+
+    if (ret < 0)
+    {
+        errno = savedErrno;
+        perror("write");
+    }
+
+    if (smbc_stat(argv[1], &st) < 0)
+    {
+        perror("smbc_stat");
+        return 1;
+    }
+    
+    printf("Original size: %lu\n", (unsigned long) st.st_size);
+    
+    if ((fd = smbc_open(argv[1], O_WRONLY, 0)) < 0)
+    {
+        perror("smbc_open");
+        return 1;
+    }
+
+    ret = smbc_ftruncate(fd, 13);
+    savedErrno = errno;
+    smbc_close(fd);
+    if (ret < 0)
+    {
+        errno = savedErrno;
+        perror("smbc_ftruncate");
+        return 1;
+    }
+    
+    if (smbc_stat(argv[1], &st) < 0)
+    {
+        perror("smbc_stat");
+        return 1;
+    }
+    
+    printf("New size: %lu\n", (unsigned long) st.st_size);
+    
+    return 0; 
+}
diff --git a/examples/libsmbclient/testwrite.c b/examples/libsmbclient/testwrite.c
new file mode 100644
index 0000000000..780f0e95da
--- /dev/null
+++ b/examples/libsmbclient/testwrite.c
@@ -0,0 +1,69 @@
+#include <sys/types.h>
+#include <stdio.h> 
+#include <unistd.h>
+#include <string.h> 
+#include <time.h> 
+#include <errno.h>
+#include <libsmbclient.h> 
+#include "get_auth_data_fn.h"
+
+
+int main(int argc, char * argv[]) 
+{ 
+    int             i;
+    int             fd;
+    int             ret;
+    int             debug = 0;
+    int             mode = 0666;
+    int             savedErrno;
+    char            buffer[2048]; 
+    char            path[2048];
+    char *          p;
+    time_t          t0;
+    time_t          t1;
+    struct stat     st; 
+    
+    smbc_init(get_auth_data_fn, debug); 
+    
+    printf("CAUTION: This program will overwrite a file.  "
+           "Press ENTER to continue.");
+    fgets(buffer, sizeof(buffer), stdin);
+           
+
+    for (;;)
+    {
+        fprintf(stdout, "\nPath: ");
+        *path = '\0';
+        fgets(path, sizeof(path) - 1, stdin);
+        if (strlen(path) == 0)
+        {
+            return 0;
+        }
+
+        p = path + strlen(path) - 1;
+        if (*p == '\n')
+        {
+            *p = '\0';
+        }
+    
+        if ((fd = smbc_open(path, O_WRONLY | O_CREAT | O_TRUNC, 0)) < 0)
+        {
+            perror("smbc_open");
+            continue;
+        }
+
+        strcpy(buffer, "Hello world\n");
+
+        ret = smbc_write(fd, buffer, strlen(buffer));
+        savedErrno = errno;
+        smbc_close(fd);
+
+        if (ret < 0)
+        {
+            errno = savedErrno;
+            perror("write");
+        }
+    }
+
+    return 0; 
+}
diff --git a/examples/misc/adssearch.pl b/examples/misc/adssearch.pl
index a63ae311eb..d17e680ec8 100755
--- a/examples/misc/adssearch.pl
+++ b/examples/misc/adssearch.pl
@@ -3,7 +3,7 @@
 # adssearch.pl 	- query an Active Directory server and
 #		  display objects in a human readable format
 #
-# Copyright (C) Guenther Deschner <gd@samba.org> 2003-2007
+# Copyright (C) Guenther Deschner <gd@samba.org> 2003-2008
 #
 # TODO: add range retrieval
 #	write sddl-converter, decode userParameters
@@ -230,6 +230,7 @@ my %ads_mixed_domain = (
 my %ads_ds_func = (
 "DS_BEHAVIOR_WIN2000"			=> 0,	# untested
 "DS_BEHAVIOR_WIN2003"			=> 2,
+"DS_BEHAVIOR_WIN2008"			=> 3,
 );
 
 my %ads_instance_type = (
@@ -244,6 +245,14 @@ my %ads_uacc = (
 	"ACCOUNT_LOCKED_OUT"		=> 0x800010, # 8388624
 );
 
+my %ads_enctypes = (
+	"DES-CBC-CRC"				=> 0x01,
+	"DES-CBC-MD5"				=> 0x02,
+	"RC4_HMAC_MD5"				=> 0x04,
+	"AES128_CTS_HMAC_SHA1_96"		=> 0x08,
+	"AES128_CTS_HMAC_SHA1_128"		=> 0x10,
+);
+
 my %ads_gpoptions = (
 	"GPOPTIONS_INHERIT"		=> 0,
 	"GPOPTIONS_BLOCK_INHERITANCE"	=> 1,
@@ -518,6 +527,7 @@ my %attr_handler = (
 	"modifyTimeStamp"		=> \&dump_timestr,
 	"msDS-Behavior-Version"		=> \&dump_ds_func,	#unsure
 	"msDS-User-Account-Control-Computed" => \&dump_uacc,
+	"msDS-SupportedEncryptionTypes"	=> \&dump_enctypes,
 	"mS-DS-CreatorSID"		=> \&dump_sid,
 #	"msRADIUSFramedIPAddress"	=> \&dump_ipaddr,
 #	"msRASSavedFramedIPAddress" 	=> \&dump_ipaddr,
@@ -1209,6 +1219,10 @@ sub dump_uacc {
 	return dump_bitmask_equal(@_,%ads_uacc); 
 }
 
+sub dump_enctypes {
+	return dump_bitmask_and(@_,%ads_enctypes);
+}
+
 sub dump_uf {
 	return dump_bitmask_and(@_,%ads_uf);
 }
diff --git a/examples/scripts/mount/mount.smbfs b/examples/scripts/mount/mount.smbfs
new file mode 100644
index 0000000000..3b57bc5141
--- /dev/null
+++ b/examples/scripts/mount/mount.smbfs
@@ -0,0 +1,115 @@
+#!/bin/bash
+# Debian mount.smbfs compatibility wrapper
+# Copyright 2007, Steve Langasek <vorlon at debian.org>
+# Licensed under the GNU General Public License, version 2.  See the
+# file /usr/share/common-licenses/GPL or <http://www.gnu.org/copyleft/gpl.txt>.
+
+# This script accepts all documented mount options for mount.smbfs,
+# passing through those that are also recognized by mount.cifs,
+# converting those that are not recognized but map to available cifs
+# options, and warning about the use of options for which no equivalent
+# exists.
+
+# known bugs: quoted spaces in arguments are not passed intact
+
+set -e
+
+# reverse the order of username and password in a "username" parameter,
+# taking care to leave any "%password" bit intact
+
+reverse_username_workgroup() {
+	local workgroup password username
+
+	username="$1"
+	case "$username" in
+	*%*)	password="${username#*%}"
+		username="${username%%%*}"
+		;;
+	*) ;;
+	esac
+	case "$username" in
+	*/*)	workgroup="${username#*/}"
+		username="${username%%/*}"
+		;;
+	*) ;;
+	esac
+	if [ -n "$workgroup" ]; then
+		username="$workgroup\\$username"
+	fi
+	if [ -n "$password" ]; then
+		username="$username%$password"
+	fi
+	echo "$username"
+}
+
+
+# parse out the mount options that have been specified using -o, and if
+# necessary, convert them for use by mount.cifs
+
+parse_mount_options () {
+	local OLD_IFS IFS options option username
+	OLD_IFS="$IFS"
+	IFS=","
+	options=""
+	workgroup=""
+	password=""
+
+	for option in $@; do
+		case "$option" in
+		sockopt=* | scope=* | codepage=* | ttl=* | debug=*)
+			echo "Warning: ignoring deprecated smbfs option '$option'" >&2
+			;;
+
+		krb)
+			options="$options${options:+,}sec=krb5"
+			;;
+
+		guest)
+			echo "Warning: mapping 'guest' to 'guest,sec=none'" >&2
+			options="$options${options:+,}guest,sec=none"
+			;;
+
+		# username and workgroup are reversed in username= arguments,
+		# so need to be parsed out
+		username=*/*)
+			IFS="$OLD_IFS"
+			username="${option#username=}"
+			username="$(reverse_username_workgroup "$username")"
+			IFS=","
+			options="$options${options:+,}username=$username"
+			;;
+
+		*)
+			options="$options${options:+,}$option"
+			;;
+		esac
+	done
+	IFS="$OLD_IFS"
+	echo $options
+}
+
+args=()
+while [ "$#" -gt 0 ]; do
+	case "$1" in
+	-o*)
+		arg=${1#-o}
+		shift
+		if [ -z "$arg" ]; then
+			arg=$1
+			shift
+		fi
+		arg="$(parse_mount_options "$arg")"
+		if [ -n "$arg" ]; then
+			args=("${args[@]}" "-o" "$arg")
+		fi
+		;;
+	*)
+		args=("${args[@]}" "$1")
+		shift
+		;;
+	esac
+done
+
+USER="$(reverse_username_workgroup "$USER")"
+
+exec /sbin/mount.cifs "${args[@]}"
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 46f733c0bc..2f963e295d 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -18,7 +18,7 @@ datarootdir=@datarootdir@
 selftest_prefix=@selftest_prefix@
 smbtorture4_path=@smbtorture4_path@
 
-LIBS=@LIBS@
+LIBS=@LIBS@ @LIBTALLOC_LIBS@
 CC=@CC@
 SHLD=@SHLD@
 LIB_PATH_VAR=@LIB_PATH_VAR@
@@ -141,11 +141,24 @@ CODEPAGEDIR = @codepagedir@
 # the directory where pid files go
 PIDDIR = @piddir@
 
+LIBTALLOC_SHARED_TARGET=@LIBTALLOC_SHARED_TARGET@
+LIBTALLOC_STATIC_TARGET=@LIBTALLOC_STATIC_TARGET@
+LIBTALLOC=$(LIBTALLOC_STATIC_TARGET) @LIBTALLOC_SHARED@
+
+LIBTDB_SHARED_TARGET=@LIBTDB_SHARED_TARGET@
+LIBTDB_STATIC_TARGET=@LIBTDB_STATIC_TARGET@
+LIBTDB=$(LIBTDB_STATIC_TARGET) @LIBTDB_SHARED@
+LIBTDB_SYMS=exports/libtdb.syms
+LIBTDB_HEADERS=@tdbdir@/include/tdb.h
+
 LIBSMBCLIENT=bin/libsmbclient.a @LIBSMBCLIENT_SHARED@
 LIBSMBSHAREMODES=bin/libsmbsharemodes.a @LIBSMBSHAREMODES_SHARED@
 LIBADDNS=bin/libaddns.a @LIBADDNS_SHARED@
 LIBWBCLIENT=@LIBWBCLIENT_SHARED@
-LIBNETAPI=bin/libnetapi.a @LIBNETAPI_SHARED@
+
+LIBNETAPI_SHARED_TARGET=@LIBNETAPI_SHARED_TARGET@
+LIBNETAPI_STATIC_TARGET=@LIBNETAPI_STATIC_TARGET@
+LIBNETAPI=$(LIBNETAPI_STATIC_TARGET) @LIBNETAPI_SHARED@
 
 FLAGS1 = $(CFLAGS) @FLAGS1@ @SAMBA_CPPFLAGS@ $(CPPFLAGS)
 FLAGS2 =
@@ -195,15 +208,15 @@ TORTURE_PROGS = bin/smbtorture@EXEEXT@ bin/msgtest@EXEEXT@ \
 	bin/pdbtest@EXEEXT@ bin/talloctort@EXEEXT@ bin/replacetort@EXEEXT@ \
 	bin/tdbtorture@EXEEXT@
 
-BIN_PROGS = @EXTRA_BIN_PROGS@ @SMBMOUNT_PROGS@ \
+BIN_PROGS = @EXTRA_BIN_PROGS@ \
 	$(BIN_PROGS1) $(BIN_PROGS2) $(BIN_PROGS3) $(BIN_PROGS4) 
 
 EVERYTHING_PROGS = bin/debug2html@EXEEXT@ bin/smbfilter@EXEEXT@ \
 	bin/talloctort@EXEEXT@ bin/replacetort@EXEEXT@ \
 	bin/log2pcap@EXEEXT@ bin/sharesec@EXEEXT@ bin/ndrdump@EXEEXT@ \
-	bin/vlp@EXEEXT@
+	bin/vlp@EXEEXT@ bin/smbiconv@EXEEXT@
 
-SHLIBS = @LIBSMBCLIENT@ @LIBSMBSHAREMODES@ @LIBADDNS@ @LIBNETAPI@ @LIBWBCLIENT@
+SHLIBS = libtalloc libtdb @LIBWBCLIENT@ @LIBSMBCLIENT@ @LIBSMBSHAREMODES@ @LIBADDNS@ libnetapi
 
 PAM_MODULES = @PAM_MODULES@
 
@@ -225,14 +238,12 @@ MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(IDMAP_MODULES) \
 # object file lists
 ######################################################################
 
-TDBBASE_OBJ = lib/tdb/common/tdb.o lib/tdb/common/dump.o lib/tdb/common/error.o \
-	lib/tdb/common/freelist.o lib/tdb/common/freelistcheck.o \
-	lib/tdb/common/io.o lib/tdb/common/lock.o \
-	lib/tdb/common/open.o lib/tdb/common/transaction.o \
-	lib/tdb/common/traverse.o
+LIBTDB_OBJ0 = @TDB_OBJS@
+LIBTDB_OBJ = $(LIBTDB_OBJ0) $(LIBREPLACE_OBJ)
 
-TDB_OBJ = $(TDBBASE_OBJ) lib/util_tdb.o \
-	lib/dbwrap.o lib/dbwrap_tdb.o lib/dbwrap_ctdb.o lib/dbwrap_rbt.o
+TDB_OBJ = lib/util_tdb.o \
+	  lib/dbwrap.o lib/dbwrap_tdb.o lib/dbwrap_ctdb.o \
+	  lib/dbwrap_rbt.o @LIBTDB_STATIC@
 
 SMBLDAP_OBJ = @SMBLDAP@ @SMBLDAPUTIL@
 
@@ -253,8 +264,14 @@ ERRORMAP_OBJ = libsmb/errormap.o
 PASSCHANGE_OBJ = libsmb/passchange.o
 
 
-LIBNDR_OBJ = librpc/ndr/ndr_basic.o librpc/ndr/ndr.o librpc/ndr/ndr_misc.o \
-	     librpc/ndr/ndr_sec_helper.o librpc/ndr/ndr_string.o librpc/ndr/sid.o \
+LIBNDR_OBJ = librpc/ndr/ndr_basic.o \
+	     librpc/ndr/ndr.o \
+	     librpc/ndr/ndr_misc.o \
+	     librpc/gen_ndr/ndr_misc.o \
+	     librpc/gen_ndr/ndr_security.o \
+	     librpc/ndr/ndr_sec_helper.o \
+	     librpc/ndr/ndr_string.o \
+	     librpc/ndr/sid.o \
 	     librpc/ndr/uuid.o
 
 RPCCLIENT_NDR_OBJ = rpc_client/ndr.o
@@ -268,8 +285,12 @@ LIBNDR_GEN_OBJ = librpc/gen_ndr/ndr_wkssvc.o \
 		 librpc/gen_ndr/ndr_srvsvc.o \
 		 librpc/gen_ndr/ndr_svcctl.o \
 		 librpc/gen_ndr/ndr_eventlog.o \
+		 librpc/gen_ndr/ndr_netlogon.o \
+		 librpc/gen_ndr/ndr_samr.o \
+		 librpc/gen_ndr/ndr_dssetup.o \
 		 librpc/gen_ndr/ndr_notify.o \
-		 librpc/gen_ndr/ndr_libnet_join.o
+		 librpc/gen_ndr/ndr_xattr.o \
+		 librpc/gen_ndr/ndr_ntsvcs.o
 
 RPC_PARSE_OBJ0 = rpc_parse/parse_prs.o rpc_parse/parse_misc.o
 
@@ -277,16 +298,23 @@ RPC_PARSE_OBJ0 = rpc_parse/parse_prs.o rpc_parse/parse_misc.o
 # that requires knowledge of security contexts
 RPC_PARSE_OBJ1 = $(RPC_PARSE_OBJ0) rpc_parse/parse_sec.o
 
-RPC_PARSE_OBJ2 = rpc_parse/parse_rpc.o rpc_parse/parse_net.o rpc_parse/parse_srv.o
+RPC_PARSE_OBJ2 = rpc_parse/parse_rpc.o rpc_parse/parse_srv.o
+RPC_PARSE_OBJ2 = rpc_parse/parse_rpc.o rpc_parse/parse_srv.o \
+		 rpc_client/init_netlogon.o \
+		 rpc_client/init_lsa.o
 
 LIBREPLACE_OBJ = @LIBREPLACE_OBJS@
 
 SOCKET_WRAPPER_OBJ = @SOCKET_WRAPPER_OBJS@
 NSS_WRAPPER_OBJ = @NSS_WRAPPER_OBJS@
 
-TALLOC_OBJ = lib/talloc/talloc.o
+TALLOC_OBJ = @TALLOC_OBJS@
+
+
+LIBTALLOC_OBJ0 = $(TALLOC_OBJ)
+LIBTALLOC_OBJ = $(LIBTALLOC_OBJ0) $(LIBREPLACE_OBJ)
 
-LIBSAMBAUTIL_OBJ = $(TALLOC_OBJ) \
+LIBSAMBAUTIL_OBJ = @LIBTALLOC_STATIC@ \
 		$(LIBREPLACE_OBJ) \
 		$(SOCKET_WRAPPER_OBJ) \
 		$(NSS_WRAPPER_OBJ)
@@ -295,7 +323,7 @@ LIB_WITHOUT_PROTO_OBJ = $(LIBSAMBAUTIL_OBJ) \
 	lib/messages.o librpc/gen_ndr/ndr_messaging.o lib/messages_local.o \
 	lib/messages_ctdbd.o lib/packet.o lib/ctdbd_conn.o lib/talloc_stack.o \
 	lib/interfaces.o lib/rbtree.o lib/memcache.o \
-	lib/util_transfer_file.o
+	lib/util_transfer_file.o lib/async_req.o
 
 LIB_WITH_PROTO_OBJ = $(VERSION_OBJ) lib/charcnv.o lib/debug.o lib/fault.o \
 	  lib/interface.o lib/md4.o \
@@ -308,11 +336,10 @@ LIB_WITH_PROTO_OBJ = $(VERSION_OBJ) lib/charcnv.o lib/debug.o lib/fault.o \
 	  lib/util_str.o lib/clobber.o lib/util_sid.o lib/util_uuid.o \
 	  lib/util_unistr.o lib/util_file.o lib/data_blob.o \
 	  lib/util.o lib/util_sock.o lib/sock_exec.o lib/util_sec.o \
-	  lib/substitute.o lib/fsusage.o \
+	  lib/substitute.o lib/fsusage.o lib/dbwrap_util.o \
 	  lib/ms_fnmatch.o lib/select.o lib/errmap_unix.o \
 	  lib/tallocmsg.o lib/dmallocmsg.o libsmb/smb_signing.o \
 	  lib/md5.o lib/hmacmd5.o lib/arc4.o lib/iconv.o \
-	  $(WBCOMMON_OBJ) \
 	  lib/pam_errors.o intl/lang_tdb.o lib/conn_tdb.o \
 	  lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \
 	  lib/module.o lib/events.o lib/ldap_escape.o @CHARSET_STATIC@ \
@@ -331,15 +358,15 @@ READLINE_OBJ = lib/readline.o
 # Be sure to include them into your application
 POPT_LIB_OBJ = lib/popt_common.o
 
-PARAM_WITHOUT_REG_OBJ = dynconfig.o param/loadparm.o param/params.o param/util.o lib/sharesec.o
-PARAM_REG_ADD_OBJ = $(UTIL_REG_API_OBJ)
+PARAM_WITHOUT_REG_OBJ = dynconfig.o param/loadparm.o param/params.o param/util.o lib/sharesec.o lib/ldap_debug_handler.o
+PARAM_REG_ADD_OBJ = $(REG_SMBCONF_OBJ) $(LIBNET_CONF_OBJ) $(PRIVILEGES_BASIC_OBJ)
 PARAM_OBJ = $(PARAM_WITHOUT_REG_OBJ) $(PARAM_REG_ADD_OBJ)
 
 KRBCLIENT_OBJ = libads/kerberos.o libads/ads_status.o
 
 LIBADDNS_OBJ0 = libaddns/dnsrecord.o libaddns/dnsutils.o  libaddns/dnssock.o \
 	       libaddns/dnsgss.o libaddns/dnsmarshall.o
-LIBADDNS_OBJ = $(LIBADDNS_OBJ0) $(TALLOC_OBJ)
+LIBADDNS_OBJ = $(LIBADDNS_OBJ0) @LIBTALLOC_STATIC@
 
 LIBWBCLIENT_OBJ0 = nsswitch/libwbclient/wbclient.o \
 		  nsswitch/libwbclient/wbc_util.o \
@@ -347,7 +374,7 @@ LIBWBCLIENT_OBJ0 = nsswitch/libwbclient/wbclient.o \
 		  nsswitch/libwbclient/wbc_idmap.o \
 		  nsswitch/libwbclient/wbc_sid.o \
 		  nsswitch/libwbclient/wbc_pam.o
-LIBWBCLIENT_OBJ = $(LIBWBCLIENT_OBJ0) $(WBCOMMON_OBJ) $(TALLOC_OBJ) $(LIBREPLACE_OBJ)
+LIBWBCLIENT_OBJ = $(LIBWBCLIENT_OBJ0) $(WBCOMMON_OBJ) @LIBTALLOC_STATIC@ $(LIBREPLACE_OBJ)
 
 LIBGPO_OBJ0 = libgpo/gpo_ldap.o libgpo/gpo_ini.o libgpo/gpo_util.o \
 	      libgpo/gpo_fetch.o libgpo/gpo_filesync.o libgpo/gpo_sec.o
@@ -358,9 +385,11 @@ LIBADS_OBJ = libads/ldap.o libads/ldap_printer.o \
 	     libads/krb5_setpw.o libads/ldap_user.o \
 	     libads/ads_struct.o libads/kerberos_keytab.o \
              libads/disp_sec.o libads/ads_utils.o libads/ldap_utils.o \
-	     libads/cldap.o libads/ldap_schema.o libads/util.o
+	     libads/cldap.o libads/ldap_schema.o libads/util.o libads/ndr.o
 
-LIBADS_SERVER_OBJ = libads/kerberos_verify.o libads/authdata.o
+LIBADS_SERVER_OBJ = libads/kerberos_verify.o libads/authdata.o \
+		    librpc/ndr/ndr_krb5pac.o \
+		    librpc/gen_ndr/ndr_krb5pac.o
 
 SECRETS_OBJ = passdb/secrets.o passdb/machine_sid.o
 
@@ -379,7 +408,7 @@ LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \
 	     libsmb/clistr.o libsmb/cliquota.o libsmb/clifsinfo.o libsmb/clidfs.o \
              libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \
 	     libsmb/clioplock.o $(ERRORMAP_OBJ) libsmb/clirap2.o \
-	     libsmb/smb_seal.o $(DOSERR_OBJ) \
+	     libsmb/smb_seal.o $(DOSERR_OBJ) libsmb/async_smb.o \
 	     $(RPC_PARSE_OBJ1) $(LIBSAMBA_OBJ) $(LIBNMB_OBJ)
 
 RPC_CLIENT_OBJ1 = rpc_client/cli_netlogon.o rpc_client/cli_srvsvc.o
@@ -387,7 +416,8 @@ RPC_CLIENT_OBJ1 = rpc_client/cli_netlogon.o rpc_client/cli_srvsvc.o
 LIBMSRPC_OBJ = rpc_client/cli_lsarpc.o rpc_client/cli_samr.o \
 	       $(RPC_CLIENT_OBJ1) rpc_client/cli_reg.o $(RPC_CLIENT_OBJ) \
 	       rpc_client/cli_spoolss.o rpc_client/cli_spoolss_notify.o  \
-	       rpc_client/cli_ds.o rpc_client/cli_svcctl.o
+	       rpc_client/cli_svcctl.o \
+	       rpc_client/init_samr.o
 
 LIBMSRPC_GEN_OBJ = librpc/gen_ndr/cli_lsa.o \
 		   librpc/gen_ndr/cli_dfs.o \
@@ -398,34 +428,76 @@ LIBMSRPC_GEN_OBJ = librpc/gen_ndr/cli_lsa.o \
 		   librpc/gen_ndr/cli_initshutdown.o \
 		   librpc/gen_ndr/cli_eventlog.o \
 		   librpc/gen_ndr/cli_wkssvc.o \
+		   librpc/gen_ndr/cli_netlogon.o \
+		   librpc/gen_ndr/cli_samr.o \
+		   librpc/gen_ndr/cli_dssetup.o \
+		   librpc/gen_ndr/cli_ntsvcs.o \
 		   $(LIBNDR_GEN_OBJ) \
 		   $(RPCCLIENT_NDR_OBJ)
 
+#
+# registry-related objects
+#
+UTIL_REG_OBJ = lib/util_reg.o
+UTIL_REG_API_OBJ = lib/util_reg_api.o
+
+REG_INIT_SMBCONF_OBJ = registry/reg_init_smbconf.o
+REG_INIT_FULL_OBJ = registry/reg_init_full.o
+
+REGFIO_OBJ = registry/regfio.o
+
 REGOBJS_OBJ = registry/reg_objects.o
 
-REGISTRY_OBJ = registry/reg_frontend.o registry/reg_cachehook.o registry/reg_printing.o \
-               registry/reg_db.o registry/reg_eventlog.o registry/reg_shares.o \
-               registry/reg_util.o registry/reg_dynamic.o registry/reg_perfcount.o \
-	       registry/reg_smbconf.o registry/reg_api.o \
-	       registry/reg_frontend_hilvl.o \
-	       $(UTIL_REG_API_OBJ) $(UTIL_REG_SMBCONF_OBJ)
+REG_BACKENDS_BASE_OBJ = registry/reg_backend_db.o
 
-RPC_LSA_OBJ = rpc_server/srv_lsa.o rpc_server/srv_lsa_nt.o librpc/gen_ndr/srv_lsa.o
+REG_BACKENDS_SMBCONF_OBJ = registry/reg_backend_smbconf.o
 
-RPC_NETLOG_OBJ = rpc_server/srv_netlog.o rpc_server/srv_netlog_nt.o
+REG_BACKENDS_EXTRA_OBJ = registry/reg_backend_printing.o \
+			 registry/reg_backend_shares.o \
+			 registry/reg_backend_netlogon_params.o \
+			 registry/reg_backend_prod_options.o \
+			 registry/reg_backend_tcpip_params.o \
+			 registry/reg_backend_hkpt_params.o \
+			 registry/reg_backend_current_version.o \
+			 registry/reg_backend_perflib.o
 
-RPC_SAMR_OBJ = rpc_server/srv_samr.o rpc_server/srv_samr_nt.o \
-               rpc_server/srv_samr_util.o
+REG_BASE_OBJ = registry/reg_api.o \
+	       registry/reg_dispatcher.o \
+	       registry/reg_cachehook.o \
+	       $(REGFIO_OBJ) \
+	       $(REGOBJS_OBJ) \
+	       registry/reg_util.o \
+	       $(UTIL_REG_API_OBJ) \
+	       lib/util_nttoken.o \
+	       $(REG_BACKENDS_BASE_OBJ)
 
-REGFIO_OBJ = registry/regfio.o
+REG_SMBCONF_OBJ = $(REG_BASE_OBJ) \
+		  $(REG_BACKENDS_SMBCONF_OBJ) \
+		  $(REG_INIT_SMBCONF_OBJ)
+
+REG_FULL_OBJ = $(REG_SMBCONF_OBJ) \
+	       $(REG_BACKENDS_EXTRA_OBJ) \
+	       $(REG_INIT_FULL_OBJ) \
+	       registry/reg_eventlog.o \
+	       registry/reg_perfcount.o \
+	       registry/reg_util_legacy.o
+
+
+RPC_LSA_OBJ = rpc_server/srv_lsa_nt.o librpc/gen_ndr/srv_lsa.o
+
+RPC_NETLOG_OBJ = rpc_server/srv_netlog_nt.o \
+		 librpc/gen_ndr/srv_netlogon.o
+
+RPC_SAMR_OBJ = rpc_server/srv_samr_nt.o \
+               rpc_server/srv_samr_util.o \
+	       librpc/gen_ndr/srv_samr.o
 
 RPC_INITSHUTDOWN_OBJ =  librpc/gen_ndr/srv_initshutdown.o rpc_server/srv_initshutdown_nt.o
 
 RPC_REG_OBJ =  rpc_server/srv_winreg_nt.o \
-	       librpc/gen_ndr/srv_winreg.o \
-	       $(REGFIO_OBJ)
+	       librpc/gen_ndr/srv_winreg.o
 
-RPC_LSA_DS_OBJ =  rpc_server/srv_lsa_ds.o rpc_server/srv_lsa_ds_nt.o
+RPC_DSSETUP_OBJ =  rpc_server/srv_dssetup_nt.o librpc/gen_ndr/srv_dssetup.o
 
 RPC_SVC_OBJ = rpc_server/srv_srvsvc.o rpc_server/srv_srvsvc_nt.o \
 	      librpc/gen_ndr/srv_srvsvc.o
@@ -438,7 +510,8 @@ RPC_SVCCTL_OBJ =  rpc_server/srv_svcctl.o rpc_server/srv_svcctl_nt.o \
                   services/svc_netlogon.o services/svc_winreg.o \
                   services/svc_wins.o
 
-RPC_NTSVCS_OBJ = rpc_server/srv_ntsvcs.o rpc_server/srv_ntsvcs_nt.o
+RPC_NTSVCS_OBJ = rpc_server/srv_ntsvcs.o rpc_server/srv_ntsvcs_nt.o \
+		 librpc/gen_ndr/srv_ntsvcs.o
 
 RPC_DFS_OBJ =  librpc/gen_ndr/srv_dfs.o rpc_server/srv_dfs_nt.o
 
@@ -454,23 +527,26 @@ RPC_ECHO_OBJ = rpc_server/srv_echo_nt.o librpc/gen_ndr/srv_echo.o
 
 RPC_SERVER_OBJ = @RPC_STATIC@ $(RPC_PIPE_OBJ)
 
-RPC_PARSE_OBJ = rpc_parse/parse_lsa.o $(RPC_PARSE_OBJ2) \
-                rpc_parse/parse_samr.o \
-                rpc_parse/parse_ds.o rpc_parse/parse_spoolss.o \
+RPC_PARSE_OBJ = $(RPC_PARSE_OBJ2) \
+                rpc_parse/parse_spoolss.o \
 	        rpc_parse/parse_eventlog.o rpc_parse/parse_buffer.o \
-                rpc_parse/parse_ntsvcs.o rpc_parse/parse_svcctl.o $(REGOBJS_OBJ)
+                rpc_parse/parse_ntsvcs.o rpc_parse/parse_svcctl.o
 
 RPC_CLIENT_OBJ = rpc_client/cli_pipe.o
 
 LOCKING_OBJ = locking/locking.o locking/brlock.o locking/posix.o
 
+PRIVILEGES_BASIC_OBJ = lib/privileges_basic.o
+
+PRIVILEGES_OBJ = lib/privileges.o
+
 PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o
 
 PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \
 		passdb/util_wellknown.o passdb/util_builtin.o passdb/pdb_compat.o \
 		passdb/util_unixsids.o passdb/lookup_sid.o \
 		passdb/login_cache.o @PDB_STATIC@ \
-		lib/account_pol.o lib/privileges.o lib/privileges_basic.o \
+		lib/account_pol.o $(PRIVILEGES_OBJ) \
 		lib/util_nscd.o lib/winbind_util.o
 
 DEVEL_HELP_WEIRD_OBJ = modules/weird.o
@@ -482,7 +558,7 @@ GROUPDB_OBJ = groupdb/mapping.o groupdb/mapping_tdb.o groupdb/mapping_ldb.o
 
 PROFILE_OBJ = profile/profile.o
 PROFILES_OBJ = utils/profiles.o \
-               $(REGFIO_OBJ) $(REGOBJS_OBJ) $(ERRORMAP_OBJ) \
+               $(ERRORMAP_OBJ) \
 	       $(RPC_PARSE_OBJ1) $(PARAM_OBJ) $(LIBSAMBA_OBJ) \
                $(DOSERR_OBJ) $(LIB_OBJ) $(LIB_DUMMY_OBJ) \
                $(POPT_LIB_OBJ) $(SECRETS_OBJ)
@@ -503,8 +579,9 @@ VFS_READONLY_OBJ = modules/vfs_readonly.o modules/getdate.o
 VFS_CAP_OBJ = modules/vfs_cap.o
 VFS_EXPAND_MSDFS_OBJ = modules/vfs_expand_msdfs.o
 VFS_SHADOW_COPY_OBJ = modules/vfs_shadow_copy.o
+VFS_SHADOW_COPY2_OBJ = modules/vfs_shadow_copy2.o
 VFS_AFSACL_OBJ = modules/vfs_afsacl.o
-VFS_XATTR_TDB_OBJ = modules/vfs_xattr_tdb.o librpc/gen_ndr/ndr_xattr.o
+VFS_XATTR_TDB_OBJ = modules/vfs_xattr_tdb.o
 VFS_POSIXACL_OBJ = modules/vfs_posixacl.o
 VFS_AIXACL_OBJ = modules/vfs_aixacl.o modules/vfs_aixacl_util.o
 VFS_AIXACL2_OBJ = modules/vfs_aixacl2.o modules/vfs_aixacl_util.o modules/nfs4_acls.o
@@ -514,13 +591,17 @@ VFS_HPUXACL_OBJ = modules/vfs_hpuxacl.o
 VFS_IRIXACL_OBJ = modules/vfs_irixacl.o
 VFS_TRU64ACL_OBJ = modules/vfs_tru64acl.o
 VFS_CATIA_OBJ = modules/vfs_catia.o
+VFS_STREAMS_XATTR_OBJ = modules/vfs_streams_xattr.o
+VFS_STREAMS_DEPOT_OBJ = modules/vfs_streams_depot.o
 VFS_CACHEPRIME_OBJ = modules/vfs_cacheprime.o
 VFS_PREALLOC_OBJ = modules/vfs_prealloc.o
 VFS_COMMIT_OBJ = modules/vfs_commit.o
 VFS_GPFS_OBJ = modules/vfs_gpfs.o modules/gpfs.o modules/nfs4_acls.o
 VFS_NOTIFY_FAM_OBJ = modules/vfs_notify_fam.o
 VFS_READAHEAD_OBJ = modules/vfs_readahead.o
+VFS_TSMSM_OBJ = modules/vfs_tsmsm.o
 VFS_FILEID_OBJ = modules/vfs_fileid.o
+VFS_AIO_FORK_OBJ = modules/vfs_aio_fork.o
 VFS_SYNCOPS_OBJ = modules/vfs_syncops.o
 
 PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o
@@ -538,7 +619,6 @@ AUTH_WINBIND_OBJ = auth/auth_winbind.o
 AUTH_SCRIPT_OBJ = auth/auth_script.o
 
 AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/token_util.o \
-	   lib/util_nttoken.o \
 	   auth/auth_compat.o auth/auth_ntlmssp.o \
 	   $(PLAINTEXT_AUTH_OBJ) $(SLCACHE_OBJ) $(DCUTIL_OBJ)
 
@@ -577,8 +657,9 @@ SMBD_OBJ_BASE = $(PARAM_WITHOUT_REG_OBJ) $(SMBD_OBJ_SRV) $(LIBSMB_OBJ) \
 		$(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) \
 		$(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) \
 		$(LIBADS_OBJ) $(KRBCLIENT_OBJ) $(LIBADS_SERVER_OBJ) \
-		$(REGISTRY_OBJ) $(POPT_LIB_OBJ) @LIBWBCLIENT_STATIC@ \
-		$(BUILDOPT_OBJ) $(SMBLDAP_OBJ) $(LDB_OBJ) $(LIBNET_OBJ)
+		$(REG_FULL_OBJ) $(POPT_LIB_OBJ) $(BUILDOPT_OBJ) \
+		$(SMBLDAP_OBJ) $(LDB_OBJ) $(LIBNET_OBJ) @LIBWBCLIENT_STATIC@ \
+		$(PRIVILEGES_BASIC_OBJ)
 
 PRINTING_OBJ = printing/pcap.o printing/print_svid.o printing/print_aix.o \
                printing/print_cups.o printing/print_generic.o \
@@ -636,7 +717,8 @@ SMBTREE_OBJ = utils/smbtree.o $(PARAM_OBJ) \
 
 TESTPARM_OBJ = utils/testparm.o \
                $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \
-	       $(SECRETS_OBJ) $(LIBSAMBA_OBJ) $(RPC_PARSE_OBJ1) $(DOSERR_OBJ)
+	       $(SECRETS_OBJ) $(LIBSAMBA_OBJ) $(RPC_PARSE_OBJ1) $(DOSERR_OBJ) \
+	       $(ERRORMAP_OBJ)
 
 PASSWD_UTIL_OBJ = utils/passwd_util.o
 
@@ -644,26 +726,25 @@ SMBPASSWD_OBJ = utils/smbpasswd.o $(PASSWD_UTIL_OBJ) $(PASSCHANGE_OBJ) \
 		$(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) @LIBWBCLIENT_STATIC@ \
 		$(GROUPDB_OBJ) $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \
 		$(POPT_LIB_OBJ) $(SMBLDAP_OBJ) $(RPC_PARSE_OBJ) \
-		$(LIBMSRPC_GEN_OBJ) $(LIBMSRPC_OBJ) $(LDB_OBJ) 
+		$(LIBMSRPC_GEN_OBJ) $(LIBMSRPC_OBJ) $(LDB_OBJ)
 
 PDBEDIT_OBJ = utils/pdbedit.o $(PASSWD_UTIL_OBJ) $(PARAM_OBJ) $(PASSDB_OBJ) @LIBWBCLIENT_STATIC@ \
 		$(LIBSAMBA_OBJ) $(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) \
 		$(SECRETS_OBJ) $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) libsmb/asn1.o \
 		$(RPC_PARSE_OBJ1) $(DOSERR_OBJ) $(LDB_OBJ) $(ERRORMAP_OBJ) 
 
-SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ)
+SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ0)
 
 DISPLAY_SEC_OBJ= lib/display_sec.o
-DISPLAY_DSDCINFO_OBJ= lib/display_dsdcinfo.o
 
 RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \
 	         rpcclient/cmd_samr.o rpcclient/cmd_spoolss.o \
 		 rpcclient/cmd_netlogon.o rpcclient/cmd_srvsvc.o \
 		 rpcclient/cmd_dfs.o \
-		 rpcclient/cmd_ds.o rpcclient/cmd_echo.o \
+		 rpcclient/cmd_dssetup.o rpcclient/cmd_echo.o \
 		 rpcclient/cmd_shutdown.o rpcclient/cmd_test.o \
-		 rpcclient/cmd_wkssvc.o \
-		 $(DISPLAY_SEC_OBJ) $(DISPLAY_DSDCINFO_OBJ)
+		 rpcclient/cmd_wkssvc.o rpcclient/cmd_ntsvcs.o \
+		 $(DISPLAY_SEC_OBJ)
 
 RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \
              $(PARAM_OBJ) $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) \
@@ -675,14 +756,16 @@ RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \
 PAM_WINBIND_OBJ = nsswitch/pam_winbind.o $(WBCOMMON_OBJ) \
 		  $(LIBREPLACE_OBJ) @BUILD_INIPARSER@
 
-LIBSMBCLIENT_OBJ = libsmb/libsmbclient.o libsmb/libsmb_compat.o \
-		   libsmb/libsmb_cache.o \
-		   $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
-	  	   $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
-		   $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(RPC_PARSE_OBJ) \
-		   $(SECRETS_OBJ) $(PASSDB_OBJ) @LIBWBCLIENT_STATIC@ $(SMBLDAP_OBJ) $(GROUPDB_OBJ) $(LDB_OBJ)
+LIBSMBCLIENT_OBJ0 = libsmb/libsmbclient.o libsmb/libsmb_compat.o \
+		    libsmb/libsmb_cache.o \
+		    $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
+		    $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
+		    $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(RPC_PARSE_OBJ) \
+		    $(SECRETS_OBJ) $(PASSDB_OBJ) $(SMBLDAP_OBJ) $(GROUPDB_OBJ) $(LDB_OBJ)
 
-LIBSMBSHAREMODES_OBJ = libsmb/smb_share_modes.o $(TDBBASE_OBJ)
+LIBSMBCLIENT_OBJ = $(LIBSMBCLIENT_OBJ0) @LIBWBCLIENT_STATIC@
+
+LIBSMBSHAREMODES_OBJ = libsmb/smb_share_modes.o @LIBTDB_STATIC@
 
 # This shared library is intended for linking with unit test programs
 # to test Samba internals.  It's called libbigballofmud.so to
@@ -705,45 +788,25 @@ CLIENT_OBJ = $(CLIENT_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \
              $(PASSDB_OBJ) @LIBWBCLIENT_STATIC@ $(SMBLDAP_OBJ) $(GROUPDB_OBJ) $(LDB_OBJ) \
 	     $(DISPLAY_SEC_OBJ) 
 
-UTIL_REG_OBJ = lib/util_reg.o
-UTIL_REG_API_OBJ = lib/util_reg_api.o
-UTIL_REG_SMBCONF_OBJ = lib/util_reg_smbconf.o
-
-# objects to be used when not all of the registry code should be
-# loaded but only the portion needed by reg_api, typically for
-# using smbconf (registry) - full access
-REG_API_OBJ = registry/reg_api.o \
-	      registry/reg_frontend_hilvl.o \
-	      registry/reg_smbconf.o \
-	      registry/reg_db.o \
-	      registry/reg_util.o \
-	      \
-	      registry/reg_cachehook.o \
-	      registry/reg_eventlog.o \
-	      registry/reg_perfcount.o \
-	      registry/reg_dynamic.o \
-	      \
-	      lib/util_nttoken.o \
-	      $(UTIL_REG_API_OBJ) \
-	      $(UTIL_REG_SMBCONF_OBJ)
-
-
 LIBNETAPI_OBJ1 = lib/netapi/netapi.o \
 		 lib/netapi/joindomain.o \
 		 lib/netapi/serverinfo.o \
 		 lib/netapi/getdc.o
 
 LIBNETAPI_OBJ  = $(LIBNETAPI_OBJ1) $(LIBNET_OBJ) \
-		 $(REG_API_OBJ) \
+		 $(REG_SMBCONF_OBJ) \
 		 $(PARAM_WITHOUT_REG_OBJ) $(LIB_NONSMBD_OBJ) \
 		 $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
 		 $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(RPC_PARSE_OBJ) \
 		 $(SECRETS_OBJ) $(PASSDB_OBJ) @LIBWBCLIENT_STATIC@ $(SMBLDAP_OBJ) $(GROUPDB_OBJ) $(LDB_OBJ) \
-		 $(DCUTIL_OBJ) $(LIBADS_OBJ)
+		 $(DCUTIL_OBJ) $(LIBADS_OBJ) $(PRIVILEGES_BASIC_OBJ)
 
-LIBNET_OBJ = libnet/libnet_conf.o libnet/libnet_join.o
+LIBNET_CONF_OBJ = libnet/libnet_conf.o
 
-NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_domain.o utils/net_help.o \
+LIBNET_OBJ = $(LIBNET_CONF_OBJ) libnet/libnet_join.o \
+	     librpc/gen_ndr/ndr_libnet_join.o
+
+NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_help.o \
 	   utils/net_rap.o utils/net_rpc.o utils/net_rpc_samsync.o \
 	   utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o \
 	   utils/net_cache.o utils/net_groupmap.o utils/net_idmap.o \
@@ -755,26 +818,20 @@ NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_domain.o utils/net_help.o \
 	   utils/net_conf.o auth/token_util.o utils/net_dom.o nsswitch/wb_client.o
 
 NET_OBJ = $(NET_OBJ1) $(PARAM_WITHOUT_REG_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) \
-	  $(RPC_PARSE_OBJ) $(PASSDB_OBJ) @LIBWBCLIENT_STATIC@ $(GROUPDB_OBJ) \
+	  $(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
 	  $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) $(LIBADDNS_OBJ0) \
 	  $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) \
 	  $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(POPT_LIB_OBJ) \
 	  $(SMBLDAP_OBJ) $(DCUTIL_OBJ) $(SERVER_MUTEX_OBJ) \
-	  $(AFS_OBJ) $(AFS_SETTOKEN_OBJ) $(REGFIO_OBJ) $(READLINE_OBJ) \
+	  $(AFS_OBJ) $(AFS_SETTOKEN_OBJ) $(READLINE_OBJ) \
 	  $(LDB_OBJ) $(LIBGPO_OBJ) @BUILD_INIPARSER@ $(DISPLAY_SEC_OBJ) \
-	  $(REG_API_OBJ) $(DISPLAY_DSDCINFO_OBJ) $(LIBNETAPI_OBJ1) $(LIBNET_OBJ)
+	  $(REG_SMBCONF_OBJ) @LIBNETAPI_STATIC@ $(LIBNET_OBJ) \
+	  $(WBCOMMON_OBJ) @LIBWBCLIENT_STATIC@ \
+	  $(PRIVILEGES_BASIC_OBJ)
 
 CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) \
 	  $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) $(SECRETS_OBJ) $(POPT_LIB_OBJ)
 
-MOUNT_OBJ = client/smbmount.o \
-             $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) $(SECRETS_OBJ)
-
-MNT_OBJ = client/smbmnt.o $(VERSION_OBJ) $(LIBREPLACE_OBJ) $(SOCKET_WRAPPER_OBJ)
-
-UMOUNT_OBJ = client/smbumount.o $(PARAM_OBJ) $(LIBSMB_OBJ) \
-	     $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) $(SECRETS_OBJ)
-
 CIFS_MOUNT_OBJ = client/mount.cifs.o
 
 CIFS_UMOUNT_OBJ = client/umount.cifs.o
@@ -782,7 +839,8 @@ CIFS_UMOUNT_OBJ = client/umount.cifs.o
 CIFS_SPNEGO_OBJ = client/cifs.spnego.o
 
 NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(LIBNMB_OBJ) $(RPC_PARSE_OBJ1) $(DOSERR_OBJ) \
-               $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(SECRETS_OBJ) $(LIBSAMBA_OBJ)
+               $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(SECRETS_OBJ) $(LIBSAMBA_OBJ) \
+	       $(ERRORMAP_OBJ)
 
 SMBTORTURE_OBJ1 = torture/torture.o torture/nbio.o torture/scanner.o torture/utable.o \
 		torture/denytest.o torture/mangle_test.o
@@ -809,7 +867,7 @@ PDBTEST_OBJ = torture/pdbtest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
 
 VFSTEST_OBJ = torture/cmd_vfs.o torture/vfstest.o $(SMBD_OBJ_BASE) $(READLINE_OBJ)
 
-SMBICONV_OBJ = $(PARAM_OBJ) torture/smbiconv.o $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(SECRETS_OBJ) $(LIBSAMBA_OBJ)
+SMBICONV_OBJ = $(PARAM_OBJ) torture/smbiconv.o $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(SECRETS_OBJ) $(LIBSAMBA_OBJ) $(DOSERR_OBJ) $(RPC_PARSE_OBJ1) $(ERRORMAP_OBJ)
 
 LOG2PCAP_OBJ = utils/log2pcaphex.o
 
@@ -830,21 +888,22 @@ SMBCQUOTAS_OBJ = utils/smbcquotas.o $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
 
 EVTLOGADM_OBJ0	= utils/eventlogadm.o
 
-EVTLOGADM_OBJ	= $(EVTLOGADM_OBJ0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(REGOBJS_OBJ) \
+EVTLOGADM_OBJ	= $(EVTLOGADM_OBJ0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
 		$(ERRORMAP_OBJ) $(RPC_PARSE_OBJ1) $(LIBSAMBA_OBJ) $(DOSERR_OBJ) \
 		$(SECRETS_OBJ) \
-	        registry/reg_eventlog.o rpc_server/srv_eventlog_lib.o registry/reg_util.o \
-		registry/reg_db.o
+	        registry/reg_eventlog.o rpc_server/srv_eventlog_lib.o
 
 SHARESEC_OBJ0 = utils/sharesec.o
-SHARESEC_OBJ  = $(SHARESEC_OBJ0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(REGOBJS_OBJ) \
+SHARESEC_OBJ  = $(SHARESEC_OBJ0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
 		$(ERRORMAP_OBJ) $(RPC_PARSE_OBJ1) $(LIBSAMBA_OBJ) $(DOSERR_OBJ) \
                 $(POPT_LIB_OBJ) $(SECRETS_OBJ)
 
-TALLOCTORT_OBJ = lib/talloc/testsuite.o $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
-                 $(RPC_PARSE_OBJ1) $(DOSERR_OBJ) $(LIBSAMBA_OBJ) $(SECRETS_OBJ)
+TALLOCTORT_OBJ = @tallocdir@/testsuite.o $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
+                 $(RPC_PARSE_OBJ1) $(DOSERR_OBJ) $(LIBSAMBA_OBJ) $(SECRETS_OBJ) \
+		 $(ERRORMAP_OBJ)
 
 REPLACETORT_OBJ = lib/replace/test/testsuite.o \
+		lib/replace/test/getifaddrs.o \
 		lib/replace/test/os2_delete.o \
 		lib/replace/test/strptime.o \
 		$(LIBREPLACE_OBJ)
@@ -852,7 +911,8 @@ REPLACETORT_OBJ = lib/replace/test/testsuite.o \
 NDRDUMP_OBJ = librpc/tools/ndrdump.o \
 			  $(PARAM_OBJ) $(LIBNDR_GEN_OBJ) \
 			  $(LIBSAMBA_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \
-			  $(RPC_PARSE_OBJ1) $(DOSERR_OBJ) $(SECRETS_OBJ)
+			  $(RPC_PARSE_OBJ1) $(DOSERR_OBJ) $(SECRETS_OBJ) \
+			  $(ERRORMAP_OBJ)
 
 DEBUG2HTML_OBJ = utils/debug2html.o utils/debugparse.o
 
@@ -865,18 +925,19 @@ PROTO_OBJ = $(SMBD_OBJ_MAIN) $(LIBNDR_OBJ) $(LIBNDR_GEN_OBJ) \
 	    $(LIBMSRPC_OBJ) \
 	    $(LIB_WITH_PROTO_OBJ) \
 	    $(RPC_PIPE_OBJ) $(RPC_PARSE_OBJ) $(KRBCLIENT_OBJ) \
-	    $(AUTH_OBJ) $(PARAM_OBJ) $(LOCKING_OBJ) $(SECRETS_OBJ) \
+	    $(AUTH_OBJ) $(PARAM_WITHOUT_REG_OBJ) $(LOCKING_OBJ) $(SECRETS_OBJ) \
 	    $(PRINTING_OBJ) $(PRINTBACKEND_OBJ) $(OPLOCK_OBJ) $(NOTIFY_OBJ) \
 	    $(PASSDB_OBJ) $(GROUPDB_OBJ) \
 	    $(READLINE_OBJ) $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) \
-	    $(AUTH_SAM_OBJ) $(REGISTRY_OBJ) $(POPT_LIB_OBJ) \
-	    $(RPC_LSA_OBJ) $(RPC_NETLOG_OBJ) $(RPC_SAMR_OBJ) $(RPC_REG_OBJ) $(RPC_LSA_DS_OBJ) \
+	    $(AUTH_SAM_OBJ) $(REG_FULL_OBJ) $(POPT_LIB_OBJ) \
+	    $(RPC_LSA_OBJ) $(RPC_NETLOG_OBJ) $(RPC_SAMR_OBJ) $(RPC_REG_OBJ) $(RPC_DSSETUP_OBJ) \
 	    $(RPC_SVC_OBJ) $(RPC_WKS_OBJ) $(RPC_DFS_OBJ) $(RPC_SPOOLSS_OBJ) \
 	    $(RPC_ECHO_OBJ) $(RPC_SVCCTL_OBJ) $(RPC_EVENTLOG_OBJ) $(SMBLDAP_OBJ) \
-            $(IDMAP_OBJ) libsmb/spnego.o $(PASSCHANGE_OBJ) $(RPC_UNIXINFO_OBJ) \
+            $(IDMAP_OBJ) libsmb/spnego.o $(PASSCHANGE_OBJ) \
 	    $(RPC_NTSVCS_OBJ) $(RPC_INITSHUTDOWN_OBJ) \
 	    utils/passwd_util.o $(LIBGPO_OBJ) $(NSS_INFO_OBJ) \
-	    $(RPCCLIENT_NDR_OBJ) $(DISPLAY_DSDCINFO_OBJ)
+	    $(RPCCLIENT_NDR_OBJ) \
+	    $(PRIVILEGES_BASIC_OBJ)
 
 WINBIND_WINS_NSS_OBJ = nsswitch/wins.o $(PARAM_OBJ) \
 	$(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) $(NSSWINS_OBJ) $(KRBCLIENT_OBJ) $(SECRETS_OBJ)
@@ -914,6 +975,7 @@ WINBINDD_OBJ1 = \
 		winbindd/winbindd_domain.o \
 		winbindd/winbindd_idmap.o \
 		winbindd/winbindd_locator.o \
+		winbindd/winbindd_ndr.o \
 		auth/token_util.o
 
 WINBINDD_OBJ = \
@@ -928,7 +990,8 @@ WINBINDD_OBJ = \
 
 WBINFO_OBJ = nsswitch/wbinfo.o $(LIBSAMBA_OBJ) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
 		$(SECRETS_OBJ) $(POPT_LIB_OBJ) $(AFS_SETTOKEN_OBJ) $(RPC_PARSE_OBJ1) \
-		$(DOSERR_OBJ) lib/winbind_util.o @LIBWBCLIENT_STATIC@
+		$(DOSERR_OBJ) lib/winbind_util.o $(WBCOMMON_OBJ) @LIBWBCLIENT_STATIC@ \
+		$(ERRORMAP_OBJ)
 
 WINBIND_NSS_OBJ = $(WBCOMMON_OBJ) $(LIBREPLACE_OBJ) @WINBIND_NSS_EXTRA_OBJS@
 
@@ -957,7 +1020,7 @@ LDB_CMDLINE_OBJ = $(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) \
 	  $(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) \
 	  $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(POPT_LIB_OBJ) \
 	  $(SMBLDAP_OBJ) $(DCUTIL_OBJ) $(SERVER_MUTEX_OBJ) \
-	  $(AFS_OBJ) $(AFS_SETTOKEN_OBJ) $(REGFIO_OBJ) $(READLINE_OBJ) \
+	  $(AFS_OBJ) $(AFS_SETTOKEN_OBJ) $(READLINE_OBJ) \
 	  $(LDB_OBJ) lib/ldb/tools/cmdline.o 
 
 
@@ -976,16 +1039,16 @@ POPT_OBJ=popt/findme.o popt/popt.o popt/poptconfig.o \
 INIPARSER_OBJ = iniparser_build/iniparser.o iniparser_build/dictionary.o \
 		iniparser_build/strlib.o
 
-TDBBACKUP_OBJ = lib/tdb/tools/tdbbackup.o $(LIBREPLACE_OBJ) \
-	$(TDBBASE_OBJ) $(SOCKET_WRAPPER_OBJ)
+TDBBACKUP_OBJ = @tdbdir@/tools/tdbbackup.o $(LIBREPLACE_OBJ) \
+	@LIBTDB_STATIC@ $(SOCKET_WRAPPER_OBJ)
 
-TDBTOOL_OBJ = lib/tdb/tools/tdbtool.o $(TDBBASE_OBJ) $(LIBREPLACE_OBJ) \
+TDBTOOL_OBJ = @tdbdir@/tools/tdbtool.o @LIBTDB_STATIC@ $(LIBREPLACE_OBJ) \
 	$(SOCKET_WRAPPER_OBJ)
 
-TDBDUMP_OBJ = lib/tdb/tools/tdbdump.o $(TDBBASE_OBJ) $(LIBREPLACE_OBJ) \
+TDBDUMP_OBJ = @tdbdir@/tools/tdbdump.o @LIBTDB_STATIC@ $(LIBREPLACE_OBJ) \
 	$(SOCKET_WRAPPER_OBJ)
 
-TDBTORTURE_OBJ = lib/tdb/tools/tdbtorture.o $(TDBBASE_OBJ) $(LIBREPLACE_OBJ) \
+TDBTORTURE_OBJ = @tdbdir@/tools/tdbtorture.o @LIBTDB_STATIC@ $(LIBREPLACE_OBJ) \
 	$(SOCKET_WRAPPER_OBJ)
 
 
@@ -993,10 +1056,14 @@ NTLM_AUTH_OBJ1 = utils/ntlm_auth.o utils/ntlm_auth_diagnostics.o
 
 NTLM_AUTH_OBJ = ${NTLM_AUTH_OBJ1} $(LIBSAMBA_OBJ) $(POPT_LIB_OBJ) \
 		libsmb/asn1.o libsmb/spnego.o libsmb/clikrb5.o libads/kerberos.o \
-		libads/kerberos_verify.o $(SECRETS_OBJ) $(SERVER_MUTEX_OBJ) \
-		libads/authdata.o $(RPC_PARSE_OBJ1) $(PASSDB_OBJ) @LIBWBCLIENT_STATIC@ $(GROUPDB_OBJ) \
-		$(SMBLDAP_OBJ) $(DOSERR_OBJ) rpc_parse/parse_net.o $(LIBNMB_OBJ) \
-		$(LDB_OBJ) $(ERRORMAP_OBJ) 
+		$(SECRETS_OBJ) $(SERVER_MUTEX_OBJ) $(LIBADS_SERVER_OBJ) \
+		$(RPC_PARSE_OBJ1) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
+		$(SMBLDAP_OBJ) $(DOSERR_OBJ) $(LIBNMB_OBJ) \
+		$(LDB_OBJ) $(ERRORMAP_OBJ) $(WBCOMMON_OBJ) @LIBWBCLIENT_STATIC@ \
+		librpc/gen_ndr/ndr_samr.o \
+		librpc/gen_ndr/ndr_lsa.o \
+		librpc/gen_ndr/ndr_netlogon.o
+
 
 VLP_OBJ1 = ../testsuite/printing/vlp.o $(RPC_CLIENT_OBJ1) $(RPC_PARSE_OBJ2) $(RPC_CLIENT_OBJ)
 
@@ -1009,8 +1076,8 @@ VLP_OBJ = $(VLP_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) \
 ######################################################################
 # now the rules...
 ######################################################################
-all : SHOWFLAGS $(SBIN_PROGS) $(BIN_PROGS) $(ROOT_SBIN_PROGS) \
-	$(SHLIBS) $(MODULES) $(NSS_MODULES) $(PAM_MODULES) @EXTRA_ALL_TARGETS@
+all : SHOWFLAGS $(SHLIBS) $(SBIN_PROGS) $(BIN_PROGS) $(ROOT_SBIN_PROGS) \
+	$(MODULES) $(NSS_MODULES) $(PAM_MODULES) @EXTRA_ALL_TARGETS@
 
 nss_modules : $(NSS_MODULES)
 
@@ -1060,9 +1127,10 @@ modules: SHOWFLAGS $(MODULES)
 
 #####################################################################
 ## Perl IDL Compiler
-IDL_FILES = unixinfo.idl lsa.idl dfs.idl echo.idl winreg.idl initshutdown.idl \
+IDL_FILES = lsa.idl dfs.idl echo.idl winreg.idl initshutdown.idl \
 	srvsvc.idl svcctl.idl eventlog.idl wkssvc.idl netlogon.idl notify.idl \
-	epmapper.idl messaging.idl xattr.idl
+	epmapper.idl messaging.idl xattr.idl misc.idl samr.idl security.idl \
+	dssetup.idl krb5pac.idl ntsvcs.idl libnet_join.idl
 
 idl:
 	@IDL_FILES="$(IDL_FILES)" CPP="$(CPP)" PERL="$(PERL)" \
@@ -1072,7 +1140,7 @@ idl:
 #####################################################################
 
 
-everything: all libsmbclient libnetapi debug2html smbfilter talloctort replacetort modules torture \
+everything: all libtalloc libsmbclient libnetapi debug2html smbfilter talloctort replacetort modules torture \
 	$(EVERYTHING_PROGS)
 
 .SUFFIXES:
@@ -1175,61 +1243,50 @@ bin/.dummy:
 	  dir=bin $(MAKEDIR); fi
 	@: >> $@ || : > $@ # what a fancy emoticon!
 
-bin/smbd@EXEEXT@: $(BINARY_PREREQS) $(SMBD_OBJ) @LIBWBCLIENT_SHARED@ @BUILD_POPT@
+bin/smbd@EXEEXT@: $(BINARY_PREREQS) $(SMBD_OBJ) @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@ @BUILD_POPT@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(LDFLAGS) $(LDAP_LIBS) \
 		$(KRB5LIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) \
 		$(ACL_LIBS) $(PASSDB_LIBS) $(LIBS) $(DNSSD_LIBS) \
-		@POPTLIBS@ @SMBD_LIBS@ @WINBIND_LIBS@
+		@POPTLIBS@ @SMBD_LIBS@ @LIBTDB_LIBS@ @WINBIND_LIBS@
 
-bin/nmbd@EXEEXT@: $(BINARY_PREREQS) $(NMBD_OBJ) @BUILD_POPT@
+bin/nmbd@EXEEXT@: $(BINARY_PREREQS) $(NMBD_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
-		@POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS)
+		@LIBTDB_LIBS@ @POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS)
 
-bin/swat@EXEEXT@: $(BINARY_PREREQS) $(SWAT_OBJ) @BUILD_POPT@ @LIBWBCLIENT_SHARED@ 
+bin/swat@EXEEXT@: $(BINARY_PREREQS) $(SWAT_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(SWAT_OBJ) $(LDFLAGS) $(DYNEXP) $(PRINT_LIBS) \
 	  $(AUTH_LIBS) $(LIBS) $(PASSDB_LIBS) @POPTLIBS@ $(KRB5LIBS) \
-	  $(LDAP_LIBS) @WINBIND_LIBS@
+	  $(LDAP_LIBS) @LIBTDB_LIBS@ @WINBIND_LIBS@
 
-bin/rpcclient@EXEEXT@: $(BINARY_PREREQS) $(RPCCLIENT_OBJ) @BUILD_POPT@ @LIBWBCLIENT_SHARED@
+bin/rpcclient@EXEEXT@: $(BINARY_PREREQS) $(RPCCLIENT_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(PASSDB_LIBS) $(RPCCLIENT_OBJ) \
 		$(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @POPTLIBS@ \
-		$(KRB5LIBS) $(LDAP_LIBS) @WINBIND_LIBS@
+		$(KRB5LIBS) $(LDAP_LIBS) @LIBTDB_LIBS@ @WINBIND_LIBS@
 
-bin/smbclient@EXEEXT@: $(BINARY_PREREQS) $(CLIENT_OBJ) @BUILD_POPT@ @LIBWBCLIENT_SHARED@
+bin/smbclient@EXEEXT@: $(BINARY_PREREQS) $(CLIENT_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(CLIENT_OBJ) $(LDFLAGS) $(DYNEXP) \
 		$(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @POPTLIBS@ \
-		$(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) $(DNSSD_LIBS) @WINBIND_LIBS@
+		$(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) $(DNSSD_LIBS) \
+		@LIBTDB_LIBS@ @WINBIND_LIBS@
 
-bin/net@EXEEXT@: $(BINARY_PREREQS) $(NET_OBJ) @BUILD_POPT@ @LIBWBCLIENT_SHARED@
+bin/net@EXEEXT@: $(BINARY_PREREQS) $(NET_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(NET_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
 		@POPTLIBS@ $(KRB5LIBS) $(UUID_LIBS) $(LDAP_LIBS) \
-		$(PASSDB_LIBS) $(TERMLDFLAGS) $(TERMLIBS) $(NSCD_LIBS) @INIPARSERLIBS@ @WINBIND_LIBS@
+		$(PASSDB_LIBS) $(TERMLDFLAGS) $(TERMLIBS) $(NSCD_LIBS) @INIPARSERLIBS@ @LIBTDB_LIBS@ @WINBIND_LIBS@ @LIBNETAPI_LIBS@
 
-bin/profiles@EXEEXT@: $(BINARY_PREREQS) $(PROFILES_OBJ) @BUILD_POPT@
+bin/profiles@EXEEXT@: $(BINARY_PREREQS) $(PROFILES_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(PROFILES_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) $(LDAP_LIBS) @POPTLIBS@
+	@$(CC) $(FLAGS) -o $@ $(PROFILES_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBTDB_LIBS@
 
-bin/smbspool@EXEEXT@: $(BINARY_PREREQS) $(CUPS_OBJ) @BUILD_POPT@
+bin/smbspool@EXEEXT@: $(BINARY_PREREQS) $(CUPS_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(CUPS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@
-
-bin/smbmount@EXEEXT@: $(BINARY_PREREQS) $(MOUNT_OBJ) @BUILD_POPT@
-	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(MOUNT_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@
-
-bin/smbmnt@EXEEXT@: $(BINARY_PREREQS) $(MNT_OBJ) @BUILD_POPT@
-	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(MNT_OBJ) $(DYNEXP) $(LDFLAGS) @POPTLIBS@
-
-bin/smbumount@EXEEXT@: $(BINARY_PREREQS) $(UMOUNT_OBJ) @BUILD_POPT@
-	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(UMOUNT_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@
+	@$(CC) $(FLAGS) -o $@ $(CUPS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBTDB_LIBS@
 
 bin/mount.cifs@EXEEXT@: $(BINARY_PREREQS) $(CIFS_MOUNT_OBJ) @BUILD_POPT@
 	@echo Linking $@
@@ -1239,174 +1296,199 @@ bin/umount.cifs@EXEEXT@: $(BINARY_PREREQS) $(CIFS_UMOUNT_OBJ) @BUILD_POPT@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(CIFS_UMOUNT_OBJ) $(DYNEXP) $(LDFLAGS) @POPTLIBS@
 
-bin/cifs.spnego@EXEEXT@: $(BINARY_PREREQS) $(CIFS_SPNEGO_OBJ) $(LIBSMBCLIENT_OBJ) @BUILD_POPT@
+bin/cifs.spnego@EXEEXT@: $(BINARY_PREREQS) $(CIFS_SPNEGO_OBJ) $(LIBSMBCLIENT_OBJ0) @BUILD_POPT@ @LIBTDB_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(CIFS_SPNEGO_OBJ) $(DYNEXP) $(LDFLAGS) -lkeyutils $(LIBS) \
-		$(LIBSMBCLIENT_OBJ) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBWBCLIENT_SHARED@
+		$(LIBSMBCLIENT_OBJ0) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBWBCLIENT_SHARED@ @LIBTDB_LIBS@
 
-bin/testparm@EXEEXT@: $(BINARY_PREREQS) $(TESTPARM_OBJ) @BUILD_POPT@
+bin/testparm@EXEEXT@: $(BINARY_PREREQS) $(TESTPARM_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(TESTPARM_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(LDAP_LIBS) @POPTLIBS@
+	@$(CC) $(FLAGS) -o $@ $(TESTPARM_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBTDB_LIBS@
 
-bin/smbstatus@EXEEXT@: $(BINARY_PREREQS) $(STATUS_OBJ) @BUILD_POPT@
+bin/smbstatus@EXEEXT@: $(BINARY_PREREQS) $(STATUS_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(STATUS_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(LDAP_LIBS) \
-	@POPTLIBS@
+	@POPTLIBS@ @LIBTDB_LIBS@
 
-bin/smbcontrol@EXEEXT@: $(BINARY_PREREQS) $(SMBCONTROL_OBJ) @BUILD_POPT@
+bin/smbcontrol@EXEEXT@: $(BINARY_PREREQS) $(SMBCONTROL_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@
 	@echo Linking $@
 	@$(CC) -DUSING_SMBCONTROL $(FLAGS) -o $@ \
 	$(SMBCONTROL_OBJ) $(DYNEXP) $(LDFLAGS) \
-	$(LIBS) $(LDAP_LIBS) @LIBUNWIND_PTRACE@ @POPTLIBS@
+	$(LIBS) $(LDAP_LIBS) @LIBUNWIND_PTRACE@ @POPTLIBS@ @LIBTDB_LIBS@
 
-bin/smbtree@EXEEXT@: $(BINARY_PREREQS) $(SMBTREE_OBJ) @BUILD_POPT@ @LIBWBCLIENT_SHARED@
+bin/smbtree@EXEEXT@: $(BINARY_PREREQS) $(SMBTREE_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(SMBTREE_OBJ) $(LDFLAGS) $(DYNEXP) \
-		$(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) @WINBIND_LIBS@
+		$(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
+		@LIBTDB_LIBS@ @WINBIND_LIBS@
 
-bin/smbpasswd@EXEEXT@: $(BINARY_PREREQS) $(SMBPASSWD_OBJ) @BUILD_POPT@ @LIBWBCLIENT_SHARED@
+bin/smbpasswd@EXEEXT@: $(BINARY_PREREQS) $(SMBPASSWD_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(SMBPASSWD_OBJ) $(LDFLAGS) $(PASSDB_LIBS) \
-		$(DYNEXP) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS) @WINBIND_LIBS@
+		$(DYNEXP) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS) \
+		@LIBTDB_LIBS@ @WINBIND_LIBS@
 
-bin/pdbedit@EXEEXT@: $(BINARY_PREREQS) $(PDBEDIT_OBJ) @BUILD_POPT@ @LIBWBCLIENT_SHARED@
+bin/pdbedit@EXEEXT@: $(BINARY_PREREQS) $(PDBEDIT_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
-		@POPTLIBS@ $(PASSDB_LIBS) $(LDAP_LIBS) @WINBIND_LIBS@
+		@POPTLIBS@ $(PASSDB_LIBS) $(LDAP_LIBS) @LIBTDB_LIBS@ @WINBIND_LIBS@
 
-bin/smbget@EXEEXT@: $(BINARY_PREREQS) $(SMBGET_OBJ) @BUILD_POPT@ @LIBWBCLIENT_SHARED@
+bin/smbget@EXEEXT@: $(BINARY_PREREQS) $(SMBGET_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(SMBGET_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
-		@POPTLIBS@  $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) @WINBIND_LIBS@
+		@POPTLIBS@  $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
+		@LIBTDB_LIBS@ @WINBIND_LIBS@
 
-bin/samtest@EXEEXT@: $(SAMTEST_OBJ) @BUILD_POPT@
+bin/nmblookup@EXEEXT@: $(BINARY_PREREQS) $(NMBLOOKUP_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SAMTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(PASSDB_LIBS) $(KRB5LIBS) $(LDAP_LIBS)
+	@$(CC) $(FLAGS) -o $@ $(NMBLOOKUP_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
+		@POPTLIBS@ $(LDAP_LIBS) @LIBTDB_LIBS@
 
-bin/nmblookup@EXEEXT@: $(BINARY_PREREQS) $(NMBLOOKUP_OBJ) @BUILD_POPT@
+bin/smbtorture@EXEEXT@: $(BINARY_PREREQS) $(SMBTORTURE_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(NMBLOOKUP_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(LDAP_LIBS)
+	@$(CC) $(FLAGS) -o $@ $(SMBTORTURE_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBTDB_LIBS@
 
-bin/smbtorture@EXEEXT@: $(BINARY_PREREQS) $(SMBTORTURE_OBJ) @BUILD_POPT@
-	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBTORTURE_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@
-
-bin/talloctort@EXEEXT@: $(BINARY_PREREQS) $(TALLOCTORT_OBJ) @BUILD_POPT@
+bin/talloctort@EXEEXT@: $(BINARY_PREREQS) $(TALLOCTORT_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(TALLOCTORT_OBJ) $(LDFLAGS) \
-		$(DYNEXP) $(LIBS) $(LDAP_LIBS) @POPTLIBS@
+		$(DYNEXP) $(LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBTDB_LIBS@
 
 bin/replacetort@EXEEXT@: $(REPLACETORT_OBJ) @BUILD_POPT@
 	@echo Linking $@
 	@$(CC) $(FLAGS) @PIE_LDFLAGS@ -o $@ $(REPLACETORT_OBJ) $(LDFLAGS) \
 		$(DYNEXP) $(LIBS) @POPTLIBS@
 
-bin/masktest@EXEEXT@: $(BINARY_PREREQS) $(MASKTEST_OBJ) @BUILD_POPT@
+bin/masktest@EXEEXT@: $(BINARY_PREREQS) $(MASKTEST_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(MASKTEST_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@
+	@$(CC) $(FLAGS) -o $@ $(MASKTEST_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBTDB_LIBS@
 
-bin/msgtest@EXEEXT@: $(BINARY_PREREQS) $(MSGTEST_OBJ) @BUILD_POPT@
+bin/msgtest@EXEEXT@: $(BINARY_PREREQS) $(MSGTEST_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(MSGTEST_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@
+	@$(CC) $(FLAGS) -o $@ $(MSGTEST_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBTDB_LIBS@
 
-bin/smbcacls@EXEEXT@: $(BINARY_PREREQS) $(SMBCACLS_OBJ) @BUILD_POPT@ @LIBWBCLIENT_SHARED@
+bin/smbcacls@EXEEXT@: $(BINARY_PREREQS) $(SMBCACLS_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(SMBCACLS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @POPTLIBS@ \
-	$(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) @WINBIND_LIBS@
+	$(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) @LIBTDB_LIBS@ @WINBIND_LIBS@
 
-bin/smbcquotas@EXEEXT@: $(BINARY_PREREQS) $(SMBCQUOTAS_OBJ) @BUILD_POPT@ @LIBWBCLIENT_SHARED@
+bin/smbcquotas@EXEEXT@: $(BINARY_PREREQS) $(SMBCQUOTAS_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(SMBCQUOTAS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @POPTLIBS@ \
-	$(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) @WINBIND_LIBS@
+	$(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) @LIBTDB_LIBS@ @WINBIND_LIBS@
 
-bin/eventlogadm@EXEEXT@: $(BINARY_PREREQS) $(EVTLOGADM_OBJ) @BUILD_POPT@
+bin/eventlogadm@EXEEXT@: $(BINARY_PREREQS) $(EVTLOGADM_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(EVTLOGADM_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) $(LDAP_LIBS) @POPTLIBS@
+	@$(CC) $(FLAGS) -o $@ $(EVTLOGADM_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBTDB_LIBS@
 
-bin/sharesec@EXEEXT@: $(BINARY_PREREQS) $(SHARESEC_OBJ) @BUILD_POPT@
+bin/sharesec@EXEEXT@: $(BINARY_PREREQS) $(SHARESEC_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SHARESEC_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) $(LDAP_LIBS) @POPTLIBS@
+	@$(CC) $(FLAGS) -o $@ $(SHARESEC_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBTDB_LIBS@
 
-bin/locktest@EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST_OBJ) @BUILD_POPT@
+bin/locktest@EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LOCKTEST_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@
+	@$(CC) $(FLAGS) -o $@ $(LOCKTEST_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBTDB_LIBS@
 
-bin/nsstest@EXEEXT@: $(BINARY_PREREQS) $(NSSTEST_OBJ) @BUILD_POPT@
+bin/nsstest@EXEEXT@: $(BINARY_PREREQS) $(NSSTEST_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(NSSTEST_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS)  $(LDAP_LIBS) @POPTLIBS@
+	@$(CC) $(FLAGS) -o $@ $(NSSTEST_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS)  $(LDAP_LIBS) @POPTLIBS@ @LIBTDB_LIBS@
 
-bin/pdbtest@EXEEXT@: $(BINARY_PREREQS) $(PDBTEST_OBJ) @BUILD_POPT@
+bin/pdbtest@EXEEXT@: $(BINARY_PREREQS) $(PDBTEST_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(PDBTEST_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(PASSDB_LIBS) $(LIBS) @POPTLIBS@ @LIBWBCLIENT_SHARED@
+	@$(CC) $(FLAGS) -o $@ $(PDBTEST_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(PASSDB_LIBS) $(LIBS) @POPTLIBS@ @LIBTDB_LIBS@ @LIBWBCLIENT_SHARED@
 
-bin/vfstest@EXEEXT@: $(BINARY_PREREQS) $(VFSTEST_OBJ) @BUILD_POPT@
+bin/vfstest@EXEEXT@: $(BINARY_PREREQS) $(VFSTEST_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(VFSTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) $(ACL_LIBS) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS) @SMBD_LIBS@ $(NSCD_LIBS) @LIBWBCLIENT_SHARED@
+	@$(CC) $(FLAGS) -o $@ $(VFSTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) $(ACL_LIBS) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS) @SMBD_LIBS@ $(NSCD_LIBS) @LIBTDB_LIBS@ @LIBWBCLIENT_SHARED@
 
-bin/smbiconv@EXEEXT@: $(BINARY_PREREQS) $(SMBICONV_OBJ) @BUILD_POPT@
+bin/smbiconv@EXEEXT@: $(BINARY_PREREQS) $(SMBICONV_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBICONV_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(LIBS) @POPTLIBS@
+	@$(CC) $(FLAGS) -o $@ $(SMBICONV_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(DYNEXP) $(LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBTDB_LIBS@
 
 bin/log2pcap@EXEEXT@: $(BINARY_PREREQS) $(LOG2PCAP_OBJ) @BUILD_POPT@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(LOG2PCAP_OBJ) $(LDFLAGS) $(DYNEXP) @POPTLIBS@ $(LIBS)
 
-bin/locktest2@EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST2_OBJ) @BUILD_POPT@
+bin/locktest2@EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST2_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LOCKTEST2_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@
+	@$(CC) $(FLAGS) -o $@ $(LOCKTEST2_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBTDB_LIBS@
 
-bin/ndrdump@EXEEXT@: $(BINARY_PREREQS) $(NDRDUMP_OBJ) @BUILD_POPT@
+bin/ndrdump@EXEEXT@: $(BINARY_PREREQS) $(NDRDUMP_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(NDRDUMP_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
-		@POPTLIBS@ @LDAP_LIBS@
+		@POPTLIBS@ @LDAP_LIBS@ @LIBTDB_LIBS@
 
 bin/debug2html@EXEEXT@: $(BINARY_PREREQS) $(DEBUG2HTML_OBJ) @BUILD_POPT@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(DEBUG2HTML_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS)
 
-bin/smbfilter@EXEEXT@: $(BINARY_PREREQS) $(SMBFILTER_OBJ) @BUILD_POPT@
+bin/smbfilter@EXEEXT@: $(BINARY_PREREQS) $(SMBFILTER_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBFILTER_OBJ) $(LDFLAGS) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@
+	@$(CC) $(FLAGS) -o $@ $(SMBFILTER_OBJ) $(LDFLAGS) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) @POPTLIBS@ @LIBTDB_LIBS@
 
-bin/ldbedit: $(BINARY_PREREQS) $(LDBEDIT_OBJ) @BUILD_POPT@ @LIBWBCLIENT_SHARED@
+bin/ldbedit: $(BINARY_PREREQS) $(LDBEDIT_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(LDBEDIT_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
 		@POPTLIBS@ $(KRB5LIBS) $(UUID_LIBS) $(LDAP_LIBS) $(PASSDB_LIBS) \
-		$(TERMLDFLAGS) $(TERMLIBS) $(NSCD_LIBS) @WINBIND_LIBS@
+		$(TERMLDFLAGS) $(TERMLIBS) $(NSCD_LIBS) @LIBTDB_LIBS@ @WINBIND_LIBS@
 
-bin/ldbsearch: $(BINARY_PREREQS) $(LDBSEARCH_OBJ) @BUILD_POPT@ @LIBWBCLIENT_SHARED@
+bin/ldbsearch: $(BINARY_PREREQS) $(LDBSEARCH_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(LDBSEARCH_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
 		@POPTLIBS@ $(KRB5LIBS) $(UUID_LIBS) $(LDAP_LIBS) $(PASSDB_LIBS) \
-		$(TERMLDFLAGS) $(TERMLIBS) $(NSCD_LIBS) @WINBIND_LIBS@
+		$(TERMLDFLAGS) $(TERMLIBS) $(NSCD_LIBS) @LIBTDB_LIBS@ @WINBIND_LIBS@
 
-bin/ldbadd: $(BINARY_PREREQS) $(LDBADD_OBJ) @BUILD_POPT@ @LIBWBCLIENT_SHARED@
+bin/ldbadd: $(BINARY_PREREQS) $(LDBADD_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(LDBADD_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
 		@POPTLIBS@ $(KRB5LIBS) $(UUID_LIBS) $(LDAP_LIBS) $(PASSDB_LIBS) \
-		$(TERMLDFLAGS) $(TERMLIBS) $(NSCD_LIBS) @WINBIND_LIBS@
+		$(TERMLDFLAGS) $(TERMLIBS) $(NSCD_LIBS) @LIBTDB_LIBS@ @WINBIND_LIBS@
 
-bin/ldbmodify: $(BINARY_PREREQS) $(LDBMODIFY_OBJ) @BUILD_POPT@ @LIBWBCLIENT_SHARED@
+bin/ldbmodify: $(BINARY_PREREQS) $(LDBMODIFY_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(LDBMODIFY_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
 		@POPTLIBS@ $(KRB5LIBS) $(UUID_LIBS) $(LDAP_LIBS) $(PASSDB_LIBS) \
-		$(TERMLDFLAGS) $(TERMLIBS) $(NSCD_LIBS) @WINBIND_LIBS@
+		$(TERMLDFLAGS) $(TERMLIBS) $(NSCD_LIBS) @LIBTDB_LIBS@ @WINBIND_LIBS@
 
-bin/ldbdel: $(BINARY_PREREQS) $(LDBDEL_OBJ) @BUILD_POPT@ @LIBWBCLIENT_SHARED@
+bin/ldbdel: $(BINARY_PREREQS) $(LDBDEL_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(LDBDEL_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
 		@POPTLIBS@ $(KRB5LIBS) $(UUID_LIBS) $(LDAP_LIBS) $(PASSDB_LIBS) \
-		$(TERMLDFLAGS) $(TERMLIBS) $(NSCD_LIBS) @WINBIND_LIBS@
+		$(TERMLDFLAGS) $(TERMLIBS) $(NSCD_LIBS) @LIBTDB_LIBS@ @WINBIND_LIBS@
+
+$(LIBTALLOC_SHARED_TARGET): $(BINARY_PREREQS) $(LIBTALLOC_OBJ)
+	@echo Linking shared library $@
+	@$(SHLD_DSO) $(LIBTALLOC_OBJ) \
+		@SONAMEFLAG@`basename $@`.$(SONAME_VER)
+	@ln -s -f `basename $@` $@.$(SONAME_VER)
+
+$(LIBTALLOC_STATIC_TARGET): $(BINARY_PREREQS) $(LIBTALLOC_OBJ0)
+	@echo Linking non-shared library $@
+	@-$(AR) -rc $@ $(LIBTALLOC_OBJ0)
+
+MKSYMS_SH = $(srcdir)/script/mksyms.sh
+
+$(LIBTDB_SYMS): $(LIBTDB_HEADERS)
+	@$(MKSYMS_SH) $(AWK) $@ $(LIBTDB_HEADERS)
 
-bin/libwbclient.@SHLIBEXT@: $(BINARY_PREREQS) $(LIBWBCLIENT_OBJ)
+$(LIBTDB_SHARED_TARGET): $(BINARY_PREREQS) $(LIBTDB_OBJ) $(LIBTDB_SYMS)
 	@echo Linking shared library $@
-	@$(SHLD_DSO) $(LIBWBCLIENT_OBJ) \
+	@$(SHLD_DSO) $(LIBTDB_OBJ) \
 		@SONAMEFLAG@`basename $@`.$(SONAME_VER)
 	@ln -s -f `basename $@` $@.$(SONAME_VER)
 
-bin/libwbclient.a: $(BINARY_PREREQS) $(LIBWBCLIENT_OBJ0)
+$(LIBTDB_STATIC_TARGET): $(BINARY_PREREQS) $(LIBTDB_OBJ0)
 	@echo Linking non-shared library $@
-	@-$(AR) -rc $@ $(LIBWBCLIENT_OBJ0)
+	@-$(AR) -rc $@ $(LIBTDB_OBJ0)
+
+bin/libwbclient.@SHLIBEXT@: $(BINARY_PREREQS) $(LIBWBCLIENT_OBJ) @LIBTALLOC_SHARED@
+	@echo Linking shared library $@
+	@$(SHLD_DSO) @LIBTALLOC_LIBS@ $(LIBWBCLIENT_OBJ) \
+		@SONAMEFLAG@`basename $@`.$(SONAME_VER)
+	@ln -s -f `basename $@` $@.$(SONAME_VER)
+
+bin/libwbclient.a: $(BINARY_PREREQS) $(LIBWBCLIENT_OBJ0) $(WBCOMMON_OBJ)
+	@echo Linking non-shared library $@
+	@-$(AR) -rc $@ $(LIBWBCLIENT_OBJ0) $(WBCOMMON_OBJ)
 
 bin/libaddns.@SHLIBEXT@: $(BINARY_PREREQS) $(LIBADDNS_OBJ)
 	@echo Linking shared library $@
@@ -1418,29 +1500,30 @@ bin/libaddns.a: $(BINARY_PREREQS) $(LIBADDNS_OBJ)
 	@echo Linking non-shared library $@
 	@-$(AR) -rc $@ $(LIBADDNS_OBJ)
 
-bin/libnetapi.@SHLIBEXT@: $(BINARY_PREREQS) $(LIBNETAPI_OBJ)
+$(LIBNETAPI_SHARED_TARGET): $(BINARY_PREREQS) $(LIBNETAPI_OBJ) @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking shared library $@
-	@$(SHLD_DSO) $(LIBNETAPI_OBJ) @LIBWBCLIENT_SHARED@ $(LIBS) \
+	@$(SHLD_DSO) $(LIBNETAPI_OBJ) @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@ $(LIBS) \
 		$(LDAP_LIBS) $(KRB5LIBS) $(NSCD_LIBS) \
 		@SONAMEFLAG@`basename $@`.$(SONAME_VER)
+	@ln -s -f `basename $@` $@.$(SONAME_VER)
 
-bin/libnetapi.a: $(BINARY_PREREQS) $(LIBNETAPI_OBJ)
+$(LIBNETAPI_STATIC_TARGET): $(BINARY_PREREQS) $(LIBNETAPI_OBJ1)
 	@echo Linking non-shared library $@
-	@-$(AR) -rc $@ $(LIBNETAPI_OBJ)
+	@-$(AR) -rc $@ $(LIBNETAPI_OBJ1)
 
-bin/libsmbclient.@SHLIBEXT@: $(BINARY_PREREQS) $(LIBSMBCLIENT_OBJ)
+bin/libsmbclient.@SHLIBEXT@: $(BINARY_PREREQS) $(LIBSMBCLIENT_OBJ) @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking shared library $@
-	@$(SHLD_DSO) $(LIBSMBCLIENT_OBJ) @LIBWBCLIENT_SHARED@ $(LIBS) \
+	@$(SHLD_DSO) $(LIBSMBCLIENT_OBJ) @LIBTDB_LIBS@ @LIBWBCLIENT_SHARED@ $(LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
 		@SONAMEFLAG@`basename $@`.$(SONAME_VER)
 
-bin/libsmbclient.a: $(BINARY_PREREQS) $(LIBSMBCLIENT_OBJ)
+bin/libsmbclient.a: $(BINARY_PREREQS) $(LIBSMBCLIENT_OBJ0)
 	@echo Linking non-shared library $@
-	@-$(AR) -rc $@ $(LIBSMBCLIENT_OBJ)
+	@-$(AR) -rc $@ $(LIBSMBCLIENT_OBJ0)
 
-bin/libsmbsharemodes.@SHLIBEXT@: $(BINARY_PREREQS) $(LIBSMBSHAREMODES_OBJ)
+bin/libsmbsharemodes.@SHLIBEXT@: $(BINARY_PREREQS) $(LIBSMBSHAREMODES_OBJ) @LIBTDB_SHARED@
 	@echo Linking shared library $@
-	@$(SHLD_DSO) $(LIBSMBSHAREMODES_OBJ) $(LIBS) \
+	@$(SHLD_DSO) $(LIBSMBSHAREMODES_OBJ) $(LIBS) @LIBTDB_LIBS@ \
 		$(KRB5LIBS) $(LDAP_LIBS) \
 		@SONAMEFLAG@`basename $@`.$(SONAME_VER)
 
@@ -1461,6 +1544,8 @@ bin/libbigballofmud.@SHLIBEXT@: $(BINARY_PREREQS) $(LIBBIGBALLOFMUD_OBJ)
 # it can be fixed or if they just can't be called from a static
 # library.
 
+libtalloc: $(LIBTALLOC)
+libtdb: $(LIBTDB)
 libsmbclient: $(LIBSMBCLIENT)
 libsmbsharemodes: $(LIBSMBSHAREMODES)
 libaddns: $(LIBADDNS)
@@ -1479,10 +1564,6 @@ bin/librpc_samr.@SHLIBEXT@: $(BINARY_PREREQS) $(RPC_SAMR_OBJ)
 	@echo "Linking $@"
 	@$(SHLD_MODULE) $(RPC_SAMR_OBJ)
 
-bin/librpc_unixinfo.@SHLIBEXT@: $(BINARY_PREREQS) $(RPC_UNIXINFO_OBJ)
-	@echo "Linking $@"
-	@$(SHLD_MODULE) $(RPC_UNIXINFO_OBJ)
-
 bin/librpc_srvsvc.@SHLIBEXT@: $(BINARY_PREREQS) $(RPC_SVC_OBJ)
 	@echo "Linking $@"
 	@$(SHLD_MODULE) $(RPC_SVC_OBJ)
@@ -1511,9 +1592,9 @@ bin/librpc_initshutdown.@SHLIBEXT@: $(BINARY_PREREQS) $(RPC_INITSHUTDOWN_OBJ)
 	@echo "Linking $@"
 	@$(SHLD_MODULE) $(RPC_INITSHUTDOWN_OBJ)
 
-bin/librpc_lsa_ds.@SHLIBEXT@: $(BINARY_PREREQS) $(RPC_LSA_DS_OBJ)
+bin/librpc_dssetup.@SHLIBEXT@: $(BINARY_PREREQS) $(RPC_DSSETUP_OBJ)
 	@echo "Linking $@"
-	@$(SHLD_MODULE) $(RPC_LSA_DS_OBJ)
+	@$(SHLD_MODULE) $(RPC_DSSETUP_OBJ)
 
 bin/librpc_spoolss.@SHLIBEXT@: $(BINARY_PREREQS) $(RPC_SPOOLSS_OBJ)
 	@echo "Linking $@"
@@ -1531,26 +1612,26 @@ bin/librpc_echo.@SHLIBEXT@: $(BINARY_PREREQS) $(RPC_ECHO_OBJ)
 	@echo "Linking $@"
 	@$(SHLD_MODULE) $(RPC_ECHO_OBJ)
 
-bin/winbindd@EXEEXT@: $(BINARY_PREREQS) $(WINBINDD_OBJ) @BUILD_POPT@ @LIBWBCLIENT_SHARED@
+bin/winbindd@EXEEXT@: $(BINARY_PREREQS) $(WINBINDD_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo "Linking $@"
 	@$(CC) $(FLAGS) -o $@ $(WINBINDD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
 		@POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS) \
-		$(PASSDB_LIBS) @WINBIND_LIBS@
+		$(PASSDB_LIBS) @LIBTDB_LIBS@ @WINBIND_LIBS@
 
-bin/vlp@EXEEXT@: $(BINARY_PREREQS) $(VLP_OBJ) @LIBWBCLIENT_SHARED@
+bin/vlp@EXEEXT@: $(BINARY_PREREQS) $(VLP_OBJ) @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo "Linking $@"
 	@$(CC) $(FLAGS) -o $@ $(VLP_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @POPTLIBS@ \
-		$(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) @LIBWBCLIENT_SHARED@
+		$(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) @LIBTDB_LIBS@ @LIBWBCLIENT_SHARED@
 
 @WINBIND_NSS@: $(BINARY_PREREQS) $(WINBIND_NSS_OBJ)
 	@echo "Linking $@"
 	@$(SHLD) $(WINBIND_NSS_LDSHFLAGS) -o $@ $(WINBIND_NSS_OBJ) \
 		@WINBIND_NSS_EXTRA_LIBS@ @WINBIND_NSS_PTHREAD@ @SONAMEFLAG@`basename $@`@NSSSONAMEVERSIONSUFFIX@
 
-@WINBIND_WINS_NSS@: $(BINARY_PREREQS) $(WINBIND_WINS_NSS_OBJ)
+@WINBIND_WINS_NSS@: $(BINARY_PREREQS) $(WINBIND_WINS_NSS_OBJ) @LIBTDB_SHARED@
 	@echo "Linking $@"
 	@$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_WINS_NSS_OBJ) \
-		$(LDAP_LIBS) $(KRB5LIBS) $(LIBS) \
+		$(LDAP_LIBS) $(KRB5LIBS) $(LIBS) @LIBTDB_LIBS@ \
 		@SONAMEFLAG@`basename $@`@NSSSONAMEVERSIONSUFFIX@
 
 bin/winbind_krb5_locator.@SHLIBEXT@: $(BINARY_PREREQS) $(WINBIND_KRB5_LOCATOR_OBJ)
@@ -1611,6 +1692,10 @@ bin/ad.@SHLIBEXT@: $(BINARY_PREREQS) winbindd/idmap_ad.o
 	@echo "Building plugin $@"
 	@$(SHLD_MODULE) winbindd/idmap_ad.o
 
+bin/tdb2.@SHLIBEXT@: $(BINARY_PREREQS) winbindd/idmap_tdb2.o
+	@echo "Building plugin $@"
+	@$(SHLD_MODULE) winbindd/idmap_tdb2.o
+
 bin/ldap.@SHLIBEXT@: $(BINARY_PREREQS) winbindd/idmap_ldap.o
 	@echo "Building plugin $@"
 	@$(SHLD_MODULE) winbindd/idmap_ldap.o
@@ -1670,6 +1755,10 @@ bin/shadow_copy.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_SHADOW_COPY_OBJ)
 	@echo "Building plugin $@"
 	@$(SHLD_MODULE) $(VFS_SHADOW_COPY_OBJ)
 
+bin/shadow_copy2.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_SHADOW_COPY2_OBJ)
+	@echo "Building plugin $@"
+	@$(SHLD_MODULE) $(VFS_SHADOW_COPY2_OBJ)
+
 bin/syncops.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_SYNCOPS_OBJ)
 	@echo "Building plugin $@"
 	@$(SHLD_MODULE) $(VFS_SYNCOPS_OBJ)
@@ -1726,6 +1815,14 @@ bin/catia.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_CATIA_OBJ)
 	@echo "Building plugin $@"
 	@$(SHLD_MODULE) $(VFS_CATIA_OBJ)
 
+bin/streams_xattr.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_STREAMS_XATTR_OBJ)
+	@echo "Building plugin $@"
+	@$(SHLD_MODULE) $(VFS_STREAMS_XATTR_OBJ)
+
+bin/streams_depot.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_STREAMS_DEPOT_OBJ)
+	@echo "Building plugin $@"
+	@$(SHLD_MODULE) $(VFS_STREAMS_DEPOT_OBJ)
+
 bin/cacheprime.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_CACHEPRIME_OBJ)
 	@echo "Building plugin $@"
 	@$(SHLD_MODULE) $(VFS_CACHEPRIME_OBJ)
@@ -1750,47 +1847,56 @@ bin/readahead.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_READAHEAD_OBJ)
 	@echo "Building plugin $@"
 	@$(SHLD_MODULE) $(VFS_READAHEAD_OBJ)
 
+bin/tsmsm.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_TSMSM_OBJ)
+	@echo "Building plugin $@"
+	@$(SHLD_MODULE) $(VFS_TSMSM_OBJ)
+
 bin/fileid.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_FILEID_OBJ)
 	@echo "Building plugin $@"
 	@$(SHLD_MODULE) $(VFS_FILEID_OBJ)
 
+bin/aio_fork.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_AIO_FORK_OBJ)
+	@echo "Building plugin $@"
+	@$(SHLD_MODULE) $(VFS_AIO_FORK_OBJ)
+
 #########################################################
 ## IdMap NSS plugins
 
 ## None here right now
 #########################################################
 
-bin/wbinfo@EXEEXT@: $(BINARY_PREREQS) $(WBINFO_OBJ) @BUILD_POPT@ @LIBWBCLIENT_SHARED@
+bin/wbinfo@EXEEXT@: $(BINARY_PREREQS) $(WBINFO_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(WBINFO_OBJ) $(DYNEXP) $(LIBS) \
-		$(LDAP_LIBS) @POPTLIBS@ @WINBIND_LIBS@
+		$(LDAP_LIBS) @POPTLIBS@ @LIBTDB_LIBS@ @WINBIND_LIBS@
 
 bin/ntlm_auth@EXEEXT@: $(BINARY_PREREQS) $(NTLM_AUTH_OBJ) $(PARAM_OBJ) \
-	$(LIB_NONSMBD_OBJ) @BUILD_POPT@ @LIBWBCLIENT_SHARED@
+	$(LIB_NONSMBD_OBJ) @BUILD_POPT@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(DYNEXP) $(NTLM_AUTH_OBJ) \
 		$(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBS) \
-		@POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) @WINBIND_LIBS@
+		@POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
+		@LIBTDB_LIBS@ @WINBIND_LIBS@
 
 bin/pam_smbpass.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_SMBPASS_OBJ)
 	@echo "Linking shared library $@"
 	@$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_OBJ) -lpam $(DYNEXP) $(LIBS) $(LDAP_LIBS) $(KRB5LIBS) $(NSCD_LIBS)
 
-bin/tdbbackup@EXEEXT@: $(BINARY_PREREQS) $(TDBBACKUP_OBJ)
+bin/tdbbackup@EXEEXT@: $(BINARY_PREREQS) $(TDBBACKUP_OBJ) @LIBTDB_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(DYNEXP) $(LIBS) $(TDBBACKUP_OBJ)
+	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(TDBBACKUP_OBJ) $(DYNEXP) $(LIBS) @LIBTDB_LIBS@
 
-bin/tdbtool@EXEEXT@: $(BINARY_PREREQS) $(TDBTOOL_OBJ)
+bin/tdbtool@EXEEXT@: $(BINARY_PREREQS) $(TDBTOOL_OBJ) @LIBTDB_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(DYNEXP) $(LIBS) $(TDBTOOL_OBJ)
+	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(TDBTOOL_OBJ) $(DYNEXP) $(LIBS) @LIBTDB_LIBS@
 
-bin/tdbdump@EXEEXT@: $(BINARY_PREREQS) $(TDBDUMP_OBJ)
+bin/tdbdump@EXEEXT@: $(BINARY_PREREQS) $(TDBDUMP_OBJ) @LIBTDB_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(DYNEXP) $(LIBS) $(TDBDUMP_OBJ)
+	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(TDBDUMP_OBJ) $(DYNEXP) $(LIBS) @LIBTDB_LIBS@
 
-bin/tdbtorture@EXEEXT@: $(BINARY_PREREQS) $(TDBTORTURE_OBJ)
+bin/tdbtorture@EXEEXT@: $(BINARY_PREREQS) $(TDBTORTURE_OBJ) @LIBTDB_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(DYNEXP) $(LIBS) $(TDBTORTURE_OBJ)
+	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(TDBTORTURE_OBJ) $(DYNEXP) $(LIBS) @LIBTDB_LIBS@
 
 bin/t_strcmp@EXEEXT@: $(BINARY_PREREQS) bin/libbigballofmud.@SHLIBEXT@ torture/t_strcmp.o
 	$(CC) $(FLAGS) -o $@ $(DYNEXP) $(LIBS) torture/t_strcmp.o -L ./bin -lbigballofmud
@@ -1810,8 +1916,10 @@ bin/timelimit@EXEEXT@: script/tests/timelimit.o
 
 install: installservers installbin @INSTALL_CIFSMOUNT@ @INSTALL_CIFSSPNEGO@ installman \
 		installscripts installdat installmodules @SWAT_INSTALL_TARGETS@ \
+		installlibtalloc \
+		installlibtdb \
 		@INSTALL_LIBSMBCLIENT@ @INSTALL_PAM_MODULES@ \
-		@INSTALL_LIBSMBSHAREMODES@ @INSTALL_LIBWBCLIENT@ @INSTALL_LIBNETAPI@
+		@INSTALL_LIBSMBSHAREMODES@ @INSTALL_LIBWBCLIENT@ installlibnetapi
 
 install-everything: install installmodules
 
@@ -1878,6 +1986,20 @@ installclientlib: installdirs libsmbclient
 	@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) ${prefix}/include
 	-$(INSTALLCMD) -m $(INSTALLPERMS_DATA) $(srcdir)/include/libsmbclient.h $(DESTDIR)${prefix}/include
 
+installlibtalloc: installdirs libtalloc
+	@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(LIBDIR)
+	-$(INSTALLLIBCMD_SH) $(LIBTALLOC_SHARED_TARGET) $(DESTDIR)$(LIBDIR)
+	-$(INSTALLLIBCMD_A) $(LIBTALLOC_STATIC_TARGET) $(DESTDIR)$(LIBDIR)
+	@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) ${prefix}/include
+	-$(INSTALLCMD) -m $(INSTALLPERMS_DATA) @tallocdir@/talloc.h $(DESTDIR)${prefix}/include
+
+installlibtdb: installdirs libtdb
+	@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(LIBDIR)
+	-$(INSTALLLIBCMD_SH) $(LIBTDB_SHARED_TARGET) $(DESTDIR)$(LIBDIR)
+	-$(INSTALLLIBCMD_A) $(LIBTDB_STATIC_TARGET) $(DESTDIR)$(LIBDIR)
+	@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) ${prefix}/include
+	-$(INSTALLCMD) -m $(INSTALLPERMS_DATA) $(LIBTDB_HEADERS) $(DESTDIR)${prefix}/include
+
 installlibsmbsharemodes: installdirs libsmbsharemodes
 	@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(LIBDIR)
 	-$(INSTALLLIBCMD_SH) bin/libsmbsharemodes.@SHLIBEXT@ $(DESTDIR)$(LIBDIR)
@@ -1897,8 +2019,8 @@ installlibwbclient: installdirs libwbclient
 
 installlibnetapi: installdirs libnetapi
 	@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(LIBDIR)
-	-$(INSTALLLIBCMD_SH) bin/libnetapi.@SHLIBEXT@ $(DESTDIR)$(LIBDIR)
-	-$(INSTALLLIBCMD_A) bin/libnetapi.a $(DESTDIR)$(LIBDIR)
+	-$(INSTALLLIBCMD_SH) $(LIBNETAPI_SHARED_TARGET) $(DESTDIR)$(LIBDIR)
+	-$(INSTALLLIBCMD_A) $(LIBNETAPI_STATIC_TARGET) $(DESTDIR)$(LIBDIR)
 	-$(INSTALLCMD) -m $(INSTALLPERMS_DATA) $(srcdir)/lib/netapi/netapi.h $(DESTDIR)${prefix}/include
 
 installpammodules: $(PAM_MODULES)
@@ -1915,8 +2037,7 @@ revert:
 	@$(SHELL) $(srcdir)/script/revert.sh $(BINDIR) $(BIN_PROGS) $(SCRIPTS)
 
 installman: installdirs
-	@SMBMOUNT_PROGS="@SMBMOUNT_PROGS@" $(SHELL) \
-		$(srcdir)/script/installman.sh $(DESTDIR)$(MANDIR) $(srcdir) C "@ROFF@"
+	@$(SHELL) $(srcdir)/script/installman.sh $(DESTDIR)$(MANDIR) $(srcdir) C "@ROFF@"
 
 .PHONY: showlayout
 
@@ -1935,7 +2056,7 @@ showlayout:
 	@echo "  swatdir:     $(SWATDIR)"
 
 
-uninstall: uninstallman uninstallservers uninstallbin @UNINSTALL_CIFSMOUNT@ @UNINSTALL_CIFSSPNEGO@ uninstallscripts uninstalldat uninstallswat uninstallmodules @UNINSTALL_LIBSMBCLIENT@ @UNINSTALL_PAM_MODULES@ @UNINSTALL_LIBSMBSHAREMODES@ @UNINSTALL_LIBNETAPI@
+uninstall: uninstallman uninstallservers uninstallbin @UNINSTALL_CIFSMOUNT@ @UNINSTALL_CIFSSPNEGO@ uninstallscripts uninstalldat uninstallswat uninstallmodules uninstalllibtalloc uninstalllibtdb @UNINSTALL_LIBSMBCLIENT@ @UNINSTALL_PAM_MODULES@ @UNINSTALL_LIBSMBSHAREMODES@ uninstalllibnetapi
 
 uninstallman:
 	@$(SHELL) $(srcdir)/script/uninstallman.sh $(DESTDIR)$(MANDIR) $(srcdir) C
@@ -2006,10 +2127,12 @@ clean: delheaders
 		../testsuite/*/*.o \
 		*/*.@SHLIBEXT@ */*/*.@SHLIBEXT@ */*/*/*.@SHLIBEXT@ \
 		$(TOPFILES) $(BIN_PROGS) $(SBIN_PROGS) $(ROOT_SBIN_PROGS) \
-		$(MODULES) $(TORTURE_PROGS) $(LIBSMBCLIENT) $(LIBADDNS) \
+		$(MODULES) $(TORTURE_PROGS) \
+		$(LIBTALLOC) $(LIBSMBCLIENT) $(LIBADDNS) \
 		$(LIBSMBSHAREMODES) $(EVERYTHING_PROGS) $(LIBNETAPI) \
 		bin/libwbclient.so.0 bin/timelimit \
-		.headers.stamp */src/*.o proto_exists
+		.headers.stamp */src/*.o proto_exists \
+		$(LIBTDB_SYMS)
 	-rm -rf t_dir
 
 # Making this target will just make sure that the prototype files
@@ -2172,7 +2295,7 @@ test_pam_modules: pam_modules
 ##
 test: all torture timelimit
 	@echo Running Test suite
-	@LIB_PATH_VAR=$(LIB_PATH_VAR) PERL="$(PERL)" $(srcdir)/script/tests/selftest.sh ${selftest_prefix}/st all "${smbtorture4_path}"
+	@LIB_PATH_VAR=$(LIB_PATH_VAR) PERL="$(PERL)" $(srcdir)/script/tests/selftest.sh ${selftest_prefix} all "${smbtorture4_path}"
 
 valgrindtest: all torture timelimit
 	@echo Running Test suite with valgrind
@@ -2180,5 +2303,5 @@ valgrindtest: all torture timelimit
 	 NMBD_VALGRIND="xterm -n nmbd -e valgrind -q --db-attach=yes --num-callers=30" \
 	 WINBINDD_VALGRIND="xterm -n winbindd -e valgrind -q --db-attach=yes --num-callers=30" \
 	 SMBD_VALGRIND="xterm -n smbd -e valgrind -q --db-attach=yes --num-callers=30" \
-	 VALGRIND="valgrind -q --num-callers=30 --log-file=${selftest_prefix}/st/valgrind.log" \
-	 PERL="$(PERL)" $(srcdir)/script/tests/selftest.sh ${selftest_prefix}/st all "${smbtorture4_path}"
+	 VALGRIND="valgrind -q --num-callers=30 --log-file=${selftest_prefix}/valgrind.log" \
+	 PERL="$(PERL)" $(srcdir)/script/tests/selftest.sh ${selftest_prefix} all "${smbtorture4_path}"
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index 0a9ae32472..05bb6a5af0 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -458,7 +458,9 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context)
 	char **auth_method_list = NULL; 
 	NTSTATUS nt_status;
 
-	if (lp_auth_methods() && !str_list_copy(&auth_method_list, lp_auth_methods())) {
+	if (lp_auth_methods()
+	    && !str_list_copy(talloc_tos(), &auth_method_list,
+			      lp_auth_methods())) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
@@ -467,38 +469,52 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context)
 		{
 		case SEC_DOMAIN:
 			DEBUG(5,("Making default auth method list for security=domain\n"));
-			auth_method_list = str_list_make("guest sam winbind:ntdomain", NULL);
+			auth_method_list = str_list_make(
+				talloc_tos(), "guest sam winbind:ntdomain",
+				NULL);
 			break;
 		case SEC_SERVER:
 			DEBUG(5,("Making default auth method list for security=server\n"));
-			auth_method_list = str_list_make("guest sam smbserver", NULL);
+			auth_method_list = str_list_make(
+				talloc_tos(), "guest sam smbserver",
+				NULL);
 			break;
 		case SEC_USER:
 			if (lp_encrypted_passwords()) {	
 				if ((lp_server_role() == ROLE_DOMAIN_PDC) || (lp_server_role() == ROLE_DOMAIN_BDC)) {
 					DEBUG(5,("Making default auth method list for DC, security=user, encrypt passwords = yes\n"));
-					auth_method_list = str_list_make("guest sam winbind:trustdomain", NULL);
+					auth_method_list = str_list_make(
+						talloc_tos(),
+						"guest sam winbind:trustdomain",
+						NULL);
 				} else {
 					DEBUG(5,("Making default auth method list for standalone security=user, encrypt passwords = yes\n"));
-					auth_method_list = str_list_make("guest sam", NULL);
+					auth_method_list = str_list_make(
+						talloc_tos(), "guest sam",
+						NULL);
 				}
 			} else {
 				DEBUG(5,("Making default auth method list for security=user, encrypt passwords = no\n"));
-				auth_method_list = str_list_make("guest unix", NULL);
+				auth_method_list = str_list_make(
+					talloc_tos(), "guest unix", NULL);
 			}
 			break;
 		case SEC_SHARE:
 			if (lp_encrypted_passwords()) {
 				DEBUG(5,("Making default auth method list for security=share, encrypt passwords = yes\n"));
-				auth_method_list = str_list_make("guest sam", NULL);
+				auth_method_list = str_list_make(
+					talloc_tos(), "guest sam", NULL);
 			} else {
 				DEBUG(5,("Making default auth method list for security=share, encrypt passwords = no\n"));
-				auth_method_list = str_list_make("guest unix", NULL);
+				auth_method_list = str_list_make(
+					talloc_tos(), "guest unix", NULL);
 			}
 			break;
 		case SEC_ADS:
 			DEBUG(5,("Making default auth method list for security=ADS\n"));
-			auth_method_list = str_list_make("guest sam winbind:ntdomain", NULL);
+			auth_method_list = str_list_make(
+				talloc_tos(), "guest sam winbind:ntdomain",
+				NULL);
 			break;
 		default:
 			DEBUG(5,("Unknown auth method!\n"));
@@ -508,12 +524,10 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context)
 		DEBUG(5,("Using specified auth order\n"));
 	}
 	
-	if (!NT_STATUS_IS_OK(nt_status = make_auth_context_text_list(auth_context, auth_method_list))) {
-		str_list_free(&auth_method_list);
-		return nt_status;
-	}
-	
-	str_list_free(&auth_method_list);
+	nt_status = make_auth_context_text_list(auth_context,
+						auth_method_list);
+
+	TALLOC_FREE(auth_method_list);
 	return nt_status;
 }
 
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index 1de9869f90..df51966f4c 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -124,7 +124,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result)));
 
 	if (!lp_client_schannel()) {
 		/* We need to set up a creds chain on an unauthenticated netlogon pipe. */
-		uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+		uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
 		uint32 sec_chan_type = 0;
 		unsigned char machine_pwd[16];
 		const char *account_name;
@@ -189,7 +189,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
 					struct sockaddr_storage *dc_ss)
 
 {
-	NET_USER_INFO_3 info3;
+	struct netr_SamInfo3 *info3 = NULL;
 	struct cli_state *cli = NULL;
 	struct rpc_pipe_client *netlogon_pipe = NULL;
 	NTSTATUS nt_status = NT_STATUS_NO_LOGON_SERVERS;
@@ -227,8 +227,6 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
 
 	saf_store( domain, cli->desthost );
 
-	ZERO_STRUCT(info3);
-
         /*
          * If this call succeeds, we now have lots of info about the user
          * in the info3 structure.  
@@ -267,7 +265,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
 						user_info->smb_name,
 						domain,
 						server_info,
-						&info3);
+						info3);
 
 		if (NT_STATUS_IS_OK(nt_status)) {
 			if (user_info->was_mapped) {
@@ -281,12 +279,14 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
 				if (  !NT_STATUS_IS_OK(nt_status)) {
 					DEBUG(1, ("PAM account restriction prevents user login\n"));
 					cli_shutdown(cli);
+					TALLOC_FREE(info3);
 					return nt_status;
 				}
 			}
 		}
 
-		netsamlogon_cache_store( user_info->smb_name, &info3 );
+		netsamlogon_cache_store(user_info->smb_name, info3);
+		TALLOC_FREE(info3);
 	}
 
 	/* Note - once the cli stream is shutdown the mem_ctx used
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 526f2c93df..ed66d0db0a 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -186,8 +186,13 @@ NTSTATUS auth_ntlmssp_start(AUTH_NTLMSSP_STATE **auth_ntlmssp_state)
 
 void auth_ntlmssp_end(AUTH_NTLMSSP_STATE **auth_ntlmssp_state)
 {
-	TALLOC_CTX *mem_ctx = (*auth_ntlmssp_state)->mem_ctx;
+	TALLOC_CTX *mem_ctx;
+
+	if (*auth_ntlmssp_state == NULL) {
+		return;
+	}
 
+	mem_ctx = (*auth_ntlmssp_state)->mem_ctx;
 	if ((*auth_ntlmssp_state)->ntlmssp_state) {
 		ntlmssp_end(&(*auth_ntlmssp_state)->ntlmssp_state);
 	}
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index 1ab0c8b3eb..66504a8a52 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -122,7 +122,7 @@ static bool logon_hours_ok(struct samu *sampass)
 }
 
 /****************************************************************************
- Do a specific test for a struct samu being vaild for this connection 
+ Do a specific test for a struct samu being valid for this connection
  (ie not disabled, expired and the like).
 ****************************************************************************/
 
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index ce47e94eb5..a95a59ea46 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1422,7 +1422,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 				const char *sent_nt_username,
 				const char *domain,
 				auth_serversupplied_info **server_info, 
-				NET_USER_INFO_3 *info3) 
+				struct netr_SamInfo3 *info3)
 {
 	char zeros[16];
 
@@ -1446,23 +1446,25 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 	   matches.
 	*/
 
-	sid_copy(&user_sid, &info3->dom_sid.sid);
-	if (!sid_append_rid(&user_sid, info3->user_rid)) {
+	sid_copy(&user_sid, info3->base.domain_sid);
+	if (!sid_append_rid(&user_sid, info3->base.rid)) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 	
-	sid_copy(&group_sid, &info3->dom_sid.sid);
-	if (!sid_append_rid(&group_sid, info3->group_rid)) {
+	sid_copy(&group_sid, info3->base.domain_sid);
+	if (!sid_append_rid(&group_sid, info3->base.primary_gid)) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	if (!(nt_username = unistr2_to_ascii_talloc(mem_ctx, &(info3->uni_user_name)))) {
+	nt_username = talloc_strdup(mem_ctx, info3->base.account_name.string);
+	if (!nt_username) {
 		/* If the server didn't give us one, just use the one we sent
 		 * them */
 		nt_username = sent_nt_username;
 	}
 
-	if (!(nt_domain = unistr2_to_ascii_talloc(mem_ctx, &(info3->uni_logon_dom)))) {
+	nt_domain = talloc_strdup(mem_ctx, info3->base.domain.string);
+	if (!nt_domain) {
 		/* If the server didn't give us one, just use the one we sent
 		 * them */
 		nt_domain = domain;
@@ -1527,50 +1529,50 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 		TALLOC_FREE(sam_account);
 		return NT_STATUS_UNSUCCESSFUL;
 	}
-		
+
 	if (!pdb_set_fullname(sam_account,
-			      unistr2_static(&(info3->uni_full_name)), 
+			      info3->base.full_name.string,
 			      PDB_CHANGED)) {
 		TALLOC_FREE(sam_account);
 		return NT_STATUS_NO_MEMORY;
 	}
 
 	if (!pdb_set_logon_script(sam_account,
-				  unistr2_static(&(info3->uni_logon_script)),
+				  info3->base.logon_script.string,
 				  PDB_CHANGED)) {
 		TALLOC_FREE(sam_account);
 		return NT_STATUS_NO_MEMORY;
 	}
 
 	if (!pdb_set_profile_path(sam_account,
-				  unistr2_static(&(info3->uni_profile_path)),
+				  info3->base.profile_path.string,
 				  PDB_CHANGED)) {
 		TALLOC_FREE(sam_account);
 		return NT_STATUS_NO_MEMORY;
 	}
 
 	if (!pdb_set_homedir(sam_account,
-			     unistr2_static(&(info3->uni_home_dir)),
+			     info3->base.home_directory.string,
 			     PDB_CHANGED)) {
 		TALLOC_FREE(sam_account);
 		return NT_STATUS_NO_MEMORY;
 	}
 
 	if (!pdb_set_dir_drive(sam_account,
-			       unistr2_static(&(info3->uni_dir_drive)),
+			       info3->base.home_drive.string,
 			       PDB_CHANGED)) {
 		TALLOC_FREE(sam_account);
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!pdb_set_acct_ctrl(sam_account, info3->acct_flags, PDB_CHANGED)) {
+	if (!pdb_set_acct_ctrl(sam_account, info3->base.acct_flags, PDB_CHANGED)) {
 		TALLOC_FREE(sam_account);
 		return NT_STATUS_NO_MEMORY;
 	}
 
 	if (!pdb_set_pass_last_set_time(
 		    sam_account,
-		    nt_time_to_unix(info3->pass_last_set_time),
+		    nt_time_to_unix(info3->base.last_password_change),
 		    PDB_CHANGED)) {
 		TALLOC_FREE(sam_account);
 		return NT_STATUS_NO_MEMORY;
@@ -1578,7 +1580,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 
 	if (!pdb_set_pass_can_change_time(
 		    sam_account,
-		    nt_time_to_unix(info3->pass_can_change_time),
+		    nt_time_to_unix(info3->base.allow_password_change),
 		    PDB_CHANGED)) {
 		TALLOC_FREE(sam_account);
 		return NT_STATUS_NO_MEMORY;
@@ -1586,7 +1588,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 
 	if (!pdb_set_pass_must_change_time(
 		    sam_account,
-		    nt_time_to_unix(info3->pass_must_change_time),
+		    nt_time_to_unix(info3->base.force_password_change),
 		    PDB_CHANGED)) {
 		TALLOC_FREE(sam_account);
 		return NT_STATUS_NO_MEMORY;
@@ -1624,27 +1626,260 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 		return nt_status;
 	}
 
-	result->login_server = unistr2_to_ascii_talloc(result, 
-					    &(info3->uni_logon_srv));
+	result->login_server = talloc_strdup(result,
+					     info3->base.logon_server.string);
+
+	/* ensure we are never given NULL session keys */
+
+	ZERO_STRUCT(zeros);
+
+	if (memcmp(info3->base.key.key, zeros, sizeof(zeros)) == 0) {
+		result->user_session_key = data_blob_null;
+	} else {
+		result->user_session_key = data_blob_talloc(
+			result, info3->base.key.key,
+			sizeof(info3->base.key.key));
+	}
+
+	if (memcmp(info3->base.LMSessKey.key, zeros, 8) == 0) {
+		result->lm_session_key = data_blob_null;
+	} else {
+		result->lm_session_key = data_blob_talloc(
+			result, info3->base.LMSessKey.key,
+			sizeof(info3->base.LMSessKey.key));
+	}
+
+	result->was_mapped = username_was_mapped;
+
+	*server_info = result;
+
+	return NT_STATUS_OK;
+}
+
+/*****************************************************************************
+ Make a server_info struct from the wbcAuthUserInfo returned by a domain logon
+******************************************************************************/
+
+NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
+					  const char *sent_nt_username,
+					  const char *domain,
+					  const struct wbcAuthUserInfo *info,
+					  auth_serversupplied_info **server_info)
+{
+	char zeros[16];
+
+	NTSTATUS nt_status = NT_STATUS_OK;
+	char *found_username = NULL;
+	const char *nt_domain;
+	const char *nt_username;
+	struct samu *sam_account = NULL;
+	DOM_SID user_sid;
+	DOM_SID group_sid;
+	bool username_was_mapped;
+	uint32_t i;
+
+	uid_t uid = (uid_t)-1;
+	gid_t gid = (gid_t)-1;
+
+	auth_serversupplied_info *result;
+
+	result = make_server_info(NULL);
+	if (result == NULL) {
+		DEBUG(4, ("make_server_info failed!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/*
+	   Here is where we should check the list of
+	   trusted domains, and verify that the SID
+	   matches.
+	*/
+
+	memcpy(&user_sid, &info->sids[0].sid, sizeof(user_sid));
+	memcpy(&group_sid, &info->sids[1].sid, sizeof(group_sid));
+
+	if (info->account_name) {
+		nt_username = talloc_strdup(result, info->account_name);
+	} else {
+		/* If the server didn't give us one, just use the one we sent
+		 * them */
+		nt_username = talloc_strdup(result, sent_nt_username);
+	}
+	if (!nt_username) {
+		TALLOC_FREE(result);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (info->domain_name) {
+		nt_domain = talloc_strdup(result, info->domain_name);
+	} else {
+		/* If the server didn't give us one, just use the one we sent
+		 * them */
+		nt_domain = talloc_strdup(result, domain);
+	}
+	if (!nt_domain) {
+		TALLOC_FREE(result);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* try to fill the SAM account..  If getpwnam() fails, then try the
+	   add user script (2.2.x behavior).
+
+	   We use the _unmapped_ username here in an attempt to provide
+	   consistent username mapping behavior between kerberos and NTLM[SSP]
+	   authentication in domain mode security.  I.E. Username mapping
+	   should be applied to the fully qualified username
+	   (e.g. DOMAIN\user) and not just the login name.  Yes this means we
+	   called map_username() unnecessarily in make_user_info_map() but
+	   that is how the current code is designed.  Making the change here
+	   is the least disruptive place.  -- jerry */
+
+	if ( !(sam_account = samu_new( result )) ) {
+		TALLOC_FREE(result);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* this call will try to create the user if necessary */
+
+	nt_status = fill_sam_account(result, nt_domain, sent_nt_username,
+				     &found_username, &uid, &gid, sam_account,
+				     &username_was_mapped);
+
+	/* if we still don't have a valid unix account check for
+	  'map to guest = bad uid' */
+
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		TALLOC_FREE( result );
+		if ( lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID ) {
+			make_server_info_guest(server_info);
+			return NT_STATUS_OK;
+		}
+		return nt_status;
+	}
+
+	if (!pdb_set_nt_username(sam_account, nt_username, PDB_CHANGED)) {
+		TALLOC_FREE(result);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!pdb_set_username(sam_account, nt_username, PDB_CHANGED)) {
+		TALLOC_FREE(result);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!pdb_set_domain(sam_account, nt_domain, PDB_CHANGED)) {
+		TALLOC_FREE(result);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!pdb_set_user_sid(sam_account, &user_sid, PDB_CHANGED)) {
+		TALLOC_FREE(result);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	if (!pdb_set_group_sid(sam_account, &group_sid, PDB_CHANGED)) {
+		TALLOC_FREE(result);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	if (!pdb_set_fullname(sam_account, info->full_name, PDB_CHANGED)) {
+		TALLOC_FREE(result);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!pdb_set_logon_script(sam_account, info->logon_script, PDB_CHANGED)) {
+		TALLOC_FREE(result);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!pdb_set_profile_path(sam_account, info->profile_path, PDB_CHANGED)) {
+		TALLOC_FREE(result);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!pdb_set_homedir(sam_account, info->home_directory, PDB_CHANGED)) {
+		TALLOC_FREE(result);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!pdb_set_dir_drive(sam_account, info->home_drive, PDB_CHANGED)) {
+		TALLOC_FREE(result);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!pdb_set_acct_ctrl(sam_account, info->acct_flags, PDB_CHANGED)) {
+		TALLOC_FREE(result);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!pdb_set_pass_last_set_time(
+		    sam_account,
+		    nt_time_to_unix(info->pass_last_set_time),
+		    PDB_CHANGED)) {
+		TALLOC_FREE(result);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!pdb_set_pass_can_change_time(
+		    sam_account,
+		    nt_time_to_unix(info->pass_can_change_time),
+		    PDB_CHANGED)) {
+		TALLOC_FREE(result);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!pdb_set_pass_must_change_time(
+		    sam_account,
+		    nt_time_to_unix(info->pass_must_change_time),
+		    PDB_CHANGED)) {
+		TALLOC_FREE(result);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	/* save this here to _net_sam_logon() doesn't fail (it assumes a
+	   valid struct samu) */
+
+	result->sam_account = sam_account;
+	result->unix_name = talloc_strdup(result, found_username);
+
+	result->login_server = talloc_strdup(result, info->logon_server);
+
+	/* Fill in the unix info we found on the way */
+
+	result->uid = uid;
+	result->gid = gid;
+
+	/* Create a 'combined' list of all SIDs we might want in the SD */
+
+	result->num_sids = info->num_sids - 2;
+	result->sids = talloc_array(result, DOM_SID, result->num_sids);
+	if (result->sids == NULL) {
+		TALLOC_FREE(result);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0; i < result->num_sids; i++) {
+		memcpy(&result->sids[i], &info->sids[i+2].sid, sizeof(result->sids[i]));
+	}
 
 	/* ensure we are never given NULL session keys */
 
 	ZERO_STRUCT(zeros);
 
-	if (memcmp(info3->user_sess_key, zeros, sizeof(zeros)) == 0) {
+	if (memcmp(info->user_session_key, zeros, sizeof(zeros)) == 0) {
 		result->user_session_key = data_blob_null;
 	} else {
 		result->user_session_key = data_blob_talloc(
-			result, info3->user_sess_key,
-			sizeof(info3->user_sess_key));
+			result, info->user_session_key,
+			sizeof(info->user_session_key));
 	}
 
-	if (memcmp(info3->lm_sess_key, zeros, 8) == 0) {
+	if (memcmp(info->lm_session_key, zeros, 8) == 0) {
 		result->lm_session_key = data_blob_null;
 	} else {
 		result->lm_session_key = data_blob_talloc(
-			result, info3->lm_sess_key,
-			sizeof(info3->lm_sess_key));
+			result, info->lm_session_key,
+			sizeof(info->lm_session_key));
 	}
 
 	result->was_mapped = username_was_mapped;
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index b24aa3a75b..26a1b7f101 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -25,31 +25,6 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
 
-static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct winbindd_response *response, NET_USER_INFO_3 *info3)
-{
-	uint8 *info3_ndr;
-	size_t len = response->length - sizeof(struct winbindd_response);
-	prs_struct ps;
-	if (len > 0) {
-		info3_ndr = (uint8 *)response->extra_data.data;
-		if (!prs_init(&ps, len, mem_ctx, UNMARSHALL)) {
-			return NT_STATUS_NO_MEMORY;
-		}
-		prs_copy_data_in(&ps, (char *)info3_ndr, len);
-		prs_set_offset(&ps,0);
-		if (!net_io_user_info3("", info3, &ps, 1, 3, False)) {
-			DEBUG(2, ("get_info3_from_ndr: could not parse info3 struct!\n"));
-			return NT_STATUS_UNSUCCESSFUL;
-		}
-		prs_mem_free(&ps);
-
-		return NT_STATUS_OK;
-	} else {
-		DEBUG(2, ("get_info3_from_ndr: No info3 struct found!\n"));
-		return NT_STATUS_UNSUCCESSFUL;
-	}
-}
-
 /* Authenticate a user with a challenge/response */
 
 static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
@@ -58,11 +33,11 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
 				       const auth_usersupplied_info *user_info, 
 				       auth_serversupplied_info **server_info)
 {
-	struct winbindd_request request;
-	struct winbindd_response response;
-        NSS_STATUS result;
 	NTSTATUS nt_status;
-        NET_USER_INFO_3 info3;
+	wbcErr wbc_status;
+	struct wbcAuthUserParams params;
+	struct wbcAuthUserInfo *info = NULL;
+	struct wbcAuthErrorInfo *err = NULL;
 
 	if (!user_info) {
 		return NT_STATUS_INVALID_PARAMETER;
@@ -82,36 +57,34 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
 
 	/* Send off request */
 
-	ZERO_STRUCT(request);
-	ZERO_STRUCT(response);
+	params.account_name	= user_info->smb_name;
+	params.domain_name	= user_info->domain;
+	params.workstation_name	= user_info->wksta_name;
 
-	request.flags = WBFLAG_PAM_INFO3_NDR;
+	params.flags		= 0;
+	params.parameter_control= user_info->logon_parameters;
 
-	request.data.auth_crap.logon_parameters = user_info->logon_parameters;
+	params.level		= WBC_AUTH_USER_LEVEL_RESPONSE;
 
-	fstrcpy(request.data.auth_crap.user, user_info->smb_name);
-	fstrcpy(request.data.auth_crap.domain, user_info->domain);
-	fstrcpy(request.data.auth_crap.workstation, user_info->wksta_name);
+	memcpy(params.password.response.challenge,
+	       auth_context->challenge.data,
+	       sizeof(params.password.response.challenge));
 
-	memcpy(request.data.auth_crap.chal, auth_context->challenge.data, sizeof(request.data.auth_crap.chal));
-	
-	request.data.auth_crap.lm_resp_len = MIN(user_info->lm_resp.length, 
-						 sizeof(request.data.auth_crap.lm_resp));
-	request.data.auth_crap.nt_resp_len = MIN(user_info->nt_resp.length, 
-						 sizeof(request.data.auth_crap.nt_resp));
-	
-	memcpy(request.data.auth_crap.lm_resp, user_info->lm_resp.data, 
-	       request.data.auth_crap.lm_resp_len);
-	memcpy(request.data.auth_crap.nt_resp, user_info->nt_resp.data, 
-	       request.data.auth_crap.nt_resp_len);
+	params.password.response.nt_length	= user_info->nt_resp.length;
+	params.password.response.nt_data	= user_info->nt_resp.data;
+	params.password.response.lm_length	= user_info->lm_resp.length;
+	params.password.response.lm_data	= user_info->lm_resp.data;
 
 	/* we are contacting the privileged pipe */
 	become_root();
-	result = winbindd_priv_request_response(WINBINDD_PAM_AUTH_CRAP,
-						&request, &response);
+	wbc_status = wbcAuthenticateUserEx(&params, &info, &err);
 	unbecome_root();
 
-	if ( result == NSS_STATUS_UNAVAIL )  {
+	if (wbc_status == WBC_ERR_NO_MEMORY) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (wbc_status == WBC_ERR_WINBIND_NOT_AVAILABLE) {
 		struct auth_methods *auth_method =
 			(struct auth_methods *)my_private_data;
 
@@ -123,27 +96,29 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
 			DEBUG(0,("check_winbind_security: ERROR!  my_private_data == NULL!\n"));
 	}
 
-	nt_status = NT_STATUS(response.data.auth.nt_status);
-
-	if (result == NSS_STATUS_SUCCESS && response.extra_data.data) {
-		if (NT_STATUS_IS_OK(nt_status)) {
-			if (NT_STATUS_IS_OK(nt_status = get_info3_from_ndr(mem_ctx, &response, &info3))) { 
-				nt_status = make_server_info_info3(mem_ctx, 
-					user_info->smb_name, user_info->domain, 
-					server_info, &info3); 
-			}
-			
-			if (NT_STATUS_IS_OK(nt_status)) {
-				if (user_info->was_mapped) {
-					(*server_info)->was_mapped = user_info->was_mapped;
-				}
-			}
-		}
-	} else if (NT_STATUS_IS_OK(nt_status)) {
-		nt_status = NT_STATUS_NO_LOGON_SERVERS;
+	if (wbc_status == WBC_ERR_AUTH_ERROR) {
+		nt_status = NT_STATUS(err->nt_status);
+		wbcFreeMemory(err);
+		return nt_status;
+	}
+
+	if (!WBC_ERROR_IS_OK(wbc_status)) {
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
+	nt_status = make_server_info_wbcAuthUserInfo(mem_ctx,
+						     user_info->smb_name,
+						     user_info->domain,
+						     info, server_info);
+	wbcFreeMemory(info);
+	if (!NT_STATUS_IS_OK(nt_status)) {
+		return nt_status;
+	}
+
+	if (user_info->was_mapped) {
+		(*server_info)->was_mapped = user_info->was_mapped;
 	}
 
-	SAFE_FREE(response.extra_data.data);
         return nt_status;
 }
 
diff --git a/source3/client/cifs.spnego.c b/source3/client/cifs.spnego.c
index caa22276c4..d10d19da96 100644
--- a/source3/client/cifs.spnego.c
+++ b/source3/client/cifs.spnego.c
@@ -3,11 +3,13 @@
 * Copyright (C) Igor Mammedov (niallain@gmail.com) 2007
 *
 * Used by /sbin/request-key for handling
-* cifs upcall for kerberos authorization of access to share.
+* cifs upcall for kerberos authorization of access to share and
+* cifs upcall for DFS srver name resolving (IPv4/IPv6 aware).
 * You should have keyutils installed and add following line to
 * /etc/request-key.conf file
 
 create cifs.spnego * * /usr/local/sbin/cifs.spnego [-v][-c] %k
+create cifs.resolver * * /usr/local/sbin/cifs.spnego [-v] %k
 
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -27,7 +29,7 @@ create cifs.spnego * * /usr/local/sbin/cifs.spnego [-v][-c] %k
 
 #include "cifs_spnego.h"
 
-const char* CIFSSPNEGO_VERSION="1.0";
+const char *CIFSSPNEGO_VERSION = "1.1";
 static const char *prog = "cifs.spnego";
 typedef enum _secType {
 	KRB5,
@@ -146,6 +148,58 @@ int decode_key_description(const char *desc, int *ver, secType_t * sec,
 	return retval;
 }
 
+int cifs_resolver(const key_serial_t key, const char *key_descr)
+{
+	int c;
+	struct addrinfo *addr;
+	char ip[INET6_ADDRSTRLEN];
+	void *p;
+	const char *keyend = key_descr;
+	/* skip next 4 ';' delimiters to get to description */
+	for (c = 1; c <= 4; c++) {
+		keyend = index(keyend+1, ';');
+		if (!keyend) {
+			syslog(LOG_WARNING, "invalid key description: %s",
+					key_descr);
+			return 1;
+		}
+	}
+	keyend++;
+
+	/* resolve name to ip */
+	c = getaddrinfo(keyend, NULL, NULL, &addr);
+	if (c) {
+		syslog(LOG_WARNING, "unable to resolve hostname: %s [%s]",
+				keyend, gai_strerror(c));
+		return 1;
+	}
+
+	/* conver ip to string form */
+	if (addr->ai_family == AF_INET) {
+		p = &(((struct sockaddr_in *)addr->ai_addr)->sin_addr);
+	} else {
+		p = &(((struct sockaddr_in6 *)addr->ai_addr)->sin6_addr);
+	}
+	if (!inet_ntop(addr->ai_family, p, ip, sizeof(ip))) {
+		syslog(LOG_WARNING, "%s: inet_ntop: %s",
+				__FUNCTION__, strerror(errno));
+		freeaddrinfo(addr);
+		return 1;
+	}
+
+	/* setup key */
+	c = keyctl_instantiate(key, ip, strlen(ip)+1, 0);
+	if (c == -1) {
+		syslog(LOG_WARNING, "%s: keyctl_instantiate: %s",
+				__FUNCTION__, strerror(errno));
+		freeaddrinfo(addr);
+		return 1;
+	}
+
+	freeaddrinfo(addr);
+	return 0;
+}
+
 int main(const int argc, char *const argv[])
 {
 	struct cifs_spnego_msg *keydata = NULL;
@@ -199,6 +253,11 @@ int main(const int argc, char *const argv[])
 		goto out;
 	}
 
+	if (strncmp(buf, "cifs.resolver", sizeof("cifs.resolver")-1) == 0) {
+		rc = cifs_resolver(key, buf);
+		goto out;
+	}
+
 	rc = decode_key_description(buf, &kernel_upcall_version, &sectype,
 				    &hostname, &uid);
 	if ((rc & DKD_MUSTHAVE_SET) != DKD_MUSTHAVE_SET) {
diff --git a/source3/client/client.c b/source3/client/client.c
index 267c13048e..1410fc2f33 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -309,6 +309,17 @@ static int cmd_pwd(void)
 }
 
 /****************************************************************************
+ Ensure name has correct directory separators.
+****************************************************************************/
+
+static void normalize_name(char *newdir)
+{
+	if (!(cli->posix_capabilities & CIFS_UNIX_POSIX_PATHNAMES_CAP)) {
+		string_replace(newdir,'/','\\');
+	}
+}
+
+/****************************************************************************
  Change directory - inner section.
 ****************************************************************************/
 
@@ -329,7 +340,8 @@ static int do_cd(const char *new_dir)
 		TALLOC_FREE(ctx);
 		return 1;
 	}
-	string_replace(newdir,'/','\\');
+
+	normalize_name(newdir);
 
 	/* Save the current directory in case the new directory is invalid */
 
@@ -349,17 +361,16 @@ static int do_cd(const char *new_dir)
 		if (!new_cd) {
 			goto out;
 		}
-		if ((new_cd[0] != '\0') && (*(new_cd+strlen(new_cd)-1) != CLI_DIRSEP_CHAR)) {
-			new_cd = talloc_asprintf_append(new_cd, CLI_DIRSEP_STR);
-			if (!new_cd) {
-				goto out;
-			}
-		}
-		client_set_cur_dir(new_cd);
 	}
-	if (!new_cd) {
-		goto out;
+
+	/* Ensure cur_dir ends in a DIRSEP */
+	if ((new_cd[0] != '\0') && (*(new_cd+strlen(new_cd)-1) != CLI_DIRSEP_CHAR)) {
+		new_cd = talloc_asprintf_append(new_cd, CLI_DIRSEP_STR);
+		if (!new_cd) {
+			goto out;
+		}
 	}
+	client_set_cur_dir(new_cd);
 
 	new_cd = clean_name(ctx, new_cd);
 	client_set_cur_dir(new_cd);
@@ -851,26 +862,15 @@ static int cmd_dir(void)
 	int rc = 1;
 
 	dir_total = 0;
-	if (strcmp(client_get_cur_dir(), CLI_DIRSEP_STR) != 0) {
-		mask = talloc_strdup(ctx, client_get_cur_dir());
-		if (!mask) {
-			return 1;
-		}
-		if ((mask[0] != '\0') && (mask[strlen(mask)-1]!=CLI_DIRSEP_CHAR)) {
-			mask = talloc_asprintf_append(mask, CLI_DIRSEP_STR);
-		}
-	} else {
-		mask = talloc_strdup(ctx, CLI_DIRSEP_STR);
-	}
-
+	mask = talloc_strdup(ctx, client_get_cur_dir());
 	if (!mask) {
 		return 1;
 	}
 
 	if (next_token_talloc(ctx, &cmd_ptr,&buf,NULL)) {
-		string_replace(buf,'/','\\');
+		normalize_name(buf);
 		if (*buf == CLI_DIRSEP_CHAR) {
-			mask = talloc_strdup(ctx, buf + 1);
+			mask = talloc_strdup(ctx, buf);
 		} else {
 			mask = talloc_asprintf_append(mask, buf);
 		}
@@ -920,7 +920,7 @@ static int cmd_du(void)
 	}
 
 	if (next_token_talloc(ctx, &cmd_ptr,&buf,NULL)) {
-		string_replace(buf,'/','\\');
+		normalize_name(buf);
 		if (*buf == CLI_DIRSEP_CHAR) {
 			mask = talloc_strdup(ctx, buf);
 		} else {
@@ -964,12 +964,20 @@ static int cmd_echo(void)
  Get a file from rname to lname
 ****************************************************************************/
 
+static NTSTATUS writefile_sink(char *buf, size_t n, void *priv)
+{
+	int *pfd = (int *)priv;
+	if (writefile(*pfd, buf, n) == -1) {
+		return map_nt_error_from_unix(errno);
+	}
+	return NT_STATUS_OK;
+}
+
 static int do_get(const char *rname, const char *lname_in, bool reget)
 {
 	TALLOC_CTX *ctx = talloc_tos();
 	int handle = 0, fnum;
 	bool newhandle = false;
-	char *data = NULL;
 	struct timeval tp_start;
 	int read_size = io_bufsize;
 	uint16 attr;
@@ -980,6 +988,7 @@ static int do_get(const char *rname, const char *lname_in, bool reget)
 	struct cli_state *targetcli = NULL;
 	char *targetname = NULL;
 	char *lname = NULL;
+	NTSTATUS status;
 
 	lname = talloc_strdup(ctx, lname_in);
 	if (!lname) {
@@ -1038,36 +1047,15 @@ static int do_get(const char *rname, const char *lname_in, bool reget)
 	DEBUG(1,("getting file %s of size %.0f as %s ",
 		 rname, (double)size, lname));
 
-	if(!(data = (char *)SMB_MALLOC(read_size))) {
-		d_printf("malloc fail for size %d\n", read_size);
+	status = cli_pull(targetcli, fnum, start, size, 1024*1024,
+			  writefile_sink, (void *)&handle, &nread);
+	if (!NT_STATUS_IS_OK(status)) {
+		d_fprintf(stderr, "parallel_read returned %s\n",
+			  nt_errstr(status));
 		cli_close(targetcli, fnum);
 		return 1;
 	}
 
-	while (1) {
-		int n = cli_read(targetcli, fnum, data, nread + start, read_size);
-
-		if (n <= 0)
-			break;
-
-		if (writefile(handle,data, n) != n) {
-			d_printf("Error writing local file\n");
-			rc = 1;
-			break;
-		}
-
-		nread += n;
-	}
-
-	if (nread + start < size) {
-		DEBUG (0, ("Short read when getting file %s. Only got %ld bytes.\n",
-			    rname, (long)nread));
-
-		rc = 1;
-	}
-
-	SAFE_FREE(data);
-
 	if (!cli_close(targetcli, fnum)) {
 		d_printf("Error %s closing remote file\n",cli_errstr(cli));
 		rc = 1;
@@ -1112,10 +1100,7 @@ static int cmd_get(void)
 	char *rname = NULL;
 	char *fname = NULL;
 
-	rname = talloc_asprintf(ctx,
-			"%s%s",
-			client_get_cur_dir(),
-			CLI_DIRSEP_STR);
+	rname = talloc_strdup(ctx, client_get_cur_dir());
 	if (!rname) {
 		return 1;
 	}
@@ -1262,10 +1247,7 @@ static int cmd_more(void)
 	int fd;
 	int rc = 0;
 
-	rname = talloc_asprintf(ctx,
-			"%s%s",
-			client_get_cur_dir(),
-			CLI_DIRSEP_STR);
+	rname = talloc_strdup(ctx, client_get_cur_dir());
 	if (!rname) {
 		return 1;
 	}
@@ -1334,15 +1316,6 @@ static int cmd_mget(void)
 		if (!mget_mask) {
 			return 1;
 		}
-		if ((mget_mask[0] != '\0') &&
-				(mget_mask[strlen(mget_mask)-1]!=CLI_DIRSEP_CHAR)) {
-			mget_mask = talloc_asprintf_append(mget_mask,
-							CLI_DIRSEP_STR);
-			if (!mget_mask) {
-				return 1;
-			}
-		}
-
 		if (*buf == CLI_DIRSEP_CHAR) {
 			mget_mask = talloc_strdup(ctx, buf);
 		} else {
@@ -1356,18 +1329,9 @@ static int cmd_mget(void)
 	}
 
 	if (!*mget_mask) {
-		mget_mask = talloc_strdup(ctx, client_get_cur_dir());
-		if (!mget_mask) {
-			return 1;
-		}
-		if(mget_mask[strlen(mget_mask)-1]!=CLI_DIRSEP_CHAR) {
-			mget_mask = talloc_asprintf_append(mget_mask,
-							CLI_DIRSEP_STR);
-			if (!mget_mask) {
-				return 1;
-			}
-		}
-		mget_mask = talloc_asprintf_append(mget_mask, "*");
+		mget_mask = talloc_asprintf(ctx,
+					"%s*",
+					client_get_cur_dir());
 		if (!mget_mask) {
 			return 1;
 		}
@@ -1463,6 +1427,7 @@ static int cmd_mkdir(void)
 		struct cli_state *targetcli;
 		char *targetname = NULL;
 		char *p = NULL;
+		char *saveptr;
 
 		ddir2 = talloc_strdup(ctx, "");
 		if (!ddir2) {
@@ -1478,7 +1443,7 @@ static int cmd_mkdir(void)
 			return 1;
 		}
 		trim_char(ddir,'.','\0');
-		p = strtok(ddir,"/\\");
+		p = strtok_r(ddir, "/\\", &saveptr);
 		while (p) {
 			ddir2 = talloc_asprintf_append(ddir2, p);
 			if (!ddir2) {
@@ -1491,7 +1456,7 @@ static int cmd_mkdir(void)
 			if (!ddir2) {
 				return 1;
 			}
-			p = strtok(NULL,"/\\");
+			p = strtok_r(NULL, "/\\", &saveptr);
 		}
 	} else {
 		do_mkdir(mask);
@@ -1528,6 +1493,92 @@ static int cmd_altname(void)
 }
 
 /****************************************************************************
+ Show all info we can get
+****************************************************************************/
+
+static int do_allinfo(const char *name)
+{
+	fstring altname;
+	struct timespec b_time, a_time, m_time, c_time;
+	SMB_OFF_T size;
+	uint16_t mode;
+	SMB_INO_T ino;
+	NTTIME tmp;
+	unsigned int num_streams;
+	struct stream_struct *streams;
+	unsigned int i;
+
+	if (!NT_STATUS_IS_OK(cli_qpathinfo_alt_name(cli, name, altname))) {
+		d_printf("%s getting alt name for %s\n",
+			 cli_errstr(cli),name);
+		return false;
+	}
+	d_printf("altname: %s\n", altname);
+
+	if (!cli_qpathinfo2(cli, name, &b_time, &a_time, &m_time, &c_time,
+			    &size, &mode, &ino)) {
+		d_printf("%s getting pathinfo for %s\n",
+			 cli_errstr(cli),name);
+		return false;
+	}
+
+	unix_timespec_to_nt_time(&tmp, b_time);
+	d_printf("create_time:    %s\n", nt_time_string(talloc_tos(), tmp));
+
+	unix_timespec_to_nt_time(&tmp, a_time);
+	d_printf("access_time:    %s\n", nt_time_string(talloc_tos(), tmp));
+
+	unix_timespec_to_nt_time(&tmp, m_time);
+	d_printf("write_time:     %s\n", nt_time_string(talloc_tos(), tmp));
+
+	unix_timespec_to_nt_time(&tmp, c_time);
+	d_printf("change_time:    %s\n", nt_time_string(talloc_tos(), tmp));
+
+	if (!cli_qpathinfo_streams(cli, name, talloc_tos(), &num_streams,
+				   &streams)) {
+		d_printf("%s getting streams for %s\n",
+			 cli_errstr(cli),name);
+		return false;
+	}
+
+	for (i=0; i<num_streams; i++) {
+		d_printf("stream: [%s], %lld bytes\n", streams[i].name,
+			 (unsigned long long)streams[i].size);
+	}
+
+	return 0;
+}
+
+/****************************************************************************
+ Show all info we can get
+****************************************************************************/
+
+static int cmd_allinfo(void)
+{
+	TALLOC_CTX *ctx = talloc_tos();
+	char *name;
+	char *buf;
+
+	name = talloc_strdup(ctx, client_get_cur_dir());
+	if (!name) {
+		return 1;
+	}
+
+	if (!next_token_talloc(ctx, &cmd_ptr, &buf, NULL)) {
+		d_printf("allinfo <file>\n");
+		return 1;
+	}
+	name = talloc_asprintf_append(name, buf);
+	if (!name) {
+		return 1;
+	}
+
+	do_allinfo(name);
+
+	return 0;
+}
+
+/****************************************************************************
  Put a single file.
 ****************************************************************************/
 
@@ -1673,10 +1724,7 @@ static int cmd_put(void)
 	char *rname;
 	char *buf;
 
-	rname = talloc_asprintf(ctx,
-			"%s%s",
-			client_get_cur_dir(),
-			CLI_DIRSEP_STR);
+	rname = talloc_strdup(ctx, client_get_cur_dir());
 	if (!rname) {
 		return 1;
 	}
@@ -1893,10 +1941,10 @@ static int cmd_mput(void)
 						break;
 				} else { /* Yes */
 	      				SAFE_FREE(rname);
-					if(asprintf(&rname, "%s%s", cur_dir, lname) < 0) {
+					if(asprintf(&rname, "%s%s", client_get_cur_dir(), lname) < 0) {
 						break;
 					}
-					string_replace(rname,'/','\\');
+					normalize_name(rname);
 					if (!cli_chkpath(cli, rname) &&
 					    !do_mkdir(rname)) {
 						DEBUG (0, ("Unable to make dir, skipping..."));
@@ -1920,12 +1968,12 @@ static int cmd_mput(void)
 
 				/* Yes */
 				SAFE_FREE(rname);
-				if (asprintf(&rname, "%s%s", cur_dir, lname) < 0) {
+				if (asprintf(&rname, "%s%s", client_get_cur_dir(), lname) < 0) {
 					break;
 				}
 			}
 
-			string_replace(rname,'/','\\');
+			normalize_name(rname);
 
 			do_put(rname, lname, false);
 		}
@@ -3469,10 +3517,7 @@ static int cmd_reget(void)
 	char *fname = NULL;
 	char *p = NULL;
 
-	remote_name = talloc_asprintf(ctx,
-				"%s%s",
-				client_get_cur_dir(),
-				CLI_DIRSEP_STR);
+	remote_name = talloc_strdup(ctx, client_get_cur_dir());
 	if (!remote_name) {
 		return 1;
 	}
@@ -3511,10 +3556,7 @@ static int cmd_reput(void)
 	char *buf;
 	SMB_STRUCT_STAT st;
 
-	remote_name = talloc_asprintf(ctx,
-				"%s%s",
-				client_get_cur_dir(),
-				CLI_DIRSEP_STR);
+	remote_name = talloc_strdup(ctx, client_get_cur_dir());
 	if (!remote_name) {
 		return 1;
 	}
@@ -3839,6 +3881,8 @@ static struct {
 	char compl_args[2];      /* Completion argument info */
 } commands[] = {
   {"?",cmd_help,"[command] give help on a command",{COMPL_NONE,COMPL_NONE}},
+  {"allinfo",cmd_allinfo,"<file> show all available info",
+   {COMPL_NONE,COMPL_NONE}},
   {"altname",cmd_altname,"<file> show alt name",{COMPL_NONE,COMPL_NONE}},
   {"archive",cmd_archive,"<level>\n0=ignore archive bit\n1=only get archive files\n2=only get archive files and reset archive bit\n3=get all files and reset archive bit",{COMPL_NONE,COMPL_NONE}},
   {"blocksize",cmd_block,"blocksize <number> (default 20)",{COMPL_NONE,COMPL_NONE}},
@@ -4069,7 +4113,7 @@ static void completion_remote_filter(const char *mnt,
 				return;
 			}
 			if (f->mode & aDIR) {
-				tmp = talloc_asprintf_append(tmp, "/");
+				tmp = talloc_asprintf_append(tmp, CLI_DIRSEP_STR);
 			}
 			if (!tmp) {
 				TALLOC_FREE(ctx);
@@ -4333,9 +4377,30 @@ static void readline_callback(void)
 	   session keepalives and then drop them here.
 	*/
 	if (FD_ISSET(cli->fd,&fds)) {
-		if (receive_smb_raw(cli->fd,cli->inbuf,0,0,&cli->smb_rw_error) == -1) {
-			DEBUG(0, ("Read from server failed, maybe it closed the "
-				"connection\n"));
+		NTSTATUS status;
+		size_t len;
+
+		set_smb_read_error(&cli->smb_rw_error, SMB_READ_OK);
+
+		status = receive_smb_raw(cli->fd, cli->inbuf, 0, 0, &len);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("Read from server failed, maybe it closed "
+				  "the connection\n"));
+
+			if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)) {
+				set_smb_read_error(&cli->smb_rw_error,
+						   SMB_READ_EOF);
+				return;
+			}
+
+			if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+				set_smb_read_error(&cli->smb_rw_error,
+						   SMB_READ_TIMEOUT);
+				return;
+			}
+
+			set_smb_read_error(&cli->smb_rw_error, SMB_READ_ERROR);
 			return;
 		}
 		if(CVAL(cli->inbuf,0) != SMBkeepalive) {
diff --git a/source3/client/clitar.c b/source3/client/clitar.c
index 135815c3cd..04cc987889 100644
--- a/source3/client/clitar.c
+++ b/source3/client/clitar.c
@@ -513,6 +513,7 @@ static bool ensurepath(const char *fname)
 	char *partpath, *ffname;
 	const char *p=fname;
 	char *basehack;
+	char *saveptr;
 
 	DEBUG(5, ( "Ensurepath called with: %s\n", fname));
 
@@ -528,7 +529,7 @@ static bool ensurepath(const char *fname)
 
 	*partpath = 0;
 
-	/* fname copied to ffname so can strtok */
+	/* fname copied to ffname so can strtok_r */
 
 	safe_strcpy(ffname, fname, strlen(fname));
 
@@ -541,7 +542,7 @@ static bool ensurepath(const char *fname)
 		*basehack='\0';
 	}
 
-	p=strtok(ffname, "\\");
+	p=strtok_r(ffname, "\\", &saveptr);
 
 	while (p) {
 		safe_strcat(partpath, p, strlen(fname) + 1);
@@ -558,7 +559,7 @@ static bool ensurepath(const char *fname)
 		}
 
 		safe_strcat(partpath, "\\", strlen(fname) + 1);
-		p = strtok(NULL,"/\\");
+		p = strtok_r(NULL, "/\\", &saveptr);
 	}
 
 	SAFE_FREE(partpath);
@@ -1470,8 +1471,10 @@ int cmd_tar(void)
 	}
 
 	argl=toktocliplist(&argcl, NULL);
-	if (!tar_parseargs(argcl, argl, buf, 0))
+	if (!tar_parseargs(argcl, argl, buf, 0)) {
+		SAFE_FREE(argl);
 		return 1;
+	}
 
 	ret = process_tar();
 	SAFE_FREE(argl);
diff --git a/source3/client/mount.cifs.c b/source3/client/mount.cifs.c
index 79f402a7d4..e73d90859c 100644
--- a/source3/client/mount.cifs.c
+++ b/source3/client/mount.cifs.c
@@ -37,6 +37,7 @@
 #include <string.h>
 #include <mntent.h>
 #include <fcntl.h>
+#include <limits.h>
 
 #define MOUNT_CIFS_VERSION_MAJOR "1"
 #define MOUNT_CIFS_VERSION_MINOR "11"
@@ -62,8 +63,6 @@
 #define MS_BIND 4096
 #endif
 
-#define MAX_UNC_LEN 1024
-
 #define CONST_DISCARD(type, ptr)      ((type) ((void *) (ptr)))
 
 const char *thisprogram;
@@ -75,6 +74,7 @@ static int got_ip = 0;
 static int got_unc = 0;
 static int got_uid = 0;
 static int got_gid = 0;
+static int free_share_name = 0;
 static char * user_name = NULL;
 static char * mountpassword = NULL;
 char * domain_name = NULL;
@@ -205,8 +205,10 @@ static int open_cred_file(char * file_name)
 				/* go past equals sign */
 				temp_val++;
 				for(length = 0;length<4087;length++) {
-					if(temp_val[length] == '\n')
+					if ((temp_val[length] == '\n')
+					    || (temp_val[length] == '\0')) {
 						break;
+					}
 				}
 				if(length > 4086) {
 					printf("mount.cifs failed due to malformed username in credentials file");
@@ -229,8 +231,10 @@ static int open_cred_file(char * file_name)
 				/* go past equals sign */
 				temp_val++;
 				for(length = 0;length<65;length++) {
-					if(temp_val[length] == '\n')
+					if ((temp_val[length] == '\n')
+					    || (temp_val[length] == '\0')) {
 						break;
+					}
 				}
 				if(length > 64) {
 					printf("mount.cifs failed: password in credentials file too long\n");
@@ -258,8 +262,10 @@ static int open_cred_file(char * file_name)
 				if(verboseflag)
 					printf("\nDomain %s\n",temp_val);
                                 for(length = 0;length<65;length++) {
-                                        if(temp_val[length] == '\n')
-                                                break;
+					if ((temp_val[length] == '\n')
+					    || (temp_val[length] == '\0')) {
+						break;
+					}
                                 }
                                 if(length > 64) {
                                         printf("mount.cifs failed: domain in credentials file too long\n");
@@ -831,27 +837,17 @@ static char * check_for_domain(char **ppuser)
 	return domainnm;
 }
 
-/* replace all occurances of "from" in a string with "to" */
-static void replace_char(char *string, char from, char to)
-{
-	while (string) {
-		string = strchr(string, from);
-		if (string)
-			*string = to;
-	}
-}
-
 /* Note that caller frees the returned buffer if necessary */
 static char * parse_server(char ** punc_name)
 {
 	char * unc_name = *punc_name;
-	int length = strnlen(unc_name, MAX_UNC_LEN);
+	int length = strnlen(unc_name,1024);
 	char * share;
 	char * ipaddress_string = NULL;
 	struct hostent * host_entry = NULL;
 	struct in_addr server_ipaddr;
 
-	if(length > (MAX_UNC_LEN - 1)) {
+	if(length > 1023) {
 		printf("mount error: UNC name too long");
 		return NULL;
 	}
@@ -870,6 +866,7 @@ static char * parse_server(char ** punc_name)
 			/* check for nfs syntax ie server:share */
 			share = strchr(unc_name,':');
 			if(share) {
+				free_share_name = 1;
 				*punc_name = (char *)malloc(length+3);
 				if(*punc_name == NULL) {
 					/* put the original string back  if 
@@ -877,9 +874,9 @@ static char * parse_server(char ** punc_name)
 					*punc_name = unc_name;
 					return NULL;
 				}
+					
 				*share = '/';
 				strncpy((*punc_name)+2,unc_name,length);
-				free(unc_name);
 				unc_name = *punc_name;
 				unc_name[length+2] = 0;
 				goto continue_unc_parsing;
@@ -890,21 +887,18 @@ static char * parse_server(char ** punc_name)
 			}
 		} else {
 continue_unc_parsing:
-			unc_name[0] = '\\';
-			unc_name[1] = '\\';
+			unc_name[0] = '/';
+			unc_name[1] = '/';
 			unc_name += 2;
-
-			/* convert any '/' in unc to '\\' */
-			replace_char(unc_name, '/', '\\');
-
-			if ((share = strchr(unc_name,'\\'))) {
+			if ((share = strchr(unc_name, '/')) || 
+				(share = strchr(unc_name,'\\'))) {
 				*share = 0;  /* temporarily terminate the string */
 				share += 1;
 				if(got_ip == 0) {
 					host_entry = gethostbyname(unc_name);
 				}
-				*(share - 1) = '\\'; /* put delimiter back */
-				if ((prefixpath = strchr(share, '\\'))) {
+				*(share - 1) = '/'; /* put the slash back */
+				if ((prefixpath = strchr(share, '/'))) {
 					*prefixpath = 0;  /* permanently terminate the string */
 					if (!strlen(++prefixpath))
 						prefixpath = NULL; /* this needs to be done explicitly */
@@ -969,25 +963,6 @@ static struct option longopts[] = {
 	{ NULL, 0, NULL, 0 }
 };
 
-/* convert a string to uppercase. return false if the string
- * wasn't ASCII or was a NULL ptr */
-static int
-uppercase_string(char *string)
-{
-	if (!string)
-		return 0;
-
-	while (*string) {
-		/* check for unicode */
-		if ((unsigned char) string[0] & 0x80)
-			return 0;
-		*string = toupper((unsigned char) *string);
-		string++;
-	}
-
-	return 1;
-}
-
 int main(int argc, char ** argv)
 {
 	int c;
@@ -1000,7 +975,6 @@ int main(int argc, char ** argv)
 	char * options = NULL;
 	char * resolved_path = NULL;
 	char * temp;
-	char * dev_name;
 	int rc;
 	int rsize = 0;
 	int wsize = 0;
@@ -1037,16 +1011,8 @@ int main(int argc, char ** argv)
 	printf(" node: %s machine: %s sysname %s domain %s\n", sysinfo.nodename,sysinfo.machine,sysinfo.sysname,sysinfo.domainname);
 #endif */
 	if(argc > 2) {
-		dev_name = argv[1];
-		share_name = strndup(argv[1], MAX_UNC_LEN);
-		if (share_name == NULL) {
-			fprintf(stderr, "%s: %s", argv[0], strerror(ENOMEM));
-			exit(1);
-		}
+		share_name = argv[1];
 		mountpoint = argv[2];
-	} else {
-		mount_cifs_usage();
-		exit(1);
 	}
 
 	/* add sharename in opts string as unc= parm */
@@ -1186,7 +1152,7 @@ int main(int argc, char ** argv)
 		}
 	}
 
-	if((argc < 3) || (dev_name == NULL) || (mountpoint == NULL)) {
+	if((argc < 3) || (share_name == NULL) || (mountpoint == NULL)) {
 		mount_cifs_usage();
 		exit(1);
 	}
@@ -1344,12 +1310,10 @@ mount_retry:
 	}
 	if(verboseflag)
 		printf("\nmount.cifs kernel mount options %s \n",options);
-
-	/* convert all '\\' to '/' so that /proc/mounts looks pretty */
-	replace_char(dev_name, '\\', '/');
-
-	if(mount(dev_name, mountpoint, "cifs", flags, options)) {
+	if(mount(share_name, mountpoint, "cifs", flags, options)) {
 	/* remember to kill daemon on error */
+		char * tmp;
+
 		switch (errno) {
 		case 0:
 			printf("mount failed but no error number set\n");
@@ -1360,9 +1324,12 @@ mount_retry:
 		case ENXIO:
 			if(retry == 0) {
 				retry = 1;
-				if (uppercase_string(dev_name) &&
-				    uppercase_string(share_name) &&
-				    uppercase_string(prefixpath)) {
+				tmp = share_name;
+				while (*tmp && !(((unsigned char)tmp[0]) & 0x80)) {
+					*tmp = toupper((unsigned char)*tmp);
+		        		tmp++;
+				}
+				if(!*tmp) {
 					printf("retrying with upper case share name\n");
 					goto mount_retry;
 				}
@@ -1376,7 +1343,7 @@ mount_retry:
 	} else {
 		pmntfile = setmntent(MOUNTED, "a+");
 		if(pmntfile) {
-			mountent.mnt_fsname = dev_name;
+			mountent.mnt_fsname = share_name;
 			mountent.mnt_dir = mountpoint;
 			mountent.mnt_type = CONST_DISCARD(char *,"cifs");
 			mountent.mnt_opts = (char *)malloc(220);
@@ -1436,6 +1403,8 @@ mount_exit:
 		free(resolved_path);
 	}
 
-	free(share_name);
+	if(free_share_name) {
+		free(share_name);
+		}
 	return rc;
 }
diff --git a/source3/client/smbmnt.c b/source3/client/smbmnt.c
deleted file mode 100644
index 7f1e1d5003..0000000000
--- a/source3/client/smbmnt.c
+++ /dev/null
@@ -1,331 +0,0 @@
-/*
- *  smbmnt.c
- *
- *  Copyright (C) 1995-1998 by Paal-Kr. Engstad and Volker Lendecke
- *  extensively modified by Tridge
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 3 of the License, or
- *  (at your option) any later version.
- *  
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *  
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#define SMBMOUNT_MALLOC 1
-
-#include "includes.h"
-
-#include <mntent.h>
-#include <sys/utsname.h>
-
-#include <asm/types.h>
-#include <asm/posix_types.h>
-#include <linux/smb.h>
-#include <linux/smb_mount.h>
-#include <asm/unistd.h>
-
-#ifndef	MS_MGC_VAL
-/* This may look strange but MS_MGC_VAL is what we are looking for and
-	is what we need from <linux/fs.h> under libc systems and is
-	provided in standard includes on glibc systems.  So...  We
-	switch on what we need...  */
-#include <linux/fs.h>
-#endif
-
-static uid_t mount_uid;
-static gid_t mount_gid;
-static int mount_ro;
-static unsigned mount_fmask;
-static unsigned mount_dmask;
-static int user_mount;
-static char *options;
-
-static void
-help(void)
-{
-        printf("\n");
-        printf("Usage: smbmnt mount-point [options]\n");
-	printf("Version %s\n\n",SAMBA_VERSION_STRING);
-        printf("-s share       share name on server\n"
-               "-r             mount read-only\n"
-               "-u uid         mount as uid\n"
-               "-g gid         mount as gid\n"
-               "-f mask        permission mask for files\n"
-               "-d mask        permission mask for directories\n"
-               "-o options     name=value, list of options\n"
-               "-h             print this help text\n");
-}
-
-static int
-parse_args(int argc, char *argv[], struct smb_mount_data *data, char **share)
-{
-        int opt;
-
-        while ((opt = getopt (argc, argv, "s:u:g:rf:d:o:")) != EOF)
-	{
-                switch (opt)
-		{
-                case 's':
-                        *share = optarg;
-                        break;
-                case 'u':
-			if (!user_mount) {
-				mount_uid = strtol(optarg, NULL, 0);
-			}
-                        break;
-                case 'g':
-			if (!user_mount) {
-				mount_gid = strtol(optarg, NULL, 0);
-			}
-                        break;
-                case 'r':
-                        mount_ro = 1;
-                        break;
-                case 'f':
-                        mount_fmask = strtol(optarg, NULL, 8);
-                        break;
-                case 'd':
-                        mount_dmask = strtol(optarg, NULL, 8);
-                        break;
-		case 'o':
-			options = optarg;
-			break;
-                default:
-                        return -1;
-                }
-        }
-        return 0;
-        
-}
-
-static char *
-fullpath(const char *p)
-{
-        char path[PATH_MAX+1];
-
-	if (strlen(p) > PATH_MAX) {
-		return NULL;
-	}
-
-        if (realpath(p, path) == NULL) {
-		fprintf(stderr,"Failed to find real path for mount point %s: %s\n",
-			p, strerror(errno));
-		exit(1);
-	}
-	return strdup(path);
-}
-
-/* Check whether user is allowed to mount on the specified mount point. If it's
-   OK then we change into that directory - this prevents race conditions */
-static int mount_ok(char *mount_point)
-{
-	struct stat st;
-
-	if (chdir(mount_point) != 0) {
-		return -1;
-	}
-
-        if (stat(".", &st) != 0) {
-		return -1;
-        }
-
-        if (!S_ISDIR(st.st_mode)) {
-                errno = ENOTDIR;
-                return -1;
-        }
-
-        if ((getuid() != 0) && 
-	    ((getuid() != st.st_uid) || 
-	     ((st.st_mode & S_IRWXU) != S_IRWXU))) {
-                errno = EPERM;
-                return -1;
-        }
-
-        return 0;
-}
-
-/* Tries to mount using the appropriate format. For 2.2 the struct,
-   for 2.4 the ascii version. */
-static int
-do_mount(char *share_name, unsigned int flags, struct smb_mount_data *data)
-{
-	char *opts;
-	struct utsname uts;
-	char *release, *major, *minor;
-	char *data1, *data2;
-	int ret;
-
-	if (asprintf(&opts,
-			"version=7,uid=%d,gid=%d,file_mode=0%o,dir_mode=0%o,%s",
-			mount_uid, mount_gid, data->file_mode,
-			data->dir_mode,options) < 0) {
-		return -1;
-	}
-
-	uname(&uts);
-	release = uts.release;
-	major = strtok(release, ".");
-	minor = strtok(NULL, ".");
-	if (major && minor && atoi(major) == 2 && atoi(minor) < 4) {
-		/* < 2.4, assume struct */
-		data1 = (char *) data;
-		data2 = opts;
-	} else {
-		/* >= 2.4, assume ascii but fall back on struct */
-		data1 = opts;
-		data2 = (char *) data;
-	}
-
-	if (mount(share_name, ".", "smbfs", flags, data1) == 0) {
-		SAFE_FREE(opts);
-		return 0;
-	}
-	ret = mount(share_name, ".", "smbfs", flags, data2);
-	SAFE_FREE(opts);
-	return ret;
-}
-
- int main(int argc, char *argv[])
-{
-	char *mount_point, *share_name = NULL;
-	FILE *mtab;
-	int fd;
-	unsigned int flags;
-	struct smb_mount_data data;
-	struct mntent ment;
-
-	memset(&data, 0, sizeof(struct smb_mount_data));
-
-	if (argc < 2) {
-		help();
-		exit(1);
-	}
-
-	if (argv[1][0] == '-') {
-		help();
-		exit(1);
-	}
-
-	if (getuid() != 0) {
-		user_mount = 1;
-	}
-
-        if (geteuid() != 0) {
-                fprintf(stderr, "smbmnt must be installed suid root for direct user mounts (%d,%d)\n", getuid(), geteuid());
-                exit(1);
-        }
-
-	mount_uid = getuid();
-	mount_gid = getgid();
-	mount_fmask = umask(0);
-        umask(mount_fmask);
-	mount_fmask = ~mount_fmask;
-
-        mount_point = fullpath(argv[1]);
-
-        argv += 1;
-        argc -= 1;
-
-        if (mount_ok(mount_point) != 0) {
-                fprintf(stderr, "cannot mount on %s: %s\n",
-                        mount_point, strerror(errno));
-                exit(1);
-        }
-
-	data.version = SMB_MOUNT_VERSION;
-
-        /* getuid() gives us the real uid, who may umount the fs */
-        data.mounted_uid = getuid();
-
-        if (parse_args(argc, argv, &data, &share_name) != 0) {
-                help();
-                return -1;
-        }
-
-        data.uid = mount_uid;    // truncates to 16-bits here!!!
-        data.gid = mount_gid;
-        data.file_mode = (S_IRWXU|S_IRWXG|S_IRWXO) & mount_fmask;
-        data.dir_mode  = (S_IRWXU|S_IRWXG|S_IRWXO) & mount_dmask;
-
-        if (mount_dmask == 0) {
-                data.dir_mode = data.file_mode;
-                if ((data.dir_mode & S_IRUSR) != 0)
-                        data.dir_mode |= S_IXUSR;
-                if ((data.dir_mode & S_IRGRP) != 0)
-                        data.dir_mode |= S_IXGRP;
-                if ((data.dir_mode & S_IROTH) != 0)
-                        data.dir_mode |= S_IXOTH;
-        }
-
-	flags = MS_MGC_VAL | MS_NOSUID | MS_NODEV;
-
-	if (mount_ro) flags |= MS_RDONLY;
-
-	if (do_mount(share_name, flags, &data) < 0) {
-		switch (errno) {
-		case ENODEV:
-			fprintf(stderr, "ERROR: smbfs filesystem not supported by the kernel\n");
-			break;
-		default:
-			perror("mount error");
-		}
-		fprintf(stderr, "Please refer to the smbmnt(8) manual page\n");
-		return -1;
-	}
-
-        ment.mnt_fsname = share_name ? share_name : (char *)"none";
-        ment.mnt_dir = mount_point;
-        ment.mnt_type = (char *)"smbfs";
-        ment.mnt_opts = (char *)"";
-        ment.mnt_freq = 0;
-        ment.mnt_passno= 0;
-
-        mount_point = ment.mnt_dir;
-
-	if (mount_point == NULL)
-	{
-		fprintf(stderr, "Mount point too long\n");
-		return -1;
-	}
-	
-        if ((fd = open(MOUNTED"~", O_RDWR|O_CREAT|O_EXCL, 0600)) == -1)
-        {
-                fprintf(stderr, "Can't get "MOUNTED"~ lock file");
-                return 1;
-        }
-        close(fd);
-	
-        if ((mtab = setmntent(MOUNTED, "a+")) == NULL)
-        {
-                fprintf(stderr, "Can't open " MOUNTED);
-                return 1;
-        }
-
-        if (addmntent(mtab, &ment) == 1)
-        {
-                fprintf(stderr, "Can't write mount entry");
-                return 1;
-        }
-        if (fchmod(fileno(mtab), 0644) == -1)
-        {
-                fprintf(stderr, "Can't set perms on "MOUNTED);
-                return 1;
-        }
-        endmntent(mtab);
-
-        if (unlink(MOUNTED"~") == -1)
-        {
-                fprintf(stderr, "Can't remove "MOUNTED"~");
-                return 1;
-        }
-
-	return 0;
-}	
diff --git a/source3/client/smbmount.c b/source3/client/smbmount.c
deleted file mode 100644
index 98c61a30d8..0000000000
--- a/source3/client/smbmount.c
+++ /dev/null
@@ -1,1045 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   SMBFS mount program
-   Copyright (C) Andrew Tridgell 1999
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-
-#include <mntent.h>
-#include <asm/types.h>
-#include <linux/smb_fs.h>
-
-extern bool in_client;
-extern char *optarg;
-extern int optind;
-
-static char *credentials;
-static fstring my_netbios_name;
-static char *password;
-static char *username;
-static fstring workgroup;
-static char *mpoint;
-static char *service;
-static char *options;
-
-static struct sockaddr_storage dest_ip;
-static bool have_ip;
-static int smb_port = 0;
-static bool got_user;
-static bool got_pass;
-static uid_t mount_uid;
-static gid_t mount_gid;
-static int mount_ro;
-static unsigned mount_fmask;
-static unsigned mount_dmask;
-static bool use_kerberos;
-/* TODO: Add code to detect smbfs version in kernel */
-static bool status32_smbfs = False;
-static bool smbfs_has_unicode = False;
-static bool smbfs_has_lfs = False;
-
-static void usage(void);
-
-static void exit_parent(int sig)
-{
-	/* parent simply exits when child says go... */
-	exit(0);
-}
-
-static void daemonize(void)
-{
-	int j, status;
-	pid_t child_pid;
-
-	signal( SIGTERM, exit_parent );
-
-	if ((child_pid = sys_fork()) < 0) {
-		DEBUG(0,("could not fork\n"));
-	}
-
-	if (child_pid > 0) {
-		while( 1 ) {
-			j = waitpid( child_pid, &status, 0 );
-			if( j < 0 ) {
-				if( EINTR == errno ) {
-					continue;
-				}
-				status = errno;
-			}
-			break;
-		}
-
-		/* If we get here - the child exited with some error status */
-		if (WIFSIGNALED(status))
-			exit(128 + WTERMSIG(status));
-		else
-			exit(WEXITSTATUS(status));
-	}
-
-	signal( SIGTERM, SIG_DFL );
-	chdir("/");
-}
-
-static void close_our_files(int client_fd)
-{
-	int i;
-	struct rlimit limits;
-
-	getrlimit(RLIMIT_NOFILE,&limits);
-	for (i = 0; i< limits.rlim_max; i++) {
-		if (i == client_fd)
-			continue;
-		close(i);
-	}
-}
-
-static void usr1_handler(int x)
-{
-	return;
-}
-
-
-/***************************************************** 
-return a connection to a server
-*******************************************************/
-static struct cli_state *do_connection(char *the_service)
-{
-	struct cli_state *c;
-	struct nmb_name called, calling;
-	char *server_n;
-	struct sockaddr_storage ip;
-	char *server;
-	char *share;
-	const char *c_username;
-	const char *c_password;
-	TALLOC_CTX *ctx = talloc_tos();
-
-	if (the_service[0] != '\\' || the_service[1] != '\\') {
-		usage();
-		exit(1);
-	}
-
-	server = talloc_strdup(ctx, the_service+2);
-	if (!server) {
-		fprintf(stderr,"Out of memory\n");
-		exit(ENOMEM);
-	}
-	share = strchr_m(server,'\\');
-	if (!share) {
-		usage();
-		exit(1);
-	}
-	*share = 0;
-	share++;
-
-	server_n = server;
-
-	make_nmb_name(&calling, my_netbios_name, 0x0);
-	make_nmb_name(&called , server, 0x20);
-
- again:
-        zero_addr(&ip);
-	if (have_ip) ip = dest_ip;
-
-	/* have to open a new connection */
-	if (!(c=cli_initialise()) || (cli_set_port(c, smb_port) != smb_port) ||
-	    !NT_STATUS_IS_OK(cli_connect(c, server_n, &ip))) {
-		DEBUG(0,("%d: Connection to %s failed\n", sys_getpid(), server_n));
-		if (c) {
-			cli_shutdown(c);
-		}
-		return NULL;
-	}
-
-	/* SPNEGO doesn't work till we get NTSTATUS error support */
-	/* But it is REQUIRED for kerberos authentication */
-	if(!use_kerberos) c->use_spnego = False;
-
-	/* The kernel doesn't yet know how to sign it's packets */
-	c->sign_info.allow_smb_signing = False;
-
-	/* Use kerberos authentication if specified */
-	c->use_kerberos = use_kerberos;
-
-	if (!cli_session_request(c, &calling, &called)) {
-		char *p;
-		DEBUG(0,("%d: session request to %s failed (%s)\n", 
-			 sys_getpid(), called.name, cli_errstr(c)));
-		cli_shutdown(c);
-		if ((p=strchr_m(called.name, '.'))) {
-			*p = 0;
-			goto again;
-		}
-		if (strcmp(called.name, "*SMBSERVER")) {
-			make_nmb_name(&called , "*SMBSERVER", 0x20);
-			goto again;
-		}
-		return NULL;
-	}
-
-	DEBUG(4,("%d: session request ok\n", sys_getpid()));
-
-	if (!cli_negprot(c)) {
-		DEBUG(0,("%d: protocol negotiation failed\n", sys_getpid()));
-		cli_shutdown(c);
-		return NULL;
-	}
-
-	if (!got_pass) {
-		char *pass = getpass("Password: ");
-		if (pass) {
-			password = talloc_strdup(talloc_tos(), pass);
-			if (!password) {
-				return NULL;
-			}
-		}
-	}
-
-	/* This should be right for current smbfs. Future versions will support
-	  large files as well as unicode and oplocks. */
-  	c->capabilities &= ~(CAP_NT_SMBS | CAP_NT_FIND | CAP_LEVEL_II_OPLOCKS);
-  	if (!smbfs_has_lfs)
-  		c->capabilities &= ~CAP_LARGE_FILES;
-  	if (!smbfs_has_unicode)
-  		c->capabilities &= ~CAP_UNICODE;
-	if (!status32_smbfs) {
-  		c->capabilities &= ~CAP_STATUS32;
-		c->force_dos_errors = True;
-	}
-
-	c_password = password ? password : "";
-	c_username = username ? username : "";
-
-	if (!NT_STATUS_IS_OK(cli_session_setup(c,
-					c_username,
-					c_password, strlen(c_password),
-					c_password, strlen(c_password),
-					workgroup))) {
-		/* if a password was not supplied then try again with a
-			null username */
-		if (c_password[0] || !c_username[0] ||
-		    !NT_STATUS_IS_OK(cli_session_setup(c, "", "", 0, "", 0, workgroup))) {
-			DEBUG(0,("%d: session setup failed: %s\n",
-				sys_getpid(), cli_errstr(c)));
-			cli_shutdown(c);
-			return NULL;
-		}
-		DEBUG(0,("Anonymous login successful\n"));
-	}
-
-	DEBUG(4,("%d: session setup ok\n", sys_getpid()));
-
-	if (!cli_send_tconX(c, share, "?????",
-			    c_password, strlen(c_password)+1)) {
-		DEBUG(0,("%d: tree connect failed: %s\n",
-			 sys_getpid(), cli_errstr(c)));
-		cli_shutdown(c);
-		return NULL;
-	}
-
-	DEBUG(4,("%d: tconx ok\n", sys_getpid()));
-
-	got_pass = True;
-
-	return c;
-}
-
-/****************************************************************************
-unmount smbfs  (this is a bailout routine to clean up if a reconnect fails)
-	Code blatently stolen from smbumount.c
-		-mhw-
-****************************************************************************/
-static void smb_umount(char *mount_point)
-{
-	int fd;
-        struct mntent *mnt;
-        FILE* mtab;
-        FILE* new_mtab;
-
-	/* Programmers Note:
-		This routine only gets called to the scene of a disaster
-		to shoot the survivors...  A connection that was working
-		has now apparently failed.  We have an active mount point
-		(presumably) that we need to dump.  If we get errors along
-		the way - make some noise, but we are already turning out
-		the lights to exit anyways...
-	*/
-        if (umount(mount_point) != 0) {
-                DEBUG(0,("%d: Could not umount %s: %s\n",
-			 sys_getpid(), mount_point, strerror(errno)));
-                return;
-        }
-
-        if ((fd = open(MOUNTED"~", O_RDWR|O_CREAT|O_EXCL, 0600)) == -1) {
-                DEBUG(0,("%d: Can't get "MOUNTED"~ lock file", sys_getpid()));
-                return;
-        }
-
-        close(fd);
-	
-        if ((mtab = setmntent(MOUNTED, "r")) == NULL) {
-                DEBUG(0,("%d: Can't open " MOUNTED ": %s\n",
-			 sys_getpid(), strerror(errno)));
-                return;
-        }
-
-#define MOUNTED_TMP MOUNTED".tmp"
-
-        if ((new_mtab = setmntent(MOUNTED_TMP, "w")) == NULL) {
-                DEBUG(0,("%d: Can't open " MOUNTED_TMP ": %s\n",
-			 sys_getpid(), strerror(errno)));
-                endmntent(mtab);
-                return;
-        }
-
-        while ((mnt = getmntent(mtab)) != NULL) {
-                if (strcmp(mnt->mnt_dir, mount_point) != 0) {
-                        addmntent(new_mtab, mnt);
-                }
-        }
-
-        endmntent(mtab);
-
-        if (fchmod (fileno (new_mtab), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
-                DEBUG(0,("%d: Error changing mode of %s: %s\n",
-			 sys_getpid(), MOUNTED_TMP, strerror(errno)));
-                return;
-        }
-
-        endmntent(new_mtab);
-
-        if (rename(MOUNTED_TMP, MOUNTED) < 0) {
-                DEBUG(0,("%d: Cannot rename %s to %s: %s\n",
-			 sys_getpid(), MOUNTED, MOUNTED_TMP, strerror(errno)));
-                return;
-        }
-
-        if (unlink(MOUNTED"~") == -1) {
-                DEBUG(0,("%d: Can't remove "MOUNTED"~", sys_getpid()));
-                return;
-        }
-}
-
-
-/*
- * Call the smbfs ioctl to install a connection socket,
- * then wait for a signal to reconnect. Note that we do
- * not exit after open_sockets() or send_login() errors,
- * as the smbfs mount would then have no way to recover.
- */
-static void send_fs_socket(char *the_service, char *mount_point, struct cli_state *c)
-{
-	int fd, closed = 0, res = 1;
-	pid_t parentpid = getppid();
-	struct smb_conn_opt conn_options;
-
-	memset(&conn_options, 0, sizeof(conn_options));
-
-	while (1) {
-		if ((fd = open(mount_point, O_RDONLY)) < 0) {
-			DEBUG(0,("mount.smbfs[%d]: can't open %s\n",
-				 sys_getpid(), mount_point));
-			break;
-		}
-
-		conn_options.fd = c->fd;
-		conn_options.protocol = c->protocol;
-		conn_options.case_handling = SMB_CASE_DEFAULT;
-		conn_options.max_xmit = c->max_xmit;
-		conn_options.server_uid = c->vuid;
-		conn_options.tid = c->cnum;
-		conn_options.secmode = c->sec_mode;
-		conn_options.rawmode = 0;
-		conn_options.sesskey = c->sesskey;
-		conn_options.maxraw = 0;
-		conn_options.capabilities = c->capabilities;
-		conn_options.serverzone = c->serverzone/60;
-
-		res = ioctl(fd, SMB_IOC_NEWCONN, &conn_options);
-		if (res != 0) {
-			DEBUG(0,("mount.smbfs[%d]: ioctl failed, res=%d\n",
-				 sys_getpid(), res));
-			close(fd);
-			break;
-		}
-
-		if (parentpid) {
-			/* Ok...  We are going to kill the parent.  Now
-				is the time to break the process group... */
-			setsid();
-			/* Send a signal to the parent to terminate */
-			kill(parentpid, SIGTERM);
-			parentpid = 0;
-		}
-
-		close(fd);
-
-		/* This looks wierd but we are only closing the userspace
-		   side, the connection has already been passed to smbfs and 
-		   it has increased the usage count on the socket.
-
-		   If we don't do this we will "leak" sockets and memory on
-		   each reconnection we have to make. */
-		c->smb_rw_error = SMB_DO_NOT_DO_TDIS;
-		cli_shutdown(c);
-		c = NULL;
-
-		if (!closed) {
-			/* close the name cache so that close_our_files() doesn't steal its FD */
-			namecache_shutdown();
-
-			/* redirect stdout & stderr since we can't know that
-			   the library functions we use are using DEBUG. */
-			if ( (fd = open("/dev/null", O_WRONLY)) < 0)
-				DEBUG(2,("mount.smbfs: can't open /dev/null\n"));
-			close_our_files(fd);
-			if (fd >= 0) {
-				dup2(fd, STDOUT_FILENO);
-				dup2(fd, STDERR_FILENO);
-				close(fd);
-			}
-
-			/* here we are no longer interactive */
-			set_remote_machine_name("smbmount", False);	/* sneaky ... */
-			setup_logging("mount.smbfs", False);
-			reopen_logs();
-			DEBUG(0, ("mount.smbfs: entering daemon mode for service %s, pid=%d\n", the_service, sys_getpid()));
-
-			closed = 1;
-		}
-
-		/* Wait for a signal from smbfs ... but don't continue
-                   until we actually get a new connection. */
-		while (!c) {
-			CatchSignal(SIGUSR1, &usr1_handler);
-			pause();
-			DEBUG(2,("mount.smbfs[%d]: got signal, getting new socket\n", sys_getpid()));
-			c = do_connection(the_service);
-		}
-	}
-
-	smb_umount(mount_point);
-	DEBUG(2,("mount.smbfs[%d]: exit\n", sys_getpid()));
-	exit(1);
-}
-
-
-/**
- * Mount a smbfs
- **/
-
-#define NUM_ARGS 20
-
-static void init_mount(void)
-{
-	char mount_point[PATH_MAX+1];
-	TALLOC_CTX *ctx = talloc_tos();
-	char *svc2;
-	struct cli_state *c;
-	const char *args[NUM_ARGS];
-	int i, status;
-
-	if (realpath(mpoint, mount_point) == NULL) {
-		fprintf(stderr, "Could not resolve mount point %s\n", mpoint);
-		return;
-	}
-
-
-	c = do_connection(service);
-	if (!c) {
-		fprintf(stderr,"SMB connection failed\n");
-		exit(1);
-	}
-
-	/*
-		Set up to return as a daemon child and wait in the parent
-		until the child say it's ready...
-	*/
-	daemonize();
-
-	svc2 = talloc_strdup(ctx, service);
-	if (!svc2) {
-		fprintf(stderr, "Out of memory.\n");
-		exit(ENOMEM);
-	}
-	string_replace(svc2, '\\','/');
-	string_replace(svc2, ' ','_');
-
-	memset(args, 0, sizeof(args[0])*NUM_ARGS);
-
-	i=0;
-	args[i++] = "smbmnt";
-
-	args[i++] = mount_point;
-	args[i++] = "-s";
-	args[i++] = svc2;
-
-	if (mount_ro && i < NUM_ARGS-2) {
-		args[i++] = "-r";
-	}
-	if (mount_uid && i < NUM_ARGS-3) {
-		args[i++] = "-u";
-		args[i] = talloc_asprintf(ctx, "%d", mount_uid);
-		if (!args[i]) {
-			fprintf(stderr, "Out of memory.\n");
-			exit(ENOMEM);
-		}
-		i++;
-	}
-	if (mount_gid && i < NUM_ARGS-3) {
-		args[i++] = "-g";
-		args[i] = talloc_asprintf(ctx, "%d", mount_gid);
-		if (!args[i]) {
-			fprintf(stderr, "Out of memory.\n");
-			exit(ENOMEM);
-		}
-		i++;
-	}
-	if (mount_fmask && i < NUM_ARGS-3) {
-		args[i++] = "-f";
-		args[i] = talloc_asprintf(ctx, "0%o", mount_fmask);
-		if (!args[i]) {
-			fprintf(stderr, "Out of memory.\n");
-			exit(ENOMEM);
-		}
-		i++;
-	}
-	if (mount_dmask && i < NUM_ARGS-3) {
-		args[i++] = "-d";
-		args[i] = talloc_asprintf(ctx, "0%o", mount_dmask);
-		if (!args[i]) {
-			fprintf(stderr, "Out of memory.\n");
-			exit(ENOMEM);
-		}
-		i++;
-	}
-	if (options && i < NUM_ARGS-3) {
-		args[i++] = "-o";
-		args[i++] = options;
-	}
-
-	if (sys_fork() == 0) {
-		char *smbmnt_path;
-
-		asprintf(&smbmnt_path, "%s/smbmnt", get_dyn_BINDIR());
-
-		if (file_exist(smbmnt_path, NULL)) {
-			execv(smbmnt_path, (char * const *)args);
-			fprintf(stderr,
-				"smbfs/init_mount: execv of %s failed. Error was %s.",
-				smbmnt_path, strerror(errno));
-		} else {
-			execvp("smbmnt", (char * const *)args);
-			fprintf(stderr,
-				"smbfs/init_mount: execv of %s failed. Error was %s.",
-				"smbmnt", strerror(errno));
-		}
-		free(smbmnt_path);
-		exit(1);
-	}
-
-	if (waitpid(-1, &status, 0) == -1) {
-		fprintf(stderr,"waitpid failed: Error was %s", strerror(errno) );
-		/* FIXME: do some proper error handling */
-		exit(1);
-	}
-
-	if (WIFEXITED(status) && WEXITSTATUS(status) != 0) {
-		fprintf(stderr,"smbmnt failed: %d\n", WEXITSTATUS(status));
-		/* FIXME: do some proper error handling */
-		exit(1);
-	} else if (WIFSIGNALED(status)) {
-		fprintf(stderr, "smbmnt killed by signal %d\n", WTERMSIG(status));
-		exit(1);
-	}
-
-	/* Ok...  This is the rubicon for that mount point...  At any point
-	   after this, if the connections fail and can not be reconstructed
-	   for any reason, we will have to unmount the mount point.  There
-	   is no exit from the next call...
-	*/
-	send_fs_socket(service, mount_point, c);
-}
-
-
-/****************************************************************************
-get a password from a a file or file descriptor
-exit on failure (from smbclient, move to libsmb or shared .c file?)
-****************************************************************************/
-
-static void get_password_file(void)
-{
-	int fd = -1;
-	char *p;
-	bool close_it = False;
-	char *spec = NULL;
-	TALLOC_CTX *ctx = talloc_tos();
-	char pass[128];
-
-	if ((p = getenv("PASSWD_FD")) != NULL) {
-		spec = talloc_asprintf(ctx,
-				"descriptor %s",
-				p);
-		if (!spec) {
-			fprintf(stderr, "Out of memory.\n");
-			exit(ENOMEM);
-		}
-		fd = atoi(p);
-		close_it = False;
-	} else if ((p = getenv("PASSWD_FILE")) != NULL) {
-		fd = sys_open(p, O_RDONLY, 0);
-		spec = talloc_strdup(ctx, p);
-		if (!spec) {
-			fprintf(stderr, "Out of memory.\n");
-			exit(ENOMEM);
-		}
-		if (fd < 0) {
-			fprintf(stderr, "Error opening PASSWD_FILE %s: %s\n",
-				spec, strerror(errno));
-			exit(1);
-		}
-		close_it = True;
-	}
-
-	for(p = pass, *p = '\0'; /* ensure that pass is null-terminated */
-	    p && p - pass < sizeof(pass);) {
-		switch (read(fd, p, 1)) {
-		case 1:
-			if (*p != '\n' && *p != '\0') {
-				*++p = '\0'; /* advance p, and null-terminate pass */
-				break;
-			}
-		case 0:
-			if (p - pass) {
-				*p = '\0'; /* null-terminate it, just in case... */
-				p = NULL; /* then force the loop condition to become false */
-				break;
-			} else {
-				fprintf(stderr, "Error reading password from file %s: %s\n",
-					spec, "empty password\n");
-				exit(1);
-			}
-
-		default:
-			fprintf(stderr, "Error reading password from file %s: %s\n",
-				spec, strerror(errno));
-			exit(1);
-		}
-	}
-	password = talloc_strdup(ctx, pass);
-	if (close_it)
-		close(fd);
-}
-
-/****************************************************************************
-get username and password from a credentials file
-exit on failure (from smbclient, move to libsmb or shared .c file?)
-****************************************************************************/
-
-static void read_credentials_file(const char *filename)
-{
-	FILE *auth;
-	fstring buf;
-	uint16 len = 0;
-	char *ptr, *val, *param;
-
-	if ((auth=sys_fopen(filename, "r")) == NULL)
-	{
-		/* fail if we can't open the credentials file */
-		DEBUG(0,("ERROR: Unable to open credentials file!\n"));
-		exit (-1);
-	}
-
-	while (!feof(auth))
-	{
-		/* get a line from the file */
-		if (!fgets (buf, sizeof(buf), auth))
-			continue;
-		len = strlen(buf);
-
-		if ((len) && (buf[len-1]=='\n'))
-		{
-			buf[len-1] = '\0';
-			len--;
-		}
-		if (len == 0)
-			continue;
-
-		/* break up the line into parameter & value.
-		   will need to eat a little whitespace possibly */
-		param = buf;
-		if (!(ptr = strchr (buf, '=')))
-			continue;
-		val = ptr+1;
-		*ptr = '\0';
-
-		/* eat leading white space */
-		while ((*val!='\0') && ((*val==' ') || (*val=='\t')))
-			val++;
-
-		if (strwicmp("password", param) == 0)
-		{
-			password = talloc_strdup(talloc_tos(),val);
-			got_pass = True;
-		}
-		else if (strwicmp("username", param) == 0) {
-			username = talloc_strdup(talloc_tos(), val);
-		}
-
-		memset(buf, 0, sizeof(buf));
-	}
-	fclose(auth);
-}
-
-
-/****************************************************************************
-usage on the program
-****************************************************************************/
-static void usage(void)
-{
-	printf("Usage: mount.smbfs service mountpoint [-o options,...]\n");
-
-	printf("Version %s\n\n",SAMBA_VERSION_STRING);
-
-	printf("Please be aware that smbfs is deprecated in favor of "
-	       "cifs\n\n");
-
-	printf(
-"Options:\n\
-      username=<arg>                  SMB username\n\
-      password=<arg>                  SMB password\n\
-      credentials=<filename>          file with username/password\n\
-      krb                             use kerberos (active directory)\n\
-      netbiosname=<arg>               source NetBIOS name\n\
-      uid=<arg>                       mount uid or username\n\
-      gid=<arg>                       mount gid or groupname\n\
-      port=<arg>                      remote SMB port number\n\
-      fmask=<arg>                     file umask\n\
-      dmask=<arg>                     directory umask\n\
-      debug=<arg>                     debug level\n\
-      ip=<arg>                        destination host or IP address\n\
-      workgroup=<arg>                 workgroup on destination\n\
-      sockopt=<arg>                   TCP socket options\n\
-      scope=<arg>                     NetBIOS scope\n\
-      iocharset=<arg>                 Linux charset (iso8859-1, utf8)\n\
-      codepage=<arg>                  server codepage (cp850)\n\
-      unicode                         use unicode when communicating with server\n\
-      lfs                             large file system support\n\
-      ttl=<arg>                       dircache time to live\n\
-      guest                           don't prompt for a password\n\
-      ro                              mount read-only\n\
-      rw                              mount read-write\n\
-\n\
-This command is designed to be run from within /bin/mount by giving\n\
-the option '-t smbfs'. For example:\n\
-  mount -t smbfs -o username=tridge,password=foobar //fjall/test /data/test\n\
-");
-}
-
-
-/****************************************************************************
-  Argument parsing for mount.smbfs interface
-  mount will call us like this:
-    mount.smbfs device mountpoint -o <options>
-  
-  <options> is never empty, containing at least rw or ro
- ****************************************************************************/
-static void parse_mount_smb(int argc, char **argv)
-{
-	int opt;
-	char *opts;
-	char *opteq;
-	int val;
-	TALLOC_CTX *ctx = talloc_tos();
-
-	/* FIXME: This function can silently fail if the arguments are
-	 * not in the expected order.
-
-	> The arguments syntax of smbmount 2.2.3a (smbfs of Debian stable)
-	> requires that one gives "-o" before further options like username=...
-	> . Without -o, the username=.. setting is *silently* ignored. I've
-	> spent about an hour trying to find out why I couldn't log in now..
-
-	*/
-
-
-	if (argc < 2 || argv[1][0] == '-') {
-		usage();
-		exit(1);
-	}
-
-	service = talloc_strdup(ctx, argv[1]);
-	if (!service) {
-		fprintf(stderr,"Out of memory\n");
-		exit(ENOMEM);
-	}
-	mpoint = talloc_strdup(ctx, argv[2]);
-	if (!mpoint) {
-		fprintf(stderr,"Out of memory\n");
-		exit(ENOMEM);
-	}
-
-	/* Convert any '/' characters in the service name to
-	   '\' characters */
-	string_replace(service, '/','\\');
-	argc -= 2;
-	argv += 2;
-
-	opt = getopt(argc, argv, "o:");
-	if(opt != 'o') {
-		return;
-	}
-
-	options = talloc_strdup(ctx, "");
-	if (!options) {
-		fprintf(stderr,"Out of memory\n");
-		exit(ENOMEM);
-	}
-
-	/*
-	 * option parsing from nfsmount.c (util-linux-2.9u)
-	 */
-        for (opts = strtok(optarg, ","); opts; opts = strtok(NULL, ",")) {
-		DEBUG(3, ("opts: %s\n", opts));
-                if ((opteq = strchr_m(opts, '='))) {
-                        val = atoi(opteq + 1);
-                        *opteq = '\0';
-
-                        if (!strcmp(opts, "username") ||
-			    !strcmp(opts, "logon")) {
-				char *lp;
-				got_user = True;
-				username = talloc_strdup(ctx, opteq+1);
-				if (!username) {
-					fprintf(stderr,"Out of memory\n");
-					exit(ENOMEM);
-				}
-				if ((lp=strchr_m(username,'%'))) {
-					*lp = 0;
-					password = talloc_strdup(ctx, lp+1);
-					if (!password) {
-						fprintf(stderr,"Out of memory\n");
-						exit(ENOMEM);
-					}
-					got_pass = True;
-					memset(strchr_m(opteq+1,'%')+1,'X',strlen(password));
-				}
-				if ((lp=strchr_m(username,'/'))) {
-					*lp = 0;
-					fstrcpy(workgroup,lp+1);
-				}
-			} else if(!strcmp(opts, "passwd") ||
-				  !strcmp(opts, "password")) {
-				password = talloc_strdup(ctx,opteq+1);
-				if (!password) {
-					fprintf(stderr,"Out of memory\n");
-					exit(ENOMEM);
-				}
-				got_pass = True;
-				memset(opteq+1,'X',strlen(password));
-			} else if(!strcmp(opts, "credentials")) {
-				credentials = talloc_strdup(ctx,opteq+1);
-				if (!credentials) {
-					fprintf(stderr,"Out of memory\n");
-					exit(ENOMEM);
-				}
-			} else if(!strcmp(opts, "netbiosname")) {
-				fstrcpy(my_netbios_name,opteq+1);
-			} else if(!strcmp(opts, "uid")) {
-				mount_uid = nametouid(opteq+1);
-			} else if(!strcmp(opts, "gid")) {
-				mount_gid = nametogid(opteq+1);
-			} else if(!strcmp(opts, "port")) {
-				smb_port = val;
-			} else if(!strcmp(opts, "fmask")) {
-				mount_fmask = strtol(opteq+1, NULL, 8);
-			} else if(!strcmp(opts, "dmask")) {
-				mount_dmask = strtol(opteq+1, NULL, 8);
-			} else if(!strcmp(opts, "debug")) {
-				DEBUGLEVEL = val;
-			} else if(!strcmp(opts, "ip")) {
-				if (!interpret_string_addr(&dest_ip, opteq+1,
-							   0)) {
-					fprintf(stderr,"Can't resolve address %s\n", opteq+1);
-					exit(1);
-				}
-				have_ip = True;
-			} else if(!strcmp(opts, "workgroup")) {
-				fstrcpy(workgroup,opteq+1);
-			} else if(!strcmp(opts, "sockopt")) {
-				lp_do_parameter(-1, "socket options", opteq+1);
-			} else if(!strcmp(opts, "scope")) {
-				set_global_scope(opteq+1);
-			} else {
-				options = talloc_asprintf_append(options,
-							"%s=%s,",
-							opts, opteq+1);
-				if (!options) {
-					fprintf(stderr,"Out of memory\n");
-					exit(ENOMEM);
-				}
-			}
-		} else {
-			val = 1;
-			if(!strcmp(opts, "nocaps")) {
-				fprintf(stderr, "Unhandled option: %s\n", opteq+1);
-				exit(1);
-			} else if(!strcmp(opts, "guest")) {
-				password = talloc_strdup(talloc_tos(), "");
-				if (!password) {
-					fprintf(stderr,"Out of memory\n");
-					exit(ENOMEM);
-				}
-				got_pass = True;
-			} else if(!strcmp(opts, "krb")) {
-#ifdef HAVE_KRB5
-
-				use_kerberos = True;
-				if(!status32_smbfs)
-					fprintf(stderr, "Warning: kerberos support will only work for samba servers\n");
-#else
-				fprintf(stderr,"No kerberos support compiled in\n");
-				exit(1);
-#endif
-			} else if(!strcmp(opts, "rw")) {
-				mount_ro = 0;
-			} else if(!strcmp(opts, "ro")) {
-				mount_ro = 1;
-			} else if(!strcmp(opts, "unicode")) {
-				smbfs_has_unicode = True;
-			} else if(!strcmp(opts, "lfs")) {
-				smbfs_has_lfs = True;
-			} else {
-				options = talloc_asprintf_append(options,
-						"%s,",
-						opts);
-				if (!options) {
-					fprintf(stderr,"Out of memory\n");
-					exit(ENOMEM);
-				}
-			}
-		}
-	}
-
-	if (!service || !*service) {
-		usage();
-		exit(1);
-	}
-
-	if (options && *options && options[strlen(options)-1] == ',') {
-		options[strlen(options)-1] = '\0';	/* remove trailing , */
-		DEBUG(3,("passthrough options '%s'\n", options));
-	}
-}
-
-/****************************************************************************
-  main program
-****************************************************************************/
- int main(int argc,char *argv[])
-{
-	TALLOC_CTX *frame = talloc_stackframe();
-	char *p;
-
-	DEBUGLEVEL = 1;
-
-	load_case_tables();
-
-	/* here we are interactive, even if run from autofs */
-	setup_logging("mount.smbfs",True);
-
-#if 0 /* JRA - Urban says not needed ? */
-	/* CLI_FORCE_ASCII=false makes smbmount negotiate unicode. The default
-	   is to not announce any unicode capabilities as current smbfs does
-	   not support it. */
-	p = getenv("CLI_FORCE_ASCII");
-	if (p && !strcmp(p, "false"))
-		unsetenv("CLI_FORCE_ASCII");
-	else
-		setenv("CLI_FORCE_ASCII", "true", 1);
-#endif
-
-	in_client = True;   /* Make sure that we tell lp_load we are */
-
-	if (getenv("USER")) {
-		username = talloc_strdup(frame, getenv("USER"));
-		if (!username) {
-			exit(ENOMEM);
-		}
-
-		if ((p=strchr_m(username,'%'))) {
-			*p = 0;
-			password = talloc_strdup(frame, p+1);
-			if (!password) {
-				exit(ENOMEM);
-			}
-			got_pass = True;
-			memset(strchr_m(getenv("USER"),'%')+1,'X',strlen(password));
-		}
-		strupper_m(username);
-	}
-
-	if (getenv("PASSWD")) {
-		password = talloc_strdup(frame, getenv("PASSWD"));
-		if (!password) {
-			exit(ENOMEM);
-		}
-		got_pass = True;
-	}
-
-	if (getenv("PASSWD_FD") || getenv("PASSWD_FILE")) {
-		get_password_file();
-		got_pass = True;
-	}
-
-	if ((!username || *username == 0) && getenv("LOGNAME")) {
-		username = talloc_strdup(frame, getenv("LOGNAME"));
-		if (!username) {
-			exit(ENOMEM);
-		}
-	}
-
-	if (!lp_load(get_dyn_CONFIGFILE(),True,False,False,True)) {
-		fprintf(stderr, "Can't load %s - run testparm to debug it\n", 
-			get_dyn_CONFIGFILE());
-	}
-
-	parse_mount_smb(argc, argv);
-
-	if (use_kerberos && !got_user) {
-		got_pass = True;
-	}
-
-	if (credentials && *credentials != 0) {
-		read_credentials_file(credentials);
-	}
-
-	DEBUG(3,("mount.smbfs started (version %s)\n", SAMBA_VERSION_STRING));
-
-	if (*workgroup == 0) {
-		fstrcpy(workgroup,lp_workgroup());
-	}
-
-	load_interfaces();
-	if (!*my_netbios_name) {
-		fstrcpy(my_netbios_name, myhostname());
-	}
-	strupper_m(my_netbios_name);
-
-	init_mount();
-	TALLOC_FREE(frame);
-	return 0;
-}
diff --git a/source3/client/smbumount.c b/source3/client/smbumount.c
deleted file mode 100644
index e74c31299c..0000000000
--- a/source3/client/smbumount.c
+++ /dev/null
@@ -1,196 +0,0 @@
-/*
- *  smbumount.c
- *
- *  Copyright (C) 1995-1998 by Volker Lendecke
- *
- */
-
-#define SMBMOUNT_MALLOC 1
-
-#include "includes.h"
-
-#include <mntent.h>
-
-#include <asm/types.h>
-#include <asm/posix_types.h>
-#include <linux/smb.h>
-#include <linux/smb_mount.h>
-#include <linux/smb_fs.h>
-
-/* This is a (hopefully) temporary hack due to the fact that
-	sizeof( uid_t ) != sizeof( __kernel_uid_t ) under glibc.
-	This may change in the future and smb.h may get fixed in the
-	future.  In the mean time, it's ugly hack time - get over it.
-*/
-#undef SMB_IOC_GETMOUNTUID
-#define	SMB_IOC_GETMOUNTUID		_IOR('u', 1, __kernel_uid_t)
-
-#ifndef O_NOFOLLOW
-#define O_NOFOLLOW     0400000
-#endif
-
-static void
-usage(void)
-{
-        printf("usage: smbumount mountpoint\n\n");
-	printf("Please be aware that smbfs is deprecated in favor of "
-	       "cifs\n");
-}
-
-static int
-umount_ok(const char *mount_point)
-{
-	/* we set O_NOFOLLOW to prevent users playing games with symlinks to
-	   umount filesystems they don't own */
-        int fid = open(mount_point, O_RDONLY|O_NOFOLLOW, 0);
-        __kernel_uid32_t mount_uid;
-
-        if (fid == -1) {
-                fprintf(stderr, "Could not open %s: %s\n",
-                        mount_point, strerror(errno));
-                return -1;
-        }
-
-        if (ioctl(fid, SMB_IOC_GETMOUNTUID32, &mount_uid) != 0) {
-                __kernel_uid_t mount_uid16;
-                if (ioctl(fid, SMB_IOC_GETMOUNTUID, &mount_uid16) != 0) {
-                        fprintf(stderr, "%s probably not smb-filesystem\n",
-                                mount_point);
-                        return -1;
-                }
-                mount_uid = mount_uid16;
-        }
-
-        if ((getuid() != 0)
-            && (mount_uid != getuid())) {
-                fprintf(stderr, "You are not allowed to umount %s\n",
-                        mount_point);
-                return -1;
-        }
-
-        close(fid);
-        return 0;
-}
-
-/* Make a canonical pathname from PATH.  Returns a freshly malloced string.
-   It is up the *caller* to ensure that the PATH is sensible.  i.e.
-   canonicalize ("/dev/fd0/.") returns "/dev/fd0" even though ``/dev/fd0/.''
-   is not a legal pathname for ``/dev/fd0''  Anything we cannot parse
-   we return unmodified.   */
-static char *
-canonicalize (char *path)
-{
-	char *canonical = (char*)malloc (PATH_MAX + 1);
-
-	if (!canonical) {
-		fprintf(stderr, "Error! Not enough memory!\n");
-		return NULL;
-	}
-
-	if (strlen(path) > PATH_MAX) {
-		fprintf(stderr, "Mount point string too long\n");
-		return NULL;
-	}
-
-	if (path == NULL)
-		return NULL;
-
-	if (realpath (path, canonical))
-		return canonical;
-
-	strncpy (canonical, path, PATH_MAX);
-	canonical[PATH_MAX] = '\0';
-	return canonical;
-}
-
-
-int
-main(int argc, char *argv[])
-{
-        int fd;
-        char* mount_point;
-        struct mntent *mnt;
-        FILE* mtab;
-        FILE* new_mtab;
-	TALLOC_CTX *frame = talloc_stackframe();
-
-        if (argc != 2) {
-                usage();
-                exit(1);
-        }
-
-        if (geteuid() != 0) {
-                fprintf(stderr, "smbumount must be installed suid root\n");
-                exit(1);
-        }
-
-        mount_point = canonicalize(argv[1]);
-
-	if (mount_point == NULL)
-	{
-		exit(1);
-	}
-
-        if (umount_ok(mount_point) != 0) {
-                exit(1);
-        }
-
-        if (umount(mount_point) != 0) {
-                fprintf(stderr, "Could not umount %s: %s\n",
-                        mount_point, strerror(errno));
-                exit(1);
-        }
-
-        if ((fd = open(MOUNTED"~", O_RDWR|O_CREAT|O_EXCL, 0600)) == -1)
-        {
-                fprintf(stderr, "Can't get "MOUNTED"~ lock file");
-                return 1;
-        }
-        close(fd);
-
-        if ((mtab = setmntent(MOUNTED, "r")) == NULL) {
-                fprintf(stderr, "Can't open " MOUNTED ": %s\n",
-                        strerror(errno));
-                return 1;
-        }
-
-#define MOUNTED_TMP MOUNTED".tmp"
-
-        if ((new_mtab = setmntent(MOUNTED_TMP, "w")) == NULL) {
-                fprintf(stderr, "Can't open " MOUNTED_TMP ": %s\n",
-                        strerror(errno));
-                endmntent(mtab);
-                return 1;
-        }
-
-        while ((mnt = getmntent(mtab)) != NULL) {
-                if (strcmp(mnt->mnt_dir, mount_point) != 0) {
-                        addmntent(new_mtab, mnt);
-                }
-        }
-
-        endmntent(mtab);
-
-        if (fchmod (fileno (new_mtab), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
-                fprintf(stderr, "Error changing mode of %s: %s\n",
-                        MOUNTED_TMP, strerror(errno));
-                exit(1);
-        }
-
-        endmntent(new_mtab);
-
-        if (rename(MOUNTED_TMP, MOUNTED) < 0) {
-                fprintf(stderr, "Cannot rename %s to %s: %s\n",
-                        MOUNTED, MOUNTED_TMP, strerror(errno));
-                exit(1);
-        }
-
-        if (unlink(MOUNTED"~") == -1)
-        {
-                fprintf(stderr, "Can't remove "MOUNTED"~");
-                return 1;
-        }
-
-	TALLOC_FREE(frame);
-	return 0;
-}
diff --git a/source3/configure.in b/source3/configure.in
index cd04b598c0..f481a30b3b 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -2,7 +2,10 @@ dnl Process this file with autoconf to produce a configure script.
 
 dnl We must use autotools 2.53 or above
 AC_PREREQ(2.53)
-AC_INIT(include/includes.h)
+
+AC_INIT([Samba],[3],[samba-technical@samba.org])
+
+AC_CONFIG_SRCDIR([include/includes.h])
 AC_CONFIG_HEADER(include/config.h)
 AC_DEFINE(CONFIG_H_IS_FROM_SAMBA,1,[Marker for samba's config.h])
 
@@ -12,266 +15,42 @@ case "$PATH" in
 	;;
 esac 
 
-SMB_VERSION_STRING=`cat $srcdir/include/version.h | grep 'SAMBA_VERSION_OFFICIAL_STRING' | cut -d '"' -f2`
-echo "SAMBA VERSION: ${SMB_VERSION_STRING}"
-
-SAMBA_VERSION_GIT_COMMIT_FULLREV=`cat $srcdir/include/version.h | grep 'SAMBA_VERSION_GIT_COMMIT_FULLREV' | cut -d ' ' -f3- | cut -d '"' -f2`
-if test -n "${SAMBA_VERSION_GIT_COMMIT_FULLREV}";then
-	echo "BUILD COMMIT REVISION: ${SAMBA_VERSION_GIT_COMMIT_FULLREV}"
-fi
-SAMBA_VERSION_GIT_COMMIT_DATE=`cat $srcdir/include/version.h | grep 'SAMBA_VERSION_GIT_COMMIT_DATE' | cut -d ' ' -f3-`
-if test -n "${SAMBA_VERSION_GIT_COMMIT_DATE}";then
-	echo "BUILD COMMIT DATE: ${SAMBA_VERSION_GIT_COMMIT_DATE}"
-fi
-SAMBA_VERSION_GIT_COMMIT_TIME=`cat $srcdir/include/version.h | grep 'SAMBA_VERSION_GIT_COMMIT_TIME' | cut -d ' ' -f3-`
-if test -n "${SAMBA_VERSION_GIT_COMMIT_TIME}";then
-	echo "BUILD COMMIT TIME: ${SAMBA_VERSION_GIT_COMMIT_TIME}"
-
-	# just to keep the build-farm gui happy for now...
-	echo "BUILD REVISION: ${SAMBA_VERSION_GIT_COMMIT_TIME}"
-fi
-
-AC_LIBREPLACE_LOCATION_CHECKS
-
-AC_DISABLE_STATIC
-AC_ENABLE_SHARED
-
-#################################################
-# Directory handling stuff to support both the
-# legacy SAMBA directories and FHS compliant
-# ones...
-AC_PREFIX_DEFAULT(/usr/local/samba)
-
-rootsbindir="\${SBINDIR}"
-lockdir="\${VARDIR}/locks"
-piddir="\${VARDIR}/locks"
-test "${mandir}" || mandir="\${prefix}/man"
-logfilebase="\${VARDIR}"
-privatedir="\${prefix}/private"
-test "${libdir}" || libdir="\${prefix}/lib"
-pammodulesdir="\${LIBDIR}/security"
-configdir="\${LIBDIR}"
-swatdir="\${prefix}/swat"
-codepagedir="\${LIBDIR}"
-statedir="\${LOCKDIR}"
-cachedir="\${LOCKDIR}"
-
-AC_ARG_WITH(fhs,
-[  --with-fhs              Use FHS-compliant paths (default=no)],
-[ case "$withval" in
-  yes)
-    lockdir="\${VARDIR}/lib/samba"
-    piddir="\${VARDIR}/run"
-    mandir="\${prefix}/share/man"
-    logfilebase="\${VARDIR}/log/samba"
-    privatedir="\${CONFIGDIR}/private"
-    test "${libdir}" || libdir="\${prefix}/lib/samba"
-    configdir="\${sysconfdir}/samba"
-    swatdir="\${DATADIR}/samba/swat"
-    codepagedir="\${LIBDIR}"
-    statedir="\${VARDIR}/lib/samba"
-    cachedir="\${VARDIR}/lib/samba"
-    AC_DEFINE(FHS_COMPATIBLE, 1, [Whether to use fully FHS-compatible paths])
-    ;;
-  esac])
-
-#################################################
-# set private directory location
-AC_ARG_WITH(privatedir,
-[  --with-privatedir=DIR   Where to put smbpasswd ($ac_default_prefix/private)],
-[ case "$withval" in
-  yes|no)
-  #
-  # Just in case anybody calls it without argument
-  #
-    AC_MSG_WARN([--with-privatedir called without argument - will use default])
-  ;;
-  * )
-    privatedir="$withval"
-    ;;
-  esac])
-
-#################################################
-# set root sbin directory location
-AC_ARG_WITH(rootsbindir,
-[  --with-rootsbindir=DIR  Which directory to use for root sbin ($ac_default_prefix/sbin)],
-[ case "$withval" in
-  yes|no)
-  #
-  # Just in case anybody calls it without argument
-  #
-    AC_MSG_WARN([--with-rootsbindir called without argument - will use default])
-  ;;
-  * )
-    rootsbindir="$withval"
-    ;;
-  esac])
-
-#################################################
-# set lock directory location
-AC_ARG_WITH(lockdir,
-[  --with-lockdir=DIR      Where to put lock files ($ac_default_prefix/var/locks)],
-[ case "$withval" in
-  yes|no)
-  #
-  # Just in case anybody calls it without argument
-  #
-    AC_MSG_WARN([--with-lockdir called without argument - will use default])
-  ;;
-  * )
-    lockdir="$withval"
-    ;;
-  esac])
-
-#################################################
-# set pid directory location
-AC_ARG_WITH(piddir,
-[  --with-piddir=DIR       Where to put pid files ($ac_default_prefix/var/locks)],
-[ case "$withval" in
-  yes|no)
-  #
-  # Just in case anybody calls it without argument
-  #
-    AC_MSG_WARN([--with-piddir called without argument - will use default])
-  ;;
-  * )
-    piddir="$withval"
-    ;;
-  esac])
-
-#################################################
-# set SWAT directory location
-AC_ARG_WITH(swatdir,
-[  --with-swatdir=DIR      Where to put SWAT files ($ac_default_prefix/swat)],
-[ case "$withval" in
-  yes|no)
-  #
-  # Just in case anybody does it
-  #
-    AC_MSG_WARN([--with-swatdir called without argument - will use default])
-  ;;
-  * )
-    swatdir="$withval"
-    ;;
-  esac])
-
-#################################################
-# set configuration directory location
-AC_ARG_WITH(configdir,
-[  --with-configdir=DIR    Where to put configuration files ($libdir)],
-[ case "$withval" in
-  yes|no)
-  #
-  # Just in case anybody does it
-  #
-    AC_MSG_WARN([--with-configdir called without argument - will use default])
-  ;;
-  * )
-    configdir="$withval"
-    ;;
-  esac])
-
-#################################################
-# set log directory location
-AC_ARG_WITH(logfilebase,
-[  --with-logfilebase=DIR  Where to put log files ($VARDIR)],
-[ case "$withval" in
-  yes|no)
-  #
-  # Just in case anybody does it
-  #
-    AC_MSG_WARN([--with-logfilebase called without argument - will use default])
-  ;;
-  * )
-    logfilebase="$withval"
-    ;;
-  esac])
-
+builddir=`pwd`
+AC_SUBST(builddir)
 
-#################################################
-# set ctdb source directory location
-AC_ARG_WITH(ctdb,
-[  --with-ctdb=DIR  Where to find ctdb sources],
-[ case "$withval" in
-  yes|no)
-    AC_MSG_WARN([--with-ctdb called without argument])
-  ;;
-  * )
-    ctdbdir="$withval"
-    ;;
-  esac])
+m4_include(m4/samba_version.m4)
+m4_include(m4/check_path.m4)
 
-#################################################
-# set lib directory location
-AC_ARG_WITH(libdir,
-[  --with-libdir=DIR       Where to put libdir ($libdir)],
-[ case "$withval" in
-  yes|no)
-  #
-  # Just in case anybody does it
-  #
-    AC_MSG_WARN([--with-libdir without argument - will use default])
-  ;;
-  * )
-    libdir="$withval"
-    ;;
-  esac])
-
-#################################################
-# set PAM modules directory location
-AC_ARG_WITH(pammodulesdir,
-[  --with-pammodulesdir=DIR  Which directory to use for PAM modules ($ac_default_prefix/$libdir/security)],
-[ case "$withval" in
-  yes|no)
-  #
-  # Just in case anybody calls it without argument
-  #
-    AC_MSG_WARN([--with-pammodulesdir called without argument - will use default])
-  ;;
-  * )
-    pammodulesdir="$withval"
-    ;;
-  esac])
+AC_LIBREPLACE_CC_CHECKS
 
-#################################################
-# set man directory location
-AC_ARG_WITH(mandir,
-[  --with-mandir=DIR       Where to put man pages ($mandir)],
-[ case "$withval" in
-  yes|no)
-  #
-  # Just in case anybody does it
-  #
-    AC_MSG_WARN([--with-mandir without argument - will use default])
-  ;;
-  * )
-    mandir="$withval"
-    ;;
-  esac])
+m4_include(lib/talloc/libtalloc.m4)
 
-AC_ARG_WITH(cfenc,
-[  --with-cfenc=HEADERDIR  Use internal CoreFoundation encoding API
-			  for optimization (Mac OS X/Darwin only)],
-[
-# May be in source $withval/CoreFoundation/StringEncodings.subproj.
-# Should have been in framework $withval/CoreFoundation.framework/Headers.
-for d in \
-    $withval/CoreFoundation/StringEncodings.subproj \
-    $withval/StringEncodings.subproj \
-    $withval/CoreFoundation.framework/Headers \
-    $withval/Headers \
-    $withval
-do
-    if test -r $d/CFStringEncodingConverter.h; then
-        ln -sfh $d include/CoreFoundation
-    fi
+TALLOC_OBJS=""
+for obj in ${TALLOC_OBJ}; do
+	TALLOC_OBJS="${TALLOC_OBJS} ${tallocdir}/${obj}"
 done
-])
+AC_SUBST(TALLOC_OBJS)
+
+# TODO: These should come from m4_include(lib/tdb/libtdb.m4)
+# but currently this fails: things have to get merged from s4.
+tdbdir="lib/tdb"
+AC_SUBST(tdbdir)
+TDB_CFLAGS="-I$tdbdir/include"
+AC_SUBST(TDB_CFLAGS)
+TDB_OBJ="common/tdb.o common/dump.o common/transaction.o common/error.o common/traverse.o"
+TDB_OBJ="$TDB_OBJ common/freelist.o common/freelistcheck.o common/io.o common/lock.o common/open.o"
+AC_SUBST(TDB_OBJ)
+
+TDB_OBJS=""
+for obj in ${TDB_OBJ}; do
+	TDB_OBJS="${TDB_OBJS} ${tdbdir}/${obj}"
+done
+AC_SUBST(TDB_OBJS)
 
 SAMBA_CPPFLAGS="-Iinclude -I${srcdir-.}/include  -I. -I${srcdir-.}"
 SAMBA_CPPFLAGS="${SAMBA_CPPFLAGS} -I${srcdir-.}/lib/replace"
-SAMBA_CPPFLAGS="${SAMBA_CPPFLAGS} -I${srcdir-.}/lib/talloc"
-SAMBA_CPPFLAGS="${SAMBA_CPPFLAGS} -I${srcdir-.}/lib/tdb/include"
+SAMBA_CPPFLAGS="${SAMBA_CPPFLAGS} ${TALLOC_CFLAGS}"
+SAMBA_CPPFLAGS="${SAMBA_CPPFLAGS} ${TDB_CFLAGS}"
 SAMBA_CPPFLAGS="${SAMBA_CPPFLAGS} -I${srcdir-.}/libaddns"
 SAMBA_CPPFLAGS="${SAMBA_CPPFLAGS} -I${srcdir-.}/librpc"
 
@@ -282,21 +61,6 @@ if test "x${srcdir-.}" != "x."; then
 	SAMBA_CPPFLAGS=`echo ${SAMBA_CPPFLAGS} | sed -e "s;${srcdir};\$\(srcdir\);g"`
 fi
 
-AC_SUBST(configdir)
-AC_SUBST(lockdir)
-AC_SUBST(piddir)
-AC_SUBST(logfilebase)
-AC_SUBST(ctdbdir)
-AC_SUBST(privatedir)
-AC_SUBST(swatdir)
-AC_SUBST(bindir)
-AC_SUBST(sbindir)
-AC_SUBST(codepagedir)
-AC_SUBST(statedir)
-AC_SUBST(cachedir)
-AC_SUBST(rootsbindir)
-AC_SUBST(pammodulesdir)
-
 dnl Unique-to-Samba variables we'll be playing with.
 AC_SUBST(SAMBA_CPPFLAGS)
 AC_SUBST(SHELL)
@@ -336,10 +100,7 @@ AC_SUBST(INSTALL_LIBSMBSHAREMODES)
 AC_SUBST(UNINSTALL_LIBSMBSHAREMODES)
 AC_SUBST(LIBSMBSHAREMODES_SHARED)
 AC_SUBST(LIBSMBSHAREMODES)
-AC_SUBST(INSTALL_LIBNETAPI)
-AC_SUBST(UNINSTALL_LIBNETAPI)
-AC_SUBST(LIBNETAPI_SHARED)
-AC_SUBST(LIBNETAPI)
+
 AC_SUBST(PRINT_LIBS)
 AC_SUBST(AUTH_LIBS)
 AC_SUBST(ACL_LIBS)
@@ -353,7 +114,6 @@ AC_SUBST(INSTALL_PAM_MODULES)
 AC_SUBST(UNINSTALL_PAM_MODULES)
 AC_SUBST(NSS_MODULES)
 AC_SUBST(EXTRA_BIN_PROGS)
-AC_SUBST(SMBMOUNT_PROGS)
 AC_SUBST(CIFSMOUNT_PROGS)
 AC_SUBST(INSTALL_CIFSMOUNT)
 AC_SUBST(UNINSTALL_CIFSMOUNT)
@@ -365,14 +125,6 @@ AC_SUBST(EXTRA_ALL_TARGETS)
 AC_SUBST(CONFIG_LIBS)
 AC_SUBST(NSCD_LIBS)
 
-## check for --enable-debug first before checking CFLAGS before
-## so that we don't mix -O and -g
-AC_ARG_ENABLE(debug,
-[  --enable-debug          Turn on compiler debugging information (default=no)],
-    [if eval "test x$enable_debug = xyes"; then
-	CFLAGS="${CFLAGS} -g"
-    fi])
-
 # compile with optimization and without debugging by default, but
 # allow people to set their own preference.
 # do this here since AC_CACHE_CHECK apparently sets the CFLAGS to "-g -O2"
@@ -381,76 +133,18 @@ AC_ARG_ENABLE(debug,
 if test "x$CFLAGS" = x; then
   CFLAGS="-O"
 fi
+if test "x$debug" = "xyes" ; then
+	CFLAGS="${CFLAGS} -g"
+else
+	CFLAGS="-O"
+fi
 
 CFLAGS="${CFLAGS} -D_SAMBA_BUILD_=3"
 
-AC_LIBREPLACE_CC_CHECKS
-
 m4_include(lib/socket_wrapper/config.m4)
 m4_include(lib/nss_wrapper/config.m4)
 
-SWAT_SBIN_TARGETS='bin/swat$(EXEEXT)'
-SWAT_INSTALL_TARGETS=installswat
-
-AC_ARG_ENABLE(swat,
-[  --enable-swat           Build the SWAT tool (default=yes)],
-[
-    case "$enable_swat" in
-	no)
-	    SWAT_SBIN_TARGETS=''
-	    SWAT_INSTALL_TARGETS=''
-	    ;;
-    esac
-])
-
-AC_SUBST(SWAT_SBIN_TARGETS)
-AC_SUBST(SWAT_INSTALL_TARGETS)
-
-#################################################
-# set prefix for 'make test'
-selftest_prefix="./"
-AC_SUBST(selftest_prefix)
-AC_ARG_WITH(selftest-prefix,
-[  --with-selftest-prefix=DIR    The prefix where make test will be run ($selftest_prefix)],
-[ case "$withval" in
-  yes|no)
-    AC_MSG_WARN([--with-selftest-prefix called without argument - will use default])
-  ;;
-  * )
-    selftest_prefix="$withval"
-    ;;
-  esac
-])
-
-#################################################
-# set path of samba4's smbtorture
-smbtorture4_path=""
-AC_SUBST(smbtorture4_path)
-AC_ARG_WITH(smbtorture4_path,
-[  --with-smbtorture4-path=PATH    The path to a samba4 smbtorture for make test (none)],
-[ case "$withval" in
-  yes|no)
-    AC_MSG_ERROR([--with-smbtorture4-path should take a path])
-  ;;
-  * )
-    smbtorture4_path="$withval"
-    if test -z "$smbtorture4_path" -a ! -f $smbtorture4_path; then
-    	AC_MSG_ERROR(['$smbtorture_path' does not  exist!])
-    fi
-  ;;
- esac
-])
-
-AC_ARG_ENABLE(developer, [  --enable-developer      Turn on developer warnings and debugging (default=no)],
-    [if eval "test x$enable_developer = xyes"; then
-        developer=yes
-    fi])
-
-AC_ARG_ENABLE(krb5developer, [  --enable-krb5developer  Turn on developer warnings and debugging, except -Wstrict-prototypes (default=no)],
-    [if eval "test x$enable_krb5developer = xyes"; then
-        developer=yes
-	krb5_developer=yes
-    fi])
+m4_include(m4/swat.m4)
 
 # Probe the gcc version for extra CFLAGS. We always stash these in
 # DEVELOPER_CFLAGS, so that you can turn them on and off with a simple
@@ -499,7 +193,7 @@ if test x"$ac_cv_prog_gcc" = x"yes" ; then
        fi
 fi
 
-AC_ARG_ENABLE(dmalloc, [  --enable-dmalloc        Enable heap debugging [default=no]])
+AC_ARG_ENABLE(dmalloc, [AS_HELP_STRING([--enable-dmalloc], [Enable heap debugging [default=no]])])
 
 if test "x$enable_dmalloc" = xyes
 then
@@ -513,7 +207,7 @@ fi
 # check for a shared memory profiling support
 AC_MSG_CHECKING(whether to use profiling)
 AC_ARG_WITH(profiling-data,
-[  --with-profiling-data   Include gathering source code profile information (default=no)],
+[AS_HELP_STRING([--with-profiling-data], [Include gathering source code profile information (default=no)])],
 [ case "$withval" in
   yes)
     AC_MSG_RESULT(yes)
@@ -704,10 +398,10 @@ AC_SUBST(DYNEXP)
 
 dnl Add modules that have to be built by default here
 dnl These have to be built static:
-default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_winreg rpc_initshutdown rpc_lsa_ds rpc_wkssvc rpc_svcctl2 rpc_ntsvcs rpc_net rpc_netdfs rpc_srvsvc2 rpc_spoolss rpc_eventlog2 auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin vfs_default nss_info_template"
+default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsarpc rpc_samr rpc_winreg rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl2 rpc_ntsvcs2 rpc_netlogon rpc_netdfs rpc_srvsvc2 rpc_spoolss rpc_eventlog2 auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin vfs_default nss_info_template"
 
 dnl These are preferably build shared, and static if dlopen() is not available
-default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy charset_CP850 charset_CP437 auth_script vfs_readahead vfs_syncops vfs_xattr_tdb"
+default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy vfs_shadow_copy2 charset_CP850 charset_CP437 auth_script vfs_readahead vfs_xattr_tdb vfs_streams_xattr"
 
 if test "x$developer" = xyes; then
    default_static_modules="$default_static_modules rpc_rpcecho"
@@ -939,8 +633,13 @@ exit(1);
 
 esac
 
+SAVE_CPPFLAGS="${CPPFLAGS}"
+CPPFLAGS="${CPPFLAGS} ${SAMBA_CONFIGURE_CPPFLAGS}"
+
 AC_LIBREPLACE_BROKEN_CHECKS
 
+CPPFLAGS="${SAVE_CPPFLAGS}"
+
 LIBREPLACE_DIR=`echo ${libreplacedir} | sed -e "s;${srcdir};;" -e "s;^/;;"`
 
 LIBREPLACE_OBJS=""
@@ -965,6 +664,7 @@ AC_CHECK_HEADERS(sys/sysmacros.h)
 AC_CHECK_HEADERS(sys/syslog.h syslog.h)
 AC_CHECK_HEADERS(langinfo.h locale.h)
 AC_CHECK_HEADERS(xfs/libxfs.h)
+AC_CHECK_HEADERS(netgroup.h)
 
 AC_CHECK_HEADERS(rpcsvc/yp_prot.h,,,[[
 #if HAVE_RPC_RPC_H
@@ -1040,19 +740,14 @@ AC_TYPE_SIZE_T
 AC_TYPE_PID_T
 AC_STRUCT_ST_RDEV
 AC_DIRENT_D_OFF
-AC_CHECK_TYPE(ino_t,unsigned)
-AC_CHECK_TYPE(loff_t,off_t)
-AC_CHECK_TYPE(offset_t,loff_t)
 AC_CHECK_TYPE(ssize_t, int)
 AC_CHECK_TYPE(wchar_t, unsigned short)
-AC_CHECK_TYPE(comparison_fn_t,
-[AC_DEFINE(HAVE_COMPARISON_FN_T, 1,[Whether or not we have comparison_fn_t])])
 
 ############################################
 # for cups support we need libcups, and a handful of header files
 
 AC_ARG_ENABLE(cups,
-[  --enable-cups           Turn on CUPS support (default=auto)])
+[AS_HELP_STRING([--enable-cups], [Turn on CUPS support (default=auto)])])
 
 if test x$enable_cups != xno; then
 	AC_PATH_PROG(CUPS_CONFIG, cups-config)
@@ -1068,7 +763,7 @@ if test x$enable_cups != xno; then
 fi
 
 AC_ARG_ENABLE(iprint,
-[  --enable-iprint         Turn on iPrint support (default=yes if cups is yes)])
+[AS_HELP_STRING([--enable-iprint], [Turn on iPrint support (default=yes if cups is yes)])])
 
 if test x$enable_iprint != xno; then
 	if test "x$CUPS_CONFIG" != x; then
@@ -1111,9 +806,59 @@ AC_CACHE_CHECK([for unix domain sockets],samba_cv_unixsocket, [
 ],
 	samba_cv_unixsocket=yes,samba_cv_unixsocket=no)])
 if test x"$samba_cv_unixsocket" = x"yes"; then
-   AC_DEFINE(HAVE_UNIXSOCKET,1,[If we need to build with unixscoket support])
+   AC_DEFINE(HAVE_UNIXSOCKET,1,[If we need to build with unixsocket support])
+fi
+
+#############################################
+# check for fd passing struct via msg_control
+AC_CACHE_CHECK([for fd passing via msg_control],samba_cv_msghdr_msg_control, [
+    AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <sys/socket.h>
+#include <sys/un.h>],
+[
+	struct msghdr msg;
+	union {
+	      struct cmsghdr cm;
+	      char control[CMSG_SPACE(sizeof(int))];
+	} control_un;
+	msg.msg_control = control_un.control;
+	msg.msg_controllen = sizeof(control_un.control);
+],
+	samba_cv_msghdr_msg_control=yes,samba_cv_msghdr_msg_control=no)])
+if test x"$samba_cv_msghdr_msg_control" = x"yes"; then
+   AC_DEFINE(HAVE_MSGHDR_MSG_CONTROL,1,
+	     [If we can use msg_control for passing file descriptors])
+fi
+
+#############################################
+# check for fd passing struct via msg_acctrights
+AC_CACHE_CHECK([for fd passing via msg_acctrights],
+		samba_cv_msghdr_msg_acctrights, [
+    AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <sys/socket.h>
+#include <sys/un.h>],
+[
+	struct msghdr msg;
+	int fd;
+	msg.msg_acctrights = (caddr_t) &fd;
+	msg.msg_acctrightslen = sizeof(fd);
+],
+	samba_cv_msghdr_msg_acctrights=yes,samba_cv_msghdr_msg_acctrights=no)])
+if test x"$samba_cv_msghdr_msg_acctrights" = x"yes"; then
+   AC_DEFINE(HAVE_MSGHDR_MSG_ACCTRIGHTS,1,
+	     [If we can use msg_acctrights for passing file descriptors])
 fi
 
+AC_CHECK_FUNCS(dirfd)
+if test x"$ac_cv_func_dirfd" = x"yes"; then
+	default_shared_modules="$default_shared_modules vfs_syncops"
+fi
 
 AC_CACHE_CHECK([for sig_atomic_t type],samba_cv_sig_atomic_t, [
     AC_TRY_COMPILE([
@@ -1155,10 +900,6 @@ fi
 AC_HAVE_DECL(errno, [#include <errno.h>])
 AC_HAVE_DECL(setresuid, [#include <unistd.h>])
 AC_HAVE_DECL(setresgid, [#include <unistd.h>])
-AC_HAVE_DECL(asprintf, [#include <stdio.h>])
-AC_HAVE_DECL(vasprintf, [#include <stdio.h>])
-AC_HAVE_DECL(vsnprintf, [#include <stdio.h>])
-AC_HAVE_DECL(snprintf, [#include <stdio.h>])
 
 # and glibc has setresuid under linux but the function does
 # nothing until kernel 2.1.44! very dumb.
@@ -1190,7 +931,7 @@ test "${with_readline+set}" != "set" && with_readline=yes
 # test for where we get readline() from
 AC_MSG_CHECKING(whether to use readline)
 AC_ARG_WITH(readline,
-[  --with-readline[=DIR]     Look for readline include/libs in DIR (default=auto) ],
+[AS_HELP_STRING([--with-readline[=DIR]], [Look for readline include/libs in DIR (default=auto)])],
 [  case "$with_readline" in
   yes)
     AC_MSG_RESULT(yes)
@@ -1310,7 +1051,7 @@ AC_CHECK_FUNCS(waitpid getcwd strdup strndup strnlen strerror chown fchown lchow
 AC_CHECK_FUNCS(strtol strtoll strtoul strtoull strtouq __strtoull)
 AC_CHECK_FUNCS(fstat strchr utime utimes chflags)
 AC_CHECK_FUNCS(getrlimit fsync fdatasync memset strlcpy strlcat setpgid)
-AC_CHECK_FUNCS(memmove vsnprintf snprintf asprintf vasprintf setsid glob strpbrk pipe crypt16 getauthuid)
+AC_CHECK_FUNCS(memmove setsid glob strpbrk pipe crypt16 getauthuid)
 AC_CHECK_FUNCS(strftime sigprocmask sigblock sigaction sigset innetgr setnetgrent getnetgrent endnetgrent)
 AC_CHECK_FUNCS(initgroups select poll rdchk getgrnam getgrent pathconf realpath)
 AC_CHECK_FUNCS(setpriv setgidx setuidx setgroups sysconf mktime rename ftruncate chsize stat64 fstat64)
@@ -1740,10 +1481,13 @@ case "$host_os" in
     ;;
 esac
 
+AC_DISABLE_STATIC
+AC_ENABLE_SHARED
+
 # Set defaults
 PIE_CFLAGS=""
 PIE_LDFLAGS=""
-AC_ARG_ENABLE(pie, [  --enable-pie            Turn on pie support if available (default=yes)])
+AC_ARG_ENABLE(pie, [AS_HELP_STRING([--enable-pie], [Turn on pie support if available (default=yes)])])
 
 if test "x$enable_pie" != xno
 then
@@ -1863,8 +1607,8 @@ DSO_EXPORTS=""
 			;;
 		*aix*) AC_DEFINE(AIX,1,[Whether the host os is aix])
 			BLDSHARED="true"
-			LDSHFLAGS="-Wl,-G,-bexpall,-bbigtoc"
-			DYNEXP="-Wl,-brtl,-bexpall,-bbigtoc"
+			LDSHFLAGS="-Wl,-G,-bexpfull,-bbigtoc"
+			DYNEXP="-Wl,-brtl,-bexpfull,-bbigtoc"
 			PICFLAG="-O2"
 			# as AIX code is always position independent...
 			# .po will just create compile warnings, use po.o:
@@ -1954,7 +1698,9 @@ DSO_EXPORTS=""
 
 		*darwin*)   AC_DEFINE(DARWINOS,1,[Whether the host os is Darwin/MacOSX])
 			BLDSHARED="true"
-			LDSHFLAGS="-bundle -flat_namespace -undefined suppress"
+			LDSHFLAGS="-dynamiclib -flat_namespace -undefined suppress"
+			CFLAGS="$CFLAGS -fno-common"
+			SHLD="\${CC}"
 			SHLIBEXT="dylib"
                         MODULE_EXPORTS="-exported_symbols_list \$(srcdir)/exports/modules-darwin.syms"
                         SHLIBEXT="dylib"
@@ -1979,6 +1725,10 @@ if test "$enable_shared" = yes -a "${ac_cv_gnu_ld_version_script}" = yes; then
 	DSO_EXPORTS=\$\(DSO_EXPORTS_CMD\)
 fi
 
+if test x"$BLDSHARED" = x"true" ; then
+	LDFLAGS="$LDFLAGS -L./bin"
+fi
+
 AC_MSG_RESULT($BLDSHARED)
 
 AC_MSG_CHECKING([LDFLAGS])
@@ -2271,54 +2021,6 @@ if test x"$samba_cv_WITH_PROFILE" = x"yes"; then
 
 fi
 
-AC_CACHE_CHECK([for va_copy],samba_cv_HAVE_VA_COPY,[
-AC_TRY_LINK([#include <stdarg.h>
-va_list ap1,ap2;], [va_copy(ap1,ap2);],
-samba_cv_HAVE_VA_COPY=yes,
-samba_cv_HAVE_VA_COPY=no)])
-if test x"$samba_cv_HAVE_VA_COPY" = x"yes"; then
-    AC_DEFINE(HAVE_VA_COPY,1,[Whether va_copy() is available])
-else
-    AC_CACHE_CHECK([for __va_copy],samba_cv_HAVE___VA_COPY,[
-    AC_TRY_LINK([#include <stdarg.h>
-    va_list ap1,ap2;], [__va_copy(ap1,ap2);],
-    samba_cv_HAVE___VA_COPY=yes,
-    samba_cv_HAVE___VA_COPY=no)])
-    if test x"$samba_cv_HAVE___VA_COPY" = x"yes"; then
-        AC_DEFINE(HAVE___VA_COPY,1,[Whether __va_copy() is available])
-    fi
-fi
-
-AC_CACHE_CHECK([for C99 vsnprintf],samba_cv_HAVE_C99_VSNPRINTF,[
-AC_TRY_RUN([
-#include <sys/types.h>
-#include <stdarg.h>
-void foo(const char *format, ...) {
-       va_list ap;
-       int len;
-       char buf[5];
-
-       va_start(ap, format);
-       len = vsnprintf(buf, 0, format, ap);
-       va_end(ap);
-       if (len != 5) exit(1);
-
-       va_start(ap, format);
-       len = vsnprintf(0, 0, format, ap);
-       va_end(ap);
-       if (len != 5) exit(1);
-
-       if (snprintf(buf, 3, "hello") != 5 || strcmp(buf, "he") != 0) exit(1);
-
-       exit(0);
-}
-main() { foo("hello"); }
-],
-samba_cv_HAVE_C99_VSNPRINTF=yes,samba_cv_HAVE_C99_VSNPRINTF=no,samba_cv_HAVE_C99_VSNPRINTF=cross)])
-if test x"$samba_cv_HAVE_C99_VSNPRINTF" = x"yes"; then
-    AC_DEFINE(HAVE_C99_VSNPRINTF,1,[Whether there is a C99 compliant vsnprintf])
-fi
-
 AC_CACHE_CHECK([for broken readdir name],samba_cv_HAVE_BROKEN_READDIR_NAME,[
 AC_TRY_RUN([#include <sys/types.h>
 #include <dirent.h>
@@ -2475,7 +2177,7 @@ fi
 
 ICONV_LOOK_DIRS="/usr /usr/local /sw /opt"
 AC_ARG_WITH(libiconv,
-[  --with-libiconv=BASEDIR Use libiconv in BASEDIR/lib and BASEDIR/include (default=auto) ],
+[AS_HELP_STRING([--with-libiconv=BASEDIR], [Use libiconv in BASEDIR/lib and BASEDIR/include (default=auto)])],
 [
   if test "$withval" = "no" ; then
     AC_MSG_ERROR([argument to --with-libiconv must be a directory])
@@ -2694,7 +2396,7 @@ fi
 
 AC_CACHE_CHECK([for inotify support],samba_cv_HAVE_INOTIFY,[
 AC_CHECK_HEADERS(linux/inotify.h asm/unistd.h)
-AC_CHECK_FUNC(inotify_init)
+AC_CHECK_FUNCS(inotify_init)
 AC_HAVE_DECL(__NR_inotify_init, [#include <asm/unistd.h>])
 ],
 samba_cv_HAVE_INOTIFY=yes,
@@ -2710,7 +2412,7 @@ fi
 #	http://oss.sgi.com/projects/fam/
 #	http://savannah.nongnu.org/projects/fam/
 AC_ARG_ENABLE(fam,
-[  --enable-fam            Turn on FAM support (default=auto)])
+[AS_HELP_STRING([--enable-fam], [Turn on FAM support (default=auto)])])
 
 if test x$enable_fam != xno; then
     AC_CHECK_HEADERS(fam.h, [samba_cv_HAVE_FAM_H=yes], [samba_cv_HAVE_FAM_H=no])
@@ -2751,6 +2453,12 @@ AC_SUBST(SMB_FAM_LIBS)
 
 SMB_CHECK_DMAPI([], AC_MSG_NOTICE(DMAPI support not present) )
 
+# Add TSM SM VFS module only if there are both GPFS and DMAPI support
+# Theoretically it should work with AIX JFS2 too but this needs testing
+if test x"$samba_cv_HAVE_GPFS" = x"yes" && test x"$samba_dmapi_libs" != x"" ; then
+    default_shared_modules="$default_shared_modules vfs_tsmsm"
+fi
+
 AC_CACHE_CHECK([for kernel share modes],samba_cv_HAVE_KERNEL_SHARE_MODES,[
 AC_TRY_RUN([
 #include <sys/types.h>
@@ -2923,157 +2631,12 @@ if test x"$samba_cv_HAVE_BROKEN_GETGROUPS" = x"yes"; then
     AC_DEFINE(HAVE_BROKEN_GETGROUPS,1,[Whether getgroups is broken])
 fi
 
-AC_CACHE_CHECK([for secure mkstemp],samba_cv_HAVE_SECURE_MKSTEMP,[
-AC_TRY_RUN([#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-main() {
-  struct stat st;
-  char tpl[20]="/tmp/test.XXXXXX";
-  int fd = mkstemp(tpl);
-  if (fd == -1) exit(1);
-  unlink(tpl);
-  if (fstat(fd, &st) != 0) exit(1);
-  if ((st.st_mode & 0777) != 0600) exit(1);
-  exit(0);
-}],
-samba_cv_HAVE_SECURE_MKSTEMP=yes,
-samba_cv_HAVE_SECURE_MKSTEMP=no,
-samba_cv_HAVE_SECURE_MKSTEMP=cross)])
-if test x"$samba_cv_HAVE_SECURE_MKSTEMP" = x"yes"; then
-    AC_DEFINE(HAVE_SECURE_MKSTEMP,1,[Whether mkstemp is secure])
-fi
-
-AC_CACHE_CHECK([for broken readdir],samba_cv_HAVE_BROKEN_READDIR,[
-	AC_TRY_RUN([#include "${srcdir-.}/tests/os2_delete.c"],
-		[samba_cv_HAVE_BROKEN_READDIR=no],
-			[samba_cv_HAVE_BROKEN_READDIR=yes],
-			[samba_cv_HAVE_BROKEN_READDIR="assuming not"])])
-
-if test x"$samba_cv_HAVE_BROKEN_READDIR" = x"yes"; then
-AC_CACHE_CHECK([for replacing readdir],samba_cv_REPLACE_READDIR,[
-	AC_TRY_RUN([
-#include "${srcdir-.}/lib/repdir.c"
-#include "${srcdir-.}/tests/os2_delete.c"],
-	samba_cv_REPLACE_READDIR=yes,samba_cv_REPLACE_READDIR=no)])
-fi
-
-if test x"$samba_cv_REPLACE_READDIR" = x"yes"; then
-	AC_DEFINE(REPLACE_READDIR,1,[replace readdir])
-fi
-
 SMB_CHECK_SYSCONF(_SC_NGROUPS_MAX)
 SMB_CHECK_SYSCONF(_SC_NPROC_ONLN)
 SMB_CHECK_SYSCONF(_SC_NPROCESSORS_ONLN)
 SMB_CHECK_SYSCONF(_SC_PAGESIZE)
 AC_CHECK_FUNCS(getpagesize)
 
-dnl test for getifaddrs and freeifaddrs
-AC_CACHE_CHECK([for getifaddrs and freeifaddrs],samba_cv_HAVE_GETIFADDRS,[
-AC_TRY_COMPILE([
-#include <sys/socket.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <ifaddrs.h>
-#include <netdb.h>],
-[
-struct ifaddrs *ifp = NULL;
-int ret = getifaddrs (&ifp);
-freeifaddrs(ifp);
-],
-samba_cv_HAVE_GETIFADDRS=yes,samba_cv_HAVE_GETIFADDRS=no)])
-if test x"$samba_cv_HAVE_GETIFADDRS" = x"yes"; then
-    AC_DEFINE(HAVE_GETIFADDRS,1,[Whether the system has getifaddrs])
-    AC_DEFINE(HAVE_FREEIFADDRS,1,[Whether the system has freeifaddrs])
-fi
-
-##################
-# look for a method of finding the list of network interfaces
-iface=no;
-AC_CACHE_CHECK([for iface getifaddrs],samba_cv_HAVE_IFACE_GETIFADDRS,[
-SAVE_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS ${SAMBA_CONFIGURE_CPPFLAGS}"
-AC_TRY_RUN([
-#define NO_CONFIG_H 1
-#define HAVE_IFACE_GETIFADDRS 1
-#define AUTOCONF_TEST 1
-#include "${srcdir-.}/lib/replace/replace.c"
-#include "${srcdir-.}/lib/interfaces.c"],
-           samba_cv_HAVE_IFACE_GETIFADDRS=yes,samba_cv_HAVE_IFACE_GETIFADDRS=no,samba_cv_HAVE_IFACE_GETIFADDRS=cross)])
-CPPFLAGS="$SAVE_CPPFLAGS"
-if test x"$samba_cv_HAVE_IFACE_GETIFADDRS" = x"yes"; then
-    iface=yes;AC_DEFINE(HAVE_IFACE_GETIFADDRS,1,[Whether iface getifaddrs is available])
-fi
-
-if test $iface = no; then
-AC_CACHE_CHECK([for iface ifconf],samba_cv_HAVE_IFACE_IFCONF,[
-SAVE_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS ${SAMBA_CONFIGURE_CPPFLAGS}"
-AC_TRY_RUN([
-#define NO_CONFIG_H 1
-#define HAVE_IFACE_IFCONF 1
-#define AUTOCONF_TEST 1
-#define SOCKET_WRAPPER_NOT_REPLACE
-#include "${srcdir-.}/lib/replace/replace.c"
-#include "${srcdir-.}/lib/interfaces.c"],
-           samba_cv_HAVE_IFACE_IFCONF=yes,samba_cv_HAVE_IFACE_IFCONF=no,samba_cv_HAVE_IFACE_IFCONF=cross)])
-CPPFLAGS="$SAVE_CPPFLAGS"
-if test x"$samba_cv_HAVE_IFACE_IFCONF" = x"yes"; then
-    iface=yes;AC_DEFINE(HAVE_IFACE_IFCONF,1,[Whether iface ifconf is available])
-fi
-fi
-
-if test $iface = no; then
-AC_CACHE_CHECK([for iface ifreq],samba_cv_HAVE_IFACE_IFREQ,[
-SAVE_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS ${SAMBA_CONFIGURE_CPPFLAGS}"
-AC_TRY_RUN([
-#define NO_CONFIG_H 1
-#define HAVE_IFACE_IFREQ 1
-#define AUTOCONF_TEST 1
-#define SOCKET_WRAPPER_NOT_REPLACE
-#include "${srcdir-.}/lib/replace/replace.c"
-#include "${srcdir-.}/lib/replace/getaddrinfo.c"
-#include "${srcdir-.}/lib/replace/snprintf.c"
-#include "${srcdir-.}/lib/interfaces.c"],
-           samba_cv_HAVE_IFACE_IFREQ=yes,samba_cv_HAVE_IFACE_IFREQ=no,samba_cv_HAVE_IFACE_IFREQ=cross)])
-CPPFLAGS="$SAVE_CPPFLAGS"
-if test x"$samba_cv_HAVE_IFACE_IFREQ" = x"yes"; then
-    iface=yes;AC_DEFINE(HAVE_IFACE_IFREQ,1,[Whether iface ifreq is available])
-fi
-fi
-
-dnl AIX 5.3.0.0
-AC_TRY_COMPILE([#include <sys/socket.h>],[
-struct sockaddr_storage s; s.__ss_family = 0],
-samba_cv_have_aix_sockaddr_storage=yes,samba_cv_have_aix_sockaddr_storage=no)
-
-if test x"$samba_cv_have_aix_sockaddr_storage" = x"yes"; then
-   AC_DEFINE(HAVE_AIX_SOCKADDR_STORAGE, 1, [Whether struct sockaddr_storage has __sa_family])
-fi
-
-if test $iface = no; then
-AC_CACHE_CHECK([for iface AIX],samba_cv_HAVE_IFACE_AIX,[
-SAVE_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS ${SAMBA_CONFIGURE_CPPFLAGS}"
-AC_TRY_RUN([
-#define NO_CONFIG_H 1
-#define HAVE_IFACE_AIX 1
-#define AUTOCONF_TEST 1
-#undef _XOPEN_SOURCE_EXTENDED
-#define SOCKET_WRAPPER_NOT_REPLACE
-#include "${srcdir-.}/lib/replace/replace.c"
-#include "${srcdir-.}/lib/replace/snprintf.c"
-#include "${srcdir-.}/lib/interfaces.c"],
-           samba_cv_HAVE_IFACE_AIX=yes,samba_cv_HAVE_IFACE_AIX=no,samba_cv_HAVE_IFACE_AIX=cross)])
-CPPFLAGS="$SAVE_CPPFLAGS"
-if test x"$samba_cv_HAVE_IFACE_AIX" = x"yes"; then
-    iface=yes;AC_DEFINE(HAVE_IFACE_AIX,1,[Whether iface AIX is available])
-fi
-fi
-
 dnl test for ipv6
 AC_CACHE_CHECK([for ipv6 support],samba_cv_HAVE_IPV6,[
 AC_TRY_COMPILE([
@@ -3169,13 +2732,6 @@ if test x"$samba_cv_DARWIN_INITGROUPS" = x"yes" ; then
 	[Whether to use the Darwin-specific initgroups system call])
 fi
 
-AC_CACHE_CHECK([for working mmap],samba_cv_HAVE_MMAP,[
-AC_TRY_RUN([#include "${srcdir-.}/tests/shared_mmap.c"],
-           samba_cv_HAVE_MMAP=yes,samba_cv_HAVE_MMAP=no,samba_cv_HAVE_MMAP=cross)])
-if test x"$samba_cv_HAVE_MMAP" = x"yes"; then
-    AC_DEFINE(HAVE_MMAP,1,[Whether mmap works])
-fi
-
 AC_CACHE_CHECK([for fcntl locking],samba_cv_HAVE_FCNTL_LOCK,[
 AC_TRY_RUN([#include "${srcdir-.}/tests/fcntl_lock.c"],
            samba_cv_HAVE_FCNTL_LOCK=yes,samba_cv_HAVE_FCNTL_LOCK=no,samba_cv_HAVE_FCNTL_LOCK=cross)])
@@ -3294,7 +2850,7 @@ fi
 samba_cv_WITH_AFS=no
 AC_MSG_CHECKING(whether to use AFS clear-text auth)
 AC_ARG_WITH(afs,
-[  --with-afs              Include AFS clear-text auth support (default=no) ],
+[AS_HELP_STRING([--with-afs], [Include AFS clear-text auth support (default=no)])],
 [ case "$withval" in
   yes|auto)
     AC_MSG_RESULT($withval)
@@ -3312,7 +2868,7 @@ AC_ARG_WITH(afs,
 samba_cv_WITH_FAKE_KASERVER=no
 AC_MSG_CHECKING(whether to use AFS fake-kaserver)
 AC_ARG_WITH(fake-kaserver,
-[  --with-fake-kaserver    Include AFS fake-kaserver support (default=no) ],
+[AS_HELP_STRING([--with-fake-kaserver], [Include AFS fake-kaserver support (default=no)])],
 [ case "$withval" in
   yes|auto)
     AC_MSG_RESULT($withval)
@@ -3364,7 +2920,7 @@ fi
 samba_cv_WITH_VFS_AFSACL=no
 AC_MSG_CHECKING(whether to use AFS ACL mapping module)
 AC_ARG_WITH(vfs-afsacl,
-[  --with-vfs-afsacl       Include AFS to NT ACL mapping module (default=no) ],
+[AS_HELP_STRING([--with-vfs-afsacl], [Include AFS to NT ACL mapping module (default=no)])],
 [ case "$withval" in
   yes|auto)
     AC_MSG_RESULT($withval)
@@ -3389,7 +2945,7 @@ fi
 # check for the DFS clear-text auth system
 AC_MSG_CHECKING(whether to use DFS clear-text auth)
 AC_ARG_WITH(dfs,
-[  --with-dce-dfs          Include DCE/DFS clear-text auth support (default=no)],
+[AS_HELP_STRING([--with-dce-dfs], [Include DCE/DFS clear-text auth support (default=no)])],
 [ case "$withval" in
   yes)
     AC_MSG_RESULT(yes)
@@ -3409,7 +2965,7 @@ with_ldap_support=auto
 AC_MSG_CHECKING([for LDAP support])
 
 AC_ARG_WITH(ldap,
-[  --with-ldap             LDAP support (default yes)],
+[AS_HELP_STRING([--with-ldap], [LDAP support (default yes)])],
 [ case "$withval" in
     yes|no)
 	with_ldap_support=$withval
@@ -3489,6 +3045,21 @@ if test x"$with_ldap_support" != x"no"; then
   	AC_DEFINE(HAVE_LDAP_SASL_WRAPPING, 1, [Support for SASL wrapping])
   fi
 
+  #######################################################
+  # if we have LBER_OPT_LOG_PRINT_FN, we can intercept
+  # ldap logging and print it out in the samba logs
+  AC_CACHE_CHECK([for LBER_OPT_LOG_PRINT_FN],
+		 samba_cv_HAVE_LBER_OPT_LOG_PRINT_FN,
+		 [AC_TRY_COMPILE([#include <lber.h>],
+				 [int val = LBER_OPT_LOG_PRINT_FN;],
+				 samba_cv_HAVE_LBER_OPT_LOG_PRINT_FN=yes,
+				 samba_cv_HAVE_LBER_OPT_LOG_PRINT_FN=no)])
+
+  if test x"$samba_cv_HAVE_LBER_OPT_LOG_PRINT_FN" = x"yes"; then
+	AC_DEFINE(HAVE_LBER_LOG_PRINT_FN, 1,
+		  [Support for LDAP/LBER logging interception])
+  fi
+
   ########################################################
   # now see if we can find the ldap libs in standard paths
   AC_CHECK_LIB_EXT(ldap, LDAP_LIBS, ldap_init)
@@ -3544,7 +3115,7 @@ with_ads_support=auto
 AC_MSG_CHECKING([for Active Directory and krb5 support])
 
 AC_ARG_WITH(ads,
-[  --with-ads              Active Directory support (default auto)],
+[AS_HELP_STRING([--with-ads], [Active Directory support (default auto)])],
 [ case "$withval" in
     yes|no)
 	with_ads_support="$withval"
@@ -3622,7 +3193,7 @@ if test x"$with_ads_support" != x"no"; then
     # check for location of Kerberos 5 install
     AC_MSG_CHECKING(for kerberos 5 install path)
     AC_ARG_WITH(krb5,
-    [  --with-krb5=base-dir    Locate Kerberos 5 support (default=/usr)],
+    [AS_HELP_STRING([--with-krb5=base-dir], [Locate Kerberos 5 support (default=/usr)])],
     [ case "$withval" in
       no)
         AC_MSG_RESULT(no krb5-path given)
@@ -4371,7 +3942,7 @@ with_dnsupdate_support=no
 AC_MSG_CHECKING([whether to enable DNS Updates support])
 
 AC_ARG_WITH(dnsupdate,
-[  --with-dnsupdate        Enable DNS Updates support (default no)],
+[AS_HELP_STRING([--with-dnsupdate], [Enable DNS Updates support (default no)])],
 [ case "$withval" in
     yes|no)
 	with_dnsupdate_support=$withval
@@ -4437,7 +4008,7 @@ fi
 # check for automount support
 AC_MSG_CHECKING(whether to use automount)
 AC_ARG_WITH(automount,
-[  --with-automount        Include automount support (default=no)],
+[AS_HELP_STRING([--with-automount], [Include automount support (default=no)])],
 [ case "$withval" in
   yes)
     AC_MSG_RESULT(yes)
@@ -4451,38 +4022,13 @@ AC_ARG_WITH(automount,
 )
 
 #################################################
-# check for smbmount support
-AC_MSG_CHECKING(whether to use smbmount)
-AC_ARG_WITH(smbmount,
-[  --with-smbmount         Include smbmount (Linux only) support (default=no)],
-[ case "$withval" in
-  yes)
-	case "$host_os" in
-	*linux*)
-		AC_MSG_RESULT(yes)
-		AC_DEFINE(WITH_SMBMOUNT,1,[Whether to build smbmount])
-		SMBMOUNT_PROGS="bin/smbmount bin/smbmnt bin/smbumount"
-		;;
-	*)
-		AC_MSG_ERROR(not on a linux system!)
-		;;
-	esac
-    ;;
-  *)
-    AC_MSG_RESULT(no)
-    ;;
-  esac ],
-  AC_MSG_RESULT(no)
-)
-
-#################################################
 # check for mount- and umount.cifs support
 CIFSMOUNT_PROGS=""
 INSTALL_CIFSMOUNT=""
 UNINSTALL_CIFSMOUNT=""
 AC_MSG_CHECKING(whether to build mount.cifs and umount.cifs)
 AC_ARG_WITH(cifsmount,
-[  --with-cifsmount        Include mount.cifs and umount.cifs (Linux only) support (default=yes)],
+[AS_HELP_STRING([--with-cifsmount], [Include mount.cifs and umount.cifs (Linux only) support (default=yes)])],
 [ case "$withval" in
   no)
 	AC_MSG_RESULT(no)
@@ -4524,7 +4070,7 @@ INSTALL_CIFSSPNEGO=""
 UNINSTALL_CIFSSPNEGO=""
 AC_MSG_CHECKING(whether to build cifs.spnego)
 AC_ARG_WITH(cifsspnego,
-[  --with-cifsspnego       Include cifs.spnego (Linux only) support (default=no)],
+[AS_HELP_STRING([--with-cifsspnego], [Include cifs.spnego (Linux only) support (default=no)])],
 [ case "$withval" in
   no)
 	AC_MSG_RESULT(no)
@@ -4566,7 +4112,7 @@ with_pam_for_crypt=no
 try_pam=no
 AC_MSG_CHECKING(whether to try PAM support)
 AC_ARG_WITH(pam,
-[  --with-pam              Include PAM support (default=no)],
+[AS_HELP_STRING([--with-pam], [Include PAM support (default=no)])],
 [ case "$withval" in
   yes|no)
     try_pam=$withval
@@ -4649,7 +4195,7 @@ INSTALL_PAM_MODULES=""
 UNINSTALL_PAM_MODULES=""
 AC_MSG_CHECKING(whether to use pam_smbpass)
 AC_ARG_WITH(pam_smbpass,
-[  --with-pam_smbpass      Build PAM module for authenticating against passdb backends (default=no)],
+[AS_HELP_STRING([--with-pam_smbpass], [Build PAM module for authenticating against passdb backends (default=no)])],
 [ case "$withval" in
   yes)
     AC_MSG_RESULT(yes)
@@ -4702,7 +4248,7 @@ fi
 # check for a NISPLUS_HOME support
 AC_MSG_CHECKING(whether to use NISPLUS_HOME)
 AC_ARG_WITH(nisplus-home,
-[  --with-nisplus-home     Include NISPLUS_HOME support (default=no)],
+[AS_HELP_STRING([--with-nisplus-home], [Include NISPLUS_HOME support (default=no)])],
 [ case "$withval" in
   yes)
     AC_MSG_RESULT(yes)
@@ -4719,7 +4265,7 @@ AC_ARG_WITH(nisplus-home,
 # check for syslog logging
 AC_MSG_CHECKING(whether to use syslog logging)
 AC_ARG_WITH(syslog,
-[  --with-syslog           Include experimental SYSLOG support (default=no)],
+[AS_HELP_STRING([--with-syslog], [Include experimental SYSLOG support (default=no)])],
 [ case "$withval" in
   yes)
     AC_MSG_RESULT(yes)
@@ -4744,7 +4290,7 @@ samba_cv_SYSQUOTA_FOUND=no
 
 AC_MSG_CHECKING(whether to try disk-quotas support)
 AC_ARG_WITH(quotas,
-[  --with-quotas           Include disk-quota support (default=no)],
+[AS_HELP_STRING([--with-quotas], [Include disk-quota support (default=no)])],
 [ case "$withval" in
   yes)
     AC_MSG_RESULT(yes)
@@ -4777,7 +4323,7 @@ AC_ARG_WITH(quotas,
 
 AC_MSG_CHECKING(whether to try the new lib/sysquotas.c interface)
 AC_ARG_WITH(sys-quotas,
-[  --with-sys-quotas       Include lib/sysquotas.c support (default=auto)],
+[AS_HELP_STRING([--with-sys-quotas], [Include lib/sysquotas.c support (default=auto)])],
 [ case "$withval" in
   yes)
     AC_MSG_RESULT(yes)
@@ -5055,7 +4601,7 @@ fi
 AC_MSG_CHECKING(whether to support utmp accounting)
 WITH_UTMP=yes
 AC_ARG_WITH(utmp,
-[  --with-utmp             Include utmp accounting (default, if supported by OS)],
+[AS_HELP_STRING([--with-utmp], [Include utmp accounting (default, if supported by OS)])],
 [ case "$withval" in
   no)
 		WITH_UTMP=no
@@ -5098,49 +4644,67 @@ if test $enable_static = yes; then
 fi
 
 #################################################
-# should we build libnetapi?
-INSTALL_LIBNETAPI=
-UNINSTALL_LIBNETAPI=
-LIBNETAPI_SHARED=
-LIBNETAPI=
-AC_MSG_CHECKING(whether to build the libnetapi shared library)
-AC_ARG_WITH(libnetapi,
-[  --with-libnetapi        Build the libnetapi shared library (default=yes if shared libs supported)],
-[ case "$withval" in
-  *)
-     AC_MSG_RESULT(no)
-     ;;
-  yes)
-     if test $BLDSHARED = true; then
-        LIBNETAPI_SHARED=bin/libnetapi.$SHLIBEXT
-        LIBNETAPI=libnetapi
-        AC_MSG_RESULT(yes)
-     else
-	enable_static=yes
-        AC_MSG_RESULT(no shared library support -- will supply static library)
-     fi
-     if test $enable_static = yes; then
-        LIBNETAPI=libnetapi
-     fi
-     INSTALL_LIBNETAPI=installlibnetapi
-     UNINSTALL_LIBNETAPI=uninstalllibnetapi
-     ;;
-  esac ],
-[
-# if unspecified, default is to built it if possible.
-  if test $BLDSHARED = true; then
-     LIBNETAPI_SHARED=bin/libnetapi.$SHLIBEXT
-     LIBNETAPI=libnetapi
-     AC_MSG_RESULT(yes)
-   else
-     enable_static=yes
-     AC_MSG_RESULT(no shared library support -- will supply static library)
-   fi
-   if test $enable_static = yes; then
-     LIBNETAPI=libnetapi
-  fi]
-  INSTALL_LIBNETAPI=installlibnetapi
-)
+# --disable-shared-libs
+# can be used to disable the internal use of shared libs altogether
+# (this only has an effect when building shared libs is enabled)
+#
+USESHARED=false
+AC_SUBST(USESHARED)
+
+AC_MSG_CHECKING(whether to use shared libraries internally)
+AC_ARG_ENABLE([shared-libs],
+	AS_HELP_STRING([--enable-shared-libs],
+		[Use shared libraries internally (default=yes)]),
+	[enable_shared_libs=$enableval],
+	[enable_shared_libs=yes])
+
+if test x"$enable_shared_libs" != x"no" ; then
+	USESHARED=$BLDSHARED
+fi
+
+AC_MSG_RESULT([$USESHARED])
+
+if test x"$enable_shared_libs" = x"yes" -a x"$BLDSHARED" != x"true" ; then
+	AC_MSG_WARN([--enable-shared-libs: no support for shared libraries])
+fi
+
+#################################################
+# --with-static-libs=LIBS:
+#   link (internal) libs dynamically or statically?
+#
+# If a subsystem is built as a library then this controls whether they are
+# linked into Samba targets statically or dynamically:
+#
+# * If we build the shared library at all, we link dynamically by default.
+#
+# * We only link statically if we don't build shared or if the library
+#   appears in the --with-static-libs configure option.
+#
+# Example:
+#   --with-static-libs=libtalloc makes use of libtalloc.a instead
+#   of linking the dynamic variant with -ltalloc.
+#
+# NOTE: This option only affects libraries that we do not only build
+# but that samba also links against as libraries (as opposed to linking
+# the plain object files. - This has to be configured in Makefile.in.
+# So in particular it does not harm to give invalid or unknown names here.
+#
+
+AC_ARG_WITH([static-libs],
+	[AS_HELP_STRING([--with-static-libs=LIBS],
+		[Comma-separated list of names of (internal) libraries to link statically (instead of dynamically)])],
+	[AS_IF([test $withval],
+		[for lib in `echo $withval | sed -e 's/,/ /g'` ; do
+			[lib=`echo $lib | tr '[a-z]' '[A-Z]'`]
+			eval LINK_$lib=STATIC
+		done], [])],
+	[])
+
+
+SMB_LIBRARY(talloc)
+SMB_LIBRARY(tdb)
+SMB_LIBRARY(netapi)
+
 
 #################################################
 # should we build libaddns?
@@ -5150,7 +4714,7 @@ LIBADDNS_SHARED=
 LIBADDNS=
 AC_MSG_CHECKING(whether to build the libaddns shared library)
 AC_ARG_WITH(libaddns,
-[  --with-libaddns         Build the libaddns shared library (default=no undefined API)],
+[AS_HELP_STRING([--with-libaddns], [Build the libaddns shared library (default=no undefined API)])],
 [ case "$withval" in
   *)
      AC_MSG_RESULT(no)
@@ -5183,7 +4747,7 @@ LIBSMBCLIENT_SHARED=
 LIBSMBCLIENT=
 AC_MSG_CHECKING(whether to build the libsmbclient shared library)
 AC_ARG_WITH(libsmbclient,
-[  --with-libsmbclient     Build the libsmbclient shared library (default=yes if shared libs supported)],
+[AS_HELP_STRING([--with-libsmbclient], [Build the libsmbclient shared library (default=yes if shared libs supported)])],
 [ case "$withval" in
   no)
      AC_MSG_RESULT(no)
@@ -5205,7 +4769,7 @@ AC_ARG_WITH(libsmbclient,
      ;;
   esac ],
 [
-# if unspecified, default is to built it if possible.
+# if unspecified, default is to build it if possible.
   if test $BLDSHARED = true; then
      LIBSMBCLIENT_SHARED=bin/libsmbclient.$SHLIBEXT
      LIBSMBCLIENT=libsmbclient
@@ -5226,7 +4790,7 @@ LIBSMBSHAREMODES_SHARED=
 LIBSMBSHAREMODES=
 AC_MSG_CHECKING(whether to build the libsmbsharemodes shared library)
 AC_ARG_WITH(libsmbsharemodes,
-[  --with-libsmbsharemodes     Build the libsmbsharemodes shared library (default=yes if shared libs supported)],
+[AS_HELP_STRING([--with-libsmbsharemodes], [Build the libsmbsharemodes shared library (default=yes if shared libs supported)])],
 [ case "$withval" in
   no)
      AC_MSG_RESULT(no)
@@ -5248,7 +4812,7 @@ AC_ARG_WITH(libsmbsharemodes,
      ;;
   esac ],
 [
-# if unspecified, default is to built it if possible.
+# if unspecified, default is to build it if possible.
   if test $BLDSHARED = true; then
      LIBSMBSHAREMODES_SHARED=bin/libsmbsharemodes.$SHLIBEXT
      LIBSMBSHAREMODES=libsmbsharemodes
@@ -5486,7 +5050,7 @@ AC_MSG_RESULT([$samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT])
 
 AC_MSG_CHECKING(whether to include cluster support)
 AC_ARG_WITH(cluster-support,
-[  --with-cluster-support  Enable cluster extensions (default=no)])
+[AS_HELP_STRING([--with-cluster-support], [Enable cluster extensions (default=no)])])
 if test "x$with_cluster_support" = "xyes"; then
     AC_DEFINE(CLUSTER_SUPPORT,1,[Whether to enable cluster extensions])
     AC_MSG_RESULT(yes)
@@ -5500,7 +5064,7 @@ fi
 
 AC_MSG_CHECKING(whether to support ACLs)
 AC_ARG_WITH(acl-support,
-[  --with-acl-support      Include ACL support (default=auto)],
+[AS_HELP_STRING([--with-acl-support], [Include ACL support (default=auto)])],
 [ case "$withval" in
 	yes|no)
 		with_acl_support="$withval"
@@ -5615,7 +5179,7 @@ fi # with_acl_support
 
 AC_MSG_CHECKING(whether to support asynchronous io)
 AC_ARG_WITH(aio-support,
-[  --with-aio-support      Include asynchronous io support (default=no)],
+[AS_HELP_STRING([--with-aio-support], [Include asynchronous io support (default=no)])],
 [ case "$withval" in
   yes)
 
@@ -5755,7 +5319,7 @@ int main() { struct aiocb a; return aio_suspend64(&a, 1, NULL); }],
 with_sendfile_support=yes
 AC_MSG_CHECKING(whether to check to support sendfile)
 AC_ARG_WITH(sendfile-support,
-[  --with-sendfile-support Check for sendfile support (default=yes)],
+[AS_HELP_STRING([--with-sendfile-support], [Check for sendfile support (default=yes)])],
 [ case "$withval" in
   yes)
 
@@ -6132,7 +5696,7 @@ esac
 # Check the setting of --with-winbind
 
 AC_ARG_WITH(winbind,
-[  --with-winbind          Build winbind (default, if supported by OS)],
+[AS_HELP_STRING([--with-winbind], [Build winbind (default, if supported by OS)])],
 [
   case "$withval" in
 	yes)
@@ -6161,13 +5725,11 @@ if test x"$HAVE_WINBIND" = x"no"; then
 	WINBIND_WINS_NSS=""
 fi
 
-BUILD_LIBWBCLIENT_SHARED=yes
-
-AC_ARG_ENABLE(libwbclient-shared,
-[ --enable-libwbclient-shared	Build libwbclient as shared object (default=yes, \"no\" only for --enable-developer)],
-	[if eval "test x$enable_developer = xyes -a x$enable_libwbclient_shared = xno" ; then
-		BUILD_LIBWBCLIENT_SHARED=no
-	fi])
+if test x"$enable_developer" = x"yes" -a x"$LINK_LIBWBCLIENT" = x"STATIC" ; then
+	BUILD_LIBWBCLIENT_SHARED=no
+else
+	BUILD_LIBWBCLIENT_SHARED=yes
+fi
 
 if test $BLDSHARED = true -a x"$HAVE_WINBIND" = x"yes" -a x"$BUILD_LIBWBCLIENT_SHARED" = x"yes"; then
 	NSS_MODULES="${WINBIND_NSS} ${WINBIND_WINS_NSS}"
@@ -6178,7 +5740,6 @@ if test $BLDSHARED = true -a x"$HAVE_WINBIND" = x"yes" -a x"$BUILD_LIBWBCLIENT_S
 	INSTALL_LIBWBCLIENT=installlibwbclient
 	UNINSTALL_LIBWBCLIENT=uninstalllibwbclient
 	WINBIND_LIBS="-lwbclient"
-	LDFLAGS="$LDFLAGS -L./bin"
 else
 	LIBWBCLIENT_STATIC=bin/libwbclient.a
 fi
@@ -6251,7 +5812,7 @@ fi
 # Check to see if we should use the included popt
 
 AC_ARG_WITH(included-popt,
-[  --with-included-popt    use bundled popt library, not from system],
+[AS_HELP_STRING([--with-included-popt], [use bundled popt library, not from system])],
 [
   case "$withval" in
 	yes)
@@ -6286,7 +5847,7 @@ AC_SUBST(FLAGS1)
 # Check if user wants DNS service discovery support
 
 AC_ARG_ENABLE(dnssd,
-[  --enable-dnssd          Enable DNS service discovery support (default=auto)])
+[AS_HELP_STRING([--enable-dnssd], [Enable DNS service discovery support (default=auto)])])
 
 AC_SUBST(DNSSD_LIBS)
 if test x"$enable_dnssd" != x"no"; then
@@ -6321,7 +5882,7 @@ fi
 # Check to see if we should use the included iniparser
 
 AC_ARG_WITH(included-iniparser,
-[  --with-included-iniparser    use bundled iniparser library, not from system],
+[AS_HELP_STRING([--with-included-iniparser], [use bundled iniparser library, not from system])],
 [
   case "$withval" in
 	yes)
@@ -6400,7 +5961,7 @@ do
 	fi
 done
 
-dnl Always built these modules static
+dnl Always build these modules static
 MODULE_rpc_spoolss=STATIC
 MODULE_rpc_srvsvc2=STATIC
 MODULE_idmap_tdb=STATIC
@@ -6410,7 +5971,7 @@ MODULE_idmap_nss=STATIC
 MODULE_nss_info_template=STATIC
 
 AC_ARG_WITH(static-modules,
-[  --with-static-modules=MODULES  Comma-separated list of names of modules to statically link in],
+[AS_HELP_STRING([--with-static-modules=MODULES], [Comma-separated list of names of modules to statically link in])],
 [ if test $withval; then
 	for i in `echo $withval | sed -e 's/,/ /g'`
 	do
@@ -6419,7 +5980,7 @@ AC_ARG_WITH(static-modules,
 fi ])
 
 AC_ARG_WITH(shared-modules,
-[  --with-shared-modules=MODULES  Comma-separated list of names of modules to build shared],
+[AS_HELP_STRING([--with-shared-modules=MODULES], [Comma-separated list of names of modules to build shared])],
 [ if test $withval; then
 	for i in `echo $withval | sed -e 's/,/ /g'`
 	do
@@ -6434,14 +5995,14 @@ SMB_MODULE(pdb_tdbsam, passdb/pdb_tdb.o, "bin/tdbsam.$SHLIBEXT", PDB)
 SMB_SUBSYSTEM(PDB,passdb/pdb_interface.o)
 
 
-SMB_MODULE(rpc_lsa, \$(RPC_LSA_OBJ), "bin/librpc_lsarpc.$SHLIBEXT", RPC)
+SMB_MODULE(rpc_lsarpc, \$(RPC_LSA_OBJ), "bin/librpc_lsarpc.$SHLIBEXT", RPC)
 SMB_MODULE(rpc_winreg, \$(RPC_REG_OBJ), "bin/librpc_winreg.$SHLIBEXT", RPC)
 SMB_MODULE(rpc_initshutdown, \$(RPC_INITSHUTDOWN_OBJ), "bin/librpc_initshutdown.$SHLIBEXT", RPC)
-SMB_MODULE(rpc_lsa_ds, \$(RPC_LSA_DS_OBJ), "bin/librpc_lsa_ds.$SHLIBEXT", RPC)
+SMB_MODULE(rpc_dssetup, \$(RPC_DSSETUP_OBJ), "bin/librpc_dssetup.$SHLIBEXT", RPC)
 SMB_MODULE(rpc_wkssvc, \$(RPC_WKS_OBJ), "bin/librpc_wkssvc.$SHLIBEXT", RPC)
 SMB_MODULE(rpc_svcctl2, \$(RPC_SVCCTL_OBJ), "bin/librpc_svcctl2.$SHLIBEXT", RPC)
-SMB_MODULE(rpc_ntsvcs, \$(RPC_NTSVCS_OBJ), "bin/librpc_ntsvcs.$SHLIBEXT", RPC)
-SMB_MODULE(rpc_net, \$(RPC_NETLOG_OBJ), "bin/librpc_NETLOGON.$SHLIBEXT", RPC)
+SMB_MODULE(rpc_ntsvcs2, \$(RPC_NTSVCS_OBJ), "bin/librpc_ntsvcs2.$SHLIBEXT", RPC)
+SMB_MODULE(rpc_netlogon, \$(RPC_NETLOG_OBJ), "bin/librpc_NETLOGON.$SHLIBEXT", RPC)
 SMB_MODULE(rpc_netdfs, \$(RPC_DFS_OBJ), "bin/librpc_netdfs.$SHLIBEXT", RPC)
 SMB_MODULE(rpc_srvsvc2, \$(RPC_SVC_OBJ), "bin/librpc_svcsvc2.$SHLIBEXT", RPC)
 SMB_MODULE(rpc_spoolss, \$(RPC_SPOOLSS_OBJ), "bin/librpc_spoolss.$SHLIBEXT", RPC)
@@ -6452,6 +6013,7 @@ SMB_SUBSYSTEM(RPC,smbd/server.o)
 
 SMB_MODULE(idmap_ldap, winbindd/idmap_ldap.o, "bin/ldap.$SHLIBEXT", IDMAP)
 SMB_MODULE(idmap_tdb, winbindd/idmap_tdb.o, "bin/tdb.$SHLIBEXT", IDMAP)
+SMB_MODULE(idmap_tdb2, winbindd/idmap_tdb2.o, "bin/tdb2.$SHLIBEXT", IDMAP)
 SMB_MODULE(idmap_passdb, winbindd/idmap_passdb.o, "bin/passdb.$SHLIBEXT", IDMAP)
 SMB_MODULE(idmap_nss, winbindd/idmap_nss.o, "bin/nss.$SHLIBEXT", IDMAP)
 SMB_MODULE(idmap_rid, winbindd/idmap_rid.o, "bin/rid.$SHLIBEXT", IDMAP)
@@ -6488,6 +6050,7 @@ SMB_MODULE(vfs_readonly, \$(VFS_READONLY_OBJ), "bin/readonly.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_cap, \$(VFS_CAP_OBJ), "bin/cap.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_expand_msdfs, \$(VFS_EXPAND_MSDFS_OBJ), "bin/expand_msdfs.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_shadow_copy, \$(VFS_SHADOW_COPY_OBJ), "bin/shadow_copy.$SHLIBEXT", VFS)
+SMB_MODULE(vfs_shadow_copy2, \$(VFS_SHADOW_COPY2_OBJ), "bin/shadow_copy2.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_afsacl, \$(VFS_AFSACL_OBJ), "bin/afsacl.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_xattr_tdb, \$(VFS_XATTR_TDB_OBJ), "bin/xattr_tdb.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_posixacl, \$(VFS_POSIXACL_OBJ), "bin/posixacl.$SHLIBEXT", VFS)
@@ -6498,12 +6061,16 @@ SMB_MODULE(vfs_irixacl, \$(VFS_IRIXACL_OBJ), "bin/irixacl.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_hpuxacl, \$(VFS_HPUXACL_OBJ), "bin/hpuxacl.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_tru64acl, \$(VFS_TRU64ACL_OBJ), "bin/tru64acl.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_catia, \$(VFS_CATIA_OBJ), "bin/catia.$SHLIBEXT", VFS)
+SMB_MODULE(vfs_streams_xattr, \$(VFS_STREAMS_XATTR_OBJ), "bin/streams_xattr.$SHLIBEXT", VFS)
+SMB_MODULE(vfs_streams_depot, \$(VFS_STREAMS_DEPOT_OBJ), "bin/streams_depot.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_cacheprime, \$(VFS_CACHEPRIME_OBJ), "bin/cacheprime.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_prealloc, \$(VFS_PREALLOC_OBJ), "bin/prealloc.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_commit, \$(VFS_COMMIT_OBJ), "bin/commit.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_gpfs, \$(VFS_GPFS_OBJ), "bin/gpfs.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_readahead, \$(VFS_READAHEAD_OBJ), "bin/readahead.$SHLIBEXT", VFS)
+SMB_MODULE(vfs_tsmsm, \$(VFS_TSMSM_OBJ), "bin/tsmsm.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_fileid, \$(VFS_FILEID_OBJ), "bin/fileid.$SHLIBEXT", VFS)
+SMB_MODULE(vfs_aio_fork, \$(VFS_AIO_FORK_OBJ), "bin/aio_fork.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_syncops, \$(VFS_SYNCOPS_OBJ), "bin/syncops.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_zfsacl, \$(VFS_ZFSACL_OBJ), "bin/zfsacl.$SHLIBEXT", VFS)
 SMB_MODULE(vfs_notify_fam, \$(VFS_NOTIFY_FAM_OBJ), "bin/notify_fam.$SHLIBEXT", VFS)
@@ -6646,9 +6213,6 @@ if test x"$krb5_developer" = x"yes" -o x"$developer" = x"yes"; then
     CFLAGS="${CFLAGS} \$(DEVELOPER_CFLAGS)"
 fi
 
-builddir=`pwd`
-AC_SUBST(builddir)
-
 # Stuff the smbd-only libraries at the end of the smbd link
 # path (if we have them).
 SMBD_LIBS="$samba_dmapi_libs"
diff --git a/source3/dynconfig.c b/source3/dynconfig.c
index ab0dd48da7..57008ece44 100644
--- a/source3/dynconfig.c
+++ b/source3/dynconfig.c
@@ -64,6 +64,11 @@ static char *dyn_##name; \
 	}\
 	dyn_##name = SMB_STRDUP(newpath);\
 	return dyn_##name;\
+}\
+\
+ bool is_default_dyn_##name(void) \
+{\
+	return (dyn_##name == NULL);\
 }
 
 DEFINE_DYN_CONFIG_PARAM(SBINDIR)
diff --git a/source3/exports/libtalloc.syms b/source3/exports/libtalloc.syms
new file mode 100644
index 0000000000..87f1c5c63e
--- /dev/null
+++ b/source3/exports/libtalloc.syms
@@ -0,0 +1,6 @@
+{
+	global:
+		talloc_*;
+		_talloc_*;
+	local: *;
+};
diff --git a/source3/include/MacExtensions.h b/source3/include/MacExtensions.h
index 006b814037..6e911feea2 100644
--- a/source3/include/MacExtensions.h
+++ b/source3/include/MacExtensions.h
@@ -235,7 +235,7 @@ enum {
 ** that contains the icon data, icon size, icon type, the file type, and file creator.
 **		
 **
-** The server returns only that the call was succesfull or not. 
+** The server returns only that the call was successful or not.
 */
 #define SMB_MAC_DT_ADD_ICON	  0x309
 
diff --git a/source3/include/ads.h b/source3/include/ads.h
index a75eaf80fc..d5ce88babe 100644
--- a/source3/include/ads.h
+++ b/source3/include/ads.h
@@ -319,11 +319,6 @@ typedef void **ADS_MODLIST;
 #define ADS_DNS_DOMAIN     0x40000000  /* DomainName is a DNS name */
 #define ADS_DNS_FOREST     0x80000000  /* DnsForestName is a DNS name */
 
-/* DomainControllerAddressType */
-#define ADS_INET_ADDRESS      0x00000001
-#define ADS_NETBIOS_ADDRESS   0x00000002
-
-
 /* ads auth control flags */
 #define ADS_AUTH_DISABLE_KERBEROS 0x01
 #define ADS_AUTH_NO_BIND          0x02
@@ -396,4 +391,11 @@ typedef struct {
 
 #define ADS_IGNORE_PRINCIPAL "not_defined_in_RFC4178@please_ignore"
 
+/* Settings for the domainFunctionality attribute in the rootDSE */
+
+#define DS_DOMAIN_FUNCTION_2000		0
+#define DS_DOMAIN_FUCNTION_2003_MIXED	1
+#define DS_DOMAIN_FUNCTION_2003		2
+#define DS_DOMAIN_FUNCTION_2008		3
+
 #endif	/* _INCLUDE_ADS_H_ */
diff --git a/source3/include/async_req.h b/source3/include/async_req.h
new file mode 100644
index 0000000000..6df53602b2
--- /dev/null
+++ b/source3/include/async_req.h
@@ -0,0 +1,89 @@
+/*
+   Unix SMB/CIFS implementation.
+   Infrastructure for async requests
+   Copyright (C) Volker Lendecke 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __ASYNC_REQ_H__
+#define __ASYNC_REQ_H__
+
+#include "includes.h"
+
+/*
+ * An async request moves between the following 4 states.
+ */
+enum async_req_state {
+	ASYNC_REQ_INIT,		/* we are creating the request */
+	ASYNC_REQ_IN_PROGRESS,	/* we are waiting the request to complete */
+	ASYNC_REQ_DONE,		/* the request is finished */
+	ASYNC_REQ_ERROR };	/* an error has occured */
+
+struct async_req {
+	/* the external state - will be queried by the caller */
+	enum async_req_state state;
+
+	/* a private pointer for use by the async function implementation */
+	void *private_data;
+
+	/* print yourself, for debugging purposes */
+	char *(*print)(TALLOC_CTX *mem_ctx, struct async_req *);
+
+	/* status code when finished */
+	NTSTATUS status;
+
+	/* the event context we are using */
+	struct event_context *event_ctx;
+
+	/* information on what to do on completion */
+	struct {
+		void (*fn)(struct async_req *);
+		void *priv;
+	} async;
+};
+
+/*
+ * Print an async_req structure for debugging purposes
+ */
+char *async_req_print(TALLOC_CTX *mem_ctx, struct async_req *req);
+
+/*
+ * Create an async request
+ */
+struct async_req *async_req_new(TALLOC_CTX *mem_ctx, struct event_context *ev);
+
+/*
+ * An async request has successfully finished, invoke the callback
+ */
+void async_req_done(struct async_req *req);
+
+/*
+ * An async request has seen an error, invoke the callback
+ */
+void async_req_error(struct async_req *req, NTSTATUS status);
+
+/*
+ * Convenience helper to easily check alloc failure within a callback.
+ *
+ * Call pattern would be
+ * p = talloc(mem_ctx, bla);
+ * if (async_req_nomem(p, req)) {
+ *	return;
+ * }
+ *
+ */
+bool async_req_nomem(const void *p, struct async_req *req);
+
+#endif
diff --git a/source3/include/async_smb.h b/source3/include/async_smb.h
new file mode 100644
index 0000000000..19408be74b
--- /dev/null
+++ b/source3/include/async_smb.h
@@ -0,0 +1,62 @@
+/*
+   Unix SMB/CIFS implementation.
+   Infrastructure for async SMB client requests
+   Copyright (C) Volker Lendecke 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+/*
+ * Create a fresh async smb request
+ */
+
+struct async_req *cli_request_new(TALLOC_CTX *mem_ctx,
+				  struct event_context *ev,
+				  struct cli_state *cli,
+				  uint8_t num_words, size_t num_bytes,
+				  struct cli_request **preq);
+
+/*
+ * Convenience function to get the SMB part out of an async_req
+ */
+
+struct cli_request *cli_request_get(struct async_req *req);
+
+/*
+ * Fetch an error out of a NBT packet
+ */
+
+NTSTATUS cli_pull_error(char *buf);
+
+/*
+ * Compatibility helper for the sync APIs: Fake NTSTATUS in cli->inbuf
+ */
+
+void cli_set_error(struct cli_state *cli, NTSTATUS status);
+
+/*
+ * Create a temporary event context for use in the sync helper functions
+ */
+
+struct cli_tmp_event *cli_tmp_event_ctx(TALLOC_CTX *mem_ctx,
+					struct cli_state *cli);
+
+/*
+ * Attach an event context permanently to a cli_struct
+ */
+
+NTSTATUS cli_add_event_ctx(struct cli_state *cli,
+			   struct event_context *event_ctx);
diff --git a/source3/include/authdata.h b/source3/include/authdata.h
index 8125f05639..59f07fb42d 100644
--- a/source3/include/authdata.h
+++ b/source3/include/authdata.h
@@ -19,7 +19,7 @@
 */
 
 #ifndef _AUTHDATA_H
-#define _AUTHDATA_H 
+#define _AUTHDATA_H
 
 #include "rpc_misc.h"
 #include "rpc_netlogon.h"
@@ -37,136 +37,4 @@
 #define KRB5_AUTHDATA_IF_RELEVANT 1
 #endif
 
-
-typedef struct pac_logon_name {
-	NTTIME logon_time;
-	uint16 len;
-	uint8 *username; /* Actually always little-endian. might not be null terminated, so not UNISTR */
-} PAC_LOGON_NAME;
-
-typedef struct pac_signature_data {
-	uint32 type;
-	RPC_DATA_BLOB signature; /* this not the on-wire-format (!) */
-} PAC_SIGNATURE_DATA;
-
-typedef struct group_membership {
-	uint32 rid;
-	uint32 attrs;
-} GROUP_MEMBERSHIP;
-
-typedef struct group_membership_array {
-	uint32 count;
-	GROUP_MEMBERSHIP *group_membership;
-} GROUP_MEMBERSHIP_ARRAY;
-
-#if 0 /* Unused, replaced by NET_USER_INFO_3 - Guenther */
-
-typedef struct krb_sid_and_attrs {
-	uint32 sid_ptr;
-	uint32 attrs;
-	DOM_SID2 *sid;
-} KRB_SID_AND_ATTRS;
-
-typedef struct krb_sid_and_attr_array {
-	uint32 count;
-	KRB_SID_AND_ATTRS *krb_sid_and_attrs;
-} KRB_SID_AND_ATTR_ARRAY;
-	
-
-/* This is awfully similar to a samr_user_info_23, but not identical.
-   Many of the field names have been swiped from there, because it is
-   so similar that they are likely the same, but many have been verified.
-   Some are in a different order, though... */
-typedef struct pac_logon_info {	
-	NTTIME logon_time;            /* logon time */
-	NTTIME logoff_time;           /* logoff time */
-	NTTIME kickoff_time;          /* kickoff time */
-	NTTIME pass_last_set_time;    /* password last set time */
-	NTTIME pass_can_change_time;  /* password can change time */
-	NTTIME pass_must_change_time; /* password must change time */
-
-	UNIHDR hdr_user_name;    /* user name unicode string header */
-	UNIHDR hdr_full_name;    /* user's full name unicode string header */
-	UNIHDR hdr_logon_script; /* these last 4 appear to be in a different */
-	UNIHDR hdr_profile_path; /* order than in the info23 */
-	UNIHDR hdr_home_dir;    
-	UNIHDR hdr_dir_drive;   
-
-	uint16 logon_count; /* number of times user has logged onto domain */
-	uint16 bad_password_count;	/* samba4 idl */
-
-	uint32 user_rid;
-	uint32 group_rid;
-	uint32 group_count;
-	uint32 group_membership_ptr;
-	uint32 user_flags;
-
-	uint8 session_key[16];		/* samba4 idl */
-	UNIHDR hdr_dom_controller;
-	UNIHDR hdr_dom_name;
-
-	uint32 ptr_dom_sid;
-
-	uint8 lm_session_key[8];	/* samba4 idl */
-	uint32 acct_flags;		/* samba4 idl */
-	uint32 unknown[7];
-
-	uint32 sid_count;
-	uint32 ptr_extra_sids;
-
-	uint32 ptr_res_group_dom_sid;
-	uint32 res_group_count;
-	uint32 ptr_res_groups;
-
-	UNISTR2 uni_user_name;    /* user name unicode string header */
-	UNISTR2 uni_full_name;    /* user's full name unicode string header */
-	UNISTR2 uni_logon_script; /* these last 4 appear to be in a different*/
-	UNISTR2 uni_profile_path; /* order than in the info23 */
-	UNISTR2 uni_home_dir;    
-	UNISTR2 uni_dir_drive;   
-	UNISTR2 uni_dom_controller;
-	UNISTR2 uni_dom_name;
-	DOM_SID2 dom_sid;
-	GROUP_MEMBERSHIP_ARRAY groups;
-	KRB_SID_AND_ATTR_ARRAY extra_sids;
-	DOM_SID2 res_group_dom_sid;
-	GROUP_MEMBERSHIP_ARRAY res_groups;
-
-} PAC_LOGON_INFO;
-#endif
-
-typedef struct pac_logon_info {	
-	NET_USER_INFO_3 info3;
-	DOM_SID2 res_group_dom_sid;
-	GROUP_MEMBERSHIP_ARRAY res_groups;
-
-} PAC_LOGON_INFO;
-
-typedef struct pac_info_ctr
-{
-	union
-	{
-		PAC_LOGON_INFO *logon_info;
-		PAC_SIGNATURE_DATA *srv_cksum;
-		PAC_SIGNATURE_DATA *privsrv_cksum;
-		PAC_LOGON_NAME *logon_name;
-	} pac;
-} PAC_INFO_CTR;
-
-typedef struct pac_buffer {
-	uint32 type;
-	uint32 size;
-	uint32 offset;
-	uint32 offsethi;
-	PAC_INFO_CTR *ctr;
-	uint32 pad;
-} PAC_BUFFER;
-
-typedef struct pac_data {
-	uint32 num_buffers;
-	uint32 version;
-	PAC_BUFFER *pac_buffer;
-} PAC_DATA;
-
-
 #endif
diff --git a/source3/include/byteorder.h b/source3/include/byteorder.h
index 32138a89ce..9ced9cea3a 100644
--- a/source3/include/byteorder.h
+++ b/source3/include/byteorder.h
@@ -167,4 +167,10 @@ it also defines lots of intermediate macros, just ignore those :-)
 #define ALIGN4(p,base) ((p) + ((4 - (PTR_DIFF((p), (base)) & 3)) & 3))
 #define ALIGN2(p,base) ((p) + ((2 - (PTR_DIFF((p), (base)) & 1)) & 1))
 
+/* 64 bit macros */
+#define BVAL(p, ofs) (IVAL(p,ofs) | (((uint64_t)IVAL(p,(ofs)+4)) << 32))
+#define BVALS(p, ofs) ((int64_t)BVAL(p,ofs))
+#define SBVAL(p, ofs, v) (SIVAL(p,ofs,(v)&0xFFFFFFFF), SIVAL(p,(ofs)+4,((uint64_t)(v))>>32))
+#define SBVALS(p, ofs, v) (SBVAL(p,ofs,(uint64_t)v))
+
 #endif /* _BYTEORDER_H */
diff --git a/source3/include/client.h b/source3/include/client.h
index f8adf567de..52dc513d65 100644
--- a/source3/include/client.h
+++ b/source3/include/client.h
@@ -82,7 +82,12 @@ struct rpc_pipe_client {
 };
 
 /* Transport encryption state. */
-enum smb_trans_enc_type { SMB_TRANS_ENC_NTLM, SMB_TRANS_ENC_GSS };
+enum smb_trans_enc_type {
+		SMB_TRANS_ENC_NTLM
+#if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
+		, SMB_TRANS_ENC_GSS
+#endif
+};
 
 #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
 struct smb_tran_enc_state_gss {
@@ -187,6 +192,36 @@ struct cli_state {
 
 	bool force_dos_errors;
 	bool case_sensitive; /* False by default. */
+
+	struct event_context *event_ctx;
+	struct fd_event *fd_event;
+	char *evt_inbuf;
+
+	struct cli_request *outstanding_requests;
+};
+
+struct cli_request {
+	struct cli_request *prev, *next;
+	struct async_req *async;
+
+	struct cli_state *cli;
+
+	struct smb_trans_enc_state *enc_state;
+
+	uint16_t mid;
+
+	char *outbuf;
+	size_t sent;
+	char *inbuf;
+
+	union {
+		struct {
+			off_t ofs;
+			size_t size;
+			ssize_t received;
+			uint8_t *rcvbuf;
+		} read;
+	} data;
 };
 
 typedef struct file_info {
diff --git a/source3/include/ctdbd_conn.h b/source3/include/ctdbd_conn.h
index 425cc65a00..6e1b2f737a 100644
--- a/source3/include/ctdbd_conn.h
+++ b/source3/include/ctdbd_conn.h
@@ -17,6 +17,9 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
+#ifndef _CTDBD_CONN_H
+#define _CTDBD_CONN_H
+
 struct ctdbd_connection;
 
 NTSTATUS ctdbd_init_connection(TALLOC_CTX *mem_ctx,
@@ -62,3 +65,6 @@ NTSTATUS ctdbd_register_ips(struct ctdbd_connection *conn,
 
 NTSTATUS ctdbd_register_reconfigure(struct ctdbd_connection *conn);
 
+NTSTATUS ctdbd_persistent_store(struct ctdbd_connection *conn, uint32_t db_id, TDB_DATA key, TDB_DATA data);
+
+#endif /* _CTDBD_CONN_H */
diff --git a/source3/include/dbwrap.h b/source3/include/dbwrap.h
index 3bb378c841..4eb174fef1 100644
--- a/source3/include/dbwrap.h
+++ b/source3/include/dbwrap.h
@@ -43,6 +43,7 @@ struct db_context {
 			     void *private_data);
 	int (*get_seqnum)(struct db_context *db);
 	void *private_data;
+	bool persistent;
 };
 
 struct db_context *db_open(TALLOC_CTX *mem_ctx,
diff --git a/source3/include/debug.h b/source3/include/debug.h
index 284671c730..d8dafcbd45 100644
--- a/source3/include/debug.h
+++ b/source3/include/debug.h
@@ -176,11 +176,14 @@ extern bool *DEBUGLEVEL_CLASS_ISSET;
 #define unlikely(x) (x)
 #endif
 
-#define DEBUGLVL( level ) \
+#define CHECK_DEBUGLVL( level ) \
   ( ((level) <= MAX_DEBUG_LEVEL) && \
      unlikely((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))||  \
      (!DEBUGLEVEL_CLASS_ISSET[ DBGC_CLASS ] && \
-      DEBUGLEVEL_CLASS[ DBGC_ALL   ] >= (level))  ) \
+      DEBUGLEVEL_CLASS[ DBGC_ALL   ] >= (level))  ) )
+
+#define DEBUGLVL( level ) \
+  ( CHECK_DEBUGLVL(level) \
    && dbghdr( level, DBGC_CLASS, __FILE__, FUNCTION_MACRO, (__LINE__) ) )
 
 
diff --git a/source3/include/doserr.h b/source3/include/doserr.h
index 08f5b3e39d..5794fbe71c 100644
--- a/source3/include/doserr.h
+++ b/source3/include/doserr.h
@@ -202,6 +202,7 @@
 #define WERR_SERVICE_ALREADY_RUNNING W_ERROR(1056)
 #define WERR_SERVICE_DISABLED W_ERROR(1058)
 #define WERR_SERVICE_NEVER_STARTED W_ERROR(1077)
+#define WERR_INVALID_COMPUTER_NAME W_ERROR(1210)
 #define WERR_MACHINE_LOCKED W_ERROR(1271)
 #define WERR_NO_LOGON_SERVERS W_ERROR(1311)
 #define WERR_NO_SUCH_LOGON_SESSION W_ERROR(1312)
@@ -213,12 +214,17 @@
 #define WERR_SERVER_UNAVAILABLE W_ERROR(1722)
 #define WERR_INVALID_FORM_NAME W_ERROR(1902)
 #define WERR_INVALID_FORM_SIZE W_ERROR(1903)
+#define WERR_PASSWORD_MUST_CHANGE W_ERROR(1907)
+#define WERR_DOMAIN_CONTROLLER_NOT_FOUND W_ERROR(1908)
+#define WERR_ACCOUNT_LOCKED_OUT W_ERROR(1909)
+
+/* should these go down to NERR_BASE ? */
 #define WERR_BUF_TOO_SMALL W_ERROR(2123)
 #define WERR_JOB_NOT_FOUND W_ERROR(2151)
 #define WERR_DEST_NOT_FOUND W_ERROR(2152)
 #define WERR_USER_EXISTS W_ERROR(2224)
 #define WERR_NOT_LOCAL_DOMAIN W_ERROR(2320)
-#define WERR_DOMAIN_CONTROLLER_NOT_FOUND W_ERROR(2453)
+#define WERR_DC_NOT_FOUND W_ERROR(2453)
 
 #define WERR_SETUP_ALREADY_JOINED W_ERROR(2691)
 #define WERR_SETUP_NOT_JOINED W_ERROR(2692)
diff --git a/source3/include/dynconfig.h b/source3/include/dynconfig.h
index bb7e2c20f4..57909bc614 100644
--- a/source3/include/dynconfig.h
+++ b/source3/include/dynconfig.h
@@ -41,42 +41,60 @@ extern char dyn_PRIVATE_DIR[1024];
 
 const char *get_dyn_SBINDIR(void);
 const char *set_dyn_SBINDIR(const char *newpath);
+bool is_default_dyn_SBINDIR(void);
 
 const char *get_dyn_BINDIR(void);
 const char *set_dyn_BINDIR(const char *newpath);
+bool is_default_dyn_BINDIR(void);
 
 const char *get_dyn_SWATDIR(void);
 const char *set_dyn_SWATDIR(const char *newpath);
+bool is_default_dyn_SWATDIR(void);
 
 const char *get_dyn_CONFIGFILE(void);
 const char *set_dyn_CONFIGFILE(const char *newpath);
+bool is_default_dyn_CONFIGFILE(void);
 
-const char *get_dyn_dyn_LOGFILEBASE(void);
-const char *set_dyn_dyn_LOGFILEBASE(const char *newpath);
+const char *get_dyn_LOGFILEBASE(void);
+const char *set_dyn_LOGFILEBASE(const char *newpath);
+bool is_default_dyn_LOGFILEBASE(void);
 
 const char *get_dyn_LMHOSTSFILE(void);
 const char *set_dyn_LMHOSTSFILE(const char *newpath);
+bool is_default_dyn_LMHOSTSFILE(void);
 
 const char *get_dyn_CODEPAGEDIR(void);
 const char *set_dyn_CODEPAGEDIR(const char *newpath);
+bool is_default_dyn_CODEPAGEDIR(void);
 
 const char *get_dyn_LIBDIR(void);
 const char *set_dyn_LIBDIR(const char *newpath);
+bool is_default_dyn_LIBDIR(void);
 
 const char *get_dyn_SHLIBEXT(void);
 const char *set_dyn_SHLIBEXT(const char *newpath);
+bool is_default_dyn_SHLIBEXT(void);
 
 const char *get_dyn_LOCKDIR(void);
 const char *set_dyn_LOCKDIR(const char *newpath);
+bool is_default_dyn_LOCKDIR(void);
 
 const char *get_dyn_PIDDIR(void);
 const char *set_dyn_PIDDIR(const char *newpath);
+bool is_default_dyn_PIDDIR(void);
 
 const char *get_dyn_SMB_PASSWD_FILE(void);
 const char *set_dyn_SMB_PASSWD_FILE(const char *newpath);
+bool is_default_dyn_SMB_PASSWD_FILE(void);
 
 const char *get_dyn_PRIVATE_DIR(void);
 const char *set_dyn_PRIVATE_DIR(const char *newpath);
+bool is_default_dyn_PRIVATE_DIR(void);
 
 const char *get_dyn_STATEDIR(void);
+const char *set_dyn_STATEDIR(const char *newpath);
+bool is_default_dyn_STATEDIR(void);
+
 const char *get_dyn_CACHEDIR(void);
+const char *set_dyn_CACHEDIR(const char *newpath);
+bool is_default_dyn_CACHEDIR(bool);
diff --git a/source3/include/includes.h b/source3/include/includes.h
index e9477d8ba1..269baa5a9c 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -250,6 +250,10 @@ typedef int ber_int_t;
 #include <langinfo.h>
 #endif
 
+#if HAVE_NETGROUP_H
+#include <netgroup.h>
+#endif
+
 #if defined(HAVE_AIO_H) && defined(WITH_AIO)
 #include <aio.h>
 #endif
@@ -694,14 +698,13 @@ typedef char fstring[FSTRING_LEN];
 #include "rpc_netlogon.h"
 #include "reg_objects.h"
 #include "reg_db.h"
-#include "rpc_samr.h"
 #include "rpc_srvsvc.h"
 #include "rpc_spoolss.h"
 #include "rpc_eventlog.h"
-#include "rpc_ds.h"
 #include "rpc_perfcount.h"
 #include "rpc_perfcount_defs.h"
 #include "librpc/gen_ndr/notify.h"
+#include "librpc/gen_ndr/xattr.h"
 #include "nt_printing.h"
 #include "idmap.h"
 #include "client.h"
@@ -720,6 +723,8 @@ typedef char fstring[FSTRING_LEN];
 #include "ctdbd_conn.h"
 #include "talloc_stack.h"
 #include "memcache.h"
+#include "async_req.h"
+#include "async_smb.h"
 
 /* used in net.c */
 struct functable {
@@ -1107,6 +1112,14 @@ char *talloc_asprintf_strupper_m(TALLOC_CTX *t, const char *fmt, ...) PRINTF_ATT
 #define VXFS_QUOTA
 #endif
 
+#ifndef XATTR_CREATE
+#define XATTR_CREATE  0x1       /* set value, fail if attr already exists */
+#endif
+
+#ifndef XATTR_REPLACE
+#define XATTR_REPLACE 0x2       /* set value, fail if attr does not exist */
+#endif
+
 #if defined(HAVE_KRB5)
 
 krb5_error_code smb_krb5_parse_name(krb5_context context,
@@ -1158,15 +1171,15 @@ bool kerberos_compatible_enctypes(krb5_context context, krb5_enctype enctype1, k
 void kerberos_free_data_contents(krb5_context context, krb5_data *pdata);
 NTSTATUS decode_pac_data(TALLOC_CTX *mem_ctx,
 			 DATA_BLOB *pac_data_blob,
-			 krb5_context context, 
+			 krb5_context context,
 			 krb5_keyblock *service_keyblock,
 			 krb5_const_principal client_principal,
 			 time_t tgs_authtime,
-			 PAC_DATA **pac_data);
+			 struct PAC_DATA **pac_data_out);
 void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum, 
-				    PAC_SIGNATURE_DATA *sig);
+				    struct PAC_SIGNATURE_DATA *sig);
 krb5_error_code smb_krb5_verify_checksum(krb5_context context,
-					 krb5_keyblock *keyblock,
+					 const krb5_keyblock *keyblock,
 					 krb5_keyusage usage,
 					 krb5_checksum *cksum,
 					 uint8 *data,
@@ -1194,7 +1207,6 @@ bool smb_krb5_principal_compare_any_realm(krb5_context context,
 					  krb5_const_principal princ2);
 int cli_krb5_get_ticket(const char *principal, time_t time_offset, 
 			DATA_BLOB *ticket, DATA_BLOB *session_key_krb5, uint32 extra_ap_opts, const char *ccname, time_t *tgs_expire);
-PAC_LOGON_INFO *get_logon_info_from_pac(PAC_DATA *pac_data);
 krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char *client_string, const char *service_string, time_t *expire_time);
 krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code);
 krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr);
diff --git a/source3/include/libsmb_internal.h b/source3/include/libsmb_internal.h
index dbc115429b..6c7dc80da8 100644
--- a/source3/include/libsmb_internal.h
+++ b/source3/include/libsmb_internal.h
@@ -15,6 +15,7 @@ struct _SMBCSRV {
 	bool no_pathinfo;
 	bool no_pathinfo2;
         bool no_nt_session;
+        POLICY_HND pol;
 
 	SMBCSRV *next, *prev;
 	
diff --git a/source3/include/libsmbclient.h b/source3/include/libsmbclient.h
index 07242f7956..64afc09499 100644
--- a/source3/include/libsmbclient.h
+++ b/source3/include/libsmbclient.h
@@ -427,6 +427,8 @@ struct _SMBCCTX {
 	off_t      (*lseek)   (SMBCCTX *c, SMBCFILE * file, off_t offset, int whence);
 	int        (*stat)    (SMBCCTX *c, const char *fname, struct stat *st);
 	int        (*fstat)   (SMBCCTX *c, SMBCFILE *file, struct stat *st);
+        /* ftruncate added near _internal for ABI compatibility */
+                
 	int        (*close_fn) (SMBCCTX *c, SMBCFILE *file);
 
 	/** callable functions for dirs
@@ -520,6 +522,12 @@ struct _SMBCCTX {
 	int flags;
 	
         /** user options selections that apply to this session
+         *
+         *  NEW OPTIONS ARE NOT ADDED HERE!
+         *
+         *  We must maintain ABI backward compatibility.  We now use
+         *  smbc_option_set() and smbc_option_get() for all newly added
+         *  options.
          */
         struct _smbc_options {
 
@@ -580,6 +588,9 @@ struct _SMBCCTX {
                 int one_share_per_server;
         } options;
 	
+        /* Add additional functions here for ABI backward compatibility */
+        int        (*ftruncate)(SMBCCTX *c, SMBCFILE *f, off_t size);
+
 	/** INTERNAL DATA
 	 * do _NOT_ touch this from your program !
 	 */
@@ -1193,6 +1204,26 @@ int smbc_stat(const char *url, struct stat *st);
 int smbc_fstat(int fd, struct stat *st);
 
 
+/**@ingroup attribute
+ * Truncate a file given a file descriptor
+ * 
+ * @param fd        Open file handle from smbc_open() or smbc_creat()
+ *
+ * @param size      size to truncate the file to
+ * 
+ * @return          EBADF  filedes is bad.
+ *                  - EACCES Permission denied.
+ *                  - EBADF fd is not a valid file descriptor
+ *                  - EINVAL Problems occurred in the underlying routines
+ *		      or smbc_init not called.
+ *                  - ENOMEM Out of memory
+ *
+ * @see             , Unix ftruncate()
+ *
+ */
+int smbc_ftruncate(int fd, off_t size);
+
+
 /**@ingroup attribue
  * Change the ownership of a file or directory.
  *
diff --git a/source3/include/messages.h b/source3/include/messages.h
index 8de41ca049..c97ad982b3 100644
--- a/source3/include/messages.h
+++ b/source3/include/messages.h
@@ -97,6 +97,7 @@
 #define MSG_WINBIND_TRY_TO_GO_ONLINE	0x0406
 #define MSG_WINBIND_FAILED_TO_GO_ONLINE 0x0407
 #define MSG_WINBIND_VALIDATE_CACHE	0x0408
+#define MSG_WINBIND_DUMP_DOMAIN_LIST	0x0409
 
 /* event messages */
 #define MSG_DUMP_EVENT_LIST		0x0500
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index 6537d5a7fb..b89b0fea3a 100644
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -135,9 +135,9 @@ struct handle_list {
 /* Domain controller authentication protocol info */
 struct dcinfo {
 	uint32 sequence; /* "timestamp" from client. */
-	DOM_CHAL seed_chal; 
-	DOM_CHAL clnt_chal; /* Client credential */
-	DOM_CHAL srv_chal;  /* Server credential */
+	struct netr_Credential seed_chal;
+	struct netr_Credential clnt_chal; /* Client credential */
+	struct netr_Credential srv_chal;  /* Server credential */
  
 	unsigned char  sess_key[16]; /* Session key - 8 bytes followed by 8 zero bytes */
 	unsigned char  mach_pw[16];   /* md4(machine password) */
diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index b72ec6b0ba..8d5934df52 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -25,40 +25,13 @@
 
 
 /*
- * fields_present flags meanings
- * same names as found in samba4 idl files
+ * in samba4 idl
+ * ACCT_NT_PWD_SET == SAMR_FIELD_PASSWORD and
+ * ACCT_LM_PWD_SET == SAMR_FIELD_PASSWORD2
  */
 
-#define ACCT_USERNAME		0x00000001
-#define ACCT_FULL_NAME		0x00000002
-#define ACCT_RID		0x00000004
-#define ACCT_PRIMARY_GID	0x00000008
-#define ACCT_DESCRIPTION	0x00000010
-#define ACCT_COMMENT		0x00000020
-#define ACCT_HOME_DIR		0x00000040
-#define ACCT_HOME_DRIVE		0x00000080
-#define ACCT_LOGON_SCRIPT	0x00000100
-#define ACCT_PROFILE		0x00000200
-#define ACCT_WORKSTATIONS	0x00000400
-#define ACCT_LAST_LOGON		0x00000800
-#define ACCT_LAST_LOGOFF	0x00001000
-#define ACCT_LOGON_HOURS	0x00002000
-#define ACCT_BAD_PWD_COUNT	0x00004000
-#define ACCT_NUM_LOGONS		0x00008000
-#define ACCT_ALLOW_PWD_CHANGE	0x00010000
-#define ACCT_FORCE_PWD_CHANGE	0x00020000
-#define ACCT_LAST_PWD_CHANGE	0x00040000
-#define ACCT_EXPIRY		0x00080000
-#define ACCT_FLAGS		0x00100000
-#define ACCT_CALLBACK		0x00200000
-#define ACCT_COUNTRY_CODE	0x00400000
-#define ACCT_CODE_PAGE		0x00800000
 #define ACCT_NT_PWD_SET		0x01000000
 #define ACCT_LM_PWD_SET		0x02000000
-#define ACCT_PRIVATEDATA	0x04000000
-#define ACCT_EXPIRED_FLAG	0x08000000
-#define ACCT_SEC_DESC		0x10000000
-#define ACCT_OWF_PWD		0x20000000
 
 /*
  * bit flags representing initialized fields in struct samu
diff --git a/source3/include/reg_objects.h b/source3/include/reg_objects.h
index 23a14e6757..3df701f61c 100644
--- a/source3/include/reg_objects.h
+++ b/source3/include/reg_objects.h
@@ -94,11 +94,17 @@ typedef struct {
 #define KEY_HKCU		"HKCU"
 #define KEY_HKDD		"HKDD"
 #define KEY_SERVICES		"HKLM\\SYSTEM\\CurrentControlSet\\Services"
+#define KEY_EVENTLOG 		"HKLM\\SYSTEM\\CurrentControlSet\\Services\\Eventlog"
+#define KEY_SHARES		"HKLM\\SYSTEM\\CurrentControlSet\\Services\\LanmanServer\\Shares"
+#define KEY_NETLOGON_PARAMS	"HKLM\\SYSTEM\\CurrentControlSet\\Services\\Netlogon\\Parameters"
+#define KEY_TCPIP_PARAMS	"HKLM\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters"
+#define KEY_PROD_OPTIONS	"HKLM\\SYSTEM\\CurrentControlSet\\Control\\ProductOptions"
 #define KEY_PRINTING 		"HKLM\\SYSTEM\\CurrentControlSet\\Control\\Print"
 #define KEY_PRINTING_2K		"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers"
 #define KEY_PRINTING_PORTS	"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Ports"
-#define KEY_EVENTLOG 		"HKLM\\SYSTEM\\CurrentControlSet\\Services\\Eventlog"
-#define KEY_SHARES		"HKLM\\SYSTEM\\CurrentControlSet\\Services\\LanmanServer\\Shares"
+#define KEY_CURRENT_VERSION	"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"
+#define KEY_PERFLIB		"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib"
+#define KEY_PERFLIB_009		"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib\\009"
 #define KEY_SMBCONF		"HKLM\\SOFTWARE\\Samba\\smbconf"
 #define KEY_TREE_ROOT		""
 
diff --git a/source3/include/rpc_brs.h b/source3/include/rpc_brs.h
deleted file mode 100644
index 62ee86050f..0000000000
--- a/source3/include/rpc_brs.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   SMB parameters and setup
-   Copyright (C) Andrew Tridgell 1992-1999
-   Copyright (C) Luke Kenneth Casson Leighton 1996-1999
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _RPC_BRS_H /* _RPC_BRS_H */
-#define _RPC_BRS_H 
-
-
-/* brssvc pipe */
-#define BRS_QUERY_INFO    0x02
-
-
-/* BRS_Q_QUERY_INFO - probably a capabilities request */
-typedef struct q_brs_query_info_info
-{
-	uint32 ptr_srv_name;         /* pointer (to server name?) */
-	UNISTR2 uni_srv_name;        /* unicode server name starting with '\\' */
-
-	uint16 switch_value1;            /* info level 100 (0x64) */
-	/* align */
-	uint16 switch_value2;            /* info level 100 (0x64) */
-
-	uint32 ptr;
-	uint32 pad1;
-	uint32 pad2;
-
-} BRS_Q_QUERY_INFO;
-
-
-/* BRS_INFO_100 - level 100 info */
-typedef struct brs_info_100_info
-{
-	uint32 pad1;
-	uint32 ptr2;
-	uint32 pad2;
-	uint32 pad3;
-
-} BRS_INFO_100;
-
-
-/* BRS_R_QUERY_INFO - probably a capabilities request */
-typedef struct r_brs_query_info_info
-{
-	uint16 switch_value1;          /* 100 (0x64) - switch value */
-	/* align */
-	uint16 switch_value2;            /* info level 100 (0x64) */
-
-	/* for now, only level 100 is supported.  this should be an enum container */
-	uint32 ptr_1;              /* pointer 1 */
-
-	union
-	{
-		BRS_INFO_100 *brs100;      /* browser info level 100 */
-		void *id;
-
-	} info;
-
-	NTSTATUS status;             /* return status */
-
-} BRS_R_QUERY_INFO;
-
-#endif /* _RPC_BRS_H */
-
diff --git a/source3/include/rpc_client.h b/source3/include/rpc_client.h
index 66c4f58987..e1ebb2509d 100644
--- a/source3/include/rpc_client.h
+++ b/source3/include/rpc_client.h
@@ -31,6 +31,10 @@
 #include "librpc/gen_ndr/cli_initshutdown.h"
 #include "librpc/gen_ndr/cli_winreg.h"
 #include "librpc/gen_ndr/cli_srvsvc.h"
+#include "librpc/gen_ndr/cli_samr.h"
+#include "librpc/gen_ndr/cli_netlogon.h"
+#include "librpc/gen_ndr/cli_dssetup.h"
+#include "librpc/gen_ndr/cli_ntsvcs.h"
 
 /* macro to expand cookie-cutter code in cli_xxx() using rpc_api_pipe_req() */
 
diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h
index 7ea3fcbc23..ec08eb5f8f 100644
--- a/source3/include/rpc_dce.h
+++ b/source3/include/rpc_dce.h
@@ -98,11 +98,6 @@ enum RPC_PKT_TYPE {
 #define RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN 	0x20
 #define RPC_AUTH_SCHANNEL_SIGN_ONLY_CHK_LEN 	0x18
 
-
-#define NETLOGON_NEG_ARCFOUR			0x00000004
-#define NETLOGON_NEG_128BIT			0x00004000
-#define NETLOGON_NEG_SCHANNEL			0x40000000
-
 /* The 7 here seems to be required to get Win2k not to downgrade us
    to NT4.  Actually, anything other than 1ff would seem to do... */
 #define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff
@@ -111,6 +106,8 @@ enum RPC_PKT_TYPE {
 /* these are the flags that ADS clients use */
 #define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL)
 
+#define NETLOGON_NEG_SELECT_AUTH2_FLAGS ((lp_security() == SEC_ADS) ? NETLOGON_NEG_AUTH2_ADS_FLAGS : NETLOGON_NEG_AUTH2_FLAGS)
+
 enum schannel_direction {
 	SENDER_IS_INITIATOR,
 	SENDER_IS_ACCEPTOR
diff --git a/source3/include/rpc_ds.h b/source3/include/rpc_ds.h
deleted file mode 100644
index 1ba02aede0..0000000000
--- a/source3/include/rpc_ds.h
+++ /dev/null
@@ -1,184 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   SMB parameters and setup
-   Copyright (C) Gerald Carter			2002
-      
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _RPC_DS_H /* _RPC_LSA_H */
-#define _RPC_DS_H 
-
-/* Opcodes available on PIPE_LSARPC_DS */
-
-#define DS_GETPRIMDOMINFO      0x00
-#define DS_NOP                 0xFF	/* no op -- placeholder */
-
-/* Opcodes available on PIPE_NETLOGON */
-
-#define DS_ENUM_DOM_TRUSTS      0x28
-
-/* macros for RPC's */
-
-/* DSROLE_PRIMARY_DOMAIN_INFO_BASIC */
-
-/* flags */
-
-#define DSROLE_PRIMARY_DS_RUNNING           0x00000001
-#define DSROLE_PRIMARY_DS_MIXED_MODE        0x00000002
-#define DSROLE_UPGRADE_IN_PROGRESS          0x00000004
-#define DSROLE_PRIMARY_DOMAIN_GUID_PRESENT  0x01000000
-
-/* machine role */
-
-#define DSROLE_DOMAIN_MEMBER_WKS	1
-#define DSROLE_STANDALONE_SRV		2	
-#define DSROLE_DOMAIN_MEMBER_SRV	3
-#define DSROLE_BDC			4
-#define DSROLE_PDC			5
-
-/* Settings for the domainFunctionality attribute in the rootDSE */
-
-#define DS_DOMAIN_FUNCTION_2000		0
-#define DS_DOMAIN_FUCNTION_2003_MIXED	1
-#define DS_DOMAIN_FUNCTION_2003		2
-
-typedef struct
-{
-	uint16		machine_role;
-	uint32		flags;	
-	uint32		netbios_ptr;
-	uint32		dnsname_ptr;
-	uint32		forestname_ptr;
-	
-	struct GUID	domain_guid;	
-	UNISTR2	netbios_domain;
-	UNISTR2	dns_domain;	/* our dns domain */
-	UNISTR2	forest_domain;	/* root domain of the forest to which we belong */
-} DSROLE_PRIMARY_DOMAIN_INFO_BASIC;
-
-typedef struct
-{
-	DSROLE_PRIMARY_DOMAIN_INFO_BASIC	*basic;
-} DS_DOMINFO_CTR;
-
-/* info levels for ds_getprimdominfo() */
-
-#define DsRolePrimaryDomainInfoBasic		1
-
-/* DS_Q_GETPRIMDOMINFO - DsGetPrimaryDomainInformation() request */
-typedef struct 
-{
-	uint16	level;
-} DS_Q_GETPRIMDOMINFO;
-
-/* DS_R_GETPRIMDOMINFO - DsGetPrimaryDomainInformation() response */
-typedef struct 
-{
-	uint32		ptr;
-		
-	uint16		level;
-	uint16		unknown0;	/* 0x455c -- maybe just alignment? */
-
-	DS_DOMINFO_CTR	info;
-	
-	NTSTATUS status;
-} DS_R_GETPRIMDOMINFO;
-
-typedef struct {
-	/* static portion of structure */
-	uint32		netbios_ptr;
-	uint32		dns_ptr;
-	uint32		flags;
-	uint32		parent_index;
-	uint32		trust_type;
-	uint32		trust_attributes;
-	uint32		sid_ptr;
-	struct GUID	guid;
-	
-	UNISTR2		netbios_domain;
-	UNISTR2		dns_domain;
-	DOM_SID2	sid;
-
-} DS_DOMAIN_TRUSTS;
-
-struct ds_domain_trust {
-	/* static portion of structure */
-	uint32		flags;
-	uint32		parent_index;
-	uint32		trust_type;
-	uint32		trust_attributes;
-	struct GUID	guid;
-	
-	DOM_SID	sid;
-	char *netbios_domain;
-	char *dns_domain;
-};
-
-typedef struct {
-
-	uint32			ptr;
-	uint32			max_count;
-	DS_DOMAIN_TRUSTS 	*trusts;
-	
-} DS_DOMAIN_TRUSTS_CTR;
-
-/* Trust flags */
-
-#define DS_DOMAIN_IN_FOREST           0x0001 	/* domains in the forest to which 
-						   we belong; even different domain trees */
-#define DS_DOMAIN_DIRECT_OUTBOUND     0x0002  	/* trusted domains */
-#define DS_DOMAIN_TREE_ROOT           0x0004  	/* root of a forest */
-#define DS_DOMAIN_PRIMARY             0x0008  	/* our domain */
-#define DS_DOMAIN_NATIVE_MODE         0x0010  	/* native mode AD servers */
-#define DS_DOMAIN_DIRECT_INBOUND      0x0020 	/* trusting domains */
-
-/* Trust types */
-
-#define DS_DOMAIN_TRUST_TYPE_DOWNLEVEL   0x00000001
-#define DS_DOMAIN_TRUST_TYPE_UPLEVEL     0x00000002
-
-/* Trust attributes */
-
-#define DS_DOMAIN_TRUST_ATTRIB_NON_TRANSITIVE         0x00000001
-#define DS_DOMAIN_TRUST_ATTRIB_UPLEVEL_ONLY           0x00000002            
-#define DS_DOMAIN_TRUST_ATTRIB_QUARANTINED_DOMAIN     0x00000004            
-#define DS_DOMAIN_TRUST_ATTRIB_FOREST_TRANSITIVE      0x00000008            
-#define DS_DOMAIN_TRUST_ATTRIB_CROSS_ORG              0x00000010            
-#define DS_DOMAIN_TRUST_ATTRIB_IN_FOREST              0x00000020            
-#define DS_DOMAIN_TRUST_ATTRIB_EXTERNAL               0x00000040            
-
-
-
-/* DS_Q_ENUM_DOM_TRUSTS - DsEnumerateDomainTrusts() request */
-typedef struct 
-{
-	uint32		server_ptr;
-	UNISTR2		server;
-	uint32		flags;
-	
-} DS_Q_ENUM_DOM_TRUSTS;
-
-/* DS_R_ENUM_DOM_TRUSTS - DsEnumerateDomainTrusts() response */
-typedef struct 
-{
-	uint32			num_domains;
-	DS_DOMAIN_TRUSTS_CTR	domains;
-		
-	NTSTATUS status;
-
-} DS_R_ENUM_DOM_TRUSTS;
-
-
-#endif /* _RPC_DS_H */
diff --git a/source3/include/rpc_eventlog.h b/source3/include/rpc_eventlog.h
index 9ec76a071c..3f5d03ed63 100644
--- a/source3/include/rpc_eventlog.h
+++ b/source3/include/rpc_eventlog.h
@@ -60,51 +60,6 @@ typedef struct elog_tdb {
 
 /***********************************/
 
-typedef struct {
-	uint16 unknown1;
-	uint16 unknown2;
-} EVENTLOG_OPEN_UNKNOWN0;
-
-typedef struct {
-	EVENTLOG_OPEN_UNKNOWN0 *unknown0;
-	UNISTR4 logname;
-	UNISTR4 servername;
-	uint32 unknown1;
-	uint32 unknown2;
-} EVENTLOG_Q_OPEN_EVENTLOG;
-
-typedef struct {
-	POLICY_HND handle;
-	NTSTATUS status;
-} EVENTLOG_R_OPEN_EVENTLOG;
-
-
-/***********************************/
-
-typedef struct {
-	POLICY_HND handle;
-} EVENTLOG_Q_GET_NUM_RECORDS;
-
-typedef struct {
-	uint32 num_records;
-	NTSTATUS status;
-} EVENTLOG_R_GET_NUM_RECORDS;
-
-
-/***********************************/
-
-typedef struct {
-	POLICY_HND handle;
-} EVENTLOG_Q_GET_OLDEST_ENTRY;
-
-typedef struct {
-	uint32 oldest_entry;
-	NTSTATUS status;
-} EVENTLOG_R_GET_OLDEST_ENTRY;
-
-
-/***********************************/
-
 typedef struct 
 {
 	POLICY_HND handle;
@@ -165,16 +120,4 @@ typedef struct {
 	NTSTATUS status;
 } EVENTLOG_R_READ_EVENTLOG;
 
-
-/***********************************/
-
-typedef struct {
-	POLICY_HND handle;
-	UNISTR4 backupfile;
-} EVENTLOG_Q_CLEAR_EVENTLOG;
-
-typedef struct {
-	NTSTATUS status;
-} EVENTLOG_R_CLEAR_EVENTLOG;
-
 #endif /* _RPC_EVENTLOG_H */
diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h
index ef6ff6db28..b4021afd0a 100644
--- a/source3/include/rpc_lsa.h
+++ b/source3/include/rpc_lsa.h
@@ -23,1058 +23,37 @@
 #ifndef _RPC_LSA_H /* _RPC_LSA_H */
 #define _RPC_LSA_H 
 
-/* Opcodes available on PIPE_LSARPC */
-
-#define LSA_CLOSE              0x00
-#define LSA_DELETE             0x01
-#define LSA_ENUM_PRIVS         0x02
-#define LSA_QUERYSECOBJ        0x03
-#define LSA_SETSECOBJ          0x04
-#define LSA_CHANGEPASSWORD     0x05
-#define LSA_OPENPOLICY         0x06
-#define LSA_QUERYINFOPOLICY    0x07
-#define LSA_SETINFOPOLICY      0x08
-#define LSA_CLEARAUDITLOG      0x09
-#define LSA_CREATEACCOUNT      0x0a
-#define LSA_ENUM_ACCOUNTS      0x0b
-#define LSA_CREATETRUSTDOM     0x0c	/* TODO: implement this one  -- jerry */
-#define LSA_ENUMTRUSTDOM       0x0d
-#define LSA_LOOKUPNAMES        0x0e
-#define LSA_LOOKUPSIDS         0x0f
-#define LSA_CREATESECRET       0x10	/* TODO: implement this one  -- jerry */
-#define LSA_OPENACCOUNT	       0x11
-#define LSA_ENUMPRIVSACCOUNT   0x12
-#define LSA_ADDPRIVS           0x13
-#define LSA_REMOVEPRIVS        0x14
-#define LSA_GETQUOTAS          0x15
-#define LSA_SETQUOTAS          0x16
-#define LSA_GETSYSTEMACCOUNT   0x17
-#define LSA_SETSYSTEMACCOUNT   0x18
-#define LSA_OPENTRUSTDOM       0x19
-#define LSA_QUERYTRUSTDOMINFO  0x1a
-#define LSA_SETINFOTRUSTDOM    0x1b
-#define LSA_OPENSECRET         0x1c	/* TODO: implement this one  -- jerry */
-#define LSA_SETSECRET          0x1d	/* TODO: implement this one  -- jerry */
-#define LSA_QUERYSECRET        0x1e
-#define LSA_LOOKUPPRIVVALUE    0x1f
-#define LSA_LOOKUPPRIVNAME     0x20
-#define LSA_PRIV_GET_DISPNAME  0x21
-#define LSA_DELETEOBJECT       0x22	/* TODO: implement this one  -- jerry */
-#define LSA_ENUMACCTWITHRIGHT  0x23	/* TODO: implement this one  -- jerry */
-#define LSA_ENUMACCTRIGHTS     0x24
-#define LSA_ADDACCTRIGHTS      0x25
-#define LSA_REMOVEACCTRIGHTS   0x26
-#define LSA_QUERYTRUSTDOMINFOBYSID  0x27
-#define LSA_SETTRUSTDOMINFO    0x28
-#define LSA_DELETETRUSTDOM     0x29
-#define LSA_STOREPRIVDATA      0x2a
-#define LSA_RETRPRIVDATA       0x2b
-#define LSA_OPENPOLICY2        0x2c
-#define LSA_UNK_GET_CONNUSER   0x2d /* LsaGetConnectedCredentials ? */
-#define LSA_QUERYINFO2         0x2e
-#define LSA_QUERYTRUSTDOMINFOBYNAME 0x30
-#define LSA_QUERYDOMINFOPOL    0x35
-#define LSA_OPENTRUSTDOMBYNAME 0x37
-
-#define LSA_LOOKUPSIDS2        0x39
-#define LSA_LOOKUPNAMES2       0x3a
-#define LSA_LOOKUPNAMES3       0x44
-#define LSA_LOOKUPSIDS3        0x4c
-#define LSA_LOOKUPNAMES4       0x4d
-
-/* XXXX these are here to get a compile! */
-#define LSA_LOOKUPRIDS      0xFD
-
-#define LSA_AUDIT_NUM_CATEGORIES_NT4	7
-#define LSA_AUDIT_NUM_CATEGORIES_WIN2K	9
-
-#define LSA_AUDIT_NUM_CATEGORIES LSA_AUDIT_NUM_CATEGORIES_NT4
-
-#define LSA_AUDIT_POLICY_NONE		0x00
-#define LSA_AUDIT_POLICY_SUCCESS	0x01
-#define LSA_AUDIT_POLICY_FAILURE	0x02
-#define LSA_AUDIT_POLICY_ALL		(LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE)
-#define LSA_AUDIT_POLICY_CLEAR		0x04
-
-enum lsa_audit_categories {
-	LSA_AUDIT_CATEGORY_SYSTEM = 0,
-	LSA_AUDIT_CATEGORY_LOGON = 1,
-	LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS,
-	LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS,
-	LSA_AUDIT_CATEGORY_PROCCESS_TRACKING,
-	LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES,
-	LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT,
-	LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS,	/* only in win2k/2k3 */
-	LSA_AUDIT_CATEGORY_ACCOUNT_LOGON		/* only in win2k/2k3 */
-};
-
-/* level 1 is auditing settings */
-typedef struct dom_query_1
-{
-	uint32 percent_full;
-	uint32 log_size;
-	NTTIME retention_time;
-	uint8 shutdown_in_progress;
-	NTTIME time_to_shutdown;
-	uint32 next_audit_record;
-	uint32 unknown;
-} DOM_QUERY_1;
-
-
-/* level 2 is auditing settings */
-typedef struct dom_query_2
-{
-	uint32 auditing_enabled;
-	uint32 count1; /* usualy 7, at least on nt4sp4 */
-	uint32 count2; /* the same */
-	uint32 ptr;
-	uint32 *auditsettings;
-} DOM_QUERY_2;
-
-/* DOM_QUERY - info class 3 and 5 LSA Query response */
-typedef struct dom_query_info_3
-{
-	uint16 uni_dom_max_len; /* domain name string length * 2 */
-	uint16 uni_dom_str_len; /* domain name string length * 2 */
-	uint32 buffer_dom_name; /* undocumented domain name string buffer pointer */
-	uint32 buffer_dom_sid; /* undocumented domain SID string buffer pointer */
-	UNISTR2 uni_domain_name; /* domain name (unicode string) */
-	DOM_SID2 dom_sid; /* domain SID */
-
-} DOM_QUERY_3;
-
-/* level 5 is same as level 3. */
-typedef DOM_QUERY_3 DOM_QUERY_5;
-
-/* level 6 is server role information */
-typedef struct dom_query_6
-{
-	uint16 server_role; /* 2=backup, 3=primary */
-} DOM_QUERY_6;
-
-/* level 10 is audit full set info */
-typedef struct dom_query_10
-{
-        uint8 shutdown_on_full;
-} DOM_QUERY_10;
-
-/* level 11 is audit full query info */
-typedef struct dom_query_11
-{
-	uint16 unknown;
-	uint8 shutdown_on_full;
-	uint8 log_is_full;
-} DOM_QUERY_11;
-
-/* level 12 is DNS domain info */
-typedef struct lsa_dns_dom_info
-{
-	UNIHDR  hdr_nb_dom_name; /* netbios domain name */
-	UNIHDR  hdr_dns_dom_name;
-	UNIHDR  hdr_forest_name;
-
-	struct GUID dom_guid; /* domain GUID */
-
-	UNISTR2 uni_nb_dom_name;
-	UNISTR2 uni_dns_dom_name;
-	UNISTR2 uni_forest_name;
-
-	uint32 ptr_dom_sid;
-	DOM_SID2   dom_sid; /* domain SID */
-} DOM_QUERY_12;
-
-typedef struct seq_qos_info
-{
-	uint32 len; /* 12 */
-	uint16 sec_imp_level; /* 0x02 - impersonation level */
-	uint8  sec_ctxt_mode; /* 0x01 - context tracking mode */
-	uint8  effective_only; /* 0x00 - effective only */
-
-} LSA_SEC_QOS;
-
-typedef struct obj_attr_info
-{
-	uint32 len;          /* 0x18 - length (in bytes) inc. the length field. */
-	uint32 ptr_root_dir; /* 0 - root directory (pointer) */
-	uint32 ptr_obj_name; /* 0 - object name (pointer) */
-	uint32 attributes;   /* 0 - attributes (undocumented) */
-	uint32 ptr_sec_desc; /* 0 - security descriptior (pointer) */
-	uint32 ptr_sec_qos;  /* security quality of service */
-	LSA_SEC_QOS *sec_qos;
-
-} LSA_OBJ_ATTR;
-
-/* LSA_Q_OPEN_POL - LSA Query Open Policy */
-typedef struct lsa_q_open_pol_info
-{
-	uint32 ptr;         /* undocumented buffer pointer */
-	uint16 system_name; /* 0x5c - system name */
-	LSA_OBJ_ATTR attr ; /* object attributes */
-
-	uint32 des_access; /* desired access attributes */
-
-} LSA_Q_OPEN_POL;
-
-/* LSA_R_OPEN_POL - response to LSA Open Policy */
-typedef struct lsa_r_open_pol_info
-{
-	POLICY_HND pol; /* policy handle */
-	NTSTATUS status; /* return code */
-
-} LSA_R_OPEN_POL;
-
-/* LSA_Q_OPEN_POL2 - LSA Query Open Policy */
-typedef struct lsa_q_open_pol2_info
-{
-	uint32       ptr;             /* undocumented buffer pointer */
-	UNISTR2      uni_server_name; /* server name, starting with two '\'s */
-	LSA_OBJ_ATTR attr           ; /* object attributes */
-
-	uint32 des_access; /* desired access attributes */
-
-} LSA_Q_OPEN_POL2;
-
-/* LSA_R_OPEN_POL2 - response to LSA Open Policy */
-typedef struct lsa_r_open_pol2_info
-{
-	POLICY_HND pol; /* policy handle */
-	NTSTATUS status; /* return code */
-
-} LSA_R_OPEN_POL2;
-
-
-#define POLICY_VIEW_LOCAL_INFORMATION    0x00000001
-#define POLICY_VIEW_AUDIT_INFORMATION    0x00000002
-#define POLICY_GET_PRIVATE_INFORMATION   0x00000004
-#define POLICY_TRUST_ADMIN               0x00000008
-#define POLICY_CREATE_ACCOUNT            0x00000010
-#define POLICY_CREATE_SECRET             0x00000020
-#define POLICY_CREATE_PRIVILEGE          0x00000040
-#define POLICY_SET_DEFAULT_QUOTA_LIMITS  0x00000080
-#define POLICY_SET_AUDIT_REQUIREMENTS    0x00000100
-#define POLICY_AUDIT_LOG_ADMIN           0x00000200
-#define POLICY_SERVER_ADMIN              0x00000400
-#define POLICY_LOOKUP_NAMES              0x00000800
-
-#define POLICY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS  |\
-                            POLICY_VIEW_LOCAL_INFORMATION    |\
-                            POLICY_VIEW_AUDIT_INFORMATION    |\
-                            POLICY_GET_PRIVATE_INFORMATION   |\
-                            POLICY_TRUST_ADMIN               |\
-                            POLICY_CREATE_ACCOUNT            |\
-                            POLICY_CREATE_SECRET             |\
-                            POLICY_CREATE_PRIVILEGE          |\
-                            POLICY_SET_DEFAULT_QUOTA_LIMITS  |\
-                            POLICY_SET_AUDIT_REQUIREMENTS    |\
-                            POLICY_AUDIT_LOG_ADMIN           |\
-                            POLICY_SERVER_ADMIN              |\
-                            POLICY_LOOKUP_NAMES )
-
-
-#define POLICY_READ       ( STANDARD_RIGHTS_READ_ACCESS      |\
-                            POLICY_VIEW_AUDIT_INFORMATION    |\
-                            POLICY_GET_PRIVATE_INFORMATION)
-
-#define POLICY_WRITE      ( STD_RIGHT_READ_CONTROL_ACCESS     |\
-                            POLICY_TRUST_ADMIN               |\
-                            POLICY_CREATE_ACCOUNT            |\
-                            POLICY_CREATE_SECRET             |\
-                            POLICY_CREATE_PRIVILEGE          |\
-                            POLICY_SET_DEFAULT_QUOTA_LIMITS  |\
-                            POLICY_SET_AUDIT_REQUIREMENTS    |\
-                            POLICY_AUDIT_LOG_ADMIN           |\
-                            POLICY_SERVER_ADMIN)
-
-#define POLICY_EXECUTE    ( STANDARD_RIGHTS_EXECUTE_ACCESS   |\
-                            POLICY_VIEW_LOCAL_INFORMATION    |\
-                            POLICY_LOOKUP_NAMES )
-
-/* LSA_Q_QUERY_SEC_OBJ - LSA query security */
-typedef struct lsa_query_sec_obj_info
-{
-	POLICY_HND pol; /* policy handle */
-	uint32 sec_info;
-
-} LSA_Q_QUERY_SEC_OBJ;
-
-/* LSA_R_QUERY_SEC_OBJ - probably an open */
-typedef struct r_lsa_query_sec_obj_info
-{
-	uint32 ptr;
-	SEC_DESC_BUF *buf;
-
-	NTSTATUS status;         /* return status */
-
-} LSA_R_QUERY_SEC_OBJ;
-
-/* LSA_Q_QUERY_INFO - LSA query info policy */
-typedef struct lsa_query_info
-{
-	POLICY_HND pol; /* policy handle */
-	uint16 info_class; /* info class */
-
-} LSA_Q_QUERY_INFO;
-
-/* LSA_INFO_CTR */
-typedef struct lsa_info_ctr
-{
-	uint16 info_class;
-	union {
-		DOM_QUERY_1 id1;
-		DOM_QUERY_2 id2;
-		DOM_QUERY_3 id3;
-		DOM_QUERY_5 id5;
-		DOM_QUERY_6 id6;
-		DOM_QUERY_10 id10;
-		DOM_QUERY_11 id11;
-		DOM_QUERY_12 id12;
-	} info;
-
-} LSA_INFO_CTR;
-
-typedef LSA_INFO_CTR LSA_INFO_CTR2;
-
-/* LSA_R_QUERY_INFO - response to LSA query info policy */
-typedef struct lsa_r_query_info
-{
-	uint32 dom_ptr; /* undocumented buffer pointer */
-	LSA_INFO_CTR ctr; 
-	NTSTATUS status; /* return code */
-
-} LSA_R_QUERY_INFO;
-
-typedef LSA_Q_QUERY_INFO LSA_Q_QUERY_INFO2;
-typedef LSA_R_QUERY_INFO LSA_R_QUERY_INFO2;
-
-/*******************************************************/
-
-typedef struct {
-	POLICY_HND pol; 
-	uint32 enum_context; 
-	uint32 preferred_len; 	/* preferred maximum length */
-} LSA_Q_ENUM_TRUST_DOM;
-
-typedef struct {
-	UNISTR4	name;
-	DOM_SID2 *sid;
-} DOMAIN_INFO;
-
-typedef struct {
-	uint32 count;
-	DOMAIN_INFO *domains;
-} DOMAIN_LIST;
-
-typedef struct {
-	uint32 enum_context;
-	uint32 count;
-	DOMAIN_LIST *domlist;
-	NTSTATUS status; 
-} LSA_R_ENUM_TRUST_DOM;
-
-/*******************************************************/
-
-/* LSA_Q_CLOSE */
-typedef struct lsa_q_close_info
-{
-	POLICY_HND pol; /* policy handle */
-
-} LSA_Q_CLOSE;
-
-/* LSA_R_CLOSE */
-typedef struct lsa_r_close_info
-{
-	POLICY_HND pol; /* policy handle.  should be all zeros. */
-
-	NTSTATUS status; /* return code */
-
-} LSA_R_CLOSE;
-
-
-#define MAX_REF_DOMAINS 32
-
-/* DOM_TRUST_HDR */
-typedef struct dom_trust_hdr
-{
-	UNIHDR hdr_dom_name; /* referenced domain unicode string headers */
-	uint32 ptr_dom_sid;
-
-} DOM_TRUST_HDR;
-	
-/* DOM_TRUST_INFO */
-typedef struct dom_trust_info
-{
-	UNISTR2  uni_dom_name; /* domain name unicode string */
-	DOM_SID2 ref_dom     ; /* referenced domain SID */
-
-} DOM_TRUST_INFO;
-	
-/* DOM_R_REF */
-typedef struct dom_ref_info
-{
-	uint32 num_ref_doms_1; /* num referenced domains */
-	uint32 ptr_ref_dom; /* pointer to referenced domains */
-	uint32 max_entries; /* 32 - max number of entries */
-	uint32 num_ref_doms_2; /* num referenced domains */
-
-	DOM_TRUST_HDR  hdr_ref_dom[MAX_REF_DOMAINS]; /* referenced domains */
-	DOM_TRUST_INFO ref_dom    [MAX_REF_DOMAINS]; /* referenced domains */
-
-} DOM_R_REF;
-
-/* the domain_idx points to a SID associated with the name */
-
-/* LSA_TRANS_NAME - translated name */
-typedef struct lsa_trans_name_info
-{
-	uint16 sid_name_use; /* value is 5 for a well-known group; 2 for a domain group; 1 for a user... */
-	UNIHDR hdr_name; 
-	uint32 domain_idx; /* index into DOM_R_REF array of SIDs */
-
-} LSA_TRANS_NAME;
-
-/* LSA_TRANS_NAME2 - translated name */
-typedef struct lsa_trans_name_info2
-{
-	uint16 sid_name_use; /* value is 5 for a well-known group; 2 for a domain group; 1 for a user... */
-	UNIHDR hdr_name; 
-	uint32 domain_idx; /* index into DOM_R_REF array of SIDs */
-	uint32 unknown;
-
-} LSA_TRANS_NAME2;
-
-/* This number is based on Win2k and later maximum response allowed */
-#define MAX_LOOKUP_SIDS 20480	/* 0x5000 */
-
-/* LSA_TRANS_NAME_ENUM - LSA Translated Name Enumeration container */
-typedef struct lsa_trans_name_enum_info
-{
-	uint32 num_entries;
-	uint32 ptr_trans_names;
-	uint32 num_entries2;
-	
-	LSA_TRANS_NAME *name; /* translated names  */
-	UNISTR2 *uni_name;
-
-} LSA_TRANS_NAME_ENUM;
-
-/* LSA_TRANS_NAME_ENUM2 - LSA Translated Name Enumeration container 2 */
-typedef struct lsa_trans_name_enum_info2
-{
-	uint32 num_entries;
-	uint32 ptr_trans_names;
-	uint32 num_entries2;
-	
-	LSA_TRANS_NAME2 *name; /* translated names  */
-	UNISTR2 *uni_name;
-
-} LSA_TRANS_NAME_ENUM2;
-
-/* LSA_SID_ENUM - LSA SID enumeration container */
-typedef struct lsa_sid_enum_info
-{
-	uint32 num_entries;
-	uint32 ptr_sid_enum;
-	uint32 num_entries2;
-	
-	uint32 *ptr_sid; /* domain SID pointers to be looked up. */
-	DOM_SID2 *sid; /* domain SIDs to be looked up. */
-
-} LSA_SID_ENUM;
-
-/* LSA_Q_LOOKUP_SIDS - LSA Lookup SIDs */
-typedef struct lsa_q_lookup_sids
-{
-	POLICY_HND          pol; /* policy handle */
-	LSA_SID_ENUM        sids;
-	LSA_TRANS_NAME_ENUM names;
-	uint16              level;
-	uint32              mapped_count;
-
-} LSA_Q_LOOKUP_SIDS;
-
-/* LSA_R_LOOKUP_SIDS - response to LSA Lookup SIDs */
-typedef struct lsa_r_lookup_sids
-{
-	uint32              ptr_dom_ref;
-	DOM_R_REF           *dom_ref; /* domain reference info */
-
-	LSA_TRANS_NAME_ENUM names;
-	uint32              mapped_count;
-
-	NTSTATUS            status; /* return code */
-
-} LSA_R_LOOKUP_SIDS;
-
-/* LSA_Q_LOOKUP_SIDS2 - LSA Lookup SIDs 2*/
-typedef struct lsa_q_lookup_sids2
-{
-	POLICY_HND          pol; /* policy handle */
-	LSA_SID_ENUM        sids;
-	LSA_TRANS_NAME_ENUM2 names;
-	uint16              level;
-	uint32              mapped_count;
-	uint32              unknown1;
-	uint32              unknown2;
-
-} LSA_Q_LOOKUP_SIDS2;
-
-/* LSA_R_LOOKUP_SIDS2 - response to LSA Lookup SIDs 2*/
-typedef struct lsa_r_lookup_sids2
-{
-	uint32              ptr_dom_ref;
-	DOM_R_REF           *dom_ref; /* domain reference info */
-
-	LSA_TRANS_NAME_ENUM2 names;
-	uint32              mapped_count;
-
-	NTSTATUS            status; /* return code */
-
-} LSA_R_LOOKUP_SIDS2;
-
-/* LSA_Q_LOOKUP_SIDS3 - LSA Lookup SIDs 3 */
-typedef struct lsa_q_lookup_sids3
-{
-	LSA_SID_ENUM        sids;
-	LSA_TRANS_NAME_ENUM2 names;
-	uint16              level;
-	uint32              mapped_count;
-	uint32              unknown1;
-	uint32              unknown2;
-
-} LSA_Q_LOOKUP_SIDS3;
-
-/* LSA_R_LOOKUP_SIDS3 - response to LSA Lookup SIDs 3 */
-typedef struct lsa_r_lookup_sids3
-{
-	uint32              ptr_dom_ref;
-	DOM_R_REF           *dom_ref; /* domain reference info */
-
-	LSA_TRANS_NAME_ENUM2 names;
-	uint32              mapped_count;
-
-	NTSTATUS            status; /* return code */
-
-} LSA_R_LOOKUP_SIDS3;
-
-/* LSA_Q_LOOKUP_NAMES - LSA Lookup NAMEs */
-typedef struct lsa_q_lookup_names
-{
-	POLICY_HND pol; /* policy handle */
-	uint32 num_entries;
-	uint32 num_entries2;
-	UNIHDR  *hdr_name; /* name buffer pointers */
-	UNISTR2 *uni_name; /* names to be looked up */
-
-	uint32 num_trans_entries;
-	uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */
-	uint16 lookup_level;
-	uint32 mapped_count;
-
-} LSA_Q_LOOKUP_NAMES;
-
-/* LSA_R_LOOKUP_NAMES - response to LSA Lookup NAMEs by name */
-typedef struct lsa_r_lookup_names
-{
-	uint32 ptr_dom_ref;
-	DOM_R_REF *dom_ref; /* domain reference info */
-
-	uint32 num_entries;
-	uint32 ptr_entries;
-	uint32 num_entries2;
-	DOM_RID *dom_rid; /* domain RIDs being looked up */
-
-	uint32 mapped_count;
-
-	NTSTATUS status; /* return code */
-} LSA_R_LOOKUP_NAMES;
-
-/* LSA_Q_LOOKUP_NAMES2 - LSA Lookup NAMEs 2*/
-typedef struct lsa_q_lookup_names2
-{
-	POLICY_HND pol; /* policy handle */
-	uint32 num_entries;
-	uint32 num_entries2;
-	UNIHDR  *hdr_name; /* name buffer pointers */
-	UNISTR2 *uni_name; /* names to be looked up */
-
-	uint32 num_trans_entries;
-	uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */
-	uint16 lookup_level;
-	uint32 mapped_count;
-	uint32 unknown1;
-	uint32 unknown2;
-
-} LSA_Q_LOOKUP_NAMES2;
-
-/* LSA_R_LOOKUP_NAMES2 - response to LSA Lookup NAMEs by name 2 */
-typedef struct lsa_r_lookup_names2
-{
-	uint32 ptr_dom_ref;
-	DOM_R_REF *dom_ref; /* domain reference info */
-
-	uint32 num_entries;
-	uint32 ptr_entries;
-	uint32 num_entries2;
-	DOM_RID2 *dom_rid; /* domain RIDs being looked up */
-
-	uint32 mapped_count;
-
-	NTSTATUS status; /* return code */
-} LSA_R_LOOKUP_NAMES2;
-
-/* LSA_Q_LOOKUP_NAMES3 - LSA Lookup NAMEs 3 */
-typedef struct lsa_q_lookup_names3
-{
-	POLICY_HND pol; /* policy handle */
-	uint32 num_entries;
-	uint32 num_entries2;
-	UNIHDR  *hdr_name; /* name buffer pointers */
-	UNISTR2 *uni_name; /* names to be looked up */
-
-	uint32 num_trans_entries;
-	uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */
-	uint16 lookup_level;
-	uint32 mapped_count;
-	uint32 unknown1;
-	uint32 unknown2;
-
-} LSA_Q_LOOKUP_NAMES3;
-
-/* Sid type used in lookupnames3 and lookupnames4. */
-typedef struct lsa_translatedsid3 {
-	uint8 sid_type;
-	DOM_SID2 *sid2;
-	uint32 sid_idx;
-	uint32 unknown;
-} LSA_TRANSLATED_SID3;
-
-/* LSA_R_LOOKUP_NAMES3 - response to LSA Lookup NAMEs by name 3 */
-typedef struct lsa_r_lookup_names3
-{
-	uint32 ptr_dom_ref;
-	DOM_R_REF *dom_ref; /* domain reference info */
-
-	uint32 num_entries;
-	uint32 ptr_entries;
-	uint32 num_entries2;
-	LSA_TRANSLATED_SID3 *trans_sids;
-
-	uint32 mapped_count;
-
-	NTSTATUS status; /* return code */
-} LSA_R_LOOKUP_NAMES3;
-
-/* LSA_Q_LOOKUP_NAMES4 - LSA Lookup NAMEs 4 */
-typedef struct lsa_q_lookup_names4
-{
-	uint32 num_entries;
-	uint32 num_entries2;
-	UNIHDR  *hdr_name; /* name buffer pointers */
-	UNISTR2 *uni_name; /* names to be looked up */
-
-	uint32 num_trans_entries;
-	uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */
-	uint16 lookup_level;
-	uint32 mapped_count;
-	uint32 unknown1;
-	uint32 unknown2;
-
-} LSA_Q_LOOKUP_NAMES4;
-
-/* LSA_R_LOOKUP_NAMES3 - response to LSA Lookup NAMEs by name 4 */
-typedef struct lsa_r_lookup_names4
-{
-	uint32 ptr_dom_ref;
-	DOM_R_REF *dom_ref; /* domain reference info */
-
-	uint32 num_entries;
-	uint32 ptr_entries;
-	uint32 num_entries2;
-	LSA_TRANSLATED_SID3 *trans_sids;
-
-	uint32 mapped_count;
-
-	NTSTATUS status; /* return code */
-} LSA_R_LOOKUP_NAMES4;
-
-typedef struct lsa_enum_priv_entry
-{
-	UNIHDR hdr_name;
-	uint32 luid_low;
-	uint32 luid_high;
-	UNISTR2 name;
-	
-} LSA_PRIV_ENTRY;
-
-/* LSA_Q_ENUM_PRIVS - LSA enum privileges */
-typedef struct lsa_q_enum_privs
-{
-	POLICY_HND pol; /* policy handle */
-	uint32 enum_context;
-	uint32 pref_max_length;
-} LSA_Q_ENUM_PRIVS;
-
-typedef struct lsa_r_enum_privs
-{
-	uint32 enum_context;
-	uint32 count;
-	uint32 ptr;
-	uint32 count1;
-
-	LSA_PRIV_ENTRY *privs;
-
-	NTSTATUS status;
-} LSA_R_ENUM_PRIVS;
-
-/* LSA_Q_ENUM_ACCT_RIGHTS - LSA enum account rights */
-typedef struct
-{
-	POLICY_HND pol; /* policy handle */
-	DOM_SID2 sid;
-} LSA_Q_ENUM_ACCT_RIGHTS;
-
-/* LSA_R_ENUM_ACCT_RIGHTS - LSA enum account rights */
-typedef struct
-{
-	uint32 count;
-	UNISTR4_ARRAY *rights;
-	NTSTATUS status;
-} LSA_R_ENUM_ACCT_RIGHTS;
-
-
-/* LSA_Q_ADD_ACCT_RIGHTS - LSA add account rights */
-typedef struct
-{
-	POLICY_HND pol; /* policy handle */
-	DOM_SID2 sid;
-	uint32 count;
-	UNISTR4_ARRAY *rights;
-} LSA_Q_ADD_ACCT_RIGHTS;
-
-/* LSA_R_ADD_ACCT_RIGHTS - LSA add account rights */
-typedef struct
-{
-	NTSTATUS status;
-} LSA_R_ADD_ACCT_RIGHTS;
-
-
-/* LSA_Q_REMOVE_ACCT_RIGHTS - LSA remove account rights */
-typedef struct
-{
-	POLICY_HND pol; /* policy handle */
-	DOM_SID2 sid;
-	uint32 removeall;
-	uint32 count;
-	UNISTR4_ARRAY *rights;
-} LSA_Q_REMOVE_ACCT_RIGHTS;
-
-/* LSA_R_REMOVE_ACCT_RIGHTS - LSA remove account rights */
-typedef struct
-{
-	NTSTATUS status;
-} LSA_R_REMOVE_ACCT_RIGHTS;
-
-
-/* LSA_Q_PRIV_GET_DISPNAME - LSA get privilege display name */
-typedef struct lsa_q_priv_get_dispname
-{
-	POLICY_HND pol; /* policy handle */
-	UNIHDR hdr_name;
-	UNISTR2 name;
-	uint16 lang_id;
-	uint16 lang_id_sys;
-} LSA_Q_PRIV_GET_DISPNAME;
-
-typedef struct lsa_r_priv_get_dispname
-{
-	uint32 ptr_info;
-	UNIHDR hdr_desc;
-	UNISTR2 desc;
-	/* Don't align ! */
-	uint16 lang_id;
-	/* align */
-	NTSTATUS status;
-} LSA_R_PRIV_GET_DISPNAME;
-
-/* LSA_Q_ENUM_ACCOUNTS */
-typedef struct lsa_q_enum_accounts
-{
-	POLICY_HND pol; /* policy handle */
-	uint32 enum_context;
-	uint32 pref_max_length;
-} LSA_Q_ENUM_ACCOUNTS;
-
-/* LSA_R_ENUM_ACCOUNTS */
-typedef struct lsa_r_enum_accounts
-{
-	uint32 enum_context;
-	LSA_SID_ENUM sids;
-	NTSTATUS status;
-} LSA_R_ENUM_ACCOUNTS;
-
-/* LSA_Q_UNK_GET_CONNUSER - gets username\domain of connected user
-                  called when "Take Ownership" is clicked -SK */
-typedef struct lsa_q_unk_get_connuser
-{
-  uint32 ptr_srvname;
-  UNISTR2 uni2_srvname;
-  uint32 unk1; /* 3 unknown uint32's are seen right after uni2_srvname */
-  uint32 unk2; /* unk2 appears to be a ptr, unk1 = unk3 = 0 usually */
-  uint32 unk3; 
-} LSA_Q_UNK_GET_CONNUSER;
-
-/* LSA_R_UNK_GET_CONNUSER */
-typedef struct lsa_r_unk_get_connuser
-{
-  uint32 ptr_user_name;
-  UNIHDR hdr_user_name;
-  UNISTR2 uni2_user_name;
-  
-  uint32 unk1;
-  
-  uint32 ptr_dom_name;
-  UNIHDR hdr_dom_name;
-  UNISTR2 uni2_dom_name;
-
-  NTSTATUS status;
-} LSA_R_UNK_GET_CONNUSER;
-
-
-typedef struct lsa_q_createaccount
-{
-	POLICY_HND pol; /* policy handle */
-	DOM_SID2 sid;
-	uint32 access; /* access */
-} LSA_Q_CREATEACCOUNT;
-
-typedef struct lsa_r_createaccount
-{
-	POLICY_HND pol; /* policy handle */
-	NTSTATUS status;
-} LSA_R_CREATEACCOUNT;
-
-
-typedef struct lsa_q_openaccount
-{
-	POLICY_HND pol; /* policy handle */
-	DOM_SID2 sid;
-	uint32 access; /* desired access */
-} LSA_Q_OPENACCOUNT;
-
-typedef struct lsa_r_openaccount
-{
-	POLICY_HND pol; /* policy handle */
-	NTSTATUS status;
-} LSA_R_OPENACCOUNT;
-
-typedef struct lsa_q_enumprivsaccount
-{
-	POLICY_HND pol; /* policy handle */
-} LSA_Q_ENUMPRIVSACCOUNT;
-
-typedef struct lsa_r_enumprivsaccount
-{
-	uint32 ptr;
-	uint32 count;
-	PRIVILEGE_SET set;
-	NTSTATUS status;
-} LSA_R_ENUMPRIVSACCOUNT;
-
-typedef struct lsa_q_getsystemaccount
-{
-	POLICY_HND pol; /* policy handle */
-} LSA_Q_GETSYSTEMACCOUNT;
-
-typedef struct lsa_r_getsystemaccount
-{
-	uint32 access;
-	NTSTATUS status;
-} LSA_R_GETSYSTEMACCOUNT;
-
-
-typedef struct lsa_q_setsystemaccount
-{
-	POLICY_HND pol; /* policy handle */
-	uint32 access;
-} LSA_Q_SETSYSTEMACCOUNT;
-
-typedef struct lsa_r_setsystemaccount
-{
-	NTSTATUS status;
-} LSA_R_SETSYSTEMACCOUNT;
-
-typedef struct {
-	UNIHDR hdr;
-	UNISTR2 unistring;
-} LSA_STRING;
-
-typedef struct {
-	POLICY_HND pol; /* policy handle */
-	LSA_STRING privname;
-} LSA_Q_LOOKUP_PRIV_VALUE;
-
-typedef struct {
-	LUID luid;
-	NTSTATUS status;
-} LSA_R_LOOKUP_PRIV_VALUE;
-
-typedef struct lsa_q_addprivs
-{
-	POLICY_HND pol; /* policy handle */
-	uint32 count;
-	PRIVILEGE_SET set;
-} LSA_Q_ADDPRIVS;
-
-typedef struct lsa_r_addprivs
-{
-	NTSTATUS status;
-} LSA_R_ADDPRIVS;
-
-
-typedef struct lsa_q_removeprivs
-{
-	POLICY_HND pol; /* policy handle */
-	uint32 allrights;
-	uint32 ptr;
-	uint32 count;
-	PRIVILEGE_SET set;
-} LSA_Q_REMOVEPRIVS;
-
-typedef struct lsa_r_removeprivs
-{
-	NTSTATUS status;
-} LSA_R_REMOVEPRIVS;
-
-/*******************************************************/
-#if 0 /* jerry, I think this not correct - gd */
-typedef struct {
-	POLICY_HND	handle;
-	uint32		count;	/* ??? this is what ethereal calls it */
-	DOM_SID		sid;
-} LSA_Q_OPEN_TRUSTED_DOMAIN;
-#endif
-
-/* LSA_Q_OPEN_TRUSTED_DOMAIN - LSA Query Open Trusted Domain */
-typedef struct lsa_q_open_trusted_domain
-{
-	POLICY_HND 	pol; 	/* policy handle */
-	DOM_SID2 	sid;	/* domain sid */
-	uint32 	access_mask;	/* access mask */
-	
-} LSA_Q_OPEN_TRUSTED_DOMAIN;
-
-/* LSA_R_OPEN_TRUSTED_DOMAIN - response to LSA Query Open Trusted Domain */
-typedef struct {
-	POLICY_HND	handle;	/* trustdom policy handle */
-	NTSTATUS	status; /* return code */
-} LSA_R_OPEN_TRUSTED_DOMAIN;
-
-
-/*******************************************************/
-
-typedef struct {
-	POLICY_HND	handle;	
-	UNISTR4		secretname;
-	uint32		access;
-} LSA_Q_OPEN_SECRET;
-
-typedef struct {
-	POLICY_HND	handle;
-	NTSTATUS	status;
-} LSA_R_OPEN_SECRET;
-
-
-/*******************************************************/
-
-typedef struct {
-	POLICY_HND	handle;
-} LSA_Q_DELETE_OBJECT;
-
-typedef struct {
-	NTSTATUS 	status;
-} LSA_R_DELETE_OBJECT;
-
-
-/*******************************************************/
-
-typedef struct {
-	POLICY_HND      handle;
-	UNISTR4         secretname;
-	uint32          access;
-} LSA_Q_CREATE_SECRET;
-
-typedef struct {
-	POLICY_HND      handle;
-	NTSTATUS        status;
-} LSA_R_CREATE_SECRET;
-
-
-/*******************************************************/
-
-typedef struct {
-	POLICY_HND	handle;	
-	UNISTR4		secretname;
-	uint32		access;
-} LSA_Q_CREATE_TRUSTED_DOMAIN;
-
-typedef struct {
-	POLICY_HND	handle;
-	NTSTATUS	status;
-} LSA_R_CREATE_TRUSTED_DOMAIN;
-
-
-/*******************************************************/
-
-typedef struct {
-	uint32	size;	/* size is written on the wire twice so I 
-			   can only assume that one is supposed to 
-			   be a max length and one is a size */
-	UNISTR2	*data;	/* not really a UNICODE string but the parsing 
-			   is the same */
-} LSA_DATA_BLOB;
-
-typedef struct {
-	POLICY_HND	handle;	
-	LSA_DATA_BLOB   *old_value;
-	LSA_DATA_BLOB	*new_value;
-} LSA_Q_SET_SECRET;
-
-typedef struct {
-	NTSTATUS	status;
-} LSA_R_SET_SECRET;
-
-typedef struct dom_info_kerberos {
-	uint32 enforce_restrictions;
-	NTTIME service_tkt_lifetime;
-	NTTIME user_tkt_lifetime;
-	NTTIME user_tkt_renewaltime;
-	NTTIME clock_skew;
-	NTTIME unknown6;
-} LSA_DOM_INFO_POLICY_KERBEROS;
-
-typedef struct dom_info_efs {
-	uint32 blob_len;
-	UNISTR2 efs_blob;
-} LSA_DOM_INFO_POLICY_EFS;
-
-typedef struct lsa_dom_info_union {
-	uint16 info_class;
-	LSA_DOM_INFO_POLICY_EFS efs_policy;
-	LSA_DOM_INFO_POLICY_KERBEROS krb_policy;
-} LSA_DOM_INFO_UNION;
-
-/* LSA_Q_QUERY_DOM_INFO_POLICY - LSA query info */
-typedef struct lsa_q_query_dom_info_policy
-{
-	POLICY_HND pol;    /* policy handle */
-	uint16 info_class; /* info class */
-} LSA_Q_QUERY_DOM_INFO_POLICY;
-
-typedef struct lsa_r_query_dom_info_policy
-{
-	LSA_DOM_INFO_UNION *info;
-	NTSTATUS status;
-} LSA_R_QUERY_DOM_INFO_POLICY;
-
+#define LSA_POLICY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS  |\
+                            LSA_POLICY_VIEW_LOCAL_INFORMATION    |\
+                            LSA_POLICY_VIEW_AUDIT_INFORMATION    |\
+                            LSA_POLICY_GET_PRIVATE_INFORMATION   |\
+                            LSA_POLICY_TRUST_ADMIN               |\
+                            LSA_POLICY_CREATE_ACCOUNT            |\
+                            LSA_POLICY_CREATE_SECRET             |\
+                            LSA_POLICY_CREATE_PRIVILEGE          |\
+                            LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS  |\
+                            LSA_POLICY_SET_AUDIT_REQUIREMENTS    |\
+                            LSA_POLICY_AUDIT_LOG_ADMIN           |\
+                            LSA_POLICY_SERVER_ADMIN              |\
+                            LSA_POLICY_LOOKUP_NAMES )
+
+
+#define LSA_POLICY_READ       ( STANDARD_RIGHTS_READ_ACCESS      |\
+                            LSA_POLICY_VIEW_AUDIT_INFORMATION    |\
+                            LSA_POLICY_GET_PRIVATE_INFORMATION)
+
+#define LSA_POLICY_WRITE      ( STD_RIGHT_READ_CONTROL_ACCESS     |\
+                            LSA_POLICY_TRUST_ADMIN               |\
+                            LSA_POLICY_CREATE_ACCOUNT            |\
+                            LSA_POLICY_CREATE_SECRET             |\
+                            LSA_POLICY_CREATE_PRIVILEGE          |\
+                            LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS  |\
+                            LSA_POLICY_SET_AUDIT_REQUIREMENTS    |\
+                            LSA_POLICY_AUDIT_LOG_ADMIN           |\
+                            LSA_POLICY_SERVER_ADMIN)
+
+#define LSA_POLICY_EXECUTE    ( STANDARD_RIGHTS_EXECUTE_ACCESS   |\
+                            LSA_POLICY_VIEW_LOCAL_INFORMATION    |\
+                            LSA_POLICY_LOOKUP_NAMES )
 
 #endif /* _RPC_LSA_H */
diff --git a/source3/include/rpc_netlogon.h b/source3/include/rpc_netlogon.h
index a82b977a5b..cd88ffef59 100644
--- a/source3/include/rpc_netlogon.h
+++ b/source3/include/rpc_netlogon.h
@@ -23,64 +23,6 @@
 #ifndef _RPC_NETLOGON_H /* _RPC_NETLOGON_H */
 #define _RPC_NETLOGON_H 
 
-
-/* NETLOGON pipe */
-#define NET_SAMLOGON		0x02
-#define NET_SAMLOGOFF		0x03
-#define NET_REQCHAL		0x04
-#define NET_AUTH		0x05
-#define NET_SRVPWSET		0x06
-#define NET_SAM_DELTAS		0x07
-#define NET_GETDCNAME		0x0b
-#define NET_LOGON_CTRL		0x0c
-#define NET_GETANYDCNAME	0x0d
-#define NET_AUTH2		0x0f
-#define NET_LOGON_CTRL2		0x0e
-#define NET_SAM_SYNC		0x10
-#define NET_TRUST_DOM_LIST	0x13
-#define NET_DSR_GETDCNAME	0x14
-#define NET_AUTH3		0x1a
-#define NET_DSR_GETDCNAMEEX	0x1b
-#define NET_DSR_GETSITENAME	0x1c
-#define NET_DSR_GETDCNAMEEX2	0x22
-#define NET_SAMLOGON_EX		0x27
-
-/* Secure Channel types.  used in NetrServerAuthenticate negotiation */
-#define SEC_CHAN_WKSTA   2
-#define SEC_CHAN_DOMAIN  4
-#define SEC_CHAN_BDC     6
-
-/* Returned delta types */
-#define SAM_DELTA_DOMAIN_INFO    0x01
-#define SAM_DELTA_GROUP_INFO     0x02
-#define SAM_DELTA_RENAME_GROUP   0x04
-#define SAM_DELTA_ACCOUNT_INFO   0x05
-#define SAM_DELTA_RENAME_USER    0x07
-#define SAM_DELTA_GROUP_MEM      0x08
-#define SAM_DELTA_ALIAS_INFO     0x09
-#define SAM_DELTA_RENAME_ALIAS   0x0b
-#define SAM_DELTA_ALIAS_MEM      0x0c
-#define SAM_DELTA_POLICY_INFO    0x0d
-#define SAM_DELTA_TRUST_DOMS     0x0e
-#define SAM_DELTA_PRIVS_INFO     0x10 /* DT_DELTA_ACCOUNTS */
-#define SAM_DELTA_SECRET_INFO    0x12
-#define SAM_DELTA_DELETE_GROUP   0x14
-#define SAM_DELTA_DELETE_USER    0x15
-#define SAM_DELTA_MODIFIED_COUNT 0x16
-
-/* SAM database types */
-#define SAM_DATABASE_DOMAIN    0x00 /* Domain users and groups */
-#define SAM_DATABASE_BUILTIN   0x01 /* BUILTIN users and groups */
-#define SAM_DATABASE_PRIVS     0x02 /* Privileges */
-
-/* flags use when sending a NETLOGON_CONTROL request */
-
-#define NETLOGON_CONTROL_SYNC			0x2
-#define NETLOGON_CONTROL_REDISCOVER		0x5
-#define NETLOGON_CONTROL_TC_QUERY		0x6
-#define NETLOGON_CONTROL_TRANSPORT_NOTIFY	0x7
-#define NETLOGON_CONTROL_SET_DBFLAG		0xfffe
-
 /* Some flag values reverse engineered from NLTEST.EXE */
 /* used in the NETLOGON_CONTROL[2] reply */
 
@@ -89,30 +31,12 @@
 #define NL_CTRL_REPL_IN_PROGRESS 0x0002
 #define NL_CTRL_FULL_SYNC        0x0004
 
-#define LOGON_GUEST			0x00000001
-#define LOGON_NOENCRYPTION		0x00000002
-#define LOGON_CACHED_ACCOUNT		0x00000004
-#define LOGON_USED_LM_PASSWORD		0x00000008
-#define LOGON_EXTRA_SIDS		0x00000020
-#define LOGON_SUBAUTH_SESSION_KEY	0x00000040
-#define LOGON_SERVER_TRUST_ACCOUNT	0x00000080
-#define LOGON_NTLMV2_ENABLED		0x00000100
-#define LOGON_RESOURCE_GROUPS		0x00000200
-#define LOGON_PROFILE_PATH_RETURNED	0x00000400
-#define LOGON_GRACE_LOGON		0x01000000
 #define LOGON_KRB5_FAIL_CLOCK_SKEW	0x02000000
 
-#define SE_GROUP_MANDATORY		0x00000001
-#define SE_GROUP_ENABLED_BY_DEFAULT	0x00000002
-#define SE_GROUP_ENABLED		0x00000004
-#define SE_GROUP_OWNER 			0x00000008
-#define SE_GROUP_USE_FOR_DENY_ONLY 	0x00000010
-#define SE_GROUP_LOGON_ID 		0xC0000000
-#define SE_GROUP_RESOURCE 		0x20000000	/* Domain Local Group */
-
 /* Flags for controlling the behaviour of a particular logon */
 
-/* sets LOGON_SERVER_TRUST_ACCOUNT user_flag */
+/* sets NETLOGON_SERVER_TRUST_ACCOUNT user_flag */
+#if 0
 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT	0x00000020
 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT	0x00000800
 
@@ -125,566 +49,11 @@
 /* returns the profilepath in the driveletter and 
  * sets LOGON_PROFILE_PATH_RETURNED user_flag */
 #define MSV1_0_RETURN_PROFILE_PATH		0x00000200
-
-#if 0
-/* I think this is correct - it's what gets parsed on the wire. JRA. */
-/* NET_USER_INFO_2 */
-typedef struct net_user_info_2 {
-	uint32 ptr_user_info;
-
-	NTTIME logon_time;            /* logon time */
-	NTTIME logoff_time;           /* logoff time */
-	NTTIME kickoff_time;          /* kickoff time */
-	NTTIME pass_last_set_time;    /* password last set time */
-	NTTIME pass_can_change_time;  /* password can change time */
-	NTTIME pass_must_change_time; /* password must change time */
-
-	UNIHDR hdr_user_name;    /* username unicode string header */
-	UNIHDR hdr_full_name;    /* user's full name unicode string header */
-	UNIHDR hdr_logon_script; /* logon script unicode string header */
-	UNIHDR hdr_profile_path; /* profile path unicode string header */
-	UNIHDR hdr_home_dir;     /* home directory unicode string header */
-	UNIHDR hdr_dir_drive;    /* home directory drive unicode string header */
-
-	uint16 logon_count;  /* logon count */
-	uint16 bad_pw_count; /* bad password count */
-
-	uint32 user_id;       /* User ID */
-	uint32 group_id;      /* Group ID */
-	uint32 num_groups;    /* num groups */
-	uint32 buffer_groups; /* undocumented buffer pointer to groups. */
-	uint32 user_flgs;     /* user flags */
-
-	uint8 user_sess_key[16]; /* unused user session key */
-
-	UNIHDR hdr_logon_srv; /* logon server unicode string header */
-	UNIHDR hdr_logon_dom; /* logon domain unicode string header */
-
-	uint32 buffer_dom_id; /* undocumented logon domain id pointer */
-	uint8 padding[40];    /* unused padding bytes.  expansion room */
-
-	UNISTR2 uni_user_name;    /* username unicode string */
-	UNISTR2 uni_full_name;    /* user's full name unicode string */
-	UNISTR2 uni_logon_script; /* logon script unicode string */
-	UNISTR2 uni_profile_path; /* profile path unicode string */
-	UNISTR2 uni_home_dir;     /* home directory unicode string */
-	UNISTR2 uni_dir_drive;    /* home directory drive unicode string */
-
-	uint32 num_groups2;        /* num groups */
-	DOM_GID *gids; /* group info */
-
-	UNISTR2 uni_logon_srv; /* logon server unicode string */
-	UNISTR2 uni_logon_dom; /* logon domain unicode string */
-
-	DOM_SID2 dom_sid;           /* domain SID */
-
-	uint32 num_other_groups;        /* other groups */
-	DOM_GID *other_gids; /* group info */
-	DOM_SID2 *other_sids; /* undocumented - domain SIDs */
-
-} NET_USER_INFO_2;
 #endif
 
-/* NET_USER_INFO_2 */
-typedef struct net_user_info_2 {
-	uint32 ptr_user_info;
-
-	NTTIME logon_time;            /* logon time */
-	NTTIME logoff_time;           /* logoff time */
-	NTTIME kickoff_time;          /* kickoff time */
-	NTTIME pass_last_set_time;    /* password last set time */
-	NTTIME pass_can_change_time;  /* password can change time */
-	NTTIME pass_must_change_time; /* password must change time */
-
-	UNIHDR hdr_user_name;    /* username unicode string header */
-	UNIHDR hdr_full_name;    /* user's full name unicode string header */
-	UNIHDR hdr_logon_script; /* logon script unicode string header */
-	UNIHDR hdr_profile_path; /* profile path unicode string header */
-	UNIHDR hdr_home_dir;     /* home directory unicode string header */
-	UNIHDR hdr_dir_drive;    /* home directory drive unicode string header */
-
-	uint16 logon_count;  /* logon count */
-	uint16 bad_pw_count; /* bad password count */
-
-	uint32 user_rid;       /* User RID */
-	uint32 group_rid;      /* Group RID */
-
-	uint32 num_groups;    /* num groups */
-	uint32 buffer_groups; /* undocumented buffer pointer to groups. */
-	uint32 user_flgs;     /* user flags */
-
-	uint8 user_sess_key[16]; /* user session key */
-
-	UNIHDR hdr_logon_srv; /* logon server unicode string header */
-	UNIHDR hdr_logon_dom; /* logon domain unicode string header */
-
-	uint32 buffer_dom_id; /* undocumented logon domain id pointer */
-	uint8 lm_sess_key[8];	/* lm session key */
-	uint32 acct_flags;	/* account flags */
-	uint32 unknown[7];	/* unknown */
-
-	UNISTR2 uni_user_name;    /* username unicode string */
-	UNISTR2 uni_full_name;    /* user's full name unicode string */
-	UNISTR2 uni_logon_script; /* logon script unicode string */
-	UNISTR2 uni_profile_path; /* profile path unicode string */
-	UNISTR2 uni_home_dir;     /* home directory unicode string */
-	UNISTR2 uni_dir_drive;    /* home directory drive unicode string */
-
-	UNISTR2 uni_logon_srv; /* logon server unicode string */
-	UNISTR2 uni_logon_dom; /* logon domain unicode string */
-
-	DOM_SID2 dom_sid;           /* domain SID */
-} NET_USER_INFO_2;
-
-/* NET_USER_INFO_3 */
-typedef struct net_user_info_3 {
-	uint32 ptr_user_info;
-
-	NTTIME logon_time;            /* logon time */
-	NTTIME logoff_time;           /* logoff time */
-	NTTIME kickoff_time;          /* kickoff time */
-	NTTIME pass_last_set_time;    /* password last set time */
-	NTTIME pass_can_change_time;  /* password can change time */
-	NTTIME pass_must_change_time; /* password must change time */
-
-	UNIHDR hdr_user_name;    /* username unicode string header */
-	UNIHDR hdr_full_name;    /* user's full name unicode string header */
-	UNIHDR hdr_logon_script; /* logon script unicode string header */
-	UNIHDR hdr_profile_path; /* profile path unicode string header */
-	UNIHDR hdr_home_dir;     /* home directory unicode string header */
-	UNIHDR hdr_dir_drive;    /* home directory drive unicode string header */
-
-	uint16 logon_count;  /* logon count */
-	uint16 bad_pw_count; /* bad password count */
-
-	uint32 user_rid;       /* User RID */
-	uint32 group_rid;      /* Group RID */
-
-	uint32 num_groups;    /* num groups */
-	uint32 buffer_groups; /* undocumented buffer pointer to groups. */
-	uint32 user_flgs;     /* user flags */
-
-	uint8 user_sess_key[16]; /* user session key */
-
-	UNIHDR hdr_logon_srv; /* logon server unicode string header */
-	UNIHDR hdr_logon_dom; /* logon domain unicode string header */
-
-	uint32 buffer_dom_id; /* undocumented logon domain id pointer */
-	uint8 lm_sess_key[8];	/* lm session key */
-	uint32 acct_flags;	/* account flags */
-	uint32 unknown[7];	/* unknown */
-
-	uint32 num_other_sids; /* number of foreign/trusted domain sids */
-	uint32 buffer_other_sids;
-	
-	/* The next three uint32 are not really part of user_info_3 but here
-	 * for parsing convenience.  They are only valid in Kerberos PAC
-	 * parsing - Guenther */
-	uint32 ptr_res_group_dom_sid;
-	uint32 res_group_count;
-	uint32 ptr_res_groups;
-
-	UNISTR2 uni_user_name;    /* username unicode string */
-	UNISTR2 uni_full_name;    /* user's full name unicode string */
-	UNISTR2 uni_logon_script; /* logon script unicode string */
-	UNISTR2 uni_profile_path; /* profile path unicode string */
-	UNISTR2 uni_home_dir;     /* home directory unicode string */
-	UNISTR2 uni_dir_drive;    /* home directory drive unicode string */
-
-	uint32 num_groups2;        /* num groups */
-	DOM_GID *gids; /* group info */
-
-	UNISTR2 uni_logon_srv; /* logon server unicode string */
-	UNISTR2 uni_logon_dom; /* logon domain unicode string */
-
-	DOM_SID2 dom_sid;           /* domain SID */
-
-	DOM_SID2 *other_sids; /* foreign/trusted domain SIDs */
-	uint32 *other_sids_attrib;
-} NET_USER_INFO_3;
-
-
-/* NETLOGON_INFO_1 - pdc status info, i presume */
-typedef struct netlogon_1_info {
-	uint32 flags;            /* 0x0 - undocumented */
-	uint32 pdc_status;       /* 0x0 - undocumented */
-} NETLOGON_INFO_1;
-
-/* NETLOGON_INFO_2 - pdc status info, plus trusted domain info */
-typedef struct netlogon_2_info {
-	uint32  flags;            /* 0x0 - undocumented */
-	uint32  pdc_status;       /* 0x0 - undocumented */
-	uint32  ptr_trusted_dc_name; /* pointer to trusted domain controller name */
-	uint32  tc_status;           
-	UNISTR2 uni_trusted_dc_name; /* unicode string - trusted dc name */
-} NETLOGON_INFO_2;
-
-/* NETLOGON_INFO_3 - logon status info, i presume */
-typedef struct netlogon_3_info {
-	uint32 flags;            /* 0x0 - undocumented */
-	uint32 logon_attempts;   /* number of logon attempts */
-	uint32 reserved_1;       /* 0x0 - undocumented */
-	uint32 reserved_2;       /* 0x0 - undocumented */
-	uint32 reserved_3;       /* 0x0 - undocumented */
-	uint32 reserved_4;       /* 0x0 - undocumented */
-	uint32 reserved_5;       /* 0x0 - undocumented */
-} NETLOGON_INFO_3;
-
-/********************************************************
- Logon Control Query
-
- This is generated by a nltest /bdc_query:DOMAIN
-
- query_level 0x1, function_code 0x1
-
- ********************************************************/
-
-/* NET_Q_LOGON_CTRL - LSA Netr Logon Control */
-
-typedef struct net_q_logon_ctrl_info {
-	uint32 ptr;
-	UNISTR2 uni_server_name;
-	uint32 function_code;
-	uint32 query_level;
-} NET_Q_LOGON_CTRL;
-
-/* NET_R_LOGON_CTRL - LSA Netr Logon Control */
-
-typedef struct net_r_logon_ctrl_info {
-	uint32 switch_value;
-	uint32 ptr;
-
-	union {
-		NETLOGON_INFO_1 info1;
-	} logon;
-
-	NTSTATUS status;
-} NET_R_LOGON_CTRL;
-
-
-typedef struct ctrl_data_info_5 {
-	uint32 		function_code;
-	
-	uint32		ptr_domain;
-	UNISTR2		domain;
-} CTRL_DATA_INFO_5;
-
-typedef struct ctrl_data_info_6 {
-	uint32 		function_code;
-	
-	uint32		ptr_domain;
-	UNISTR2		domain;
-} CTRL_DATA_INFO_6;
-
-
-/********************************************************
- Logon Control2 Query
-
- query_level 0x1 - pdc status
- query_level 0x3 - number of logon attempts.
-
- ********************************************************/
-
-/* NET_Q_LOGON_CTRL2 - LSA Netr Logon Control 2 */
-typedef struct net_q_logon_ctrl2_info {
-	uint32       	ptr;             /* undocumented buffer pointer */
-	UNISTR2      	uni_server_name; /* server name, starting with two '\'s */
-	
-	uint32       	function_code; 
-	uint32       	query_level;   
-	union {
-		CTRL_DATA_INFO_5 info5;
-		CTRL_DATA_INFO_6 info6;
-	} info;
-} NET_Q_LOGON_CTRL2;
-
-/*******************************************************
- Logon Control Response
-
- switch_value is same as query_level in request 
- *******************************************************/
-
-/* NET_R_LOGON_CTRL2 - response to LSA Logon Control2 */
-typedef struct net_r_logon_ctrl2_info {
-	uint32       switch_value;  /* 0x1, 0x3 */
-	uint32       ptr;
-
-	union
-	{
-		NETLOGON_INFO_1 info1;
-		NETLOGON_INFO_2 info2;
-		NETLOGON_INFO_3 info3;
-
-	} logon;
-
-	NTSTATUS status; /* return code */
-} NET_R_LOGON_CTRL2;
-
-/* NET_Q_GETANYDCNAME - Ask a DC for a trusted DC name */
-
-typedef struct net_q_getanydcname {
-	uint32  ptr_logon_server;
-	UNISTR2 uni_logon_server;
-	uint32  ptr_domainname;
-	UNISTR2 uni_domainname;
-} NET_Q_GETANYDCNAME;
-
-/* NET_R_GETANYDCNAME - Ask a DC for a trusted DC name */
-
-typedef struct net_r_getanydcname {
-	uint32  ptr_dcname;
-	UNISTR2 uni_dcname;
-	WERROR status;
-} NET_R_GETANYDCNAME;
-
-
-/* NET_Q_GETDCNAME - Ask a DC for a trusted DC name */
-
-typedef struct net_q_getdcname {
-	UNISTR2 uni_logon_server;
-	uint32  ptr_domainname;
-	UNISTR2 uni_domainname;
-} NET_Q_GETDCNAME;
-
-/* NET_R_GETDCNAME - Ask a DC for a trusted DC name */
-
-typedef struct net_r_getdcname {
-	uint32  ptr_dcname;
-	UNISTR2 uni_dcname;
-	WERROR status;
-} NET_R_GETDCNAME;
-
-/* NET_Q_TRUST_DOM_LIST - LSA Query Trusted Domains */
-typedef struct net_q_trust_dom_info {
-	uint32       ptr;             /* undocumented buffer pointer */
-	UNISTR2      uni_server_name; /* server name, starting with two '\'s */
-} NET_Q_TRUST_DOM_LIST;
-
-#define MAX_TRUST_DOMS 1
-
-/* NET_R_TRUST_DOM_LIST - response to LSA Trusted Domains */
-typedef struct net_r_trust_dom_info {
-	UNISTR2 uni_trust_dom_name[MAX_TRUST_DOMS];
-
-	NTSTATUS status; /* return code */
-} NET_R_TRUST_DOM_LIST;
-
-
-/* NEG_FLAGS */
-typedef struct neg_flags_info {
-	uint32 neg_flags; /* negotiated flags */
-} NEG_FLAGS;
-
-
-/* NET_Q_REQ_CHAL */
-typedef struct net_q_req_chal_info {
-	uint32  undoc_buffer; /* undocumented buffer pointer */
-	UNISTR2 uni_logon_srv; /* logon server unicode string */
-	UNISTR2 uni_logon_clnt; /* logon client unicode string */
-	DOM_CHAL clnt_chal; /* client challenge */
-} NET_Q_REQ_CHAL;
-
-
-/* NET_R_REQ_CHAL */
-typedef struct net_r_req_chal_info {
-	DOM_CHAL srv_chal; /* server challenge */
-	NTSTATUS status; /* return code */
-} NET_R_REQ_CHAL;
-
-/* NET_Q_AUTH */
-typedef struct net_q_auth_info {
-	DOM_LOG_INFO clnt_id; /* client identification info */
-	DOM_CHAL clnt_chal;     /* client-calculated credentials */
-} NET_Q_AUTH;
-
-/* NET_R_AUTH */
-typedef struct net_r_auth_info {
-	DOM_CHAL srv_chal;     /* server-calculated credentials */
-	NTSTATUS status; /* return code */
-} NET_R_AUTH;
-
-/* NET_Q_AUTH_2 */
-typedef struct net_q_auth2_info {
-	DOM_LOG_INFO clnt_id; /* client identification info */
-	DOM_CHAL clnt_chal;     /* client-calculated credentials */
-
-	NEG_FLAGS clnt_flgs; /* usually 0x0000 01ff */
-} NET_Q_AUTH_2;
-
-
-/* NET_R_AUTH_2 */
-typedef struct net_r_auth2_info {
-	DOM_CHAL srv_chal;     /* server-calculated credentials */
-	NEG_FLAGS srv_flgs; /* usually 0x0000 01ff */
-	NTSTATUS status; /* return code */
-} NET_R_AUTH_2;
-
-/* NET_Q_AUTH_3 */
-typedef struct net_q_auth3_info {
-	DOM_LOG_INFO clnt_id;	/* client identification info */
-	DOM_CHAL clnt_chal;		/* client-calculated credentials */
-	NEG_FLAGS clnt_flgs;	/* usually 0x6007 ffff */
-} NET_Q_AUTH_3;
-
-/* NET_R_AUTH_3 */
-typedef struct net_r_auth3_info {
-	DOM_CHAL srv_chal;	/* server-calculated credentials */
-	NEG_FLAGS srv_flgs;	/* usually 0x6007 ffff */
-	uint32 unknown;		/* 0x0000045b */
-	NTSTATUS status;	/* return code */
-} NET_R_AUTH_3;
-
-
-/* NET_Q_SRV_PWSET */
-typedef struct net_q_srv_pwset_info {
-	DOM_CLNT_INFO clnt_id; /* client identification/authentication info */
-	uint8 pwd[16]; /* new password - undocumented. */
-} NET_Q_SRV_PWSET;
-    
-/* NET_R_SRV_PWSET */
-typedef struct net_r_srv_pwset_info {
-	DOM_CRED srv_cred;     /* server-calculated credentials */
-
-	NTSTATUS status; /* return code */
-} NET_R_SRV_PWSET;
-
-/* NET_ID_INFO_2 */
-typedef struct net_network_info_2 {
-	uint32            ptr_id_info2;        /* pointer to id_info_2 */
-	UNIHDR            hdr_domain_name;     /* domain name unicode header */
-	uint32            param_ctrl;          /* param control (0x2) */
-	DOM_LOGON_ID      logon_id;            /* logon ID */
-	UNIHDR            hdr_user_name;       /* user name unicode header */
-	UNIHDR            hdr_wksta_name;      /* workstation name unicode header */
-	uint8             lm_chal[8];          /* lan manager 8 byte challenge */
-	STRHDR            hdr_nt_chal_resp;    /* nt challenge response */
-	STRHDR            hdr_lm_chal_resp;    /* lm challenge response */
-
-	UNISTR2           uni_domain_name;     /* domain name unicode string */
-	UNISTR2           uni_user_name;       /* user name unicode string */
-	UNISTR2           uni_wksta_name;      /* workgroup name unicode string */
-	STRING2           nt_chal_resp;        /* nt challenge response */
-	STRING2           lm_chal_resp;        /* lm challenge response */
-} NET_ID_INFO_2;
-
-/* NET_ID_INFO_1 */
-typedef struct id_info_1 {
-	uint32            ptr_id_info1;        /* pointer to id_info_1 */
-	UNIHDR            hdr_domain_name;     /* domain name unicode header */
-	uint32            param_ctrl;          /* param control */
-	DOM_LOGON_ID      logon_id;            /* logon ID */
-	UNIHDR            hdr_user_name;       /* user name unicode header */
-	UNIHDR            hdr_wksta_name;      /* workstation name unicode header */
-	OWF_INFO          lm_owf;              /* LM OWF Password */
-	OWF_INFO          nt_owf;              /* NT OWF Password */
-	UNISTR2           uni_domain_name;     /* domain name unicode string */
-	UNISTR2           uni_user_name;       /* user name unicode string */
-	UNISTR2           uni_wksta_name;      /* workgroup name unicode string */
-} NET_ID_INFO_1;
-
 #define INTERACTIVE_LOGON_TYPE 1
 #define NET_LOGON_TYPE 2
 
-/* NET_ID_INFO_CTR */
-typedef struct net_id_info_ctr_info {
-	uint16         switch_value;
-  
-	union {
-		NET_ID_INFO_1 id1; /* auth-level 1 - interactive user login */
-		NET_ID_INFO_2 id2; /* auth-level 2 - workstation referred login */
-	} auth;
-} NET_ID_INFO_CTR;
-
-/* SAM_INFO - sam logon/off id structure */
-typedef struct sam_info {
-	DOM_CLNT_INFO2  client;
-	uint32          ptr_rtn_cred; /* pointer to return credentials */
-	DOM_CRED        rtn_cred; /* return credentials */
-	uint16          logon_level;
-	NET_ID_INFO_CTR *ctr;
-} DOM_SAM_INFO;
-
-/* SAM_INFO - sam logon/off id structure - no creds */
-typedef struct sam_info_ex {
-	DOM_CLNT_SRV	client;
-	uint16          logon_level;
-	NET_ID_INFO_CTR *ctr;
-} DOM_SAM_INFO_EX;
-
-/* NET_Q_SAM_LOGON */
-typedef struct net_q_sam_logon_info {
-	DOM_SAM_INFO sam_id;
-	uint16          validation_level;
-} NET_Q_SAM_LOGON;
-
-/* NET_Q_SAM_LOGON_EX */
-typedef struct net_q_sam_logon_info_ex {
-	DOM_SAM_INFO_EX sam_id;
-	uint16          validation_level;
-	uint32 flags;
-} NET_Q_SAM_LOGON_EX;
-
-/* NET_R_SAM_LOGON */
-typedef struct net_r_sam_logon_info {
-	uint32 buffer_creds; /* undocumented buffer pointer */
-	DOM_CRED srv_creds; /* server credentials.  server time stamp appears to be ignored. */
-    
-	uint16 switch_value; /* 3 - indicates type of USER INFO */
-	NET_USER_INFO_3 *user;
-
-	uint32 auth_resp; /* 1 - Authoritative response; 0 - Non-Auth? */
-
-	NTSTATUS status; /* return code */
-} NET_R_SAM_LOGON;
-
-/* NET_R_SAM_LOGON_EX */
-typedef struct net_r_sam_logon_info_ex {
-	uint16 switch_value; /* 3 - indicates type of USER INFO */
-	NET_USER_INFO_3 *user;
-
-	uint32 auth_resp; /* 1 - Authoritative response; 0 - Non-Auth? */
-	uint32 flags;
-
-	NTSTATUS status; /* return code */
-} NET_R_SAM_LOGON_EX;
-
-
-/* NET_Q_SAM_LOGOFF */
-typedef struct net_q_sam_logoff_info {
-	DOM_SAM_INFO sam_id;
-} NET_Q_SAM_LOGOFF;
-
-/* NET_R_SAM_LOGOFF */
-typedef struct net_r_sam_logoff_info {
-	uint32 buffer_creds; /* undocumented buffer pointer */
-	DOM_CRED srv_creds; /* server credentials.  server time stamp appears to be ignored. */
-	NTSTATUS status; /* return code */
-} NET_R_SAM_LOGOFF;
-
-/* NET_Q_SAM_SYNC */
-typedef struct net_q_sam_sync_info {
-	UNISTR2 uni_srv_name; /* \\PDC */
-	UNISTR2 uni_cli_name; /* BDC */
-	DOM_CRED cli_creds;
-	DOM_CRED ret_creds;
-
-	uint32 database_id;
-	uint32 restart_state;
-	uint32 sync_context;
-
-	uint32 max_size;       /* preferred maximum length */
-} NET_Q_SAM_SYNC;
-
-/* SAM_DELTA_HDR */
-typedef struct sam_delta_hdr_info {
-	uint16 type;  /* type of structure attached */
-	uint16 type2;
-	uint32 target_rid;
-
-	uint32 type3;
-	uint32 ptr_delta;
-} SAM_DELTA_HDR;
-
 /* LOCKOUT_STRING */
 typedef struct account_lockout_string {
 	uint32 array_size;
@@ -704,381 +73,6 @@ typedef struct hdr_account_lockout_string {
 	uint32 buffer;
 } HDR_LOCKOUT_STRING;
 
-/* SAM_DOMAIN_INFO (0x1) */
-typedef struct sam_domain_info_info {
-	UNIHDR hdr_dom_name;
-	UNIHDR hdr_oem_info;
-
-	uint64 force_logoff;
-	uint16   min_pwd_len;
-	uint16   pwd_history_len;
-	uint64 max_pwd_age;
-	uint64 min_pwd_age;
-	uint64 dom_mod_count;
-	NTTIME   creation_time;
-	uint32   security_information;
-
-	BUFHDR4 hdr_sec_desc; /* security descriptor */
-
-	HDR_LOCKOUT_STRING hdr_account_lockout;
-
-	UNIHDR hdr_unknown2;
-	UNIHDR hdr_unknown3;
-	UNIHDR hdr_unknown4;
-
-	UNISTR2 uni_dom_name;
-	UNISTR2 buf_oem_info; 
-
-	RPC_DATA_BLOB buf_sec_desc;
-
-	LOCKOUT_STRING account_lockout;
-
-	UNISTR2 buf_unknown2;
-	UNISTR2 buf_unknown3;
-	UNISTR2 buf_unknown4;
-
-	uint32 logon_chgpass;
-	uint32 unknown6;
-	uint32 unknown7;
-	uint32 unknown8;
-} SAM_DOMAIN_INFO;
-
-/* SAM_GROUP_INFO (0x2) */
-typedef struct sam_group_info_info {
-	UNIHDR hdr_grp_name;
-	DOM_GID gid;
-	UNIHDR hdr_grp_desc;
-	BUFHDR2 hdr_sec_desc;  /* security descriptor */
-	uint8 reserved[48];
-
-	UNISTR2 uni_grp_name;
-	UNISTR2 uni_grp_desc;
-	RPC_DATA_BLOB buf_sec_desc;
-} SAM_GROUP_INFO;
-
-/* SAM_PWD */
-typedef struct sam_passwd_info {
-	/* this structure probably contains password history */
-	/* this is probably a count of lm/nt pairs */
-	uint32 unk_0; /* 0x0000 0002 */
-
-	UNIHDR hdr_lm_pwd;
-	uint8  buf_lm_pwd[16];
-
-	UNIHDR hdr_nt_pwd;
-	uint8  buf_nt_pwd[16];
-
-	UNIHDR hdr_empty_lm;
-	UNIHDR hdr_empty_nt;
-} SAM_PWD;
-
-/* SAM_ACCOUNT_INFO (0x5) */
-typedef struct sam_account_info_info {
-	UNIHDR hdr_acct_name;
-	UNIHDR hdr_full_name;
-
-	uint32 user_rid;
-	uint32 group_rid;
-
-	UNIHDR hdr_home_dir;
-	UNIHDR hdr_dir_drive;
-	UNIHDR hdr_logon_script;
-	UNIHDR hdr_acct_desc;
-	UNIHDR hdr_workstations;
-
-	NTTIME logon_time;
-	NTTIME logoff_time;
-
-	uint32 logon_divs; /* 0xA8 */
-	uint32 ptr_logon_hrs;
-
-	uint16 bad_pwd_count;
-	uint16 logon_count;
-	NTTIME pwd_last_set_time;
-	NTTIME acct_expiry_time;
-
-	uint32 acb_info;
-	uint8 nt_pwd[16];
-	uint8 lm_pwd[16];
-	uint8 nt_pwd_present;
-	uint8 lm_pwd_present;
-	uint8 pwd_expired;
-
-	UNIHDR hdr_comment;
-	UNIHDR hdr_parameters;
-	uint16 country;
-	uint16 codepage;
-
-	BUFHDR2 hdr_sec_desc;  /* security descriptor */
-
-	UNIHDR  hdr_profile;
-	UNIHDR  hdr_reserved[3];  /* space for more strings */
-	uint32  dw_reserved[4];   /* space for more data - first two seem to
-				     be an NTTIME */
-
-	UNISTR2 uni_acct_name;
-	UNISTR2 uni_full_name;
-	UNISTR2 uni_home_dir;
-	UNISTR2 uni_dir_drive;
-	UNISTR2 uni_logon_script;
-	UNISTR2 uni_acct_desc;
-	UNISTR2 uni_workstations;
-
-	uint32 unknown1; /* 0x4EC */
-	uint32 unknown2; /* 0 */
-
-	RPC_DATA_BLOB buf_logon_hrs;
-	UNISTR2 uni_comment;
-	UNISTR2 uni_parameters;
-	SAM_PWD pass;
-	RPC_DATA_BLOB buf_sec_desc;
-	UNISTR2 uni_profile;
-} SAM_ACCOUNT_INFO;
-
-/* SAM_GROUP_MEM_INFO (0x8) */
-typedef struct sam_group_mem_info_info {
-	uint32 ptr_rids;
-	uint32 ptr_attribs;
-	uint32 num_members;
-	uint8 unknown[16];
-
-	uint32 num_members2;
-	uint32 *rids;
-
-	uint32 num_members3;
-	uint32 *attribs;
-
-} SAM_GROUP_MEM_INFO;
-
-/* SAM_ALIAS_INFO (0x9) */
-typedef struct sam_alias_info_info {
-	UNIHDR hdr_als_name;
-	uint32 als_rid;
-	BUFHDR2 hdr_sec_desc;  /* security descriptor */
-	UNIHDR hdr_als_desc;
-	uint8 reserved[40];
-
-	UNISTR2 uni_als_name;
-	RPC_DATA_BLOB buf_sec_desc;
-	UNISTR2 uni_als_desc;
-} SAM_ALIAS_INFO;
-
-/* SAM_ALIAS_MEM_INFO (0xC) */
-typedef struct sam_alias_mem_info_info {
-	uint32 num_members;
-	uint32 ptr_members;
-	uint8 unknown[16];
-
-	uint32 num_sids;
-	uint32 *ptr_sids;
-	DOM_SID2 *sids;
-} SAM_ALIAS_MEM_INFO;
-
-
-/* SAM_DELTA_POLICY (0x0D) */
-typedef struct {
-	uint32   max_log_size; /* 0x5000 */
-	uint64 audit_retention_period; /* 0 */
-	uint32   auditing_mode; /* 0 */
-	uint32   num_events;
-	uint32   ptr_events;
-	UNIHDR   hdr_dom_name;
-	uint32   sid_ptr;
-
-	uint32   paged_pool_limit; /* 0x02000000 */
-	uint32   non_paged_pool_limit; /* 0x00100000 */
-	uint32   min_workset_size; /* 0x00010000 */
-	uint32   max_workset_size; /* 0x0f000000 */
-	uint32   page_file_limit; /* 0 */
-	uint64 time_limit; /* 0 */
-	NTTIME   modify_time; /* 0x3c*/
-	NTTIME   create_time; /* a7080110 */
-	BUFHDR2  hdr_sec_desc;
-
-	uint32   num_event_audit_options;
-	uint32   event_audit_option;
-
-	UNISTR2  domain_name;
-	DOM_SID2 domain_sid;
-
-	RPC_DATA_BLOB  buf_sec_desc;
-} SAM_DELTA_POLICY;
-
-/* SAM_DELTA_TRUST_DOMS */
-typedef struct {
-	uint32 buf_size;
-	SEC_DESC *sec_desc;
-	DOM_SID2 sid;
-	UNIHDR hdr_domain;
-	
-	uint32 unknown0;
-	uint32 unknown1;
-	uint32 unknown2;
-	
-	uint32 buf_size2;
-	uint32 ptr;
-
-	uint32 unknown3;
-	UNISTR2 domain;
-} SAM_DELTA_TRUSTDOMS;
-
-/* SAM_DELTA_PRIVS (0x10) */
-typedef struct {
-	DOM_SID2 sid;
-
-	uint32 priv_count;
-	uint32 priv_control;
-
-	uint32 priv_attr_ptr;
-	uint32 priv_name_ptr;
-
-	uint32   paged_pool_limit; /* 0x02000000 */
-	uint32   non_paged_pool_limit; /* 0x00100000 */
-	uint32   min_workset_size; /* 0x00010000 */
-	uint32   max_workset_size; /* 0x0f000000 */
-	uint32   page_file_limit; /* 0 */
-	uint64 time_limit; /* 0 */
-	uint32   system_flags; /* 1 */
-	BUFHDR2  hdr_sec_desc;
-	
-	uint32 buf_size2;
-	
-	uint32 attribute_count;
-	uint32 *attributes;
-	
-	uint32 privlist_count;
-	UNIHDR *hdr_privslist;
-	UNISTR2 *uni_privslist;
-
-	RPC_DATA_BLOB buf_sec_desc;
-} SAM_DELTA_PRIVS;
-
-/* SAM_DELTA_SECRET */
-typedef struct {
-	uint32 buf_size;
-	SEC_DESC *sec_desc;
-	UNISTR2 secret;
-
-	uint32 count1;
-	uint32 count2;
-	uint32 ptr;
-	NTTIME time1;
-	uint32 count3;
-	uint32 count4;
-	uint32 ptr2;
-	NTTIME time2;
-	uint32 unknow1;
-
-	uint32 buf_size2;
-	uint32 ptr3;
-	uint32 unknow2; /* 0x0 12 times */
-
-	uint32 chal_len;
-	uint32 reserved1; /* 0 */
-	uint32 chal_len2;
-	uint8 chal[16];
-
-	uint32 key_len;
-	uint32 reserved2; /* 0 */
-	uint32 key_len2;
-	uint8 key[8];
-
-	uint32 buf_size3;
-	SEC_DESC *sec_desc2;
-} SAM_DELTA_SECRET;
-
-/* SAM_DELTA_MOD_COUNT (0x16) */
-typedef struct {
-        uint32 seqnum;
-        uint32 dom_mod_count_ptr;
-	uint64 dom_mod_count;  /* domain mod count at last sync */
-} SAM_DELTA_MOD_COUNT;
-
-typedef union sam_delta_ctr_info {
-	SAM_DOMAIN_INFO    domain_info ;
-	SAM_GROUP_INFO     group_info  ;
-	SAM_ACCOUNT_INFO   account_info;
-	SAM_GROUP_MEM_INFO grp_mem_info;
-	SAM_ALIAS_INFO     alias_info  ;
-	SAM_ALIAS_MEM_INFO als_mem_info;
-	SAM_DELTA_POLICY   policy_info;
-	SAM_DELTA_PRIVS    privs_info;
-	SAM_DELTA_MOD_COUNT mod_count;
-	SAM_DELTA_TRUSTDOMS trustdoms_info;
-	SAM_DELTA_SECRET   secret_info;
-} SAM_DELTA_CTR;
-
-/* NET_R_SAM_SYNC */
-typedef struct net_r_sam_sync_info {
-	DOM_CRED srv_creds;
-
-	uint32 sync_context;
-
-	uint32 ptr_deltas;
-	uint32 num_deltas;
-	uint32 ptr_deltas2;
-	uint32 num_deltas2;
-
-	SAM_DELTA_HDR *hdr_deltas;
-	SAM_DELTA_CTR *deltas;
-
-	NTSTATUS status;
-} NET_R_SAM_SYNC;
-
-/* NET_Q_SAM_DELTAS */
-typedef struct net_q_sam_deltas_info {
-	UNISTR2 uni_srv_name;
-	UNISTR2 uni_cli_name;
-	DOM_CRED cli_creds;
-	DOM_CRED ret_creds;
-
-	uint32 database_id;
-	uint64 dom_mod_count;  /* domain mod count at last sync */
-
-	uint32 max_size;       /* preferred maximum length */
-} NET_Q_SAM_DELTAS;
-
-/* NET_R_SAM_DELTAS */
-typedef struct net_r_sam_deltas_info {
-	DOM_CRED srv_creds;
-
-	uint64 dom_mod_count;   /* new domain mod count */
-
-	uint32 ptr_deltas;
-	uint32 num_deltas;
-	uint32 num_deltas2;
-
-	SAM_DELTA_HDR *hdr_deltas;
-	SAM_DELTA_CTR *deltas;
-
-	NTSTATUS status;
-} NET_R_SAM_DELTAS;
-
-#define DS_FORCE_REDISCOVERY            0x00000001
-#define DS_DIRECTORY_SERVICE_REQUIRED   0x00000010
-#define DS_DIRECTORY_SERVICE_PREFERRED  0x00000020
-#define DS_GC_SERVER_REQUIRED           0x00000040
-#define DS_PDC_REQUIRED                 0x00000080
-#define DS_BACKGROUND_ONLY              0x00000100
-#define DS_IP_REQUIRED                  0x00000200
-#define DS_KDC_REQUIRED                 0x00000400
-#define DS_TIMESERV_REQUIRED            0x00000800
-#define DS_WRITABLE_REQUIRED            0x00001000
-#define DS_GOOD_TIMESERV_PREFERRED      0x00002000
-#define DS_AVOID_SELF                   0x00004000
-#define DS_ONLY_LDAP_NEEDED             0x00008000
-
-#define DS_IS_FLAT_NAME                 0x00010000
-#define DS_IS_DNS_NAME                  0x00020000
-
-#define DS_RETURN_DNS_NAME              0x40000000
-#define DS_RETURN_FLAT_NAME             0x80000000
-
-#if 0 /* unknown yet */
-#define DS_IP_VERSION_AGNOSTIC
-#define DS_TRY_NEXTCLOSEST_SITE
-#endif
-
 #define DSGETDC_VALID_FLAGS ( \
     DS_FORCE_REDISCOVERY | \
     DS_DIRECTORY_SERVICE_REQUIRED | \
@@ -1110,86 +104,4 @@ struct DS_DOMAIN_CONTROLLER_INFO {
 	const char *client_site_name;
 };
 
-/* NET_Q_DSR_GETDCNAME */
-typedef struct net_q_dsr_getdcname {
-	uint32 ptr_server_unc;
-	UNISTR2 uni_server_unc;
-	uint32 ptr_domain_name;
-	UNISTR2 uni_domain_name;
-	uint32 ptr_domain_guid;
-	struct GUID *domain_guid;
-	uint32 ptr_site_guid;
-	struct GUID *site_guid;
-	uint32 flags;
-} NET_Q_DSR_GETDCNAME;
-
-/* NET_R_DSR_GETDCNAME */
-typedef struct net_r_dsr_getdcname {
-	uint32 ptr_dc_unc;
-	UNISTR2 uni_dc_unc;
-	uint32 ptr_dc_address;
-	UNISTR2 uni_dc_address;
-	int32 dc_address_type;
-	struct GUID domain_guid;
-	uint32 ptr_domain_name;
-	UNISTR2 uni_domain_name;
-	uint32 ptr_forest_name;
-	UNISTR2 uni_forest_name;
-	uint32 dc_flags;
-	uint32 ptr_dc_site_name;
-	UNISTR2 uni_dc_site_name;
-	uint32 ptr_client_site_name;
-	UNISTR2 uni_client_site_name;
-	WERROR result;
-} NET_R_DSR_GETDCNAME;
-
-/* NET_Q_DSR_GETDCNAMEEX */
-typedef struct net_q_dsr_getdcnameex {
-	uint32 ptr_server_unc;
-	UNISTR2 uni_server_unc;
-	uint32 ptr_domain_name;
-	UNISTR2 uni_domain_name;
-	uint32 ptr_domain_guid;
-	struct GUID *domain_guid;
-	uint32 ptr_site_name;
-	UNISTR2 uni_site_name;
-	uint32 flags;
-} NET_Q_DSR_GETDCNAMEEX;
-
-/* NET_R_DSR_GETDCNAMEEX */
-typedef struct net_r_dsr_getdcnameex NET_R_DSR_GETDCNAMEEX;
-
-/* NET_Q_DSR_GETDCNAMEEX2 */
-typedef struct net_q_dsr_getdcnameex2 {
-	uint32 ptr_server_unc;
-	UNISTR2 uni_server_unc;
-	uint32 ptr_client_account;
-	UNISTR2 uni_client_account;
-	uint32 mask;
-	uint32 ptr_domain_name;
-	UNISTR2 uni_domain_name;
-	uint32 ptr_domain_guid;
-	struct GUID *domain_guid;
-	uint32 ptr_site_name;
-	UNISTR2 uni_site_name;
-	uint32 flags;
-} NET_Q_DSR_GETDCNAMEEX2;
-
-/* NET_R_DSR_GETDCNAMEEX2 */
-typedef struct net_r_dsr_getdcnameex2 NET_R_DSR_GETDCNAMEEX2;
-
-/* NET_Q_DSR_GESITENAME */
-typedef struct net_q_dsr_getsitename {
-	uint32 ptr_computer_name;
-	UNISTR2 uni_computer_name;
-} NET_Q_DSR_GETSITENAME;
-
-/* NET_R_DSR_GETSITENAME */
-typedef struct net_r_dsr_getsitename {
-	uint32 ptr_site_name;
-	UNISTR2 uni_site_name;
-	WERROR result;
-} NET_R_DSR_GETSITENAME;
-
-
 #endif /* _RPC_NETLOGON_H */
diff --git a/source3/include/rpc_ntsvcs.h b/source3/include/rpc_ntsvcs.h
index 045d9b4e92..71274cc380 100644
--- a/source3/include/rpc_ntsvcs.h
+++ b/source3/include/rpc_ntsvcs.h
@@ -36,32 +36,6 @@
 /**************************/
 
 typedef struct {
-	/* nothing in the request */
-	uint32 dummy;
-} NTSVCS_Q_GET_VERSION;
-
-typedef struct {
-	uint32 version;
-	WERROR status;
-} NTSVCS_R_GET_VERSION;
-
-
-/**************************/
-
-typedef struct {
-	UNISTR2 *devicename;
-	uint32 flags;
-} NTSVCS_Q_GET_DEVICE_LIST_SIZE;
-
-typedef struct {
-	uint32 size;
-	WERROR status;
-} NTSVCS_R_GET_DEVICE_LIST_SIZE;
-
-
-/**************************/
-
-typedef struct {
 	UNISTR2 *devicename;
 	uint32 buffer_size;
 	uint32 flags;
@@ -75,17 +49,6 @@ typedef struct {
 
 /**************************/
 
-typedef struct {
-	UNISTR2 devicepath;
-	uint32 flags;
-} NTSVCS_Q_VALIDATE_DEVICE_INSTANCE;
-
-typedef struct {
-	WERROR status;
-} NTSVCS_R_VALIDATE_DEVICE_INSTANCE;
-
-/**************************/
-
 #define DEV_REGPROP_DESC	1
 
 typedef struct {
@@ -105,42 +68,4 @@ typedef struct {
 	WERROR status;
 } NTSVCS_R_GET_DEVICE_REG_PROPERTY;
 
-
-/**************************/
-
-typedef struct {
-	uint32 index;
-	uint8 *buffer;
-	uint32 buffer_size;
-	uint32 unknown1;
-} NTSVCS_Q_GET_HW_PROFILE_INFO;
-
-typedef struct {
-	uint32 buffer_size;	/* the size (not included in the reply) 
-				   if just matched from the request */
-	uint8 *buffer;
-	WERROR status;
-} NTSVCS_R_GET_HW_PROFILE_INFO;
-
-
-/**************************/
-
-typedef struct {
-	uint32 unknown1;
-	UNISTR2 devicepath;
-	uint32 unknown2;
-	uint32 unknown3;
-	uint32 unknown4;
-	uint32 unknown5;
-	uint32 unknown6;
-	uint32 unknown7;
-} NTSVCS_Q_HW_PROFILE_FLAGS;
-
-typedef struct {
-	uint32 unknown1;
-	uint32 unknown2;
-	uint32 unknown3;
-	WERROR status;
-} NTSVCS_R_HW_PROFILE_FLAGS;
-
 #endif /* _RPC_NTSVCS_H */
diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h
deleted file mode 100644
index 2273fba2e6..0000000000
--- a/source3/include/rpc_samr.h
+++ /dev/null
@@ -1,2012 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   SMB parameters and setup
-   Copyright (C) Andrew Tridgell              1992-2000
-   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
-   Copyright (C) Paul Ashton                  1997-2000
-   Copyright (C) Jean François Micouleau      1998-2001
-   Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
-   
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _RPC_SAMR_H /* _RPC_SAMR_H */
-#define _RPC_SAMR_H 
-
-/*******************************************************************
- the following information comes from a QuickView on samsrv.dll,
- and gives an idea of exactly what is needed:
- 
-x SamrAddMemberToAlias
-x SamrAddMemberToGroup
-SamrAddMultipleMembersToAlias
-x SamrChangePasswordUser
-x SamrCloseHandle
-x SamrConnect
-x SamrCreateAliasInDomain
-x SamrCreateGroupInDomain
-x SamrCreateUserInDomain
-? SamrDeleteAlias
-SamrDeleteGroup
-x SamrDeleteUser
-x SamrEnumerateAliasesInDomain
-SamrEnumerateDomainsInSamServer
-x SamrEnumerateGroupsInDomain
-x SamrEnumerateUsersInDomain
-SamrGetUserDomainPasswordInformation
-SamrLookupDomainInSamServer
-? SamrLookupIdsInDomain
-x SamrLookupNamesInDomain
-x SamrOpenAlias
-x SamrOpenDomain
-x SamrOpenGroup
-x SamrOpenUser
-x SamrQueryDisplayInformation
-x SamrQueryInformationAlias
-SamrQueryInformationDomain
-? SamrQueryInformationUser
-x SamrQuerySecurityObject
-SamrRemoveMemberFromAlias
-SamrRemoveMemberFromForiegnDomain
-SamrRemoveMemberFromGroup
-SamrRemoveMultipleMembersFromAlias
-x SamrSetInformationAlias
-SamrSetInformationDomain
-x SamrSetInformationGroup
-x SamrSetInformationUser
-SamrSetMemberAttributesOfGroup
-SamrSetSecurityObject
-SamrShutdownSamServer
-SamrTestPrivateFunctionsDomain
-SamrTestPrivateFunctionsUser
-
-********************************************************************/
-
-#define SAMR_CONNECT_ANON      0x00
-#define SAMR_CLOSE_HND         0x01
-#define SAMR_SET_SEC_OBJECT    0x02
-#define SAMR_QUERY_SEC_OBJECT  0x03
-
-#define SAMR_UNKNOWN_4         0x04 /* profile info? */
-#define SAMR_LOOKUP_DOMAIN     0x05
-#define SAMR_ENUM_DOMAINS      0x06
-#define SAMR_OPEN_DOMAIN       0x07
-#define SAMR_QUERY_DOMAIN_INFO 0x08
-#define SAMR_SET_DOMAIN_INFO   0x09
-
-#define SAMR_CREATE_DOM_GROUP  0x0a
-#define SAMR_ENUM_DOM_GROUPS   0x0b
-#define SAMR_ENUM_DOM_USERS    0x0d
-#define SAMR_CREATE_DOM_ALIAS  0x0e
-#define SAMR_ENUM_DOM_ALIASES  0x0f
-#define SAMR_QUERY_USERALIASES 0x10
-
-#define SAMR_LOOKUP_NAMES      0x11
-#define SAMR_LOOKUP_RIDS       0x12
-
-#define SAMR_OPEN_GROUP        0x13
-#define SAMR_QUERY_GROUPINFO   0x14
-#define SAMR_SET_GROUPINFO     0x15
-#define SAMR_ADD_GROUPMEM      0x16
-#define SAMR_DELETE_DOM_GROUP  0x17
-#define SAMR_DEL_GROUPMEM      0x18
-#define SAMR_QUERY_GROUPMEM    0x19
-#define SAMR_UNKNOWN_1A        0x1a
-
-#define SAMR_OPEN_ALIAS        0x1b
-#define SAMR_QUERY_ALIASINFO   0x1c
-#define SAMR_SET_ALIASINFO     0x1d
-#define SAMR_DELETE_DOM_ALIAS  0x1e
-#define SAMR_ADD_ALIASMEM      0x1f
-#define SAMR_DEL_ALIASMEM      0x20
-#define SAMR_QUERY_ALIASMEM    0x21
-
-#define SAMR_OPEN_USER         0x22
-#define SAMR_DELETE_DOM_USER   0x23
-#define SAMR_QUERY_USERINFO    0x24
-#define SAMR_SET_USERINFO2     0x25
-#define SAMR_QUERY_USERGROUPS  0x27
-
-#define SAMR_QUERY_DISPINFO    0x28
-#define SAMR_GET_DISPENUM_INDEX 0x29
-#define SAMR_UNKNOWN_2a        0x2a
-#define SAMR_UNKNOWN_2b        0x2b
-#define SAMR_GET_USRDOM_PWINFO 0x2c
-#define SAMR_REMOVE_SID_FOREIGN_DOMAIN        0x2d
-#define SAMR_QUERY_DOMAIN_INFO2  0x2e /* looks like an alias for SAMR_QUERY_DOMAIN_INFO */
-#define SAMR_UNKNOWN_2f        0x2f
-#define SAMR_QUERY_DISPINFO3   0x30 /* Alias for SAMR_QUERY_DISPINFO
-				       with info level 3 */
-#define SAMR_UNKNOWN_31        0x31
-#define SAMR_CREATE_USER       0x32
-#define SAMR_QUERY_DISPINFO4   0x33 /* Alias for SAMR_QUERY_DISPINFO
-				       with info level 4 */
-#define SAMR_ADDMULTI_ALIASMEM 0x34
-
-#define SAMR_UNKNOWN_35        0x35
-#define SAMR_UNKNOWN_36        0x36
-#define SAMR_CHGPASSWD_USER    0x37
-#define SAMR_GET_DOM_PWINFO    0x38
-#define SAMR_CONNECT           0x39
-#define SAMR_SET_USERINFO      0x3A
-#define SAMR_CONNECT4          0x3E
-#define SAMR_CHGPASSWD_USER3   0x3F
-#define SAMR_CONNECT5          0x40
-
-typedef struct logon_hours_info
-{
-	uint32 max_len; /* normally 1260 bytes */
-	uint32 offset;
-	uint32 len; /* normally 21 bytes */
-	uint8 hours[32];
-
-} LOGON_HRS;
-
-/* SAM_USER_INFO_23 */
-typedef struct sam_user_info_23
-{
-	/* TIMES MAY NOT IN RIGHT ORDER!!!! */
-	NTTIME logon_time;            /* logon time */
-	NTTIME logoff_time;           /* logoff time */
-	NTTIME kickoff_time;          /* kickoff time */
-	NTTIME pass_last_set_time;    /* password last set time */
-	NTTIME pass_can_change_time;  /* password can change time */
-	NTTIME pass_must_change_time; /* password must change time */
-
-	UNIHDR hdr_user_name;    /* NULL - user name unicode string header */
-	UNIHDR hdr_full_name;    /* user's full name unicode string header */
-	UNIHDR hdr_home_dir;     /* home directory unicode string header */
-	UNIHDR hdr_dir_drive;    /* home drive unicode string header */
-	UNIHDR hdr_logon_script; /* logon script unicode string header */
-	UNIHDR hdr_profile_path; /* profile path unicode string header */
-	UNIHDR hdr_acct_desc  ;  /* user description */
-	UNIHDR hdr_workstations; /* comma-separated workstations user can log in from */
-	UNIHDR hdr_comment;
-	UNIHDR hdr_munged_dial ; /* munged path name and dial-back tel number */
-
-	uint8 lm_pwd[16];    /* lm user passwords */
-	uint8 nt_pwd[16];    /* nt user passwords */
-
-	uint32 user_rid;      /* Primary User ID */
-	uint32 group_rid;     /* Primary Group ID */
-
-	uint32 acb_info; /* account info (ACB_xxxx bit-mask) */
-
-	uint32 fields_present; /* 0x09f8 27fa */
-
-	uint16 logon_divs; /* 0x0000 00a8 which is 168 which is num hrs in a week */
-	/* uint8 pad[2] */
-	uint32 ptr_logon_hrs; /* pointer to logon hours */
-
-	/* Was unknown_5. */
-	uint16 bad_password_count;
-	uint16 logon_count;
-
-	uint8 padding1[6];
-		
-	uint8 passmustchange; /* 0x00 must change = 0x01 */
-
-	uint8 padding2;
-
-	uint8 pass[516];
-
-	UNISTR2 uni_user_name;    /* NULL - username unicode string */
-	UNISTR2 uni_full_name;    /* user's full name unicode string */
-	UNISTR2 uni_home_dir;     /* home directory unicode string */
-	UNISTR2 uni_dir_drive;    /* home directory drive unicode string */
-	UNISTR2 uni_logon_script; /* logon script unicode string */
-	UNISTR2 uni_profile_path; /* profile path unicode string */
-	UNISTR2 uni_acct_desc  ;  /* user description unicode string */
-	UNISTR2 uni_workstations; /* login from workstations unicode string */
-	UNISTR2 uni_comment;
-	UNISTR2 uni_munged_dial ; /* munged path name and dial-back tel no */
-
-	LOGON_HRS logon_hrs;
-
-} SAM_USER_INFO_23;
-
-/* SAM_USER_INFO_24 */
-typedef struct sam_user_info_24
-{
-	uint8 pass[516];
-	uint8 pw_len;
-} SAM_USER_INFO_24;
-
-/*
- * NB. This structure is *definately* incorrect. It's my best guess
- * currently for W2K SP2. The password field is encrypted in a different
- * way than normal... And there are definately other problems. JRA.
- */
-
-/* SAM_USER_INFO_25 */
-typedef struct sam_user_info_25
-{
-	/* TIMES MAY NOT IN RIGHT ORDER!!!! */
-	NTTIME logon_time;            /* logon time */
-	NTTIME logoff_time;           /* logoff time */
-	NTTIME kickoff_time;          /* kickoff time */
-	NTTIME pass_last_set_time;    /* password last set time */
-	NTTIME pass_can_change_time;  /* password can change time */
-	NTTIME pass_must_change_time; /* password must change time */
-
-	UNIHDR hdr_user_name;    /* NULL - user name unicode string header */
-	UNIHDR hdr_full_name;    /* user's full name unicode string header */
-	UNIHDR hdr_home_dir;     /* home directory unicode string header */
-	UNIHDR hdr_dir_drive;    /* home drive unicode string header */
-	UNIHDR hdr_logon_script; /* logon script unicode string header */
-	UNIHDR hdr_profile_path; /* profile path unicode string header */
-	UNIHDR hdr_acct_desc  ;  /* user description */
-	UNIHDR hdr_workstations; /* comma-separated workstations user can log in from */
-	UNIHDR hdr_comment;
-	UNIHDR hdr_munged_dial ; /* munged path name and dial-back tel number */
-
-	uint8 lm_pwd[16];    /* lm user passwords */
-	uint8 nt_pwd[16];    /* nt user passwords */
-
-	uint32 user_rid;      /* Primary User ID */
-	uint32 group_rid;     /* Primary Group ID */
-
-	uint32 acb_info; /* account info (ACB_xxxx bit-mask) */
-	uint32 fields_present;
-
-	uint16 logon_divs; /* 0x0000 00a8 which is 168 which is num hrs in a week */
-	/* uint8 pad[2] */
-	uint32 ptr_logon_hrs; /* pointer to logon hours */
-
-	/* Was unknown_5. */
-	uint16 bad_password_count;
-	uint16 logon_count;
-
-	uint8 padding1[6];
-		
-	uint8 passmustchange; /* 0x00 must change = 0x01 */
-
-	uint8 padding2;
-
-	uint8 pass[532];
-
-	UNISTR2 uni_user_name;    /* NULL - username unicode string */
-	UNISTR2 uni_full_name;    /* user's full name unicode string */
-	UNISTR2 uni_home_dir;     /* home directory unicode string */
-	UNISTR2 uni_dir_drive;    /* home directory drive unicode string */
-	UNISTR2 uni_logon_script; /* logon script unicode string */
-	UNISTR2 uni_profile_path; /* profile path unicode string */
-	UNISTR2 uni_acct_desc  ;  /* user description unicode string */
-	UNISTR2 uni_workstations; /* login from workstations unicode string */
-	UNISTR2 uni_comment;
-	UNISTR2 uni_munged_dial ; /* munged path name and dial-back tel no */
-	LOGON_HRS logon_hrs;
-} SAM_USER_INFO_25;
-
-/* SAM_USER_INFO_26 */
-typedef struct sam_user_info_26
-{
-	uint8 pass[532];
-	uint8 pw_len;
-} SAM_USER_INFO_26;
-
-
-/* SAM_USER_INFO_21 */
-typedef struct sam_user_info_21
-{
-	NTTIME logon_time;            /* logon time */
-	NTTIME logoff_time;           /* logoff time */
-	NTTIME kickoff_time;          /* kickoff time */
-	NTTIME pass_last_set_time;    /* password last set time */
-	NTTIME pass_can_change_time;  /* password can change time */
-	NTTIME pass_must_change_time; /* password must change time */
-
-	UNIHDR hdr_user_name;    /* username unicode string header */
-	UNIHDR hdr_full_name;    /* user's full name unicode string header */
-	UNIHDR hdr_home_dir;     /* home directory unicode string header */
-	UNIHDR hdr_dir_drive;    /* home drive unicode string header */
-	UNIHDR hdr_logon_script; /* logon script unicode string header */
-	UNIHDR hdr_profile_path; /* profile path unicode string header */
-	UNIHDR hdr_acct_desc  ;  /* user description */
-	UNIHDR hdr_workstations; /* comma-separated workstations user can log in from */
-	UNIHDR hdr_comment;
-	UNIHDR hdr_munged_dial ; /* munged path name and dial-back tel number */
-
-	uint8 lm_pwd[16];    /* lm user passwords */
-	uint8 nt_pwd[16];    /* nt user passwords */
-
-	uint32 user_rid;      /* Primary User ID */
-	uint32 group_rid;     /* Primary Group ID */
-
-	uint32 acb_info; /* account info (ACB_xxxx bit-mask) */
-
-	/* Was unknown_3 */
-	uint32 fields_present; /* 0x00ff ffff */
-
-	uint16 logon_divs; /* 0x0000 00a8 which is 168 which is num hrs in a week */
-	/* uint8 pad[2] */
-	uint32 ptr_logon_hrs; /* unknown pointer */
-
-	/* Was unknown_5. */
-	uint16 bad_password_count;
-	uint16 logon_count;
-
-	uint8 padding1[6];
-		
-	uint8 passmustchange; /* 0x00 must change = 0x01 */
-
-	uint8 padding2;
-
-	UNISTR2 uni_user_name;    /* username unicode string */
-	UNISTR2 uni_full_name;    /* user's full name unicode string */
-	UNISTR2 uni_home_dir;     /* home directory unicode string */
-	UNISTR2 uni_dir_drive;    /* home directory drive unicode string */
-	UNISTR2 uni_logon_script; /* logon script unicode string */
-	UNISTR2 uni_profile_path; /* profile path unicode string */
-	UNISTR2 uni_acct_desc  ;  /* user description unicode string */
-	UNISTR2 uni_workstations; /* login from workstations unicode string */
-	UNISTR2 uni_comment;
-	UNISTR2 uni_munged_dial ; /* munged path name and dial-back tel number */
-
-	LOGON_HRS logon_hrs;
-
-} SAM_USER_INFO_21;
-
-#define PASS_MUST_CHANGE_AT_NEXT_LOGON	0x01
-#define PASS_DONT_CHANGE_AT_NEXT_LOGON	0x00
-
-/* SAM_USER_INFO_20 */
-typedef struct sam_user_info_20
-{
-	UNIHDR hdr_munged_dial ; /* munged path name and dial-back tel number */
-
-	UNISTR2 uni_munged_dial ; /* munged path name and dial-back tel number */
-
-} SAM_USER_INFO_20;
-
-/* SAM_USER_INFO_18 */
-typedef struct sam_user_info_18
-{
-	uint8 lm_pwd[16];    /* lm user passwords */
-	uint8 nt_pwd[16];    /* nt user passwords */
-
-	uint8 lm_pwd_active; 
-	uint8 nt_pwd_active; 
-
-} SAM_USER_INFO_18;
-
-/* SAM_USER_INFO_17 */
-typedef struct sam_user_info_17
-{
-	uint8  padding_0[16];  /* 0 - padding 16 bytes */
-	NTTIME expiry;         /* expiry time or something? */
-	uint8  padding_1[24];  /* 0 - padding 24 bytes */
-
-	UNIHDR hdr_mach_acct;  /* unicode header for machine account */
-	uint32 padding_2;      /* 0 - padding 4 bytes */
-
-	uint32 ptr_1;          /* pointer */
-	uint8  padding_3[32];  /* 0 - padding 32 bytes */
-	uint32 padding_4;      /* 0 - padding 4 bytes */
-
-	uint32 ptr_2;          /* pointer */
-	uint32 padding_5;      /* 0 - padding 4 bytes */
-
-	uint32 ptr_3;          /* pointer */
-	uint8  padding_6[32];  /* 0 - padding 32 bytes */
-
-	uint32 rid_user;       /* user RID */
-	uint32 rid_group;      /* group RID */
-
-	uint16 acct_ctrl;      /* 0080 - ACB_XXXX */
-	uint16 unknown_3;      /* 16 bit padding */
-
-	uint16 unknown_4;      /* 0x003f      - 16 bit unknown */
-	uint16 unknown_5;      /* 0x003c      - 16 bit unknown */
-
-	uint8  padding_7[16];  /* 0 - padding 16 bytes */
-	uint32 padding_8;      /* 0 - padding 4 bytes */
-	
-	UNISTR2 uni_mach_acct; /* unicode string for machine account */
-
-	uint8  padding_9[48];  /* 0 - padding 48 bytes */
-
-} SAM_USER_INFO_17;
-
-
-/* SAM_USER_INFO_16 */
-typedef struct sam_user_info_16
-{
-	uint32 acb_info;
-
-} SAM_USER_INFO_16;
-
-
-/* SAM_USER_INFO_7 */
-typedef struct sam_user_info_7
-{
-	UNIHDR hdr_name;  /* unicode header for name */
-	UNISTR2 uni_name; /* unicode string for name */
-
-} SAM_USER_INFO_7;
-
-
-/* SAM_USER_INFO_9 */
-typedef struct sam_user_info_9
-{
-	uint32 rid_group;     /* Primary Group RID */
-} SAM_USER_INFO_9;
-
-
-/* SAMR_Q_CLOSE_HND - probably a policy handle close */
-typedef struct q_samr_close_hnd_info
-{
-    POLICY_HND pol;          /* policy handle */
-
-} SAMR_Q_CLOSE_HND;
-
-
-/* SAMR_R_CLOSE_HND - probably a policy handle close */
-typedef struct r_samr_close_hnd_info
-{
-	POLICY_HND pol;       /* policy handle */
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_CLOSE_HND;
-
-
-/****************************************************************************
-SAMR_Q_GET_USRDOM_PWINFO - a "set user info" occurs just after this
-*****************************************************************************/
-
-/* SAMR_Q_GET_USRDOM_PWINFO */
-typedef struct q_samr_usrdom_pwinfo_info
-{
-	POLICY_HND user_pol;          /* policy handle */
-
-} SAMR_Q_GET_USRDOM_PWINFO;
-
-
-/****************************************************************************
-SAMR_R_GET_USRDOM_PWINFO - a "set user info" occurs just after this
-*****************************************************************************/
-
-/* SAMR_R_GET_USRDOM_PWINFO */
-typedef struct r_samr_usrdom_pwinfo_info
-{
-	uint16 min_pwd_length;
-	uint16 unknown_1; /* 0x0016 or 0x0015 */
-	uint32 password_properties;
-	NTSTATUS status; 
-
-} SAMR_R_GET_USRDOM_PWINFO;
-
-/****************************************************************************
-SAMR_Q_SET_SEC_OBJ - info level 4.
-*****************************************************************************/
-
-/* SAMR_Q_SET_SEC_OBJ - */
-typedef struct q_samr_set_sec_obj_info
-{
-	POLICY_HND pol;          /* policy handle */
-	uint32 sec_info;         /* xxxx_SECURITY_INFORMATION 0x0000 0004 */
-	SEC_DESC_BUF *buf;
-
-} SAMR_Q_SET_SEC_OBJ;
-
-/* SAMR_R_SET_SEC_OBJ - */
-typedef struct r_samr_set_sec_obj_info
-{
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_SET_SEC_OBJ;
-
-
-/****************************************************************************
-SAMR_Q_QUERY_SEC_OBJ - info level 4.  returns SIDs.
-*****************************************************************************/
-
-/* SAMR_Q_QUERY_SEC_OBJ - probably get domain info... */
-typedef struct q_samr_query_sec_obj_info
-{
-	POLICY_HND user_pol;          /* policy handle */
-	uint32 sec_info;     /* xxxx_SECURITY_INFORMATION 0x0000 0004 */
-
-} SAMR_Q_QUERY_SEC_OBJ;
-
-/* SAMR_R_QUERY_SEC_OBJ - probably an open */
-typedef struct r_samr_query_sec_obj_info
-{
-	uint32 ptr;
-	SEC_DESC_BUF *buf;
-
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_QUERY_SEC_OBJ;
-
-
-/****************************************************************************
-SAMR_Q_QUERY_DOMAIN_INFO - probably a query on domain group info.
-*****************************************************************************/
-
-/* SAMR_Q_QUERY_DOMAIN_INFO - */
-typedef struct q_samr_query_domain_info
-{
-	POLICY_HND domain_pol;   /* policy handle */
-	uint16 switch_value;     /* 0x0002, 0x0001 */
-
-} SAMR_Q_QUERY_DOMAIN_INFO;
-
-typedef struct sam_unknown_info_1_inf
-{
-	uint16 min_length_password;
-	uint16 password_history;
-	uint32 password_properties;
-	NTTIME expire;
-	NTTIME min_passwordage;
-
-} SAM_UNK_INFO_1;
-
-typedef struct sam_unknown_info_2_inf
-{
-	NTTIME logout; /* whether users are forcibly disconnected when logon hours expire */
-	UNIHDR hdr_comment; /* comment according to samba4 idl */
-	UNIHDR hdr_domain; /* domain name unicode header */
-	UNIHDR hdr_server; /* server name unicode header */
-
-	/* put all the data in here, at the moment, including what the above
-	   pointer is referring to
-	 */
-
-	uint64 seq_num;
-	
-	uint32 unknown_4; /* 0x0000 0001 */
-	uint32 server_role;
-	uint32 unknown_6; /* 0x0000 0001 */
-	uint32 num_domain_usrs; /* number of users in domain */
-	uint32 num_domain_grps; /* number of domain groups in domain */
-	uint32 num_local_grps; /* number of local groups in domain */
-
-	UNISTR2 uni_comment; /* comment unicode string */
-	UNISTR2 uni_domain; /* domain name unicode string */
-	UNISTR2 uni_server; /* server name unicode string */
-
-} SAM_UNK_INFO_2;
-
-typedef struct sam_unknown_info_3_info
-{
-	NTTIME logout;	
-	/* 0x8000 0000 */ /* DON'T forcibly disconnect remote users from server when logon hours expire*/
-	/* 0x0000 0000 */ /* forcibly disconnect remote users from server when logon hours expire*/
-
-} SAM_UNK_INFO_3;
-
-typedef struct sam_unknown_info_4_inf
-{
-	UNIHDR hdr_comment; /* comment according to samba4 idl */
-	UNISTR2 uni_comment; /* comment unicode string */
-
-} SAM_UNK_INFO_4;
-
-typedef struct sam_unknown_info_5_inf
-{
-	UNIHDR hdr_domain; /* domain name unicode header */
-	UNISTR2 uni_domain; /* domain name unicode string */
-
-} SAM_UNK_INFO_5;
-
-typedef struct sam_unknown_info_6_info
-{
-	UNIHDR hdr_server; /* server name unicode header */
-	UNISTR2 uni_server; /* server name unicode string */
-
-} SAM_UNK_INFO_6;
-
-typedef struct sam_unknown_info_7_info
-{
-	uint16 server_role;
-
-} SAM_UNK_INFO_7;
-
-typedef struct sam_unknown_info_8_info
-{
-	uint64 seq_num;
-	NTTIME domain_create_time;
-
-} SAM_UNK_INFO_8;
-
-typedef struct sam_unknown_info_9_info
-{
-	uint32 unknown;
-
-} SAM_UNK_INFO_9;
-
-typedef struct sam_unknown_info_12_inf
-{
-	NTTIME duration;
-	NTTIME reset_count;
-	uint16 bad_attempt_lockout;
-
-} SAM_UNK_INFO_12;
-
-typedef struct sam_unknown_info_13_info
-{
-	uint64 seq_num;
-	NTTIME domain_create_time;
-	uint32 unknown1;
-	uint32 unknown2;
-
-} SAM_UNK_INFO_13;
-
-typedef struct sam_unknown_ctr_info
-{
-	union
-	{
-		SAM_UNK_INFO_1 inf1;
-		SAM_UNK_INFO_2 inf2;
-		SAM_UNK_INFO_3 inf3;
-		SAM_UNK_INFO_4 inf4;
-		SAM_UNK_INFO_5 inf5;
-		SAM_UNK_INFO_6 inf6;
-		SAM_UNK_INFO_7 inf7;
-		SAM_UNK_INFO_8 inf8;
-		SAM_UNK_INFO_9 inf9;
-		SAM_UNK_INFO_12 inf12;
-		SAM_UNK_INFO_13 inf13;
-
-	} info;
-
-} SAM_UNK_CTR;
-
-
-/* SAMR_R_QUERY_DOMAIN_INFO - */
-typedef struct r_samr_query_domain_info
-{
-	uint32 ptr_0;
-	uint16 switch_value; /* same as in query */
-
-	SAM_UNK_CTR *ctr;
-
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_QUERY_DOMAIN_INFO;
-
-
-/* SAMR_Q_LOOKUP_DOMAIN - obtain SID for a local domain */
-typedef struct q_samr_lookup_domain_info
-{
-	POLICY_HND connect_pol;
-
-	UNIHDR  hdr_domain;
-	UNISTR2 uni_domain;
-
-} SAMR_Q_LOOKUP_DOMAIN;
-
-
-/* SAMR_R_LOOKUP_DOMAIN */
-typedef struct r_samr_lookup_domain_info
-{
-	uint32   ptr_sid;
-	DOM_SID2 dom_sid;
-
-	NTSTATUS status;
-
-} SAMR_R_LOOKUP_DOMAIN;
-
-
-/****************************************************************************
-SAMR_Q_OPEN_DOMAIN - unknown_0 values seen associated with SIDs:
-
-0x0000 03f1 and a specific   domain sid - S-1-5-21-44c01ca6-797e5c3d-33f83fd0
-0x0000 0200 and a specific   domain sid - S-1-5-21-44c01ca6-797e5c3d-33f83fd0
-*****************************************************************************/
-
-/* SAMR_Q_OPEN_DOMAIN */
-typedef struct q_samr_open_domain_info
-{
-	POLICY_HND pol;   /* policy handle */
-	uint32 flags;               /* 0x2000 0000; 0x0000 0211; 0x0000 0280; 0x0000 0200 - flags? */
-	DOM_SID2 dom_sid;         /* domain SID */
-
-} SAMR_Q_OPEN_DOMAIN;
-
-
-/* SAMR_R_OPEN_DOMAIN - probably an open */
-typedef struct r_samr_open_domain_info
-{
-	POLICY_HND domain_pol; /* policy handle associated with the SID */
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_OPEN_DOMAIN;
-
-#define MAX_SAM_ENTRIES_W2K 0x400
-#define MAX_SAM_ENTRIES_W95 50
-/* The following should be the greater of the preceeding two. */
-#define MAX_SAM_ENTRIES MAX_SAM_ENTRIES_W2K
-
-typedef struct samr_entry_info
-{
-	uint32 rid;
-	UNIHDR hdr_name;
-
-} SAM_ENTRY;
-
-
-/* SAMR_Q_ENUM_DOMAINS - SAM rids and names */
-typedef struct q_samr_enum_domains_info
-{
-	POLICY_HND pol;     /* policy handle */
-
-	uint32 start_idx;   /* enumeration handle */
-	uint32 max_size;    /* 0x0000 ffff */
-
-} SAMR_Q_ENUM_DOMAINS;
-
-/* SAMR_R_ENUM_DOMAINS - SAM rids and Domain names */
-typedef struct r_samr_enum_domains_info
-{
-	uint32 next_idx;     /* next starting index required for enum */
-	uint32 ptr_entries1;  
-
-	uint32 num_entries2;
-	uint32 ptr_entries2;
-
-	uint32 num_entries3;
-
-	SAM_ENTRY *sam;
-	UNISTR2 *uni_dom_name;
-
-	uint32 num_entries4;
-
-	NTSTATUS status;
-
-} SAMR_R_ENUM_DOMAINS;
-
-/* SAMR_Q_ENUM_DOM_USERS - SAM rids and names */
-typedef struct q_samr_enum_dom_users_info
-{
-	POLICY_HND pol;          /* policy handle */
-
-	uint32 start_idx;   /* number of values (0 indicates unlimited?) */
-	uint32 acb_mask;          /* 0x0000 indicates all */
-
-	uint32 max_size;              /* 0x0000 ffff */
-
-} SAMR_Q_ENUM_DOM_USERS;
-
-
-/* SAMR_R_ENUM_DOM_USERS - SAM rids and names */
-typedef struct r_samr_enum_dom_users_info
-{
-	uint32 next_idx;     /* next starting index required for enum */
-	uint32 ptr_entries1;  
-
-	uint32 num_entries2;
-	uint32 ptr_entries2;
-
-	uint32 num_entries3;
-
-	SAM_ENTRY *sam;
-	UNISTR2 *uni_acct_name;
-
-	uint32 num_entries4;
-
-	NTSTATUS status;
-
-} SAMR_R_ENUM_DOM_USERS;
-
-
-/* SAMR_Q_ENUM_DOM_GROUPS - SAM rids and names */
-typedef struct q_samr_enum_dom_groups_info
-{
-	POLICY_HND pol;          /* policy handle */
-
-	/* this is possibly an enumeration context handle... */
-	uint32 start_idx;         /* 0x0000 0000 */
-
-	uint32 max_size;              /* 0x0000 ffff */
-
-} SAMR_Q_ENUM_DOM_GROUPS;
-
-
-/* SAMR_R_ENUM_DOM_GROUPS - SAM rids and names */
-typedef struct r_samr_enum_dom_groups_info
-{
-	uint32 next_idx;
-	uint32 ptr_entries1;
-
-	uint32 num_entries2;
-	uint32 ptr_entries2;
-
-	uint32 num_entries3;
-
-	SAM_ENTRY *sam;
-	UNISTR2 *uni_grp_name;
-
-	uint32 num_entries4;
-
-	NTSTATUS status;
-
-} SAMR_R_ENUM_DOM_GROUPS;
-
-
-/* SAMR_Q_ENUM_DOM_ALIASES - SAM rids and names */
-typedef struct q_samr_enum_dom_aliases_info
-{
-	POLICY_HND pol;          /* policy handle */
-
-	/* this is possibly an enumeration context handle... */
-	uint32 start_idx;         /* 0x0000 0000 */
-
-	uint32 max_size;              /* 0x0000 ffff */
-
-} SAMR_Q_ENUM_DOM_ALIASES;
-
-
-/* SAMR_R_ENUM_DOM_ALIASES - SAM rids and names */
-typedef struct r_samr_enum_dom_aliases_info
-{
-	uint32 next_idx;
-	uint32 ptr_entries1;
-
-	uint32 num_entries2;
-	uint32 ptr_entries2;
-
-	uint32 num_entries3;
-
-	SAM_ENTRY *sam;
-	UNISTR2 *uni_grp_name;
-
-	uint32 num_entries4;
-
-	NTSTATUS status;
-
-} SAMR_R_ENUM_DOM_ALIASES;
-
-
-/* -- Level 1 Display Info - User Information -- */
-
-typedef struct samr_entry_info1
-{
-	uint32 user_idx;
-
-	uint32 rid_user;
-	uint32 acb_info;
-
-	UNIHDR hdr_acct_name;
-	UNIHDR hdr_user_name;
-	UNIHDR hdr_user_desc;
-
-} SAM_ENTRY1;
-
-typedef struct samr_str_entry_info1
-{
-	UNISTR2 uni_acct_name;
-	UNISTR2 uni_full_name;
-	UNISTR2 uni_acct_desc;
-
-} SAM_STR1;
-
-typedef struct sam_entry_info_1
-{
-	SAM_ENTRY1 *sam;
-	SAM_STR1   *str;
-
-} SAM_DISPINFO_1;
-
-
-/* -- Level 2 Display Info - Trust Account Information -- */
-
-typedef struct samr_entry_info2
-{
-	uint32 user_idx;
-
-	uint32 rid_user;
-	uint32 acb_info;
-
-	UNIHDR hdr_srv_name;
-	UNIHDR hdr_srv_desc;
-
-} SAM_ENTRY2;
-
-typedef struct samr_str_entry_info2
-{
-	UNISTR2 uni_srv_name;
-	UNISTR2 uni_srv_desc;
-
-} SAM_STR2;
-
-typedef struct sam_entry_info_2
-{
-	SAM_ENTRY2 *sam;
-	SAM_STR2   *str;
-
-} SAM_DISPINFO_2;
-
-
-/* -- Level 3 Display Info - Domain Group Information -- */
-
-typedef struct samr_entry_info3
-{
-	uint32 grp_idx;
-
-	uint32 rid_grp;
-	uint32 attr;     /* SE_GROUP_xxx, usually 7 */
-
-	UNIHDR hdr_grp_name;
-	UNIHDR hdr_grp_desc;
-
-} SAM_ENTRY3;
-
-typedef struct samr_str_entry_info3
-{
-	UNISTR2 uni_grp_name;
-	UNISTR2 uni_grp_desc;
-
-} SAM_STR3;
-
-typedef struct sam_entry_info_3
-{
-	SAM_ENTRY3 *sam;
-	SAM_STR3   *str;
-
-} SAM_DISPINFO_3;
-
-
-/* -- Level 4 Display Info - User List (ASCII) -- */
-
-typedef struct samr_entry_info4
-{
-	uint32 user_idx;
-	STRHDR hdr_acct_name;
-
-} SAM_ENTRY4;
-
-typedef struct samr_str_entry_info4
-{
-	STRING2 acct_name;
-
-} SAM_STR4;
-
-typedef struct sam_entry_info_4
-{
-	SAM_ENTRY4 *sam;
-	SAM_STR4   *str;
-
-} SAM_DISPINFO_4;
-
-
-/* -- Level 5 Display Info - Group List (ASCII) -- */
-
-typedef struct samr_entry_info5
-{
-	uint32 grp_idx;
-	STRHDR hdr_grp_name;
-
-} SAM_ENTRY5;
-
-typedef struct samr_str_entry_info5
-{
-	STRING2 grp_name;
-
-} SAM_STR5;
-
-typedef struct sam_entry_info_5
-{
-	SAM_ENTRY5 *sam;
-	SAM_STR5   *str;
-
-} SAM_DISPINFO_5;
-
-
-typedef struct sam_dispinfo_ctr_info
-{
-	union
-	{
-		SAM_DISPINFO_1 *info1; /* users/names/descriptions */
-		SAM_DISPINFO_2 *info2; /* trust accounts */
-		SAM_DISPINFO_3 *info3; /* domain groups/descriptions */
-		SAM_DISPINFO_4 *info4; /* user list (ASCII) - used by Win95 */
-		SAM_DISPINFO_5 *info5; /* group list (ASCII) */
-		void       *info; /* allows assignment without typecasting, */
-
-	} sam;
-
-} SAM_DISPINFO_CTR;
-
-
-/* SAMR_Q_QUERY_DISPINFO - SAM rids, names and descriptions */
-typedef struct q_samr_query_disp_info
-{
-	POLICY_HND domain_pol;
-
-	uint16 switch_level;    /* see SAM_DISPINFO_CTR above */
-	/* align */
-
-	uint32 start_idx;       /* start enumeration index */
-	uint32 max_entries;     /* maximum number of entries to return */
-	uint32 max_size;        /* recommended data size; if exceeded server
-				   should return STATUS_MORE_ENTRIES */
-
-} SAMR_Q_QUERY_DISPINFO;
-
-
-/* SAMR_R_QUERY_DISPINFO  */
-typedef struct r_samr_query_dispinfo_info
-{
-	uint32 total_size;     /* total data size for all matching entries
-				  (0 = uncalculated) */
-	uint32 data_size;      /* actual data size returned = size of SAM_ENTRY
-				  structures + total length of strings */
-
-	uint16 switch_level;   /* see SAM_DISPINFO_CTR above */
-	/* align */
-
-	uint32 num_entries;    /* number of entries returned */
-	uint32 ptr_entries;
-	uint32 num_entries2;
-
-	SAM_DISPINFO_CTR *ctr;
-
-	NTSTATUS status;
-
-} SAMR_R_QUERY_DISPINFO;
-
-/* SAMR_Q_GET_DISPENUM_INDEX */
-typedef struct q_samr_get_dispenum_index
-{
-	POLICY_HND domain_pol;
-	uint16 switch_level;
-	LSA_STRING name;
-
-} SAMR_Q_GET_DISPENUM_INDEX;
-
-/* SAMR_R_GET_DISPENUM_INDEX */
-typedef struct r_samr_get_dispenum_index
-{
-	uint32 idx;
-	NTSTATUS status;
-	
-} SAMR_R_GET_DISPENUM_INDEX;
-
-/* SAMR_Q_DELETE_DOM_GROUP - delete domain group */
-typedef struct q_samr_delete_dom_group_info
-{
-    POLICY_HND group_pol;          /* policy handle */
-
-} SAMR_Q_DELETE_DOM_GROUP;
-
-
-/* SAMR_R_DELETE_DOM_GROUP - delete domain group */
-typedef struct r_samr_delete_dom_group_info
-{
-	POLICY_HND pol;       /* policy handle */
-	NTSTATUS status;        /* return status */
-
-} SAMR_R_DELETE_DOM_GROUP;
-
-
-/* SAMR_Q_CREATE_DOM_GROUP - SAM create group */
-typedef struct q_samr_create_dom_group_info
-{
-	POLICY_HND pol;        /* policy handle */
-
-	UNIHDR hdr_acct_desc;
-	UNISTR2 uni_acct_desc;
-
-	uint32 access_mask;    
-
-} SAMR_Q_CREATE_DOM_GROUP;
-
-/* SAMR_R_CREATE_DOM_GROUP - SAM create group */
-typedef struct r_samr_create_dom_group_info
-{
-	POLICY_HND pol;        /* policy handle */
-
-	uint32 rid;    
-	NTSTATUS status;    
-
-} SAMR_R_CREATE_DOM_GROUP;
-
-/* SAMR_Q_QUERY_GROUPINFO - SAM Group Info */
-typedef struct q_samr_query_group_info
-{
-	POLICY_HND pol;        /* policy handle */
-
-	uint16 switch_level;    /* 0x0001 seen */
-
-} SAMR_Q_QUERY_GROUPINFO;
-
-typedef struct samr_group_info1
-{
-	UNIHDR hdr_acct_name;
-
-	uint32 group_attr; /* 0x0000 0003 - group attribute */
-	uint32 num_members; /* 0x0000 0001 - number of group members? */
-
-	UNIHDR hdr_acct_desc;
-
-	UNISTR2 uni_acct_name;
-	UNISTR2 uni_acct_desc;
-
-} GROUP_INFO1;
-
-typedef struct samr_group_info2
-{
-	uint16 level;
-	UNIHDR hdr_acct_name;
-	UNISTR2 uni_acct_name;
-
-} GROUP_INFO2;
-
-typedef struct samr_group_info3
-{
-	uint32 group_attr; /* 0x0000 0003 - group attribute */
-
-} GROUP_INFO3;
-
-typedef struct samr_group_info4
-{
-	uint16 level;
-	UNIHDR hdr_acct_desc;
-	UNISTR2 uni_acct_desc;
-
-} GROUP_INFO4;
-
-typedef struct samr_group_info5
-{
-	UNIHDR hdr_acct_name;
-
-	uint32 group_attr; /* 0x0000 0003 - group attribute */
-	uint32 num_members; /* 0x0000 0001 - number of group members? */
-
-	UNIHDR hdr_acct_desc;
-
-	UNISTR2 uni_acct_name;
-	UNISTR2 uni_acct_desc;
-
-} GROUP_INFO5;
-
-
-/* GROUP_INFO_CTR */
-typedef struct group_info_ctr
-{
-	uint16 switch_value1;
-
-	union
- 	{
-		GROUP_INFO1 info1;
-		GROUP_INFO2 info2;
-		GROUP_INFO3 info3;
-		GROUP_INFO4 info4;
-		GROUP_INFO5 info5;
-	} group;
-
-} GROUP_INFO_CTR;
-
-/* SAMR_R_QUERY_GROUPINFO - SAM Group Info */
-typedef struct r_samr_query_groupinfo_info
-{
-	uint32 ptr;        
-	GROUP_INFO_CTR *ctr;
-
-	NTSTATUS status;
-
-} SAMR_R_QUERY_GROUPINFO;
-
-
-/* SAMR_Q_SET_GROUPINFO - SAM Group Info */
-typedef struct q_samr_set_group_info
-{
-	POLICY_HND pol;        /* policy handle */
-	GROUP_INFO_CTR *ctr;
-
-} SAMR_Q_SET_GROUPINFO;
-
-/* SAMR_R_SET_GROUPINFO - SAM Group Info */
-typedef struct r_samr_set_group_info
-{
-	NTSTATUS status;
-
-} SAMR_R_SET_GROUPINFO;
-
-
-/* SAMR_Q_DELETE_DOM_ALIAS - delete domain alias */
-typedef struct q_samr_delete_dom_alias_info
-{
-    POLICY_HND alias_pol;          /* policy handle */
-
-} SAMR_Q_DELETE_DOM_ALIAS;
-
-
-/* SAMR_R_DELETE_DOM_ALIAS - delete domain alias */
-typedef struct r_samr_delete_dom_alias_info
-{
-	POLICY_HND pol;       /* policy handle */
-	NTSTATUS status;        /* return status */
-
-} SAMR_R_DELETE_DOM_ALIAS;
-
-
-/* SAMR_Q_CREATE_DOM_ALIAS - SAM create alias */
-typedef struct q_samr_create_dom_alias_info
-{
-	POLICY_HND dom_pol;        /* policy handle */
-
-	UNIHDR hdr_acct_desc;
-	UNISTR2 uni_acct_desc;
-
-	uint32 access_mask;    /* 0x001f000f */
-
-} SAMR_Q_CREATE_DOM_ALIAS;
-
-/* SAMR_R_CREATE_DOM_ALIAS - SAM create alias */
-typedef struct r_samr_create_dom_alias_info
-{
-	POLICY_HND alias_pol;        /* policy handle */
-
-	uint32 rid;    
-	NTSTATUS status;    
-
-} SAMR_R_CREATE_DOM_ALIAS;
-
-
-/********************************************************/
-
-typedef struct {
-	UNISTR4 name;
-	UNISTR4 description;
-	uint32 num_member;
-} ALIAS_INFO1;
-
-typedef struct {
-	UNISTR4 name;
-} ALIAS_INFO2;
-
-typedef struct {
-	UNISTR4 description;
-} ALIAS_INFO3;
-
-typedef struct {
-	POLICY_HND pol;        /* policy handle */
-	uint16 level;    /* 0x0003 seen */
-} SAMR_Q_QUERY_ALIASINFO;
-
-typedef struct {
-	uint16 level;
-	union {
-		ALIAS_INFO1 info1;
-		ALIAS_INFO2 info2;
-		ALIAS_INFO3 info3;
-	} alias;
-} ALIAS_INFO_CTR;
-
-typedef struct {
-	ALIAS_INFO_CTR *ctr;
-	NTSTATUS status;
-} SAMR_R_QUERY_ALIASINFO;
-
-
-/********************************************************/
-
-typedef struct {
-	POLICY_HND alias_pol;        /* policy handle */
-	ALIAS_INFO_CTR ctr;
-} SAMR_Q_SET_ALIASINFO;
-
-typedef struct {
-	NTSTATUS status;
-} SAMR_R_SET_ALIASINFO;
-
-
-/********************************************************/
-
-/* SAMR_Q_QUERY_USERGROUPS - */
-typedef struct q_samr_query_usergroup_info
-{
-	POLICY_HND pol;          /* policy handle associated with unknown id */
-
-} SAMR_Q_QUERY_USERGROUPS;
-
-/* SAMR_R_QUERY_USERGROUPS - probably a get sam info */
-typedef struct r_samr_query_usergroup_info
-{
-	uint32 ptr_0;            /* pointer */
-	uint32 num_entries;      /* number of RID groups */
-	uint32 ptr_1;            /* pointer */
-	uint32 num_entries2;     /* number of RID groups */
-
-	DOM_GID *gid; /* group info */
-
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_QUERY_USERGROUPS;
-
-/* SAM_USERINFO_CTR - sam user info */
-typedef struct sam_userinfo_ctr_info
-{
-	uint16 switch_value;      
-
-	union
-	{
-		SAM_USER_INFO_7  *id7;
-		SAM_USER_INFO_9  *id9;
-		SAM_USER_INFO_16 *id16;
-		SAM_USER_INFO_17 *id17;
-		SAM_USER_INFO_18 *id18;
-		SAM_USER_INFO_20 *id20;
-		SAM_USER_INFO_21 *id21;
-		SAM_USER_INFO_23 *id23;
-		SAM_USER_INFO_24 *id24;
-		SAM_USER_INFO_25 *id25;
-		SAM_USER_INFO_26 *id26;
-		void* id; /* to make typecasting easy */
-
-	} info;
-
-} SAM_USERINFO_CTR;
-
-
-/* SAMR_Q_SET_USERINFO2 - set sam info */
-typedef struct q_samr_set_user_info2
-{
-	POLICY_HND pol;          /* policy handle associated with user */
-	uint16 switch_value;      /* 0x0010 */
-
-	SAM_USERINFO_CTR *ctr;
-
-} SAMR_Q_SET_USERINFO2;
-
-/* SAMR_R_SET_USERINFO2 - set sam info */
-typedef struct r_samr_set_user_info2
-{
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_SET_USERINFO2;
-
-/* SAMR_Q_SET_USERINFO - set sam info */
-typedef struct q_samr_set_user_info
-{
-	POLICY_HND pol;          /* policy handle associated with user */
-	uint16 switch_value;
-	SAM_USERINFO_CTR *ctr;
-
-} SAMR_Q_SET_USERINFO;
-
-/* SAMR_R_SET_USERINFO - set sam info */
-typedef struct r_samr_set_user_info
-{
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_SET_USERINFO;
-
-
-/* SAMR_Q_QUERY_USERINFO - probably a get sam info */
-typedef struct q_samr_query_user_info
-{
-	POLICY_HND pol;          /* policy handle associated with unknown id */
-	uint16 switch_value;         /* 0x0015, 0x0011 or 0x0010 - 16 bit unknown */
-
-} SAMR_Q_QUERY_USERINFO;
-
-/* SAMR_R_QUERY_USERINFO - probably a get sam info */
-typedef struct r_samr_query_user_info
-{
-	uint32 ptr;            /* pointer */
-	SAM_USERINFO_CTR *ctr;
-
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_QUERY_USERINFO;
-
-
-/****************************************************************************
-SAMR_Q_QUERY_USERALIASES - do a conversion from name to RID.
-
-the policy handle allocated by an "samr open secret" call is associated
-with a SID.  this policy handle is what is queried here, *not* the SID
-itself.  the response to the lookup rids is relative to this SID.
-*****************************************************************************/
-/* SAMR_Q_QUERY_USERALIASES */
-typedef struct q_samr_query_useraliases_info
-{
-	POLICY_HND pol;       /* policy handle */
-
-	uint32 num_sids1;      /* number of rids being looked up */
-	uint32 ptr;            /* buffer pointer */
-	uint32 num_sids2;      /* number of rids being looked up */
-
-	uint32   *ptr_sid; /* pointers to sids to be looked up */
-	DOM_SID2 *sid    ; /* sids to be looked up. */
-
-} SAMR_Q_QUERY_USERALIASES;
-
-
-/* SAMR_R_QUERY_USERALIASES */
-typedef struct r_samr_query_useraliases_info
-{
-	uint32 num_entries;
-	uint32 ptr; /* undocumented buffer pointer */
-
-	uint32 num_entries2; 
-	uint32 *rid; /* domain RIDs being looked up */
-
-	NTSTATUS status; /* return code */
-
-} SAMR_R_QUERY_USERALIASES;
-
-
-/****************************************************************************
-SAMR_Q_LOOKUP_NAMES - do a conversion from Names to RIDs+types.
-*****************************************************************************/
-/* SAMR_Q_LOOKUP_NAMES */
-typedef struct q_samr_lookup_names_info
-{
-	POLICY_HND pol;       /* policy handle */
-
-	uint32 num_names1;      /* number of names being looked up */
-	uint32 flags;           /* 0x0000 03e8 - unknown */
-	uint32 ptr;            /* 0x0000 0000 - 32 bit unknown */
-	uint32 num_names2;      /* number of names being looked up */
-
-	UNIHDR  *hdr_name; /* unicode account name header */
-	UNISTR2 *uni_name; /* unicode account name string */
-
-} SAMR_Q_LOOKUP_NAMES;
-
-
-/* SAMR_R_LOOKUP_NAMES */
-typedef struct r_samr_lookup_names_info
-{
-	uint32 num_rids1;      /* number of aliases being looked up */
-	uint32 ptr_rids;       /* pointer to aliases */
-	uint32 num_rids2;      /* number of aliases being looked up */
-
-	uint32 *rids; /* rids */
-
-	uint32 num_types1;      /* number of users in aliases being looked up */
-	uint32 ptr_types;       /* pointer to users in aliases */
-	uint32 num_types2;      /* number of users in aliases being looked up */
-
-	uint32 *types; /* SID_ENUM type */
-
-	NTSTATUS status; /* return code */
-
-} SAMR_R_LOOKUP_NAMES;
-
-
-/****************************************************************************
-SAMR_Q_LOOKUP_RIDS - do a conversion from RID groups to something.
-
-called to resolve domain RID groups.
-*****************************************************************************/
-/* SAMR_Q_LOOKUP_RIDS */
-typedef struct q_samr_lookup_rids_info
-{
-	POLICY_HND pol;       /* policy handle */
-
-	uint32 num_rids1;      /* number of rids being looked up */
-	uint32 flags;          /* 0x0000 03e8 - unknown */
-	uint32 ptr;            /* 0x0000 0000 - 32 bit unknown */
-	uint32 num_rids2;      /* number of rids being looked up */
-
-	uint32 *rid; /* domain RIDs being looked up */
-
-} SAMR_Q_LOOKUP_RIDS;
-
-
-/****************************************************************************
-SAMR_R_LOOKUP_RIDS - do a conversion from group RID to names
-
-*****************************************************************************/
-/* SAMR_R_LOOKUP_RIDS */
-typedef struct r_samr_lookup_rids_info
-{
-	uint32 num_names1;      /* number of aliases being looked up */
-	uint32 ptr_names;       /* pointer to aliases */
-	uint32 num_names2;      /* number of aliases being looked up */
-
-	UNIHDR  *hdr_name; /* unicode account name header */
-	UNISTR2 *uni_name; /* unicode account name string */
-
-	uint32 num_types1;      /* number of users in aliases being looked up */
-	uint32 ptr_types;       /* pointer to users in aliases */
-	uint32 num_types2;      /* number of users in aliases being looked up */
-
-	uint32 *type; /* SID_ENUM type */
-
-	NTSTATUS status;
-
-} SAMR_R_LOOKUP_RIDS;
-
-
-/* SAMR_Q_OPEN_USER - probably an open */
-typedef struct q_samr_open_user_info
-{
-	POLICY_HND domain_pol;       /* policy handle */
-	uint32 access_mask;     /* 32 bit unknown - 0x02011b */
-	uint32 user_rid;      /* user RID */
-
-} SAMR_Q_OPEN_USER;
-
-
-/* SAMR_R_OPEN_USER - probably an open */
-typedef struct r_samr_open_user_info
-{
-	POLICY_HND user_pol;       /* policy handle associated with unknown id */
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_OPEN_USER;
-
-
-/* SAMR_Q_CREATE_USER - probably a create */
-typedef struct q_samr_create_user_info
-{
-	POLICY_HND domain_pol;       /* policy handle */
-
-	UNIHDR  hdr_name;       /* unicode account name header */
-	UNISTR2 uni_name;       /* unicode account name */
-
-	uint32 acb_info;      /* account control info */
-	uint32 access_mask;     /* 0xe005 00b0 */
-
-} SAMR_Q_CREATE_USER;
-
-
-/* SAMR_R_CREATE_USER - probably a create */
-typedef struct r_samr_create_user_info
-{
-	POLICY_HND user_pol;       /* policy handle associated with user */
-
-	uint32 access_granted;
-	uint32 user_rid;      /* user RID */
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_CREATE_USER;
-
-
-/* SAMR_Q_DELETE_DOM_USER - delete domain user */
-typedef struct q_samr_delete_dom_user_info
-{
-    POLICY_HND user_pol;          /* policy handle */
-
-} SAMR_Q_DELETE_DOM_USER;
-
-
-/* SAMR_R_DELETE_DOM_USER - delete domain user */
-typedef struct r_samr_delete_dom_user_info
-{
-	POLICY_HND pol;       /* policy handle */
-	NTSTATUS status;        /* return status */
-
-} SAMR_R_DELETE_DOM_USER;
-
-
-/* SAMR_Q_QUERY_GROUPMEM - query group members */
-typedef struct q_samr_query_groupmem_info
-{
-	POLICY_HND group_pol;        /* policy handle */
-
-} SAMR_Q_QUERY_GROUPMEM;
-
-
-/* SAMR_R_QUERY_GROUPMEM - query group members */
-typedef struct r_samr_query_groupmem_info
-{
-	uint32 ptr;
-	uint32 num_entries;
-
-	uint32 ptr_rids;
-	uint32 ptr_attrs;
-
-	uint32 num_rids;
-	uint32 *rid;
-
-	uint32 num_attrs;
-	uint32 *attr;
-
-	NTSTATUS status;
-
-} SAMR_R_QUERY_GROUPMEM;
-
-
-/* SAMR_Q_DEL_GROUPMEM - probably an del group member */
-typedef struct q_samr_del_group_mem_info
-{
-	POLICY_HND pol;       /* policy handle */
-	uint32 rid;         /* rid */
-
-} SAMR_Q_DEL_GROUPMEM;
-
-
-/* SAMR_R_DEL_GROUPMEM - probably an del group member */
-typedef struct r_samr_del_group_mem_info
-{
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_DEL_GROUPMEM;
-
-
-/* SAMR_Q_ADD_GROUPMEM - probably an add group member */
-typedef struct q_samr_add_group_mem_info
-{
-	POLICY_HND pol;       /* policy handle */
-
-	uint32 rid;         /* rid */
-	uint32 unknown;     /* 0x0000 0005 */
-
-} SAMR_Q_ADD_GROUPMEM;
-
-
-/* SAMR_R_ADD_GROUPMEM - probably an add group member */
-typedef struct r_samr_add_group_mem_info
-{
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_ADD_GROUPMEM;
-
-
-/* SAMR_Q_OPEN_GROUP - probably an open */
-typedef struct q_samr_open_group_info
-{
-	POLICY_HND domain_pol;       /* policy handle */
-	uint32 access_mask;         /* 0x0000 0001, 0x0000 0003, 0x0000 001f */
-	uint32 rid_group;        /* rid */
-
-} SAMR_Q_OPEN_GROUP;
-
-
-/* SAMR_R_OPEN_GROUP - probably an open */
-typedef struct r_samr_open_group_info
-{
-	POLICY_HND pol;       /* policy handle */
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_OPEN_GROUP;
-
-
-/* SAMR_Q_QUERY_ALIASMEM - query alias members */
-typedef struct q_samr_query_aliasmem_info
-{
-	POLICY_HND alias_pol;        /* policy handle */
-
-} SAMR_Q_QUERY_ALIASMEM;
-
-
-/* SAMR_R_QUERY_ALIASMEM - query alias members */
-typedef struct r_samr_query_aliasmem_info
-{
-	uint32 num_sids;
-	uint32 ptr;
-	uint32 num_sids1;
-
-	DOM_SID2 *sid;
-
-	NTSTATUS status;
-
-} SAMR_R_QUERY_ALIASMEM;
-
-
-/* SAMR_Q_ADD_ALIASMEM - add alias member */
-typedef struct q_samr_add_alias_mem_info
-{
-	POLICY_HND alias_pol;       /* policy handle */
-
-	DOM_SID2 sid; /* member sid to be added to the alias */
-
-} SAMR_Q_ADD_ALIASMEM;
-
-
-/* SAMR_R_ADD_ALIASMEM - add alias member */
-typedef struct r_samr_add_alias_mem_info
-{
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_ADD_ALIASMEM;
-
-
-/* SAMR_Q_DEL_ALIASMEM - add an add alias member */
-typedef struct q_samr_del_alias_mem_info
-{
-	POLICY_HND alias_pol;       /* policy handle */
-
-	DOM_SID2 sid; /* member sid to be added to alias */
-
-} SAMR_Q_DEL_ALIASMEM;
-
-
-/* SAMR_R_DEL_ALIASMEM - delete alias member */
-typedef struct r_samr_del_alias_mem_info
-{
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_DEL_ALIASMEM;
-
-
-
-/* SAMR_Q_OPEN_ALIAS - probably an open */
-typedef struct q_samr_open_alias_info
-{
-	POLICY_HND dom_pol;
-
-	uint32 access_mask;         
-	uint32 rid_alias;
-
-} SAMR_Q_OPEN_ALIAS;
-
-
-/* SAMR_R_OPEN_ALIAS - probably an open */
-typedef struct r_samr_open_alias_info
-{
-	POLICY_HND pol;       /* policy handle */
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_OPEN_ALIAS;
-
-
-/* SAMR_Q_CONNECT_ANON - probably an open */
-typedef struct q_samr_connect_anon_info {
-	uint32 ptr;                  /* ptr? */
-	uint16 unknown_0;	     /* Only pushed if ptr is non-zero. */
-	uint32 access_mask;
-} SAMR_Q_CONNECT_ANON;
-
-/* SAMR_R_CONNECT_ANON - probably an open */
-typedef struct r_samr_connect_anon_info
-{
-	POLICY_HND connect_pol;       /* policy handle */
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_CONNECT_ANON;
-
-/* SAMR_Q_CONNECT - probably an open */
-typedef struct q_samr_connect_info
-{
-	uint32 ptr_srv_name;         /* pointer (to server name?) */
-	UNISTR2 uni_srv_name;        /* unicode server name starting with '\\' */
-
-	uint32 access_mask;            
-
-} SAMR_Q_CONNECT;
-
-
-/* SAMR_R_CONNECT - probably an open */
-typedef struct r_samr_connect_info
-{
-	POLICY_HND connect_pol;       /* policy handle */
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_CONNECT;
-
-/* SAMR_Q_CONNECT4 */
-typedef struct q_samr_connect4_info
-{
-	uint32 ptr_srv_name; /* pointer to server name */
-	UNISTR2 uni_srv_name;
-
-	uint32 unk_0; /* possible server name type, 1 for IP num, 2 for name */
-	uint32 access_mask;
-} SAMR_Q_CONNECT4;
-
-/* SAMR_R_CONNECT4 - same format as connect */
-typedef struct r_samr_connect_info SAMR_R_CONNECT4;       
-
-/* SAMR_Q_CONNECT5 */
-typedef struct q_samr_connect5_info
-{
-	uint32 ptr_srv_name; /* pointer to server name */
-	UNISTR2 uni_srv_name;
-	uint32 access_mask;
-	uint32 level;
-	/* These following are acutally a level dependent
-	   value. Fudge it for now. JRA */
-	uint32 info1_unk1;
-	uint32 info1_unk2;
-} SAMR_Q_CONNECT5;
-
-/* SAMR_R_CONNECT5 */
-typedef struct r_samr_connect_info5
-{
-	uint32 level;
-	uint32 info1_unk1;
-	uint32 info1_unk2;
-	POLICY_HND connect_pol;       /* policy handle */
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_CONNECT5;
-
-
-/* SAMR_Q_GET_DOM_PWINFO */
-typedef struct q_samr_get_dom_pwinfo
-{
-	uint32 ptr; 
-	UNIHDR  hdr_srv_name;
-	UNISTR2 uni_srv_name;
-
-} SAMR_Q_GET_DOM_PWINFO;
-
-#define DOMAIN_PASSWORD_COMPLEX		0x00000001
-#define DOMAIN_PASSWORD_NO_ANON_CHANGE	0x00000002
-#define DOMAIN_PASSWORD_NO_CLEAR_CHANGE	0x00000004
-#define DOMAIN_LOCKOUT_ADMINS		0x00000008
-#define DOMAIN_PASSWORD_STORE_CLEARTEXT	0x00000010
-#define DOMAIN_REFUSE_PASSWORD_CHANGE	0x00000020
-
-/* SAMR_R_GET_DOM_PWINFO */
-typedef struct r_samr_get_dom_pwinfo
-{
-	uint16 min_pwd_length;
-	uint32 password_properties;
-	NTSTATUS status;
-
-} SAMR_R_GET_DOM_PWINFO;
-
-/* SAMR_ENC_PASSWD */
-typedef struct enc_passwd_info
-{
-	uint32 ptr;
-	uint8 pass[516];
-
-} SAMR_ENC_PASSWD;
-
-/* SAMR_ENC_HASH */
-typedef struct enc_hash_info
-{
-	uint32 ptr;
-	uint8 hash[16];
-
-} SAMR_ENC_HASH;
-
-/* SAMR_Q_CHGPASSWD_USER */
-typedef struct q_samr_chgpasswd_user_info
-{
-	uint32 ptr_0;
-
-	UNIHDR hdr_dest_host; /* server name unicode header */
-	UNISTR2 uni_dest_host; /* server name unicode string */
-
-	UNIHDR hdr_user_name;    /* username unicode string header */
-	UNISTR2 uni_user_name;    /* username unicode string */
-
-	SAMR_ENC_PASSWD nt_newpass;
-	SAMR_ENC_HASH nt_oldhash;
-
-	uint32 unknown; /* 0x0000 0001 */
-
-	SAMR_ENC_PASSWD lm_newpass;
-	SAMR_ENC_HASH lm_oldhash;
-
-} SAMR_Q_CHGPASSWD_USER;
-
-/* SAMR_R_CHGPASSWD_USER */
-typedef struct r_samr_chgpasswd_user_info
-{
-	NTSTATUS status; /* 0 == OK, C000006A (NT_STATUS_WRONG_PASSWORD) */
-
-} SAMR_R_CHGPASSWD_USER;
-
-/* SAMR_Q_CHGPASSWD3 */
-typedef struct q_samr_chgpasswd_user3
-{
-	uint32 ptr_0;
-
-	UNIHDR hdr_dest_host; /* server name unicode header */
-	UNISTR2 uni_dest_host; /* server name unicode string */
-
-	UNIHDR hdr_user_name;    /* username unicode string header */
-	UNISTR2 uni_user_name;    /* username unicode string */
-
-	SAMR_ENC_PASSWD nt_newpass;
-	SAMR_ENC_HASH nt_oldhash;
-
-	uint32 lm_change; /* 0x0000 0001 */
-
-	SAMR_ENC_PASSWD lm_newpass;
-	SAMR_ENC_HASH lm_oldhash;
-
-	SAMR_ENC_PASSWD password3;
-
-} SAMR_Q_CHGPASSWD_USER3;
-
-#define REJECT_REASON_OTHER		0x00000000
-#define REJECT_REASON_TOO_SHORT		0x00000001
-#define REJECT_REASON_IN_HISTORY	0x00000002
-#define REJECT_REASON_NOT_COMPLEX	0x00000005
-
-/* SAMR_CHANGE_REJECT */
-typedef struct samr_change_reject
-{
-	uint32 reject_reason;
-	uint32 unknown1;
-	uint32 unknown2;
-
-} SAMR_CHANGE_REJECT;
-
-/* SAMR_R_CHGPASSWD3 */
-typedef struct r_samr_chgpasswd_user3
-{
-	uint32 ptr_info;
-	uint32 ptr_reject;
-	SAM_UNK_INFO_1 *info;
-	SAMR_CHANGE_REJECT *reject;
-	NTSTATUS status; /* 0 == OK, C000006A (NT_STATUS_WRONG_PASSWORD) */
-
-} SAMR_R_CHGPASSWD_USER3;
-
-
-
-/* SAMR_Q_REMOVE_SID_FOREIGN_DOMAIN */
-typedef struct q_samr_remove_sid_foreign_domain_info
-{
-	POLICY_HND dom_pol;   /* policy handle */
-	DOM_SID2 sid;         /* SID */
-
-} SAMR_Q_REMOVE_SID_FOREIGN_DOMAIN;
-
-
-/* SAMR_R_REMOVE_SID_FOREIGN_DOMAIN */
-typedef struct r_samr_remove_sid_foreign_domain_info
-{
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_REMOVE_SID_FOREIGN_DOMAIN;
-
-
-
-/* these are from the old rpc_samr.h - they are needed while the merge
-   is still going on */
-#define MAX_SAM_SIDS 15
-
-/* DOM_SID3 - security id */
-typedef struct sid_info_3
-{
-        uint16 len; /* length, bytes, including length of len :-) */
-        /* uint8  pad[2]; */
-        
-        DOM_SID sid;
-
-} DOM_SID3;
-
-/* SAMR_Q_QUERY_DOMAIN_INFO2 */
-typedef struct q_samr_query_domain_info2
-{
-	POLICY_HND domain_pol;   /* policy handle */
-	uint16 switch_value;
-
-} SAMR_Q_QUERY_DOMAIN_INFO2;
-
-/* SAMR_R_QUERY_DOMAIN_INFO2 */
-typedef struct r_samr_query_domain_info2
-{
-	uint32 ptr_0;
-	uint16 switch_value;
-	SAM_UNK_CTR *ctr;
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_QUERY_DOMAIN_INFO2;
-
-/* SAMR_Q_SET_DOMAIN_INFO */
-typedef struct q_samr_set_domain_info
-{
-	POLICY_HND domain_pol;   /* policy handle */
-	uint16 switch_value0;
-	uint16 switch_value;
-	SAM_UNK_CTR *ctr;
-
-} SAMR_Q_SET_DOMAIN_INFO;
-
-/* SAMR_R_SET_DOMAIN_INFO */
-typedef struct r_samr_set_domain_info
-{
-	NTSTATUS status;         /* return status */
-
-} SAMR_R_SET_DOMAIN_INFO;
-
-#endif /* _RPC_SAMR_H */
diff --git a/source3/include/rpc_svcctl.h b/source3/include/rpc_svcctl.h
index 1e42aef20c..5a87e350ba 100644
--- a/source3/include/rpc_svcctl.h
+++ b/source3/include/rpc_svcctl.h
@@ -197,81 +197,6 @@ typedef struct _ServiceInfo {
 /**************************/
 
 typedef struct {
-	UNISTR2 *servername;
-	UNISTR2 *database; 
-	uint32 access;
-} SVCCTL_Q_OPEN_SCMANAGER;
-
-typedef struct {
-	POLICY_HND handle;
-	WERROR status;
-} SVCCTL_R_OPEN_SCMANAGER;
-
-/**************************/
-
-typedef struct {
-	POLICY_HND handle;
-	UNISTR2 servicename;
-	uint32  display_name_len;
-} SVCCTL_Q_GET_DISPLAY_NAME;
-
-typedef struct {
-	UNISTR2 displayname;
-	uint32 display_name_len;
-	WERROR status;
-} SVCCTL_R_GET_DISPLAY_NAME;
-
-/**************************/
-
-typedef struct {
-	POLICY_HND handle;
-	UNISTR2 servicename;
-	uint32 access;
-} SVCCTL_Q_OPEN_SERVICE;
-
-typedef struct {
-	POLICY_HND handle;
-	WERROR status;
-} SVCCTL_R_OPEN_SERVICE;
-
-/**************************/
-
-typedef struct {
-	POLICY_HND handle;
-	uint32 parmcount;
-	UNISTR4_ARRAY *parameters;
-} SVCCTL_Q_START_SERVICE;
-
-typedef struct {
-	WERROR status;
-} SVCCTL_R_START_SERVICE;
-
-/**************************/
-
-typedef struct {
-	POLICY_HND handle;
-	uint32 control;
-} SVCCTL_Q_CONTROL_SERVICE;
-
-typedef struct {
-	SERVICE_STATUS svc_status;
-	WERROR status;
-} SVCCTL_R_CONTROL_SERVICE;
-
-/**************************/
-
-typedef struct {
-	POLICY_HND handle;
-} SVCCTL_Q_QUERY_STATUS;
-
-typedef struct {
-	SERVICE_STATUS svc_status;
-	WERROR status;
-} SVCCTL_R_QUERY_STATUS;
-
-/**************************/
-
-typedef struct {
 	POLICY_HND handle;
 	uint32 type;
 	uint32 state;
@@ -346,57 +271,5 @@ typedef struct {
 	WERROR status;
 } SVCCTL_R_QUERY_SERVICE_STATUSEX;
 
-
-/**************************/
-
-typedef struct {
-	POLICY_HND handle;
-} SVCCTL_Q_LOCK_SERVICE_DB;
-
-typedef struct {
-	POLICY_HND h_lock;
-	WERROR status;
-} SVCCTL_R_LOCK_SERVICE_DB;
-
-
-/**************************/
-
-typedef struct {
-	POLICY_HND h_lock;
-} SVCCTL_Q_UNLOCK_SERVICE_DB;
-
-typedef struct {
-	WERROR status;
-} SVCCTL_R_UNLOCK_SERVICE_DB;
-
-
-/**************************/
-
-typedef struct {
-	POLICY_HND handle;
-	uint32 security_flags;
-	uint32 buffer_size;	
-} SVCCTL_Q_QUERY_SERVICE_SEC;
-
-typedef struct {
-	RPC_BUFFER buffer;
-	uint32 needed;
-	WERROR status;
-} SVCCTL_R_QUERY_SERVICE_SEC;
-
-/**************************/
-
-typedef struct {
-	POLICY_HND handle; 
-	uint32 security_flags;        
-	RPC_BUFFER buffer;
-	uint32 buffer_size;
-} SVCCTL_Q_SET_SERVICE_SEC;
-
-typedef struct {
-	WERROR status;
-} SVCCTL_R_SET_SERVICE_SEC;
-
-
 #endif /* _RPC_SVCCTL_H */
 
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 744acd719f..c582a97e5c 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -193,7 +193,7 @@ typedef uint32 codepoint_t;
 #define PIPE_NETLOGON_PLAIN "\\NETLOGON"
 
 #define PI_LSARPC		0
-#define PI_LSARPC_DS		1
+#define PI_DSSETUP		1
 #define PI_SAMR			2
 #define PI_NETLOGON		3
 #define PI_SRVSVC		4
@@ -211,30 +211,6 @@ typedef uint32 codepoint_t;
 /* 64 bit time (100usec) since ????? - cifs6.txt, section 3.5, page 30 */
 typedef uint64_t NTTIME;
 
-
-/* Allowable account control bits */
-#define ACB_DISABLED			0x00000001  /* 1 = User account disabled */
-#define ACB_HOMDIRREQ			0x00000002  /* 1 = Home directory required */
-#define ACB_PWNOTREQ			0x00000004  /* 1 = User password not required */
-#define ACB_TEMPDUP			0x00000008  /* 1 = Temporary duplicate account */
-#define ACB_NORMAL			0x00000010  /* 1 = Normal user account */
-#define ACB_MNS				0x00000020  /* 1 = MNS logon user account */
-#define ACB_DOMTRUST			0x00000040  /* 1 = Interdomain trust account */
-#define ACB_WSTRUST			0x00000080  /* 1 = Workstation trust account */
-#define ACB_SVRTRUST			0x00000100  /* 1 = Server trust account (BDC) */
-#define ACB_PWNOEXP			0x00000200  /* 1 = User password does not expire */
-#define ACB_AUTOLOCK			0x00000400  /* 1 = Account auto locked */
-
-/* only valid for > Windows 2000 */
-#define ACB_ENC_TXT_PWD_ALLOWED		0x00000800  /* 1 = Text password encryped */
-#define ACB_SMARTCARD_REQUIRED		0x00001000  /* 1 = Smart Card required */
-#define ACB_TRUSTED_FOR_DELEGATION	0x00002000  /* 1 = Trusted for Delegation */
-#define ACB_NOT_DELEGATED		0x00004000  /* 1 = Not delegated */
-#define ACB_USE_DES_KEY_ONLY		0x00008000  /* 1 = Use DES key only */
-#define ACB_DONT_REQUIRE_PREAUTH	0x00010000  /* 1 = Preauth not required */
-#define ACB_PWEXPIRED			0x00020000  /* 1 = Password is expired */
-#define ACB_NO_AUTH_DATA_REQD		0x00080000  /* 1 = No authorization data required */
-
 #define MAX_HOURS_LEN 32
 
 #ifndef MAXSUBAUTHS
@@ -283,9 +259,6 @@ typedef struct dom_sid {
 	uint32 sub_auths[MAXSUBAUTHS];  
 } DOM_SID;
 
-#define dom_sid2 dom_sid
-#define dom_sid28 dom_sid
-
 enum id_mapping {
 	ID_UNKNOWN = 0,
 	ID_MAPPED,
@@ -310,8 +283,17 @@ struct id_map {
 	enum id_mapping status;
 };
 
-#include "librpc/ndr/misc.h"
-#include "librpc/ndr/security.h"
+/* used to hold an arbitrary blob of data */
+typedef struct data_blob {
+	uint8 *data;
+	size_t length;
+	void (*free)(struct data_blob *data_blob);
+} DATA_BLOB;
+
+extern const DATA_BLOB data_blob_null;
+
+#include "librpc/gen_ndr/misc.h"
+#include "librpc/gen_ndr/security.h"
 #include "librpc/ndr/libndr.h"
 #include "librpc/gen_ndr/lsa.h"
 #include "librpc/gen_ndr/dfs.h"
@@ -322,8 +304,12 @@ struct id_map {
 #include "librpc/gen_ndr/wkssvc.h"
 #include "librpc/gen_ndr/echo.h"
 #include "librpc/gen_ndr/svcctl.h"
+#include "librpc/gen_ndr/netlogon.h"
+#include "librpc/gen_ndr/samr.h"
+#include "librpc/gen_ndr/dssetup.h"
 #include "librpc/gen_ndr/libnet_join.h"
-
+#include "librpc/gen_ndr/krb5pac.h"
+#include "librpc/gen_ndr/ntsvcs.h"
 
 struct lsa_dom_info {
 	bool valid;
@@ -527,20 +513,13 @@ typedef struct files_struct {
  	FAKE_FILE_HANDLE *fake_file_handle;
 
 	struct notify_change_buf *notify;
+
+	struct files_struct *base_fsp; /* placeholder for delete on close */
 } files_struct;
 
 #include "ntquotas.h"
 #include "sysquotas.h"
 
-/* used to hold an arbitrary blob of data */
-typedef struct data_blob {
-	uint8 *data;
-	size_t length;
-	void (*free)(struct data_blob *data_blob);
-} DATA_BLOB;
-
-extern const DATA_BLOB data_blob_null;
-
 /*
  * Structure used to keep directory state information around.
  * Used in NT change-notify code.
@@ -597,6 +576,16 @@ struct trans_state {
 	char *data;
 };
 
+/*
+ * Info about an alternate data stream
+ */
+
+struct stream_struct {
+	SMB_OFF_T size;
+	SMB_OFF_T alloc_size;
+	char *name;
+};
+
 /* Include VFS stuff */
 
 #include "smb_acls.h"
@@ -1382,6 +1371,9 @@ struct bitmap {
 #define NTCREATEX_OPTIONS_PRIVATE_DENY_DOS     0x01000000
 #define NTCREATEX_OPTIONS_PRIVATE_DENY_FCB     0x02000000
 
+/* Private options for streams support */
+#define NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE 0x04000000
+
 /* Responses when opening a file. */
 #define FILE_WAS_SUPERSEDED 0
 #define FILE_WAS_OPENED 1
@@ -1912,6 +1904,8 @@ struct ea_list {
 #define SAMBA_POSIX_INHERITANCE_EA_NAME "user.SAMBA_PAI"
 /* EA to use for DOS attributes */
 #define SAMBA_XATTR_DOS_ATTRIB "user.DOSATTRIB"
+/* Prefix for DosStreams in the vfs_streams_xattr module */
+#define SAMBA_XATTR_DOSSTREAM_PREFIX "user.DosStream."
 
 #define UUID_SIZE 16
 
@@ -1942,4 +1936,15 @@ enum usershare_err {
 /* Different reasons for closing a file. */
 enum file_close_type {NORMAL_CLOSE=0,SHUTDOWN_CLOSE,ERROR_CLOSE};
 
+/* Used in SMB_FS_OBJECTID_INFORMATION requests.  Must be exactly 48 bytes. */
+#define SAMBA_EXTENDED_INFO_MAGIC 0x536d4261 /* "SmBa" */
+#define SAMBA_EXTENDED_INFO_VERSION_STRING_LENGTH 28
+struct smb_extended_info {
+	uint32 samba_magic;		/* Always SAMBA_EXTRA_INFO_MAGIC */
+	uint32 samba_version;		/* Major/Minor/Release/Revision */
+	uint32 samba_subversion;	/* Prerelease/RC/Vendor patch */
+	NTTIME samba_gitcommitdate;
+	char   samba_version_string[SAMBA_EXTENDED_INFO_VERSION_STRING_LENGTH];
+};
+
 #endif /* _SMB_H */
diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h
index 463a2bdb0b..c98c4244de 100644
--- a/source3/include/smb_macros.h
+++ b/source3/include/smb_macros.h
@@ -305,10 +305,9 @@ NULL returns on zero request. JRA.
 #define talloc_destroy(ctx) talloc_free(ctx)
 #define TALLOC_FREE(ctx) do { if ((ctx) != NULL) {talloc_free(ctx); ctx=NULL;} } while(0)
 
-/* only define PARANOID_MALLOC_CHECKER with --enable-developer and not compiling
-   the smbmount utils */
+/* only define PARANOID_MALLOC_CHECKER with --enable-developer */
 
-#if defined(DEVELOPER) && !defined(SMBMOUNT_MALLOC)
+#if defined(DEVELOPER)
 #  define PARANOID_MALLOC_CHECKER 1
 #endif
 
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index 0be3886227..ca176aabb2 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -103,8 +103,8 @@
 /* Leave at 22 - not yet released. Remove parameter fd from write. - obnox */
 /* Leave at 22 - not yet released. Remove parameter fromfd from sendfile. - obnox */
 /* Leave at 22 - not yet released. Remove parameter fromfd from recvfile. - obnox */
-
-
+/* Leave at 22 - not yet released. Additional change: add operations for offline files -- ab */
+/* Leave at 22 - not yet released. Add the streaminfo call. -- jpeach, vl */
 
 #define SMB_VFS_INTERFACE_VERSION 22
 
@@ -149,6 +149,7 @@ typedef enum _vfs_op_type {
 	SMB_VFS_OP_SET_QUOTA,
 	SMB_VFS_OP_GET_SHADOW_COPY_DATA,
 	SMB_VFS_OP_STATVFS,
+	SMB_VFS_OP_FS_CAPABILITIES,
 
 	/* Directory operations */
 
@@ -199,6 +200,7 @@ typedef enum _vfs_op_type {
 	SMB_VFS_OP_NOTIFY_WATCH,
 	SMB_VFS_OP_CHFLAGS,
 	SMB_VFS_OP_FILE_ID_CREATE,
+	SMB_VFS_OP_STREAMINFO,
 
 	/* NT ACL operations. */
 
@@ -257,9 +259,14 @@ typedef enum _vfs_op_type {
 	SMB_VFS_OP_AIO_ERROR,
 	SMB_VFS_OP_AIO_FSYNC,
 	SMB_VFS_OP_AIO_SUSPEND,
+        SMB_VFS_OP_AIO_FORCE,
+
+	/* offline operations */
+	SMB_VFS_OP_IS_OFFLINE,
+	SMB_VFS_OP_SET_OFFLINE,
 
 	/* This should always be last enum value */
-	
+
 	SMB_VFS_OP_LAST
 } vfs_op_type;
 
@@ -269,7 +276,7 @@ typedef enum _vfs_op_type {
 struct vfs_ops {
 	struct vfs_fn_pointers {
 		/* Disk operations */
-		
+
 		int (*connect_fn)(struct vfs_handle_struct *handle, const char *service, const char *user);
 		void (*disconnect)(struct vfs_handle_struct *handle);
 		SMB_BIG_UINT (*disk_free)(struct vfs_handle_struct *handle, const char *path, bool small_query, SMB_BIG_UINT *bsize,
@@ -278,9 +285,10 @@ struct vfs_ops {
 		int (*set_quota)(struct vfs_handle_struct *handle, enum SMB_QUOTA_TYPE qtype, unid_t id, SMB_DISK_QUOTA *qt);
 		int (*get_shadow_copy_data)(struct vfs_handle_struct *handle, struct files_struct *fsp, SHADOW_COPY_DATA *shadow_copy_data, bool labels);
 		int (*statvfs)(struct vfs_handle_struct *handle, const char *path, struct vfs_statvfs_struct *statbuf);
-		
+		uint32_t (*fs_capabilities)(struct vfs_handle_struct *handle);
+
 		/* Directory operations */
-		
+
 		SMB_STRUCT_DIR *(*opendir)(struct vfs_handle_struct *handle, const char *fname, const char *mask, uint32 attributes);
 		SMB_STRUCT_DIRENT *(*readdir)(struct vfs_handle_struct *handle, SMB_STRUCT_DIR *dirp);
 		void (*seekdir)(struct vfs_handle_struct *handle, SMB_STRUCT_DIR *dirp, long offset);
@@ -289,9 +297,9 @@ struct vfs_ops {
 		int (*mkdir)(struct vfs_handle_struct *handle, const char *path, mode_t mode);
 		int (*rmdir)(struct vfs_handle_struct *handle, const char *path);
 		int (*closedir)(struct vfs_handle_struct *handle, SMB_STRUCT_DIR *dir);
-		
+
 		/* File operations */
-		
+
 		int (*open)(struct vfs_handle_struct *handle, const char *fname, files_struct *fsp, int flags, mode_t mode);
 		int (*close_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd);
 		ssize_t (*read)(struct vfs_handle_struct *handle, struct files_struct *fsp, void *data, size_t n);
@@ -335,8 +343,15 @@ struct vfs_ops {
 		int (*chflags)(struct vfs_handle_struct *handle, const char *path, unsigned int flags);
 		struct file_id (*file_id_create)(struct vfs_handle_struct *handle, SMB_DEV_T dev, SMB_INO_T inode);
 
+		NTSTATUS (*streaminfo)(struct vfs_handle_struct *handle,
+				       struct files_struct *fsp,
+				       const char *fname,
+				       TALLOC_CTX *mem_ctx,
+				       unsigned int *num_streams,
+				       struct stream_struct **streams);
+
 		/* NT ACL operations. */
-		
+
 		NTSTATUS (*fget_nt_acl)(struct vfs_handle_struct *handle,
 					struct files_struct *fsp,
 					uint32 security_info,
@@ -354,12 +369,12 @@ struct vfs_ops {
 				       const char *name,
 				       uint32 security_info_sent,
 				       struct security_descriptor *psd);
-		
+
 		/* POSIX ACL operations. */
-		
+
 		int (*chmod_acl)(struct vfs_handle_struct *handle, const char *name, mode_t mode);
 		int (*fchmod_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, mode_t mode);
-		
+
 		int (*sys_acl_get_entry)(struct vfs_handle_struct *handle, SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p);
 		int (*sys_acl_get_tag_type)(struct vfs_handle_struct *handle, SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p);
 		int (*sys_acl_get_permset)(struct vfs_handle_struct *handle, SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p);
@@ -405,7 +420,11 @@ struct vfs_ops {
 		int (*aio_error_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb);
 		int (*aio_fsync)(struct vfs_handle_struct *handle, struct files_struct *fsp, int op, SMB_STRUCT_AIOCB *aiocb);
 		int (*aio_suspend)(struct vfs_handle_struct *handle, struct files_struct *fsp, const SMB_STRUCT_AIOCB * const aiocb[], int n, const struct timespec *timeout);
+		bool (*aio_force)(struct vfs_handle_struct *handle, struct files_struct *fsp);
 
+		/* offline operations */
+		bool (*is_offline)(struct vfs_handle_struct *handle, const char *path, SMB_STRUCT_STAT *sbuf);
+		int (*set_offline)(struct vfs_handle_struct *handle, const char *path);
 	} ops;
 
 	struct vfs_handles_pointers {
@@ -418,6 +437,7 @@ struct vfs_ops {
 		struct vfs_handle_struct *set_quota;
 		struct vfs_handle_struct *get_shadow_copy_data;
 		struct vfs_handle_struct *statvfs;
+		struct vfs_handle_struct *fs_capabilities;
 
 		/* Directory operations */
 
@@ -468,6 +488,7 @@ struct vfs_ops {
 		struct vfs_handle_struct *notify_watch;
 		struct vfs_handle_struct *chflags;
 		struct vfs_handle_struct *file_id_create;
+		struct vfs_handle_struct *streaminfo;
 
 		/* NT ACL operations. */
 
@@ -526,27 +547,32 @@ struct vfs_ops {
 		struct vfs_handle_struct *aio_error;
 		struct vfs_handle_struct *aio_fsync;
 		struct vfs_handle_struct *aio_suspend;
+		struct vfs_handle_struct *aio_force;
+
+		/* offline operations */
+		struct vfs_handle_struct *is_offline;
+		struct vfs_handle_struct *set_offline;
 	} handles;
 };
 
 /*
     Possible VFS operation layers (per-operation)
-    
+
     These values are used by VFS subsystem when building vfs_ops for connection
     from multiple VFS modules. Internally, Samba differentiates only opaque and
     transparent layers at this process. Other types are used for providing better
     diagnosing facilities.
-    
+
     Most modules will provide transparent layers. Opaque layer is for modules
     which implement actual file system calls (like DB-based VFS). For example,
     default POSIX VFS which is built in into Samba is an opaque VFS module.
-    
+
     Other layer types (audit, splitter, scanner) were designed to provide different 
     degree of transparency and for diagnosing VFS module behaviour.
-    
+
     Each module can implement several layers at the same time provided that only
     one layer is used per each operation.
-    
+
 */
 
 typedef enum _vfs_op_layer {
@@ -565,7 +591,7 @@ typedef enum _vfs_op_layer {
 
 /*
     VFS operation description. Each VFS module registers an array of vfs_op_tuple to VFS subsystem,
-    which describes all operations this module is willing to intercept. 
+    which describes all operations this module is willing to intercept.
     VFS subsystem initializes then the conn->vfs_ops and conn->vfs_opaque_ops structs
     using this information.
 */
@@ -590,12 +616,12 @@ typedef struct vfs_handle_struct {
 typedef struct vfs_statvfs_struct {
 	/* For undefined recommended transfer size return -1 in that field */
 	uint32 OptimalTransferSize;  /* bsize on some os, iosize on other os */
-	uint32 BlockSize; 
+	uint32 BlockSize;
 
 	/*
 	 The next three fields are in terms of the block size.
 	 (above). If block size is unknown, 4096 would be a
-	 reasonable block size for a server to report. 
+	 reasonable block size for a server to report.
 	 Note that returning the blocks/blocksavail removes need
 	 to make a second call (to QFSInfo level 0x103 to get this info.
 	 UserBlockAvail is typically less than or equal to BlocksAvail,
diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h
index 9232e94a42..1e64bd5ac3 100644
--- a/source3/include/vfs_macros.h
+++ b/source3/include/vfs_macros.h
@@ -1,18 +1,18 @@
-/* 
+/*
    Unix SMB/CIFS implementation.
    VFS wrapper macros
    Copyright (C) Stefan (metze) Metzmacher	2003
-   
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -26,7 +26,7 @@
  (Fixes should go also into the vfs_opaque_* and vfs_next_* macros!)
 ********************************************************************/
 
-/* Disk operations */    
+/* Disk operations */
 #define SMB_VFS_CONNECT(conn, service, user) ((conn)->vfs.ops.connect_fn((conn)->vfs.handles.connect_hnd, (service), (user)))
 #define SMB_VFS_DISCONNECT(conn) ((conn)->vfs.ops.disconnect((conn)->vfs.handles.disconnect))
 #define SMB_VFS_DISK_FREE(conn, path, small_query, bsize, dfree ,dsize) ((conn)->vfs.ops.disk_free((conn)->vfs.handles.disk_free, (path), (small_query), (bsize), (dfree), (dsize)))
@@ -34,6 +34,7 @@
 #define SMB_VFS_SET_QUOTA(conn, qtype, id, qt) ((conn)->vfs.ops.set_quota((conn)->vfs.handles.set_quota, (qtype), (id), (qt)))
 #define SMB_VFS_GET_SHADOW_COPY_DATA(fsp,shadow_copy_data,labels) ((fsp)->conn->vfs.ops.get_shadow_copy_data((fsp)->conn->vfs.handles.get_shadow_copy_data,(fsp),(shadow_copy_data),(labels)))
 #define SMB_VFS_STATVFS(conn, path, statbuf) ((conn)->vfs.ops.statvfs((conn)->vfs.handles.statvfs, (path), (statbuf)))
+#define SMB_VFS_FS_CAPABILITIES(conn) ((conn)->vfs.ops.fs_capabilities((conn)->vfs.handles.fs_capabilities))
 
 /* Directory operations */
 #define SMB_VFS_OPENDIR(conn, fname, mask, attr) ((conn)->vfs.ops.opendir((conn)->vfs.handles.opendir, (fname), (mask), (attr)))
@@ -44,7 +45,7 @@
 #define SMB_VFS_MKDIR(conn, path, mode) ((conn)->vfs.ops.mkdir((conn)->vfs.handles.mkdir,(path), (mode)))
 #define SMB_VFS_RMDIR(conn, path) ((conn)->vfs.ops.rmdir((conn)->vfs.handles.rmdir, (path)))
 #define SMB_VFS_CLOSEDIR(conn, dir) ((conn)->vfs.ops.closedir((conn)->vfs.handles.closedir, dir))
-    
+
 /* File operations */
 #define SMB_VFS_OPEN(conn, fname, fsp, flags, mode) (((conn)->vfs.ops.open)((conn)->vfs.handles.open, (fname), (fsp), (flags), (mode)))
 #define SMB_VFS_CLOSE(fsp, fd) ((fsp)->conn->vfs.ops.close_fn((fsp)->conn->vfs.handles.close_hnd, (fsp), (fd)))
@@ -82,6 +83,7 @@
 #define SMB_VFS_NOTIFY_WATCH(conn, ctx, e, callback, private_data, handle_p) ((conn)->vfs.ops.notify_watch((conn)->vfs.handles.notify_watch, (ctx), (e), (callback), (private_data), (handle_p)))
 #define SMB_VFS_CHFLAGS(conn, path, flags) ((conn)->vfs.ops.chflags((conn)->vfs.handles.chflags, (path), (flags)))
 #define SMB_VFS_FILE_ID_CREATE(conn, dev, inode) ((conn)->vfs.ops.file_id_create((conn)->vfs.handles.file_id_create, (dev), (inode)))
+#define SMB_VFS_STREAMINFO(conn, fsp, fname, mem_ctx, num_streams, streams) ((conn)->vfs.ops.streaminfo((conn)->vfs.handles.streaminfo, (fsp), (fname), (mem_ctx), (num_streams), (streams)))
 
 /* NT ACL operations. */
 #define SMB_VFS_FGET_NT_ACL(fsp, security_info, ppdesc) ((fsp)->conn->vfs.ops.fget_nt_acl((fsp)->conn->vfs.handles.fget_nt_acl, (fsp), (security_info), (ppdesc)))
@@ -138,6 +140,11 @@
 #define SMB_VFS_AIO_ERROR(fsp,aiocb) ((fsp)->conn->vfs.ops.aio_error_fn((fsp)->conn->vfs.handles.aio_error,(fsp),(aiocb)))
 #define SMB_VFS_AIO_FSYNC(fsp,op,aiocb) ((fsp)->conn->vfs.ops.aio_fsync((fsp)->conn->vfs.handles.aio_fsync,(fsp),(op),(aiocb)))
 #define SMB_VFS_AIO_SUSPEND(fsp,aiocb,n,ts) ((fsp)->conn->vfs.ops.aio_suspend((fsp)->conn->vfs.handles.aio_suspend,(fsp),(aiocb),(n),(ts)))
+#define SMB_VFS_AIO_FORCE(fsp) ((fsp)->conn->vfs.ops.aio_force((fsp)->conn->vfs.handles.aio_force,(fsp)))
+
+/* Offline operations */
+#define SMB_VFS_IS_OFFLINE(conn,path,sbuf) ((conn)->vfs.ops.is_offline((conn)->vfs.handles.is_offline,(path),(sbuf)))
+#define SMB_VFS_SET_OFFLINE(conn,path) ((conn)->vfs.ops.set_offline((conn)->vfs.handles.set_offline,(path)))
 
 /*******************************************************************
  Don't access conn->vfs_opaque.ops directly!!!
@@ -145,7 +152,7 @@
  (Fixes should also go into the vfs_* and vfs_next_* macros!)
 ********************************************************************/
 
-/* Disk operations */    
+/* Disk operations */
 #define SMB_VFS_OPAQUE_CONNECT(conn, service, user) ((conn)->vfs_opaque.ops.connect_fn((conn)->vfs_opaque.handles.connect_hnd, (service), (user)))
 #define SMB_VFS_OPAQUE_DISCONNECT(conn) ((conn)->vfs_opaque.ops.disconnect((conn)->vfs_opaque.handles.disconnect))
 #define SMB_VFS_OPAQUE_DISK_FREE(conn, path, small_query, bsize, dfree ,dsize) ((conn)->vfs_opaque.ops.disk_free((conn)->vfs_opaque.handles.disk_free, (path), (small_query), (bsize), (dfree), (dsize)))
@@ -153,6 +160,7 @@
 #define SMB_VFS_OPAQUE_SET_QUOTA(conn, qtype, id, qt) ((conn)->vfs_opaque.ops.set_quota((conn)->vfs_opaque.handles.set_quota, (qtype), (id), (qt)))
 #define SMB_VFS_OPAQUE_GET_SHADOW_COPY_DATA(fsp,shadow_copy_data,labels) ((fsp)->conn->vfs_opaque.ops.get_shadow_copy_data((fsp)->conn->vfs_opaque.handles.get_shadow_copy_data,(fsp),(shadow_copy_data),(labels)))
 #define SMB_VFS_OPAQUE_STATVFS(conn, path, statbuf) ((conn)->vfs_opaque.ops.statvfs((conn)->vfs_opaque.handles.statvfs, (path), (statbuf)))
+#define SMB_VFS_OPAQUE_FS_CAPABILITIES(conn) ((conn)->vfs_opaque.ops.fs_capabilities((conn)->vfs_opaque.handles.fs_capabilities))
 
 /* Directory operations */
 #define SMB_VFS_OPAQUE_OPENDIR(conn, fname, mask, attr) ((conn)->vfs_opaque.ops.opendir((conn)->vfs_opaque.handles.opendir, (fname), (mask), (attr)))
@@ -163,7 +171,7 @@
 #define SMB_VFS_OPAQUE_MKDIR(conn, path, mode) ((conn)->vfs_opaque.ops.mkdir((conn)->vfs_opaque.handles.mkdir,(path), (mode)))
 #define SMB_VFS_OPAQUE_RMDIR(conn, path) ((conn)->vfs_opaque.ops.rmdir((conn)->vfs_opaque.handles.rmdir, (path)))
 #define SMB_VFS_OPAQUE_CLOSEDIR(conn, dir) ((conn)->vfs_opaque.ops.closedir((conn)->vfs_opaque.handles.closedir, dir))
-    
+
 /* File operations */
 #define SMB_VFS_OPAQUE_OPEN(conn, fname, fsp, flags, mode) (((conn)->vfs_opaque.ops.open)((conn)->vfs_opaque.handles.open, (fname), (fsp), (flags), (mode)))
 #define SMB_VFS_OPAQUE_CLOSE(fsp, fd) ((fsp)->conn->vfs_opaque.ops.close_fn((fsp)->conn->vfs_opaque.handles.close_hnd, (fsp), (fd)))
@@ -201,6 +209,7 @@
 #define SMB_VFS_OPAQUE_NOTIFY_WATCH(conn, ctx, e, callback, private_data, handle_p) ((conn)->vfs_opaque.ops.notify_watch((conn)->vfs_opaque.handles.notify_watch, (ctx), (e), (callback), (private_data), (handle_p)))
 #define SMB_VFS_OPAQUE_CHFLAGS(conn, path, flags) ((conn)->vfs_opaque.ops.chflags((conn)->vfs_opaque.handles.chflags, (path), (flags)))
 #define SMB_VFS_OPAQUE_FILE_ID_CREATE(conn, dev, inode) ((conn)->vfs.ops_opaque.file_id_create((conn)->vfs_opaque.handles.file_id_create, (dev), (inode)))
+#define SMB_VFS_OPAQUE_STREAMINFO(conn, fsp, fname, mem_ctx, num_streams, streams) ((conn)->vfs_opaque.ops.streaminfo((conn)->vfs_opaque.handles.streaminfo, (fsp), (fname), (mem_ctx), (num_streams), (streams)))
 
 /* NT ACL operations. */
 #define SMB_VFS_OPAQUE_FGET_NT_ACL(fsp, security_info, ppdesc) ((fsp)->conn->vfs_opaque.ops.fget_nt_acl((fsp)->conn->vfs_opaque.handles.fget_nt_acl, (fsp), (security_info), (ppdesc)))
@@ -257,6 +266,11 @@
 #define SMB_VFS_OPAQUE_AIO_ERROR(fsp,aiocb) ((fsp)->conn->vfs_opaque.ops.aio_error_fn((fsp)->conn->vfs_opaque.handles.aio_error,(fsp),(aiocb)))
 #define SMB_VFS_OPAQUE_AIO_FSYNC(fsp,op,aiocb) ((fsp)->conn->vfs_opaque.ops.aio_fsync((fsp)->conn->vfs_opaque.handles.aio_fsync,(fsp),(op),(aiocb)))
 #define SMB_VFS_OPAQUE_AIO_SUSPEND(fsp,aiocb,n,ts) ((fsp)->conn->vfs_opaque.ops.aio_suspend((fsp)->conn->vfs_opaque.handles.aio_suspend,(fsp),(aiocb),(n),(ts)))
+#define SMB_VFS_OPAQUE_AIO_FORCE(fsp) ((fsp)->conn->vfs_opaque.ops.aio_force((fsp)->conn->vfs_opaque.handles.aio_force,(fsp)))
+
+/* Offline operations */
+#define SMB_VFS_OPAQUE_IS_OFFLINE(conn,path,sbuf) ((conn)->vfs_opaque.ops.is_offline((conn)->vfs_opaque.handles.is_offline,(path),(sbuf)))
+#define SMB_VFS_OPAQUE_SET_OFFLINE(conn,path) ((conn)->vfs_opaque.ops.set_offline((conn)->vfs_opaque.handles.set_offline,(path)))
 
 /*******************************************************************
  Don't access handle->vfs_next.ops.* directly!!!
@@ -264,7 +278,7 @@
  (Fixes should go also into the vfs_* and vfs_opaque_* macros!)
 ********************************************************************/
 
-/* Disk operations */    
+/* Disk operations */
 #define SMB_VFS_NEXT_CONNECT(handle, service, user) ((handle)->vfs_next.ops.connect_fn((handle)->vfs_next.handles.connect_hnd, (service), (user)))
 #define SMB_VFS_NEXT_DISCONNECT(handle) ((handle)->vfs_next.ops.disconnect((handle)->vfs_next.handles.disconnect))
 #define SMB_VFS_NEXT_DISK_FREE(handle, path, small_query, bsize, dfree ,dsize) ((handle)->vfs_next.ops.disk_free((handle)->vfs_next.handles.disk_free, (path), (small_query), (bsize), (dfree), (dsize)))
@@ -272,6 +286,7 @@
 #define SMB_VFS_NEXT_SET_QUOTA(handle, qtype, id, qt) ((handle)->vfs_next.ops.set_quota((handle)->vfs_next.handles.set_quota, (qtype), (id), (qt)))
 #define SMB_VFS_NEXT_GET_SHADOW_COPY_DATA(handle, fsp, shadow_copy_data ,labels) ((handle)->vfs_next.ops.get_shadow_copy_data((handle)->vfs_next.handles.get_shadow_copy_data,(fsp),(shadow_copy_data),(labels)))
 #define SMB_VFS_NEXT_STATVFS(handle, path, statbuf) ((handle)->vfs_next.ops.statvfs((handle)->vfs_next.handles.statvfs, (path), (statbuf)))
+#define SMB_VFS_NEXT_FS_CAPABILITIES(handle) ((handle)->vfs_next.ops.fs_capabilities((handle)->vfs_next.handles.fs_capabilities))
 
 /* Directory operations */
 #define SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr) ((handle)->vfs_next.ops.opendir((handle)->vfs_next.handles.opendir, (fname), (mask), (attr)))
@@ -283,7 +298,7 @@
 #define SMB_VFS_NEXT_MKDIR(handle, path, mode) ((handle)->vfs_next.ops.mkdir((handle)->vfs_next.handles.mkdir,(path), (mode)))
 #define SMB_VFS_NEXT_RMDIR(handle, path) ((handle)->vfs_next.ops.rmdir((handle)->vfs_next.handles.rmdir, (path)))
 #define SMB_VFS_NEXT_CLOSEDIR(handle, dir) ((handle)->vfs_next.ops.closedir((handle)->vfs_next.handles.closedir, dir))
-    
+
 /* File operations */
 #define SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode) (((handle)->vfs_next.ops.open)((handle)->vfs_next.handles.open, (fname), (fsp), (flags), (mode)))
 #define SMB_VFS_NEXT_CLOSE(handle, fsp, fd) ((handle)->vfs_next.ops.close_fn((handle)->vfs_next.handles.close_hnd, (fsp), (fd)))
@@ -321,6 +336,7 @@
 #define SMB_VFS_NEXT_NOTIFY_WATCH(conn, ctx, e, callback, private_data, handle_p) ((conn)->vfs_next.ops.notify_watch((conn)->vfs_next.handles.notify_watch, (ctx), (e), (callback), (private_data), (handle_p)))
 #define SMB_VFS_NEXT_CHFLAGS(handle, path, flags) ((handle)->vfs_next.ops.chflags((handle)->vfs_next.handles.chflags, (path), (flags)))
 #define SMB_VFS_NEXT_FILE_ID_CREATE(handle, dev, inode) ((handle)->vfs_next.ops.file_id_create((handle)->vfs_next.handles.file_id_create, (dev), (inode)))
+#define SMB_VFS_NEXT_STREAMINFO(handle, fsp, fname, mem_ctx, num_streams, streams) ((handle)->vfs.ops.streaminfo((handle)->vfs.handles.streaminfo, (fsp), (fname), (mem_ctx), (num_streams), (streams)))
 
 /* NT ACL operations. */
 #define SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc) ((handle)->vfs_next.ops.fget_nt_acl((handle)->vfs_next.handles.fget_nt_acl, (fsp), (security_info), (ppdesc)))
@@ -377,5 +393,10 @@
 #define SMB_VFS_NEXT_AIO_ERROR(handle,fsp,aiocb) ((handle)->vfs_next.ops.aio_error_fn((handle)->vfs_next.handles.aio_error,(fsp),(aiocb)))
 #define SMB_VFS_NEXT_AIO_FSYNC(handle,fsp,op,aiocb) ((handle)->vfs_next.ops.aio_fsync((handle)->vfs_next.handles.aio_fsync,(fsp),(op),(aiocb)))
 #define SMB_VFS_NEXT_AIO_SUSPEND(handle,fsp,aiocb,n,ts) ((handle)->vfs_next.ops.aio_suspend((handle)->vfs_next.handles.aio_suspend,(fsp),(aiocb),(n),(ts)))
+#define SMB_VFS_NEXT_AIO_FORCE(handle,fsp) ((handle)->vfs_next.ops.aio_force((handle)->vfs_next.handles.aio_force,(fsp)))
+
+/* Offline operations */
+#define SMB_VFS_NEXT_IS_OFFLINE(handle,path,sbuf) ((handle)->vfs_next.ops.is_offline((handle)->vfs_next.handles.is_offline,(path),(sbuf)))
+#define SMB_VFS_NEXT_SET_OFFLINE(handle,path) ((handle)->vfs_next.ops.set_offline((handle)->vfs_next.handles.set_offline,(path)))
 
 #endif /* _VFS_MACROS_H */
diff --git a/source3/intl/lang_tdb.c b/source3/intl/lang_tdb.c
index bb780c5fed..6ad9ef8496 100644
--- a/source3/intl/lang_tdb.c
+++ b/source3/intl/lang_tdb.c
@@ -127,7 +127,11 @@ bool lang_tdb_init(const char *lang)
 	if (!lang) 
 		return True;
 
-	asprintf(&msg_path, "%s.msg", data_path((const char *)lang));
+	if (asprintf(&msg_path, "%s.msg",
+		     data_path((const char *)lang)) == -1) {
+		DEBUG(0, ("asprintf failed\n"));
+		goto done;
+	}
 	if (stat(msg_path, &st) != 0) {
 		/* the msg file isn't available */
 		DEBUG(10, ("lang_tdb_init: %s: %s\n", msg_path, 
@@ -135,7 +139,10 @@ bool lang_tdb_init(const char *lang)
 		goto done;
 	}
 	
-	asprintf(&path, "%s%s.tdb", lock_path("lang_"), lang);
+	if (asprintf(&path, "%s%s.tdb", lock_path("lang_"), lang) == -1) {
+		DEBUG(0, ("asprintf failed\n"));
+		goto done;
+	}
 
 	DEBUG(10, ("lang_tdb_init: loading %s\n", path));
 
diff --git a/source3/lib/afs.c b/source3/lib/afs.c
index a7d6f6c9f7..9f5d81f442 100644
--- a/source3/lib/afs.c
+++ b/source3/lib/afs.c
@@ -42,20 +42,23 @@ static char *afs_encode_token(const char *cell, const DATA_BLOB ticket,
 			      const struct ClearToken *ct)
 {
 	char *base64_ticket;
-	char *result;
+	char *result = NULL;
 
 	DATA_BLOB key = data_blob(ct->HandShakeKey, 8);
 	char *base64_key;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_stackframe();
+	if (mem_ctx == NULL)
+		goto done;
 
-	base64_ticket = base64_encode_data_blob(ticket);
+	base64_ticket = base64_encode_data_blob(mem_ctx, ticket);
 	if (base64_ticket == NULL)
-		return NULL;
+		goto done;
 
-	base64_key = base64_encode_data_blob(key);
-	if (base64_key == NULL) {
-		TALLOC_FREE(base64_ticket);
-		return NULL;
-	}
+	base64_key = base64_encode_data_blob(mem_ctx, key);
+	if (base64_key == NULL)
+		goto done;
 
 	asprintf(&result, "%s\n%u\n%s\n%u\n%u\n%u\n%s\n", cell,
 		 ct->AuthHandle, base64_key, ct->ViceId, ct->BeginTimestamp,
@@ -63,8 +66,8 @@ static char *afs_encode_token(const char *cell, const DATA_BLOB ticket,
 
 	DEBUG(10, ("Got ticket string:\n%s\n", result));
 
-	TALLOC_FREE(base64_ticket);
-	TALLOC_FREE(base64_key);
+done:
+	TALLOC_FREE(mem_ctx);
 
 	return result;
 }
diff --git a/source3/lib/afs_settoken.c b/source3/lib/afs_settoken.c
index aeef1c3520..444f09efca 100644
--- a/source3/lib/afs_settoken.c
+++ b/source3/lib/afs_settoken.c
@@ -53,20 +53,21 @@ static bool afs_decode_token(const char *string, char **cell,
 {
 	DATA_BLOB blob;
 	struct ClearToken result_ct;
+	char *saveptr;
 
 	char *s = SMB_STRDUP(string);
 
 	char *t;
 
-	if ((t = strtok(s, "\n")) == NULL) {
-		DEBUG(10, ("strtok failed\n"));
+	if ((t = strtok_r(s, "\n", &saveptr)) == NULL) {
+		DEBUG(10, ("strtok_r failed\n"));
 		return False;
 	}
 
 	*cell = SMB_STRDUP(t);
 
-	if ((t = strtok(NULL, "\n")) == NULL) {
-		DEBUG(10, ("strtok failed\n"));
+	if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) {
+		DEBUG(10, ("strtok_r failed\n"));
 		return False;
 	}
 
@@ -75,8 +76,8 @@ static bool afs_decode_token(const char *string, char **cell,
 		return False;
 	}
 		
-	if ((t = strtok(NULL, "\n")) == NULL) {
-		DEBUG(10, ("strtok failed\n"));
+	if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) {
+		DEBUG(10, ("strtok_r failed\n"));
 		return False;
 	}
 
@@ -93,8 +94,8 @@ static bool afs_decode_token(const char *string, char **cell,
 
 	data_blob_free(&blob);
 
-	if ((t = strtok(NULL, "\n")) == NULL) {
-		DEBUG(10, ("strtok failed\n"));
+	if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) {
+		DEBUG(10, ("strtok_r failed\n"));
 		return False;
 	}
 
@@ -103,8 +104,8 @@ static bool afs_decode_token(const char *string, char **cell,
 		return False;
 	}
 		
-	if ((t = strtok(NULL, "\n")) == NULL) {
-		DEBUG(10, ("strtok failed\n"));
+	if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) {
+		DEBUG(10, ("strtok_r failed\n"));
 		return False;
 	}
 
@@ -113,8 +114,8 @@ static bool afs_decode_token(const char *string, char **cell,
 		return False;
 	}
 		
-	if ((t = strtok(NULL, "\n")) == NULL) {
-		DEBUG(10, ("strtok failed\n"));
+	if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) {
+		DEBUG(10, ("strtok_r failed\n"));
 		return False;
 	}
 
@@ -123,8 +124,8 @@ static bool afs_decode_token(const char *string, char **cell,
 		return False;
 	}
 		
-	if ((t = strtok(NULL, "\n")) == NULL) {
-		DEBUG(10, ("strtok failed\n"));
+	if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) {
+		DEBUG(10, ("strtok_r failed\n"));
 		return False;
 	}
 
diff --git a/source3/lib/async_req.c b/source3/lib/async_req.c
new file mode 100644
index 0000000000..01154ca436
--- /dev/null
+++ b/source3/lib/async_req.c
@@ -0,0 +1,68 @@
+/*
+   Unix SMB/CIFS implementation.
+   Infrastructure for async requests
+   Copyright (C) Volker Lendecke 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+char *async_req_print(TALLOC_CTX *mem_ctx, struct async_req *req)
+{
+	return talloc_asprintf(mem_ctx, "async_req: state=%d, status=%s, "
+			       "priv=%s", req->state, nt_errstr(req->status),
+			       talloc_get_name(req->private_data));
+}
+
+struct async_req *async_req_new(TALLOC_CTX *mem_ctx, struct event_context *ev)
+{
+	struct async_req *result;
+
+	result = TALLOC_ZERO_P(mem_ctx, struct async_req);
+	if (result == NULL) {
+		return NULL;
+	}
+	result->state = ASYNC_REQ_IN_PROGRESS;
+	result->event_ctx = ev;
+	result->print = async_req_print;
+	return result;
+}
+
+void async_req_done(struct async_req *req)
+{
+	req->status = NT_STATUS_OK;
+	req->state = ASYNC_REQ_DONE;
+	if (req->async.fn != NULL) {
+		req->async.fn(req);
+	}
+}
+
+void async_req_error(struct async_req *req, NTSTATUS status)
+{
+	req->status = status;
+	req->state = ASYNC_REQ_ERROR;
+	if (req->async.fn != NULL) {
+		req->async.fn(req);
+	}
+}
+
+bool async_req_nomem(const void *p, struct async_req *req)
+{
+	if (p != NULL) {
+		return false;
+	}
+	async_req_error(req, NT_STATUS_NO_MEMORY);
+	return true;
+}
diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c
index eeff805459..d11620ecd7 100644
--- a/source3/lib/charcnv.c
+++ b/source3/lib/charcnv.c
@@ -524,7 +524,7 @@ size_t convert_string(charset_t from, charset_t to,
 size_t convert_string_allocate(TALLOC_CTX *ctx, charset_t from, charset_t to,
 			       void const *src, size_t srclen, void *dst, bool allow_bad_conv)
 {
-	size_t i_len, o_len, destlen = MAX(srclen, 512);
+	size_t i_len, o_len, destlen = (srclen * 3) / 2;
 	size_t retval;
 	const char *inbuf = (const char *)src;
 	char *outbuf = NULL, *ob = NULL;
@@ -550,7 +550,8 @@ size_t convert_string_allocate(TALLOC_CTX *ctx, charset_t from, charset_t to,
 
   convert:
 
-	if ((destlen*2) < destlen) {
+	/* +2 is for ucs2 null termination. */
+	if ((destlen*2)+2 < destlen) {
 		/* wrapped ! abort. */
 		if (!conv_silent)
 			DEBUG(0, ("convert_string_allocate: destlen wrapped !\n"));
@@ -561,10 +562,11 @@ size_t convert_string_allocate(TALLOC_CTX *ctx, charset_t from, charset_t to,
 		destlen = destlen * 2;
 	}
 
+	/* +2 is for ucs2 null termination. */
 	if (ctx) {
-		ob = (char *)TALLOC_REALLOC(ctx, ob, destlen);
+		ob = (char *)TALLOC_REALLOC(ctx, ob, destlen + 2);
 	} else {
-		ob = (char *)SMB_REALLOC(ob, destlen);
+		ob = (char *)SMB_REALLOC(ob, destlen + 2);
 	}
 
 	if (!ob) {
@@ -619,10 +621,11 @@ size_t convert_string_allocate(TALLOC_CTX *ctx, charset_t from, charset_t to,
 	 * reallocs *cost*. JRA.
 	 */
 	if (o_len > 1024) {
+		/* We're shrinking here so we know the +2 is safe from wrap. */
 		if (ctx) {
-			ob = (char *)TALLOC_REALLOC(ctx,ob,destlen);
+			ob = (char *)TALLOC_REALLOC(ctx,ob,destlen + 2);
 		} else {
-			ob = (char *)SMB_REALLOC(ob,destlen);
+			ob = (char *)SMB_REALLOC(ob,destlen + 2);
 		}
 	}
 
@@ -632,6 +635,11 @@ size_t convert_string_allocate(TALLOC_CTX *ctx, charset_t from, charset_t to,
 	}
 
 	*dest = ob;
+
+	/* Must ucs2 null terminate in the extra space we allocated. */
+	ob[destlen] = '\0';
+	ob[destlen+1] = '\0';
+
 	return destlen;
 
  use_as_is:
diff --git a/source3/lib/conn_tdb.c b/source3/lib/conn_tdb.c
index dd0a354a85..22d85c873d 100644
--- a/source3/lib/conn_tdb.c
+++ b/source3/lib/conn_tdb.c
@@ -34,7 +34,7 @@ static struct db_context *connections_db_ctx(bool rw)
 	}
 	else {
 		db_ctx = db_open(NULL, lock_path("connections.tdb"), 0,
-				 TDB_DEFAULT, O_RDONLY, 0);
+				 TDB_CLEAR_IF_FIRST|TDB_DEFAULT, O_RDONLY, 0);
 	}
 
 	return db_ctx;
diff --git a/source3/lib/ctdbd_conn.c b/source3/lib/ctdbd_conn.c
index 899bbcfcce..18e9879601 100644
--- a/source3/lib/ctdbd_conn.c
+++ b/source3/lib/ctdbd_conn.c
@@ -1203,6 +1203,42 @@ NTSTATUS ctdbd_register_reconfigure(struct ctdbd_connection *conn)
 	return register_with_ctdbd(conn, CTDB_SRVID_RECONFIGURE);
 }
 
+/*
+  persstent store. Used when we update a record in a persistent database
+ */
+NTSTATUS ctdbd_persistent_store(struct ctdbd_connection *conn, uint32_t db_id, TDB_DATA key, TDB_DATA data)
+{
+       int cstatus=0;
+       struct ctdb_rec_data *rec;
+       TDB_DATA recdata;
+       size_t length;
+       NTSTATUS status;
+
+       length = offsetof(struct ctdb_rec_data, data) + key.dsize + data.dsize;
+
+       rec = (struct ctdb_rec_data *)talloc_size(conn, length);
+       NT_STATUS_HAVE_NO_MEMORY(rec);
+
+       rec->length = length;
+       rec->reqid  = db_id;
+       rec->keylen = key.dsize;
+       rec->datalen= data.dsize;
+       memcpy(&rec->data[0], key.dptr, key.dsize);
+       memcpy(&rec->data[key.dsize], data.dptr, data.dsize);
+
+       recdata.dptr  = (uint8_t *)rec;
+       recdata.dsize = length;
+
+       status = ctdbd_control(conn, CTDB_CURRENT_NODE, 
+                              CTDB_CONTROL_PERSISTENT_STORE, 
+                              0, recdata, NULL, NULL, &cstatus);
+       if (cstatus != 0) {
+               return NT_STATUS_INTERNAL_DB_CORRUPTION;
+       }
+       return status;
+}
+
+
 #else
 
 NTSTATUS ctdbd_init_connection(TALLOC_CTX *mem_ctx,
diff --git a/source3/lib/data_blob.c b/source3/lib/data_blob.c
index 8bbbc32d7b..daba17df14 100644
--- a/source3/lib/data_blob.c
+++ b/source3/lib/data_blob.c
@@ -144,3 +144,15 @@ DATA_BLOB data_blob_const(const void *p, size_t length)
 	blob.free = NULL;
 	return blob;
 }
+
+/**
+ construct a zero data blob, using supplied TALLOC_CTX.
+ use this sparingly as it initialises data - better to initialise
+ yourself if you want specific data in the blob
+**/
+DATA_BLOB data_blob_talloc_zero(TALLOC_CTX *mem_ctx, size_t length)
+{
+	DATA_BLOB blob = data_blob_talloc(mem_ctx, NULL, length);
+	data_blob_clear(&blob);
+	return blob;
+}
diff --git a/source3/lib/dbwrap.c b/source3/lib/dbwrap.c
index 4e16d18682..001424a6c0 100644
--- a/source3/lib/dbwrap.c
+++ b/source3/lib/dbwrap.c
@@ -20,7 +20,9 @@
 */
 
 #include "includes.h"
-
+#ifdef CLUSTER_SUPPORT
+#include "ctdb_private.h"
+#endif
 /*
  * Fall back using fetch_locked if no genuine fetch operation is provided
  */
@@ -46,10 +48,16 @@ struct db_context *db_open(TALLOC_CTX *mem_ctx,
 			   int open_flags, mode_t mode)
 {
 	struct db_context *result = NULL;
+#ifdef CLUSTER_SUPPORT
+	const char *sockname = lp_ctdbd_socket();
+#endif
 
 #ifdef CLUSTER_SUPPORT
+	if(!sockname || !*sockname) {
+		sockname = CTDB_PATH;
+	}
 
-	if (lp_clustering()) {
+	if (lp_clustering() && socket_exist(sockname)) {
 		const char *partname;
 		/* ctdb only wants the file part of the name */
 		partname = strrchr(name, '/');
diff --git a/source3/lib/dbwrap_ctdb.c b/source3/lib/dbwrap_ctdb.c
index 90d0b260c5..f497f871d2 100644
--- a/source3/lib/dbwrap_ctdb.c
+++ b/source3/lib/dbwrap_ctdb.c
@@ -18,16 +18,14 @@
 */
 
 #include "includes.h"
-
 #ifdef CLUSTER_SUPPORT
-
 #include "ctdb.h"
 #include "ctdb_private.h"
+#include "ctdbd_conn.h"
 
 struct db_ctdb_ctx {
 	struct tdb_wrap *wtdb;
 	uint32 db_id;
-	struct ctdbd_connection *conn;
 };
 
 struct db_ctdb_rec {
@@ -35,8 +33,6 @@ struct db_ctdb_rec {
 	struct ctdb_ltdb_header header;
 };
 
-static struct ctdbd_connection *db_ctdbd_conn(struct db_ctdb_ctx *ctx);
-
 static NTSTATUS db_ctdb_store(struct db_record *rec, TDB_DATA data, int flag)
 {
 	struct db_ctdb_rec *crec = talloc_get_type_abort(
@@ -60,6 +56,42 @@ static NTSTATUS db_ctdb_store(struct db_record *rec, TDB_DATA data, int flag)
 	return (ret == 0) ? NT_STATUS_OK : NT_STATUS_INTERNAL_DB_CORRUPTION;
 }
 
+
+/* for persistent databases the store is a bit different. We have to
+   ask the ctdb daemon to push the record to all nodes after the
+   store */
+static NTSTATUS db_ctdb_store_persistent(struct db_record *rec, TDB_DATA data, int flag)
+{
+	struct db_ctdb_rec *crec = talloc_get_type_abort(
+		rec->private_data, struct db_ctdb_rec);
+	TDB_DATA cdata;
+	int ret;
+	NTSTATUS status;
+
+	cdata.dsize = sizeof(crec->header) + data.dsize;
+
+	if (!(cdata.dptr = SMB_MALLOC_ARRAY(uint8, cdata.dsize))) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	crec->header.rsn++;
+
+	memcpy(cdata.dptr, &crec->header, sizeof(crec->header));
+	memcpy(cdata.dptr + sizeof(crec->header), data.dptr, data.dsize);
+
+	ret = tdb_store(crec->ctdb_ctx->wtdb->tdb, rec->key, cdata, TDB_REPLACE);
+	status = (ret == 0) ? NT_STATUS_OK : NT_STATUS_INTERNAL_DB_CORRUPTION;
+	
+	/* now tell ctdbd to update this record on all other nodes */
+	if (NT_STATUS_IS_OK(status)) {
+		status = ctdbd_persistent_store(messaging_ctdbd_connection(), crec->ctdb_ctx->db_id, rec->key, cdata);
+	}
+
+	SAFE_FREE(cdata.dptr);
+
+	return status;
+}
+
 static NTSTATUS db_ctdb_delete(struct db_record *rec)
 {
 	struct db_ctdb_rec *crec = talloc_get_type_abort(
@@ -110,6 +142,7 @@ static struct db_record *db_ctdb_fetch_locked(struct db_context *db,
 	struct db_ctdb_rec *crec;
 	NTSTATUS status;
 	TDB_DATA ctdb_data;
+	int migrate_attempts = 0;
 
 	if (!(result = talloc(mem_ctx, struct db_record))) {
 		DEBUG(0, ("talloc failed\n"));
@@ -153,7 +186,11 @@ again:
 		return NULL;
 	}
 
-	result->store = db_ctdb_store;
+	if (db->persistent) {
+		result->store = db_ctdb_store_persistent;
+	} else {
+		result->store = db_ctdb_store;
+	}
 	result->delete_rec = db_ctdb_delete;
 	talloc_set_destructor(result, db_ctdb_record_destr);
 
@@ -175,12 +212,14 @@ again:
 		tdb_chainunlock(ctx->wtdb->tdb, key);
 		talloc_set_destructor(result, NULL);
 
+		migrate_attempts += 1;
+
 		DEBUG(10, ("ctdb_data.dptr = %p, dmaster = %u (%u)\n",
 			   ctdb_data.dptr, ctdb_data.dptr ?
 			   ((struct ctdb_ltdb_header *)ctdb_data.dptr)->dmaster : -1,
 			   get_my_vnn()));
 
-		status = ctdbd_migrate(db_ctdbd_conn(ctx), ctx->db_id, key);
+		status = ctdbd_migrate(messaging_ctdbd_connection(),ctx->db_id, key);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(5, ("ctdb_migrate failed: %s\n",
 				  nt_errstr(status)));
@@ -191,6 +230,11 @@ again:
 		goto again;
 	}
 
+	if (migrate_attempts > 10) {
+		DEBUG(0, ("db_ctdb_fetch_locked needed %d attempts\n",
+			  migrate_attempts));
+	}
+
 	memcpy(&crec->header, ctdb_data.dptr, sizeof(crec->header));
 
 	result->value.dsize = ctdb_data.dsize - sizeof(crec->header);
@@ -226,10 +270,12 @@ static int db_ctdb_fetch(struct db_context *db, TALLOC_CTX *mem_ctx,
 	/*
 	 * See if we have a valid record and we are the dmaster. If so, we can
 	 * take the shortcut and just return it.
+	 * we bypass the dmaster check for persistent databases
 	 */
 	if ((ctdb_data.dptr != NULL) &&
 	    (ctdb_data.dsize >= sizeof(struct ctdb_ltdb_header)) &&
-	    ((struct ctdb_ltdb_header *)ctdb_data.dptr)->dmaster == get_my_vnn()) {
+	    (db->persistent ||
+	     ((struct ctdb_ltdb_header *)ctdb_data.dptr)->dmaster == get_my_vnn())) {
 		/* we are the dmaster - avoid the ctdb protocol op */
 
 		data->dsize = ctdb_data.dsize - sizeof(struct ctdb_ltdb_header);
@@ -254,8 +300,7 @@ static int db_ctdb_fetch(struct db_context *db, TALLOC_CTX *mem_ctx,
 	SAFE_FREE(ctdb_data.dptr);
 
 	/* we weren't able to get it locally - ask ctdb to fetch it for us */
-	status = ctdbd_fetch(db_ctdbd_conn(ctx), ctx->db_id, key, mem_ctx,
-			     data);
+	status = ctdbd_fetch(messaging_ctdbd_connection(),ctx->db_id, key, mem_ctx, data);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(5, ("ctdbd_fetch failed: %s\n", nt_errstr(status)));
 		return -1;
@@ -283,6 +328,22 @@ static void traverse_callback(TDB_DATA key, TDB_DATA data, void *private_data)
 	talloc_free(tmp_ctx);
 }
 
+static int traverse_persistent_callback(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf,
+					void *private_data)
+{
+	struct traverse_state *state = (struct traverse_state *)private_data;
+	struct db_record *rec;
+	TALLOC_CTX *tmp_ctx = talloc_new(state->db);
+	int ret = 0;
+	/* we have to give them a locked record to prevent races */
+	rec = db_ctdb_fetch_locked(state->db, tmp_ctx, kbuf);
+	if (rec && rec->value.dsize > 0) {
+		ret = state->fn(rec, state->private_data);
+	}
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
 static int db_ctdb_traverse(struct db_context *db,
 			    int (*fn)(struct db_record *rec,
 				      void *private_data),
@@ -296,6 +357,13 @@ static int db_ctdb_traverse(struct db_context *db,
 	state.fn = fn;
 	state.private_data = private_data;
 
+	if (db->persistent) {
+		/* for persistent databases we don't need to do a ctdb traverse,
+		   we can do a faster local traverse */
+		return tdb_traverse(ctx->wtdb->tdb, traverse_persistent_callback, &state);
+	}
+
+
 	ctdbd_traverse(ctx->db_id, traverse_callback, &state);
 	return 0;
 }
@@ -322,6 +390,27 @@ static void traverse_read_callback(TDB_DATA key, TDB_DATA data, void *private_da
 	state->fn(&rec, state->private_data);
 }
 
+static int traverse_persistent_callback_read(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf,
+					void *private_data)
+{
+	struct traverse_state *state = (struct traverse_state *)private_data;
+	struct db_record rec;
+	rec.key = kbuf;
+	rec.value = dbuf;
+	rec.store = db_ctdb_store_deny;
+	rec.delete_rec = db_ctdb_delete_deny;
+	rec.private_data = state->db;
+
+	if (rec.value.dsize <= sizeof(struct ctdb_ltdb_header)) {
+		/* a deleted record */
+		return 0;
+	}
+	rec.value.dsize -= sizeof(struct ctdb_ltdb_header);
+	rec.value.dptr += sizeof(struct ctdb_ltdb_header);
+
+	return state->fn(&rec, state->private_data);
+}
+
 static int db_ctdb_traverse_read(struct db_context *db,
 				 int (*fn)(struct db_record *rec,
 					   void *private_data),
@@ -335,6 +424,12 @@ static int db_ctdb_traverse_read(struct db_context *db,
 	state.fn = fn;
 	state.private_data = private_data;
 
+	if (db->persistent) {
+		/* for persistent databases we don't need to do a ctdb traverse,
+		   we can do a faster local traverse */
+		return tdb_traverse_read(ctx->wtdb->tdb, traverse_persistent_callback_read, &state);
+	}
+
 	ctdbd_traverse(ctx->db_id, traverse_read_callback, &state);
 	return 0;
 }
@@ -346,41 +441,6 @@ static int db_ctdb_get_seqnum(struct db_context *db)
 	return tdb_get_seqnum(ctx->wtdb->tdb);
 }
 
-/*
- * Get the ctdbd connection for a database. If possible, re-use the messaging
- * ctdbd connection
- */
-static struct ctdbd_connection *db_ctdbd_conn(struct db_ctdb_ctx *ctx)
-{
-	struct ctdbd_connection *result;
-
-	result = messaging_ctdbd_connection();
-
-	if (result != NULL) {
-
-		if (ctx->conn == NULL) {
-			/*
-			 * Someone has initialized messaging since we
-			 * initialized our own connection, we don't need it
-			 * anymore.
-			 */
-			TALLOC_FREE(ctx->conn);
-		}
-
-		return result;
-	}
-
-	if (ctx->conn == NULL) {
-		NTSTATUS status;
-		status = ctdbd_init_connection(ctx, &ctx->conn);
-		if (!NT_STATUS_IS_OK(status)) {
-			return NULL;
-		}
-		set_my_vnn(ctdbd_vnn(ctx->conn));
-	}
-
-	return ctx->conn;
-}
 
 struct db_context *db_open_ctdb(TALLOC_CTX *mem_ctx,
 				const char *name,
@@ -390,7 +450,6 @@ struct db_context *db_open_ctdb(TALLOC_CTX *mem_ctx,
 	struct db_context *result;
 	struct db_ctdb_ctx *db_ctdb;
 	char *db_path;
-	NTSTATUS status;
 
 	if (!lp_clustering()) {
 		DEBUG(10, ("Clustering disabled -- no ctdb\n"));
@@ -409,20 +468,15 @@ struct db_context *db_open_ctdb(TALLOC_CTX *mem_ctx,
 		return NULL;
 	}
 
-	db_ctdb->conn = NULL;
-
-	status = ctdbd_db_attach(db_ctdbd_conn(db_ctdb), name,
-				 &db_ctdb->db_id, tdb_flags);
-
-	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(0, ("ctdbd_db_attach failed for %s: %s\n", name,
-			  nt_errstr(status)));
+	if (!NT_STATUS_IS_OK(ctdbd_db_attach(messaging_ctdbd_connection(),name, &db_ctdb->db_id, tdb_flags))) {
+		DEBUG(0, ("ctdbd_db_attach failed for %s\n", name));
 		TALLOC_FREE(result);
 		return NULL;
 	}
 
-	db_path = ctdbd_dbpath(db_ctdbd_conn(db_ctdb), db_ctdb,
-			       db_ctdb->db_id);
+	db_path = ctdbd_dbpath(messaging_ctdbd_connection(), db_ctdb, db_ctdb->db_id);
+
+	result->persistent = ((tdb_flags & TDB_CLEAR_IF_FIRST) == 0);
 
 	/* only pass through specific flags */
 	tdb_flags &= TDB_SEQNUM;
@@ -447,16 +501,4 @@ struct db_context *db_open_ctdb(TALLOC_CTX *mem_ctx,
 
 	return result;
 }
-
-#else
-
-struct db_context *db_open_ctdb(TALLOC_CTX *mem_ctx,
-				const char *name,
-				int hash_size, int tdb_flags,
-				int open_flags, mode_t mode)
-{
-	DEBUG(0, ("no clustering compiled in\n"));
-	return NULL;
-}
-
 #endif
diff --git a/source3/lib/dbwrap_file.c b/source3/lib/dbwrap_file.c
index 5b41f5941b..e3779de1e4 100644
--- a/source3/lib/dbwrap_file.c
+++ b/source3/lib/dbwrap_file.c
@@ -17,10 +17,6 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-/*
- * Be aware that this is just sample code that has not seen too much testing
- */
-
 #include "includes.h"
 
 struct db_file_ctx {
@@ -367,6 +363,7 @@ struct db_context *db_open_file(TALLOC_CTX *mem_ctx,
 	result->fetch_locked = db_file_fetch_locked;
 	result->traverse = db_file_traverse;
 	result->traverse_read = db_file_traverse;
+	result->persistent = ((tdb_flags & TDB_CLEAR_IF_FIRST) == 0);
 
 	ctx->locked_record = NULL;
 	if (!(ctx->dirname = talloc_strdup(ctx, name))) {
diff --git a/source3/lib/dbwrap_tdb.c b/source3/lib/dbwrap_tdb.c
index 710e45de6b..da55049e52 100644
--- a/source3/lib/dbwrap_tdb.c
+++ b/source3/lib/dbwrap_tdb.c
@@ -31,6 +31,11 @@ static int db_tdb_record_destr(struct db_record* data)
 	struct db_tdb_ctx *ctx =
 		talloc_get_type_abort(data->private_data, struct db_tdb_ctx);
 
+	/* This hex_encode() call allocates memory on data context. By way how current 
+	   __talloc_free() code works, it is OK to allocate in the destructor as 
+	   the children of data will be freed after call to the destructor and this 
+	   new 'child' will be caught and freed correctly.
+	 */
 	DEBUG(10, (DEBUGLEVEL > 10
 		   ? "Unlocking key %s\n" : "Unlocking key %.20s\n",
 		   hex_encode(data, (unsigned char *)data->key.dptr,
@@ -86,10 +91,10 @@ static struct db_record *db_tdb_fetch_locked(struct db_context *db,
 	struct db_tdb_ctx *ctx = talloc_get_type_abort(db->private_data,
 						       struct db_tdb_ctx);
 	struct tdb_fetch_locked_state state;
-	int res;
 
-	if (DEBUGLEVEL >= 10) {
-		char *keystr = hex_encode(NULL, key.dptr, key.dsize);
+	/* Do not accidently allocate/deallocate w/o need when debug level is lower than needed */
+	if(DEBUGLEVEL >= 10) {
+		char *keystr = hex_encode(NULL, (unsigned char*)key.dptr, key.dsize);
 		DEBUG(10, (DEBUGLEVEL > 10
 			   ? "Locking key %s\n" : "Locking key %.20s\n",
 			   keystr));
@@ -104,8 +109,7 @@ static struct db_record *db_tdb_fetch_locked(struct db_context *db,
 	state.mem_ctx = mem_ctx;
 	state.result = NULL;
 
-	res = tdb_parse_record(ctx->wtdb->tdb, key, db_tdb_fetchlock_parse,
-			       &state);
+	tdb_parse_record(ctx->wtdb->tdb, key, db_tdb_fetchlock_parse, &state);
 
 	if (state.result == NULL) {
 		db_tdb_fetchlock_parse(key, tdb_null, &state);
@@ -191,15 +195,16 @@ static NTSTATUS db_tdb_delete(struct db_record *rec)
 {
 	struct db_tdb_ctx *ctx = talloc_get_type_abort(rec->private_data,
 						       struct db_tdb_ctx);
-	int res;
-	
-	res = tdb_delete(ctx->wtdb->tdb, rec->key);
 
-	if (res == 0) {
+	if (tdb_delete(ctx->wtdb->tdb, rec->key) == 0) {
 		return NT_STATUS_OK;
 	}
 
-	return map_nt_error_from_tdb(tdb_error(ctx->wtdb->tdb));
+	if (tdb_error(ctx->wtdb->tdb) == TDB_ERR_NOEXIST) {
+		return NT_STATUS_NOT_FOUND;
+	}
+
+	return NT_STATUS_UNSUCCESSFUL;
 }
 
 struct db_tdb_traverse_ctx {
@@ -318,6 +323,7 @@ struct db_context *db_open_tdb(TALLOC_CTX *mem_ctx,
 	result->traverse = db_tdb_traverse;
 	result->traverse_read = db_tdb_traverse_read;
 	result->get_seqnum = db_tdb_get_seqnum;
+	result->persistent = ((tdb_flags & TDB_CLEAR_IF_FIRST) == 0);
 	return result;
 
  fail:
diff --git a/source3/lib/dbwrap_util.c b/source3/lib/dbwrap_util.c
new file mode 100644
index 0000000000..002d572019
--- /dev/null
+++ b/source3/lib/dbwrap_util.c
@@ -0,0 +1,90 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Utility functions for the dbwrap API
+   Copyright (C) Volker Lendecke 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+int32_t dbwrap_fetch_int32(struct db_context *db, const char *keystr)
+{
+	TDB_DATA dbuf;
+	int32 ret;
+
+	if (db->fetch(db, NULL, string_term_tdb_data(keystr), &dbuf) != 0) {
+		return -1;
+	}
+
+	if ((dbuf.dptr == NULL) || (dbuf.dsize != sizeof(int32_t))) {
+		TALLOC_FREE(dbuf.dptr);
+		return -1;
+	}
+
+	ret = IVAL(dbuf.dptr, 0);
+	TALLOC_FREE(dbuf.dptr);
+	return ret;
+}
+
+int dbwrap_store_int32(struct db_context *db, const char *keystr, int32_t v)
+{
+	struct db_record *rec;
+	int32 v_store;
+	NTSTATUS status;
+
+	rec = db->fetch_locked(db, NULL, string_term_tdb_data(keystr));
+	if (rec == NULL) {
+		return -1;
+	}
+
+	SIVAL(&v_store, 0, v);
+
+	status = rec->store(rec, make_tdb_data((const uint8 *)&v_store,
+					       sizeof(v_store)),
+			    TDB_REPLACE);
+	TALLOC_FREE(rec);
+	return NT_STATUS_IS_OK(status) ? 0 : -1;
+}
+
+uint32_t dbwrap_change_uint32_atomic(struct db_context *db, const char *keystr,
+				     uint32_t *oldval, uint32_t change_val)
+{
+	struct db_record *rec;
+	uint32 val = -1;
+	TDB_DATA data;
+
+	if (!(rec = db->fetch_locked(db, NULL,
+				     string_term_tdb_data(keystr)))) {
+		return -1;
+	}
+
+	if ((rec->value.dptr != NULL)
+	    && (rec->value.dsize == sizeof(val))) {
+		val = IVAL(rec->value.dptr, 0);
+	}
+
+	val += change_val;
+
+	data.dsize = sizeof(val);
+	data.dptr = (uint8 *)&val;
+
+	rec->store(rec, data, TDB_REPLACE);
+
+	TALLOC_FREE(rec);
+
+	return 0;
+}
+
diff --git a/source3/lib/debug.c b/source3/lib/debug.c
index 6c1bfea04f..c4a0d1b47b 100644
--- a/source3/lib/debug.c
+++ b/source3/lib/debug.c
@@ -429,8 +429,9 @@ static bool debug_parse_params(char **params)
 
 	/* Fill in new debug class levels */
 	for (; i < debug_num_classes && params[i]; i++) {
-		if ((class_name=strtok(params[i],":")) &&
-			(class_level=strtok(NULL, "\0")) &&
+		char *saveptr;
+		if ((class_name = strtok_r(params[i],":", &saveptr)) &&
+			(class_level = strtok_r(NULL, "\0", &saveptr)) &&
             ((ndx = debug_lookup_classname(class_name)) != -1)) {
 				DEBUGLEVEL_CLASS[ndx] = atoi(class_level);
 				DEBUGLEVEL_CLASS_ISSET[ndx] = True;
@@ -459,14 +460,14 @@ bool debug_parse_levels(const char *params_str)
 	if (AllowDebugChange == False)
 		return True;
 
-	params = str_list_make(params_str, NULL);
+	params = str_list_make(talloc_tos(), params_str, NULL);
 
 	if (debug_parse_params(params)) {
 		debug_dump_status(5);
-		str_list_free(&params);
+		TALLOC_FREE(params);
 		return True;
 	} else {
-		str_list_free(&params);
+		TALLOC_FREE(params);
 		return False;
 	}
 }
@@ -826,6 +827,7 @@ void check_log_size( void )
 		};
 		int     priority;
 		char *msgbuf = NULL;
+		int ret;
 
 		if( syslog_level >= ( sizeof(priority_map) / sizeof(priority_map[0]) ) || syslog_level < 0)
 			priority = LOG_DEBUG;
@@ -833,10 +835,10 @@ void check_log_size( void )
 			priority = priority_map[syslog_level];
 
 		va_start(ap, format_str);
-		vasprintf(&msgbuf, format_str, ap);
+		ret = vasprintf(&msgbuf, format_str, ap);
 		va_end(ap);
 
-		if (msgbuf) {
+		if (ret == -1) {
 			syslog(priority, "%s", msgbuf);
 		}
 		SAFE_FREE(msgbuf);
@@ -1058,12 +1060,13 @@ bool dbghdr(int level, int cls, const char *file, const char *func, int line)
 	va_list ap;
 	char *msgbuf = NULL;
 	bool ret = true;
+	int res;
 
 	va_start(ap, format_str);
-	vasprintf(&msgbuf, format_str, ap);
+	res = vasprintf(&msgbuf, format_str, ap);
 	va_end(ap);
 
-	if (msgbuf) {
+	if (res != -1) {
 		format_debug_text(msgbuf);
 	} else {
 		ret = false;
diff --git a/source3/lib/display_dsdcinfo.c b/source3/lib/display_dsdcinfo.c
deleted file mode 100644
index dcb05297a1..0000000000
--- a/source3/lib/display_dsdcinfo.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
-   Unix SMB/CIFS implementation.
-
-   Copyright (C) Guenther Deschner 2007
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-
-/****************************************************************
-****************************************************************/
-
-void display_ds_domain_controller_info(TALLOC_CTX *mem_ctx,
-				       const struct DS_DOMAIN_CONTROLLER_INFO *info)
-{
-	d_printf("domain_controller_name: %s\n",
-		info->domain_controller_name);
-	d_printf("domain_controller_address: %s\n",
-		info->domain_controller_address);
-	d_printf("domain_controller_address_type: %d\n",
-		info->domain_controller_address_type);
-	d_printf("domain_guid: %s\n",
-		GUID_string(mem_ctx, info->domain_guid));
-	d_printf("domain_name: %s\n",
-		info->domain_name);
-	d_printf("dns_forest_name: %s\n",
-		info->dns_forest_name);
-
-	d_printf("flags: 0x%08x\n"
-		 "\tIs a PDC:                                   %s\n"
-		 "\tIs a GC of the forest:                      %s\n"
-		 "\tIs an LDAP server:                          %s\n"
-		 "\tSupports DS:                                %s\n"
-		 "\tIs running a KDC:                           %s\n"
-		 "\tIs running time services:                   %s\n"
-		 "\tIs the closest DC:                          %s\n"
-		 "\tIs writable:                                %s\n"
-		 "\tHas a hardware clock:                       %s\n"
-		 "\tIs a non-domain NC serviced by LDAP server: %s\n"
-		 "\tDomainControllerName is a DNS name:         %s\n"
-		 "\tDomainName is a DNS name:                   %s\n"
-		 "\tDnsForestName is a DNS name:                %s\n",
-		 info->flags,
-		 (info->flags & ADS_PDC) ? "yes" : "no",
-		 (info->flags & ADS_GC) ? "yes" : "no",
-		 (info->flags & ADS_LDAP) ? "yes" : "no",
-		 (info->flags & ADS_DS) ? "yes" : "no",
-		 (info->flags & ADS_KDC) ? "yes" : "no",
-		 (info->flags & ADS_TIMESERV) ? "yes" : "no",
-		 (info->flags & ADS_CLOSEST) ? "yes" : "no",
-		 (info->flags & ADS_WRITABLE) ? "yes" : "no",
-		 (info->flags & ADS_GOOD_TIMESERV) ? "yes" : "no",
-		 (info->flags & ADS_NDNC) ? "yes" : "no",
-		 (info->flags & ADS_DNS_CONTROLLER) ? "yes":"no",
-		 (info->flags & ADS_DNS_DOMAIN) ? "yes":"no",
-		 (info->flags & ADS_DNS_FOREST) ? "yes":"no");
-
-	d_printf("dc_site_name: %s\n", info->dc_site_name);
-	d_printf("client_site_name: %s\n", info->client_site_name);
-}
diff --git a/source3/lib/dprintf.c b/source3/lib/dprintf.c
index 18b261623e..a3bb5be43a 100644
--- a/source3/lib/dprintf.c
+++ b/source3/lib/dprintf.c
@@ -47,7 +47,10 @@
 
 	lang_msg_free(msgstr);
 
-	if (ret <= 0) return ret;
+	if (ret <= 0) {
+	  va_end(ap2);
+	  return ret;
+	}
 
 	/* now we have the string in unix format, convert it to the display
 	   charset, but beware of it growing */
@@ -56,6 +59,7 @@ again:
 	p2 = (char *)SMB_MALLOC(maxlen);
 	if (!p2) {
 		SAFE_FREE(p);
+		va_end(ap2);
 		return -1;
 	}
 	clen = convert_string(CH_UNIX, CH_DISPLAY, p, ret, p2, maxlen, True);
@@ -72,6 +76,8 @@ again:
 	ret = fwrite(p2, 1, clen, f);
 	SAFE_FREE(p2);
 
+	va_end(ap2);
+
 	return ret;
 }
 
diff --git a/source3/lib/errmap_unix.c b/source3/lib/errmap_unix.c
index 885a1c55b2..8194cf80cc 100644
--- a/source3/lib/errmap_unix.c
+++ b/source3/lib/errmap_unix.c
@@ -92,6 +92,9 @@ const struct unix_error_map unix_dos_nt_errmap[] = {
 #ifdef EWOULDBLOCK
 	{ EWOULDBLOCK, ERRDOS, 111, NT_STATUS_NETWORK_BUSY },
 #endif
+#ifdef ENOATTR
+	{ ENOATTR, ERRDOS, ERRbadfile, NT_STATUS_NOT_FOUND },
+#endif
 
 	{ 0, 0, 0, NT_STATUS_OK }
 };
diff --git a/source3/lib/fault.c b/source3/lib/fault.c
index 33e1401d7a..1964955f1b 100644
--- a/source3/lib/fault.c
+++ b/source3/lib/fault.c
@@ -132,7 +132,6 @@ void dump_core_setup(const char *progname)
 	sys_chown(corepath,getuid(),getgid());
 	chmod(corepath,0700);
 
-	SAFE_FREE(corepath);
 	SAFE_FREE(logbase);
 
 #ifdef HAVE_GETRLIMIT
diff --git a/source3/lib/gencache.c b/source3/lib/gencache.c
index 663385cfe3..6131269adb 100644
--- a/source3/lib/gencache.c
+++ b/source3/lib/gencache.c
@@ -120,9 +120,9 @@ bool gencache_set(const char *keystr, const char *value, time_t timeout)
 
 	if (!gencache_init()) return False;
 	
-	asprintf(&valstr, CACHE_DATA_FMT, (int)timeout, value);
-	if (!valstr)
+	if (asprintf(&valstr, CACHE_DATA_FMT, (int)timeout, value) == -1) {
 		return False;
+	}
 
 	databuf = string_term_tdb_data(valstr);
 	DEBUG(10, ("Adding cache entry with key = %s; value = %s and timeout ="
@@ -340,8 +340,7 @@ bool gencache_set_data_blob(const char *keystr, DATA_BLOB *blob, time_t timeout)
 		return False;
 	}
 
-	asprintf(&valstr, "%12u/%s", (int)timeout, BLOB_TYPE);
-	if (!valstr) {
+	if (asprintf(&valstr, "%12u/%s", (int)timeout, BLOB_TYPE) == -1) {
 		return False;
 	}
 
@@ -452,8 +451,9 @@ void gencache_iterate(void (*fn)(const char* key, const char *value, time_t time
 			break;
 		}
 
-		asprintf(&fmt, READ_CACHE_DATA_FMT_TEMPLATE, (unsigned int)databuf.dsize - TIMEOUT_LEN);
-		if (!fmt) {
+		if (asprintf(&fmt, READ_CACHE_DATA_FMT_TEMPLATE,
+			     (unsigned int)databuf.dsize - TIMEOUT_LEN)
+		    == -1) {
 			SAFE_FREE(valstr);
 			SAFE_FREE(entry);
 			SAFE_FREE(keystr);
diff --git a/source3/lib/interfaces.c b/source3/lib/interfaces.c
index 3797fc679d..dd857ae672 100644
--- a/source3/lib/interfaces.c
+++ b/source3/lib/interfaces.c
@@ -191,7 +191,6 @@ void make_net(struct sockaddr_storage *pss_out,
  Also gets IPv6 interfaces.
 ****************************************************************************/
 
-#if HAVE_IFACE_GETIFADDRS
 /****************************************************************************
  Get the netmask address for a local interface.
 ****************************************************************************/
@@ -237,19 +236,9 @@ static int _get_interfaces(struct iface_struct *ifaces, int max_interfaces)
 		memcpy(&ifaces[total].netmask, ifptr->ifa_netmask, copy_size);
 
 		if (ifaces[total].flags & (IFF_BROADCAST|IFF_LOOPBACK)) {
-			if (ifptr->ifa_broadaddr) {
-				memcpy(&ifaces[total].bcast,
-					ifptr->ifa_broadaddr,
-					copy_size);
-			} else {
-				/* For some reason ifptr->ifa_broadaddr
-				 * is null. Make one from ifa_addr and
-				 * ifa_netmask.
-				 */
-				make_bcast(&ifaces[total].bcast,
-					&ifaces[total].ip,
-					&ifaces[total].netmask);
-			}
+			make_bcast(&ifaces[total].bcast,
+				&ifaces[total].ip,
+				&ifaces[total].netmask);
 		} else if ((ifaces[total].flags & IFF_POINTOPOINT) &&
 			       ifptr->ifa_dstaddr ) {
 			memcpy(&ifaces[total].bcast,
@@ -269,339 +258,6 @@ static int _get_interfaces(struct iface_struct *ifaces, int max_interfaces)
 	return total;
 }
 
-#define _FOUND_IFACE_ANY
-#endif /* HAVE_IFACE_GETIFADDRS */
-#if HAVE_IFACE_IFCONF
-
-/* this works for Linux 2.2, Solaris 2.5, SunOS4, HPUX 10.20, OSF1
-   V4.0, Ultrix 4.4, SCO Unix 3.2, IRIX 6.4 and FreeBSD 3.2.
-
-   It probably also works on any BSD style system.  */
-
-/****************************************************************************
- Get the netmask address for a local interface.
-****************************************************************************/
-
-static int _get_interfaces(struct iface_struct *ifaces, int max_interfaces)
-{
-	struct ifconf ifc;
-	char buff[8192];
-	int fd, i, n;
-	struct ifreq *ifr=NULL;
-	int total = 0;
-
-	if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
-		return -1;
-	}
-
-	ifc.ifc_len = sizeof(buff);
-	ifc.ifc_buf = buff;
-
-	if (ioctl(fd, SIOCGIFCONF, &ifc) != 0) {
-		close(fd);
-		return -1;
-	}
-
-	ifr = ifc.ifc_req;
-
-	n = ifc.ifc_len / sizeof(struct ifreq);
-
-	/* Loop through interfaces, looking for given IP address */
-	for (i=n-1;i>=0 && total < max_interfaces;i--) {
-
-		memset(&ifaces[total], '\0', sizeof(ifaces[total]));
-
-		/* Check the interface is up. */
-		if (ioctl(fd, SIOCGIFFLAGS, &ifr[i]) != 0) {
-			continue;
-		}
-
-		ifaces[total].flags = ifr[i].ifr_flags;
-
-		if (!(ifaces[total].flags & IFF_UP)) {
-			continue;
-		}
-
-		if (ioctl(fd, SIOCGIFADDR, &ifr[i]) != 0) {
-			continue;
-		}
-
-		strlcpy(ifaces[total].name, ifr[i].ifr_name,
-			sizeof(ifaces[total].name));
-
-		memcpy(&ifaces[total].ip, &ifr[i].ifr_addr,
-				sizeof(struct sockaddr_in));
-
-		if (ioctl(fd, SIOCGIFNETMASK, &ifr[i]) != 0) {
-			continue;
-		}
-
-		memcpy(&ifaces[total].netmask, &ifr[i].ifr_netmask,
-				sizeof(struct sockaddr_in));
-
-		if (ifaces[total].flags & IFF_BROADCAST) {
-			if (ioctl(fd, SIOCGIFBRDADDR, &ifr[i]) != 0) {
-				continue;
-			}
-			memcpy(&ifaces[total].bcast, &ifr[i].ifr_broadaddr,
-				sizeof(struct sockaddr_in));
-		} else if (ifaces[total].flags & IFF_POINTOPOINT) {
-			if (ioctl(fd, SIOCGIFDSTADDR, &ifr[i]) != 0) {
-				continue;
-			}
-			memcpy(&ifaces[total].bcast, &ifr[i].ifr_dstaddr,
-				sizeof(struct sockaddr_in));
-		} else {
-			continue;
-		}
-
-		total++;
-	}
-
-	close(fd);
-
-	return total;
-}
-
-#define _FOUND_IFACE_ANY
-#endif /* HAVE_IFACE_IFCONF */
-#ifdef HAVE_IFACE_IFREQ
-
-#ifndef I_STR
-#include <sys/stropts.h>
-#endif
-
-/****************************************************************************
- This should cover most of the streams based systems.
- Thanks to Andrej.Borsenkow@mow.siemens.ru for several ideas in this code.
-****************************************************************************/
-
-static int _get_interfaces(struct iface_struct *ifaces, int max_interfaces)
-{
-	struct ifreq ifreq;
-	struct strioctl strioctl;
-	char buff[8192];
-	int fd, i, n;
-	struct ifreq *ifr=NULL;
-	int total = 0;
-
-	if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
-		return -1;
-	}
-
-	strioctl.ic_cmd = SIOCGIFCONF;
-	strioctl.ic_dp  = buff;
-	strioctl.ic_len = sizeof(buff);
-	if (ioctl(fd, I_STR, &strioctl) < 0) {
-		close(fd);
-		return -1;
-	}
-
-	/* we can ignore the possible sizeof(int) here as the resulting
-	   number of interface structures won't change */
-	n = strioctl.ic_len / sizeof(struct ifreq);
-
-	/* we will assume that the kernel returns the length as an int
-           at the start of the buffer if the offered size is a
-           multiple of the structure size plus an int */
-	if (n*sizeof(struct ifreq) + sizeof(int) == strioctl.ic_len) {
-		ifr = (struct ifreq *)(buff + sizeof(int));
-	} else {
-		ifr = (struct ifreq *)buff;
-	}
-
-	/* Loop through interfaces */
-
-	for (i = 0; i<n && total < max_interfaces; i++) {
-
-		memset(&ifaces[total], '\0', sizeof(ifaces[total]));
-
-		ifreq = ifr[i];
-
-		strioctl.ic_cmd = SIOCGIFFLAGS;
-		strioctl.ic_dp  = (char *)&ifreq;
-		strioctl.ic_len = sizeof(struct ifreq);
-		if (ioctl(fd, I_STR, &strioctl) != 0) {
-			continue;
-		}
-
-		ifaces[total].flags = ifreq.ifr_flags;
-
-		if (!(ifaces[total].flags & IFF_UP)) {
-			continue;
-		}
-
-		strioctl.ic_cmd = SIOCGIFADDR;
-		strioctl.ic_dp  = (char *)&ifreq;
-		strioctl.ic_len = sizeof(struct ifreq);
-		if (ioctl(fd, I_STR, &strioctl) != 0) {
-			continue;
-		}
-
-		strlcpy(ifaces[total].name,
-				ifreq.ifr_name,
-				sizeof(ifaces[total].name));
-
-		memcpy(&ifaces[total].ip, &ifreq.ifr_addr,
-				sizeof(struct sockaddr_in));
-
-		strioctl.ic_cmd = SIOCGIFNETMASK;
-		strioctl.ic_dp  = (char *)&ifreq;
-		strioctl.ic_len = sizeof(struct ifreq);
-		if (ioctl(fd, I_STR, &strioctl) != 0) {
-			continue;
-		}
-
-		memcpy(&ifaces[total].netmask, &ifreq.ifr_addr,
-				sizeof(struct sockaddr_in));
-
-		if (ifaces[total].flags & IFF_BROADCAST) {
-			strioctl.ic_cmd = SIOCGIFBRDADDR;
-			strioctl.ic_dp  = (char *)&ifreq;
-			strioctl.ic_len = sizeof(struct ifreq);
-			if (ioctl(fd, I_STR, &strioctl) != 0) {
-				continue;
-			}
-			memcpy(&ifaces[total].bcast, &ifreq.ifr_broadaddr,
-				sizeof(struct sockaddr_in));
-		} else if (ifaces[total].flags & IFF_POINTOPOINT) {
-			strioctl.ic_cmd = SIOCGIFDSTADDR;
-			strioctl.ic_dp  = (char *)&ifreq;
-			strioctl.ic_len = sizeof(struct ifreq);
-			if (ioctl(fd, I_STR, &strioctl) != 0) {
-				continue;
-			}
-			memcpy(&ifaces[total].bcast, &ifreq.ifr_dstaddr,
-				sizeof(struct sockaddr_in));
-		} else {
-			continue;
-		}
-
-		total++;
-	}
-
-	close(fd);
-
-	return total;
-}
-
-#define _FOUND_IFACE_ANY
-#endif /* HAVE_IFACE_IFREQ */
-#ifdef HAVE_IFACE_AIX
-
-/****************************************************************************
- This one is for AIX (tested on 4.2).
-****************************************************************************/
-
-static int _get_interfaces(struct iface_struct *ifaces, int max_interfaces)
-{
-	char buff[8192];
-	int fd, i;
-	struct ifconf ifc;
-	struct ifreq *ifr=NULL;
-	int total = 0;
-
-	if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
-		return -1;
-	}
-
-
-	ifc.ifc_len = sizeof(buff);
-	ifc.ifc_buf = buff;
-
-	if (ioctl(fd, SIOCGIFCONF, &ifc) != 0) {
-		close(fd);
-		return -1;
-	}
-
-	ifr = ifc.ifc_req;
-
-	/* Loop through interfaces */
-	i = ifc.ifc_len;
-
-	while (i > 0 && total < max_interfaces) {
-		uint_t inc;
-
-		memset(&ifaces[total], '\0', sizeof(ifaces[total]));
-
-		inc = ifr->ifr_addr.sa_len;
-
-		if (ioctl(fd, SIOCGIFFLAGS, ifr) != 0) {
-			goto next;
-		}
-
-		ifaces[total].flags = ifr->ifr_flags;
-
-		if (!(ifaces[total].flags & IFF_UP)) {
-			goto next;
-		}
-
-		if (ioctl(fd, SIOCGIFADDR, ifr) != 0) {
-			goto next;
-		}
-
-		memcpy(&ifaces[total].ip, &ifr->ifr_addr,
-				sizeof(struct sockaddr_in));
-
-		strlcpy(ifaces[total].name, ifr->ifr_name,
-			sizeof(ifaces[total].name));
-
-		if (ioctl(fd, SIOCGIFNETMASK, ifr) != 0) {
-			goto next;
-		}
-
-		memcpy(&ifaces[total].netmask, &ifr->ifr_addr,
-				sizeof(struct sockaddr_in));
-
-		if (ifaces[total].flags & IFF_BROADCAST) {
-			if (ioctl(fd, SIOCGIFBRDADDR, ifr) != 0) {
-				goto next;
-			}
-			memcpy(&ifaces[total].bcast, &ifr->ifr_broadaddr,
-				sizeof(struct sockaddr_in));
-		} else if (ifaces[total].flags & IFF_POINTOPOINT) {
-			if (ioctl(fd, SIOCGIFDSTADDR, ifr) != 0) {
-				goto next;
-			}
-			memcpy(&ifaces[total].bcast, &ifr->ifr_dstaddr,
-				sizeof(struct sockaddr_in));
-		} else {
-			goto next;
-		}
-
-
-		total++;
-
-	next:
-		/*
-		 * Patch from Archie Cobbs (archie@whistle.com).  The
-		 * addresses in the SIOCGIFCONF interface list have a
-		 * minimum size. Usually this doesn't matter, but if
-		 * your machine has tunnel interfaces, etc. that have
-		 * a zero length "link address", this does matter.  */
-
-		if (inc < sizeof(ifr->ifr_addr))
-			inc = sizeof(ifr->ifr_addr);
-		inc += IFNAMSIZ;
-
-		ifr = (struct ifreq*) (((char*) ifr) + inc);
-		i -= inc;
-	}
-
-	close(fd);
-	return total;
-}
-
-#define _FOUND_IFACE_ANY
-#endif /* HAVE_IFACE_AIX */
-#ifndef _FOUND_IFACE_ANY
-static int _get_interfaces(struct iface_struct *ifaces, int max_interfaces)
-{
-	return -1;
-}
-#endif
-
-
 static int iface_comp(struct iface_struct *i1, struct iface_struct *i2)
 {
 	int r;
@@ -693,55 +349,3 @@ int get_interfaces(struct iface_struct *ifaces, int max_interfaces)
 	return total;
 }
 
-
-#ifdef AUTOCONF_TEST
-/* this is the autoconf driver to test get_interfaces() */
-
-static socklen_t calc_sa_size(struct sockaddr *psa)
-{
-	socklen_t sl = sizeof(struct sockaddr_in);
-#if defined(HAVE_IPV6)
-	if (psa->sa_family == AF_INET6) {
-		sl = sizeof(struct sockaddr_in6);
-	}
-#endif
-	return sl;
-}
-
- int main()
-{
-	struct iface_struct ifaces[MAX_INTERFACES];
-	int total = get_interfaces(ifaces, MAX_INTERFACES);
-	int i;
-
-	printf("got %d interfaces:\n", total);
-	if (total <= 0) {
-		exit(1);
-	}
-
-	for (i=0;i<total;i++) {
-		char addr[INET6_ADDRSTRLEN];
-		int ret;
-		printf("%-10s ", ifaces[i].name);
-		addr[0] = '\0';
-		ret = getnameinfo((struct sockaddr *)&ifaces[i].ip,
-				calc_sa_size(&ifaces[i].ip),
-				addr, sizeof(addr),
-				NULL, 0, NI_NUMERICHOST);
-		printf("IP=%s ", addr);
-		addr[0] = '\0';
-		ret = getnameinfo((struct sockaddr *)&ifaces[i].netmask,
-				calc_sa_size(&ifaces[i].netmask),
-				addr, sizeof(addr),
-				NULL, 0, NI_NUMERICHOST);
-		printf("NETMASK=%s ", addr);
-		addr[0] = '\0';
-		ret = getnameinfo((struct sockaddr *)&ifaces[i].bcast,
-				calc_sa_size(&ifaces[i].bcast),
-				addr, sizeof(addr),
-				NULL, 0, NI_NUMERICHOST);
-		printf("BCAST=%s\n", addr);
-	}
-	return 0;
-}
-#endif
diff --git a/source3/lib/ldap_debug_handler.c b/source3/lib/ldap_debug_handler.c
new file mode 100644
index 0000000000..2181ff014d
--- /dev/null
+++ b/source3/lib/ldap_debug_handler.c
@@ -0,0 +1,52 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Intercept libldap debug output.
+ * Copyright (C) Michael Adam 2008
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#if HAVE_LDAP
+
+static void samba_ldap_log_print_fn(LDAP_CONST char *data)
+{
+	DEBUG(lp_ldap_debug_threshold(), ("[LDAP] %s", data));
+}
+
+#endif
+
+void init_ldap_debugging(void)
+{
+#if defined(HAVE_LDAP) && defined(HAVE_LBER_LOG_PRINT_FN)
+	int ret;
+	int ldap_debug_level = lp_ldap_debug_level();
+
+	ret = ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldap_debug_level);
+	if (ret != LDAP_OPT_SUCCESS) {
+		DEBUG(10, ("Error setting LDAP debug level.\n"));
+	}
+
+	if (ldap_debug_level == 0) {
+		return;
+	}
+
+	ret = ber_set_option(NULL, LBER_OPT_LOG_PRINT_FN,
+			     (void *)samba_ldap_log_print_fn);
+	if (ret != LBER_OPT_SUCCESS) {
+		DEBUG(10, ("Error setting LBER log print function.\n"));
+	}
+#endif /* HAVE_LDAP && HAVE_LBER_LOG_PRINT_FN */
+}
diff --git a/source3/lib/messages_ctdbd.c b/source3/lib/messages_ctdbd.c
index 6e9b934a75..f1a02e6af9 100644
--- a/source3/lib/messages_ctdbd.c
+++ b/source3/lib/messages_ctdbd.c
@@ -22,6 +22,10 @@
 #ifdef CLUSTER_SUPPORT
 
 #include "librpc/gen_ndr/messaging.h"
+#include "ctdb.h"
+#include "ctdb_private.h"
+#include "ctdbd_conn.h"
+
 
 struct messaging_ctdbd_context {
 	struct ctdbd_connection *conn;
diff --git a/source3/lib/netapi/examples/Makefile.in b/source3/lib/netapi/examples/Makefile.in
index c2f453dedc..6de3e65546 100644
--- a/source3/lib/netapi/examples/Makefile.in
+++ b/source3/lib/netapi/examples/Makefile.in
@@ -3,9 +3,9 @@ GTK_LIBS=`pkg-config gtk+-2.0 --libs`
 
 KRB5LIBS=@KRB5_LIBS@
 LDAP_LIBS=@LDAP_LIBS@
-LIBS=@LIBS@ -lnetapi
+LIBS=@LIBS@ -lnetapi -ltdb -ltalloc
 DEVELOPER_CFLAGS=@DEVELOPER_CFLAGS@
-FLAGS=@CFLAGS@ $(GTK_FLAGS)
+FLAGS=-I../ -L../../../bin @CFLAGS@ $(GTK_FLAGS)
 CC=@CC@
 LDFLAGS=@PIE_LDFLAGS@ @LDFLAGS@
 DYNEXP=@DYNEXP@
@@ -14,7 +14,12 @@ DYNEXP=@DYNEXP@
 COMPILE_CC = $(CC) -I. $(FLAGS) $(PICFLAG) -c $< -o $@
 COMPILE = $(COMPILE_CC)
 
-BINARY_PREREQS = proto_exists bin/.dummy
+PROGS = bin/getdc@EXEEXT@ \
+	bin/netdomjoin@EXEEXT@ \
+	bin/netdomjoin-gui@EXEEXT@ \
+	bin/getjoinableous@EXEEXT@
+
+all: $(PROGS)
 
 MAKEDIR = || exec false; \
 	  if test -d "$$dir"; then :; else \
@@ -24,6 +29,13 @@ MAKEDIR = || exec false; \
 	  mkdir "$$dir" || \
 	  exec false; fi || exec false
 
+BINARY_PREREQS = bin/.dummy
+
+bin/.dummy:
+	@if (: >> $@ || : > $@) >/dev/null 2>&1; then :; else \
+	  dir=bin $(MAKEDIR); fi
+	@: >> $@ || : > $@ # what a fancy emoticon!
+
 .c.o:
 	@if (: >> $@ || : > $@) >/dev/null 2>&1; then rm -f $@; else \
 	 dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi
@@ -36,22 +48,25 @@ MAKEDIR = || exec false; \
 GETDC_OBJ = getdc/getdc.o
 NETDOMJOIN_OBJ = netdomjoin/netdomjoin.o
 NETDOMJOIN_GUI_OBJ = netdomjoin-gui/netdomjoin-gui.o
+GETJOINABLEOUS_OBJ = getjoinableous/getjoinableous.o
 
-PROGS = bin/getdc@EXEEXT@ bin/netdomjoin@EXEEXT@ bin/netdomjoin-gui@EXEEXT@
-
-all: $(PROGS)
-
-bin/getdc@EXEEXT@: $(GETDC_OBJ)
+bin/getdc@EXEEXT@: $(BINARY_PREREQS) $(GETDC_OBJ)
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(GETDC_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS)
 
-bin/netdomjoin@EXEEXT@: $(NETDOMJOIN_OBJ)
+bin/getjoinableous@EXEEXT@: $(BINARY_PREREQS) $(GETJOINABLEOUS_OBJ)
+	@echo Linking $@
+	@$(CC) $(FLAGS) -o $@ $(GETJOINABLEOUS_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS)
+
+bin/netdomjoin@EXEEXT@: $(BINARY_PREREQS) $(NETDOMJOIN_OBJ)
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(NETDOMJOIN_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS)
 
-bin/netdomjoin-gui@EXEEXT@: $(NETDOMJOIN_GUI_OBJ)
+bin/netdomjoin-gui@EXEEXT@: $(BINARY_PREREQS) $(NETDOMJOIN_GUI_OBJ)
 	@echo Linking $@
 	@$(CC) $(FLAGS) $(GTK_FLAGS) -o $@ $(NETDOMJOIN_GUI_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(GTK_LIBS)
 
 clean:
-	@rm -f $(PROGS)
+	-rm -f $(PROGS)
+	-rm -f core */*~ *~ \
+		*/*.o */*/*.o */*/*/*.o
diff --git a/source3/lib/netapi/examples/getdc/getdc.c b/source3/lib/netapi/examples/getdc/getdc.c
index cdd4d0b3b4..272ba1088e 100644
--- a/source3/lib/netapi/examples/getdc/getdc.c
+++ b/source3/lib/netapi/examples/getdc/getdc.c
@@ -29,7 +29,7 @@ int main(int argc, char **argv)
 {
 	NET_API_STATUS status;
 	struct libnetapi_ctx *ctx = NULL;
-	uint8_t *buffer;
+	uint8_t *buffer = NULL;
 
 	if (argc < 3) {
 		printf("usage: getdc <hostname> <domain>\n");
@@ -50,7 +50,7 @@ int main(int argc, char **argv)
 	} else {
 		printf("%s\n", (char *)buffer);
 	}
-
+	NetApiBufferFree(buffer);
 	libnetapi_free(ctx);
 
 	return status;
diff --git a/source3/lib/netapi/examples/getjoinableous/getjoinableous.c b/source3/lib/netapi/examples/getjoinableous/getjoinableous.c
new file mode 100644
index 0000000000..5a3366c9dc
--- /dev/null
+++ b/source3/lib/netapi/examples/getjoinableous/getjoinableous.c
@@ -0,0 +1,104 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  Join Support (cmdline + netapi)
+ *  Copyright (C) Guenther Deschner 2008
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <string.h>
+#include <stdio.h>
+
+#include <netapi.h>
+
+char *get_string_param(const char *param)
+{
+	char *p;
+
+	p = strchr(param, '=');
+	if (!p) {
+		return NULL;
+	}
+
+	return (p+1);
+}
+
+int main(int argc, char **argv)
+{
+	NET_API_STATUS status;
+	const char *server_name = NULL;
+	const char *domain_name = NULL;
+	const char *account = NULL;
+	const char *password = NULL;
+	const char **ous = NULL;
+	uint32_t num_ous = 0;
+	struct libnetapi_ctx *ctx = NULL;
+	int i;
+
+	status = libnetapi_init(&ctx);
+	if (status != 0) {
+		return status;
+	}
+
+	if (argc < 2) {
+		printf("usage: getjoinableous\n");
+		printf("\t<hostname> [domain=DOMAIN] <user=USER> <password=PASSWORD>\n");
+		return 0;
+	}
+
+	if (argc > 2) {
+		server_name = argv[1];
+	}
+
+	for (i=0; i<argc; i++) {
+		if (strncasecmp(argv[i], "domain", strlen("domain"))== 0) {
+			domain_name = get_string_param(argv[i]);
+		}
+		if (strncasecmp(argv[i], "user", strlen("user"))== 0) {
+			account = get_string_param(argv[i]);
+			libnetapi_set_username(ctx, account);
+		}
+		if (strncasecmp(argv[i], "password", strlen("password"))== 0) {
+			password = get_string_param(argv[i]);
+			libnetapi_set_password(ctx, password);
+		}
+		if (strncasecmp(argv[i], "debug", strlen("debug"))== 0) {
+			const char *str = NULL;
+			str = get_string_param(argv[i]);
+			libnetapi_set_debuglevel(ctx, str);
+		}
+	}
+
+	status = NetGetJoinableOUs(server_name,
+				   domain_name,
+				   account,
+				   password,
+				   &num_ous,
+				   &ous);
+	if (status != 0) {
+		printf("failed with: %s\n",
+			libnetapi_get_error_string(ctx, status));
+	} else {
+		printf("Successfully queried joinable ous:\n");
+		for (i=0; i<num_ous; i++) {
+			printf("ou: %s\n", ous[i]);
+		}
+	}
+
+	NetApiBufferFree(ous);
+
+	libnetapi_free(ctx);
+
+	return status;
+}
diff --git a/source3/lib/netapi/examples/netdomjoin-gui/netdomjoin-gui.c b/source3/lib/netapi/examples/netdomjoin-gui/netdomjoin-gui.c
index 9dc2a18138..73b14d4d87 100644
--- a/source3/lib/netapi/examples/netdomjoin-gui/netdomjoin-gui.c
+++ b/source3/lib/netapi/examples/netdomjoin-gui/netdomjoin-gui.c
@@ -24,6 +24,7 @@
 #include <stdlib.h>
 #include <unistd.h>
 #include <string.h>
+#include <netdb.h>
 
 #include <gtk/gtk.h>
 #include <glib/gprintf.h>
@@ -439,7 +440,7 @@ static void callback_do_join(GtkWidget *widget,
 					 state->password,
 					 unjoin_flags);
 		if (status != 0) {
-			err_str = libnetapi_errstr(status);
+			err_str = libnetapi_get_error_string(state->ctx, status);
 			g_print("callback_do_join: failed to unjoin (%s)\n",
 				err_str);
 
@@ -463,7 +464,7 @@ static void callback_do_join(GtkWidget *widget,
 			       state->password,
 			       join_flags);
 	if (status != 0) {
-		err_str = libnetapi_errstr(status);
+		err_str = libnetapi_get_error_string(state->ctx, status);
 		g_print("callback_do_join: failed to join (%s)\n", err_str);
 
 		dialog = gtk_message_dialog_new(GTK_WINDOW(state->window_parent),
@@ -1263,37 +1264,56 @@ static int initialize_join_state(struct join_state *state,
 	{
 		char my_hostname[HOST_NAME_MAX];
 		const char *p = NULL;
+		struct hostent *hp = NULL;
+
 		if (gethostname(my_hostname, sizeof(my_hostname)) == -1) {
 			return -1;
 		}
 
-		state->my_fqdn = strdup(my_hostname);
+		p = strchr(my_hostname, '.');
+		if (p) {
+			my_hostname[strlen(my_hostname)-strlen(p)] = '\0';
+		}
+		state->my_hostname = strdup(my_hostname);
+		if (!state->my_hostname) {
+			return -1;
+		}
+		debug("state->my_hostname: %s\n", state->my_hostname);
+
+		hp = gethostbyname(my_hostname);
+		if (!hp || !hp->h_name || !*hp->h_name) {
+			return -1;
+		}
+
+		state->my_fqdn = strdup(hp->h_name);
 		if (!state->my_fqdn) {
 			return -1;
 		}
+		debug("state->my_fqdn: %s\n", state->my_fqdn);
 
-		p = strchr(my_hostname, '.');
+		p = strchr(state->my_fqdn, '.');
 		if (p) {
-			my_hostname[strlen(my_hostname) - strlen(p)] = '\0';
-			state->my_hostname = strdup(my_hostname);
-			if (!state->my_hostname) {
-				return -1;
-			}
 			p++;
 			state->my_dnsdomain = strdup(p);
-			if (!state->my_dnsdomain) {
-				return -1;
-			}
+		} else {
+			state->my_dnsdomain = strdup("");
+		}
+		if (!state->my_dnsdomain) {
+			return -1;
 		}
+		debug("state->my_dnsdomain: %s\n", state->my_dnsdomain);
 	}
 
 	{
 		const char *buffer = NULL;
 		uint16_t type = 0;
 		status = NetGetJoinInformation(NULL, &buffer, &type);
-		if (status) {
+		if (status != 0) {
+			printf("NetGetJoinInformation failed with: %s\n",
+				libnetapi_get_error_string(state->ctx, status));
 			return status;
 		}
+		debug("NetGetJoinInformation gave: %s and %d\n", buffer, type);
 		state->name_buffer_initial = strdup(buffer);
 		if (!state->name_buffer_initial) {
 			return -1;
@@ -1307,7 +1327,9 @@ static int initialize_join_state(struct join_state *state,
 		uint8_t *buffer = NULL;
 
 		status = NetServerGetInfo(NULL, 1005, &buffer);
-		if (status) {
+		if (status != 0) {
+			printf("NetServerGetInfo failed with: %s\n",
+				libnetapi_get_error_string(state->ctx, status));
 			return status;
 		}
 
diff --git a/source3/lib/netapi/getdc.c b/source3/lib/netapi/getdc.c
index 85a0ae52ef..2626eb0af4 100644
--- a/source3/lib/netapi/getdc.c
+++ b/source3/lib/netapi/getdc.c
@@ -22,21 +22,8 @@
 #include "lib/netapi/netapi.h"
 #include "libnet/libnet.h"
 
-#if 0
-#include "librpc/gen_ndr/cli_netlogon.h"
-#endif
-
-NTSTATUS rpccli_netr_GetDcName(struct rpc_pipe_client *cli,
-			       TALLOC_CTX *mem_ctx,
-			       const char *logon_server,
-			       const char *domainname,
-			       const char **dcname);
-NTSTATUS rpccli_netr_GetAnyDCName(struct rpc_pipe_client *cli,
-				  TALLOC_CTX *mem_ctx,
-				  const char *logon_server,
-				  const char *domainname,
-				  const char **dcname,
-				  WERROR *werror);
+/********************************************************************
+********************************************************************/
 
 static WERROR NetGetDCNameLocal(struct libnetapi_ctx *ctx,
 				const char *server_name,
@@ -46,6 +33,9 @@ static WERROR NetGetDCNameLocal(struct libnetapi_ctx *ctx,
 	return WERR_NOT_SUPPORTED;
 }
 
+/********************************************************************
+********************************************************************/
+
 static WERROR NetGetDCNameRemote(struct libnetapi_ctx *ctx,
 				 const char *server_name,
 				 const char *domain_name,
@@ -76,17 +66,11 @@ static WERROR NetGetDCNameRemote(struct libnetapi_ctx *ctx,
 		goto done;
 	};
 
-#if 0
-	werr = rpccli_netr_GetDcName(pipe_cli, ctx,
-				     server_name,
-				     domain_name,
-				     (const char **)&buffer);
-#else
-	werr = rpccli_netlogon_getdcname(pipe_cli, ctx,
-					 server_name,
-					 domain_name,
-					 (char **)buffer);
-#endif
+	status = rpccli_netr_GetDcName(pipe_cli, ctx,
+				       server_name,
+				       domain_name,
+				       (const char **)buffer,
+				       &werr);
  done:
 	if (cli) {
 		cli_shutdown(cli);
@@ -95,6 +79,9 @@ static WERROR NetGetDCNameRemote(struct libnetapi_ctx *ctx,
 	return werr;
 }
 
+/********************************************************************
+********************************************************************/
+
 static WERROR libnetapi_NetGetDCName(struct libnetapi_ctx *ctx,
 				     const char *server_name,
 				     const char *domain_name,
@@ -113,6 +100,10 @@ static WERROR libnetapi_NetGetDCName(struct libnetapi_ctx *ctx,
 				  buffer);
 }
 
+/****************************************************************
+ NetGetDCName
+****************************************************************/
+
 NET_API_STATUS NetGetDCName(const char *server_name,
 			    const char *domain_name,
 			    uint8_t **buffer)
@@ -134,9 +125,12 @@ NET_API_STATUS NetGetDCName(const char *server_name,
 		return W_ERROR_V(werr);
 	}
 
-	return 0;
+	return NET_API_STATUS_SUCCESS;
 }
 
+/********************************************************************
+********************************************************************/
+
 static WERROR NetGetAnyDCNameLocal(struct libnetapi_ctx *ctx,
 				   const char *server_name,
 				   const char *domain_name,
@@ -145,6 +139,9 @@ static WERROR NetGetAnyDCNameLocal(struct libnetapi_ctx *ctx,
 	return WERR_NOT_SUPPORTED;
 }
 
+/********************************************************************
+********************************************************************/
+
 static WERROR NetGetAnyDCNameRemote(struct libnetapi_ctx *ctx,
 				    const char *server_name,
 				    const char *domain_name,
@@ -175,22 +172,14 @@ static WERROR NetGetAnyDCNameRemote(struct libnetapi_ctx *ctx,
 		goto done;
 	};
 
-#if 0
 	status = rpccli_netr_GetAnyDCName(pipe_cli, ctx,
 					  server_name,
 					  domain_name,
-					  (const char **)&buffer,
+					  (const char **)buffer,
 					  &werr);
 	if (!NT_STATUS_IS_OK(status)) {
-		werr = ntstatus_to_werror(status);
 		goto done;
 	}
-#else
-	werr = rpccli_netlogon_getanydcname(pipe_cli, ctx,
-					    server_name,
-					    domain_name,
-					    (char **)buffer);
-#endif
  done:
 	if (cli) {
 		cli_shutdown(cli);
@@ -200,6 +189,9 @@ static WERROR NetGetAnyDCNameRemote(struct libnetapi_ctx *ctx,
 
 }
 
+/********************************************************************
+********************************************************************/
+
 static WERROR libnetapi_NetGetAnyDCName(struct libnetapi_ctx *ctx,
 					const char *server_name,
 					const char *domain_name,
@@ -218,6 +210,10 @@ static WERROR libnetapi_NetGetAnyDCName(struct libnetapi_ctx *ctx,
 				     buffer);
 }
 
+/****************************************************************
+ NetGetAnyDCName
+****************************************************************/
+
 NET_API_STATUS NetGetAnyDCName(const char *server_name,
 			       const char *domain_name,
 			       uint8_t **buffer)
@@ -239,5 +235,5 @@ NET_API_STATUS NetGetAnyDCName(const char *server_name,
 		return W_ERROR_V(werr);
 	}
 
-	return 0;
+	return NET_API_STATUS_SUCCESS;
 }
diff --git a/source3/lib/netapi/joindomain.c b/source3/lib/netapi/joindomain.c
index b268e41a2a..405f96a87e 100644
--- a/source3/lib/netapi/joindomain.c
+++ b/source3/lib/netapi/joindomain.c
@@ -22,6 +22,9 @@
 #include "lib/netapi/netapi.h"
 #include "libnet/libnet.h"
 
+/****************************************************************
+****************************************************************/
+
 static WERROR NetJoinDomainLocal(struct libnetapi_ctx *mem_ctx,
 				 const char *server_name,
 				 const char *domain_name,
@@ -45,17 +48,19 @@ static WERROR NetJoinDomainLocal(struct libnetapi_ctx *mem_ctx,
 
 	if (join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) {
 		NTSTATUS status;
-		struct DS_DOMAIN_CONTROLLER_INFO *info = NULL;
+		struct netr_DsRGetDCNameInfo *info = NULL;
 		uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED |
 				 DS_WRITABLE_REQUIRED |
 				 DS_RETURN_DNS_NAME;
-		status = dsgetdcname(mem_ctx, NULL, domain_name,
+		status = dsgetdcname(mem_ctx, domain_name,
 				     NULL, NULL, flags, &info);
 		if (!NT_STATUS_IS_OK(status)) {
+			libnetapi_set_error_string(mem_ctx,
+				"%s", get_friendly_nt_error_msg(status));
 			return ntstatus_to_werror(status);
 		}
 		r->in.dc_name = talloc_strdup(mem_ctx,
-					      info->domain_controller_name);
+					      info->dc_unc);
 		W_ERROR_HAVE_NO_MEMORY(r->in.dc_name);
 	}
 
@@ -79,13 +84,16 @@ static WERROR NetJoinDomainLocal(struct libnetapi_ctx *mem_ctx,
 
 	werr = libnet_Join(mem_ctx, r);
 	if (!W_ERROR_IS_OK(werr) && r->out.error_string) {
-		libnetapi_set_error_string(mem_ctx, r->out.error_string);
+		libnetapi_set_error_string(mem_ctx, "%s", r->out.error_string);
 	}
 	TALLOC_FREE(r);
 
 	return werr;
 }
 
+/****************************************************************
+****************************************************************/
+
 static WERROR NetJoinDomainRemote(struct libnetapi_ctx *ctx,
 				  const char *server_name,
 				  const char *domain_name,
@@ -149,6 +157,9 @@ static WERROR NetJoinDomainRemote(struct libnetapi_ctx *ctx,
 	return werr;
 }
 
+/****************************************************************
+****************************************************************/
+
 static WERROR libnetapi_NetJoinDomain(struct libnetapi_ctx *ctx,
 				      const char *server_name,
 				      const char *domain_name,
@@ -181,6 +192,10 @@ static WERROR libnetapi_NetJoinDomain(struct libnetapi_ctx *ctx,
 				   join_flags);
 }
 
+/****************************************************************
+ NetJoinDomain
+****************************************************************/
+
 NET_API_STATUS NetJoinDomain(const char *server_name,
 			     const char *domain_name,
 			     const char *account_ou,
@@ -208,9 +223,12 @@ NET_API_STATUS NetJoinDomain(const char *server_name,
 		return W_ERROR_V(werr);
 	}
 
-	return 0;
+	return NET_API_STATUS_SUCCESS;
 }
 
+/****************************************************************
+****************************************************************/
+
 static WERROR NetUnjoinDomainLocal(struct libnetapi_ctx *mem_ctx,
 				   const char *server_name,
 				   const char *account,
@@ -232,10 +250,9 @@ static WERROR NetUnjoinDomainLocal(struct libnetapi_ctx *mem_ctx,
 		r->in.dc_name = talloc_strdup(mem_ctx, server_name);
 		W_ERROR_HAVE_NO_MEMORY(r->in.dc_name);
 	} else {
-
 		NTSTATUS status;
 		const char *domain = NULL;
-		struct DS_DOMAIN_CONTROLLER_INFO *info = NULL;
+		struct netr_DsRGetDCNameInfo *info = NULL;
 		uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED |
 				 DS_WRITABLE_REQUIRED |
 				 DS_RETURN_DNS_NAME;
@@ -244,13 +261,15 @@ static WERROR NetUnjoinDomainLocal(struct libnetapi_ctx *mem_ctx,
 		} else {
 			domain = lp_workgroup();
 		}
-		status = dsgetdcname(mem_ctx, NULL, domain,
+		status = dsgetdcname(mem_ctx, domain,
 				     NULL, NULL, flags, &info);
 		if (!NT_STATUS_IS_OK(status)) {
+			libnetapi_set_error_string(mem_ctx,
+				"%s", get_friendly_nt_error_msg(status));
 			return ntstatus_to_werror(status);
 		}
 		r->in.dc_name = talloc_strdup(mem_ctx,
-					      info->domain_controller_name);
+					      info->dc_unc);
 		W_ERROR_HAVE_NO_MEMORY(r->in.dc_name);
 	}
 
@@ -266,13 +285,22 @@ static WERROR NetUnjoinDomainLocal(struct libnetapi_ctx *mem_ctx,
 
 	r->in.unjoin_flags = unjoin_flags;
 	r->in.modify_config = true;
+	r->in.debug = true;
 
 	r->in.domain_sid = &domain_sid;
 
-	return libnet_Unjoin(mem_ctx, r);
+	werr = libnet_Unjoin(mem_ctx, r);
+	if (!W_ERROR_IS_OK(werr) && r->out.error_string) {
+		libnetapi_set_error_string(mem_ctx, "%s", r->out.error_string);
+	}
+	TALLOC_FREE(r);
 
+	return werr;
 }
 
+/****************************************************************
+****************************************************************/
+
 static WERROR NetUnjoinDomainRemote(struct libnetapi_ctx *ctx,
 				    const char *server_name,
 				    const char *account,
@@ -335,6 +363,9 @@ static WERROR NetUnjoinDomainRemote(struct libnetapi_ctx *ctx,
 	return werr;
 }
 
+/****************************************************************
+****************************************************************/
+
 static WERROR libnetapi_NetUnjoinDomain(struct libnetapi_ctx *ctx,
 					const char *server_name,
 					const char *account,
@@ -357,6 +388,10 @@ static WERROR libnetapi_NetUnjoinDomain(struct libnetapi_ctx *ctx,
 				     unjoin_flags);
 }
 
+/****************************************************************
+ NetUnjoinDomain
+****************************************************************/
+
 NET_API_STATUS NetUnjoinDomain(const char *server_name,
 			       const char *account,
 			       const char *password,
@@ -380,9 +415,12 @@ NET_API_STATUS NetUnjoinDomain(const char *server_name,
 		return W_ERROR_V(werr);
 	}
 
-	return 0;
+	return NET_API_STATUS_SUCCESS;
 }
 
+/****************************************************************
+****************************************************************/
+
 static WERROR NetGetJoinInformationRemote(struct libnetapi_ctx *ctx,
 					  const char *server_name,
 					  const char **name_buffer,
@@ -431,6 +469,9 @@ static WERROR NetGetJoinInformationRemote(struct libnetapi_ctx *ctx,
 	return werr;
 }
 
+/****************************************************************
+****************************************************************/
+
 static WERROR NetGetJoinInformationLocal(struct libnetapi_ctx *ctx,
 					 const char *server_name,
 					 const char **name_buffer,
@@ -478,6 +519,10 @@ static WERROR libnetapi_NetGetJoinInformation(struct libnetapi_ctx *ctx,
 					   name_type);
 }
 
+/****************************************************************
+ NetGetJoinInformation
+****************************************************************/
+
 NET_API_STATUS NetGetJoinInformation(const char *server_name,
 				     const char **name_buffer,
 				     uint16_t *name_type)
@@ -499,5 +544,201 @@ NET_API_STATUS NetGetJoinInformation(const char *server_name,
 		return W_ERROR_V(werr);
 	}
 
-	return 0;
+	return NET_API_STATUS_SUCCESS;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR NetGetJoinableOUsLocal(struct libnetapi_ctx *ctx,
+				     const char *server_name,
+				     const char *domain,
+				     const char *account,
+				     const char *password,
+				     uint32_t *ou_count,
+				     const char ***ous)
+{
+#ifdef WITH_ADS
+	NTSTATUS status;
+	ADS_STATUS ads_status;
+	ADS_STRUCT *ads = NULL;
+	struct netr_DsRGetDCNameInfo *info = NULL;
+	uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED |
+			 DS_RETURN_DNS_NAME;
+
+	status = dsgetdcname(ctx, domain,
+			     NULL, NULL, flags, &info);
+	if (!NT_STATUS_IS_OK(status)) {
+		libnetapi_set_error_string(ctx, "%s",
+			get_friendly_nt_error_msg(status));
+		return ntstatus_to_werror(status);
+	}
+
+	ads = ads_init(domain, domain, info->dc_unc);
+	if (!ads) {
+		return WERR_GENERAL_FAILURE;
+	}
+
+	SAFE_FREE(ads->auth.user_name);
+	if (account) {
+		ads->auth.user_name = SMB_STRDUP(account);
+	} else if (ctx->username) {
+		ads->auth.user_name = SMB_STRDUP(ctx->username);
+	}
+
+	SAFE_FREE(ads->auth.password);
+	if (password) {
+		ads->auth.password = SMB_STRDUP(password);
+	} else if (ctx->password) {
+		ads->auth.password = SMB_STRDUP(ctx->password);
+	}
+
+	ads_status = ads_connect(ads);
+	if (!ADS_ERR_OK(ads_status)) {
+		ads_destroy(&ads);
+		return WERR_DEFAULT_JOIN_REQUIRED;
+	}
+
+	ads_status = ads_get_joinable_ous(ads, ctx,
+					  (char ***)ous,
+					  (size_t *)ou_count);
+	if (!ADS_ERR_OK(ads_status)) {
+		ads_destroy(&ads);
+		return WERR_DEFAULT_JOIN_REQUIRED;
+	}
+
+	ads_destroy(&ads);
+	return WERR_OK;
+#else
+	return WERR_NOT_SUPPORTED;
+#endif
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR NetGetJoinableOUsRemote(struct libnetapi_ctx *ctx,
+				      const char *server_name,
+				      const char *domain,
+				      const char *account,
+				      const char *password,
+				      uint32_t *ou_count,
+				      const char ***ous)
+{
+	struct cli_state *cli = NULL;
+	struct rpc_pipe_client *pipe_cli = NULL;
+	struct wkssvc_PasswordBuffer *encrypted_password = NULL;
+	NTSTATUS status;
+	WERROR werr;
+
+	status = cli_full_connection(&cli, NULL, server_name,
+				     NULL, 0,
+				     "IPC$", "IPC",
+				     ctx->username,
+				     ctx->workgroup,
+				     ctx->password,
+				     0, Undefined, NULL);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		werr = ntstatus_to_werror(status);
+		goto done;
+	}
+
+	pipe_cli = cli_rpc_pipe_open_noauth(cli, PI_WKSSVC,
+					    &status);
+	if (!pipe_cli) {
+		werr = ntstatus_to_werror(status);
+		goto done;
+	}
+
+	if (password) {
+		encode_wkssvc_join_password_buffer(ctx,
+						   password,
+						   &cli->user_session_key,
+						   &encrypted_password);
+	}
+
+	status = rpccli_wkssvc_NetrGetJoinableOus2(pipe_cli, ctx,
+						   server_name,
+						   domain,
+						   account,
+						   encrypted_password,
+						   ou_count,
+						   ous,
+						   &werr);
+	if (!NT_STATUS_IS_OK(status)) {
+		werr = ntstatus_to_werror(status);
+		goto done;
+	}
+
+ done:
+	if (cli) {
+		cli_shutdown(cli);
+	}
+
+	return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR libnetapi_NetGetJoinableOUs(struct libnetapi_ctx *ctx,
+					  const char *server_name,
+					  const char *domain,
+					  const char *account,
+					  const char *password,
+					  uint32_t *ou_count,
+					  const char ***ous)
+{
+	if (!server_name || is_myname_or_ipaddr(server_name)) {
+		return NetGetJoinableOUsLocal(ctx,
+					      server_name,
+					      domain,
+					      account,
+					      password,
+					      ou_count,
+					      ous);
+	}
+
+	return NetGetJoinableOUsRemote(ctx,
+				       server_name,
+				       domain,
+				       account,
+				       password,
+				       ou_count,
+				       ous);
+}
+
+/****************************************************************
+ NetGetJoinableOUs
+****************************************************************/
+
+NET_API_STATUS NetGetJoinableOUs(const char *server_name,
+				 const char *domain,
+				 const char *account,
+				 const char *password,
+				 uint32_t *ou_count,
+				 const char ***ous)
+{
+	struct libnetapi_ctx *ctx = NULL;
+	NET_API_STATUS status;
+	WERROR werr;
+
+	status = libnetapi_getctx(&ctx);
+	if (status != 0) {
+		return status;
+	}
+
+	werr = libnetapi_NetGetJoinableOUs(ctx,
+					   server_name,
+					   domain,
+					   account,
+					   password,
+					   ou_count,
+					   ous);
+	if (!W_ERROR_IS_OK(werr)) {
+		return W_ERROR_V(werr);
+	}
+
+	return NET_API_STATUS_SUCCESS;
 }
diff --git a/source3/lib/netapi/netapi.c b/source3/lib/netapi/netapi.c
index ce00054e6e..fb091f6e0b 100644
--- a/source3/lib/netapi/netapi.c
+++ b/source3/lib/netapi/netapi.c
@@ -50,7 +50,9 @@ NET_API_STATUS libnetapi_init(struct libnetapi_ctx **context)
 		return W_ERROR_V(WERR_NOMEM);
 	}
 
-	DEBUGLEVEL = 0;
+	if (!DEBUGLEVEL) {
+		DEBUGLEVEL = 0;
+	}
 	setup_logging("libnetapi", true);
 
 	dbf = x_stderr;
@@ -119,7 +121,6 @@ NET_API_STATUS libnetapi_free(struct libnetapi_ctx *ctx)
 
 	gencache_shutdown();
 	secrets_shutdown();
-	regdb_close();
 
 	TALLOC_FREE(ctx);
 	TALLOC_FREE(frame);
@@ -205,15 +206,20 @@ const char *libnetapi_errstr(NET_API_STATUS status)
 ****************************************************************/
 
 NET_API_STATUS libnetapi_set_error_string(struct libnetapi_ctx *ctx,
-					  const char *error_string)
+					  const char *format, ...)
 {
+	va_list args;
+
 	TALLOC_FREE(ctx->error_string);
-	ctx->error_string = talloc_strdup(ctx, error_string);
+
+	va_start(args, format);
+	ctx->error_string = talloc_vasprintf(ctx, format, args);
+	va_end(args);
+
 	if (!ctx->error_string) {
 		return W_ERROR_V(WERR_NOMEM);
 	}
 	return NET_API_STATUS_SUCCESS;
-
 }
 
 /****************************************************************
diff --git a/source3/lib/netapi/netapi.h b/source3/lib/netapi/netapi.h
index 274a167d53..002fc37762 100644
--- a/source3/lib/netapi/netapi.h
+++ b/source3/lib/netapi/netapi.h
@@ -36,6 +36,11 @@
 /****************************************************************
 ****************************************************************/
 
+#define LIBNETAPI_LOCAL_SERVER(x) (!x || is_myname_or_ipaddr(x))
+
+/****************************************************************
+****************************************************************/
+
 struct libnetapi_ctx {
 	char *debuglevel;
 	char *error_string;
@@ -57,46 +62,84 @@ NET_API_STATUS libnetapi_set_username(struct libnetapi_ctx *ctx, const char *use
 NET_API_STATUS libnetapi_set_password(struct libnetapi_ctx *ctx, const char *password);
 NET_API_STATUS libnetapi_set_workgroup(struct libnetapi_ctx *ctx, const char *workgroup);
 const char *libnetapi_errstr(NET_API_STATUS status);
-NET_API_STATUS libnetapi_set_error_string(struct libnetapi_ctx *ctx, const char *error_string);
+NET_API_STATUS libnetapi_set_error_string(struct libnetapi_ctx *ctx, const char *format, ...);
 const char *libnetapi_get_error_string(struct libnetapi_ctx *ctx, NET_API_STATUS status);
 
 
 /****************************************************************
+ NetApiBufferFree
 ****************************************************************/
 
 NET_API_STATUS NetApiBufferFree(void *buffer);
 
 /****************************************************************
+ NetJoinDomain
 ****************************************************************/
 
-/* wkssvc */
 NET_API_STATUS NetJoinDomain(const char *server,
 			     const char *domain,
 			     const char *account_ou,
 			     const char *account,
 			     const char *password,
 			     uint32_t join_options);
+
+/****************************************************************
+ NetUnjoinDomain
+****************************************************************/
+
 NET_API_STATUS NetUnjoinDomain(const char *server_name,
 			       const char *account,
 			       const char *password,
 			       uint32_t unjoin_flags);
+
+/****************************************************************
+ NetGetJoinInformation
+****************************************************************/
+
 NET_API_STATUS NetGetJoinInformation(const char *server_name,
 				     const char **name_buffer,
 				     uint16_t *name_type);
 
-/* srvsvc */
+/****************************************************************
+ NetGetJoinableOUs
+****************************************************************/
+
+NET_API_STATUS NetGetJoinableOUs(const char *server_name,
+				 const char *domain,
+				 const char *account,
+				 const char *password,
+				 uint32_t *ou_count,
+				 const char ***ous);
+
+/****************************************************************
+ NetServerGetInfo
+****************************************************************/
+
 NET_API_STATUS NetServerGetInfo(const char *server_name,
 				uint32_t level,
 				uint8_t **buffer);
+
+/****************************************************************
+ NetServerSetInfo
+****************************************************************/
+
 NET_API_STATUS NetServerSetInfo(const char *server_name,
 				uint32_t level,
 				uint8_t *buffer,
 				uint32_t *parm_error);
 
-/* netlogon */
+/****************************************************************
+ NetGetDCName
+****************************************************************/
+
 NET_API_STATUS NetGetDCName(const char *server_name,
 			    const char *domain_name,
 			    uint8_t **buffer);
+
+/****************************************************************
+ NetGetAnyDCName
+****************************************************************/
+
 NET_API_STATUS NetGetAnyDCName(const char *server_name,
 			       const char *domain_name,
 			       uint8_t **buffer);
diff --git a/source3/lib/netapi/serverinfo.c b/source3/lib/netapi/serverinfo.c
index 67680ba55a..7fa166e411 100644
--- a/source3/lib/netapi/serverinfo.c
+++ b/source3/lib/netapi/serverinfo.c
@@ -22,6 +22,9 @@
 #include "lib/netapi/netapi.h"
 #include "libnet/libnet.h"
 
+/****************************************************************
+****************************************************************/
+
 static WERROR NetServerGetInfoLocal_1005(struct libnetapi_ctx *ctx,
 					 uint8_t **buffer)
 {
@@ -36,6 +39,9 @@ static WERROR NetServerGetInfoLocal_1005(struct libnetapi_ctx *ctx,
 	return WERR_OK;
 }
 
+/****************************************************************
+****************************************************************/
+
 static WERROR NetServerGetInfoLocal(struct libnetapi_ctx *ctx,
 				    const char *server_name,
 				    uint32_t level,
@@ -51,6 +57,9 @@ static WERROR NetServerGetInfoLocal(struct libnetapi_ctx *ctx,
 	return WERR_UNKNOWN_LEVEL;
 }
 
+/****************************************************************
+****************************************************************/
+
 static WERROR NetServerGetInfoRemote(struct libnetapi_ctx *ctx,
 				     const char *server_name,
 				     uint32_t level,
@@ -102,6 +111,9 @@ static WERROR NetServerGetInfoRemote(struct libnetapi_ctx *ctx,
 	return werr;
 }
 
+/****************************************************************
+****************************************************************/
+
 static WERROR libnetapi_NetServerGetInfo(struct libnetapi_ctx *ctx,
 					 const char *server_name,
 					 uint32_t level,
@@ -121,6 +133,10 @@ static WERROR libnetapi_NetServerGetInfo(struct libnetapi_ctx *ctx,
 
 }
 
+/****************************************************************
+ NetServerGetInfo
+****************************************************************/
+
 NET_API_STATUS NetServerGetInfo(const char *server_name,
 				uint32_t level,
 				uint8_t **buffer)
@@ -142,17 +158,18 @@ NET_API_STATUS NetServerGetInfo(const char *server_name,
 		return W_ERROR_V(werr);
 	}
 
-	return 0;
+	return NET_API_STATUS_SUCCESS;
 }
 
+/****************************************************************
+****************************************************************/
+
 static WERROR NetServerSetInfoLocal_1005(struct libnetapi_ctx *ctx,
 					 uint8_t *buffer,
 					 uint32_t *parm_error)
 {
 	WERROR werr;
 	struct libnet_conf_ctx *conf_ctx;
-	TALLOC_CTX *mem_ctx;
-
 	struct srvsvc_NetSrvInfo1005 *info1005;
 
 	if (!buffer) {
@@ -167,12 +184,11 @@ static WERROR NetServerSetInfoLocal_1005(struct libnetapi_ctx *ctx,
 		return WERR_INVALID_PARAM;
 	}
 
-	if (!lp_include_registry_globals()) {
+	if (!lp_config_backend_is_registry()) {
 		return WERR_NOT_SUPPORTED;
 	}
 
-	mem_ctx = talloc_stackframe();
-	werr = libnet_conf_open(mem_ctx, &conf_ctx);
+	werr = libnet_conf_open(ctx, &conf_ctx);
 	if (!W_ERROR_IS_OK(werr)) {
 		goto done;
 	}
@@ -181,12 +197,14 @@ static WERROR NetServerSetInfoLocal_1005(struct libnetapi_ctx *ctx,
 						"server string",
 						info1005->comment);
 
-done:
+ done:
 	libnet_conf_close(conf_ctx);
-	TALLOC_FREE(mem_ctx);
 	return werr;
 }
 
+/****************************************************************
+****************************************************************/
+
 static WERROR NetServerSetInfoLocal(struct libnetapi_ctx *ctx,
 				    const char *server_name,
 				    uint32_t level,
@@ -203,6 +221,9 @@ static WERROR NetServerSetInfoLocal(struct libnetapi_ctx *ctx,
 	return WERR_UNKNOWN_LEVEL;
 }
 
+/****************************************************************
+****************************************************************/
+
 static WERROR NetServerSetInfoRemote(struct libnetapi_ctx *ctx,
 				     const char *server_name,
 				     uint32_t level,
@@ -263,6 +284,9 @@ static WERROR NetServerSetInfoRemote(struct libnetapi_ctx *ctx,
 	return werr;
 }
 
+/****************************************************************
+****************************************************************/
+
 static WERROR libnetapi_NetServerSetInfo(struct libnetapi_ctx *ctx,
 					 const char *server_name,
 					 uint32_t level,
@@ -284,6 +308,9 @@ static WERROR libnetapi_NetServerSetInfo(struct libnetapi_ctx *ctx,
 				      parm_error);
 }
 
+/****************************************************************
+ NetServerSetInfo
+****************************************************************/
 
 NET_API_STATUS NetServerSetInfo(const char *server_name,
 				uint32_t level,
@@ -308,5 +335,5 @@ NET_API_STATUS NetServerSetInfo(const char *server_name,
 		return W_ERROR_V(werr);
 	}
 
-	return 0;
+	return NET_API_STATUS_SUCCESS;
 }
diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c
index 5a9d39d181..7f7d23fa00 100644
--- a/source3/lib/popt_common.c
+++ b/source3/lib/popt_common.c
@@ -71,10 +71,19 @@ static void popt_common_callback(poptContext con,
 	}
 
 	if (reason == POPT_CALLBACK_REASON_POST) {
-		if (!PrintSambaVersionString) return;
 
-		printf( "Version %s\n", SAMBA_VERSION_STRING);
-		exit(0);
+		if (PrintSambaVersionString) {
+			printf( "Version %s\n", SAMBA_VERSION_STRING);
+			exit(0);
+		}
+
+		if (is_default_dyn_CONFIGFILE()) {
+			if(getenv("SMB_CONF_PATH")) {
+				set_dyn_CONFIGFILE(getenv("SMB_CONF_PATH"));
+			}
+		}
+
+		/* Further 'every Samba program must do this' hooks here. */
 		return;
 	}
 
diff --git a/source3/lib/privileges_basic.c b/source3/lib/privileges_basic.c
index ea566c71eb..865c1f655c 100644
--- a/source3/lib/privileges_basic.c
+++ b/source3/lib/privileges_basic.c
@@ -317,6 +317,10 @@ const char* get_privilege_dispname( const char *name )
 {
 	int i;
 
+	if (!name) {
+		return NULL;
+	}
+
 	for ( i=0; !se_priv_equal(&privs[i].se_priv, &se_priv_end); i++ ) {
 	
 		if ( strequal( privs[i].name, name ) ) {
@@ -469,7 +473,7 @@ bool se_priv_to_privilege_set( PRIVILEGE_SET *set, SE_PRIV *mask )
 /*******************************************************************
 *******************************************************************/
 
-static bool luid_to_se_priv( LUID *luid, SE_PRIV *mask )
+static bool luid_to_se_priv( struct lsa_LUID *luid, SE_PRIV *mask )
 {
 	int i;
 	uint32 num_privs = count_all_privileges();
@@ -487,7 +491,7 @@ static bool luid_to_se_priv( LUID *luid, SE_PRIV *mask )
 /*******************************************************************
 *******************************************************************/
 
-bool privilege_set_to_se_priv( SE_PRIV *mask, PRIVILEGE_SET *privset )
+bool privilege_set_to_se_priv( SE_PRIV *mask, struct lsa_PrivilegeSet *privset )
 {
 	int i;
 	
diff --git a/source3/lib/repdir.c b/source3/lib/repdir.c
deleted file mode 100644
index 08f7d16a81..0000000000
--- a/source3/lib/repdir.c
+++ /dev/null
@@ -1,217 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-
-   Copyright (C) Andrew Tridgell 2005
-   Updated for Samba3 64-bit cleanliness (C) Jeremy Allison 2006
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
-  a replacement for opendir/readdir/telldir/seekdir/closedir for BSD systems
-
-  This is needed because the existing directory handling in FreeBSD
-  and OpenBSD (and possibly NetBSD) doesn't correctly handle unlink()
-  on files in a directory where telldir() has been used. On a block
-  boundary it will occasionally miss a file when seekdir() is used to
-  return to a position previously recorded with telldir().
-
-  This also fixes a severe performance and memory usage problem with
-  telldir() on BSD systems. Each call to telldir() in BSD adds an
-  entry to a linked list, and those entries are cleaned up on
-  closedir(). This means with a large directory closedir() can take an
-  arbitrary amount of time, causing network timeouts as millions of
-  telldir() entries are freed
-
-  Note! This replacement code is not portable. It relies on getdents()
-  always leaving the file descriptor at a seek offset that is a
-  multiple of DIR_BUF_SIZE. If the code detects that this doesn't
-  happen then it will abort(). It also does not handle directories
-  with offsets larger than can be stored in a long,
-
-  This code is available under other free software licenses as
-  well. Contact the author.
-*/
-
-#include <include/includes.h>
-
- void replace_readdir_dummy(void);
- void replace_readdir_dummy(void) {}
-
-#if defined(REPLACE_READDIR)
-
-#if defined(PARANOID_MALLOC_CHECKER)
-#ifdef malloc
-#undef malloc
-#endif
-#endif
-
-#define DIR_BUF_BITS 9
-#define DIR_BUF_SIZE (1<<DIR_BUF_BITS)
-
-struct dir_buf {
-	int fd;
-	int nbytes, ofs;
-	SMB_OFF_T seekpos;
-	char buf[DIR_BUF_SIZE];
-};
-
-#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_OPENDIR64)
- SMB_STRUCT_DIR *opendir64(const char *dname)
-#else
- SMB_STRUCT_DIR *opendir(const char *dname)
-#endif
-{
-	struct dir_buf *d;
-	d = malloc(sizeof(*d));
-	if (d == NULL) {
-		errno = ENOMEM;
-		return NULL;
-	}
-#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_OPEN64)
-	d->fd = open64(dname, O_RDONLY);
-#else
-	d->fd = open(dname, O_RDONLY);
-#endif
-
-	if (d->fd == -1) {
-		free(d);
-		return NULL;
-	}
-	d->ofs = 0;
-	d->seekpos = 0;
-	d->nbytes = 0;
-	return (SMB_STRUCT_DIR *)d;
-}
-
-#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_READDIR64)
- SMB_STRUCT_DIRENT *readdir64(SMB_STRUCT_DIR *dir)
-#else
- SMB_STRUCT_DIRENT *readdir(SMB_STRUCT_DIR *dir)
-#endif
-{
-	struct dir_buf *d = (struct dir_buf *)dir;
-	SMB_STRUCT_DIRENT *de;
-
-	if (d->ofs >= d->nbytes) {
-#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_LSEEK64)
-		d->seekpos = lseek64(d->fd, 0, SEEK_CUR);
-#else
-		d->seekpos = lseek(d->fd, 0, SEEK_CUR);
-#endif
-
-#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_GETDENTS64)
-		d->nbytes = getdents64(d->fd, d->buf, DIR_BUF_SIZE);
-#else
-		d->nbytes = getdents(d->fd, d->buf, DIR_BUF_SIZE);
-#endif
-		d->ofs = 0;
-	}
-	if (d->ofs >= d->nbytes) {
-		return NULL;
-	}
-	de = (SMB_STRUCT_DIRENT *)&d->buf[d->ofs];
-	d->ofs += de->d_reclen;
-	return de;
-}
-
-#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_TELLDIR64)
- long telldir64(SMB_STRUCT_DIR *dir)
-#else
- long telldir(SMB_STRUCT_DIR *dir)
-#endif
-{
-	struct dir_buf *d = (struct dir_buf *)dir;
-	if (d->ofs >= d->nbytes) {
-#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_LSEEK64)
-		d->seekpos = lseek64(d->fd, 0, SEEK_CUR);
-#else
-		d->seekpos = lseek(d->fd, 0, SEEK_CUR);
-#endif
-		d->ofs = 0;
-		d->nbytes = 0;
-	}
-	/* this relies on seekpos always being a multiple of
-	   DIR_BUF_SIZE. Is that always true on BSD systems? */
-	if (d->seekpos & (DIR_BUF_SIZE-1)) {
-		abort();
-	}
-	return d->seekpos + d->ofs;
-}
-
-#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_SEEKDIR64)
- void seekdir64(SMB_STRUCT_DIR *dir, long ofs)
-#else
- void seekdir(SMB_STRUCT_DIR *dir, long ofs)
-#endif
-{
-	struct dir_buf *d = (struct dir_buf *)dir;
-#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_LSEEK64)
-	d->seekpos = lseek64(d->fd, ofs & ~(DIR_BUF_SIZE-1), SEEK_SET);
-#else
-	d->seekpos = lseek(d->fd, ofs & ~(DIR_BUF_SIZE-1), SEEK_SET);
-#endif
-
-#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_GETDENTS64)
-	d->nbytes = getdents64(d->fd, d->buf, DIR_BUF_SIZE);
-#else
-	d->nbytes = getdents(d->fd, d->buf, DIR_BUF_SIZE);
-#endif
-
-	d->ofs = 0;
-	while (d->ofs < (ofs & (DIR_BUF_SIZE-1))) {
-#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_READDIR64)
-		if (readdir64(dir) == NULL) break;
-#else
-		if (readdir(dir) == NULL) break;
-#endif
-	}
-}
-
-#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_REWINDDIR64)
- void rewinddir64(SMB_STRUCT_DIR *dir)
-#else
- void rewinddir(SMB_STRUCT_DIR *dir)
-#endif
-{
-#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_SEEKDIR64)
-	seekdir64(dir, 0);
-#else
-	seekdir(dir, 0);
-#endif
-}
-
-#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_CLOSEDIR64)
- int closedir64(SMB_STRUCT_DIR *dir)
-#else
- int closedir(SMB_STRUCT_DIR *dir)
-#endif
-{
-	struct dir_buf *d = (struct dir_buf *)dir;
-	int r = close(d->fd);
-	if (r != 0) {
-		return r;
-	}
-	free(d);
-	return 0;
-}
-
-#ifndef dirfd
-/* darn, this is a macro on some systems. */
- int dirfd(SMB_STRUCT_DIR *dir)
-{
-	struct dir_buf *d = (struct dir_buf *)dir;
-	return d->fd;
-}
-#endif
-#endif /* REPLACE_READDIR */
diff --git a/source3/lib/replace/Makefile.in b/source3/lib/replace/Makefile.in
index 30f39ac6cb..c989835a8d 100644
--- a/source3/lib/replace/Makefile.in
+++ b/source3/lib/replace/Makefile.in
@@ -10,6 +10,7 @@ VPATH = @libreplacedir@
 srcdir = @srcdir@
 builddir = @builddir@
 INSTALL = @INSTALL@
+LIBS = @LIBS@
 
 .PHONY: test all showflags install installcheck clean distclean realdistclean
 
@@ -25,6 +26,7 @@ showflags:
 	@echo '  CC     = $(CC)'
 	@echo '  CFLAGS = $(CFLAGS)'
 	@echo '  LDFLAGS= $(LDFLAGS)'
+	@echo '  LIBS   = $(LIBS)'
 
 install: all
 	mkdir -p $(libdir)
@@ -38,10 +40,10 @@ test: all
 
 installcheck: install test
 
-TEST_OBJS = test/testsuite.o test/os2_delete.o test/strptime.o
+TEST_OBJS = test/testsuite.o test/os2_delete.o test/strptime.o test/getifaddrs.o
 
 testsuite: libreplace.a $(TEST_OBJS)
-	$(CC) -o testsuite $(TEST_OBJS) -L. -lreplace $(LDFLAGS)
+	$(CC) -o testsuite $(TEST_OBJS) -L. -lreplace $(LDFLAGS) $(LIBS)
 
 .c.o:
 	@echo Compiling $*.c
diff --git a/source3/lib/replace/README b/source3/lib/replace/README
index c61f78a951..268a1b15cf 100644
--- a/source3/lib/replace/README
+++ b/source3/lib/replace/README
@@ -60,6 +60,8 @@ getaddrinfo
 freeaddrinfo
 getnameinfo
 gai_strerror
+getifaddrs
+freeifaddrs
 
 Types:
 bool
diff --git a/source3/lib/replace/configure.ac b/source3/lib/replace/configure.ac
index beeb77e152..f5e054f476 100644
--- a/source3/lib/replace/configure.ac
+++ b/source3/lib/replace/configure.ac
@@ -3,6 +3,8 @@ AC_INIT(replace.c)
 AC_CONFIG_SRCDIR([replace.c])
 AC_CONFIG_HEADER(config.h)
 
+CFLAGS="$CFLAGS -I$srcdir"
+
 AC_LIBREPLACE_ALL_CHECKS
 
 if test "$ac_cv_prog_gcc" = yes; then
diff --git a/source3/lib/replace/dlfcn.c b/source3/lib/replace/dlfcn.c
index 42848848e8..3b109d7e40 100644
--- a/source3/lib/replace/dlfcn.c
+++ b/source3/lib/replace/dlfcn.c
@@ -35,6 +35,8 @@ void *rep_dlopen(const char *name, int flags)
 #endif
 {
 #ifdef HAVE_SHL_LOAD
+	if (name == NULL)
+		return PROG_HANDLE;
 	return (void *)shl_load(name, flags, 0);
 #else
 	return NULL;
diff --git a/source3/lib/replace/getifaddrs.c b/source3/lib/replace/getifaddrs.c
new file mode 100644
index 0000000000..f6f0ec080c
--- /dev/null
+++ b/source3/lib/replace/getifaddrs.c
@@ -0,0 +1,361 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Samba utility functions
+   Copyright (C) Andrew Tridgell 1998
+   Copyright (C) Jeremy Allison 2007
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#define SOCKET_WRAPPER_NOT_REPLACE
+
+#include "replace.h"
+#include "system/network.h"
+
+#include <unistd.h>
+#include <stdio.h>
+#include <sys/types.h>
+
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+
+#ifndef SIOCGIFCONF
+#ifdef HAVE_SYS_SOCKIO_H
+#include <sys/sockio.h>
+#endif
+#endif
+
+#ifdef HAVE_IFACE_GETIFADDRS
+#define _FOUND_IFACE_ANY
+#else
+
+void rep_freeifaddrs(struct ifaddrs *ifp)
+{
+	if (ifp != NULL) {
+		free(ifp->ifa_name);
+		free(ifp->ifa_addr);
+		free(ifp->ifa_netmask);
+		free(ifp->ifa_dstaddr);
+		freeifaddrs(ifp->ifa_next);
+		free(ifp);
+	}
+}
+
+static struct sockaddr *sockaddr_dup(struct sockaddr *sa)
+{
+	struct sockaddr *ret;
+	socklen_t socklen;
+#ifdef HAVE_SOCKADDR_SA_LEN
+	socklen = sa->sa_len;
+#else
+	socklen = sizeof(struct sockaddr_storage);
+#endif
+	ret = calloc(1, socklen);
+	if (ret == NULL)
+		return NULL;
+	memcpy(ret, sa, socklen);
+	return ret;
+}
+#endif
+
+#if HAVE_IFACE_IFCONF
+
+/* this works for Linux 2.2, Solaris 2.5, SunOS4, HPUX 10.20, OSF1
+   V4.0, Ultrix 4.4, SCO Unix 3.2, IRIX 6.4 and FreeBSD 3.2.
+
+   It probably also works on any BSD style system.  */
+
+int rep_getifaddrs(struct ifaddrs **ifap)
+{
+	struct ifconf ifc;
+	char buff[8192];
+	int fd, i, n;
+	struct ifreq *ifr=NULL;
+	struct in_addr ipaddr;
+	struct in_addr nmask;
+	char *iname;
+	struct ifaddrs *curif;
+	struct ifaddrs *lastif = NULL;
+
+	*ifap = NULL;
+
+	if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
+		return -1;
+	}
+  
+	ifc.ifc_len = sizeof(buff);
+	ifc.ifc_buf = buff;
+
+	if (ioctl(fd, SIOCGIFCONF, &ifc) != 0) {
+		close(fd);
+		return -1;
+	} 
+
+	ifr = ifc.ifc_req;
+  
+	n = ifc.ifc_len / sizeof(struct ifreq);
+
+	/* Loop through interfaces, looking for given IP address */
+	for (i=n-1; i>=0; i--) {
+		if (ioctl(fd, SIOCGIFFLAGS, &ifr[i]) == -1) {
+			freeifaddrs(*ifap);
+			return -1;
+		}
+
+		curif = calloc(1, sizeof(struct ifaddrs));
+		curif->ifa_name = strdup(ifr[i].ifr_name);
+		curif->ifa_flags = ifr[i].ifr_flags;
+		curif->ifa_dstaddr = NULL;
+		curif->ifa_data = NULL;
+		curif->ifa_next = NULL;
+
+		curif->ifa_addr = NULL;
+		if (ioctl(fd, SIOCGIFADDR, &ifr[i]) != -1) {
+			curif->ifa_addr = sockaddr_dup(&ifr[i].ifr_addr);
+		}
+
+		curif->ifa_netmask = NULL;
+		if (ioctl(fd, SIOCGIFNETMASK, &ifr[i]) != -1) {
+			curif->ifa_netmask = sockaddr_dup(&ifr[i].ifr_addr);
+		}
+
+		if (lastif == NULL) {
+			*ifap = curif;
+		} else {
+			lastif->ifa_next = curif;
+		}
+		lastif = curif;
+	}
+
+	close(fd);
+
+	return 0;
+}  
+
+#define _FOUND_IFACE_ANY
+#endif /* HAVE_IFACE_IFCONF */
+#ifdef HAVE_IFACE_IFREQ
+
+#ifndef I_STR
+#include <sys/stropts.h>
+#endif
+
+/****************************************************************************
+this should cover most of the streams based systems
+Thanks to Andrej.Borsenkow@mow.siemens.ru for several ideas in this code
+****************************************************************************/
+int rep_getifaddrs(struct ifaddrs **ifap)
+{
+	struct ifreq ifreq;
+	struct strioctl strioctl;
+	char buff[8192];
+	int fd, i, n;
+	struct ifreq *ifr=NULL;
+	struct in_addr ipaddr;
+	struct in_addr nmask;
+	char *iname;
+	struct ifaddrs *curif;
+	struct ifaddrs *lastif = NULL;
+
+	*ifap = NULL;
+
+	if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
+		return -1;
+	}
+  
+	strioctl.ic_cmd = SIOCGIFCONF;
+	strioctl.ic_dp  = buff;
+	strioctl.ic_len = sizeof(buff);
+	if (ioctl(fd, I_STR, &strioctl) < 0) {
+		close(fd);
+		return -1;
+	} 
+
+	/* we can ignore the possible sizeof(int) here as the resulting
+	   number of interface structures won't change */
+	n = strioctl.ic_len / sizeof(struct ifreq);
+
+	/* we will assume that the kernel returns the length as an int
+           at the start of the buffer if the offered size is a
+           multiple of the structure size plus an int */
+	if (n*sizeof(struct ifreq) + sizeof(int) == strioctl.ic_len) {
+		ifr = (struct ifreq *)(buff + sizeof(int));  
+	} else {
+		ifr = (struct ifreq *)buff;  
+	}
+
+	/* Loop through interfaces */
+
+	for (i = 0; i<n; i++) {
+		ifreq = ifr[i];
+  
+		curif = calloc(1, sizeof(struct ifaddrs));
+		if (lastif == NULL) {
+			*ifap = curif;
+		} else {
+			lastif->ifa_next = curif;
+		}
+
+		strioctl.ic_cmd = SIOCGIFFLAGS;
+		strioctl.ic_dp  = (char *)&ifreq;
+		strioctl.ic_len = sizeof(struct ifreq);
+		if (ioctl(fd, I_STR, &strioctl) != 0) {
+			freeifaddrs(*ifap);
+			return -1;
+		}
+
+		curif->ifa_flags = ifreq.ifr_flags;
+		
+		strioctl.ic_cmd = SIOCGIFADDR;
+		strioctl.ic_dp  = (char *)&ifreq;
+		strioctl.ic_len = sizeof(struct ifreq);
+		if (ioctl(fd, I_STR, &strioctl) != 0) {
+			freeifaddrs(*ifap);
+			return -1;
+		}
+
+		curif->ifa_name = strdup(ifreq.ifr_name);
+		curif->ifa_addr = sockaddr_dup(&ifreq.ifr_addr);
+		curif->ifa_dstaddr = NULL;
+		curif->ifa_data = NULL;
+		curif->ifa_next = NULL;
+		curif->ifa_netmask = NULL;
+
+		strioctl.ic_cmd = SIOCGIFNETMASK;
+		strioctl.ic_dp  = (char *)&ifreq;
+		strioctl.ic_len = sizeof(struct ifreq);
+		if (ioctl(fd, I_STR, &strioctl) != 0) {
+			freeifaddrs(*ifap);
+			return -1;
+		}
+
+		curif->ifa_netmask = sockaddr_dup(&ifreq.ifr_addr);
+
+		lastif = curif;
+	}
+
+	close(fd);
+
+	return 0;
+}
+
+#define _FOUND_IFACE_ANY
+#endif /* HAVE_IFACE_IFREQ */
+#ifdef HAVE_IFACE_AIX
+
+/****************************************************************************
+this one is for AIX (tested on 4.2)
+****************************************************************************/
+int rep_getifaddrs(struct ifaddrs **ifap)
+{
+	char buff[8192];
+	int fd, i;
+	struct ifconf ifc;
+	struct ifreq *ifr=NULL;
+	struct in_addr ipaddr;
+	struct in_addr nmask;
+	char *iname;
+	struct ifaddrs *curif;
+	struct ifaddrs *lastif = NULL;
+
+	*ifap = NULL;
+
+	if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
+		return -1;
+	}
+
+	ifc.ifc_len = sizeof(buff);
+	ifc.ifc_buf = buff;
+
+	if (ioctl(fd, SIOCGIFCONF, &ifc) != 0) {
+		close(fd);
+		return -1;
+	}
+
+	ifr = ifc.ifc_req;
+
+	/* Loop through interfaces */
+	i = ifc.ifc_len;
+
+	while (i > 0) {
+		uint_t inc;
+
+		inc = ifr->ifr_addr.sa_len;
+
+		if (ioctl(fd, SIOCGIFADDR, ifr) != 0) {
+			freeaddrinfo(*ifap);
+			return -1;
+		}
+
+		curif = calloc(1, sizeof(struct ifaddrs));
+		if (lastif == NULL) {
+			*ifap = curif;
+		} else {
+			lastif->ifa_next = curif;
+		}
+
+		curif->ifa_name = strdup(ifr->ifr_name);
+		curif->ifa_addr = sockaddr_dup(&ifr->ifr_addr);
+		curif->ifa_dstaddr = NULL;
+		curif->ifa_data = NULL;
+		curif->ifa_netmask = NULL;
+		curif->ifa_next = NULL;
+
+		if (ioctl(fd, SIOCGIFFLAGS, ifr) != 0) {
+			freeaddrinfo(*ifap);
+			return -1;
+		}
+
+		curif->ifa_flags = ifr->ifr_flags;
+
+		if (ioctl(fd, SIOCGIFNETMASK, ifr) != 0) {
+			freeaddrinfo(*ifap);
+			return -1;
+		}
+
+		curif->ifa_netmask = sockaddr_dup(&ifr->ifr_addr);
+
+		lastif = curif;
+
+	next:
+		/*
+		 * Patch from Archie Cobbs (archie@whistle.com).  The
+		 * addresses in the SIOCGIFCONF interface list have a
+		 * minimum size. Usually this doesn't matter, but if
+		 * your machine has tunnel interfaces, etc. that have
+		 * a zero length "link address", this does matter.  */
+
+		if (inc < sizeof(ifr->ifr_addr))
+			inc = sizeof(ifr->ifr_addr);
+		inc += IFNAMSIZ;
+
+		ifr = (struct ifreq*) (((char*) ifr) + inc);
+		i -= inc;
+	}
+
+	close(fd);
+	return 0;
+}
+
+#define _FOUND_IFACE_ANY
+#endif /* HAVE_IFACE_AIX */
+#ifndef _FOUND_IFACE_ANY
+int rep_getifaddrs(struct ifaddrs **ifap)
+{
+	errno = ENOSYS;
+	return -1;
+}
+#endif
diff --git a/source3/lib/replace/getifaddrs.m4 b/source3/lib/replace/getifaddrs.m4
new file mode 100644
index 0000000000..6cca155de3
--- /dev/null
+++ b/source3/lib/replace/getifaddrs.m4
@@ -0,0 +1,127 @@
+AC_CHECK_HEADERS([ifaddrs.h])
+
+dnl Used when getifaddrs is not available
+AC_CHECK_MEMBERS([struct sockaddr.sa_len], 
+	 [AC_DEFINE(HAVE_SOCKADDR_SA_LEN, 1, [Whether struct sockaddr has a sa_len member])],
+	 [],
+	 [#include <sys/socket.h>])
+
+dnl test for getifaddrs and freeifaddrs
+AC_CACHE_CHECK([for getifaddrs and freeifaddrs],libreplace_cv_HAVE_GETIFADDRS,[
+AC_TRY_COMPILE([
+#include <sys/types.h>
+#if STDC_HEADERS
+#include <stdlib.h>
+#include <stddef.h>
+#endif
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <ifaddrs.h>
+#include <netdb.h>],
+[
+struct ifaddrs *ifp = NULL;
+int ret = getifaddrs (&ifp);
+freeifaddrs(ifp);
+],
+libreplace_cv_HAVE_GETIFADDRS=yes,libreplace_cv_HAVE_GETIFADDRS=no)])
+if test x"$libreplace_cv_HAVE_GETIFADDRS" = x"yes"; then
+    AC_DEFINE(HAVE_GETIFADDRS,1,[Whether the system has getifaddrs])
+    AC_DEFINE(HAVE_FREEIFADDRS,1,[Whether the system has freeifaddrs])
+	AC_DEFINE(HAVE_STRUCT_IFADDRS,1,[Whether struct ifaddrs is available])
+fi
+
+##################
+# look for a method of finding the list of network interfaces
+#
+# This tests need LIBS="$NSL_LIBS $SOCKET_LIBS"
+#
+old_LIBS=$LIBS
+LIBS="$NSL_LIBS $SOCKET_LIBS"
+iface=no;
+##################
+# look for a method of finding the list of network interfaces
+iface=no;
+AC_CACHE_CHECK([for iface getifaddrs],libreplace_cv_HAVE_IFACE_GETIFADDRS,[
+AC_TRY_RUN([
+#define HAVE_IFACE_GETIFADDRS 1
+#define NO_CONFIG_H 1
+#define AUTOCONF_TEST 1
+#define SOCKET_WRAPPER_NOT_REPLACE
+#include "$libreplacedir/replace.c"
+#include "$libreplacedir/inet_ntop.c"
+#include "$libreplacedir/snprintf.c"
+#include "$libreplacedir/getifaddrs.c"
+#define getifaddrs_test main
+#include "$libreplacedir/test/getifaddrs.c"],
+           libreplace_cv_HAVE_IFACE_GETIFADDRS=yes,libreplace_cv_HAVE_IFACE_GETIFADDRS=no,libreplace_cv_HAVE_IFACE_GETIFADDRS=cross)])
+if test x"$libreplace_cv_HAVE_IFACE_GETIFADDRS" = x"yes"; then
+    iface=yes;AC_DEFINE(HAVE_IFACE_GETIFADDRS,1,[Whether iface getifaddrs is available])
+else
+	LIBREPLACEOBJ="${LIBREPLACEOBJ} getifaddrs.o"
+fi
+
+
+if test $iface = no; then
+AC_CACHE_CHECK([for iface AIX],libreplace_cv_HAVE_IFACE_AIX,[
+AC_TRY_RUN([
+#define HAVE_IFACE_AIX 1
+#define NO_CONFIG_H 1
+#define AUTOCONF_TEST 1
+#undef _XOPEN_SOURCE_EXTENDED
+#define SOCKET_WRAPPER_NOT_REPLACE
+#include "$libreplacedir/replace.c"
+#include "$libreplacedir/inet_ntop.c"
+#include "$libreplacedir/snprintf.c"
+#include "$libreplacedir/getifaddrs.c"
+#define getifaddrs_test main
+#include "$libreplacedir/test/getifaddrs.c"],
+           libreplace_cv_HAVE_IFACE_AIX=yes,libreplace_cv_HAVE_IFACE_AIX=no,libreplace_cv_HAVE_IFACE_AIX=cross)])
+if test x"$libreplace_cv_HAVE_IFACE_AIX" = x"yes"; then
+    iface=yes;AC_DEFINE(HAVE_IFACE_AIX,1,[Whether iface AIX is available])
+	old_LIBS="$old_LIBS $LIBS"
+fi
+fi
+
+
+if test $iface = no; then
+AC_CACHE_CHECK([for iface ifconf],libreplace_cv_HAVE_IFACE_IFCONF,[
+AC_TRY_RUN([
+#define HAVE_IFACE_IFCONF 1
+#define NO_CONFIG_H 1
+#define AUTOCONF_TEST 1
+#define SOCKET_WRAPPER_NOT_REPLACE
+#include "$libreplacedir/replace.c"
+#include "$libreplacedir/inet_ntop.c"
+#include "$libreplacedir/snprintf.c"
+#include "$libreplacedir/getifaddrs.c"
+#define getifaddrs_test main
+#include "$libreplacedir/test/getifaddrs.c"],
+           libreplace_cv_HAVE_IFACE_IFCONF=yes,libreplace_cv_HAVE_IFACE_IFCONF=no,libreplace_cv_HAVE_IFACE_IFCONF=cross)])
+if test x"$libreplace_cv_HAVE_IFACE_IFCONF" = x"yes"; then
+    iface=yes;AC_DEFINE(HAVE_IFACE_IFCONF,1,[Whether iface ifconf is available])
+	old_LIBS="$old_LIBS $LIBS"
+fi
+fi
+
+if test $iface = no; then
+AC_CACHE_CHECK([for iface ifreq],libreplace_cv_HAVE_IFACE_IFREQ,[
+AC_TRY_RUN([
+#define HAVE_IFACE_IFREQ 1
+#define NO_CONFIG_H 1
+#define AUTOCONF_TEST 1
+#define SOCKET_WRAPPER_NOT_REPLACE
+#include "$libreplacedir/replace.c"
+#include "$libreplacedir/inet_ntop.c"
+#include "$libreplacedir/snprintf.c"
+#include "$libreplacedir/getifaddrs.c"
+#define getifaddrs_test main
+#include "$libreplacedir/test/getifaddrs.c"],
+           libreplace_cv_HAVE_IFACE_IFREQ=yes,libreplace_cv_HAVE_IFACE_IFREQ=no,libreplace_cv_HAVE_IFACE_IFREQ=cross)])
+if test x"$libreplace_cv_HAVE_IFACE_IFREQ" = x"yes"; then
+    iface=yes;AC_DEFINE(HAVE_IFACE_IFREQ,1,[Whether iface ifreq is available])
+	old_LIBS="$old_LIBS $LIBS"
+fi
+fi
+
+LIBS=$old_LIBS
diff --git a/source3/lib/replace/getpass.c b/source3/lib/replace/getpass.c
index d91d029f6a..57e28eb981 100644
--- a/source3/lib/replace/getpass.c
+++ b/source3/lib/replace/getpass.c
@@ -185,7 +185,10 @@ char *rep_getpass(const char *prompt)
 	buf[0] = 0;
 	if (!gotintr) {
 		in_fd = fileno(in);
-		fgets(buf, bufsize, in);
+		if (fgets(buf, bufsize, in) == NULL) {
+			buf[0] = 0;
+			return buf;
+		}
 	}
 	nread = strlen(buf);
 	if (nread) {
diff --git a/source3/lib/replace/getpass.m4 b/source3/lib/replace/getpass.m4
index c4da9aae59..b93817f9d3 100644
--- a/source3/lib/replace/getpass.m4
+++ b/source3/lib/replace/getpass.m4
@@ -1,22 +1,22 @@
-AC_CHECK_FUNC(getpass, samba_cv_HAVE_GETPASS=yes)
-AC_CHECK_FUNC(getpassphrase, samba_cv_HAVE_GETPASSPHRASE=yes)
-if test x"$samba_cv_HAVE_GETPASS" = x"yes" -a x"$samba_cv_HAVE_GETPASSPHRASE" = x"yes"; then
+AC_CHECK_FUNC(getpass, libreplace_cv_HAVE_GETPASS=yes)
+AC_CHECK_FUNC(getpassphrase, libreplace_cv_HAVE_GETPASSPHRASE=yes)
+if test x"$libreplace_cv_HAVE_GETPASS" = x"yes" -a x"$libreplace_cv_HAVE_GETPASSPHRASE" = x"yes"; then
         AC_DEFINE(REPLACE_GETPASS_BY_GETPASSPHRASE, 1, [getpass returns <9 chars where getpassphrase returns <265 chars])
 	AC_DEFINE(REPLACE_GETPASS,1,[Whether getpass should be replaced])
 	LIBREPLACEOBJ="${LIBREPLACEOBJ} getpass.o"
 else
 
-AC_CACHE_CHECK([whether getpass should be replaced],samba_cv_REPLACE_GETPASS,[
+AC_CACHE_CHECK([whether getpass should be replaced],libreplace_cv_REPLACE_GETPASS,[
 SAVE_CPPFLAGS="$CPPFLAGS"
 CPPFLAGS="$CPPFLAGS -I$libreplacedir/"
 AC_TRY_COMPILE([
 #include "confdefs.h"
 #define NO_CONFIG_H
 #include "$libreplacedir/getpass.c"
-],[],samba_cv_REPLACE_GETPASS=yes,samba_cv_REPLACE_GETPASS=no)
+],[],libreplace_cv_REPLACE_GETPASS=yes,libreplace_cv_REPLACE_GETPASS=no)
 CPPFLAGS="$SAVE_CPPFLAGS"
 ])
-if test x"$samba_cv_REPLACE_GETPASS" = x"yes"; then
+if test x"$libreplace_cv_REPLACE_GETPASS" = x"yes"; then
 	AC_DEFINE(REPLACE_GETPASS,1,[Whether getpass should be replaced])
 	LIBREPLACEOBJ="${LIBREPLACEOBJ} getpass.o"
 fi
diff --git a/source3/lib/replace/libreplace.m4 b/source3/lib/replace/libreplace.m4
index 7a5283a4d6..e0cc57f4c8 100644
--- a/source3/lib/replace/libreplace.m4
+++ b/source3/lib/replace/libreplace.m4
@@ -85,10 +85,10 @@ AC_INCLUDES_DEFAULT
 #endif]
 )
 
-AC_CACHE_CHECK([for working mmap],samba_cv_HAVE_MMAP,[
+AC_CACHE_CHECK([for working mmap],libreplace_cv_HAVE_MMAP,[
 AC_TRY_RUN([#include "$libreplacedir/test/shared_mmap.c"],
-           samba_cv_HAVE_MMAP=yes,samba_cv_HAVE_MMAP=no,samba_cv_HAVE_MMAP=cross)])
-if test x"$samba_cv_HAVE_MMAP" = x"yes"; then
+           libreplace_cv_HAVE_MMAP=yes,libreplace_cv_HAVE_MMAP=no,libreplace_cv_HAVE_MMAP=cross)])
+if test x"$libreplace_cv_HAVE_MMAP" = x"yes"; then
     AC_DEFINE(HAVE_MMAP,1,[Whether mmap works])
 fi
 
@@ -120,7 +120,7 @@ if test x"$libreplace_cv_USABLE_NET_IF_H" = x"yes";then
 	AC_DEFINE(HAVE_NET_IF_H, 1, usability of net/if.h)
 fi
 
-AC_CACHE_CHECK([for broken inet_ntoa],samba_cv_REPLACE_INET_NTOA,[
+AC_CACHE_CHECK([for broken inet_ntoa],libreplace_cv_REPLACE_INET_NTOA,[
 AC_TRY_RUN([
 #include <stdio.h>
 #include <unistd.h>
@@ -133,8 +133,8 @@ main() { struct in_addr ip; ip.s_addr = 0x12345678;
 if (strcmp(inet_ntoa(ip),"18.52.86.120") &&
     strcmp(inet_ntoa(ip),"120.86.52.18")) { exit(0); } 
 exit(1);}],
-           samba_cv_REPLACE_INET_NTOA=yes,samba_cv_REPLACE_INET_NTOA=no,samba_cv_REPLACE_INET_NTOA=cross)])
-if test x"$samba_cv_REPLACE_INET_NTOA" = x"yes"; then
+           libreplace_cv_REPLACE_INET_NTOA=yes,libreplace_cv_REPLACE_INET_NTOA=no,libreplace_cv_REPLACE_INET_NTOA=cross)])
+if test x"$libreplace_cv_REPLACE_INET_NTOA" = x"yes"; then
     AC_DEFINE(REPLACE_INET_NTOA,1,[Whether inet_ntoa should be replaced])
 fi
 
@@ -153,6 +153,26 @@ AC_HAVE_TYPE([struct sockaddr_in6], [
 #include <netinet/in.h>
 ])
 
+if test x"$ac_cv_type_struct_sockaddr_storage" = x"yes"; then
+AC_CHECK_MEMBER(struct sockaddr_storage.ss_family,
+                AC_DEFINE(HAVE_SS_FAMILY, 1, [Defined if struct sockaddr_storage has ss_family field]),,
+                [
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+		])
+
+if test x"$ac_cv_member_struct_sockaddr_storage_ss_family" != x"yes"; then
+AC_CHECK_MEMBER(struct sockaddr_storage.__ss_family,
+                AC_DEFINE(HAVE___SS_FAMILY, 1, [Defined if struct sockaddr_storage has __ss_family field]),,
+                [
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+		])
+fi
+fi
+
 AC_CHECK_FUNCS(seteuid setresuid setegid setresgid chroot bzero strerror)
 AC_CHECK_FUNCS(vsyslog setlinebuf mktime ftruncate chsize rename)
 AC_CHECK_FUNCS(waitpid strlcpy strlcat initgroups memmove strdup)
@@ -162,7 +182,7 @@ AC_HAVE_DECL(setresuid, [#include <unistd.h>])
 AC_HAVE_DECL(setresgid, [#include <unistd.h>])
 AC_HAVE_DECL(errno, [#include <errno.h>])
 
-AC_CACHE_CHECK([for secure mkstemp],samba_cv_HAVE_SECURE_MKSTEMP,[
+AC_CACHE_CHECK([for secure mkstemp],libreplace_cv_HAVE_SECURE_MKSTEMP,[
 AC_TRY_RUN([#include <stdlib.h>
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -177,10 +197,10 @@ main() {
   if ((st.st_mode & 0777) != 0600) exit(1);
   exit(0);
 }],
-samba_cv_HAVE_SECURE_MKSTEMP=yes,
-samba_cv_HAVE_SECURE_MKSTEMP=no,
-samba_cv_HAVE_SECURE_MKSTEMP=cross)])
-if test x"$samba_cv_HAVE_SECURE_MKSTEMP" = x"yes"; then
+libreplace_cv_HAVE_SECURE_MKSTEMP=yes,
+libreplace_cv_HAVE_SECURE_MKSTEMP=no,
+libreplace_cv_HAVE_SECURE_MKSTEMP=cross)])
+if test x"$libreplace_cv_HAVE_SECURE_MKSTEMP" = x"yes"; then
     AC_DEFINE(HAVE_SECURE_MKSTEMP,1,[Whether mkstemp is secure])
 fi
 
@@ -189,7 +209,7 @@ AC_CHECK_HEADERS(stdio.h strings.h)
 AC_CHECK_DECLS([snprintf, vsnprintf, asprintf, vasprintf])
 AC_CHECK_FUNCS(snprintf vsnprintf asprintf vasprintf)
 
-AC_CACHE_CHECK([for C99 vsnprintf],samba_cv_HAVE_C99_VSNPRINTF,[
+AC_CACHE_CHECK([for C99 vsnprintf],libreplace_cv_HAVE_C99_VSNPRINTF,[
 AC_TRY_RUN([
 #include <sys/types.h>
 #include <stdio.h>
@@ -223,43 +243,43 @@ void foo(const char *format, ...) {
 }
 main() { foo("hello"); }
 ],
-samba_cv_HAVE_C99_VSNPRINTF=yes,samba_cv_HAVE_C99_VSNPRINTF=no,samba_cv_HAVE_C99_VSNPRINTF=cross)])
-if test x"$samba_cv_HAVE_C99_VSNPRINTF" = x"yes"; then
+libreplace_cv_HAVE_C99_VSNPRINTF=yes,libreplace_cv_HAVE_C99_VSNPRINTF=no,libreplace_cv_HAVE_C99_VSNPRINTF=cross)])
+if test x"$libreplace_cv_HAVE_C99_VSNPRINTF" = x"yes"; then
     AC_DEFINE(HAVE_C99_VSNPRINTF,1,[Whether there is a C99 compliant vsnprintf])
 fi
 
 
 dnl VA_COPY
-AC_CACHE_CHECK([for va_copy],samba_cv_HAVE_VA_COPY,[
+AC_CACHE_CHECK([for va_copy],libreplace_cv_HAVE_VA_COPY,[
 AC_TRY_LINK([#include <stdarg.h>
 va_list ap1,ap2;], [va_copy(ap1,ap2);],
-samba_cv_HAVE_VA_COPY=yes,samba_cv_HAVE_VA_COPY=no)])
-if test x"$samba_cv_HAVE_VA_COPY" = x"yes"; then
+libreplace_cv_HAVE_VA_COPY=yes,libreplace_cv_HAVE_VA_COPY=no)])
+if test x"$libreplace_cv_HAVE_VA_COPY" = x"yes"; then
     AC_DEFINE(HAVE_VA_COPY,1,[Whether va_copy() is available])
 fi
 
-if test x"$samba_cv_HAVE_VA_COPY" != x"yes"; then
-AC_CACHE_CHECK([for __va_copy],samba_cv_HAVE___VA_COPY,[
+if test x"$libreplace_cv_HAVE_VA_COPY" != x"yes"; then
+AC_CACHE_CHECK([for __va_copy],libreplace_cv_HAVE___VA_COPY,[
 AC_TRY_LINK([#include <stdarg.h>
 va_list ap1,ap2;], [__va_copy(ap1,ap2);],
-samba_cv_HAVE___VA_COPY=yes,samba_cv_HAVE___VA_COPY=no)])
-if test x"$samba_cv_HAVE___VA_COPY" = x"yes"; then
+libreplace_cv_HAVE___VA_COPY=yes,libreplace_cv_HAVE___VA_COPY=no)])
+if test x"$libreplace_cv_HAVE___VA_COPY" = x"yes"; then
     AC_DEFINE(HAVE___VA_COPY,1,[Whether __va_copy() is available])
 fi
 fi
 
 dnl __FUNCTION__ macro
-AC_CACHE_CHECK([for __FUNCTION__ macro],samba_cv_HAVE_FUNCTION_MACRO,[
+AC_CACHE_CHECK([for __FUNCTION__ macro],libreplace_cv_HAVE_FUNCTION_MACRO,[
 AC_TRY_COMPILE([#include <stdio.h>], [printf("%s\n", __FUNCTION__);],
-samba_cv_HAVE_FUNCTION_MACRO=yes,samba_cv_HAVE_FUNCTION_MACRO=no)])
-if test x"$samba_cv_HAVE_FUNCTION_MACRO" = x"yes"; then
+libreplace_cv_HAVE_FUNCTION_MACRO=yes,libreplace_cv_HAVE_FUNCTION_MACRO=no)])
+if test x"$libreplace_cv_HAVE_FUNCTION_MACRO" = x"yes"; then
     AC_DEFINE(HAVE_FUNCTION_MACRO,1,[Whether there is a __FUNCTION__ macro])
 else
     dnl __func__ macro
-    AC_CACHE_CHECK([for __func__ macro],samba_cv_HAVE_func_MACRO,[
+    AC_CACHE_CHECK([for __func__ macro],libreplace_cv_HAVE_func_MACRO,[
     AC_TRY_COMPILE([#include <stdio.h>], [printf("%s\n", __func__);],
-    samba_cv_HAVE_func_MACRO=yes,samba_cv_HAVE_func_MACRO=no)])
-    if test x"$samba_cv_HAVE_func_MACRO" = x"yes"; then
+    libreplace_cv_HAVE_func_MACRO=yes,libreplace_cv_HAVE_func_MACRO=no)])
+    if test x"$libreplace_cv_HAVE_func_MACRO" = x"yes"; then
        AC_DEFINE(HAVE_func_MACRO,1,[Whether there is a __func__ macro])
     fi
 fi
@@ -282,7 +302,7 @@ eprintf("bla", "bar");
 ], AC_DEFINE(HAVE__VA_ARGS__MACRO, 1, [Whether the __VA_ARGS__ macro is available]))
 
 
-AC_CACHE_CHECK([for sig_atomic_t type],samba_cv_sig_atomic_t, [
+AC_CACHE_CHECK([for sig_atomic_t type],libreplace_cv_sig_atomic_t, [
     AC_TRY_COMPILE([
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -290,30 +310,30 @@ AC_CACHE_CHECK([for sig_atomic_t type],samba_cv_sig_atomic_t, [
 #include <stddef.h>
 #endif
 #include <signal.h>],[sig_atomic_t i = 0],
-	samba_cv_sig_atomic_t=yes,samba_cv_sig_atomic_t=no)])
-if test x"$samba_cv_sig_atomic_t" = x"yes"; then
+	libreplace_cv_sig_atomic_t=yes,libreplace_cv_sig_atomic_t=no)])
+if test x"$libreplace_cv_sig_atomic_t" = x"yes"; then
    AC_DEFINE(HAVE_SIG_ATOMIC_T_TYPE,1,[Whether we have the atomic_t variable type])
 fi
 
 
-AC_CACHE_CHECK([for O_DIRECT flag to open(2)],samba_cv_HAVE_OPEN_O_DIRECT,[
+AC_CACHE_CHECK([for O_DIRECT flag to open(2)],libreplace_cv_HAVE_OPEN_O_DIRECT,[
 AC_TRY_COMPILE([
 #include <unistd.h>
 #ifdef HAVE_FCNTL_H
 #include <fcntl.h>
 #endif],
 [int fd = open("/dev/null", O_DIRECT);],
-samba_cv_HAVE_OPEN_O_DIRECT=yes,samba_cv_HAVE_OPEN_O_DIRECT=no)])
-if test x"$samba_cv_HAVE_OPEN_O_DIRECT" = x"yes"; then
+libreplace_cv_HAVE_OPEN_O_DIRECT=yes,libreplace_cv_HAVE_OPEN_O_DIRECT=no)])
+if test x"$libreplace_cv_HAVE_OPEN_O_DIRECT" = x"yes"; then
     AC_DEFINE(HAVE_OPEN_O_DIRECT,1,[Whether the open(2) accepts O_DIRECT])
 fi
 
 
 dnl Check if the C compiler understands volatile (it should, being ANSI).
-AC_CACHE_CHECK([that the C compiler understands volatile],samba_cv_volatile, [
+AC_CACHE_CHECK([that the C compiler understands volatile],libreplace_cv_volatile, [
 	AC_TRY_COMPILE([#include <sys/types.h>],[volatile int i = 0],
-		samba_cv_volatile=yes,samba_cv_volatile=no)])
-if test x"$samba_cv_volatile" = x"yes"; then
+		libreplace_cv_volatile=yes,libreplace_cv_volatile=no)])
+if test x"$libreplace_cv_volatile" = x"yes"; then
 	AC_DEFINE(HAVE_VOLATILE, 1, [Whether the C compiler understands volatile])
 fi
 
@@ -324,10 +344,12 @@ m4_include(getpass.m4)
 m4_include(strptime.m4)
 m4_include(win32.m4)
 m4_include(timegm.m4)
+m4_include(socket.m4)
 m4_include(inet_ntop.m4)
 m4_include(inet_pton.m4)
 m4_include(getaddrinfo.m4)
 m4_include(repdir.m4)
+m4_include(getifaddrs.m4)
 
 AC_CHECK_FUNCS([syslog printf memset memcpy],,[AC_MSG_ERROR([Required function not found])])
 
diff --git a/source3/lib/replace/libreplace_cc.m4 b/source3/lib/replace/libreplace_cc.m4
index a01bf1b290..bf5056838d 100644
--- a/source3/lib/replace/libreplace_cc.m4
+++ b/source3/lib/replace/libreplace_cc.m4
@@ -48,8 +48,7 @@ LIBREPLACE_C99_STRUCT_INIT([],[AC_MSG_WARN([c99 structure initializer are not su
 AC_PROG_INSTALL
 
 AC_ISC_POSIX
-AC_EXTENSION_FLAG(_XOPEN_SOURCE_EXTENDED)
-AC_EXTENSION_FLAG(_OSF_SOURCE)
+AC_N_DEFINE(_XOPEN_SOURCE_EXTENDED)
 
 AC_SYS_LARGEFILE
 
@@ -77,6 +76,11 @@ case "$host_os" in
 			CFLAGS="$CFLAGS -D_LINUX_SOURCE_COMPAT -qmaxmem=32000"
 		fi
 		;;
+	*osf*)
+		# this brings in socklen_t
+		AC_N_DEFINE(_XOPEN_SOURCE,600)
+		AC_N_DEFINE(_OSF_SOURCE)
+		;;
 	#
 	# VOS may need to have POSIX support and System V compatibility enabled.
 	#
diff --git a/source3/lib/replace/libreplace_ld.m4 b/source3/lib/replace/libreplace_ld.m4
index cb8e21434e..f0d10c1e3e 100644
--- a/source3/lib/replace/libreplace_ld.m4
+++ b/source3/lib/replace/libreplace_ld.m4
@@ -265,7 +265,7 @@ AC_DEFUN([AC_LIBREPLACE_LD_SHLIB_ALLOW_UNDEF_FLAG],
 			LD_SHLIB_ALLOW_UNDEF_FLAG="-Wl,--allow-shlib-undefined"
 			;;
 		*osf*)
-			LD_SHLIB_ALLOW_UNDEF_FLAG="-expect_unresolved '*'"
+			LD_SHLIB_ALLOW_UNDEF_FLAG="-Wl,-expect_unresolved,\"*\""
 			;;
 		*darwin*)
 			LD_SHLIB_ALLOW_UNDEF_FLAG="-undefined dynamic_lookup"
@@ -289,6 +289,9 @@ AC_DEFUN([AC_LIBREPLACE_RUNTIME_LIB_PATH_VAR],
 		*linux*)
 			LIB_PATH_VAR=LD_LIBRARY_PATH
 		;;
+		*netbsd*)
+			LIB_PATH_VAR=LD_LIBRARY_PATH
+		;;
 		*solaris*)
 			LIB_PATH_VAR=LD_LIBRARY_PATH
 		;;
diff --git a/source3/lib/replace/libreplace_macros.m4 b/source3/lib/replace/libreplace_macros.m4
index 92fecd3db8..1856eacf66 100644
--- a/source3/lib/replace/libreplace_macros.m4
+++ b/source3/lib/replace/libreplace_macros.m4
@@ -87,19 +87,6 @@ fi
 rm -f conftest*
 ])])
 
-AC_DEFUN([AC_EXTENSION_FLAG],
-[
-  cat >>confdefs.h <<\EOF
-#ifndef $1
-# define $1 1
-#endif
-EOF
-AH_VERBATIM([$1], [#ifndef $1
-# define $1 1
-#endif])
-])
-
-
 dnl see if a declaration exists for a function or variable
 dnl defines HAVE_function_DECL if it exists
 dnl AC_HAVE_DECL(var, includes)
@@ -248,11 +235,18 @@ m4_define([AH_CHECK_FUNC_EXT],
 
 dnl Define an AC_DEFINE with ifndef guard.
 dnl AC_N_DEFINE(VARIABLE [, VALUE])
-define(AC_N_DEFINE,
-[cat >> confdefs.h <<\EOF
-[#ifndef] $1
-[#define] $1 ifelse($#, 2, [$2], $#, 3, [$2], 1)
-[#endif]
+AC_DEFUN([AC_N_DEFINE],
+[
+AH_VERBATIM([$1], [
+#ifndef $1
+# undef $1
+#endif
+])
+
+ cat >>confdefs.h <<\EOF
+#ifndef $1
+[#define] $1 m4_if($#, 1, 1, [$2])
+#endif
 EOF
 ])
 
diff --git a/source3/lib/replace/replace.h b/source3/lib/replace/replace.h
index 1d1cbc2cd2..0d16f4ffd0 100644
--- a/source3/lib/replace/replace.h
+++ b/source3/lib/replace/replace.h
@@ -340,6 +340,26 @@ ssize_t rep_pwrite(int __fd, const void *__buf, size_t __nbytes, off_t __offset)
 /* prototype is in "system/network.h" */
 #endif
 
+#ifndef HAVE_CONNECT
+#define connect rep_connect
+/* prototype is in "system/network.h" */
+#endif
+
+#ifndef HAVE_GETHOSTBYNAME
+#define gethostbyname rep_gethostbyname
+/* prototype is in "system/network.h" */
+#endif
+
+#ifndef HAVE_GETIFADDRS
+#define getifaddrs rep_getifaddrs
+/* prototype is in "system/network.h" */
+#endif
+
+#ifndef HAVE_FREEIFADDRS
+#define freeifaddrs rep_freeifaddrs
+/* prototype is in "system/network.h" */
+#endif
+
 #ifdef HAVE_LIMITS_H
 #include <limits.h>
 #endif
diff --git a/source3/lib/replace/socket.c b/source3/lib/replace/socket.c
new file mode 100644
index 0000000000..35e975fce7
--- /dev/null
+++ b/source3/lib/replace/socket.c
@@ -0,0 +1,35 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Dummy replacements for socket functions.
+ *
+ * Copyright (C) Michael Adam <obnox@samba.org> 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "replace.h"
+#include "system/network.h"
+
+int rep_connect(int sockfd, const struct sockaddr *serv_addr, socklen_t addrlen)
+{
+	errno = ENOSYS;
+	return -1;
+}
+
+struct hostent *rep_gethostbyname(const char *name)
+{
+	errno = ENOSYS;
+	return NULL;
+}
diff --git a/source3/lib/replace/socket.m4 b/source3/lib/replace/socket.m4
new file mode 100644
index 0000000000..c0c8f93e81
--- /dev/null
+++ b/source3/lib/replace/socket.m4
@@ -0,0 +1,40 @@
+dnl The following test is roughl taken from the cvs sources.
+dnl
+dnl If we can't find connect, try looking in -lsocket, -lnsl, and -linet.
+dnl The Irix 5 libc.so has connect and gethostbyname, but Irix 5 also has
+dnl libsocket.so which has a bad implementation of gethostbyname (it
+dnl only looks in /etc/hosts), so we only look for -lsocket if we need
+dnl it.
+AC_CHECK_FUNCS(connect)
+if test x"$ac_cv_func_connect" = x"no"; then
+	AC_CHECK_LIB_EXT(nsl_s, SOCKET_LIBS, connect)
+	AC_CHECK_LIB_EXT(nsl, SOCKET_LIBS, connect)
+	AC_CHECK_LIB_EXT(socket, SOCKET_LIBS, connect)
+	AC_CHECK_LIB_EXT(inet, SOCKET_LIBS, connect)
+	dnl We can't just call AC_CHECK_FUNCS(connect) here,
+	dnl because the value has been cached.
+	if test x"$ac_cv_lib_ext_nsl_s_connect" = x"yes" ||
+		test x"$ac_cv_lib_ext_nsl_connect" = x"yes" ||
+		test x"$ac_cv_lib_ext_socket_connect" = x"yes" ||
+		test x"$ac_cv_lib_ext_inet_connect" = x"yes"
+	then
+		AC_DEFINE(HAVE_CONNECT,1,[Whether the system has connect()])
+	fi
+fi
+
+AC_CHECK_FUNCS(gethostbyname)
+if test x"$ac_cv_func_gethostbyname" = x"no"; then
+	AC_CHECK_LIB_EXT(nsl_s, NSL_LIBS, gethostbyname)
+	AC_CHECK_LIB_EXT(nsl, NSL_LIBS, gethostbyname)
+	AC_CHECK_LIB_EXT(socket, NSL_LIBS, gethostbyname)
+	dnl We can't just call AC_CHECK_FUNCS(gethostbyname) here,
+	dnl because the value has been cached.
+	if test x"$ac_cv_lib_ext_nsl_s_gethostbyname" = x"yes" ||
+		test x"$ac_cv_lib_ext_nsl_gethostbyname" = x"yes" ||
+		test x"$ac_cv_lib_ext_socket_gethostbyname" = x"yes"
+	then
+		AC_DEFINE(HAVE_GETHOSTBYNAME,1,
+			  [Whether the system has gethostbyname()])
+	fi
+fi
+
diff --git a/source3/lib/replace/system/config.m4 b/source3/lib/replace/system/config.m4
index 799187af7d..66c2bd652a 100644
--- a/source3/lib/replace/system/config.m4
+++ b/source3/lib/replace/system/config.m4
@@ -18,7 +18,7 @@ AC_CHECK_HEADERS(sys/capability.h)
 
 case "$host_os" in
 *linux*)
-AC_CACHE_CHECK([for broken RedHat 7.2 system header files],samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS,[
+AC_CACHE_CHECK([for broken RedHat 7.2 system header files],libreplace_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS,[
 AC_TRY_COMPILE([
 	#ifdef HAVE_SYS_VFS_H
 	#include <sys/vfs.h>
@@ -29,14 +29,14 @@ AC_TRY_COMPILE([
 	],[
 	int i;
 	],
-	samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS=no,
-	samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS=yes
+	libreplace_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS=no,
+	libreplace_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS=yes
 )])
-if test x"$samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS" = x"yes"; then
+if test x"$libreplace_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS" = x"yes"; then
 	AC_DEFINE(BROKEN_REDHAT_7_SYSTEM_HEADERS,1,[Broken RedHat 7.2 system header files])
 fi
 
-AC_CACHE_CHECK([for broken RHEL5 sys/capability.h],samba_cv_BROKEN_RHEL5_SYS_CAP_HEADER,[
+AC_CACHE_CHECK([for broken RHEL5 sys/capability.h],libreplace_cv_BROKEN_RHEL5_SYS_CAP_HEADER,[
 AC_TRY_COMPILE([
 	#ifdef HAVE_SYS_CAPABILITY_H
 	#include <sys/capability.h>
@@ -45,10 +45,10 @@ AC_TRY_COMPILE([
 	],[
 	__s8 i;
 	],
-	samba_cv_BROKEN_RHEL5_SYS_CAP_HEADER=no,
-	samba_cv_BROKEN_RHEL5_SYS_CAP_HEADER=yes
+	libreplace_cv_BROKEN_RHEL5_SYS_CAP_HEADER=no,
+	libreplace_cv_BROKEN_RHEL5_SYS_CAP_HEADER=yes
 )])
-if test x"$samba_cv_BROKEN_RHEL5_SYS_CAP_HEADER" = x"yes"; then
+if test x"$libreplace_cv_BROKEN_RHEL5_SYS_CAP_HEADER" = x"yes"; then
 	AC_DEFINE(BROKEN_RHEL5_SYS_CAP_HEADER,1,[Broken RHEL5 sys/capability.h])
 fi
 ;;
@@ -73,6 +73,18 @@ AC_VERIFY_C_PROTOTYPE([struct passwd *getpwent_r(struct passwd *src, char *buf,
 	#include <unistd.h>
 	#include <pwd.h>
 	])
+AC_VERIFY_C_PROTOTYPE([struct passwd *getpwent_r(struct passwd *src, char *buf, size_t buflen)],
+	[
+	#ifndef HAVE_GETPWENT_R_DECL
+	#error missing getpwent_r prototype
+	#endif
+	return NULL;
+	],[
+	AC_DEFINE(SOLARIS_GETPWENT_R, 1, [getpwent_r irix (similar to solaris) function prototype])
+	],[],[
+	#include <unistd.h>
+	#include <pwd.h>
+	])
 AC_CHECK_FUNCS(getgrnam_r getgrgid_r getgrent_r)
 AC_HAVE_DECL(getgrent_r, [
 	#include <unistd.h>
@@ -91,6 +103,19 @@ AC_VERIFY_C_PROTOTYPE([struct group *getgrent_r(struct group *src, char *buf, in
 	#include <grp.h>
 	])
 
+AC_VERIFY_C_PROTOTYPE([struct group *getgrent_r(struct group *src, char *buf, size_t buflen)],
+	[
+	#ifndef HAVE_GETGRENT_R_DECL
+	#error missing getgrent_r prototype
+	#endif
+	return NULL;
+	],[
+	AC_DEFINE(SOLARIS_GETGRENT_R, 1, [getgrent_r irix (similar to solaris)  function prototype])
+	],[],[
+	#include <unistd.h>
+	#include <grp.h>
+	])
+
 # locale
 AC_CHECK_HEADERS(ctype.h locale.h)
 
diff --git a/source3/lib/replace/system/network.h b/source3/lib/replace/system/network.h
index b6ae3c7c6f..796df2d1da 100644
--- a/source3/lib/replace/system/network.h
+++ b/source3/lib/replace/system/network.h
@@ -6,6 +6,7 @@
    networking system include wrappers
 
    Copyright (C) Andrew Tridgell 2004
+   Copyright (C) Jelmer Vernooij 2007
    
      ** NOTE! The following LGPL license applies to the replace
      ** library. This does NOT imply that all of Samba is released
@@ -82,6 +83,11 @@
 #include <stropts.h>
 #endif
 
+#ifndef HAVE_SOCKLEN_T
+#define HAVE_SOCKLEN_T
+typedef int socklen_t;
+#endif
+
 #ifdef REPLACE_INET_NTOA
 /* define is in "replace.h" */
 char *rep_inet_ntoa(struct in_addr ip);
@@ -97,6 +103,41 @@ int rep_inet_pton(int af, const char *src, void *dst);
 const char *rep_inet_ntop(int af, const void *src, char *dst, socklen_t size);
 #endif
 
+#ifndef HAVE_CONNECT
+/* define is in "replace.h" */
+int rep_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen);
+#endif
+
+#ifndef HAVE_GETHOSTBYNAME
+/* define is in "replace.h" */
+struct hostent *rep_gethostbyname(const char *name);
+#endif
+
+#ifdef HAVE_IFADDRS_H
+#include <ifaddrs.h>
+#endif
+
+#ifndef HAVE_STRUCT_IFADDRS
+struct ifaddrs {
+	struct ifaddrs   *ifa_next;         /* Pointer to next struct */
+	char             *ifa_name;         /* Interface name */
+	unsigned int     ifa_flags;         /* Interface flags */
+	struct sockaddr  *ifa_addr;         /* Interface address */
+	struct sockaddr  *ifa_netmask;      /* Interface netmask */
+#undef ifa_dstaddr
+	struct sockaddr  *ifa_dstaddr;      /* P2P interface destination */
+	void             *ifa_data;         /* Address specific data */
+};
+#endif
+
+#ifndef HAVE_GETIFADDRS
+int rep_getifaddrs(struct ifaddrs **);
+#endif
+
+#ifndef HAVE_FREEIFADDRS
+void rep_freeifaddrs(struct ifaddrs *);
+#endif
+
 /*
  * Some systems have getaddrinfo but not the
  * defines needed to use it.
@@ -137,8 +178,15 @@ const char *rep_inet_ntop(int af, const void *src, char *dst, socklen_t size);
 #endif
 
 #ifndef AI_ADDRCONFIG
+/*
+ * logic copied from AI_NUMERICHOST
+ */
+#if defined(HAVE_STRUCT_ADDRINFO) && defined(HAVE_GETADDRINFO)
+#define AI_ADDRCONFIG	0
+#else
 #define AI_ADDRCONFIG	0x0020
 #endif
+#endif
 
 #ifndef AI_NUMERICSERV
 /*
@@ -212,11 +260,6 @@ const char *rep_inet_ntop(int af, const void *src, char *dst, socklen_t size);
 #define HOST_NAME_MAX 256
 #endif
 
-#ifndef HAVE_SOCKLEN_T
-#define HAVE_SOCKLEN_T
-typedef int socklen_t;
-#endif
-
 #ifndef HAVE_SA_FAMILY_T
 #define HAVE_SA_FAMILY_T
 typedef unsigned short int sa_family_t;
@@ -227,14 +270,19 @@ typedef unsigned short int sa_family_t;
 #ifdef HAVE_STRUCT_SOCKADDR_IN6
 #define sockaddr_storage sockaddr_in6
 #define ss_family sin6_family
+#define HAVE_SS_FAMILY 1
 #else
 #define sockaddr_storage sockaddr_in
 #define ss_family sin_family
+#define HAVE_SS_FAMILY 1
 #endif
 #endif
 
-#ifdef HAVE_AIX_SOCKADDR_STORAGE
+#ifndef HAVE_SS_FAMILY
+#ifdef HAVE___SS_FAMILY
 #define ss_family __ss_family
+#define HAVE_SS_FAMILY 1
+#endif
 #endif
 
 #ifndef HAVE_STRUCT_ADDRINFO
@@ -257,7 +305,7 @@ struct addrinfo {
 
 /* Needed for some systems that don't define it (Solaris). */
 #ifndef ifr_netmask
-#define ifr_netmask ifr_addrs
+#define ifr_netmask ifr_addr
 #endif
 
 #ifdef SOCKET_WRAPPER
diff --git a/source3/lib/replace/system/printing.h b/source3/lib/replace/system/printing.h
deleted file mode 100644
index 7eb02d004a..0000000000
--- a/source3/lib/replace/system/printing.h
+++ /dev/null
@@ -1,50 +0,0 @@
-#ifndef _system_printing_h
-#define _system_printing_h
-
-/* 
-   Unix SMB/CIFS implementation.
-
-   printing system include wrappers
-
-   Copyright (C) Andrew Tridgell 2004
-   
-     ** NOTE! The following LGPL license applies to the replace
-     ** library. This does NOT imply that all of Samba is released
-     ** under the LGPL
-   
-   This library is free software; you can redistribute it and/or
-   modify it under the terms of the GNU Lesser General Public
-   License as published by the Free Software Foundation; either
-   version 3 of the License, or (at your option) any later version.
-
-   This library is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public
-   License along with this library; if not, see <http://www.gnu.org/licenses/>.
-
-*/
-
-#ifdef AIX
-#define DEFAULT_PRINTING PRINT_AIX
-#define PRINTCAP_NAME "/etc/qconfig"
-#endif
-
-#ifdef HPUX
-#define DEFAULT_PRINTING PRINT_HPUX
-#endif
-
-#ifdef QNX
-#define DEFAULT_PRINTING PRINT_QNX
-#endif
-
-#ifndef DEFAULT_PRINTING
-#define DEFAULT_PRINTING PRINT_BSD
-#endif
-#ifndef PRINTCAP_NAME
-#define PRINTCAP_NAME "/etc/printcap"
-#endif
-
-#endif
diff --git a/source3/lib/replace/test/getifaddrs.c b/source3/lib/replace/test/getifaddrs.c
new file mode 100644
index 0000000000..8b00ac2f40
--- /dev/null
+++ b/source3/lib/replace/test/getifaddrs.c
@@ -0,0 +1,100 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * libreplace getifaddrs test
+ *
+ * Copyright (C) Michael Adam <obnox@samba.org> 2008
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef AUTOCONF_TEST
+#include "replace.h"
+#include "system/network.h"
+#endif
+
+#ifdef HAVE_INET_NTOP
+#define rep_inet_ntop inet_ntop
+#endif
+
+static const char *format_sockaddr(struct sockaddr *addr,
+				   char *addrstring,
+				   socklen_t addrlen)
+{
+	const char *result = NULL;
+
+	if (addr->sa_family == AF_INET) {
+		result = rep_inet_ntop(AF_INET,
+				       &((struct sockaddr_in *)addr)->sin_addr,
+				       addrstring,
+				       addrlen);
+#ifdef HAVE_STRUCT_SOCKADDR_IN6
+	} else if (addr->sa_family == AF_INET6) {
+		result = rep_inet_ntop(AF_INET6,
+				       &((struct sockaddr_in6 *)addr)->sin6_addr,
+				       addrstring,
+				       addrlen);
+#endif
+	}
+	return result;
+}
+
+int getifaddrs_test(void)
+{
+	struct ifaddrs *ifs = NULL;
+	struct ifaddrs *ifs_head = NULL;
+	int ret;
+
+	ret = getifaddrs(&ifs);
+	ifs_head = ifs;
+	if (ret != 0) {
+		fprintf(stderr, "getifaddrs() failed: %s\n", strerror(errno));
+		return 1;
+	}
+
+	while (ifs) {
+		printf("%-10s ", ifs->ifa_name);
+		if (ifs->ifa_addr != NULL) {
+			char addrstring[INET6_ADDRSTRLEN];
+			const char *result;
+
+			result = format_sockaddr(ifs->ifa_addr,
+						 addrstring,
+						 sizeof(addrstring));
+			if (result != NULL) {
+				printf("IP=%s ", addrstring);
+			}
+
+			if (ifs->ifa_netmask != NULL) {
+				result = format_sockaddr(ifs->ifa_netmask,
+							 addrstring,
+							 sizeof(addrstring));
+				if (result != NULL) {
+					printf("NETMASK=%s", addrstring);
+				}
+			} else {
+				printf("AF=%d ", ifs->ifa_addr->sa_family);
+			}
+		} else {
+			printf("<no address>");
+		}
+
+		printf("\n");
+		ifs = ifs->ifa_next;
+	}
+
+	freeifaddrs(ifs_head);
+
+	return 0;
+}
diff --git a/source3/lib/replace/test/testsuite.c b/source3/lib/replace/test/testsuite.c
index 269a2ff5d6..b538360365 100644
--- a/source3/lib/replace/test/testsuite.c
+++ b/source3/lib/replace/test/testsuite.c
@@ -37,7 +37,6 @@
 #include "system/locale.h"
 #include "system/network.h"
 #include "system/passwd.h"
-#include "system/printing.h"
 #include "system/readline.h"
 #include "system/select.h"
 #include "system/shmem.h"
@@ -857,6 +856,22 @@ static int test_strptime(void)
 	return libreplace_test_strptime();
 }
 
+extern int getifaddrs_test(void);
+
+static int test_getifaddrs(void)
+{
+
+	printf("test: getifaddrs\n");
+
+	if (getifaddrs_test() != 0) {
+		printf("failure: getifaddrs\n");
+		return false;
+	}
+
+	printf("success: getifaddrs\n");
+	return true;
+}
+
 struct torture_context;
 bool torture_local_replace(struct torture_context *ctx)
 {
@@ -904,6 +919,7 @@ bool torture_local_replace(struct torture_context *ctx)
 	ret &= test_MAX();
 	ret &= test_socketpair();
 	ret &= test_strptime();
+	ret &= test_getifaddrs();
 
 	return ret;
 }
diff --git a/source3/lib/select.c b/source3/lib/select.c
index d5e4ba68f2..c3da6a9bba 100644
--- a/source3/lib/select.c
+++ b/source3/lib/select.c
@@ -58,7 +58,8 @@ int sys_select(int maxfd, fd_set *readfds, fd_set *writefds, fd_set *errorfds, s
 	fd_set *readfds2, readfds_buf;
 
 	if (initialised != sys_getpid()) {
-		pipe(select_pipe);
+		if (pipe(select_pipe) == -1)
+			smb_panic("Could not create select pipe");
 
 		/*
 		 * These next two lines seem to fix a bug with the Linux
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index 662a5a948a..65a039b119 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -980,7 +980,7 @@ static int smbldap_connect_system(struct smbldap_state *ldap_state, LDAP * ldap_
 		ldap_state->paged_results = True;
 	}
 
-	DEBUG(3, ("ldap_connect_system: succesful connection to the LDAP server\n"));
+	DEBUG(3, ("ldap_connect_system: successful connection to the LDAP server\n"));
 	DEBUGADD(10, ("ldap_connect_system: LDAP server %s support paged results\n", 
 		ldap_state->paged_results ? "does" : "does not"));
 	return rc;
@@ -1063,7 +1063,7 @@ static int smbldap_open(struct smbldap_state *ldap_state)
 			"smbldap_idle_fn", smbldap_idle_fn, ldap_state);
 	}
 
-	DEBUG(4,("The LDAP server is succesfully connected\n"));
+	DEBUG(4,("The LDAP server is successfully connected\n"));
 
 	return LDAP_SUCCESS;
 }
diff --git a/source3/lib/sock_exec.c b/source3/lib/sock_exec.c
index 203d7e93b3..278a174663 100644
--- a/source3/lib/sock_exec.c
+++ b/source3/lib/sock_exec.c
@@ -105,8 +105,12 @@ int sock_exec(const char *prog)
 		close(fd[0]);
 		close(0);
 		close(1);
-		dup(fd[1]);
-		dup(fd[1]);
+		if (dup(fd[1]) == -1) {
+			exit(1);
+		}
+		if (dup(fd[1]) == -1) {
+			exit(1);
+		}
 		exit(system(prog));
 	}
 	close(fd[1]);
diff --git a/source3/lib/system.c b/source3/lib/system.c
index eb6dcae6fb..fa50955ef6 100644
--- a/source3/lib/system.c
+++ b/source3/lib/system.c
@@ -1917,11 +1917,6 @@ int sys_fremovexattr (int filedes, const char *name)
 #endif
 }
 
-#if !defined(HAVE_SETXATTR)
-#define XATTR_CREATE  0x1       /* set value, fail if attr already exists */
-#define XATTR_REPLACE 0x2       /* set value, fail if attr does not exist */
-#endif
-
 int sys_setxattr (const char *path, const char *name, const void *value, size_t size, int flags)
 {
 #if defined(HAVE_SETXATTR)
diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c
index 9d3eb95664..1f5dd3172f 100644
--- a/source3/lib/system_smbd.c
+++ b/source3/lib/system_smbd.c
@@ -125,7 +125,7 @@ static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grp
 	 * always determined by the info3 coming back from auth3 or the
 	 * PAC. */
 	winbind_env = winbind_env_set();
-	winbind_off();
+	(void)winbind_off();
 
 #ifdef HAVE_GETGROUPLIST
 	retval = getgrouplist(user, gid, groups, grpcnt);
@@ -137,7 +137,7 @@ static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grp
 
 	/* allow winbindd lookups, but only if they were not already disabled */
 	if (!winbind_env) {
-		winbind_on();
+		(void)winbind_on();
 	}
 
 	return retval;
diff --git a/source3/lib/talloc/Makefile.in b/source3/lib/talloc/Makefile.in
index 18b48c3459..851dc81aea 100644
--- a/source3/lib/talloc/Makefile.in
+++ b/source3/lib/talloc/Makefile.in
@@ -14,59 +14,29 @@ INSTALLCMD = @INSTALL@
 CC = @CC@
 CFLAGS = @CFLAGS@ -DHAVE_CONFIG_H= -I. -I@srcdir@
 EXTRA_TARGETS = @DOC_TARGET@
+PICFLAG = @PICFLAG@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+SHLIBEXT = @SHLIBEXT@
+SHLD_FLAGS = @SHLD_FLAGS@
+tallocdir = @tallocdir@
 
-.SUFFIXES: .c .o .3 .3.xml .xml .html
+LIBOBJ = $(TALLOC_OBJ) @LIBREPLACEOBJ@
 
-LIBOBJ = @TALLOC_OBJ@ @LIBREPLACEOBJ@
+all:: showflags $(EXTRA_TARGETS)
 
-all: showflags libtalloc.a testsuite $(EXTRA_TARGETS)
+include $(tallocdir)/rules.mk
+include $(tallocdir)/talloc.mk
 
-showflags:
-	@echo 'talloc will be compiled with flags:'
-	@echo '  CFLAGS = $(CFLAGS)'
-	@echo '  LIBS = $(LIBS)'
+$(SOLIB): $(LIBOBJ)
+	$(CC) $(SHLD_FLAGS) -o $@ $(LIBOBJ) @SONAMEFLAG@$(SONAME)
 
-testsuite: $(LIBOBJ) testsuite.o
-	$(CC) $(CFLAGS) -o testsuite testsuite.o $(LIBOBJ) $(LIBS)
+check: test
 
-libtalloc.a: $(LIBOBJ)
-	ar -rv $@ $(LIBOBJ)
-	@-ranlib $@
+installcheck:: test install
 
-install: all 
-	${INSTALLCMD} -d $(DESTDIR)$(libdir)
-	${INSTALLCMD} -d $(DESTDIR)$(libdir)/pkgconfig
-	${INSTALLCMD} -m 755 libtalloc.a $(DESTDIR)$(libdir)
-	${INSTALLCMD} -d $(DESTDIR)${includedir}
-	${INSTALLCMD} -m 644 $(srcdir)/talloc.h $(DESTDIR)$(includedir)
-	${INSTALLCMD} -m 644 talloc.pc $(DESTDIR)$(libdir)/pkgconfig
-	if [ -f talloc.3 ];then ${INSTALLCMD} -d $(DESTDIR)$(mandir)/man3; fi
-	if [ -f talloc.3 ];then ${INSTALLCMD} -m 644 talloc.3 $(DESTDIR)$(mandir)/man3; fi
-
-doc: talloc.3 talloc.3.html
-
-.3.xml.3:
-	-test -z "$(XSLTPROC)" || $(XSLTPROC) --nonet -o $@ http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
-
-.xml.html:
-	-test -z "$(XSLTPROC)" || $(XSLTPROC) --nonet -o $@ http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl $<
-
-clean:
-	rm -f *~ $(LIBOBJ) libtalloc.a testsuite testsuite.o *.gc?? talloc.3 talloc.3.html
-
-test: testsuite
-	./testsuite
-
-gcov:
-	gcov talloc.c
-
-installcheck: 
-	$(MAKE) test
-
-distclean: clean
-	rm -f *~ */*~
+distclean:: clean
 	rm -f Makefile
 	rm -f config.log config.status config.h config.cache
 
-realdistclean: distclean
+realdistclean:: distclean
 	rm -f configure config.h.in
diff --git a/source3/lib/talloc/config.mk b/source3/lib/talloc/config.mk
index 714ad72d1c..540a05d100 100644
--- a/source3/lib/talloc/config.mk
+++ b/source3/lib/talloc/config.mk
@@ -1,13 +1,8 @@
-################################################
-# Start LIBRARY LIBTALLOC
 [LIBRARY::LIBTALLOC]
-VERSION = 0.0.1
-SO_VERSION = 0
+VERSION = 1.2.0
+SO_VERSION = 1
 OBJ_FILES = talloc.o
+PC_FILE = talloc.pc
 MANPAGE = talloc.3
 CFLAGS = -Ilib/talloc
 PUBLIC_HEADERS = talloc.h
-DESCRIPTION = A hierarchical pool based memory system with destructors
-#
-# End LIBRARY LIBTALLOC
-################################################
diff --git a/source3/lib/talloc/configure.ac b/source3/lib/talloc/configure.ac
index afc2a944f0..3dcf74ba25 100644
--- a/source3/lib/talloc/configure.ac
+++ b/source3/lib/talloc/configure.ac
@@ -1,5 +1,5 @@
 AC_PREREQ(2.50)
-AC_INIT(talloc, 1.1.0)
+AC_INIT(talloc, 1.2.0)
 AC_CONFIG_SRCDIR([talloc.c])
 AC_SUBST(datarootdir)
 AC_CONFIG_HEADER(config.h)
@@ -15,4 +15,9 @@ if test -n "$XSLTPROC"; then
 fi
 AC_SUBST(DOC_TARGET)
 
+AC_LD_PICFLAG
+AC_LD_SHLIBEXT
+AC_LD_SONAMEFLAG
+AC_LIBREPLACE_SHLD_FLAGS
+
 AC_OUTPUT(Makefile talloc.pc)
diff --git a/source3/lib/talloc/rules.mk b/source3/lib/talloc/rules.mk
new file mode 100644
index 0000000000..6cee126529
--- /dev/null
+++ b/source3/lib/talloc/rules.mk
@@ -0,0 +1,18 @@
+.SUFFIXES: .c .o .3 .3.xml .xml .html
+
+showflags::
+	@echo 'talloc will be compiled with flags:'
+	@echo '  CFLAGS = $(CFLAGS)'
+	@echo '  LIBS = $(LIBS)'
+
+.c.o:
+	$(CC) $(PICFLAG) -o $@ -c $< $(CFLAGS)
+
+.3.xml.3:
+	-test -z "$(XSLTPROC)" || $(XSLTPROC) --nonet -o $@ http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
+
+.xml.html:
+	-test -z "$(XSLTPROC)" || $(XSLTPROC) --nonet -o $@ http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl $<
+
+distclean::
+	rm -f *~ */*~
diff --git a/source3/torture/samtest.h b/source3/lib/talloc/talloc.i
index 5cde3fadb5..a9afb97ed7 100644
--- a/source3/torture/samtest.h
+++ b/source3/lib/talloc/talloc.i
@@ -1,12 +1,7 @@
 /* 
    Unix SMB/CIFS implementation.
-   SAM module tester
-
-   Copyright (C) Jelmer Vernooij 2002
-
-   Most of this code was ripped off of rpcclient.
-   Copyright (C) Tim Potter 2000-2001
-
+   Copyright (C) Jelmer Vernooij <jelmer@samba.org> 2007
+   
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
@@ -21,17 +16,16 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-struct samtest_state {
-	SAM_CONTEXT *context;
-	NT_USER_TOKEN *token;
-};
-
-struct cmd_set {
-	char *name;
-	NTSTATUS (*fn)(struct samtest_state *sam, TALLOC_CTX *mem_ctx, int argc, 
-                       char **argv);
-	char *description;
-	char *usage;
-};
-
+/* Don't expose talloc contexts in Python code. Python does reference 
+   counting for us, so just create a new top-level talloc context.
+ */
+%typemap(in, numinputs=0, noblock=1) TALLOC_CTX * {
+    $1 = NULL;
+}
 
+%define %talloctype(TYPE)
+%nodefaultctor TYPE;
+%extend TYPE {
+    ~TYPE() { talloc_free($self); }
+}
+%enddef
diff --git a/source3/lib/talloc/talloc.mk b/source3/lib/talloc/talloc.mk
new file mode 100644
index 0000000000..590adc74f2
--- /dev/null
+++ b/source3/lib/talloc/talloc.mk
@@ -0,0 +1,37 @@
+TALLOC_OBJ = $(tallocdir)/talloc.o 
+
+SOLIB = libtalloc.$(SHLIBEXT).$(PACKAGE_VERSION)
+SONAME = libtalloc.$(SHLIBEXT).1
+
+all:: libtalloc.a $(SOLIB) testsuite
+
+testsuite:: $(LIBOBJ) testsuite.o
+	$(CC) $(CFLAGS) -o testsuite testsuite.o $(LIBOBJ) $(LIBS)
+
+libtalloc.a: $(LIBOBJ)
+	ar -rv $@ $(LIBOBJ)
+	@-ranlib $@
+
+install:: all 
+	${INSTALLCMD} -d $(DESTDIR)$(libdir)
+	${INSTALLCMD} -d $(DESTDIR)$(libdir)/pkgconfig
+	${INSTALLCMD} -m 755 libtalloc.a $(DESTDIR)$(libdir)
+	${INSTALLCMD} -m 755 $(SOLIB) $(DESTDIR)$(libdir)
+	${INSTALLCMD} -d $(DESTDIR)${includedir}
+	${INSTALLCMD} -m 644 $(srcdir)/talloc.h $(DESTDIR)$(includedir)
+	${INSTALLCMD} -m 644 talloc.pc $(DESTDIR)$(libdir)/pkgconfig
+	if [ -f talloc.3 ];then ${INSTALLCMD} -d $(DESTDIR)$(mandir)/man3; fi
+	if [ -f talloc.3 ];then ${INSTALLCMD} -m 644 talloc.3 $(DESTDIR)$(mandir)/man3; fi
+	which swig >/dev/null 2>&1 && ${INSTALLCMD} -d $(DESTDIR)`swig -swiglib` || true
+	which swig >/dev/null 2>&1 && ${INSTALLCMD} -m 644 talloc.i $(DESTDIR)`swig -swiglib` || true
+
+doc:: talloc.3 talloc.3.html
+
+clean::
+	rm -f *~ $(LIBOBJ) $(SOLIB) libtalloc.a testsuite testsuite.o *.gc?? talloc.3 talloc.3.html
+
+test:: testsuite
+	./testsuite
+
+gcov::
+	gcov talloc.c
diff --git a/source3/lib/tdb/Makefile.in b/source3/lib/tdb/Makefile.in
index e1ecbb30ec..fd36ed078e 100644
--- a/source3/lib/tdb/Makefile.in
+++ b/source3/lib/tdb/Makefile.in
@@ -74,7 +74,7 @@ $(SONAME): $(SOLIB)
 	ln -s $< $@
 
 $(SOLIB): $(TDB_OBJ)
-	$(CC) $(SHLD_FLAGS) $(SONAMEFLAG)$(SONAME) -o $@ $^
+	$(CC) $(SHLD_FLAGS) -o $@ $(TDB_OBJ) $(SONAMEFLAG)$(SONAME) 
 
 TDB_LIB = libtdb.a
 
diff --git a/source3/lib/tdb/common/freelist.c b/source3/lib/tdb/common/freelist.c
index c086c151fa..2f2a4c379b 100644
--- a/source3/lib/tdb/common/freelist.c
+++ b/source3/lib/tdb/common/freelist.c
@@ -208,62 +208,61 @@ update:
 }
 
 
+
 /* 
    the core of tdb_allocate - called when we have decided which
    free list entry to use
+
+   Note that we try to allocate by grabbing data from the end of an existing record,
+   not the beginning. This is so the left merge in a free is more likely to be
+   able to free up the record without fragmentation
  */
-static tdb_off_t tdb_allocate_ofs(struct tdb_context *tdb, tdb_len_t length, tdb_off_t rec_ptr,
-				struct list_struct *rec, tdb_off_t last_ptr)
+static tdb_off_t tdb_allocate_ofs(struct tdb_context *tdb, 
+				  tdb_len_t length, tdb_off_t rec_ptr,
+				  struct list_struct *rec, tdb_off_t last_ptr)
 {
-	struct list_struct newrec;
-	tdb_off_t newrec_ptr;
+#define MIN_REC_SIZE (sizeof(struct list_struct) + sizeof(tdb_off_t) + 8)
 
-	memset(&newrec, '\0', sizeof(newrec));
+	if (rec->rec_len < length + MIN_REC_SIZE) {
+		/* we have to grab the whole record */
 
-	/* found it - now possibly split it up  */
-	if (rec->rec_len > length + MIN_REC_SIZE) {
-		/* Length of left piece */
-		length = TDB_ALIGN(length, TDB_ALIGNMENT);
-		
-		/* Right piece to go on free list */
-		newrec.rec_len = rec->rec_len - (sizeof(*rec) + length);
-		newrec_ptr = rec_ptr + sizeof(*rec) + length;
-		
-		/* And left record is shortened */
-		rec->rec_len = length;
-	} else {
-		newrec_ptr = 0;
+		/* unlink it from the previous record */
+		if (tdb_ofs_write(tdb, last_ptr, &rec->next) == -1) {
+			return 0;
+		}
+
+		/* mark it not free */
+		rec->magic = TDB_MAGIC;
+		if (tdb_rec_write(tdb, rec_ptr, rec) == -1) {
+			return 0;
+		}
+		return rec_ptr;
+	}
+
+	/* we're going to just shorten the existing record */
+	rec->rec_len -= (length + sizeof(*rec));
+	if (tdb_rec_write(tdb, rec_ptr, rec) == -1) {
+		return 0;
 	}
-	
-	/* Remove allocated record from the free list */
-	if (tdb_ofs_write(tdb, last_ptr, &rec->next) == -1) {
+	if (update_tailer(tdb, rec_ptr, rec) == -1) {
 		return 0;
 	}
-	
-	/* Update header: do this before we drop alloc
-	   lock, otherwise tdb_free() might try to
-	   merge with us, thinking we're free.
-	   (Thanks Jeremy Allison). */
+
+	/* and setup the new record */
+	rec_ptr += sizeof(*rec) + rec->rec_len;	
+
+	memset(rec, '\0', sizeof(*rec));
+	rec->rec_len = length;
 	rec->magic = TDB_MAGIC;
+
 	if (tdb_rec_write(tdb, rec_ptr, rec) == -1) {
 		return 0;
 	}
-	
-	/* Did we create new block? */
-	if (newrec_ptr) {
-		/* Update allocated record tailer (we
-		   shortened it). */
-		if (update_tailer(tdb, rec_ptr, rec) == -1) {
-			return 0;
-		}
-		
-		/* Free new record */
-		if (tdb_free(tdb, newrec_ptr, &newrec) == -1) {
-			return 0;
-		}
+
+	if (update_tailer(tdb, rec_ptr, rec) == -1) {
+		return 0;
 	}
-	
-	/* all done - return the new record offset */
+
 	return rec_ptr;
 }
 
@@ -287,6 +286,7 @@ tdb_off_t tdb_allocate(struct tdb_context *tdb, tdb_len_t length, struct list_st
 
 	/* Extra bytes required for tailer */
 	length += sizeof(tdb_off_t);
+	length = TDB_ALIGN(length, TDB_ALIGNMENT);
 
  again:
 	last_ptr = FREELIST_TOP;
@@ -343,7 +343,8 @@ tdb_off_t tdb_allocate(struct tdb_context *tdb, tdb_len_t length, struct list_st
 			goto fail;
 		}
 
-		newrec_ptr = tdb_allocate_ofs(tdb, length, bestfit.rec_ptr, rec, bestfit.last_ptr);
+		newrec_ptr = tdb_allocate_ofs(tdb, length, bestfit.rec_ptr, 
+					      rec, bestfit.last_ptr);
 		tdb_unlock(tdb, -1, F_WRLCK);
 		return newrec_ptr;
 	}
diff --git a/source3/lib/tdb/common/open.c b/source3/lib/tdb/common/open.c
index 94140a4baa..b19e4cea29 100644
--- a/source3/lib/tdb/common/open.c
+++ b/source3/lib/tdb/common/open.c
@@ -179,7 +179,7 @@ struct tdb_context *tdb_open_ex(const char *name, int hash_size, int tdb_flags,
 		tdb->page_size = 0x2000;
 	}
 
-	tdb->max_dead_records = (open_flags & TDB_VOLATILE) ? 5 : 0;
+	tdb->max_dead_records = (tdb_flags & TDB_VOLATILE) ? 5 : 0;
 
 	if ((open_flags & O_ACCMODE) == O_WRONLY) {
 		TDB_LOG((tdb, TDB_DEBUG_ERROR, "tdb_open_ex: can't open tdb %s write-only\n",
@@ -227,6 +227,7 @@ struct tdb_context *tdb_open_ex(const char *name, int hash_size, int tdb_flags,
 
 	/* we need to zero database if we are the only one with it open */
 	if ((tdb_flags & TDB_CLEAR_IF_FIRST) &&
+	    (!tdb->read_only) &&
 	    (locked = (tdb->methods->tdb_brlock(tdb, ACTIVE_LOCK, F_WRLCK, F_SETLK, 0, 1) == 0))) {
 		open_flags |= O_CREAT;
 		if (ftruncate(tdb->fd, 0) == -1) {
diff --git a/source3/lib/tdb/common/tdb.c b/source3/lib/tdb/common/tdb.c
index ea5d9ccc60..767452c9b3 100644
--- a/source3/lib/tdb/common/tdb.c
+++ b/source3/lib/tdb/common/tdb.c
@@ -687,20 +687,66 @@ void tdb_enable_seqnum(struct tdb_context *tdb)
 
 
 /*
+  add a region of the file to the freelist. Length is the size of the region in bytes, 
+  which includes the free list header that needs to be added
+ */
+static int tdb_free_region(struct tdb_context *tdb, tdb_off_t offset, ssize_t length)
+{
+	struct list_struct rec;
+	if (length <= sizeof(rec)) {
+		/* the region is not worth adding */
+		return 0;
+	}
+	if (length + offset > tdb->map_size) {
+		TDB_LOG((tdb, TDB_DEBUG_FATAL,"tdb_free_region: adding region beyond end of file\n"));
+		return -1;		
+	}
+	memset(&rec,'\0',sizeof(rec));
+	rec.rec_len = length - sizeof(rec);
+	if (tdb_free(tdb, offset, &rec) == -1) {
+		TDB_LOG((tdb, TDB_DEBUG_FATAL,"tdb_free_region: failed to add free record\n"));
+		return -1;
+	}
+	return 0;
+}
+
+/*
   wipe the entire database, deleting all records. This can be done
   very fast by using a global lock. The entire data portion of the
   file becomes a single entry in the freelist.
+
+  This code carefully steps around the recovery area, leaving it alone
  */
 int tdb_wipe_all(struct tdb_context *tdb)
 {
 	int i;
 	tdb_off_t offset = 0;
 	ssize_t data_len;
+	tdb_off_t recovery_head;
+	tdb_len_t recovery_size = 0;
 
 	if (tdb_lockall(tdb) != 0) {
 		return -1;
 	}
 
+	/* see if the tdb has a recovery area, and remember its size
+	   if so. We don't want to lose this as otherwise each
+	   tdb_wipe_all() in a transaction will increase the size of
+	   the tdb by the size of the recovery area */
+	if (tdb_ofs_read(tdb, TDB_RECOVERY_HEAD, &recovery_head) == -1) {
+		TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_wipe_all: failed to read recovery head\n"));
+		goto failed;
+	}
+
+	if (recovery_head != 0) {
+		struct list_struct rec;
+		if (tdb->methods->tdb_read(tdb, recovery_head, &rec, sizeof(rec), DOCONV()) == -1) {
+			TDB_LOG((tdb, TDB_DEBUG_FATAL, "tdb_wipe_all: failed to read recovery record\n"));
+			return -1;
+		}	
+		recovery_size = rec.rec_len + sizeof(rec);
+	}
+
 	/* wipe the hashes */
 	for (i=0;i<tdb->header.hash_size;i++) {
 		if (tdb_ofs_write(tdb, TDB_HASH_TOP(i), &offset) == -1) {
@@ -715,19 +761,30 @@ int tdb_wipe_all(struct tdb_context *tdb)
 		goto failed;
 	}
 
-	if (tdb_ofs_write(tdb, TDB_RECOVERY_HEAD, &offset) == -1) {
-		TDB_LOG((tdb, TDB_DEBUG_FATAL,"tdb_wipe_all: failed to write recovery head\n"));
-		goto failed;		
-	}
-
-	/* add all the rest of the file to the freelist */
-	data_len = (tdb->map_size - TDB_DATA_START(tdb->header.hash_size)) - sizeof(struct list_struct);
-	if (data_len > 0) {
-		struct list_struct rec;
-		memset(&rec,'\0',sizeof(rec));
-		rec.rec_len = data_len;
-		if (tdb_free(tdb, TDB_DATA_START(tdb->header.hash_size), &rec) == -1) {
-			TDB_LOG((tdb, TDB_DEBUG_FATAL,"tdb_wipe_all: failed to add free record\n"));
+	/* add all the rest of the file to the freelist, possibly leaving a gap 
+	   for the recovery area */
+	if (recovery_size == 0) {
+		/* the simple case - the whole file can be used as a freelist */
+		data_len = (tdb->map_size - TDB_DATA_START(tdb->header.hash_size));
+		if (tdb_free_region(tdb, TDB_DATA_START(tdb->header.hash_size), data_len) != 0) {
+			goto failed;
+		}
+	} else {
+		/* we need to add two freelist entries - one on either
+		   side of the recovery area 
+
+		   Note that we cannot shift the recovery area during
+		   this operation. Only the transaction.c code may
+		   move the recovery area or we risk subtle data
+		   corruption
+		*/
+		data_len = (recovery_head - TDB_DATA_START(tdb->header.hash_size));
+		if (tdb_free_region(tdb, TDB_DATA_START(tdb->header.hash_size), data_len) != 0) {
+			goto failed;
+		}
+		/* and the 2nd free list entry after the recovery area - if any */
+		data_len = tdb->map_size - (recovery_head+recovery_size);
+		if (tdb_free_region(tdb, recovery_head+recovery_size, data_len) != 0) {
 			goto failed;
 		}
 	}
diff --git a/source3/lib/tdb/common/tdb_private.h b/source3/lib/tdb/common/tdb_private.h
index 63a6d04e72..ffac89ff0e 100644
--- a/source3/lib/tdb/common/tdb_private.h
+++ b/source3/lib/tdb/common/tdb_private.h
@@ -49,7 +49,6 @@ typedef uint32_t tdb_off_t;
 #define TDB_DEAD_MAGIC (0xFEE1DEAD)
 #define TDB_RECOVERY_MAGIC (0xf53bc0e7U)
 #define TDB_ALIGNMENT 4
-#define MIN_REC_SIZE (2*sizeof(struct list_struct) + TDB_ALIGNMENT)
 #define DEFAULT_HASH_SIZE 131
 #define FREELIST_TOP (sizeof(struct tdb_header))
 #define TDB_ALIGN(x,a) (((x) + (a)-1) & ~((a)-1))
@@ -178,6 +177,7 @@ struct tdb_context {
 int tdb_munmap(struct tdb_context *tdb);
 void tdb_mmap(struct tdb_context *tdb);
 int tdb_lock(struct tdb_context *tdb, int list, int ltype);
+int tdb_lock_nonblock(struct tdb_context *tdb, int list, int ltype);
 int tdb_unlock(struct tdb_context *tdb, int list, int ltype);
 int tdb_brlock(struct tdb_context *tdb, tdb_off_t offset, int rw_type, int lck_type, int probe, size_t len);
 int tdb_transaction_lock(struct tdb_context *tdb, int ltype);
diff --git a/source3/lib/tdb/common/transaction.c b/source3/lib/tdb/common/transaction.c
index 0ecfb9b7ff..4e2127be64 100644
--- a/source3/lib/tdb/common/transaction.c
+++ b/source3/lib/tdb/common/transaction.c
@@ -219,9 +219,12 @@ static int transaction_write(struct tdb_context *tdb, tdb_off_t off,
 		uint8_t **new_blocks;
 		/* expand the blocks array */
 		if (tdb->transaction->blocks == NULL) {
-			new_blocks = malloc((blk+1)*sizeof(uint8_t *));
+			new_blocks = (uint8_t **)malloc(
+				(blk+1)*sizeof(uint8_t *));
 		} else {
-			new_blocks = realloc(tdb->transaction->blocks, (blk+1)*sizeof(uint8_t *));
+			new_blocks = (uint8_t **)realloc(
+				tdb->transaction->blocks,
+				(blk+1)*sizeof(uint8_t *));
 		}
 		if (new_blocks == NULL) {
 			tdb->ecode = TDB_ERR_OOM;
@@ -316,25 +319,18 @@ static int transaction_write_existing(struct tdb_context *tdb, tdb_off_t off,
 		return 0;
 	}
 
-	/* overwrite part of an existing block */
-	if (buf == NULL) {
-		memset(tdb->transaction->blocks[blk] + off, 0, len);
-	} else {
-		memcpy(tdb->transaction->blocks[blk] + off, buf, len);
-	}
-	if (blk == tdb->transaction->num_blocks-1) {
-		if (len + off > tdb->transaction->last_block_size) {
-			tdb->transaction->last_block_size = len + off;
+	if (blk == tdb->transaction->num_blocks-1 &&
+	    off + len > tdb->transaction->last_block_size) {
+		if (off >= tdb->transaction->last_block_size) {
+			return 0;
 		}
+		len = tdb->transaction->last_block_size - off;
 	}
 
-	return 0;
+	/* overwrite part of an existing block */
+	memcpy(tdb->transaction->blocks[blk] + off, buf, len);
 
-fail:
-	TDB_LOG((tdb, TDB_DEBUG_FATAL, "transaction_write: failed at off=%d len=%d\n", 
-		 (blk*tdb->transaction->block_size) + off, len));
-	tdb->transaction->transaction_error = 1;
-	return -1;
+	return 0;
 }
 
 
diff --git a/source3/lib/tdb/config.mk b/source3/lib/tdb/config.mk
index ab90ed728d..01a23f00de 100644
--- a/source3/lib/tdb/config.mk
+++ b/source3/lib/tdb/config.mk
@@ -3,7 +3,7 @@
 [LIBRARY::LIBTDB]
 VERSION = 0.0.1
 SO_VERSION = 0
-DESCRIPTION = Trivial Database Library
+PC_FILE = tdb.pc
 OBJ_FILES = \
 	common/tdb.o common/dump.o common/io.o common/lock.o \
 	common/open.o common/traverse.o common/freelist.o \
diff --git a/source3/lib/tdb/configure.ac b/source3/lib/tdb/configure.ac
index 1085055bc9..14761bcc1a 100644
--- a/source3/lib/tdb/configure.ac
+++ b/source3/lib/tdb/configure.ac
@@ -8,7 +8,7 @@ AC_CONFIG_HEADER(include/config.h)
 AC_LIBREPLACE_ALL_CHECKS
 AC_LD_SONAMEFLAG
 AC_LD_PICFLAG
-AC_LD_SHLDFLAGS
 AC_LD_SHLIBEXT
+AC_LIBREPLACE_SHLD_FLAGS
 m4_include(libtdb.m4)
 AC_OUTPUT(Makefile tdb.pc)
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 0653fc9d3f..dba7142bad 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -506,6 +506,19 @@ bool file_exist(const char *fname,SMB_STRUCT_STAT *sbuf)
 }
 
 /*******************************************************************
+ Check if a unix domain socket exists - call vfs_file_exist for samba files.
+********************************************************************/
+
+bool socket_exist(const char *fname)
+{
+	SMB_STRUCT_STAT st;
+	if (sys_stat(fname,&st) != 0) 
+		return(False);
+
+	return S_ISSOCK(st.st_mode);
+}
+
+/*******************************************************************
  Check a files mod time.
 ********************************************************************/
 
@@ -2169,7 +2182,7 @@ void dump_data_pw(const char *msg, const uchar * data, size_t len)
 
 const char *tab_depth(int level, int depth)
 {
-	if( DEBUGLVL(level) ) {
+	if( CHECK_DEBUGLVL(level) ) {
 		dbgtext("%*s", depth*4, "");
 	}
 	return "";
@@ -2418,6 +2431,7 @@ char *smb_xstrndup(const char *s, size_t n)
 	if (n == -1 || ! *ptr) {
 		smb_panic("smb_xvasprintf: out of memory");
 	}
+	va_end(ap2);
 	return n;
 }
 
@@ -3260,3 +3274,93 @@ void *talloc_zeronull(const void *context, size_t size, const char *name)
 	return talloc_named_const(context, size, name);
 }
 #endif
+
+/* Split a path name into filename and stream name components. Canonicalise
+ * such that an implicit $DATA token is always explicit.
+ *
+ * The "specification" of this function can be found in the
+ * run_local_stream_name() function in torture.c, I've tried those
+ * combinations against a W2k3 server.
+ */
+
+NTSTATUS split_ntfs_stream_name(TALLOC_CTX *mem_ctx, const char *fname,
+				char **pbase, char **pstream)
+{
+	char *base = NULL;
+	char *stream = NULL;
+	char *sname; /* stream name */
+	const char *stype; /* stream type */
+
+	DEBUG(10, ("split_ntfs_stream_name called for [%s]\n", fname));
+
+	sname = strchr_m(fname, ':');
+
+	if (lp_posix_pathnames() || (sname == NULL)) {
+		if (pbase != NULL) {
+			base = talloc_strdup(mem_ctx, fname);
+			NT_STATUS_HAVE_NO_MEMORY(base);
+		}
+		goto done;
+	}
+
+	if (pbase != NULL) {
+		base = talloc_strndup(mem_ctx, fname, PTR_DIFF(sname, fname));
+		NT_STATUS_HAVE_NO_MEMORY(base);
+	}
+
+	sname += 1;
+
+	stype = strchr_m(sname, ':');
+
+	if (stype == NULL) {
+		sname = talloc_strdup(mem_ctx, sname);
+		stype = "$DATA";
+	}
+	else {
+		if (StrCaseCmp(stype, ":$DATA") != 0) {
+			/*
+			 * If there is an explicit stream type, so far we only
+			 * allow $DATA. Is there anything else allowed? -- vl
+			 */
+			DEBUG(10, ("[%s] is an invalid stream type\n", stype));
+			TALLOC_FREE(base);
+			return NT_STATUS_OBJECT_NAME_INVALID;
+		}
+		sname = talloc_strndup(mem_ctx, sname, PTR_DIFF(stype, sname));
+		stype += 1;
+	}
+
+	if (sname == NULL) {
+		TALLOC_FREE(base);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (sname[0] == '\0') {
+		/*
+		 * no stream name, so no stream
+		 */
+		goto done;
+	}
+
+	if (pstream != NULL) {
+		stream = talloc_asprintf(mem_ctx, "%s:%s", sname, stype);
+		if (stream == NULL) {
+			TALLOC_FREE(sname);
+			TALLOC_FREE(base);
+			return NT_STATUS_NO_MEMORY;
+		}
+		/*
+		 * upper-case the type field
+		 */
+		strupper_m(strchr_m(stream, ':')+1);
+	}
+
+ done:
+	if (pbase != NULL) {
+		*pbase = base;
+	}
+	if (pstream != NULL) {
+		*pstream = stream;
+	}
+	return NT_STATUS_OK;
+}
diff --git a/source3/lib/util_reg.c b/source3/lib/util_reg.c
index 956f0475a5..2475dca040 100644
--- a/source3/lib/util_reg.c
+++ b/source3/lib/util_reg.c
@@ -95,7 +95,7 @@ WERROR reg_pull_multi_sz(TALLOC_CTX *mem_ctx, const void *buf, size_t len,
 		thislen = strnlen_w(p, len) + 1;
 		dstlen = convert_string_allocate(*values, CH_UTF16LE, CH_UNIX,
 						 p, thislen*2, (void *)&val,
-						 True);
+						 true);
 		if (dstlen == (size_t)-1) {
 			TALLOC_FREE(*values);
 			return WERR_NOMEM;
@@ -130,14 +130,15 @@ bool registry_smbconf_valname_forbidden(const char *valname)
 		"include",
 		"lock directory",
 		"lock dir",
+		"config backend",
 		NULL
 	};
 	const char **forbidden = NULL;
 
 	for (forbidden = forbidden_valnames; *forbidden != NULL; forbidden++) {
 		if (strwicmp(valname, *forbidden) == 0) {
-			return True;
+			return true;
 		}
 	}
-	return False;
+	return false;
 }
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 37865238a5..fd2e93a697 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -665,7 +665,7 @@ bool is_null_sid(const DOM_SID *sid)
 }
 
 NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
-			      const NET_USER_INFO_3 *info3,
+			      const struct netr_SamInfo3 *info3,
 			      DOM_SID **user_sids,
 			      size_t *num_user_sids,
 			      bool include_user_group_rid)
@@ -678,45 +678,45 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
 
 	if (include_user_group_rid) {
 
-		if (!sid_compose(&sid, &(info3->dom_sid.sid), info3->user_rid))
+		if (!sid_compose(&sid, info3->base.domain_sid, info3->base.rid))
 		{
 			DEBUG(3, ("could not compose user SID from rid 0x%x\n",
-				  info3->user_rid));
+				  info3->base.rid));
 			return NT_STATUS_INVALID_PARAMETER;
 		}
 		status = add_sid_to_array(mem_ctx, &sid, &sid_array, &num_sids);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(3, ("could not append user SID from rid 0x%x\n",
-				  info3->user_rid));
+				  info3->base.rid));
 			return status;
 		}
 
-		if (!sid_compose(&sid, &(info3->dom_sid.sid), info3->group_rid))
+		if (!sid_compose(&sid, info3->base.domain_sid, info3->base.primary_gid))
 		{
 			DEBUG(3, ("could not compose group SID from rid 0x%x\n",
-				  info3->group_rid));
+				  info3->base.primary_gid));
 			return NT_STATUS_INVALID_PARAMETER;
 		}
 		status = add_sid_to_array(mem_ctx, &sid, &sid_array, &num_sids);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(3, ("could not append group SID from rid 0x%x\n",
-				  info3->group_rid));
+				  info3->base.rid));
 			return status;
 		}
 	}
 
-	for (i = 0; i < info3->num_groups2; i++) {
-		if (!sid_compose(&sid, &(info3->dom_sid.sid),
-				 info3->gids[i].g_rid))
+	for (i = 0; i < info3->base.groups.count; i++) {
+		if (!sid_compose(&sid, info3->base.domain_sid,
+				 info3->base.groups.rids[i].rid))
 		{
 			DEBUG(3, ("could not compose SID from additional group "
-				  "rid 0x%x\n", info3->gids[i].g_rid));
+				  "rid 0x%x\n", info3->base.groups.rids[i].rid));
 			return NT_STATUS_INVALID_PARAMETER;
 		}
 		status = add_sid_to_array(mem_ctx, &sid, &sid_array, &num_sids);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(3, ("could not append SID from additional group "
-				  "rid 0x%x\n", info3->gids[i].g_rid));
+				  "rid 0x%x\n", info3->base.groups.rids[i].rid));
 			return status;
 		}
 	}
@@ -727,12 +727,12 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
            http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
          */
 
-	for (i = 0; i < info3->num_other_sids; i++) {
-		status = add_sid_to_array(mem_ctx, &info3->other_sids[i].sid,
+	for (i = 0; i < info3->sidcount; i++) {
+		status = add_sid_to_array(mem_ctx, info3->sids[i].sid,
 				      &sid_array, &num_sids);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(3, ("could not add SID to array: %s\n",
-				  sid_string_dbg(&info3->other_sids[i].sid)));
+				  sid_string_dbg(info3->sids[i].sid)));
 			return status;
 		}
 	}
diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index 945506ea77..a7c35c4887 100644
--- a/source3/lib/util_sock.c
+++ b/source3/lib/util_sock.c
@@ -112,7 +112,7 @@ static bool interpret_string_addr_internal(struct addrinfo **ppres,
 			&hints,
 			ppres);
 	if (ret) {
-		DEBUG(3,("interpret_string_addr_interal: getaddrinfo failed "
+		DEBUG(3,("interpret_string_addr_internal: getaddrinfo failed "
 			"for name %s [%s]\n",
 			str,
 			gai_strerror(ret) ));
@@ -476,6 +476,29 @@ bool is_address_any(const struct sockaddr_storage *psa)
 }
 
 /****************************************************************************
+ Get a port number in host byte order from a sockaddr_storage.
+****************************************************************************/
+
+uint16_t get_sockaddr_port(const struct sockaddr_storage *pss)
+{
+	uint16_t port = 0;
+
+	if (pss->ss_family != AF_INET) {
+#if defined(HAVE_IPV6)
+		/* IPv6 */
+		const struct sockaddr_in6 *sa6 =
+			(const struct sockaddr_in6 *)pss;
+		port = ntohs(sa6->sin6_port);
+#endif
+	} else {
+		const struct sockaddr_in *sa =
+			(const struct sockaddr_in *)pss;
+		port = ntohs(sa->sin_port);
+	}
+	return port;
+}
+
+/****************************************************************************
  Print out an IPv4 or IPv6 address from a struct sockaddr_storage.
 ****************************************************************************/
 
@@ -518,7 +541,7 @@ char *print_canonical_sockaddr(TALLOC_CTX *ctx,
 	char *dest = NULL;
 	int ret;
 
-	ret = getnameinfo((const struct sockaddr *)pss,
+	ret = sys_getnameinfo((const struct sockaddr *)pss,
 			sizeof(struct sockaddr_storage),
 			addr, sizeof(addr),
 			NULL, 0,
@@ -890,12 +913,10 @@ ssize_t read_udp_v4_socket(int fd,
  time_out = timeout in milliseconds
 ****************************************************************************/
 
-ssize_t read_socket_with_timeout(int fd,
-				char *buf,
-				size_t mincnt,
-				size_t maxcnt,
-				unsigned int time_out,
-				enum smb_read_errors *pre)
+NTSTATUS read_socket_with_timeout(int fd, char *buf,
+				  size_t mincnt, size_t maxcnt,
+				  unsigned int time_out,
+				  size_t *size_ret)
 {
 	fd_set fds;
 	int selrtn;
@@ -906,9 +927,7 @@ ssize_t read_socket_with_timeout(int fd,
 
 	/* just checking .... */
 	if (maxcnt <= 0)
-		return(0);
-
-	set_smb_read_error(pre,SMB_READ_OK);
+		return NT_STATUS_OK;
 
 	/* Blocking read */
 	if (time_out == 0) {
@@ -922,8 +941,7 @@ ssize_t read_socket_with_timeout(int fd,
 			if (readret == 0) {
 				DEBUG(5,("read_socket_with_timeout: "
 					"blocking read. EOF from client.\n"));
-				set_smb_read_error(pre,SMB_READ_EOF);
-				return -1;
+				return NT_STATUS_END_OF_FILE;
 			}
 
 			if (readret == -1) {
@@ -939,12 +957,11 @@ ssize_t read_socket_with_timeout(int fd,
 						"read error = %s.\n",
 						strerror(errno) ));
 				}
-				set_smb_read_error(pre,SMB_READ_ERROR);
-				return -1;
+				return map_nt_error_from_unix(errno);
 			}
 			nread += readret;
 		}
-		return((ssize_t)nread);
+		goto done;
 	}
 
 	/* Most difficult - timeout read */
@@ -978,16 +995,14 @@ ssize_t read_socket_with_timeout(int fd,
 				"read. select error = %s.\n",
 				strerror(errno) ));
 			}
-			set_smb_read_error(pre,SMB_READ_ERROR);
-			return -1;
+			return map_nt_error_from_unix(errno);
 		}
 
 		/* Did we timeout ? */
 		if (selrtn == 0) {
 			DEBUG(10,("read_socket_with_timeout: timeout read. "
 				"select timed out.\n"));
-			set_smb_read_error(pre,SMB_READ_TIMEOUT);
-			return -1;
+			return NT_STATUS_IO_TIMEOUT;
 		}
 
 		readret = sys_read(fd, buf+nread, maxcnt-nread);
@@ -996,8 +1011,7 @@ ssize_t read_socket_with_timeout(int fd,
 			/* we got EOF on the file descriptor */
 			DEBUG(5,("read_socket_with_timeout: timeout read. "
 				"EOF from client.\n"));
-			set_smb_read_error(pre,SMB_READ_EOF);
-			return -1;
+			return NT_STATUS_END_OF_FILE;
 		}
 
 		if (readret == -1) {
@@ -1014,61 +1028,27 @@ ssize_t read_socket_with_timeout(int fd,
 					"read. read error = %s.\n",
 					strerror(errno) ));
 			}
-			set_smb_read_error(pre,SMB_READ_ERROR);
-			return -1;
+			return map_nt_error_from_unix(errno);
 		}
 
 		nread += readret;
 	}
 
+ done:
 	/* Return the number we got */
-	return (ssize_t)nread;
+	if (size_ret) {
+		*size_ret = nread;
+	}
+	return NT_STATUS_OK;
 }
 
 /****************************************************************************
  Read data from the client, reading exactly N bytes.
 ****************************************************************************/
 
-ssize_t read_data(int fd,char *buffer,size_t N, enum smb_read_errors *pre)
+NTSTATUS read_data(int fd, char *buffer, size_t N)
 {
-	ssize_t ret;
-	size_t total=0;
-	char addr[INET6_ADDRSTRLEN];
-
-	set_smb_read_error(pre,SMB_READ_OK);
-
-	while (total < N) {
-		ret = sys_read(fd,buffer + total,N - total);
-
-		if (ret == 0) {
-			DEBUG(10,("read_data: read of %d returned 0. "
-				"Error = %s\n",
-				(int)(N - total), strerror(errno) ));
-			set_smb_read_error(pre,SMB_READ_EOF);
-			return 0;
-		}
-
-		if (ret == -1) {
-			if (fd == get_client_fd()) {
-				/* Try and give an error message saying
-				 * what client failed. */
-				DEBUG(0,("read_data: read failure for %d "
-					"bytes to client %s. Error = %s\n",
-					(int)(N - total),
-					get_peer_addr(fd,addr,sizeof(addr)),
-					strerror(errno) ));
-			} else {
-				DEBUG(0,("read_data: read failure for %d. "
-					"Error = %s\n",
-					(int)(N - total),
-					strerror(errno) ));
-			}
-			set_smb_read_error(pre,SMB_READ_ERROR);
-			return -1;
-		}
-		total += ret;
-	}
-	return (ssize_t)total;
+	return read_socket_with_timeout(fd, buffer, N, N, 0, NULL);
 }
 
 /****************************************************************************
@@ -1130,37 +1110,29 @@ bool send_keepalive(int client)
  Timeout is in milliseconds.
 ****************************************************************************/
 
-ssize_t read_smb_length_return_keepalive(int fd,
-					char *inbuf,
-					unsigned int timeout,
-					enum smb_read_errors *pre)
+NTSTATUS read_smb_length_return_keepalive(int fd, char *inbuf,
+					  unsigned int timeout,
+					  size_t *len)
 {
-	ssize_t len=0;
 	int msg_type;
-	bool ok = false;
+	NTSTATUS status;
 
-	while (!ok) {
-		if (timeout > 0) {
-			ok = (read_socket_with_timeout(fd,inbuf,4,4,
-						timeout,pre) == 4);
-		} else {
-			ok = (read_data(fd,inbuf,4,pre) == 4);
-		}
-		if (!ok) {
-			return -1;
-		}
+	status = read_socket_with_timeout(fd, inbuf, 4, 4, timeout, NULL);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
 
-		len = smb_len(inbuf);
-		msg_type = CVAL(inbuf,0);
+	*len = smb_len(inbuf);
+	msg_type = CVAL(inbuf,0);
 
-		if (msg_type == SMBkeepalive) {
-			DEBUG(5,("Got keepalive packet\n"));
-		}
+	if (msg_type == SMBkeepalive) {
+		DEBUG(5,("Got keepalive packet\n"));
 	}
 
-	DEBUG(10,("got smb length of %lu\n",(unsigned long)len));
+	DEBUG(10,("got smb length of %lu\n",(unsigned long)(*len)));
 
-	return len;
+	return NT_STATUS_OK;
 }
 
 /****************************************************************************
@@ -1170,25 +1142,27 @@ ssize_t read_smb_length_return_keepalive(int fd,
  Timeout is in milliseconds.
 ****************************************************************************/
 
-ssize_t read_smb_length(int fd, char *inbuf, unsigned int timeout, enum smb_read_errors *pre)
+NTSTATUS read_smb_length(int fd, char *inbuf, unsigned int timeout,
+			 size_t *len)
 {
-	ssize_t len;
+	uint8_t msgtype = SMBkeepalive;
 
-	for(;;) {
-		len = read_smb_length_return_keepalive(fd, inbuf, timeout, pre);
+	while (msgtype == SMBkeepalive) {
+		NTSTATUS status;
 
-		if(len < 0)
-			return len;
+		status = read_smb_length_return_keepalive(fd, inbuf, timeout,
+							  len);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
 
-		/* Ignore session keepalives. */
-		if(CVAL(inbuf,0) != SMBkeepalive)
-			break;
+		msgtype = CVAL(inbuf, 0);
 	}
 
 	DEBUG(10,("read_smb_length: got smb length of %lu\n",
 		  (unsigned long)len));
 
-	return len;
+	return NT_STATUS_OK;
 }
 
 /****************************************************************************
@@ -1201,28 +1175,17 @@ ssize_t read_smb_length(int fd, char *inbuf, unsigned int timeout, enum smb_read
  Doesn't check the MAC on signed packets.
 ****************************************************************************/
 
-ssize_t receive_smb_raw(int fd,
-			char *buffer,
-			unsigned int timeout,
-			size_t maxlen,
-			enum smb_read_errors *pre)
+NTSTATUS receive_smb_raw(int fd, char *buffer, unsigned int timeout,
+			 size_t maxlen, size_t *p_len)
 {
-	ssize_t len,ret;
-
-	set_smb_read_error(pre,SMB_READ_OK);
+	size_t len;
+	NTSTATUS status;
 
-	len = read_smb_length_return_keepalive(fd,buffer,timeout,pre);
-	if (len < 0) {
-		DEBUG(10,("receive_smb_raw: length < 0!\n"));
+	status = read_smb_length_return_keepalive(fd,buffer,timeout,&len);
 
-		/*
-		 * Correct fix. smb_read_error may have already been
-		 * set. Only set it here if not already set. Global
-		 * variables still suck :-). JRA.
-		 */
-
-		cond_set_smb_read_error(pre,SMB_READ_ERROR);
-		return -1;
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(10, ("receive_smb_raw: %s!\n", nt_errstr(status)));
+		return status;
 	}
 
 	/*
@@ -1234,15 +1197,7 @@ ssize_t receive_smb_raw(int fd,
 		DEBUG(0,("Invalid packet length! (%lu bytes).\n",
 					(unsigned long)len));
 		if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) {
-
-			/*
-			 * Correct fix. smb_read_error may have already been
-			 * set. Only set it here if not already set. Global
-			 * variables still suck :-). JRA.
-			 */
-
-			cond_set_smb_read_error(pre,SMB_READ_ERROR);
-			return -1;
+			return NT_STATUS_INVALID_PARAMETER;
 		}
 	}
 
@@ -1251,20 +1206,11 @@ ssize_t receive_smb_raw(int fd,
 			len = MIN(len,maxlen);
 		}
 
-		if (timeout > 0) {
-			ret = read_socket_with_timeout(fd,
-					buffer+4,
-					len,
-					len,
-					timeout,
-					pre);
-		} else {
-			ret = read_data(fd,buffer+4,len,pre);
-		}
+		status = read_socket_with_timeout(
+			fd, buffer+4, len, len, timeout, &len);
 
-		if (ret != len) {
-			cond_set_smb_read_error(pre,SMB_READ_ERROR);
-			return -1;
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
 		}
 
 		/* not all of samba3 properly checks for packet-termination
@@ -1273,7 +1219,8 @@ ssize_t receive_smb_raw(int fd,
 		SSVAL(buffer+4,len, 0);
 	}
 
-	return len;
+	*p_len = len;
+	return NT_STATUS_OK;
 }
 
 /****************************************************************************
@@ -1847,7 +1794,7 @@ const char *get_peer_name(int fd, bool force_lookup)
 	}
 
 	/* Look up the remote host name. */
-	ret = getnameinfo((struct sockaddr *)&ss,
+	ret = sys_getnameinfo((struct sockaddr *)&ss,
 			length,
 			name_buf,
 			sizeof(name_buf),
@@ -1957,8 +1904,7 @@ int create_pipe_sock(const char *socket_dir,
                 goto out_close;
 	}
 
-	asprintf(&path, "%s/%s", socket_dir, socket_name);
-	if (!path) {
+	if (asprintf(&path, "%s/%s", socket_dir, socket_name) == -1) {
                 goto out_close;
 	}
 
@@ -1986,7 +1932,8 @@ int create_pipe_sock(const char *socket_dir,
 
 out_close:
 	SAFE_FREE(path);
-	close(sock);
+	if (sock != -1)
+		close(sock);
 
 out_umask:
 	umask(old_umask);
@@ -2057,14 +2004,15 @@ const char *get_mydnsfullname(void)
 			data_blob_string_const("get_mydnsfullname"),
 			data_blob_string_const(res->ai_canonname));
 
-	freeaddrinfo(res);
-
 	if (!memcache_lookup(NULL, SINGLETON_CACHE,
 			data_blob_string_const("get_mydnsfullname"),
 			&tmp)) {
-		return NULL;
+		tmp = data_blob_talloc(talloc_tos(), res->ai_canonname,
+				strlen(res->ai_canonname) + 1);
 	}
 
+	freeaddrinfo(res);
+
 	return (const char *)tmp.data;
 }
 
diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index 3e3268104c..cb8a100fa7 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -1841,149 +1841,93 @@ int fstr_sprintf(fstring s, const char *fmt, ...)
 
 #define S_LIST_ABS 16 /* List Allocation Block Size */
 
-static char **str_list_make_internal(TALLOC_CTX *mem_ctx,
-		const char *string,
-		const char *sep)
+char **str_list_make(TALLOC_CTX *mem_ctx, const char *string, const char *sep)
 {
-	char **list, **rlist;
+	char **list;
 	const char *str;
 	char *s;
 	int num, lsize;
 	char *tok;
-	TALLOC_CTX *frame = NULL;
 
 	if (!string || !*string)
 		return NULL;
-	if (mem_ctx) {
-		s = talloc_strdup(mem_ctx, string);
-	} else {
-		s = SMB_STRDUP(string);
+
+	list = TALLOC_ARRAY(mem_ctx, char *, S_LIST_ABS+1);
+	if (list == NULL) {
+		return NULL;
 	}
-	if (!s) {
+	lsize = S_LIST_ABS;
+
+	s = talloc_strdup(list, string);
+	if (s == NULL) {
 		DEBUG(0,("str_list_make: Unable to allocate memory"));
+		TALLOC_FREE(list);
 		return NULL;
 	}
 	if (!sep) sep = LIST_SEP;
 
-	num = lsize = 0;
-	list = NULL;
-
+	num = 0;
 	str = s;
-	frame = talloc_stackframe();
-	while (next_token_talloc(frame, &str, &tok, sep)) {
+
+	while (next_token_talloc(list, &str, &tok, sep)) {
+
 		if (num == lsize) {
+			char **tmp;
+
 			lsize += S_LIST_ABS;
-			if (mem_ctx) {
-				rlist = TALLOC_REALLOC_ARRAY(mem_ctx, list,
-						char *, lsize +1);
-			} else {
-				/* We need to keep the old list on
-				 * error so we can free the elements
-				   if the realloc fails. */
-				rlist =SMB_REALLOC_ARRAY_KEEP_OLD_ON_ERROR(list,
-						char *, lsize +1);
-			}
-			if (!rlist) {
+
+			tmp = TALLOC_REALLOC_ARRAY(mem_ctx, list, char *,
+						   lsize + 1);
+			if (tmp == NULL) {
 				DEBUG(0,("str_list_make: "
 					"Unable to allocate memory"));
-				str_list_free(&list);
-				if (mem_ctx) {
-					TALLOC_FREE(s);
-				} else {
-					SAFE_FREE(s);
-				}
-				TALLOC_FREE(frame);
+				TALLOC_FREE(list);
 				return NULL;
-			} else {
-				list = rlist;
 			}
-			memset (&list[num], 0,
-					((sizeof(char**)) * (S_LIST_ABS +1)));
-		}
 
-		if (mem_ctx) {
-			list[num] = talloc_strdup(mem_ctx, tok);
-		} else {
-			list[num] = SMB_STRDUP(tok);
-		}
+			list = tmp;
 
-		if (!list[num]) {
-			DEBUG(0,("str_list_make: Unable to allocate memory"));
-			str_list_free(&list);
-			if (mem_ctx) {
-				TALLOC_FREE(s);
-			} else {
-				SAFE_FREE(s);
-			}
-			TALLOC_FREE(frame);
-			return NULL;
+			memset (&list[num], 0,
+				((sizeof(char**)) * (S_LIST_ABS +1)));
 		}
 
-		num++;
+		list[num] = tok;
+		num += 1;
 	}
 
-	TALLOC_FREE(frame);
-
-	if (mem_ctx) {
-		TALLOC_FREE(s);
-	} else {
-		SAFE_FREE(s);
-	}
+	list[num] = NULL;
 
+	TALLOC_FREE(s);
 	return list;
 }
 
-char **str_list_make_talloc(TALLOC_CTX *mem_ctx,
-		const char *string,
-		const char *sep)
-{
-	return str_list_make_internal(mem_ctx, string, sep);
-}
-
-char **str_list_make(const char *string, const char *sep)
+bool str_list_copy(TALLOC_CTX *mem_ctx, char ***dest, const char **src)
 {
-	return str_list_make_internal(NULL, string, sep);
-}
-
-bool str_list_copy(char ***dest, const char **src)
-{
-	char **list, **rlist;
-	int num, lsize;
+	char **list;
+	int i, num;
 
 	*dest = NULL;
 	if (!src)
 		return false;
 
-	num = lsize = 0;
-	list = NULL;
+	num = 0;
+	while (src[num] != NULL) {
+		num += 1;
+	}
 
-	while (src[num]) {
-		if (num == lsize) {
-			lsize += S_LIST_ABS;
-			rlist = SMB_REALLOC_ARRAY_KEEP_OLD_ON_ERROR(list,
-					char *, lsize +1);
-			if (!rlist) {
-				DEBUG(0,("str_list_copy: "
-					"Unable to re-allocate memory"));
-				str_list_free(&list);
-				return false;
-			} else {
-				list = rlist;
-			}
-			memset (&list[num], 0,
-					((sizeof(char **)) * (S_LIST_ABS +1)));
-		}
+	list = TALLOC_ARRAY(mem_ctx, char *, num+1);
+	if (list == NULL) {
+		return false;
+	}
 
-		list[num] = SMB_STRDUP(src[num]);
-		if (!list[num]) {
-			DEBUG(0,("str_list_copy: Unable to allocate memory"));
-			str_list_free(&list);
+	for (i=0; i<num; i++) {
+		list[i] = talloc_strdup(list, src[i]);
+		if (list[i] == NULL) {
+			TALLOC_FREE(list);
 			return false;
 		}
-
-		num++;
 	}
-
+	list[i] = NULL;
 	*dest = list;
 	return true;
 }
@@ -2010,37 +1954,6 @@ bool str_list_compare(char **list1, char **list2)
 	return true;
 }
 
-static void str_list_free_internal(TALLOC_CTX *mem_ctx, char ***list)
-{
-	char **tlist;
-
-	if (!list || !*list)
-		return;
-	tlist = *list;
-	for(; *tlist; tlist++) {
-		if (mem_ctx) {
-			TALLOC_FREE(*tlist);
-		} else {
-			SAFE_FREE(*tlist);
-		}
-	}
-	if (mem_ctx) {
-		TALLOC_FREE(*tlist);
-	} else {
-		SAFE_FREE(*list);
-	}
-}
-
-void str_list_free_talloc(TALLOC_CTX *mem_ctx, char ***list)
-{
-	str_list_free_internal(mem_ctx, list);
-}
-
-void str_list_free(char ***list)
-{
-	str_list_free_internal(NULL, list);
-}
-
 /******************************************************************************
  *****************************************************************************/
 
@@ -2173,6 +2086,7 @@ static char *ipstr_list_add(char **ipstr_list, const struct ip_service *service)
 {
 	char *new_ipstr = NULL;
 	char addr_buf[INET6_ADDRSTRLEN];
+	int ret;
 
 	/* arguments checking */
 	if (!ipstr_list || !service) {
@@ -2187,33 +2101,30 @@ static char *ipstr_list_add(char **ipstr_list, const struct ip_service *service)
 	if (*ipstr_list) {
 		if (service->ss.ss_family == AF_INET) {
 			/* IPv4 */
-			asprintf(&new_ipstr, "%s%s%s:%d",
-					*ipstr_list,
-					IPSTR_LIST_SEP,
-					addr_buf,
-					service->port);
+			ret = asprintf(&new_ipstr, "%s%s%s:%d",	*ipstr_list,
+				       IPSTR_LIST_SEP, addr_buf,
+				       service->port);
 		} else {
 			/* IPv6 */
-			asprintf(&new_ipstr, "%s%s[%s]:%d",
-					*ipstr_list,
-					IPSTR_LIST_SEP,
-					addr_buf,
-					service->port);
+			ret = asprintf(&new_ipstr, "%s%s[%s]:%d", *ipstr_list,
+				       IPSTR_LIST_SEP, addr_buf,
+				       service->port);
 		}
 		SAFE_FREE(*ipstr_list);
 	} else {
 		if (service->ss.ss_family == AF_INET) {
 			/* IPv4 */
-			asprintf(&new_ipstr, "%s:%d",
-				addr_buf,
-				service->port);
+			ret = asprintf(&new_ipstr, "%s:%d", addr_buf,
+				       service->port);
 		} else {
 			/* IPv6 */
-			asprintf(&new_ipstr, "[%s]:%d",
-				addr_buf,
-				service->port);
+			ret = asprintf(&new_ipstr, "[%s]:%d", addr_buf,
+				       service->port);
 		}
 	}
+	if (ret == -1) {
+		return NULL;
+	}
 	*ipstr_list = new_ipstr;
 	return *ipstr_list;
 }
@@ -2258,7 +2169,7 @@ char *ipstr_list_make(char **ipstr_list,
  * @param ipstr ip string list to be parsed
  * @param ip_list pointer to array of ip addresses which is
  *        allocated by this function and must be freed by caller
- * @return number of succesfully parsed addresses
+ * @return number of successfully parsed addresses
  **/
 
 int ipstr_list_parse(const char *ipstr_list, struct ip_service **ip_list)
@@ -2415,13 +2326,13 @@ void base64_decode_inplace(char *s)
 }
 
 /**
- * Encode a base64 string into a malloc()ed string caller to free.
+ * Encode a base64 string into a talloc()ed string caller to free.
  *
  * From SQUID: adopted from http://ftp.sunet.se/pub2/gnu/vm/base64-encode.c
  * with adjustments
  **/
 
-char *base64_encode_data_blob(DATA_BLOB data)
+char *base64_encode_data_blob(TALLOC_CTX *mem_ctx, DATA_BLOB data)
 {
 	int bits = 0;
 	int char_count = 0;
@@ -2434,7 +2345,7 @@ char *base64_encode_data_blob(DATA_BLOB data)
 	out_cnt = 0;
 	len = data.length;
 	output_len = data.length * 2;
-	result = TALLOC_ARRAY(talloc_tos(), char, output_len); /* get us plenty of space */
+	result = TALLOC_ARRAY(mem_ctx, char, output_len); /* get us plenty of space */
 	SMB_ASSERT(result != NULL);
 
 	while (len-- && out_cnt < (data.length * 2) - 5) {
diff --git a/source3/lib/util_tdb.c b/source3/lib/util_tdb.c
index ce2cb427d1..724832ea5b 100644
--- a/source3/lib/util_tdb.c
+++ b/source3/lib/util_tdb.c
@@ -656,6 +656,7 @@ int tdb_unpack(const uint8 *buf, int bufsize, const char *fmt, ...)
 	return PTR_DIFF(buf, buf0);
 
  no_space:
+	va_end(ap);
 	return -1;
 }
 
@@ -668,12 +669,13 @@ static void tdb_log(TDB_CONTEXT *tdb, enum tdb_debug_level level, const char *fo
 {
 	va_list ap;
 	char *ptr = NULL;
+	int ret;
 
 	va_start(ap, format);
-	vasprintf(&ptr, format, ap);
+	ret = vasprintf(&ptr, format, ap);
 	va_end(ap);
 
-	if (!ptr || !*ptr)
+	if ((ret == -1) || !*ptr)
 		return;
 
 	DEBUG((int)level, ("tdb(%s): %s", tdb_name(tdb) ? tdb_name(tdb) : "unnamed", ptr));
@@ -866,11 +868,8 @@ static void tdb_wrap_log(TDB_CONTEXT *tdb, enum tdb_debug_level level,
 	va_list ap;
 	char *ptr = NULL;
 	int debuglevel = 0;
+	int ret;
 
-	va_start(ap, format);
-	vasprintf(&ptr, format, ap);
-	va_end(ap);
-	
 	switch (level) {
 	case TDB_DEBUG_FATAL:
 		debug_level = 0;
@@ -888,7 +887,11 @@ static void tdb_wrap_log(TDB_CONTEXT *tdb, enum tdb_debug_level level,
 		debuglevel = 0;
 	}		
 
-	if (ptr != NULL) {
+	va_start(ap, format);
+	ret = vasprintf(&ptr, format, ap);
+	va_end(ap);
+
+	if (ret != -1) {
 		const char *name = tdb_name(tdb);
 		DEBUG(debuglevel, ("tdb(%s): %s", name ? name : "unnamed", ptr));
 		free(ptr);
diff --git a/source3/lib/version.c b/source3/lib/version.c
index 204c2044a8..3cae02ad2e 100644
--- a/source3/lib/version.c
+++ b/source3/lib/version.c
@@ -51,6 +51,8 @@ const char *samba_version_string(void)
 	 */
 	assert(res != -1);
 
+	SAFE_FREE(samba_version);
+
 	samba_version = tmp_version;
 #endif
 
diff --git a/source3/lib/xfile.c b/source3/lib/xfile.c
index c98522200b..ee6e581332 100644
--- a/source3/lib/xfile.c
+++ b/source3/lib/xfile.c
@@ -223,9 +223,15 @@ size_t x_fwrite(const void *p, size_t size, size_t nmemb, XFILE *f)
 	VA_COPY(ap2, ap);
 
 	len = vasprintf(&p, format, ap2);
-	if (len <= 0) return len;
+	if (len <= 0) {
+		va_end(ap2);
+		return len;
+	}
 	ret = x_fwrite(p, 1, len, f);
 	SAFE_FREE(p);
+
+	va_end(ap2);
+
 	return ret;
 }
 
diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c
index 041878916e..8cc2f1215e 100644
--- a/source3/libads/ads_struct.c
+++ b/source3/libads/ads_struct.c
@@ -29,35 +29,42 @@ char *ads_build_path(const char *realm, const char *sep, const char *field, int
 	int numbits = 0;
 	char *ret;
 	int len;
-	
+	char *saveptr;
+
 	r = SMB_STRDUP(realm);
 
-	if (!r || !*r)
+	if (!r || !*r) {
 		return r;
+	}
 
-	for (p=r; *p; p++)
-		if (strchr(sep, *p))
+	for (p=r; *p; p++) {
+		if (strchr(sep, *p)) {
 			numbits++;
+		}
+	}
 
 	len = (numbits+1)*(strlen(field)+1) + strlen(r) + 1;
 
 	ret = (char *)SMB_MALLOC(len);
-	if (!ret)
+	if (!ret) {
+		free(r);
 		return NULL;
+	}
 
 	strlcpy(ret,field, len);
-	p=strtok(r,sep); 
+	p=strtok_r(r, sep, &saveptr);
 	if (p) {
 		strlcat(ret, p, len);
 	
-		while ((p=strtok(NULL,sep))) {
+		while ((p=strtok_r(NULL, sep, &saveptr)) != NULL) {
 			char *s;
 			if (reverse)
 				asprintf(&s, "%s%s,%s", field, p, ret);
 			else
 				asprintf(&s, "%s,%s%s", ret, field, p);
 			free(ret);
-			ret = s;
+			ret = SMB_STRDUP(s);
+			free(s);
 		}
 	}
 
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 9a6f1061df..0bde3e6984 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -1,23 +1,23 @@
-/* 
+/*
    Unix SMB/CIFS implementation.
    kerberos authorization data (PAC) utility library
-   Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003   
+   Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
    Copyright (C) Andrew Tridgell 2001
    Copyright (C) Luke Howard 2002-2003
    Copyright (C) Stefan Metzmacher 2004-2005
-   Copyright (C) Guenther Deschner 2005,2007
-   
+   Copyright (C) Guenther Deschner 2005,2007,2008
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -26,628 +26,14 @@
 
 #ifdef HAVE_KRB5
 
-static bool pac_io_logon_name(const char *desc, PAC_LOGON_NAME *logon_name,
-			      prs_struct *ps, int depth)
-{
-	if (NULL == logon_name)
-		return False;
-
-	prs_debug(ps, depth, desc, "pac_io_logon_name");
-	depth++;
-
-	if (!smb_io_time("logon_time", &logon_name->logon_time, ps, depth))
-		return False;
-
-	if (!prs_uint16("len", ps, depth, &logon_name->len))
-		return False;
-
-	/* The following string is always in little endian 16 bit values,
-	   copy as 8 bits to avoid endian reversal on big-endian machines.
-	   len is the length in bytes. */
-
-	if (UNMARSHALLING(ps) && logon_name->len) {
-		logon_name->username = PRS_ALLOC_MEM(ps, uint8, logon_name->len);
-		if (!logon_name->username) {
-			DEBUG(3, ("No memory available\n"));
-			return False;
-		}
-	}
-
-	if (!prs_uint8s(True, "name", ps, depth, logon_name->username, logon_name->len))
-		return False;
-
-	return True;
-}
-
-#if 0 /* Unused (handled now in net_io_user_info3()) - Guenther */
-static bool pac_io_krb_sids(const char *desc, KRB_SID_AND_ATTRS *sid_and_attr,
-			    prs_struct *ps, int depth)
-{
-	if (NULL == sid_and_attr)
-		return False;
-
-	prs_debug(ps, depth, desc, "pac_io_krb_sids");
-	depth++;
-
-	if (UNMARSHALLING(ps)) {
-		sid_and_attr->sid = PRS_ALLOC_MEM(ps, DOM_SID2, 1);
-		if (!sid_and_attr->sid) {
-			DEBUG(3, ("No memory available\n"));
-			return False;
-		}
-	}
-
-	if(!smb_io_dom_sid2("sid", sid_and_attr->sid, ps, depth))
-		return False;
-
-	return True;
-}
-
-
-static bool pac_io_krb_attrs(const char *desc, KRB_SID_AND_ATTRS *sid_and_attr,
-			     prs_struct *ps, int depth)
-{
-	if (NULL == sid_and_attr)
-		return False;
-
-	prs_debug(ps, depth, desc, "pac_io_krb_attrs");
-	depth++;
-
-	if (!prs_uint32("sid_ptr", ps, depth, &sid_and_attr->sid_ptr))
-		return False;
-	if (!prs_uint32("attrs", ps, depth, &sid_and_attr->attrs))
-		return False;
-
-	return True;
-}
-
-static bool pac_io_krb_sid_and_attr_array(const char *desc, 
-					  KRB_SID_AND_ATTR_ARRAY *array,
-					  uint32 num,
-					  prs_struct *ps, int depth)
-{
-	int i;
-
-	if (NULL == array)
-		return False;
-
-	prs_debug(ps, depth, desc, "pac_io_krb_sid_and_attr_array");
-	depth++;
-
-
-	if (!prs_uint32("count", ps, depth, &array->count))
-		return False;
-
-	if (UNMARSHALLING(ps)) {
-		if (num) {
-			array->krb_sid_and_attrs = PRS_ALLOC_MEM(ps, KRB_SID_AND_ATTRS, num);
-			if (!array->krb_sid_and_attrs) {
-				DEBUG(3, ("No memory available\n"));
-				return False;
-			}
-		} else {
-			array->krb_sid_and_attrs = NULL;
-		}
-	}
-
-	for (i=0; i<num; i++) {
-		if (!pac_io_krb_attrs(desc, 
-				      &array->krb_sid_and_attrs[i],
-				      ps, depth))
-			return False;
-
-	}
-	for (i=0; i<num; i++) {
-		if (!pac_io_krb_sids(desc, 
-				     &array->krb_sid_and_attrs[i],
-				     ps, depth))
-			return False;
-
-	}
-
-	return True;
-
-}
-#endif
-
-static bool pac_io_group_membership(const char *desc, 
-				    GROUP_MEMBERSHIP *membership,
-				    prs_struct *ps, int depth)
-{
-	if (NULL == membership)
-		return False;
-
-	prs_debug(ps, depth, desc, "pac_io_group_membership");
-	depth++;
-
-	if (!prs_uint32("rid", ps, depth, &membership->rid))
-		return False;
-	if (!prs_uint32("attrs", ps, depth, &membership->attrs))
-		return False;
-
-	return True;
-}
-
-
-static bool pac_io_group_membership_array(const char *desc, 
-					  GROUP_MEMBERSHIP_ARRAY *array,
-					  uint32 num,
-					  prs_struct *ps, int depth)
-{
-	int i;
-
-	if (NULL == array)
-		return False;
-
-	prs_debug(ps, depth, desc, "pac_io_group_membership_array");
-	depth++;
-
-
-	if (!prs_uint32("count", ps, depth, &array->count))
-		return False;
-
-	if (UNMARSHALLING(ps)) {
-		if (num) {
-			array->group_membership = PRS_ALLOC_MEM(ps, GROUP_MEMBERSHIP, num);
-			if (!array->group_membership) {
-				DEBUG(3, ("No memory available\n"));
-				return False;
-			}
-		} else {
-			array->group_membership = NULL;
-		}
-	}
-
-	for (i=0; i<num; i++) {
-		if (!pac_io_group_membership(desc, 
-					     &array->group_membership[i],
-					     ps, depth))
-			return False;
-
-	}
-
-	return True;
-
-}
-
-#if 0 /* Unused, replaced using an expanded net_io_user_info3() now - Guenther */
-static bool pac_io_pac_logon_info(const char *desc, PAC_LOGON_INFO *info, 
-				  prs_struct *ps, int depth)
-{
-	uint32 garbage = 0, i;
-
-	if (NULL == info)
-		return False;
-
-	prs_debug(ps, depth, desc, "pac_io_pac_logon_info");
-	depth++;
-
-	if (!prs_align(ps))
-		return False;
-	if (!prs_uint32("unknown", ps, depth, &garbage)) /* 00081001 */
-		return False;
-	if (!prs_uint32("unknown", ps, depth, &garbage)) /* cccccccc */
-		return False;
-	if (!prs_uint32("bufferlen", ps, depth, &garbage))
-		return False;
-	if (!prs_uint32("bufferlenhi", ps, depth, &garbage)) /* 00000000 */
-		return False;
-
-	if (!prs_uint32("pointer", ps, depth, &garbage))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-	if (!smb_io_time("logon_time", &info->logon_time, ps, depth))
-		return False;
-	if (!smb_io_time("logoff_time", &info->logoff_time, ps, depth))
-		return False;
-	if (!smb_io_time("kickoff_time", &info->kickoff_time, ps, depth))
-		return False;
-	if (!smb_io_time("pass_last_set_time", &info->pass_last_set_time, 
-			 ps, depth))
-		return False;
-	if (!smb_io_time("pass_can_change_time", &info->pass_can_change_time, 
-			 ps, depth))
-		return False;
-	if (!smb_io_time("pass_must_change_time", &info->pass_must_change_time,
-			 ps, depth))
-		return False;
-
-	if (!smb_io_unihdr("hdr_user_name", &info->hdr_user_name, ps, depth))
-		return False;
-	if (!smb_io_unihdr("hdr_full_name", &info->hdr_full_name, ps, depth))
-		return False;
-	if (!smb_io_unihdr("hdr_logon_script", &info->hdr_logon_script, 
-			   ps, depth))
-		return False;
-	if (!smb_io_unihdr("hdr_profile_path", &info->hdr_profile_path, 
-			   ps, depth))
-		return False;
-	if (!smb_io_unihdr("hdr_home_dir", &info->hdr_home_dir, ps, depth))
-		return False;
-	if (!smb_io_unihdr("hdr_dir_drive", &info->hdr_dir_drive, ps, depth))
-		return False;
-
-	if (!prs_uint16("logon_count", ps, depth, &info->logon_count))
-		return False;
-	if (!prs_uint16("bad_password_count", ps, depth, &info->bad_password_count))
-		return False;
-	if (!prs_uint32("user_rid", ps, depth, &info->user_rid))
-		return False;
-	if (!prs_uint32("group_rid", ps, depth, &info->group_rid))
-		return False;
-	if (!prs_uint32("group_count", ps, depth, &info->group_count))
-		return False;
-	/* I haven't seen this contain anything yet, but when it does
-	   we will have to make sure we decode the contents in the middle
-	   all the unistr2s ... */
-	if (!prs_uint32("group_mem_ptr", ps, depth, 
-			&info->group_membership_ptr))
-		return False;
-	if (!prs_uint32("user_flags", ps, depth, &info->user_flags))
-		return False;
-
-	if (!prs_uint8s(False, "session_key", ps, depth, info->session_key, 16)) 
-		return False;
-	
-	if (!smb_io_unihdr("hdr_dom_controller", 
-			   &info->hdr_dom_controller, ps, depth))
-		return False;
-	if (!smb_io_unihdr("hdr_dom_name", &info->hdr_dom_name, ps, depth))
-		return False;
-
-	/* this should be followed, but just get ptr for now */
-	if (!prs_uint32("ptr_dom_sid", ps, depth, &info->ptr_dom_sid))
-		return False;
-
-	if (!prs_uint8s(False, "lm_session_key", ps, depth, info->lm_session_key, 8)) 
-		return False;
-
-	if (!prs_uint32("acct_flags", ps, depth, &info->acct_flags))
-		return False;
-
-	for (i = 0; i < 7; i++)
-	{
-		if (!prs_uint32("unkown", ps, depth, &info->unknown[i])) /* unknown */
-                        return False;
-	}
-
-	if (!prs_uint32("sid_count", ps, depth, &info->sid_count))
-		return False;
-	if (!prs_uint32("ptr_extra_sids", ps, depth, &info->ptr_extra_sids))
-		return False;
-	if (!prs_uint32("ptr_res_group_dom_sid", ps, depth, 
-			&info->ptr_res_group_dom_sid))
-		return False;
-	if (!prs_uint32("res_group_count", ps, depth, &info->res_group_count))
-		return False;
-	if (!prs_uint32("ptr_res_groups", ps, depth, &info->ptr_res_groups))
-		return False;
-
-	if(!smb_io_unistr2("uni_user_name", &info->uni_user_name, 
-			   info->hdr_user_name.buffer, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_full_name", &info->uni_full_name, 
-			   info->hdr_full_name.buffer, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_logon_script", &info->uni_logon_script, 
-			   info->hdr_logon_script.buffer, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_profile_path", &info->uni_profile_path,
-			   info->hdr_profile_path.buffer, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_home_dir", &info->uni_home_dir,
-			   info->hdr_home_dir.buffer, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_dir_drive", &info->uni_dir_drive,
-			   info->hdr_dir_drive.buffer, ps, depth))
-		return False;
-
-	if (info->group_membership_ptr) {
-		if (!pac_io_group_membership_array("group membership",
-						   &info->groups,
-						   info->group_count,
-						   ps, depth))
-			return False;
-	}
-
-
-	if(!smb_io_unistr2("uni_dom_controller", &info->uni_dom_controller,
-			   info->hdr_dom_controller.buffer, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_dom_name", &info->uni_dom_name, 
-			   info->hdr_dom_name.buffer, ps, depth))
-		return False;
-
-	if(info->ptr_dom_sid)
-		if(!smb_io_dom_sid2("dom_sid", &info->dom_sid, ps, depth))
-			return False;
-
-	
-	if (info->sid_count && info->ptr_extra_sids)
-		if (!pac_io_krb_sid_and_attr_array("extra_sids", 
-						   &info->extra_sids,
-						   info->sid_count,
-						   ps, depth))
-			return False;
-
-	if (info->ptr_res_group_dom_sid)
-		if (!smb_io_dom_sid2("res_group_dom_sid", 
-				     &info->res_group_dom_sid, ps, depth))
-			return False;
-
-	if (info->ptr_res_groups) {
-
-		if (!(info->user_flgs & LOGON_RESOURCE_GROUPS)) {
-			DEBUG(0,("user_flgs attribute does not have LOGON_RESOURCE_GROUPS\n"));
-			/* return False; */
-		}
-
-		if (!pac_io_group_membership_array("res group membership",
-						   &info->res_groups,
-						   info->res_group_count,
-						   ps, depth))
-			return False;
-	}
-
-	return True;
-}
-#endif
-
-static bool pac_io_pac_logon_info(const char *desc, PAC_LOGON_INFO *info, 
-				  prs_struct *ps, int depth)
-{
-	uint32 garbage = 0;
-	bool kerb_validation_info = True;
-
-	if (NULL == info)
-		return False;
-
-	prs_debug(ps, depth, desc, "pac_io_pac_logon_info");
-	depth++;
-
-	if (!prs_align(ps))
-		return False;
-	if (!prs_uint32("unknown", ps, depth, &garbage)) /* 00081001 */
-		return False;
-	if (!prs_uint32("unknown", ps, depth, &garbage)) /* cccccccc */
-		return False;
-	if (!prs_uint32("bufferlen", ps, depth, &garbage))
-		return False;
-	if (!prs_uint32("bufferlenhi", ps, depth, &garbage)) /* 00000000 */
-		return False;
-
-	if(!net_io_user_info3("", &info->info3, ps, depth, 3, kerb_validation_info))
-		return False;
-
-	if (info->info3.ptr_res_group_dom_sid) {
-		if (!smb_io_dom_sid2("res_group_dom_sid", 
-				     &info->res_group_dom_sid, ps, depth))
-			return False;
-	}
-
-	if (info->info3.ptr_res_groups) {
-
-		if (!(info->info3.user_flgs & LOGON_RESOURCE_GROUPS)) {
-			DEBUG(0,("user_flgs attribute does not have LOGON_RESOURCE_GROUPS\n"));
-			/* return False; */
-		}
-
-		if (!pac_io_group_membership_array("res group membership",
-						   &info->res_groups,
-						   info->info3.res_group_count,
-						   ps, depth))
-			return False;
-	}
-
-	return True;
-}
-
-
-
-static bool pac_io_pac_signature_data(const char *desc, 
-				      PAC_SIGNATURE_DATA *data, uint32 length,
-				      prs_struct *ps, int depth)
-{
-	uint32 siglen = 0;
-
-	prs_debug(ps, depth, desc, "pac_io_pac_signature_data");
-	depth++;
-
-	if (data == NULL)
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-	if (!prs_uint32("type", ps, depth, &data->type))
-		return False;
-
-	if ( length > sizeof(uint32) )
-		siglen = length - sizeof(uint32);	
-
-	if (UNMARSHALLING(ps) && length) {
-		if (siglen) {
-			data->signature.buffer = PRS_ALLOC_MEM(ps, uint8, siglen);
-			if (!data->signature.buffer) {
-				DEBUG(3, ("No memory available\n"));
-				return False;
-			}
-		} else {
-			data->signature.buffer = NULL;
-		}
-	}
-
-	data->signature.buf_len = siglen;
-
-	if (!prs_uint8s(False, "signature", ps, depth, data->signature.buffer, data->signature.buf_len))
-		return False;
-
-
-	return True;
-}
-
-static bool pac_io_pac_info_hdr_ctr(const char *desc, PAC_BUFFER *hdr,
-				    prs_struct *ps, int depth)
-{
-	if (NULL == hdr)
-		return False;
-
-	prs_debug(ps, depth, desc, "pac_io_pac_info_hdr_ctr");
-	depth++;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (hdr->offset != prs_offset(ps)) {
-		DEBUG(5,("offset in header(x%x) and data(x%x) do not match, correcting\n",
-			 hdr->offset, prs_offset(ps)));
-		prs_set_offset(ps, hdr->offset);
-	}
-
-	if (UNMARSHALLING(ps) && hdr->size > 0) {
-		hdr->ctr = PRS_ALLOC_MEM(ps, PAC_INFO_CTR, 1);
-		if (!hdr->ctr) {
-			DEBUG(3, ("No memory available\n"));
-			return False;
-		}
-	}
-
-	switch(hdr->type) {
-	case PAC_TYPE_LOGON_INFO:
-		DEBUG(5, ("PAC_TYPE_LOGON_INFO\n"));
-		if (UNMARSHALLING(ps))
-			hdr->ctr->pac.logon_info = PRS_ALLOC_MEM(ps, PAC_LOGON_INFO, 1);
-		if (!hdr->ctr->pac.logon_info) {
-			DEBUG(3, ("No memory available\n"));
-			return False;
-		}
-		if (!pac_io_pac_logon_info(desc, hdr->ctr->pac.logon_info,
-					   ps, depth))
-			return False;
-		break;
-
-	case PAC_TYPE_SERVER_CHECKSUM:
-		DEBUG(5, ("PAC_TYPE_SERVER_CHECKSUM\n"));
-		if (UNMARSHALLING(ps))
-			hdr->ctr->pac.srv_cksum = PRS_ALLOC_MEM(ps, PAC_SIGNATURE_DATA, 1);
-		if (!hdr->ctr->pac.srv_cksum) {
-			DEBUG(3, ("No memory available\n"));
-			return False;
-		}
-		if (!pac_io_pac_signature_data(desc, hdr->ctr->pac.srv_cksum,
-					       hdr->size, ps, depth))
-			return False;
-		break;
-
-	case PAC_TYPE_PRIVSVR_CHECKSUM:
-		DEBUG(5, ("PAC_TYPE_PRIVSVR_CHECKSUM\n"));
-		if (UNMARSHALLING(ps))
-			hdr->ctr->pac.privsrv_cksum = PRS_ALLOC_MEM(ps, PAC_SIGNATURE_DATA, 1);
-		if (!hdr->ctr->pac.privsrv_cksum) {
-			DEBUG(3, ("No memory available\n"));
-			return False;
-		}
-		if (!pac_io_pac_signature_data(desc, 
-					       hdr->ctr->pac.privsrv_cksum,
-					       hdr->size, ps, depth))
-			return False;
-		break;
-
-	case PAC_TYPE_LOGON_NAME:
-		DEBUG(5, ("PAC_TYPE_LOGON_NAME\n"));
-		if (UNMARSHALLING(ps))
-			hdr->ctr->pac.logon_name = PRS_ALLOC_MEM(ps, PAC_LOGON_NAME, 1);
-		if (!hdr->ctr->pac.logon_name) {
-			DEBUG(3, ("No memory available\n"));
-			return False;
-		}
-		if (!pac_io_logon_name(desc, hdr->ctr->pac.logon_name,
-					    ps, depth))
-			return False;
-		break;
-
-	default:
-		/* dont' know, so we need to skip it */
-		DEBUG(3, ("unknown PAC type %d\n", hdr->type));
-		prs_set_offset(ps, prs_offset(ps) + hdr->size);
-	}
-
-#if 0
-	/* obscure pad */
-	if (!prs_uint32("pad", ps, depth, &hdr->pad))
-		return False;
-#endif
-	return True;
-}
-
-static bool pac_io_pac_info_hdr(const char *desc, PAC_BUFFER *hdr, 
-				prs_struct *ps, int depth)
-{
-	if (NULL == hdr)
-		return False;
-
-	prs_debug(ps, depth, desc, "pac_io_pac_info_hdr");
-	depth++;
-
-	if (!prs_align(ps))
-		return False;
-	if (!prs_uint32("type", ps, depth, &hdr->type))
-		return False;
-	if (!prs_uint32("size", ps, depth, &hdr->size))
-		return False;
-	if (!prs_uint32("offset", ps, depth, &hdr->offset))
-		return False;
-	if (!prs_uint32("offsethi", ps, depth, &hdr->offsethi))
-		return False;
-
-	return True;
-}
-
-static bool pac_io_pac_data(const char *desc, PAC_DATA *data, 
-			    prs_struct *ps, int depth)
-{
-	int i;
-
-	if (NULL == data)
-		return False;
-
-	prs_debug(ps, depth, desc, "pac_io_pac_data");
-	depth++;
-
-	if (!prs_align(ps))
-		return False;
-	if (!prs_uint32("num_buffers", ps, depth, &data->num_buffers))
-		return False;
-	if (!prs_uint32("version", ps, depth, &data->version))
-		return False;
-
-	if (UNMARSHALLING(ps) && data->num_buffers > 0) {
-		if ((data->pac_buffer = PRS_ALLOC_MEM(ps, PAC_BUFFER, data->num_buffers)) == NULL) {
-			return False;
-		}
-	}
-
-	for (i=0; i<data->num_buffers; i++) {
-		if (!pac_io_pac_info_hdr(desc, &data->pac_buffer[i], ps, 
-					 depth))
-			return False;
-	}
-
-	for (i=0; i<data->num_buffers; i++) {
-		if (!pac_io_pac_info_hdr_ctr(desc, &data->pac_buffer[i],
-					     ps, depth))
-			return False;
-	}
-
-	return True;
-}
+/****************************************************************
+****************************************************************/
 
-static NTSTATUS check_pac_checksum(TALLOC_CTX *mem_ctx, 
-				   DATA_BLOB pac_data,
-				   PAC_SIGNATURE_DATA *sig,
-				   krb5_context context,
-				   krb5_keyblock *keyblock)
+static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
+					  DATA_BLOB pac_data,
+					  struct PAC_SIGNATURE_DATA *sig,
+					  krb5_context context,
+					  krb5_keyblock *keyblock)
 {
 	krb5_error_code ret;
 	krb5_checksum cksum;
@@ -663,299 +49,289 @@ static NTSTATUS check_pac_checksum(TALLOC_CTX *mem_ctx,
 #error UNKNOWN_KRB5_KEYUSAGE
 #endif
 
-	ret = smb_krb5_verify_checksum(context, 
-				       keyblock, 
-				       usage, 
+	ret = smb_krb5_verify_checksum(context,
+				       keyblock,
+				       usage,
 				       &cksum,
-				       pac_data.data, 
+				       pac_data.data,
 				       pac_data.length);
 
 	if (ret) {
-		DEBUG(2,("check_pac_checksum: PAC Verification failed: %s (%d)\n", 
+		DEBUG(2,("check_pac_checksum: PAC Verification failed: %s (%d)\n",
 			error_message(ret), ret));
-		return NT_STATUS_ACCESS_DENIED;
+		return ret;
 	}
 
-	return NT_STATUS_OK;
-}
-
-static NTSTATUS parse_pac_data(TALLOC_CTX *mem_ctx, DATA_BLOB *pac_data_blob, PAC_DATA *pac_data)
-{
-	prs_struct ps;
-	PAC_DATA *my_pac;
-
-	if (!prs_init(&ps, pac_data_blob->length, mem_ctx, UNMARSHALL))
-		return NT_STATUS_NO_MEMORY;
-
-	if (!prs_copy_data_in(&ps, (char *)pac_data_blob->data, pac_data_blob->length))
-		return NT_STATUS_INVALID_PARAMETER;
-
-	prs_set_offset(&ps, 0);
-
-	my_pac = TALLOC_ZERO_P(mem_ctx, PAC_DATA);
-	if (!pac_io_pac_data("pac data", my_pac, &ps, 0))
-		return NT_STATUS_INVALID_PARAMETER;
-
-	prs_mem_free(&ps);
-
-	*pac_data = *my_pac;
-
-	return NT_STATUS_OK;
-}
-
-/* just for debugging, will be removed later - Guenther */
-char *pac_group_attr_string(uint32 attr)
-{
-	fstring name = "";
-
-	if (!attr)
-		return NULL;
-
-	if (attr & SE_GROUP_MANDATORY)			fstrcat(name, "SE_GROUP_MANDATORY ");
-	if (attr & SE_GROUP_ENABLED_BY_DEFAULT)		fstrcat(name, "SE_GROUP_ENABLED_BY_DEFAULT ");
-	if (attr & SE_GROUP_ENABLED)			fstrcat(name, "SE_GROUP_ENABLED ");
-	if (attr & SE_GROUP_OWNER)			fstrcat(name, "SE_GROUP_OWNER ");
-	if (attr & SE_GROUP_USE_FOR_DENY_ONLY)		fstrcat(name, "SE_GROUP_USE_FOR_DENY_ONLY ");
-	if (attr & SE_GROUP_LOGON_ID)			fstrcat(name, "SE_GROUP_LOGON_ID ");
-	if (attr & SE_GROUP_RESOURCE)			fstrcat(name, "SE_GROUP_RESOURCE ");
-
-	return SMB_STRDUP(name);
+	return ret;
 }
 
-/* just for debugging, will be removed later - Guenther */
-void dump_pac_logon_info(int lvl, PAC_LOGON_INFO *logon_info)
-{
-	DOM_SID dom_sid, res_group_dom_sid;
-	int i;
-	char *attr_string;
-	uint32 user_flgs = logon_info->info3.user_flgs;
-
-	if (logon_info->info3.ptr_res_group_dom_sid) {
-		sid_copy(&res_group_dom_sid, &logon_info->res_group_dom_sid.sid);
-	}
-	sid_copy(&dom_sid, &logon_info->info3.dom_sid.sid);
-
-	DEBUG(lvl,("The PAC:\n"));
-
-	DEBUGADD(lvl,("\tUser Flags: 0x%x (%d)\n", user_flgs, user_flgs));
-	if (user_flgs & LOGON_EXTRA_SIDS)
-		DEBUGADD(lvl,("\tUser Flags: LOGON_EXTRA_SIDS 0x%x (%d)\n", LOGON_EXTRA_SIDS, LOGON_EXTRA_SIDS));
-	if (user_flgs & LOGON_RESOURCE_GROUPS)
-		DEBUGADD(lvl,("\tUser Flags: LOGON_RESOURCE_GROUPS 0x%x (%d)\n", LOGON_RESOURCE_GROUPS, LOGON_RESOURCE_GROUPS));
-	DEBUGADD(lvl,("\tUser SID: %s-%d\n", sid_string_dbg(&dom_sid),
-		      logon_info->info3.user_rid));
-	DEBUGADD(lvl,("\tGroup SID: %s-%d\n", sid_string_dbg(&dom_sid),
-		      logon_info->info3.group_rid));
-
-	DEBUGADD(lvl,("\tGroup Membership (Global and Universal Groups of own domain):\n"));
-	for (i = 0; i < logon_info->info3.num_groups; i++) {
-		attr_string = pac_group_attr_string(logon_info->info3.gids[i].attr);
-		DEBUGADD(lvl,("\t\t%d: sid: %s-%d\n\t\t   attr: 0x%x == %s\n",
-			i, sid_string_dbg(&dom_sid),
-			logon_info->info3.gids[i].g_rid,
-			logon_info->info3.gids[i].attr,
-			attr_string));
-		SAFE_FREE(attr_string);
-	}
-
-	DEBUGADD(lvl,("\tGroup Membership (Domain Local Groups and Groups from Trusted Domains):\n"));
-	for (i = 0; i < logon_info->info3.num_other_sids; i++) {
-		attr_string = pac_group_attr_string(logon_info->info3.other_sids_attrib[i]);
-		DEBUGADD(lvl,("\t\t%d: sid: %s\n\t\t   attr: 0x%x == %s\n",
-			i, sid_string_dbg(
-				&logon_info->info3.other_sids[i].sid),
-			logon_info->info3.other_sids_attrib[i],
-			attr_string));
-		SAFE_FREE(attr_string);
-	}
-
-	DEBUGADD(lvl,("\tGroup Membership (Resource Groups (SID History ?)):\n"));
-	for (i = 0; i < logon_info->info3.res_group_count; i++) {
-		attr_string = pac_group_attr_string(logon_info->res_groups.group_membership[i].attrs);
-		DEBUGADD(lvl,("\t\t%d: sid: %s-%d\n\t\t   attr: 0x%x == %s\n",
-			i, sid_string_dbg(&res_group_dom_sid),
-			logon_info->res_groups.group_membership[i].rid,
-			logon_info->res_groups.group_membership[i].attrs,
-			attr_string));
-		SAFE_FREE(attr_string);
-	}
-}
+/****************************************************************
+****************************************************************/
 
  NTSTATUS decode_pac_data(TALLOC_CTX *mem_ctx,
 			 DATA_BLOB *pac_data_blob,
-			 krb5_context context, 
+			 krb5_context context,
 			 krb5_keyblock *service_keyblock,
 			 krb5_const_principal client_principal,
 			 time_t tgs_authtime,
-			 PAC_DATA **pac_data)
-			 
+			 struct PAC_DATA **pac_data_out)
 {
-	DATA_BLOB modified_pac_blob;
-	PAC_DATA *my_pac;
-	NTSTATUS nt_status;
+	NTSTATUS status;
+	enum ndr_err_code ndr_err;
 	krb5_error_code ret;
-	PAC_SIGNATURE_DATA *srv_sig = NULL;
-	PAC_SIGNATURE_DATA *kdc_sig = NULL;
-	PAC_LOGON_NAME *logon_name = NULL;
-	PAC_LOGON_INFO *logon_info = NULL;
-	krb5_principal client_principal_pac = NULL;
-	NTTIME tgs_authtime_nttime;
-	int i, srv_sig_pos = 0, kdc_sig_pos = 0;
-	fstring username;
+	DATA_BLOB modified_pac_blob;
 
-	*pac_data = NULL;
+	NTTIME tgs_authtime_nttime;
+	krb5_principal client_principal_pac = NULL;
+	int i;
 
-	my_pac = talloc(mem_ctx, PAC_DATA);
-	if (!my_pac) {
+	struct PAC_SIGNATURE_DATA *srv_sig_ptr = NULL;
+	struct PAC_SIGNATURE_DATA *kdc_sig_ptr = NULL;
+	struct PAC_SIGNATURE_DATA *srv_sig_wipe = NULL;
+	struct PAC_SIGNATURE_DATA *kdc_sig_wipe = NULL;
+	struct PAC_LOGON_NAME *logon_name = NULL;
+	struct PAC_LOGON_INFO *logon_info = NULL;
+	struct PAC_DATA *pac_data = NULL;
+	struct PAC_DATA_RAW *pac_data_raw = NULL;
+
+	DATA_BLOB *srv_sig_blob = NULL;
+	DATA_BLOB *kdc_sig_blob = NULL;
+
+	*pac_data_out = NULL;
+
+	pac_data = TALLOC_ZERO_P(mem_ctx, struct PAC_DATA);
+	pac_data_raw = TALLOC_ZERO_P(mem_ctx, struct PAC_DATA_RAW);
+	kdc_sig_wipe = TALLOC_ZERO_P(mem_ctx, struct PAC_SIGNATURE_DATA);
+	srv_sig_wipe = TALLOC_ZERO_P(mem_ctx, struct PAC_SIGNATURE_DATA);
+	if (!pac_data_raw || !pac_data || !kdc_sig_wipe || !srv_sig_wipe) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	nt_status = parse_pac_data(mem_ctx, pac_data_blob, my_pac);
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		DEBUG(0,("decode_pac_data: failed to parse PAC\n"));
-		return nt_status;
+	ndr_err = ndr_pull_struct_blob(pac_data_blob, pac_data,
+			pac_data,
+		       (ndr_pull_flags_fn_t)ndr_pull_PAC_DATA);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		status = ndr_map_error2ntstatus(ndr_err);
+		DEBUG(0,("can't parse the PAC: %s\n",
+			nt_errstr(status)));
+		return status;
 	}
 
-	modified_pac_blob = data_blob_talloc(mem_ctx, pac_data_blob->data, pac_data_blob->length);
+	if (pac_data->num_buffers < 4) {
+		/* we need logon_ingo, service_key and kdc_key */
+		DEBUG(0,("less than 4 PAC buffers\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 
-	if (my_pac->num_buffers < 4) {
-		nt_status = NT_STATUS_INVALID_PARAMETER;
-		goto out;
+	ndr_err = ndr_pull_struct_blob(pac_data_blob, pac_data_raw,
+				       pac_data_raw,
+				       (ndr_pull_flags_fn_t)ndr_pull_PAC_DATA_RAW);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		status = ndr_map_error2ntstatus(ndr_err);
+		DEBUG(0,("can't parse the PAC: %s\n",
+			nt_errstr(status)));
+		return status;
+	}
+
+	if (pac_data_raw->num_buffers < 4) {
+		/* we need logon_ingo, service_key and kdc_key */
+		DEBUG(0,("less than 4 PAC buffers\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (pac_data->num_buffers != pac_data_raw->num_buffers) {
+		/* we need logon_ingo, service_key and kdc_key */
+		DEBUG(0,("misparse!  PAC_DATA has %d buffers while PAC_DATA_RAW has %d\n",
+			 pac_data->num_buffers, pac_data_raw->num_buffers));
+		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	/* store signatures */
-	for (i=0; i < my_pac->num_buffers; i++) {
-	
-		switch (my_pac->pac_buffer[i].type) {
-		
-			case PAC_TYPE_SERVER_CHECKSUM:
-				if (!my_pac->pac_buffer[i].ctr->pac.srv_cksum) {
+	for (i=0; i < pac_data->num_buffers; i++) {
+		if (pac_data->buffers[i].type != pac_data_raw->buffers[i].type) {
+			DEBUG(0,("misparse!  PAC_DATA buffer %d has type %d while PAC_DATA_RAW has %d\n",
+				 i, pac_data->buffers[i].type, pac_data->buffers[i].type));
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		switch (pac_data->buffers[i].type) {
+			case PAC_TYPE_LOGON_INFO:
+				if (!pac_data->buffers[i].info) {
 					break;
 				}
-				
-				srv_sig = my_pac->pac_buffer[i].ctr->pac.srv_cksum;
-				
-				/* get position of signature buffer */
-				srv_sig_pos = my_pac->pac_buffer[i].offset;
-				srv_sig_pos += sizeof(uint32);
-				
+				logon_info = pac_data->buffers[i].info->logon_info.info;
 				break;
-				
-			case PAC_TYPE_PRIVSVR_CHECKSUM:
-				if (!my_pac->pac_buffer[i].ctr->pac.privsrv_cksum) {
+			case PAC_TYPE_SRV_CHECKSUM:
+				if (!pac_data->buffers[i].info) {
 					break;
 				}
-
-				kdc_sig = my_pac->pac_buffer[i].ctr->pac.privsrv_cksum;
-				
-				/* get position of signature buffer */
-				kdc_sig_pos = my_pac->pac_buffer[i].offset;
-				kdc_sig_pos += sizeof(uint32);
-				
+				srv_sig_ptr = &pac_data->buffers[i].info->srv_cksum;
+				srv_sig_blob = &pac_data_raw->buffers[i].info->remaining;
 				break;
-				
-			case PAC_TYPE_LOGON_NAME:
-				if (!my_pac->pac_buffer[i].ctr->pac.logon_name) {
+			case PAC_TYPE_KDC_CHECKSUM:
+				if (!pac_data->buffers[i].info) {
 					break;
 				}
-
-				logon_name = my_pac->pac_buffer[i].ctr->pac.logon_name;
+				kdc_sig_ptr = &pac_data->buffers[i].info->kdc_cksum;
+				kdc_sig_blob = &pac_data_raw->buffers[i].info->remaining;
+				break;
+			case PAC_TYPE_LOGON_NAME:
+				logon_name = &pac_data->buffers[i].info->logon_name;
+				break;
+			default:
 				break;
+		}
+	}
 
-			case PAC_TYPE_LOGON_INFO:
-				if (!my_pac->pac_buffer[i].ctr->pac.logon_info) {
-					break;
-				}
+	if (!logon_info) {
+		DEBUG(0,("PAC no logon_info\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 
-				logon_info = my_pac->pac_buffer[i].ctr->pac.logon_info;
-				break;
-			}
+	if (!logon_name) {
+		DEBUG(0,("PAC no logon_name\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 
+	if (!srv_sig_ptr || !srv_sig_blob) {
+		DEBUG(0,("PAC no srv_key\n"));
+		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	if (!srv_sig || !kdc_sig || !logon_name || !logon_info) {
-		nt_status = NT_STATUS_INVALID_PARAMETER;
-		goto out;
+	if (!kdc_sig_ptr || !kdc_sig_blob) {
+		DEBUG(0,("PAC no kdc_key\n"));
+		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	/* zero PAC_SIGNATURE_DATA signature buffer */
-	memset(&modified_pac_blob.data[srv_sig_pos], '\0', srv_sig->signature.buf_len);
-	memset(&modified_pac_blob.data[kdc_sig_pos], '\0', kdc_sig->signature.buf_len);
+	/* Find and zero out the signatures, as required by the signing algorithm */
 
-	/* check server signature */
-	nt_status = check_pac_checksum(mem_ctx, modified_pac_blob, srv_sig, context, service_keyblock);
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		DEBUG(0,("decode_pac_data: failed to verify PAC server signature\n"));
-		goto out;
+	/* We find the data blobs above, now we parse them to get at the exact portion we should zero */
+	ndr_err = ndr_pull_struct_blob(kdc_sig_blob, kdc_sig_wipe,
+				       kdc_sig_wipe,
+				       (ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		status = ndr_map_error2ntstatus(ndr_err);
+		DEBUG(0,("can't parse the KDC signature: %s\n",
+			nt_errstr(status)));
+		return status;
 	}
 
-	/* Convert to NT time, so as not to loose accuracy in comparison */
-	unix_to_nt_time(&tgs_authtime_nttime, tgs_authtime);
+	ndr_err = ndr_pull_struct_blob(srv_sig_blob, srv_sig_wipe,
+				       srv_sig_wipe,
+				       (ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		status = ndr_map_error2ntstatus(ndr_err);
+		DEBUG(0,("can't parse the SRV signature: %s\n",
+			nt_errstr(status)));
+		return status;
+	}
 
-	if (!nt_time_equals(&tgs_authtime_nttime, &logon_name->logon_time)) {
-	
-		DEBUG(2,("decode_pac_data: Logon time mismatch between ticket and PAC!\n"));
-		DEBUGADD(2, ("decode_pac_data: PAC: %s\n", 
-			http_timestring(nt_time_to_unix(logon_name->logon_time))));
-		DEBUGADD(2, ("decode_pac_data: Ticket: %s\n", 
-			http_timestring(nt_time_to_unix(tgs_authtime_nttime))));
-		
-		nt_status = NT_STATUS_ACCESS_DENIED;
-		goto out;
+	/* Now zero the decoded structure */
+	memset(kdc_sig_wipe->signature.data, '\0', kdc_sig_wipe->signature.length);
+	memset(srv_sig_wipe->signature.data, '\0', srv_sig_wipe->signature.length);
+
+	/* and reencode, back into the same place it came from */
+	ndr_err = ndr_push_struct_blob(kdc_sig_blob, pac_data_raw,
+				       kdc_sig_wipe,
+				       (ndr_push_flags_fn_t)ndr_push_PAC_SIGNATURE_DATA);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		status = ndr_map_error2ntstatus(ndr_err);
+		DEBUG(0,("can't repack the KDC signature: %s\n",
+			nt_errstr(status)));
+		return status;
+	}
+	ndr_err = ndr_push_struct_blob(srv_sig_blob, pac_data_raw,
+				       srv_sig_wipe,
+				       (ndr_push_flags_fn_t)ndr_push_PAC_SIGNATURE_DATA);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		status = ndr_map_error2ntstatus(ndr_err);
+		DEBUG(0,("can't repack the SRV signature: %s\n",
+			nt_errstr(status)));
+		return status;
 	}
 
-	if (!logon_name->len) {
-		DEBUG(2,("decode_pac_data: No Logon Name available\n"));
-		nt_status = NT_STATUS_INVALID_PARAMETER;
-		goto out;
+	/* push out the whole structure, but now with zero'ed signatures */
+	ndr_err = ndr_push_struct_blob(&modified_pac_blob, pac_data_raw,
+				       pac_data_raw,
+				       (ndr_push_flags_fn_t)ndr_push_PAC_DATA_RAW);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		status = ndr_map_error2ntstatus(ndr_err);
+		DEBUG(0,("can't repack the RAW PAC: %s\n",
+			nt_errstr(status)));
+		return status;
 	}
-	rpcstr_pull(username, logon_name->username, sizeof(username), logon_name->len, 0);
 
-	ret = smb_krb5_parse_name_norealm(context, username, &client_principal_pac);
+	/* verify by service_key */
+	ret = check_pac_checksum(mem_ctx,
+				 modified_pac_blob, srv_sig_ptr,
+				 context,
+				 service_keyblock);
 	if (ret) {
-		DEBUG(2,("decode_pac_data: Could not parse name from incoming PAC: [%s]: %s\n", 
-			username, error_message(ret)));
-		nt_status = NT_STATUS_INVALID_PARAMETER;
-		goto out;
+		DEBUG(1, ("PAC Decode: Failed to verify the service signature: %s\n",
+			  error_message(ret)));
+		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	if (!smb_krb5_principal_compare_any_realm(context, client_principal, client_principal_pac)) {
-		DEBUG(2,("decode_pac_data: Name in PAC [%s] does not match principal name in ticket\n", 
-			username));
-		nt_status = NT_STATUS_ACCESS_DENIED;
-		goto out;
+	/* Convert to NT time, so as not to loose accuracy in comparison */
+	unix_to_nt_time(&tgs_authtime_nttime, tgs_authtime);
+
+	if (tgs_authtime_nttime != logon_name->logon_time) {
+		DEBUG(2, ("PAC Decode: Logon time mismatch between ticket and PAC!\n"));
+		DEBUG(2, ("PAC Decode: PAC: %s\n", nt_time_string(mem_ctx, logon_name->logon_time)));
+		DEBUG(2, ("PAC Decode: Ticket: %s\n", nt_time_string(mem_ctx, tgs_authtime_nttime)));
+		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	DEBUG(10,("Successfully validated Kerberos PAC\n"));
+	ret = smb_krb5_parse_name_norealm(context, logon_name->account_name,
+				    &client_principal_pac);
+	if (ret) {
+		DEBUG(2, ("Could not parse name from incoming PAC: [%s]: %s\n",
+			  logon_name->account_name,
+			  error_message(ret)));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
 
-	dump_pac_logon_info(10, logon_info);
+	if (!smb_krb5_principal_compare_any_realm(context, client_principal, client_principal_pac)) {
+		DEBUG(2, ("Name in PAC [%s] does not match principal name in ticket\n",
+			  logon_name->account_name));
+		krb5_free_principal(context, client_principal_pac);
+		return NT_STATUS_ACCESS_DENIED;
+	}
 
-	*pac_data = my_pac;
+	DEBUG(3,("Found account name from PAC: %s [%s]\n",
+		 logon_info->info3.base.account_name.string,
+		 logon_info->info3.base.full_name.string));
 
-	nt_status = NT_STATUS_OK;
+	DEBUG(10,("Successfully validated Kerberos PAC\n"));
 
-out:
-	if (client_principal_pac) {
-		krb5_free_principal(context, client_principal_pac);
+	if (DEBUGLEVEL >= 10) {
+		const char *s;
+		s = NDR_PRINT_STRUCT_STRING(mem_ctx, PAC_DATA, pac_data);
+		if (s) {
+			DEBUGADD(10,("%s\n", s));
+		}
 	}
 
-	return nt_status;
+	*pac_data_out = pac_data;
+
+	return NT_STATUS_OK;
 }
 
- PAC_LOGON_INFO *get_logon_info_from_pac(PAC_DATA *pac_data) 
+/****************************************************************
+****************************************************************/
+
+struct PAC_LOGON_INFO *get_logon_info_from_pac(struct PAC_DATA *pac_data)
 {
-	PAC_LOGON_INFO *logon_info = NULL;
 	int i;
-	
+
 	for (i=0; i < pac_data->num_buffers; i++) {
 
-		if (pac_data->pac_buffer[i].type != PAC_TYPE_LOGON_INFO)
+		if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) {
 			continue;
+		}
 
-		logon_info = pac_data->pac_buffer[i].ctr->pac.logon_info;
-		break;
+		return pac_data->buffers[i].info->logon_info.info;
 	}
-	return logon_info;
+
+	return NULL;
 }
 
 /****************************************************************
@@ -971,12 +347,12 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
 			     bool request_pac,
 			     bool add_netbios_addr,
 			     time_t renewable_time,
-			     PAC_DATA **pac_ret)
+			     struct PAC_DATA **pac_ret)
 {
 	krb5_error_code ret;
 	NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
 	DATA_BLOB tkt, ap_rep, sesskey1, sesskey2;
-	PAC_DATA *pac_data = NULL;
+	struct PAC_DATA *pac_data = NULL;
 	char *client_princ_out = NULL;
 	const char *auth_princ = NULL;
 	const char *local_service = NULL;
@@ -1110,11 +486,11 @@ static NTSTATUS kerberos_return_pac_logon_info(TALLOC_CTX *mem_ctx,
 					       bool request_pac,
 					       bool add_netbios_addr,
 					       time_t renewable_time,
-					       PAC_LOGON_INFO **logon_info)
+					       struct PAC_LOGON_INFO **logon_info)
 {
 	NTSTATUS status;
-	PAC_DATA *pac_data = NULL;
-	PAC_LOGON_INFO *info = NULL;
+	struct PAC_DATA *pac_data = NULL;
+	struct PAC_LOGON_INFO *info = NULL;
 
 	status = kerberos_return_pac(mem_ctx,
 				     name,
@@ -1160,10 +536,10 @@ NTSTATUS kerberos_return_info3_from_pac(TALLOC_CTX *mem_ctx,
 					bool request_pac,
 					bool add_netbios_addr,
 					time_t renewable_time,
-					NET_USER_INFO_3 **info3)
+					struct netr_SamInfo3 **info3)
 {
 	NTSTATUS status;
-	PAC_LOGON_INFO *logon_info = NULL;
+	struct PAC_LOGON_INFO *logon_info = NULL;
 
 	status = kerberos_return_pac_logon_info(mem_ctx,
 						name,
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index e9222e8401..b37b9a500f 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -25,6 +25,8 @@
 
 #ifdef HAVE_KRB5
 
+#define DEFAULT_KRB5_PORT 88
+
 #define LIBADS_CCACHE_NAME "MEMORY:libads"
 
 /*
@@ -405,8 +407,8 @@ static char *kerberos_secrets_fetch_salting_principal(const char *service, int e
 	char *key = NULL;
 	char *ret = NULL;
 
-	asprintf(&key, "%s/%s/enctype=%d", SECRETS_SALTING_PRINCIPAL, service, enctype);
-	if (!key) {
+	if (asprintf(&key, "%s/%s/enctype=%d",
+		     SECRETS_SALTING_PRINCIPAL, service, enctype) == -1) {
 		return NULL;
 	}
 	ret = (char *)secrets_fetch(key, NULL);
@@ -436,7 +438,10 @@ static char* des_salt_key( void )
 {
 	char *key;
 
-	asprintf(&key, "%s/DES/%s", SECRETS_SALTING_PRINCIPAL, lp_realm());
+	if (asprintf(&key, "%s/DES/%s", SECRETS_SALTING_PRINCIPAL,
+		     lp_realm()) == -1) {
+		return NULL;
+	}
 
 	return key;
 }
@@ -607,9 +612,13 @@ bool kerberos_secrets_store_salting_principal(const char *service,
 		return False;
 	}
 	if (strchr_m(service, '@')) {
-		asprintf(&princ_s, "%s", service);
+		if (asprintf(&princ_s, "%s", service) == -1) {
+			goto out;
+		}
 	} else {
-		asprintf(&princ_s, "%s@%s", service, lp_realm());
+		if (asprintf(&princ_s, "%s@%s", service, lp_realm()) == -1) {
+			goto out;
+		}
 	}
 
 	if (smb_krb5_parse_name(context, princ_s, &princ) != 0) {
@@ -620,8 +629,9 @@ bool kerberos_secrets_store_salting_principal(const char *service,
 		goto out;
 	}
 
-	asprintf(&key, "%s/%s/enctype=%d", SECRETS_SALTING_PRINCIPAL, unparsed_name, enctype);
-	if (!key)  {
+	if (asprintf(&key, "%s/%s/enctype=%d",
+		     SECRETS_SALTING_PRINCIPAL, unparsed_name, enctype)
+	    == -1) {
 		goto out;
 	}
 
@@ -666,6 +676,57 @@ int kerberos_kinit_password(const char *principal,
 }
 
 /************************************************************************
+************************************************************************/
+
+static char *print_kdc_line(char *mem_ctx,
+			const char *prev_line,
+			const struct sockaddr_storage *pss)
+{
+	char *kdc_str = NULL;
+
+	if (pss->ss_family == AF_INET) {
+		kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+					prev_line,
+                                        print_canonical_sockaddr(mem_ctx, pss));
+	} else {
+		char addr[INET6_ADDRSTRLEN];
+		uint16_t port = get_sockaddr_port(pss);
+
+		if (port != 0 && port != DEFAULT_KRB5_PORT) {
+			/* Currently for IPv6 we can't specify a non-default
+			   krb5 port with an address, as this requires a ':'.
+			   Resolve to a name. */
+			char hostname[MAX_DNS_NAME_LENGTH];
+			int ret = sys_getnameinfo((const struct sockaddr *)pss,
+					sizeof(*pss),
+					hostname, sizeof(hostname),
+					NULL, 0,
+					NI_NAMEREQD);
+			if (ret) {
+				DEBUG(0,("print_kdc_line: can't resolve name "
+					"for kdc with non-default port %s. "
+					"Error %s\n.",
+					print_canonical_sockaddr(mem_ctx, pss),
+					gai_strerror(ret)));
+			}
+			/* Success, use host:port */
+			kdc_str = talloc_asprintf(mem_ctx,
+					"%s\tkdc = %s:%u\n",
+					prev_line,
+					hostname,
+					(unsigned int)port);
+		} else {
+			kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+					prev_line,
+					print_sockaddr(addr,
+						sizeof(addr),
+						pss));
+		}
+	}
+	return kdc_str;
+}
+
+/************************************************************************
  Create a string list of available kdc's, possibly searching by sitename.
  Does DNS queries.
 ************************************************************************/
@@ -677,12 +738,10 @@ static char *get_kdc_ip_string(char *mem_ctx,
 {
 	int i;
 	struct ip_service *ip_srv_site = NULL;
-	struct ip_service *ip_srv_nonsite;
+	struct ip_service *ip_srv_nonsite = NULL;
 	int count_site = 0;
 	int count_nonsite;
-	char *kdc_str = talloc_asprintf(mem_ctx, "\tkdc = %s\n",
-					print_canonical_sockaddr(mem_ctx,
-							pss));
+	char *kdc_str = print_kdc_line(mem_ctx, "", pss);
 
 	if (kdc_str == NULL) {
 		return NULL;
@@ -700,10 +759,9 @@ static char *get_kdc_ip_string(char *mem_ctx,
 			}
 			/* Append to the string - inefficient
 			 * but not done often. */
-			kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
-				kdc_str,
-				print_canonical_sockaddr(mem_ctx,
-							&ip_srv_site[i].ss));
+			kdc_str = print_kdc_line(mem_ctx,
+						kdc_str,
+						&ip_srv_site[i].ss);
 			if (!kdc_str) {
 				SAFE_FREE(ip_srv_site);
 				return NULL;
@@ -738,10 +796,9 @@ static char *get_kdc_ip_string(char *mem_ctx,
 		}
 
 		/* Append to the string - inefficient but not done often. */
-		kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+		kdc_str = print_kdc_line(mem_ctx,
 				kdc_str,
-				print_canonical_sockaddr(mem_ctx,
-						&ip_srv_nonsite[i].ss));
+				&ip_srv_nonsite[i].ss);
 		if (!kdc_str) {
 			SAFE_FREE(ip_srv_site);
 			SAFE_FREE(ip_srv_nonsite);
@@ -816,10 +873,14 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
 		return False;
 	}
 
-	file_contents = talloc_asprintf(fname, "[libdefaults]\n\tdefault_realm = %s\n\n"
-				"[realms]\n\t%s = {\n"
-				"\t%s\t}\n",
-				realm_upper, realm_upper, kdc_ip_string);
+	file_contents = talloc_asprintf(fname,
+					"[libdefaults]\n\tdefault_realm = %s\n"
+					"default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
+					"default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n"
+					"preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5\n\n"
+					"[realms]\n\t%s = {\n"
+					"\t%s\t}\n",
+					realm_upper, realm_upper, kdc_ip_string);
 
 	if (!file_contents) {
 		TALLOC_FREE(dname);
@@ -873,8 +934,8 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
 	}
 
 	DEBUG(5,("create_local_private_krb5_conf_for_domain: wrote "
-		"file %s with realm %s KDC = %s\n",
-		fname, realm_upper, print_canonical_sockaddr(dname, pss) ));
+		"file %s with realm %s KDC list = %s\n",
+		fname, realm_upper, kdc_ip_string));
 
 	/* Set the environment variable to this file. */
 	setenv("KRB5_CONFIG", fname, 1);
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index 5ce7aa6b45..f112dd34e3 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -309,7 +309,7 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
 			   time_t time_offset,
 			   const DATA_BLOB *ticket,
 			   char **principal,
-			   PAC_DATA **pac_data,
+			   struct PAC_DATA **pac_data,
 			   DATA_BLOB *ap_rep,
 			   DATA_BLOB *session_key,
 			   bool use_replay_cache)
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 28bc7793d7..d6b9ba622b 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -391,6 +391,13 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads)
 
 	/* try with a user specified server */
 
+	if (DEBUGLEVEL >= 11) {
+		char *s = NDR_PRINT_STRUCT_STRING(talloc_tos(), ads_struct, ads);
+		DEBUG(11,("ads_connect: entering\n"));
+		DEBUGADD(11,("%s\n", s));
+		TALLOC_FREE(s);
+	}
+
 	if (ads->server.ldap_server &&
 	    ads_try_connect(ads, ads->server.ldap_server)) {
 		goto got_connection;
@@ -401,7 +408,8 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads)
 		goto got_connection;
 	}
 
-	return ADS_ERROR_NT(ntstatus);
+	status = ADS_ERROR_NT(ntstatus);
+	goto out;
 
 got_connection:
 
@@ -438,12 +446,14 @@ got_connection:
 	/* If the caller() requested no LDAP bind, then we are done */
 	
 	if (ads->auth.flags & ADS_AUTH_NO_BIND) {
-		return ADS_SUCCESS;
+		status = ADS_SUCCESS;
+		goto out;
 	}
 
 	ads->ldap.mem_ctx = talloc_init("ads LDAP connection memory");
 	if (!ads->ldap.mem_ctx) {
-		return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+		status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+		goto out;
 	}
 	
 	/* Otherwise setup the TCP LDAP session */
@@ -451,7 +461,8 @@ got_connection:
 	ads->ldap.ld = ldap_open_with_timeout(ads->config.ldap_server_name,
 					      LDAP_PORT, lp_ldap_timeout());
 	if (ads->ldap.ld == NULL) {
-		return ADS_ERROR(LDAP_OPERATIONS_ERROR);
+		status = ADS_ERROR(LDAP_OPERATIONS_ERROR);
+		goto out;
 	}
 	DEBUG(3,("Connected to LDAP server %s\n", ads->config.ldap_server_name));
 
@@ -466,27 +477,40 @@ got_connection:
 
 	status = ADS_ERROR(smb_ldap_start_tls(ads->ldap.ld, version));
 	if (!ADS_ERR_OK(status)) {
-		return status;
+		goto out;
 	}
 
 	/* fill in the current time and offsets */
 	
 	status = ads_current_time( ads );
 	if ( !ADS_ERR_OK(status) ) {
-		return status;
+		goto out;
 	}
 
 	/* Now do the bind */
 	
 	if (ads->auth.flags & ADS_AUTH_ANON_BIND) {
-		return ADS_ERROR(ldap_simple_bind_s( ads->ldap.ld, NULL, NULL));
+		status = ADS_ERROR(ldap_simple_bind_s(ads->ldap.ld, NULL, NULL));
+		goto out;
 	}
 
 	if (ads->auth.flags & ADS_AUTH_SIMPLE_BIND) {
-		return ADS_ERROR(ldap_simple_bind_s( ads->ldap.ld, ads->auth.user_name, ads->auth.password));
+		status = ADS_ERROR(ldap_simple_bind_s(ads->ldap.ld, ads->auth.user_name, ads->auth.password));
+		goto out;
+	}
+
+	status = ads_sasl_bind(ads);
+
+ out:
+	if (DEBUGLEVEL >= 11) {
+		char *s = NDR_PRINT_STRUCT_STRING(talloc_tos(), ads_struct, ads);
+		DEBUG(11,("ads_connect: leaving with: %s\n",
+			ads_errstr(status)));
+		DEBUGADD(11,("%s\n", s));
+		TALLOC_FREE(s);
 	}
 
-	return ads_sasl_bind(ads);
+	return status;
 }
 
 /**
@@ -640,7 +664,7 @@ static ADS_STATUS ads_do_paged_search_args(ADS_STRUCT *ads,
 	else {
 		/* This would be the utf8-encoded version...*/
 		/* if (!(search_attrs = ads_push_strvals(ctx, attrs))) */
-		if (!(str_list_copy(&search_attrs, attrs))) {
+		if (!(str_list_copy(talloc_tos(), &search_attrs, attrs))) {
 			rc = LDAP_NO_MEMORY;
 			goto done;
 		}
@@ -777,7 +801,7 @@ done:
 	}
  
 	/* if/when we decide to utf8-encode attrs, take out this next line */
-	str_list_free(&search_attrs);
+	TALLOC_FREE(search_attrs);
 
 	return ADS_ERROR(rc);
 }
@@ -950,7 +974,7 @@ ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path,
 	else {
 		/* This would be the utf8-encoded version...*/
 		/* if (!(search_attrs = ads_push_strvals(ctx, attrs)))  */
-		if (!(str_list_copy(&search_attrs, attrs)))
+		if (!(str_list_copy(talloc_tos(), &search_attrs, attrs)))
 		{
 			DEBUG(1,("ads_do_search: str_list_copy() failed!"));
 			rc = LDAP_NO_MEMORY;
@@ -974,7 +998,7 @@ ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path,
  done:
 	talloc_destroy(ctx);
 	/* if/when we decide to utf8-encode attrs, take out this next line */
-	str_list_free(&search_attrs);
+	TALLOC_FREE(search_attrs);
 	return ADS_ERROR(rc);
 }
 /**
diff --git a/source3/libads/ndr.c b/source3/libads/ndr.c
new file mode 100644
index 0000000000..6324a22041
--- /dev/null
+++ b/source3/libads/ndr.c
@@ -0,0 +1,118 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   debug print helpers
+
+   Copyright (C) Guenther Deschner 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+void ndr_print_ads_auth_flags(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+	ndr_print_uint32(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_DISABLE_KERBEROS", ADS_AUTH_DISABLE_KERBEROS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_NO_BIND", ADS_AUTH_NO_BIND, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_ANON_BIND", ADS_AUTH_ANON_BIND, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_SIMPLE_BIND", ADS_AUTH_SIMPLE_BIND, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_ALLOW_NTLMSSP", ADS_AUTH_ALLOW_NTLMSSP, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_SASL_SIGN", ADS_AUTH_SASL_SIGN, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_SASL_SEAL", ADS_AUTH_SASL_SEAL, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_SASL_FORCE", ADS_AUTH_SASL_FORCE, r);
+	ndr->depth--;
+}
+
+void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct ads_struct *r)
+{
+	if (!r) { return; }
+
+	ndr_print_struct(ndr, name, "ads_struct");
+	ndr->depth++;
+	ndr_print_bool(ndr, "is_mine", r->is_mine);
+	ndr_print_struct(ndr, name, "server");
+	ndr->depth++;
+	ndr_print_string(ndr, "realm", r->server.realm);
+	ndr_print_string(ndr, "workgroup", r->server.workgroup);
+	ndr_print_string(ndr, "ldap_server", r->server.ldap_server);
+	ndr_print_bool(ndr, "foreign", r->server.foreign);
+	ndr->depth--;
+	ndr_print_struct(ndr, name, "auth");
+	ndr->depth++;
+	ndr_print_string(ndr, "realm", r->auth.realm);
+#ifdef DEBUG_PASSWORD
+	ndr_print_string(ndr, "password", r->auth.password);
+#else
+	ndr_print_string(ndr, "password", "(PASSWORD ommited)");
+#endif
+	ndr_print_string(ndr, "user_name", r->auth.user_name);
+	ndr_print_string(ndr, "kdc_server", r->auth.kdc_server);
+	ndr_print_ads_auth_flags(ndr, "flags", r->auth.flags);
+	ndr_print_uint32(ndr, "time_offset", r->auth.time_offset);
+	ndr_print_time_t(ndr, "tgt_expire", r->auth.tgt_expire);
+	ndr_print_time_t(ndr, "tgs_expire", r->auth.tgs_expire);
+	ndr_print_time_t(ndr, "renewable", r->auth.renewable);
+	ndr->depth--;
+	ndr_print_struct(ndr, name, "config");
+	ndr->depth++;
+	ndr_print_netr_DsR_DcFlags(ndr, "flags", r->config.flags);
+	ndr_print_string(ndr, "realm", r->config.realm);
+	ndr_print_string(ndr, "bind_path", r->config.bind_path);
+	ndr_print_string(ndr, "ldap_server_name", r->config.ldap_server_name);
+	ndr_print_string(ndr, "server_site_name", r->config.server_site_name);
+	ndr_print_string(ndr, "client_site_name", r->config.client_site_name);
+	ndr_print_time_t(ndr, "current_time", r->config.current_time);
+	ndr_print_bool(ndr, "tried_closest_dc", r->config.tried_closest_dc);
+	ndr_print_string(ndr, "schema_path", r->config.schema_path);
+	ndr_print_string(ndr, "config_path", r->config.config_path);
+	ndr->depth--;
+#ifdef HAVE_LDAP
+	ndr_print_struct(ndr, name, "ldap");
+	ndr->depth++;
+	ndr_print_ptr(ndr, "ld", r->ldap.ld);
+	ndr_print_sockaddr_storage(ndr, "ss", &r->ldap.ss);
+	ndr_print_time_t(ndr, "last_attempt", r->ldap.last_attempt);
+	ndr_print_uint32(ndr, "port", r->ldap.port);
+	ndr_print_uint16(ndr, "wrap_type", r->ldap.wrap_type);
+#ifdef HAVE_LDAP_SASL_WRAPPING
+	ndr_print_ptr(ndr, "sbiod", r->ldap.sbiod);
+#endif /* HAVE_LDAP_SASL_WRAPPING */
+	ndr_print_ptr(ndr, "mem_ctx", r->ldap.mem_ctx);
+	ndr_print_ptr(ndr, "wrap_ops", r->ldap.wrap_ops);
+	ndr_print_ptr(ndr, "wrap_private_data", r->ldap.wrap_private_data);
+	ndr_print_struct(ndr, name, "in");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "ofs", r->ldap.in.ofs);
+	ndr_print_uint32(ndr, "needed", r->ldap.in.needed);
+	ndr_print_uint32(ndr, "left", r->ldap.in.left);
+	ndr_print_uint32(ndr, "max_wrapped", r->ldap.in.max_wrapped);
+	ndr_print_uint32(ndr, "min_wrapped", r->ldap.in.min_wrapped);
+	ndr_print_uint32(ndr, "size", r->ldap.in.size);
+	ndr_print_array_uint8(ndr, "buf", r->ldap.in.buf, r->ldap.in.size);
+	ndr->depth--;
+	ndr_print_struct(ndr, name, "out");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "ofs", r->ldap.out.ofs);
+	ndr_print_uint32(ndr, "left", r->ldap.out.left);
+	ndr_print_uint32(ndr, "max_unwrapped", r->ldap.out.max_unwrapped);
+	ndr_print_uint32(ndr, "sig_size", r->ldap.out.sig_size);
+	ndr_print_uint32(ndr, "size", r->ldap.out.size);
+	ndr_print_array_uint8(ndr, "buf", r->ldap.out.buf, r->ldap.out.size);
+	ndr->depth--;
+	ndr->depth--;
+#endif /* HAVE_LDAP */
+	ndr->depth--;
+}
diff --git a/source3/libgpo/gpo_ldap.c b/source3/libgpo/gpo_ldap.c
index 4e63b92e4e..a34e6861a5 100644
--- a/source3/libgpo/gpo_ldap.c
+++ b/source3/libgpo/gpo_ldap.c
@@ -44,7 +44,7 @@ bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
 		goto parse_error;
 	}
 
-	ext_list = str_list_make_talloc(mem_ctx, extension_raw, "]");
+	ext_list = str_list_make(mem_ctx, extension_raw, "]");
 	if (!ext_list) {
 		goto parse_error;
 	}
@@ -87,7 +87,7 @@ bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
 			p++;
 		}
 
-		ext_strings = str_list_make_talloc(mem_ctx, p, "}");
+		ext_strings = str_list_make(mem_ctx, p, "}");
 		if (ext_strings == NULL) {
 			goto parse_error;
 		}
@@ -137,12 +137,8 @@ bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
 	ret = True;
 
  parse_error:
-	if (ext_list) {
-		str_list_free_talloc(mem_ctx, &ext_list);
-	}
-	if (ext_strings) {
-		str_list_free_talloc(mem_ctx, &ext_strings);
-	}
+	TALLOC_FREE(ext_list);
+	TALLOC_FREE(ext_strings);
 
 	return ret;
 }
@@ -166,7 +162,7 @@ static ADS_STATUS gpo_parse_gplink(TALLOC_CTX *mem_ctx,
 
 	DEBUG(10,("gpo_parse_gplink: gPLink: %s\n", gp_link_raw));
 
-	link_list = str_list_make_talloc(mem_ctx, gp_link_raw, "]");
+	link_list = str_list_make(mem_ctx, gp_link_raw, "]");
 	if (!link_list) {
 		goto parse_error;
 	}
@@ -226,10 +222,7 @@ static ADS_STATUS gpo_parse_gplink(TALLOC_CTX *mem_ctx,
 	status = ADS_SUCCESS;
 
  parse_error:
-
-	if (link_list) {
-		str_list_free_talloc(mem_ctx, &link_list);
-	}
+	TALLOC_FREE(link_list);
 
 	return status;
 }
diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c
index d20e10b141..688097bc5e 100644
--- a/source3/libnet/libnet_conf.c
+++ b/source3/libnet/libnet_conf.c
@@ -48,6 +48,10 @@ static WERROR libnet_conf_add_string_to_array(TALLOC_CTX *mem_ctx,
 	}
 
 	new_array[count] = talloc_strdup(new_array, string);
+	if (new_array[count] == NULL) {
+		TALLOC_FREE(new_array);
+		return WERR_NOMEM;
+	}
 
 	*array = new_array;
 
@@ -58,7 +62,7 @@ static WERROR libnet_conf_reg_initialize(struct libnet_conf_ctx *ctx)
 {
 	WERROR werr = WERR_OK;
 
-	if (!registry_init_regdb()) {
+	if (!registry_init_smbconf()) {
 		werr = WERR_REG_IO_FAILURE;
 		goto done;
 	}
@@ -134,6 +138,10 @@ static WERROR libnet_conf_reg_open_service_key(TALLOC_CTX *mem_ctx,
 	}
 
 	path = talloc_asprintf(mem_ctx, "%s\\%s", KEY_SMBCONF, servicename);
+	if (path == NULL) {
+		werr = WERR_NOMEM;
+		goto done;
+	}
 
 	werr = libnet_conf_reg_open_path(mem_ctx, ctx, path, desired_access,
 					 key);
@@ -191,7 +199,7 @@ static WERROR libnet_conf_reg_create_service_key(TALLOC_CTX *mem_ctx,
 	/* create a new talloc ctx for creation. it will hold
 	 * the intermediate parent key (SMBCONF) for creation
 	 * and will be destroyed when leaving this function... */
-	if (!(create_ctx = talloc_new(mem_ctx))) {
+	if (!(create_ctx = talloc_stackframe())) {
 		werr = WERR_NOMEM;
 		goto done;
 	}
@@ -316,8 +324,12 @@ static char *libnet_conf_format_registry_value(TALLOC_CTX *mem_ctx,
 	case REG_MULTI_SZ: {
                 uint32 j;
                 for (j = 0; j < value->v.multi_sz.num_strings; j++) {
-                        result = talloc_asprintf(mem_ctx, "\"%s\" ",
+                        result = talloc_asprintf(mem_ctx, "%s \"%s\" ",
+						 result,
 						 value->v.multi_sz.strings[j]);
+			if (result == NULL) {
+				break;
+			}
                 }
                 break;
         }
@@ -357,7 +369,7 @@ static WERROR libnet_conf_reg_get_values(TALLOC_CTX *mem_ctx,
 		goto done;
 	}
 
-	tmp_ctx = talloc_new(mem_ctx);
+	tmp_ctx = talloc_stackframe();
 	if (tmp_ctx == NULL) {
 		werr = WERR_NOMEM;
 		goto done;
@@ -470,6 +482,19 @@ void libnet_conf_close(struct libnet_conf_ctx *ctx)
 }
 
 /**
+ * Get the change sequence number of the given service/parameter.
+ *
+ * NOTE: Currently, for registry configuration, this is independent
+ * of the service and parameter, it returns the registry-sequence
+ * number.
+ */
+uint64_t libnet_conf_get_seqnum(struct libnet_conf_ctx *ctx,
+				const char *service, const char *param)
+{
+	return (uint64_t)regdb_get_seqnum();
+}
+
+/**
  * Drop the whole configuration (restarting empty).
  */
 WERROR libnet_conf_drop(struct libnet_conf_ctx *ctx)
@@ -540,7 +565,7 @@ WERROR libnet_conf_get_config(TALLOC_CTX *mem_ctx,
 		goto done;
 	}
 
-	tmp_ctx = talloc_new(mem_ctx);
+	tmp_ctx = talloc_stackframe();
 	if (tmp_ctx == NULL) {
 		werr = WERR_NOMEM;
 		goto done;
@@ -615,7 +640,7 @@ WERROR libnet_conf_get_share_names(TALLOC_CTX *mem_ctx,
 		goto done;
 	}
 
-	tmp_ctx = talloc_new(mem_ctx);
+	tmp_ctx = talloc_stackframe();
 	if (tmp_ctx == NULL) {
 		werr = WERR_NOMEM;
 		goto done;
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index a189a38ea3..1a8486f5b5 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -24,6 +24,41 @@
 /****************************************************************
 ****************************************************************/
 
+#define LIBNET_JOIN_DUMP_CTX(ctx, r, f) \
+	do { \
+		char *str = NULL; \
+		str = NDR_PRINT_FUNCTION_STRING(ctx, libnet_JoinCtx, f, r); \
+		DEBUG(1,("libnet_Join:\n%s", str)); \
+		talloc_free(str); \
+	} while (0)
+
+#define LIBNET_JOIN_IN_DUMP_CTX(ctx, r) \
+	LIBNET_JOIN_DUMP_CTX(ctx, r, NDR_IN | NDR_SET_VALUES)
+#define LIBNET_JOIN_OUT_DUMP_CTX(ctx, r) \
+	LIBNET_JOIN_DUMP_CTX(ctx, r, NDR_OUT)
+
+#define LIBNET_UNJOIN_DUMP_CTX(ctx, r, f) \
+	do { \
+		char *str = NULL; \
+		str = NDR_PRINT_FUNCTION_STRING(ctx, libnet_UnjoinCtx, f, r); \
+		DEBUG(1,("libnet_Unjoin:\n%s", str)); \
+		talloc_free(str); \
+	} while (0)
+
+#define LIBNET_UNJOIN_IN_DUMP_CTX(ctx, r) \
+	LIBNET_UNJOIN_DUMP_CTX(ctx, r, NDR_IN | NDR_SET_VALUES)
+#define LIBNET_UNJOIN_OUT_DUMP_CTX(ctx, r) \
+	LIBNET_UNJOIN_DUMP_CTX(ctx, r, NDR_OUT)
+
+#define W_ERROR_NOT_OK_GOTO_DONE(x) do { \
+	if (!W_ERROR_IS_OK(x)) {\
+		goto done;\
+	}\
+} while (0)
+
+/****************************************************************
+****************************************************************/
+
 static void libnet_join_set_error_string(TALLOC_CTX *mem_ctx,
 					 struct libnet_JoinCtx *r,
 					 const char *format, ...)
@@ -117,9 +152,24 @@ static ADS_STATUS libnet_join_connect_ads(TALLOC_CTX *mem_ctx,
 		libnet_join_set_error_string(mem_ctx, r,
 			"failed to connect to AD: %s",
 			ads_errstr(status));
+		return status;
 	}
 
-	return status;
+	if (!r->out.netbios_domain_name) {
+		r->out.netbios_domain_name = talloc_strdup(mem_ctx,
+							   r->in.ads->server.workgroup);
+		ADS_ERROR_HAVE_NO_MEMORY(r->out.netbios_domain_name);
+	}
+
+	if (!r->out.dns_domain_name) {
+		r->out.dns_domain_name = talloc_strdup(mem_ctx,
+						       r->in.ads->config.realm);
+		ADS_ERROR_HAVE_NO_MEMORY(r->out.dns_domain_name);
+	}
+
+	r->out.domain_is_ad = true;
+
+	return ADS_SUCCESS;
 }
 
 /****************************************************************
@@ -146,6 +196,7 @@ static ADS_STATUS libnet_unjoin_connect_ads(TALLOC_CTX *mem_ctx,
 }
 
 /****************************************************************
+ join a domain using ADS (LDAP mods)
 ****************************************************************/
 
 static ADS_STATUS libnet_join_precreate_machine_acct(TALLOC_CTX *mem_ctx,
@@ -154,6 +205,7 @@ static ADS_STATUS libnet_join_precreate_machine_acct(TALLOC_CTX *mem_ctx,
 	ADS_STATUS status;
 	LDAPMessage *res = NULL;
 	const char *attrs[] = { "dn", NULL };
+	bool moved = false;
 
 	status = ads_search_dn(r->in.ads, &res, r->in.account_ou, attrs);
 	if (!ADS_ERR_OK(status)) {
@@ -165,16 +217,41 @@ static ADS_STATUS libnet_join_precreate_machine_acct(TALLOC_CTX *mem_ctx,
 		return ADS_ERROR_LDAP(LDAP_NO_SUCH_OBJECT);
 	}
 
+	ads_msgfree(r->in.ads, res);
+
+	/* Attempt to create the machine account and bail if this fails.
+	   Assume that the admin wants exactly what they requested */
+
 	status = ads_create_machine_acct(r->in.ads,
 					 r->in.machine_name,
 					 r->in.account_ou);
-	ads_msgfree(r->in.ads, res);
 
-	if ((status.error_type == ENUM_ADS_ERROR_LDAP) &&
-	    (status.err.rc == LDAP_ALREADY_EXISTS)) {
+	if (ADS_ERR_OK(status)) {
+		DEBUG(1,("machine account creation created\n"));
+		return status;
+	} else  if ((status.error_type == ENUM_ADS_ERROR_LDAP) &&
+		    (status.err.rc == LDAP_ALREADY_EXISTS)) {
 		status = ADS_SUCCESS;
 	}
 
+	if (!ADS_ERR_OK(status)) {
+		DEBUG(1,("machine account creation failed\n"));
+		return status;
+	}
+
+	status = ads_move_machine_acct(r->in.ads,
+				       r->in.machine_name,
+				       r->in.account_ou,
+				       &moved);
+	if (!ADS_ERR_OK(status)) {
+		DEBUG(1,("failure to locate/move pre-existing "
+			"machine account\n"));
+		return status;
+	}
+
+	DEBUG(1,("The machine account %s the specified OU.\n",
+		moved ? "was moved into" : "already exists in"));
+
 	return status;
 }
 
@@ -250,6 +327,7 @@ static ADS_STATUS libnet_join_find_machine_acct(TALLOC_CTX *mem_ctx,
 }
 
 /****************************************************************
+ Set a machines dNSHostName and servicePrincipalName attributes
 ****************************************************************/
 
 static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
@@ -261,18 +339,15 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
 	const char *spn_array[3] = {NULL, NULL, NULL};
 	char *spn = NULL;
 
-	if (!r->in.ads) {
-		status = libnet_join_connect_ads(mem_ctx, r);
-		if (!ADS_ERR_OK(status)) {
-			return status;
-		}
-	}
+	/* Find our DN */
 
 	status = libnet_join_find_machine_acct(mem_ctx, r);
 	if (!ADS_ERR_OK(status)) {
 		return status;
 	}
 
+	/* Windows only creates HOST/shortname & HOST/fqdn. */
+
 	spn = talloc_asprintf(mem_ctx, "HOST/%s", r->in.machine_name);
 	if (!spn) {
 		return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
@@ -296,6 +371,8 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx,
 		return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
 	}
 
+	/* fields of primary importance */
+
 	status = ads_mod_str(mem_ctx, &mods, "dNSHostName", my_fqdn);
 	if (!ADS_ERR_OK(status)) {
 		return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
@@ -323,12 +400,7 @@ static ADS_STATUS libnet_join_set_machine_upn(TALLOC_CTX *mem_ctx,
 		return ADS_SUCCESS;
 	}
 
-	if (!r->in.ads) {
-		status = libnet_join_connect_ads(mem_ctx, r);
-		if (!ADS_ERR_OK(status)) {
-			return status;
-		}
-	}
+	/* Find our DN */
 
 	status = libnet_join_find_machine_acct(mem_ctx, r);
 	if (!ADS_ERR_OK(status)) {
@@ -345,11 +417,15 @@ static ADS_STATUS libnet_join_set_machine_upn(TALLOC_CTX *mem_ctx,
 		}
 	}
 
+	/* now do the mods */
+
 	mods = ads_init_mods(mem_ctx);
 	if (!mods) {
 		return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
 	}
 
+	/* fields of primary importance */
+
 	status = ads_mod_str(mem_ctx, &mods, "userPrincipalName", r->in.upn);
 	if (!ADS_ERR_OK(status)) {
 		return ADS_ERROR_LDAP(LDAP_NO_MEMORY);
@@ -373,18 +449,15 @@ static ADS_STATUS libnet_join_set_os_attributes(TALLOC_CTX *mem_ctx,
 		return ADS_SUCCESS;
 	}
 
-	if (!r->in.ads) {
-		status = libnet_join_connect_ads(mem_ctx, r);
-		if (!ADS_ERR_OK(status)) {
-			return status;
-		}
-	}
+	/* Find our DN */
 
 	status = libnet_join_find_machine_acct(mem_ctx, r);
 	if (!ADS_ERR_OK(status)) {
 		return status;
 	}
 
+	/* now do the mods */
+
 	mods = ads_init_mods(mem_ctx);
 	if (!mods) {
 		return ADS_ERROR(LDAP_NO_MEMORY);
@@ -395,6 +468,8 @@ static ADS_STATUS libnet_join_set_os_attributes(TALLOC_CTX *mem_ctx,
 		return ADS_ERROR(LDAP_NO_MEMORY);
 	}
 
+	/* fields of primary importance */
+
 	status = ads_mod_str(mem_ctx, &mods, "operatingSystem",
 			     r->in.os_name);
 	if (!ADS_ERR_OK(status)) {
@@ -452,6 +527,8 @@ static bool libnet_join_derive_salting_principal(TALLOC_CTX *mem_ctx,
 		return false;
 	}
 
+	/* go ahead and setup the default salt */
+
 	std_salt = kerberos_standard_des_salt();
 	if (!std_salt) {
 		libnet_join_set_error_string(mem_ctx, r,
@@ -466,6 +543,8 @@ static bool libnet_join_derive_salting_principal(TALLOC_CTX *mem_ctx,
 
 	SAFE_FREE(std_salt);
 
+	/* if it's a Windows functional domain, we have to look for the UPN */
+
 	if (domain_func == DS_DOMAIN_FUNCTION_2000) {
 		char *upn;
 
@@ -490,6 +569,13 @@ static ADS_STATUS libnet_join_post_processing_ads(TALLOC_CTX *mem_ctx,
 {
 	ADS_STATUS status;
 
+	if (!r->in.ads) {
+		status = libnet_join_connect_ads(mem_ctx, r);
+		if (!ADS_ERR_OK(status)) {
+			return status;
+		}
+	}
+
 	status = libnet_join_set_machine_spn(mem_ctx, r);
 	if (!ADS_ERR_OK(status)) {
 		libnet_join_set_error_string(mem_ctx, r,
@@ -529,6 +615,7 @@ static ADS_STATUS libnet_join_post_processing_ads(TALLOC_CTX *mem_ctx,
 #endif /* WITH_ADS */
 
 /****************************************************************
+ Store the machine password and domain SID
 ****************************************************************/
 
 static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx,
@@ -537,6 +624,7 @@ static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx,
 	if (!secrets_store_domain_sid(r->out.netbios_domain_name,
 				      r->out.domain_sid))
 	{
+		DEBUG(1,("Failed to save domain sid\n"));
 		return false;
 	}
 
@@ -544,6 +632,7 @@ static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx,
 					    r->out.netbios_domain_name,
 					    SEC_CHAN_WKSTA))
 	{
+		DEBUG(1,("Failed to save machine password\n"));
 		return false;
 	}
 
@@ -551,6 +640,7 @@ static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx,
 }
 
 /****************************************************************
+ Do the domain join
 ****************************************************************/
 
 static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
@@ -561,20 +651,18 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 	POLICY_HND sam_pol, domain_pol, user_pol, lsa_pol;
 	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
 	char *acct_name;
-	const char *const_acct_name;
-	uint32 user_rid;
-	uint32 num_rids, *name_types, *user_rids;
-	uint32 flags = 0x3e8;
-	uint32 acb_info = ACB_WSTRUST;
-	uint32 fields_present;
+	struct lsa_String lsa_acct_name;
+	uint32_t user_rid;
+	uint32_t acct_flags = ACB_WSTRUST;
 	uchar pwbuf[532];
-	SAM_USERINFO_CTR ctr;
-	SAM_USER_INFO_25 p25;
-	const int infolevel = 25;
 	struct MD5Context md5ctx;
 	uchar md5buffer[16];
 	DATA_BLOB digested_session_key;
 	uchar md4_trust_password[16];
+	union lsa_PolicyInformation *info = NULL;
+	struct samr_Ids user_rids;
+	struct samr_Ids name_types;
+	union samr_UserInfo user_info;
 
 	if (!r->in.machine_password) {
 		r->in.machine_password = talloc_strdup(mem_ctx, generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH));
@@ -597,69 +685,118 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 
 	pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &status);
 	if (!pipe_hnd) {
+		DEBUG(0,("Error connecting to LSA pipe. Error was %s\n",
+			nt_errstr(status)));
 		goto done;
 	}
 
-	status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
+	status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
 					SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
 	if (!NT_STATUS_IS_OK(status)) {
 		goto done;
 	}
 
-	status = rpccli_lsa_query_info_policy2(pipe_hnd, mem_ctx, &lsa_pol,
-					       12,
-					       &r->out.netbios_domain_name,
-					       &r->out.dns_domain_name,
-					       NULL,
-					       NULL,
-					       &r->out.domain_sid);
-
+	status = rpccli_lsa_QueryInfoPolicy2(pipe_hnd, mem_ctx,
+					     &lsa_pol,
+					     LSA_POLICY_INFO_DNS,
+					     &info);
 	if (NT_STATUS_IS_OK(status)) {
 		r->out.domain_is_ad = true;
+		r->out.netbios_domain_name = info->dns.name.string;
+		r->out.dns_domain_name = info->dns.dns_domain.string;
+		r->out.domain_sid = info->dns.sid;
 	}
 
 	if (!NT_STATUS_IS_OK(status)) {
-		status = rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx, &lsa_pol,
-						      5,
-						      &r->out.netbios_domain_name,
-						      &r->out.domain_sid);
+		status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
+						    &lsa_pol,
+						    LSA_POLICY_INFO_ACCOUNT_DOMAIN,
+						    &info);
 		if (!NT_STATUS_IS_OK(status)) {
 			goto done;
 		}
+
+		r->out.netbios_domain_name = info->account_domain.name.string;
+		r->out.domain_sid = info->account_domain.sid;
 	}
 
 	rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);
 	cli_rpc_pipe_close(pipe_hnd);
 
+	/* Open the domain */
+
 	pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &status);
 	if (!pipe_hnd) {
+		DEBUG(0,("Error connecting to SAM pipe. Error was %s\n",
+			nt_errstr(status)));
 		goto done;
 	}
 
-	status = rpccli_samr_connect(pipe_hnd, mem_ctx,
-				     SEC_RIGHTS_MAXIMUM_ALLOWED, &sam_pol);
+	status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      SEC_RIGHTS_MAXIMUM_ALLOWED,
+				      &sam_pol);
 	if (!NT_STATUS_IS_OK(status)) {
 		goto done;
 	}
 
-	status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &sam_pol,
-					 SEC_RIGHTS_MAXIMUM_ALLOWED,
-					 r->out.domain_sid,
-					 &domain_pol);
+	status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&sam_pol,
+					SEC_RIGHTS_MAXIMUM_ALLOWED,
+					r->out.domain_sid,
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(status)) {
 		goto done;
 	}
 
+	/* Create domain user */
+
 	acct_name = talloc_asprintf(mem_ctx, "%s$", r->in.machine_name);
 	strlower_m(acct_name);
-	const_acct_name = acct_name;
+
+	init_lsa_String(&lsa_acct_name, acct_name);
 
 	if (r->in.join_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE) {
-		status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx,
-						     &domain_pol,
-						     acct_name, ACB_WSTRUST,
-						     0xe005000b, &user_pol,
-						     &user_rid);
+		uint32_t access_desired =
+			SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+			SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+			SAMR_USER_ACCESS_SET_PASSWORD |
+			SAMR_USER_ACCESS_GET_ATTRIBUTES |
+			SAMR_USER_ACCESS_SET_ATTRIBUTES;
+		uint32_t access_granted = 0;
+
+		/* Don't try to set any acct_flags flags other than ACB_WSTRUST */
+
+		DEBUG(10,("Creating account with desired access mask: %d\n",
+			access_desired));
+
+		status = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
+						 &domain_pol,
+						 &lsa_acct_name,
+						 ACB_WSTRUST,
+						 access_desired,
+						 &user_pol,
+						 &access_granted,
+						 &user_rid);
+		if (!NT_STATUS_IS_OK(status) &&
+		    !NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
+
+			DEBUG(10,("Creation of workstation account failed: %s\n",
+				nt_errstr(status)));
+
+			/* If NT_STATUS_ACCESS_DENIED then we have a valid
+			   username/password combo but the user does not have
+			   administrator access. */
+
+			if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+				libnet_join_set_error_string(mem_ctx, r,
+					"User specified does not have "
+					"administrator privileges");
+			}
+
+			return status;
+		}
+
 		if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
 			if (!(r->in.join_flags &
 			      WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED)) {
@@ -667,37 +804,49 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 			}
 		}
 
+		/* We *must* do this.... don't ask... */
+
 		if (NT_STATUS_IS_OK(status)) {
-			rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
+			rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
 		}
 	}
 
-	status = rpccli_samr_lookup_names(pipe_hnd, mem_ctx,
-					  &domain_pol, flags, 1,
-					  &const_acct_name,
-					  &num_rids, &user_rids, &name_types);
+	status = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+					 &domain_pol,
+					 1,
+					 &lsa_acct_name,
+					 &user_rids,
+					 &name_types);
 	if (!NT_STATUS_IS_OK(status)) {
 		goto done;
 	}
 
-	if (name_types[0] != SID_NAME_USER) {
+	if (name_types.ids[0] != SID_NAME_USER) {
+		DEBUG(0,("%s is not a user account (type=%d)\n",
+			acct_name, name_types.ids[0]));
 		status = NT_STATUS_INVALID_WORKSTATION;
 		goto done;
 	}
 
-	user_rid = user_rids[0];
+	user_rid = user_rids.ids[0];
+
+	/* Open handle on user */
 
-	status = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
-				       SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid,
-				       &user_pol);
+	status = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+				      &domain_pol,
+				      SEC_RIGHTS_MAXIMUM_ALLOWED,
+				      user_rid,
+				      &user_pol);
 	if (!NT_STATUS_IS_OK(status)) {
 		goto done;
 	}
 
+	/* Create a random machine account password and generate the hash */
+
 	E_md4hash(r->in.machine_password, md4_trust_password);
 	encode_pw_buffer(pwbuf, r->in.machine_password, STR_UNICODE);
 
-	generate_random_buffer((uint8*)md5buffer, sizeof(md5buffer));
+	generate_random_buffer((uint8_t*)md5buffer, sizeof(md5buffer));
 	digested_session_key = data_blob_talloc(mem_ctx, 0, 16);
 
 	MD5Init(&md5ctx);
@@ -709,31 +858,58 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 	SamOEMhashBlob(pwbuf, sizeof(pwbuf), &digested_session_key);
 	memcpy(&pwbuf[516], md5buffer, sizeof(md5buffer));
 
-	acb_info |= ACB_PWNOEXP;
+	/* Fill in the additional account flags now */
+
+	acct_flags |= ACB_PWNOEXP;
 	if (r->out.domain_is_ad) {
 #if !defined(ENCTYPE_ARCFOUR_HMAC)
-		acb_info |= ACB_USE_DES_KEY_ONLY;
+		acct_flags |= ACB_USE_DES_KEY_ONLY;
 #endif
 		;;
 	}
 
-	ZERO_STRUCT(ctr);
-	ZERO_STRUCT(p25);
+	/* Set password and account flags on machine account */
+
+	ZERO_STRUCT(user_info.info25);
+
+	user_info.info25.info.fields_present = ACCT_NT_PWD_SET |
+					       ACCT_LM_PWD_SET |
+					       SAMR_FIELD_ACCT_FLAGS;
+
+	user_info.info25.info.acct_flags = acct_flags;
+	memcpy(&user_info.info25.password.data, pwbuf, sizeof(pwbuf));
+
+	status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
+					 &user_pol,
+					 25,
+					 &user_info);
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS(DCERPC_FAULT_INVALID_TAG))) {
+
+		uchar pwbuf2[516];
+
+		encode_pw_buffer(pwbuf2, r->in.machine_password, STR_UNICODE);
 
-	fields_present = ACCT_NT_PWD_SET | ACCT_LM_PWD_SET | ACCT_FLAGS;
-	init_sam_user_info25P(&p25, fields_present, acb_info, (char *)pwbuf);
+		/* retry with level 24 */
+		init_samr_user_info24(&user_info.info24, pwbuf2, 24);
 
-	ctr.switch_value = infolevel;
-	ctr.info.id25    = &p25;
+		SamOEMhashBlob(user_info.info24.password.data, 516,
+			       &cli->user_session_key);
+
+		status = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
+						  &user_pol,
+						  24,
+						  &user_info);
+	}
 
-	status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol,
-					   infolevel, &cli->user_session_key,
-					   &ctr);
 	if (!NT_STATUS_IS_OK(status)) {
+		libnet_join_set_error_string(mem_ctx, r,
+			"Failed to set password for machine account (%s)\n",
+			nt_errstr(status));
 		goto done;
 	}
 
-	rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
+	rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
 	cli_rpc_pipe_close(pipe_hnd);
 
 	status = NT_STATUS_OK;
@@ -748,6 +924,132 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
 /****************************************************************
 ****************************************************************/
 
+NTSTATUS libnet_join_ok(const char *netbios_domain_name,
+			const char *machine_name,
+			const char *dc_name)
+{
+	uint32_t neg_flags = NETLOGON_NEG_AUTH2_FLAGS |
+			     NETLOGON_NEG_SCHANNEL;
+	/* FIXME: NETLOGON_NEG_SELECT_AUTH2_FLAGS */
+	struct cli_state *cli = NULL;
+	struct rpc_pipe_client *pipe_hnd = NULL;
+	struct rpc_pipe_client *netlogon_pipe = NULL;
+	NTSTATUS status;
+	char *machine_password = NULL;
+	char *machine_account = NULL;
+
+	if (!dc_name) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (!secrets_init()) {
+		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
+	}
+
+	machine_password = secrets_fetch_machine_password(netbios_domain_name,
+							  NULL, NULL);
+	if (!machine_password) {
+		return NT_STATUS_NO_TRUST_LSA_SECRET;
+	}
+
+	asprintf(&machine_account, "%s$", machine_name);
+	if (!machine_account) {
+		SAFE_FREE(machine_password);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	status = cli_full_connection(&cli, NULL,
+				     dc_name,
+				     NULL, 0,
+				     "IPC$", "IPC",
+				     machine_account,
+				     NULL,
+				     machine_password,
+				     0,
+				     Undefined, NULL);
+	free(machine_account);
+	free(machine_password);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		status = cli_full_connection(&cli, NULL,
+					     dc_name,
+					     NULL, 0,
+					     "IPC$", "IPC",
+					     "",
+					     NULL,
+					     "",
+					     0,
+					     Undefined, NULL);
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	netlogon_pipe = get_schannel_session_key(cli,
+						 netbios_domain_name,
+						 &neg_flags, &status);
+	if (!netlogon_pipe) {
+		if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_NETWORK_RESPONSE)) {
+			cli_shutdown(cli);
+			return NT_STATUS_OK;
+		}
+
+		DEBUG(0,("libnet_join_ok: failed to get schannel session "
+			"key from server %s for domain %s. Error was %s\n",
+		cli->desthost, netbios_domain_name, nt_errstr(status)));
+		cli_shutdown(cli);
+		return status;
+	}
+
+	if (!lp_client_schannel()) {
+		cli_shutdown(cli);
+		return NT_STATUS_OK;
+	}
+
+	pipe_hnd = cli_rpc_pipe_open_schannel_with_key(cli, PI_NETLOGON,
+						       PIPE_AUTH_LEVEL_PRIVACY,
+						       netbios_domain_name,
+						       netlogon_pipe->dc,
+						       &status);
+
+	cli_shutdown(cli);
+
+	if (!pipe_hnd) {
+		DEBUG(0,("libnet_join_ok: failed to open schannel session "
+			"on netlogon pipe to server %s for domain %s. "
+			"Error was %s\n",
+			cli->desthost, netbios_domain_name, nt_errstr(status)));
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+static WERROR libnet_join_post_verify(TALLOC_CTX *mem_ctx,
+				      struct libnet_JoinCtx *r)
+{
+	NTSTATUS status;
+
+	status = libnet_join_ok(r->out.netbios_domain_name,
+				r->in.machine_name,
+				r->in.dc_name);
+	if (!NT_STATUS_IS_OK(status)) {
+		libnet_join_set_error_string(mem_ctx, r,
+			"failed to verify domain membership after joining: %s",
+			get_friendly_nt_error_msg(status));
+		return WERR_SETUP_NOT_JOINED;
+	}
+
+	return WERR_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
 static bool libnet_join_unjoindomain_remove_secrets(TALLOC_CTX *mem_ctx,
 						    struct libnet_UnjoinCtx *r)
 {
@@ -773,12 +1075,11 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx,
 	POLICY_HND sam_pol, domain_pol, user_pol;
 	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
 	char *acct_name;
-	uint32 flags = 0x3e8;
-	const char *const_acct_name;
-	uint32 user_rid;
-	uint32 num_rids, *name_types, *user_rids;
-	SAM_USERINFO_CTR ctr, *qctr = NULL;
-	SAM_USER_INFO_16 p16;
+	uint32_t user_rid;
+	struct lsa_String lsa_acct_name;
+	struct samr_Ids user_rids;
+	struct samr_Ids name_types;
+	union samr_UserInfo *info = NULL;
 
 	status = cli_full_connection(&cli, NULL,
 				     r->in.dc_name,
@@ -793,73 +1094,96 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx,
 		goto done;
 	}
 
+	/* Open the domain */
+
 	pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &status);
 	if (!pipe_hnd) {
+		DEBUG(0,("Error connecting to SAM pipe. Error was %s\n",
+			nt_errstr(status)));
 		goto done;
 	}
 
-	status = rpccli_samr_connect(pipe_hnd, mem_ctx,
-				     SEC_RIGHTS_MAXIMUM_ALLOWED, &sam_pol);
+	status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      SEC_RIGHTS_MAXIMUM_ALLOWED,
+				      &sam_pol);
 	if (!NT_STATUS_IS_OK(status)) {
 		goto done;
 	}
 
-	status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &sam_pol,
-					 SEC_RIGHTS_MAXIMUM_ALLOWED,
-					 r->in.domain_sid,
-					 &domain_pol);
+	status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&sam_pol,
+					SEC_RIGHTS_MAXIMUM_ALLOWED,
+					r->in.domain_sid,
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(status)) {
 		goto done;
 	}
 
+	/* Create domain user */
+
 	acct_name = talloc_asprintf(mem_ctx, "%s$", r->in.machine_name);
 	strlower_m(acct_name);
-	const_acct_name = acct_name;
 
-	status = rpccli_samr_lookup_names(pipe_hnd, mem_ctx,
-					  &domain_pol, flags, 1,
-					  &const_acct_name,
-					  &num_rids, &user_rids, &name_types);
+	init_lsa_String(&lsa_acct_name, acct_name);
+
+	status = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+					 &domain_pol,
+					 1,
+					 &lsa_acct_name,
+					 &user_rids,
+					 &name_types);
+
 	if (!NT_STATUS_IS_OK(status)) {
 		goto done;
 	}
 
-	if (name_types[0] != SID_NAME_USER) {
+	if (name_types.ids[0] != SID_NAME_USER) {
+		DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name,
+			name_types.ids[0]));
 		status = NT_STATUS_INVALID_WORKSTATION;
 		goto done;
 	}
 
-	user_rid = user_rids[0];
+	user_rid = user_rids.ids[0];
+
+	/* Open handle on user */
 
-	status = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
-				       SEC_RIGHTS_MAXIMUM_ALLOWED,
-				       user_rid, &user_pol);
+	status = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+				      &domain_pol,
+				      SEC_RIGHTS_MAXIMUM_ALLOWED,
+				      user_rid,
+				      &user_pol);
 	if (!NT_STATUS_IS_OK(status)) {
 		goto done;
 	}
 
-	status = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx,
-					    &user_pol, 16, &qctr);
+	/* Get user info */
+
+	status = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
+					   &user_pol,
+					   16,
+					   &info);
 	if (!NT_STATUS_IS_OK(status)) {
-		rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
+		rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
 		goto done;
 	}
 
-	ZERO_STRUCT(ctr);
-	ctr.switch_value = 16;
-	ctr.info.id16 = &p16;
+	/* now disable and setuser info */
 
-	p16.acb_info = qctr->info.id16->acb_info | ACB_DISABLED;
+	info->info16.acct_flags |= ACB_DISABLED;
 
-	status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, 16,
-					   &cli->user_session_key, &ctr);
+	status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
+					 &user_pol,
+					 16,
+					 info);
 
-	rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
+	rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
 
 done:
 	if (pipe_hnd) {
-		rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
-		rpccli_samr_close(pipe_hnd, mem_ctx, &sam_pol);
+		rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
+		rpccli_samr_Close(pipe_hnd, mem_ctx, &sam_pol);
 		cli_rpc_pipe_close(pipe_hnd);
 	}
 
@@ -886,9 +1210,7 @@ static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r)
 	if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE)) {
 
 		werr = libnet_conf_set_global_parameter(ctx, "security", "user");
-		if (!W_ERROR_IS_OK(werr)) {
-			goto done;
-		}
+		W_ERROR_NOT_OK_GOTO_DONE(werr);
 
 		werr = libnet_conf_set_global_parameter(ctx, "workgroup",
 							r->in.domain_name);
@@ -896,27 +1218,22 @@ static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r)
 	}
 
 	werr = libnet_conf_set_global_parameter(ctx, "security", "domain");
-	if (!W_ERROR_IS_OK(werr)) {
-		goto done;
-	}
+	W_ERROR_NOT_OK_GOTO_DONE(werr);
 
 	werr = libnet_conf_set_global_parameter(ctx, "workgroup",
 						r->out.netbios_domain_name);
-	if (!W_ERROR_IS_OK(werr)) {
-		goto done;
-	}
+	W_ERROR_NOT_OK_GOTO_DONE(werr);
 
 	if (r->out.domain_is_ad) {
 		werr = libnet_conf_set_global_parameter(ctx, "security", "ads");
-		if (!W_ERROR_IS_OK(werr)) {
-			goto done;
-		}
+		W_ERROR_NOT_OK_GOTO_DONE(werr);
 
 		werr = libnet_conf_set_global_parameter(ctx, "realm",
 							r->out.dns_domain_name);
+		W_ERROR_NOT_OK_GOTO_DONE(werr);
 	}
 
-done:
+ done:
 	libnet_conf_close(ctx);
 	return werr;
 }
@@ -937,14 +1254,11 @@ static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r)
 	if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) {
 
 		werr = libnet_conf_set_global_parameter(ctx, "security", "user");
-		if (!W_ERROR_IS_OK(werr)) {
-			goto done;
-		}
+		W_ERROR_NOT_OK_GOTO_DONE(werr);
+		libnet_conf_delete_global_parameter(ctx, "realm");
 	}
 
-	libnet_conf_delete_global_parameter(ctx, "realm");
-
-done:
+ done:
 	libnet_conf_close(ctx);
 	return werr;
 }
@@ -978,7 +1292,7 @@ static WERROR do_JoinConfig(struct libnet_JoinCtx *r)
 /****************************************************************
 ****************************************************************/
 
-static WERROR do_UnjoinConfig(struct libnet_UnjoinCtx *r)
+static WERROR libnet_unjoin_config(struct libnet_UnjoinCtx *r)
 {
 	WERROR werr;
 
@@ -1007,12 +1321,16 @@ static WERROR do_UnjoinConfig(struct libnet_UnjoinCtx *r)
 static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx,
 					 struct libnet_JoinCtx *r)
 {
-
 	if (!r->in.domain_name) {
+		libnet_join_set_error_string(mem_ctx, r,
+			"No domain name defined");
 		return WERR_INVALID_PARAM;
 	}
 
-	if (r->in.modify_config && !lp_include_registry_globals()) {
+	if (r->in.modify_config && !lp_config_backend_is_registry()) {
+		libnet_join_set_error_string(mem_ctx, r,
+			"Configuration manipulation requested but not "
+			"supported by backend");
 		return WERR_NOT_SUPPORTED;
 	}
 
@@ -1135,9 +1453,8 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
 #endif /* WITH_ADS */
 
 	if (!r->in.dc_name) {
-		struct DS_DOMAIN_CONTROLLER_INFO *info;
+		struct netr_DsRGetDCNameInfo *info;
 		status = dsgetdcname(mem_ctx,
-				     NULL,
 				     r->in.domain_name,
 				     NULL,
 				     NULL,
@@ -1147,13 +1464,14 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
 				     &info);
 		if (!NT_STATUS_IS_OK(status)) {
 			libnet_join_set_error_string(mem_ctx, r,
-				"failed to find DC: %s",
-				nt_errstr(status));
+				"failed to find DC for domain %s",
+				r->in.domain_name,
+				get_friendly_nt_error_msg(status));
 			return WERR_DOMAIN_CONTROLLER_NOT_FOUND;
 		}
 
 		r->in.dc_name = talloc_strdup(mem_ctx,
-					      info->domain_controller_name);
+					      info->dc_unc);
 		W_ERROR_HAVE_NO_MEMORY(r->in.dc_name);
 	}
 
@@ -1182,7 +1500,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
 	if (!NT_STATUS_IS_OK(status)) {
 		libnet_join_set_error_string(mem_ctx, r,
 			"failed to join domain over rpc: %s",
-			nt_errstr(status));
+			get_friendly_nt_error_msg(status));
 		if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) {
 			return WERR_SETUP_ALREADY_JOINED;
 		}
@@ -1214,7 +1532,7 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx,
 	WERROR werr;
 
 	if (r->in.debug) {
-		NDR_PRINT_IN_DEBUG(libnet_JoinCtx, r);
+		LIBNET_JOIN_IN_DUMP_CTX(mem_ctx, r);
 	}
 
 	werr = libnet_join_pre_processing(mem_ctx, r);
@@ -1227,6 +1545,11 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx,
 		if (!W_ERROR_IS_OK(werr)) {
 			goto done;
 		}
+
+		werr = libnet_join_post_verify(mem_ctx, r);
+		if (!W_ERROR_IS_OK(werr)) {
+			goto done;
+		}
 	}
 
 	werr = libnet_join_post_processing(mem_ctx, r);
@@ -1234,8 +1557,10 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx,
 		goto done;
 	}
  done:
+	r->out.result = werr;
+
 	if (r->in.debug) {
-		NDR_PRINT_OUT_DEBUG(libnet_JoinCtx, r);
+		LIBNET_JOIN_OUT_DUMP_CTX(mem_ctx, r);
 	}
 	return werr;
 }
@@ -1248,10 +1573,20 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx,
 {
 	NTSTATUS status;
 
+	if (!r->in.domain_sid) {
+		struct dom_sid sid;
+		if (!secrets_fetch_domain_sid(lp_workgroup(), &sid)) {
+			libnet_unjoin_set_error_string(mem_ctx, r,
+				"Unable to fetch domain sid: are we joined?");
+			return WERR_SETUP_NOT_JOINED;
+		}
+		r->in.domain_sid = sid_dup_talloc(mem_ctx, &sid);
+		W_ERROR_HAVE_NO_MEMORY(r->in.domain_sid);
+	}
+
 	if (!r->in.dc_name) {
-		struct DS_DOMAIN_CONTROLLER_INFO *info;
+		struct netr_DsRGetDCNameInfo *info;
 		status = dsgetdcname(mem_ctx,
-				     NULL,
 				     r->in.domain_name,
 				     NULL,
 				     NULL,
@@ -1261,27 +1596,30 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx,
 				     &info);
 		if (!NT_STATUS_IS_OK(status)) {
 			libnet_unjoin_set_error_string(mem_ctx, r,
-				"failed to find DC: %s",
-				nt_errstr(status));
+				"failed to find DC for domain %s",
+				r->in.domain_name,
+				get_friendly_nt_error_msg(status));
 			return WERR_DOMAIN_CONTROLLER_NOT_FOUND;
 		}
 
 		r->in.dc_name = talloc_strdup(mem_ctx,
-					      info->domain_controller_name);
+					      info->dc_unc);
 		W_ERROR_HAVE_NO_MEMORY(r->in.dc_name);
 	}
 
 	status = libnet_join_unjoindomain_rpc(mem_ctx, r);
 	if (!NT_STATUS_IS_OK(status)) {
 		libnet_unjoin_set_error_string(mem_ctx, r,
-			"failed to unjoin domain: %s",
-			nt_errstr(status));
+			"failed to disable machine account via rpc: %s",
+			get_friendly_nt_error_msg(status));
 		if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
 			return WERR_SETUP_NOT_JOINED;
 		}
 		return ntstatus_to_werror(status);
 	}
 
+	r->out.disabled_machine_account = true;
+
 #ifdef WITH_ADS
 	if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE) {
 		ADS_STATUS ads_status;
@@ -1291,6 +1629,12 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx,
 			libnet_unjoin_set_error_string(mem_ctx, r,
 				"failed to remove machine account from AD: %s",
 				ads_errstr(ads_status));
+		} else {
+			r->out.deleted_machine_account = true;
+			/* dirty hack */
+			r->out.dns_domain_name = talloc_strdup(mem_ctx,
+							       r->in.ads->server.realm);
+			W_ERROR_HAVE_NO_MEMORY(r->out.dns_domain_name);
 		}
 	}
 #endif /* WITH_ADS */
@@ -1306,10 +1650,23 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx,
 static WERROR libnet_unjoin_pre_processing(TALLOC_CTX *mem_ctx,
 					   struct libnet_UnjoinCtx *r)
 {
-	if (r->in.modify_config && !lp_include_registry_globals()) {
+	if (!r->in.domain_name) {
+		libnet_unjoin_set_error_string(mem_ctx, r,
+			"No domain name defined");
+		return WERR_INVALID_PARAM;
+	}
+
+	if (r->in.modify_config && !lp_config_backend_is_registry()) {
+		libnet_unjoin_set_error_string(mem_ctx, r,
+			"Configuration manipulation requested but not "
+			"supported by backend");
 		return WERR_NOT_SUPPORTED;
 	}
 
+	if (IS_DC) {
+		return WERR_SETUP_DOMAIN_CONTROLLER;
+	}
+
 	if (!secrets_init()) {
 		libnet_unjoin_set_error_string(mem_ctx, r,
 			"Unable to open secrets database");
@@ -1322,13 +1679,25 @@ static WERROR libnet_unjoin_pre_processing(TALLOC_CTX *mem_ctx,
 /****************************************************************
 ****************************************************************/
 
+static WERROR libnet_unjoin_post_processing(TALLOC_CTX *mem_ctx,
+					    struct libnet_UnjoinCtx *r)
+{
+	saf_delete(r->out.netbios_domain_name);
+	saf_delete(r->out.dns_domain_name);
+
+	return libnet_unjoin_config(r);
+}
+
+/****************************************************************
+****************************************************************/
+
 WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx,
 		     struct libnet_UnjoinCtx *r)
 {
 	WERROR werr;
 
 	if (r->in.debug) {
-		NDR_PRINT_IN_DEBUG(libnet_UnjoinCtx, r);
+		LIBNET_UNJOIN_IN_DUMP_CTX(mem_ctx, r);
 	}
 
 	werr = libnet_unjoin_pre_processing(mem_ctx, r);
@@ -1339,18 +1708,21 @@ WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx,
 	if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) {
 		werr = libnet_DomainUnjoin(mem_ctx, r);
 		if (!W_ERROR_IS_OK(werr)) {
+			libnet_unjoin_config(r);
 			goto done;
 		}
 	}
 
-	werr = do_UnjoinConfig(r);
+	werr = libnet_unjoin_post_processing(mem_ctx, r);
 	if (!W_ERROR_IS_OK(werr)) {
 		goto done;
 	}
 
  done:
+	r->out.result = werr;
+
 	if (r->in.debug) {
-		NDR_PRINT_OUT_DEBUG(libnet_UnjoinCtx, r);
+		LIBNET_UNJOIN_OUT_DUMP_CTX(mem_ctx, r);
 	}
 
 	return werr;
diff --git a/source3/library-versions.in b/source3/library-versions.in
index cdd1807e23..e8ef0645a7 100644
--- a/source3/library-versions.in
+++ b/source3/library-versions.in
@@ -2,6 +2,8 @@
 ## Basic script for defining the major and minor library revision numbers
 ## Makefile_target:major:minor
 ##
+bin/libtalloc.@SHLIBEXT@:1:0
+bin/libtdb.@SHLIBEXT@:0:1
 bin/libsmbclient.@SHLIBEXT@:0:1
 bin/libsmbsharemodes.@SHLIBEXT@:0:2
 bin/libaddns.@SHLIBEXT@:0:1
diff --git a/source3/librpc/gen_ndr/cli_dfs.c b/source3/librpc/gen_ndr/cli_dfs.c
index 9078ce7bba..fc00128f3f 100644
--- a/source3/librpc/gen_ndr/cli_dfs.c
+++ b/source3/librpc/gen_ndr/cli_dfs.c
@@ -789,12 +789,20 @@ NTSTATUS rpccli_dfs_AddStdRootForced(struct rpc_pipe_client *cli,
 
 NTSTATUS rpccli_dfs_GetDcAddress(struct rpc_pipe_client *cli,
 				 TALLOC_CTX *mem_ctx,
+				 const char *servername,
+				 const char **server_fullname,
+				 uint8_t *is_root,
+				 uint32_t *ttl,
 				 WERROR *werror)
 {
 	struct dfs_GetDcAddress r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.servername = servername;
+	r.in.server_fullname = server_fullname;
+	r.in.is_root = is_root;
+	r.in.ttl = ttl;
 
 	if (DEBUGLEVEL >= 10) {
 		NDR_PRINT_IN_DEBUG(dfs_GetDcAddress, &r);
@@ -820,6 +828,9 @@ NTSTATUS rpccli_dfs_GetDcAddress(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
+	*server_fullname = *r.out.server_fullname;
+	*is_root = *r.out.is_root;
+	*ttl = *r.out.ttl;
 
 	/* Return result */
 	if (werror) {
@@ -831,12 +842,20 @@ NTSTATUS rpccli_dfs_GetDcAddress(struct rpc_pipe_client *cli,
 
 NTSTATUS rpccli_dfs_SetDcAddress(struct rpc_pipe_client *cli,
 				 TALLOC_CTX *mem_ctx,
+				 const char *servername,
+				 const char *server_fullname,
+				 uint32_t flags,
+				 uint32_t ttl,
 				 WERROR *werror)
 {
 	struct dfs_SetDcAddress r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.servername = servername;
+	r.in.server_fullname = server_fullname;
+	r.in.flags = flags;
+	r.in.ttl = ttl;
 
 	if (DEBUGLEVEL >= 10) {
 		NDR_PRINT_IN_DEBUG(dfs_SetDcAddress, &r);
diff --git a/source3/librpc/gen_ndr/cli_dfs.h b/source3/librpc/gen_ndr/cli_dfs.h
index cdd0978bb4..d23bb90470 100644
--- a/source3/librpc/gen_ndr/cli_dfs.h
+++ b/source3/librpc/gen_ndr/cli_dfs.h
@@ -101,9 +101,17 @@ NTSTATUS rpccli_dfs_AddStdRootForced(struct rpc_pipe_client *cli,
 				     WERROR *werror);
 NTSTATUS rpccli_dfs_GetDcAddress(struct rpc_pipe_client *cli,
 				 TALLOC_CTX *mem_ctx,
+				 const char *servername,
+				 const char **server_fullname,
+				 uint8_t *is_root,
+				 uint32_t *ttl,
 				 WERROR *werror);
 NTSTATUS rpccli_dfs_SetDcAddress(struct rpc_pipe_client *cli,
 				 TALLOC_CTX *mem_ctx,
+				 const char *servername,
+				 const char *server_fullname,
+				 uint32_t flags,
+				 uint32_t ttl,
 				 WERROR *werror);
 NTSTATUS rpccli_dfs_FlushFtTable(struct rpc_pipe_client *cli,
 				 TALLOC_CTX *mem_ctx,
diff --git a/source3/librpc/gen_ndr/cli_dssetup.c b/source3/librpc/gen_ndr/cli_dssetup.c
new file mode 100644
index 0000000000..8947d99bb5
--- /dev/null
+++ b/source3/librpc/gen_ndr/cli_dssetup.c
@@ -0,0 +1,476 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * client auto-generated by pidl. DO NOT MODIFY!
+ */
+
+#include "includes.h"
+#include "librpc/gen_ndr/cli_dssetup.h"
+
+NTSTATUS rpccli_dssetup_DsRoleGetPrimaryDomainInformation(struct rpc_pipe_client *cli,
+							  TALLOC_CTX *mem_ctx,
+							  enum dssetup_DsRoleInfoLevel level,
+							  union dssetup_DsRoleInfo *info,
+							  WERROR *werror)
+{
+	struct dssetup_DsRoleGetPrimaryDomainInformation r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.level = level;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleGetPrimaryDomainInformation, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_DSSETUP,
+				&ndr_table_dssetup,
+				NDR_DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleGetPrimaryDomainInformation, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	if (info && r.out.info) {
+		*info = *r.out.info;
+	}
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_dssetup_DsRoleDnsNameToFlatName(struct rpc_pipe_client *cli,
+						TALLOC_CTX *mem_ctx,
+						WERROR *werror)
+{
+	struct dssetup_DsRoleDnsNameToFlatName r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleDnsNameToFlatName, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_DSSETUP,
+				&ndr_table_dssetup,
+				NDR_DSSETUP_DSROLEDNSNAMETOFLATNAME,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleDnsNameToFlatName, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_dssetup_DsRoleDcAsDc(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     WERROR *werror)
+{
+	struct dssetup_DsRoleDcAsDc r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleDcAsDc, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_DSSETUP,
+				&ndr_table_dssetup,
+				NDR_DSSETUP_DSROLEDCASDC,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleDcAsDc, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_dssetup_DsRoleDcAsReplica(struct rpc_pipe_client *cli,
+					  TALLOC_CTX *mem_ctx,
+					  WERROR *werror)
+{
+	struct dssetup_DsRoleDcAsReplica r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleDcAsReplica, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_DSSETUP,
+				&ndr_table_dssetup,
+				NDR_DSSETUP_DSROLEDCASREPLICA,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleDcAsReplica, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_dssetup_DsRoleDemoteDc(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       WERROR *werror)
+{
+	struct dssetup_DsRoleDemoteDc r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleDemoteDc, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_DSSETUP,
+				&ndr_table_dssetup,
+				NDR_DSSETUP_DSROLEDEMOTEDC,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleDemoteDc, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_dssetup_DsRoleGetDcOperationProgress(struct rpc_pipe_client *cli,
+						     TALLOC_CTX *mem_ctx,
+						     WERROR *werror)
+{
+	struct dssetup_DsRoleGetDcOperationProgress r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleGetDcOperationProgress, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_DSSETUP,
+				&ndr_table_dssetup,
+				NDR_DSSETUP_DSROLEGETDCOPERATIONPROGRESS,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleGetDcOperationProgress, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_dssetup_DsRoleGetDcOperationResults(struct rpc_pipe_client *cli,
+						    TALLOC_CTX *mem_ctx,
+						    WERROR *werror)
+{
+	struct dssetup_DsRoleGetDcOperationResults r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleGetDcOperationResults, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_DSSETUP,
+				&ndr_table_dssetup,
+				NDR_DSSETUP_DSROLEGETDCOPERATIONRESULTS,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleGetDcOperationResults, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_dssetup_DsRoleCancel(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     WERROR *werror)
+{
+	struct dssetup_DsRoleCancel r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleCancel, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_DSSETUP,
+				&ndr_table_dssetup,
+				NDR_DSSETUP_DSROLECANCEL,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleCancel, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_dssetup_DsRoleServerSaveStateForUpgrade(struct rpc_pipe_client *cli,
+							TALLOC_CTX *mem_ctx,
+							WERROR *werror)
+{
+	struct dssetup_DsRoleServerSaveStateForUpgrade r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleServerSaveStateForUpgrade, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_DSSETUP,
+				&ndr_table_dssetup,
+				NDR_DSSETUP_DSROLESERVERSAVESTATEFORUPGRADE,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleServerSaveStateForUpgrade, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_dssetup_DsRoleUpgradeDownlevelServer(struct rpc_pipe_client *cli,
+						     TALLOC_CTX *mem_ctx,
+						     WERROR *werror)
+{
+	struct dssetup_DsRoleUpgradeDownlevelServer r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleUpgradeDownlevelServer, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_DSSETUP,
+				&ndr_table_dssetup,
+				NDR_DSSETUP_DSROLEUPGRADEDOWNLEVELSERVER,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleUpgradeDownlevelServer, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_dssetup_DsRoleAbortDownlevelServerUpgrade(struct rpc_pipe_client *cli,
+							  TALLOC_CTX *mem_ctx,
+							  WERROR *werror)
+{
+	struct dssetup_DsRoleAbortDownlevelServerUpgrade r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleAbortDownlevelServerUpgrade, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_DSSETUP,
+				&ndr_table_dssetup,
+				NDR_DSSETUP_DSROLEABORTDOWNLEVELSERVERUPGRADE,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleAbortDownlevelServerUpgrade, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
diff --git a/source3/librpc/gen_ndr/cli_dssetup.h b/source3/librpc/gen_ndr/cli_dssetup.h
new file mode 100644
index 0000000000..b645c26829
--- /dev/null
+++ b/source3/librpc/gen_ndr/cli_dssetup.h
@@ -0,0 +1,39 @@
+#include "librpc/gen_ndr/ndr_dssetup.h"
+#ifndef __CLI_DSSETUP__
+#define __CLI_DSSETUP__
+NTSTATUS rpccli_dssetup_DsRoleGetPrimaryDomainInformation(struct rpc_pipe_client *cli,
+							  TALLOC_CTX *mem_ctx,
+							  enum dssetup_DsRoleInfoLevel level,
+							  union dssetup_DsRoleInfo *info,
+							  WERROR *werror);
+NTSTATUS rpccli_dssetup_DsRoleDnsNameToFlatName(struct rpc_pipe_client *cli,
+						TALLOC_CTX *mem_ctx,
+						WERROR *werror);
+NTSTATUS rpccli_dssetup_DsRoleDcAsDc(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     WERROR *werror);
+NTSTATUS rpccli_dssetup_DsRoleDcAsReplica(struct rpc_pipe_client *cli,
+					  TALLOC_CTX *mem_ctx,
+					  WERROR *werror);
+NTSTATUS rpccli_dssetup_DsRoleDemoteDc(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       WERROR *werror);
+NTSTATUS rpccli_dssetup_DsRoleGetDcOperationProgress(struct rpc_pipe_client *cli,
+						     TALLOC_CTX *mem_ctx,
+						     WERROR *werror);
+NTSTATUS rpccli_dssetup_DsRoleGetDcOperationResults(struct rpc_pipe_client *cli,
+						    TALLOC_CTX *mem_ctx,
+						    WERROR *werror);
+NTSTATUS rpccli_dssetup_DsRoleCancel(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     WERROR *werror);
+NTSTATUS rpccli_dssetup_DsRoleServerSaveStateForUpgrade(struct rpc_pipe_client *cli,
+							TALLOC_CTX *mem_ctx,
+							WERROR *werror);
+NTSTATUS rpccli_dssetup_DsRoleUpgradeDownlevelServer(struct rpc_pipe_client *cli,
+						     TALLOC_CTX *mem_ctx,
+						     WERROR *werror);
+NTSTATUS rpccli_dssetup_DsRoleAbortDownlevelServerUpgrade(struct rpc_pipe_client *cli,
+							  TALLOC_CTX *mem_ctx,
+							  WERROR *werror);
+#endif /* __CLI_DSSETUP__ */
diff --git a/source3/librpc/gen_ndr/cli_eventlog.c b/source3/librpc/gen_ndr/cli_eventlog.c
index 72cd886cb4..0084776a08 100644
--- a/source3/librpc/gen_ndr/cli_eventlog.c
+++ b/source3/librpc/gen_ndr/cli_eventlog.c
@@ -9,14 +9,14 @@
 NTSTATUS rpccli_eventlog_ClearEventLogW(struct rpc_pipe_client *cli,
 					TALLOC_CTX *mem_ctx,
 					struct policy_handle *handle,
-					struct lsa_String *unknown)
+					struct lsa_String *backupfile)
 {
 	struct eventlog_ClearEventLogW r;
 	NTSTATUS status;
 
 	/* In parameters */
 	r.in.handle = handle;
-	r.in.unknown = unknown;
+	r.in.backupfile = backupfile;
 
 	if (DEBUGLEVEL >= 10) {
 		NDR_PRINT_IN_DEBUG(eventlog_ClearEventLogW, &r);
@@ -203,12 +203,15 @@ NTSTATUS rpccli_eventlog_GetNumRecords(struct rpc_pipe_client *cli,
 }
 
 NTSTATUS rpccli_eventlog_GetOldestRecord(struct rpc_pipe_client *cli,
-					 TALLOC_CTX *mem_ctx)
+					 TALLOC_CTX *mem_ctx,
+					 struct policy_handle *handle,
+					 uint32_t *oldest_entry)
 {
 	struct eventlog_GetOldestRecord r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.handle = handle;
 
 	if (DEBUGLEVEL >= 10) {
 		NDR_PRINT_IN_DEBUG(eventlog_GetOldestRecord, &r);
@@ -234,6 +237,7 @@ NTSTATUS rpccli_eventlog_GetOldestRecord(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
+	*oldest_entry = *r.out.oldest_entry;
 
 	/* Return result */
 	return r.out.result;
@@ -279,8 +283,8 @@ NTSTATUS rpccli_eventlog_ChangeNotify(struct rpc_pipe_client *cli,
 NTSTATUS rpccli_eventlog_OpenEventLogW(struct rpc_pipe_client *cli,
 				       TALLOC_CTX *mem_ctx,
 				       struct eventlog_OpenUnknown0 *unknown0,
-				       struct lsa_String logname,
-				       struct lsa_String servername,
+				       struct lsa_String *logname,
+				       struct lsa_String *servername,
 				       uint32_t unknown2,
 				       uint32_t unknown3,
 				       struct policy_handle *handle)
diff --git a/source3/librpc/gen_ndr/cli_eventlog.h b/source3/librpc/gen_ndr/cli_eventlog.h
index f75355c390..10790a21fc 100644
--- a/source3/librpc/gen_ndr/cli_eventlog.h
+++ b/source3/librpc/gen_ndr/cli_eventlog.h
@@ -4,7 +4,7 @@
 NTSTATUS rpccli_eventlog_ClearEventLogW(struct rpc_pipe_client *cli,
 					TALLOC_CTX *mem_ctx,
 					struct policy_handle *handle,
-					struct lsa_String *unknown);
+					struct lsa_String *backupfile);
 NTSTATUS rpccli_eventlog_BackupEventLogW(struct rpc_pipe_client *cli,
 					 TALLOC_CTX *mem_ctx);
 NTSTATUS rpccli_eventlog_CloseEventLog(struct rpc_pipe_client *cli,
@@ -17,14 +17,16 @@ NTSTATUS rpccli_eventlog_GetNumRecords(struct rpc_pipe_client *cli,
 				       struct policy_handle *handle,
 				       uint32_t *number);
 NTSTATUS rpccli_eventlog_GetOldestRecord(struct rpc_pipe_client *cli,
-					 TALLOC_CTX *mem_ctx);
+					 TALLOC_CTX *mem_ctx,
+					 struct policy_handle *handle,
+					 uint32_t *oldest_entry);
 NTSTATUS rpccli_eventlog_ChangeNotify(struct rpc_pipe_client *cli,
 				      TALLOC_CTX *mem_ctx);
 NTSTATUS rpccli_eventlog_OpenEventLogW(struct rpc_pipe_client *cli,
 				       TALLOC_CTX *mem_ctx,
 				       struct eventlog_OpenUnknown0 *unknown0,
-				       struct lsa_String logname,
-				       struct lsa_String servername,
+				       struct lsa_String *logname,
+				       struct lsa_String *servername,
 				       uint32_t unknown2,
 				       uint32_t unknown3,
 				       struct policy_handle *handle);
diff --git a/source3/librpc/gen_ndr/cli_lsa.c b/source3/librpc/gen_ndr/cli_lsa.c
index 92ba8bdfee..b1609ea97b 100644
--- a/source3/librpc/gen_ndr/cli_lsa.c
+++ b/source3/librpc/gen_ndr/cli_lsa.c
@@ -89,8 +89,8 @@ NTSTATUS rpccli_lsa_EnumPrivs(struct rpc_pipe_client *cli,
 			      TALLOC_CTX *mem_ctx,
 			      struct policy_handle *handle,
 			      uint32_t *resume_handle,
-			      uint32_t max_count,
-			      struct lsa_PrivArray *privs)
+			      struct lsa_PrivArray *privs,
+			      uint32_t max_count)
 {
 	struct lsa_EnumPrivs r;
 	NTSTATUS status;
@@ -135,7 +135,7 @@ NTSTATUS rpccli_lsa_QuerySecurity(struct rpc_pipe_client *cli,
 				  TALLOC_CTX *mem_ctx,
 				  struct policy_handle *handle,
 				  uint32_t sec_info,
-				  struct sec_desc_buf *sdbuf)
+				  struct sec_desc_buf **sdbuf)
 {
 	struct lsa_QuerySecurity r;
 	NTSTATUS status;
@@ -168,21 +168,25 @@ NTSTATUS rpccli_lsa_QuerySecurity(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	if (sdbuf && r.out.sdbuf) {
-		*sdbuf = *r.out.sdbuf;
-	}
+	*sdbuf = *r.out.sdbuf;
 
 	/* Return result */
 	return r.out.result;
 }
 
 NTSTATUS rpccli_lsa_SetSecObj(struct rpc_pipe_client *cli,
-			      TALLOC_CTX *mem_ctx)
+			      TALLOC_CTX *mem_ctx,
+			      struct policy_handle *handle,
+			      uint32_t sec_info,
+			      struct sec_desc_buf *sdbuf)
 {
 	struct lsa_SetSecObj r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.handle = handle;
+	r.in.sec_info = sec_info;
+	r.in.sdbuf = sdbuf;
 
 	if (DEBUGLEVEL >= 10) {
 		NDR_PRINT_IN_DEBUG(lsa_SetSecObj, &r);
@@ -299,7 +303,7 @@ NTSTATUS rpccli_lsa_QueryInfoPolicy(struct rpc_pipe_client *cli,
 				    TALLOC_CTX *mem_ctx,
 				    struct policy_handle *handle,
 				    enum lsa_PolicyInfo level,
-				    union lsa_PolicyInformation *info)
+				    union lsa_PolicyInformation **info)
 {
 	struct lsa_QueryInfoPolicy r;
 	NTSTATUS status;
@@ -332,9 +336,7 @@ NTSTATUS rpccli_lsa_QueryInfoPolicy(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	if (info && r.out.info) {
-		*info = *r.out.info;
-	}
+	*info = *r.out.info;
 
 	/* Return result */
 	return r.out.result;
@@ -469,8 +471,8 @@ NTSTATUS rpccli_lsa_EnumAccounts(struct rpc_pipe_client *cli,
 				 TALLOC_CTX *mem_ctx,
 				 struct policy_handle *handle,
 				 uint32_t *resume_handle,
-				 uint32_t num_entries,
-				 struct lsa_SidArray *sids)
+				 struct lsa_SidArray *sids,
+				 uint32_t num_entries)
 {
 	struct lsa_EnumAccounts r;
 	NTSTATUS status;
@@ -560,8 +562,8 @@ NTSTATUS rpccli_lsa_EnumTrustDom(struct rpc_pipe_client *cli,
 				 TALLOC_CTX *mem_ctx,
 				 struct policy_handle *handle,
 				 uint32_t *resume_handle,
-				 uint32_t max_size,
-				 struct lsa_DomainList *domains)
+				 struct lsa_DomainList *domains,
+				 uint32_t max_size)
 {
 	struct lsa_EnumTrustDom r;
 	NTSTATUS status;
@@ -607,9 +609,9 @@ NTSTATUS rpccli_lsa_LookupNames(struct rpc_pipe_client *cli,
 				struct policy_handle *handle,
 				uint32_t num_names,
 				struct lsa_String *names,
-				struct lsa_RefDomainList *domains,
+				struct lsa_RefDomainList **domains,
 				struct lsa_TransSidArray *sids,
-				uint16_t level,
+				enum lsa_LookupNamesLevel level,
 				uint32_t *count)
 {
 	struct lsa_LookupNames r;
@@ -647,9 +649,7 @@ NTSTATUS rpccli_lsa_LookupNames(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	if (domains && r.out.domains) {
-		*domains = *r.out.domains;
-	}
+	*domains = *r.out.domains;
 	*sids = *r.out.sids;
 	*count = *r.out.count;
 
@@ -661,7 +661,7 @@ NTSTATUS rpccli_lsa_LookupSids(struct rpc_pipe_client *cli,
 			       TALLOC_CTX *mem_ctx,
 			       struct policy_handle *handle,
 			       struct lsa_SidArray *sids,
-			       struct lsa_RefDomainList *domains,
+			       struct lsa_RefDomainList **domains,
 			       struct lsa_TransNameArray *names,
 			       uint16_t level,
 			       uint32_t *count)
@@ -700,9 +700,7 @@ NTSTATUS rpccli_lsa_LookupSids(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	if (domains && r.out.domains) {
-		*domains = *r.out.domains;
-	}
+	*domains = *r.out.domains;
 	*names = *r.out.names;
 	*count = *r.out.count;
 
@@ -803,7 +801,7 @@ NTSTATUS rpccli_lsa_OpenAccount(struct rpc_pipe_client *cli,
 NTSTATUS rpccli_lsa_EnumPrivsAccount(struct rpc_pipe_client *cli,
 				     TALLOC_CTX *mem_ctx,
 				     struct policy_handle *handle,
-				     struct lsa_PrivilegeSet *privs)
+				     struct lsa_PrivilegeSet **privs)
 {
 	struct lsa_EnumPrivsAccount r;
 	NTSTATUS status;
@@ -835,9 +833,7 @@ NTSTATUS rpccli_lsa_EnumPrivsAccount(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	if (privs && r.out.privs) {
-		*privs = *r.out.privs;
-	}
+	*privs = *r.out.privs;
 
 	/* Return result */
 	return r.out.result;
@@ -1002,12 +998,15 @@ NTSTATUS rpccli_lsa_SetQuotasForAccount(struct rpc_pipe_client *cli,
 }
 
 NTSTATUS rpccli_lsa_GetSystemAccessAccount(struct rpc_pipe_client *cli,
-					   TALLOC_CTX *mem_ctx)
+					   TALLOC_CTX *mem_ctx,
+					   struct policy_handle *handle,
+					   uint32_t *access_mask)
 {
 	struct lsa_GetSystemAccessAccount r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.handle = handle;
 
 	if (DEBUGLEVEL >= 10) {
 		NDR_PRINT_IN_DEBUG(lsa_GetSystemAccessAccount, &r);
@@ -1033,18 +1032,23 @@ NTSTATUS rpccli_lsa_GetSystemAccessAccount(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
+	*access_mask = *r.out.access_mask;
 
 	/* Return result */
 	return r.out.result;
 }
 
 NTSTATUS rpccli_lsa_SetSystemAccessAccount(struct rpc_pipe_client *cli,
-					   TALLOC_CTX *mem_ctx)
+					   TALLOC_CTX *mem_ctx,
+					   struct policy_handle *handle,
+					   uint32_t access_mask)
 {
 	struct lsa_SetSystemAccessAccount r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.handle = handle;
+	r.in.access_mask = access_mask;
 
 	if (DEBUGLEVEL >= 10) {
 		NDR_PRINT_IN_DEBUG(lsa_SetSystemAccessAccount, &r);
@@ -1441,9 +1445,10 @@ NTSTATUS rpccli_lsa_LookupPrivDisplayName(struct rpc_pipe_client *cli,
 					  TALLOC_CTX *mem_ctx,
 					  struct policy_handle *handle,
 					  struct lsa_String *name,
-					  struct lsa_StringLarge *disp_name,
-					  uint16_t *language_id,
-					  uint16_t unknown)
+					  uint16_t language_id,
+					  uint16_t language_id_sys,
+					  struct lsa_StringLarge **disp_name,
+					  uint16_t *returned_language_id)
 {
 	struct lsa_LookupPrivDisplayName r;
 	NTSTATUS status;
@@ -1452,7 +1457,7 @@ NTSTATUS rpccli_lsa_LookupPrivDisplayName(struct rpc_pipe_client *cli,
 	r.in.handle = handle;
 	r.in.name = name;
 	r.in.language_id = language_id;
-	r.in.unknown = unknown;
+	r.in.language_id_sys = language_id_sys;
 
 	if (DEBUGLEVEL >= 10) {
 		NDR_PRINT_IN_DEBUG(lsa_LookupPrivDisplayName, &r);
@@ -1478,22 +1483,22 @@ NTSTATUS rpccli_lsa_LookupPrivDisplayName(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	if (disp_name && r.out.disp_name) {
-		*disp_name = *r.out.disp_name;
-	}
-	*language_id = *r.out.language_id;
+	*disp_name = *r.out.disp_name;
+	*returned_language_id = *r.out.returned_language_id;
 
 	/* Return result */
 	return r.out.result;
 }
 
 NTSTATUS rpccli_lsa_DeleteObject(struct rpc_pipe_client *cli,
-				 TALLOC_CTX *mem_ctx)
+				 TALLOC_CTX *mem_ctx,
+				 struct policy_handle *handle)
 {
 	struct lsa_DeleteObject r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.handle = handle;
 
 	if (DEBUGLEVEL >= 10) {
 		NDR_PRINT_IN_DEBUG(lsa_DeleteObject, &r);
@@ -1519,6 +1524,7 @@ NTSTATUS rpccli_lsa_DeleteObject(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
+	*handle = *r.out.handle;
 
 	/* Return result */
 	return r.out.result;
@@ -1657,7 +1663,7 @@ NTSTATUS rpccli_lsa_RemoveAccountRights(struct rpc_pipe_client *cli,
 					TALLOC_CTX *mem_ctx,
 					struct policy_handle *handle,
 					struct dom_sid2 *sid,
-					uint32_t unknown,
+					uint8_t remove_all,
 					struct lsa_RightSet *rights)
 {
 	struct lsa_RemoveAccountRights r;
@@ -1666,7 +1672,7 @@ NTSTATUS rpccli_lsa_RemoveAccountRights(struct rpc_pipe_client *cli,
 	/* In parameters */
 	r.in.handle = handle;
 	r.in.sid = sid;
-	r.in.unknown = unknown;
+	r.in.remove_all = remove_all;
 	r.in.rights = rights;
 
 	if (DEBUGLEVEL >= 10) {
@@ -1945,8 +1951,8 @@ NTSTATUS rpccli_lsa_OpenPolicy2(struct rpc_pipe_client *cli,
 NTSTATUS rpccli_lsa_GetUserName(struct rpc_pipe_client *cli,
 				TALLOC_CTX *mem_ctx,
 				const char *system_name,
-				struct lsa_String *account_name,
-				struct lsa_StringPointer *authority_name)
+				struct lsa_String **account_name,
+				struct lsa_String **authority_name)
 {
 	struct lsa_GetUserName r;
 	NTSTATUS status;
@@ -1980,9 +1986,7 @@ NTSTATUS rpccli_lsa_GetUserName(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	if (account_name && r.out.account_name) {
-		*account_name = *r.out.account_name;
-	}
+	*account_name = *r.out.account_name;
 	if (authority_name && r.out.authority_name) {
 		*authority_name = *r.out.authority_name;
 	}
@@ -1995,7 +1999,7 @@ NTSTATUS rpccli_lsa_QueryInfoPolicy2(struct rpc_pipe_client *cli,
 				     TALLOC_CTX *mem_ctx,
 				     struct policy_handle *handle,
 				     enum lsa_PolicyInfo level,
-				     union lsa_PolicyInformation *info)
+				     union lsa_PolicyInformation **info)
 {
 	struct lsa_QueryInfoPolicy2 r;
 	NTSTATUS status;
@@ -2028,9 +2032,7 @@ NTSTATUS rpccli_lsa_QueryInfoPolicy2(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	if (info && r.out.info) {
-		*info = *r.out.info;
-	}
+	*info = *r.out.info;
 
 	/* Return result */
 	return r.out.result;
@@ -2082,7 +2084,7 @@ NTSTATUS rpccli_lsa_SetInfoPolicy2(struct rpc_pipe_client *cli,
 NTSTATUS rpccli_lsa_QueryTrustedDomainInfoByName(struct rpc_pipe_client *cli,
 						 TALLOC_CTX *mem_ctx,
 						 struct policy_handle *handle,
-						 struct lsa_String trusted_domain,
+						 struct lsa_String *trusted_domain,
 						 enum lsa_TrustDomInfoEnum level,
 						 union lsa_TrustedDomainInfo *info)
 {
@@ -2118,9 +2120,7 @@ NTSTATUS rpccli_lsa_QueryTrustedDomainInfoByName(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	if (info && r.out.info) {
-		*info = *r.out.info;
-	}
+	*info = *r.out.info;
 
 	/* Return result */
 	return r.out.result;
@@ -2468,7 +2468,7 @@ NTSTATUS rpccli_lsa_LookupSids2(struct rpc_pipe_client *cli,
 				TALLOC_CTX *mem_ctx,
 				struct policy_handle *handle,
 				struct lsa_SidArray *sids,
-				struct lsa_RefDomainList *domains,
+				struct lsa_RefDomainList **domains,
 				struct lsa_TransNameArray2 *names,
 				uint16_t level,
 				uint32_t *count,
@@ -2511,9 +2511,7 @@ NTSTATUS rpccli_lsa_LookupSids2(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	if (domains && r.out.domains) {
-		*domains = *r.out.domains;
-	}
+	*domains = *r.out.domains;
 	*names = *r.out.names;
 	*count = *r.out.count;
 
@@ -2526,9 +2524,9 @@ NTSTATUS rpccli_lsa_LookupNames2(struct rpc_pipe_client *cli,
 				 struct policy_handle *handle,
 				 uint32_t num_names,
 				 struct lsa_String *names,
-				 struct lsa_RefDomainList *domains,
+				 struct lsa_RefDomainList **domains,
 				 struct lsa_TransSidArray2 *sids,
-				 uint16_t level,
+				 enum lsa_LookupNamesLevel level,
 				 uint32_t *count,
 				 uint32_t unknown1,
 				 uint32_t unknown2)
@@ -2570,9 +2568,7 @@ NTSTATUS rpccli_lsa_LookupNames2(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	if (domains && r.out.domains) {
-		*domains = *r.out.domains;
-	}
+	*domains = *r.out.domains;
 	*sids = *r.out.sids;
 	*count = *r.out.count;
 
@@ -2918,9 +2914,9 @@ NTSTATUS rpccli_lsa_LookupNames3(struct rpc_pipe_client *cli,
 				 struct policy_handle *handle,
 				 uint32_t num_names,
 				 struct lsa_String *names,
-				 struct lsa_RefDomainList *domains,
+				 struct lsa_RefDomainList **domains,
 				 struct lsa_TransSidArray3 *sids,
-				 uint16_t level,
+				 enum lsa_LookupNamesLevel level,
 				 uint32_t *count,
 				 uint32_t unknown1,
 				 uint32_t unknown2)
@@ -2962,9 +2958,7 @@ NTSTATUS rpccli_lsa_LookupNames3(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	if (domains && r.out.domains) {
-		*domains = *r.out.domains;
-	}
+	*domains = *r.out.domains;
 	*sids = *r.out.sids;
 	*count = *r.out.count;
 
@@ -3120,16 +3114,23 @@ NTSTATUS rpccli_lsa_LSARUNREGISTERAUDITEVENT(struct rpc_pipe_client *cli,
 	return r.out.result;
 }
 
-NTSTATUS rpccli_lsa_LSARQUERYFORESTTRUSTINFORMATION(struct rpc_pipe_client *cli,
-						    TALLOC_CTX *mem_ctx)
+NTSTATUS rpccli_lsa_lsaRQueryForestTrustInformation(struct rpc_pipe_client *cli,
+						    TALLOC_CTX *mem_ctx,
+						    struct policy_handle *handle,
+						    struct lsa_String *trusted_domain_name,
+						    uint16_t unknown,
+						    struct lsa_ForestTrustInformation **forest_trust_info)
 {
-	struct lsa_LSARQUERYFORESTTRUSTINFORMATION r;
+	struct lsa_lsaRQueryForestTrustInformation r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.handle = handle;
+	r.in.trusted_domain_name = trusted_domain_name;
+	r.in.unknown = unknown;
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(lsa_LSARQUERYFORESTTRUSTINFORMATION, &r);
+		NDR_PRINT_IN_DEBUG(lsa_lsaRQueryForestTrustInformation, &r);
 	}
 
 	status = cli_do_rpc_ndr(cli,
@@ -3144,7 +3145,7 @@ NTSTATUS rpccli_lsa_LSARQUERYFORESTTRUSTINFORMATION(struct rpc_pipe_client *cli,
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(lsa_LSARQUERYFORESTTRUSTINFORMATION, &r);
+		NDR_PRINT_OUT_DEBUG(lsa_lsaRQueryForestTrustInformation, &r);
 	}
 
 	if (NT_STATUS_IS_ERR(status)) {
@@ -3152,6 +3153,7 @@ NTSTATUS rpccli_lsa_LSARQUERYFORESTTRUSTINFORMATION(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
+	*forest_trust_info = *r.out.forest_trust_info;
 
 	/* Return result */
 	return r.out.result;
@@ -3234,7 +3236,7 @@ NTSTATUS rpccli_lsa_CREDRRENAME(struct rpc_pipe_client *cli,
 NTSTATUS rpccli_lsa_LookupSids3(struct rpc_pipe_client *cli,
 				TALLOC_CTX *mem_ctx,
 				struct lsa_SidArray *sids,
-				struct lsa_RefDomainList *domains,
+				struct lsa_RefDomainList **domains,
 				struct lsa_TransNameArray2 *names,
 				uint16_t level,
 				uint32_t *count,
@@ -3276,9 +3278,7 @@ NTSTATUS rpccli_lsa_LookupSids3(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	if (domains && r.out.domains) {
-		*domains = *r.out.domains;
-	}
+	*domains = *r.out.domains;
 	*names = *r.out.names;
 	*count = *r.out.count;
 
@@ -3290,9 +3290,9 @@ NTSTATUS rpccli_lsa_LookupNames4(struct rpc_pipe_client *cli,
 				 TALLOC_CTX *mem_ctx,
 				 uint32_t num_names,
 				 struct lsa_String *names,
-				 struct lsa_RefDomainList *domains,
+				 struct lsa_RefDomainList **domains,
 				 struct lsa_TransSidArray3 *sids,
-				 uint16_t level,
+				 enum lsa_LookupNamesLevel level,
 				 uint32_t *count,
 				 uint32_t unknown1,
 				 uint32_t unknown2)
@@ -3333,9 +3333,7 @@ NTSTATUS rpccli_lsa_LookupNames4(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	if (domains && r.out.domains) {
-		*domains = *r.out.domains;
-	}
+	*domains = *r.out.domains;
 	*sids = *r.out.sids;
 	*count = *r.out.count;
 
diff --git a/source3/librpc/gen_ndr/cli_lsa.h b/source3/librpc/gen_ndr/cli_lsa.h
index 4ab8be9939..7d69926484 100644
--- a/source3/librpc/gen_ndr/cli_lsa.h
+++ b/source3/librpc/gen_ndr/cli_lsa.h
@@ -11,15 +11,18 @@ NTSTATUS rpccli_lsa_EnumPrivs(struct rpc_pipe_client *cli,
 			      TALLOC_CTX *mem_ctx,
 			      struct policy_handle *handle,
 			      uint32_t *resume_handle,
-			      uint32_t max_count,
-			      struct lsa_PrivArray *privs);
+			      struct lsa_PrivArray *privs,
+			      uint32_t max_count);
 NTSTATUS rpccli_lsa_QuerySecurity(struct rpc_pipe_client *cli,
 				  TALLOC_CTX *mem_ctx,
 				  struct policy_handle *handle,
 				  uint32_t sec_info,
-				  struct sec_desc_buf *sdbuf);
+				  struct sec_desc_buf **sdbuf);
 NTSTATUS rpccli_lsa_SetSecObj(struct rpc_pipe_client *cli,
-			      TALLOC_CTX *mem_ctx);
+			      TALLOC_CTX *mem_ctx,
+			      struct policy_handle *handle,
+			      uint32_t sec_info,
+			      struct sec_desc_buf *sdbuf);
 NTSTATUS rpccli_lsa_ChangePassword(struct rpc_pipe_client *cli,
 				   TALLOC_CTX *mem_ctx);
 NTSTATUS rpccli_lsa_OpenPolicy(struct rpc_pipe_client *cli,
@@ -32,7 +35,7 @@ NTSTATUS rpccli_lsa_QueryInfoPolicy(struct rpc_pipe_client *cli,
 				    TALLOC_CTX *mem_ctx,
 				    struct policy_handle *handle,
 				    enum lsa_PolicyInfo level,
-				    union lsa_PolicyInformation *info);
+				    union lsa_PolicyInformation **info);
 NTSTATUS rpccli_lsa_SetInfoPolicy(struct rpc_pipe_client *cli,
 				  TALLOC_CTX *mem_ctx,
 				  struct policy_handle *handle,
@@ -50,8 +53,8 @@ NTSTATUS rpccli_lsa_EnumAccounts(struct rpc_pipe_client *cli,
 				 TALLOC_CTX *mem_ctx,
 				 struct policy_handle *handle,
 				 uint32_t *resume_handle,
-				 uint32_t num_entries,
-				 struct lsa_SidArray *sids);
+				 struct lsa_SidArray *sids,
+				 uint32_t num_entries);
 NTSTATUS rpccli_lsa_CreateTrustedDomain(struct rpc_pipe_client *cli,
 					TALLOC_CTX *mem_ctx,
 					struct policy_handle *handle,
@@ -62,22 +65,22 @@ NTSTATUS rpccli_lsa_EnumTrustDom(struct rpc_pipe_client *cli,
 				 TALLOC_CTX *mem_ctx,
 				 struct policy_handle *handle,
 				 uint32_t *resume_handle,
-				 uint32_t max_size,
-				 struct lsa_DomainList *domains);
+				 struct lsa_DomainList *domains,
+				 uint32_t max_size);
 NTSTATUS rpccli_lsa_LookupNames(struct rpc_pipe_client *cli,
 				TALLOC_CTX *mem_ctx,
 				struct policy_handle *handle,
 				uint32_t num_names,
 				struct lsa_String *names,
-				struct lsa_RefDomainList *domains,
+				struct lsa_RefDomainList **domains,
 				struct lsa_TransSidArray *sids,
-				uint16_t level,
+				enum lsa_LookupNamesLevel level,
 				uint32_t *count);
 NTSTATUS rpccli_lsa_LookupSids(struct rpc_pipe_client *cli,
 			       TALLOC_CTX *mem_ctx,
 			       struct policy_handle *handle,
 			       struct lsa_SidArray *sids,
-			       struct lsa_RefDomainList *domains,
+			       struct lsa_RefDomainList **domains,
 			       struct lsa_TransNameArray *names,
 			       uint16_t level,
 			       uint32_t *count);
@@ -96,7 +99,7 @@ NTSTATUS rpccli_lsa_OpenAccount(struct rpc_pipe_client *cli,
 NTSTATUS rpccli_lsa_EnumPrivsAccount(struct rpc_pipe_client *cli,
 				     TALLOC_CTX *mem_ctx,
 				     struct policy_handle *handle,
-				     struct lsa_PrivilegeSet *privs);
+				     struct lsa_PrivilegeSet **privs);
 NTSTATUS rpccli_lsa_AddPrivilegesToAccount(struct rpc_pipe_client *cli,
 					   TALLOC_CTX *mem_ctx,
 					   struct policy_handle *handle,
@@ -111,9 +114,13 @@ NTSTATUS rpccli_lsa_GetQuotasForAccount(struct rpc_pipe_client *cli,
 NTSTATUS rpccli_lsa_SetQuotasForAccount(struct rpc_pipe_client *cli,
 					TALLOC_CTX *mem_ctx);
 NTSTATUS rpccli_lsa_GetSystemAccessAccount(struct rpc_pipe_client *cli,
-					   TALLOC_CTX *mem_ctx);
+					   TALLOC_CTX *mem_ctx,
+					   struct policy_handle *handle,
+					   uint32_t *access_mask);
 NTSTATUS rpccli_lsa_SetSystemAccessAccount(struct rpc_pipe_client *cli,
-					   TALLOC_CTX *mem_ctx);
+					   TALLOC_CTX *mem_ctx,
+					   struct policy_handle *handle,
+					   uint32_t access_mask);
 NTSTATUS rpccli_lsa_OpenTrustedDomain(struct rpc_pipe_client *cli,
 				      TALLOC_CTX *mem_ctx,
 				      struct policy_handle *handle,
@@ -159,11 +166,13 @@ NTSTATUS rpccli_lsa_LookupPrivDisplayName(struct rpc_pipe_client *cli,
 					  TALLOC_CTX *mem_ctx,
 					  struct policy_handle *handle,
 					  struct lsa_String *name,
-					  struct lsa_StringLarge *disp_name,
-					  uint16_t *language_id,
-					  uint16_t unknown);
+					  uint16_t language_id,
+					  uint16_t language_id_sys,
+					  struct lsa_StringLarge **disp_name,
+					  uint16_t *returned_language_id);
 NTSTATUS rpccli_lsa_DeleteObject(struct rpc_pipe_client *cli,
-				 TALLOC_CTX *mem_ctx);
+				 TALLOC_CTX *mem_ctx,
+				 struct policy_handle *handle);
 NTSTATUS rpccli_lsa_EnumAccountsWithUserRight(struct rpc_pipe_client *cli,
 					      TALLOC_CTX *mem_ctx,
 					      struct policy_handle *handle,
@@ -183,7 +192,7 @@ NTSTATUS rpccli_lsa_RemoveAccountRights(struct rpc_pipe_client *cli,
 					TALLOC_CTX *mem_ctx,
 					struct policy_handle *handle,
 					struct dom_sid2 *sid,
-					uint32_t unknown,
+					uint8_t remove_all,
 					struct lsa_RightSet *rights);
 NTSTATUS rpccli_lsa_QueryTrustedDomainInfoBySid(struct rpc_pipe_client *cli,
 						TALLOC_CTX *mem_ctx,
@@ -210,13 +219,13 @@ NTSTATUS rpccli_lsa_OpenPolicy2(struct rpc_pipe_client *cli,
 NTSTATUS rpccli_lsa_GetUserName(struct rpc_pipe_client *cli,
 				TALLOC_CTX *mem_ctx,
 				const char *system_name,
-				struct lsa_String *account_name,
-				struct lsa_StringPointer *authority_name);
+				struct lsa_String **account_name,
+				struct lsa_String **authority_name);
 NTSTATUS rpccli_lsa_QueryInfoPolicy2(struct rpc_pipe_client *cli,
 				     TALLOC_CTX *mem_ctx,
 				     struct policy_handle *handle,
 				     enum lsa_PolicyInfo level,
-				     union lsa_PolicyInformation *info);
+				     union lsa_PolicyInformation **info);
 NTSTATUS rpccli_lsa_SetInfoPolicy2(struct rpc_pipe_client *cli,
 				   TALLOC_CTX *mem_ctx,
 				   struct policy_handle *handle,
@@ -225,7 +234,7 @@ NTSTATUS rpccli_lsa_SetInfoPolicy2(struct rpc_pipe_client *cli,
 NTSTATUS rpccli_lsa_QueryTrustedDomainInfoByName(struct rpc_pipe_client *cli,
 						 TALLOC_CTX *mem_ctx,
 						 struct policy_handle *handle,
-						 struct lsa_String trusted_domain,
+						 struct lsa_String *trusted_domain,
 						 enum lsa_TrustDomInfoEnum level,
 						 union lsa_TrustedDomainInfo *info);
 NTSTATUS rpccli_lsa_SetTrustedDomainInfoByName(struct rpc_pipe_client *cli,
@@ -267,7 +276,7 @@ NTSTATUS rpccli_lsa_LookupSids2(struct rpc_pipe_client *cli,
 				TALLOC_CTX *mem_ctx,
 				struct policy_handle *handle,
 				struct lsa_SidArray *sids,
-				struct lsa_RefDomainList *domains,
+				struct lsa_RefDomainList **domains,
 				struct lsa_TransNameArray2 *names,
 				uint16_t level,
 				uint32_t *count,
@@ -278,9 +287,9 @@ NTSTATUS rpccli_lsa_LookupNames2(struct rpc_pipe_client *cli,
 				 struct policy_handle *handle,
 				 uint32_t num_names,
 				 struct lsa_String *names,
-				 struct lsa_RefDomainList *domains,
+				 struct lsa_RefDomainList **domains,
 				 struct lsa_TransSidArray2 *sids,
-				 uint16_t level,
+				 enum lsa_LookupNamesLevel level,
 				 uint32_t *count,
 				 uint32_t unknown1,
 				 uint32_t unknown2);
@@ -307,9 +316,9 @@ NTSTATUS rpccli_lsa_LookupNames3(struct rpc_pipe_client *cli,
 				 struct policy_handle *handle,
 				 uint32_t num_names,
 				 struct lsa_String *names,
-				 struct lsa_RefDomainList *domains,
+				 struct lsa_RefDomainList **domains,
 				 struct lsa_TransSidArray3 *sids,
-				 uint16_t level,
+				 enum lsa_LookupNamesLevel level,
 				 uint32_t *count,
 				 uint32_t unknown1,
 				 uint32_t unknown2);
@@ -321,8 +330,12 @@ NTSTATUS rpccli_lsa_LSARGENAUDITEVENT(struct rpc_pipe_client *cli,
 				      TALLOC_CTX *mem_ctx);
 NTSTATUS rpccli_lsa_LSARUNREGISTERAUDITEVENT(struct rpc_pipe_client *cli,
 					     TALLOC_CTX *mem_ctx);
-NTSTATUS rpccli_lsa_LSARQUERYFORESTTRUSTINFORMATION(struct rpc_pipe_client *cli,
-						    TALLOC_CTX *mem_ctx);
+NTSTATUS rpccli_lsa_lsaRQueryForestTrustInformation(struct rpc_pipe_client *cli,
+						    TALLOC_CTX *mem_ctx,
+						    struct policy_handle *handle,
+						    struct lsa_String *trusted_domain_name,
+						    uint16_t unknown,
+						    struct lsa_ForestTrustInformation **forest_trust_info);
 NTSTATUS rpccli_lsa_LSARSETFORESTTRUSTINFORMATION(struct rpc_pipe_client *cli,
 						  TALLOC_CTX *mem_ctx);
 NTSTATUS rpccli_lsa_CREDRRENAME(struct rpc_pipe_client *cli,
@@ -330,7 +343,7 @@ NTSTATUS rpccli_lsa_CREDRRENAME(struct rpc_pipe_client *cli,
 NTSTATUS rpccli_lsa_LookupSids3(struct rpc_pipe_client *cli,
 				TALLOC_CTX *mem_ctx,
 				struct lsa_SidArray *sids,
-				struct lsa_RefDomainList *domains,
+				struct lsa_RefDomainList **domains,
 				struct lsa_TransNameArray2 *names,
 				uint16_t level,
 				uint32_t *count,
@@ -340,9 +353,9 @@ NTSTATUS rpccli_lsa_LookupNames4(struct rpc_pipe_client *cli,
 				 TALLOC_CTX *mem_ctx,
 				 uint32_t num_names,
 				 struct lsa_String *names,
-				 struct lsa_RefDomainList *domains,
+				 struct lsa_RefDomainList **domains,
 				 struct lsa_TransSidArray3 *sids,
-				 uint16_t level,
+				 enum lsa_LookupNamesLevel level,
 				 uint32_t *count,
 				 uint32_t unknown1,
 				 uint32_t unknown2);
diff --git a/source3/librpc/gen_ndr/cli_netlogon.c b/source3/librpc/gen_ndr/cli_netlogon.c
index efabf2e08f..2937cc09b9 100644
--- a/source3/librpc/gen_ndr/cli_netlogon.c
+++ b/source3/librpc/gen_ndr/cli_netlogon.c
@@ -46,9 +46,7 @@ NTSTATUS rpccli_netr_LogonUasLogon(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	if (info && r.out.info) {
-		*info = *r.out.info;
-	}
+	*info = *r.out.info;
 
 	/* Return result */
 	if (werror) {
@@ -115,7 +113,7 @@ NTSTATUS rpccli_netr_LogonSamLogon(struct rpc_pipe_client *cli,
 				   struct netr_Authenticator *credential,
 				   struct netr_Authenticator *return_authenticator,
 				   uint16_t logon_level,
-				   union netr_LogonLevel logon,
+				   union netr_LogonLevel *logon,
 				   uint16_t validation_level,
 				   union netr_Validation *validation,
 				   uint8_t *authoritative)
@@ -222,7 +220,8 @@ NTSTATUS rpccli_netr_ServerReqChallenge(struct rpc_pipe_client *cli,
 					TALLOC_CTX *mem_ctx,
 					const char *server_name,
 					const char *computer_name,
-					struct netr_Credential *credentials)
+					struct netr_Credential *credentials,
+					struct netr_Credential *return_credentials)
 {
 	struct netr_ServerReqChallenge r;
 	NTSTATUS status;
@@ -256,7 +255,7 @@ NTSTATUS rpccli_netr_ServerReqChallenge(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	*credentials = *r.out.credentials;
+	*return_credentials = *r.out.return_credentials;
 
 	/* Return result */
 	return r.out.result;
@@ -268,7 +267,8 @@ NTSTATUS rpccli_netr_ServerAuthenticate(struct rpc_pipe_client *cli,
 					const char *account_name,
 					enum netr_SchannelType secure_channel_type,
 					const char *computer_name,
-					struct netr_Credential *credentials)
+					struct netr_Credential *credentials,
+					struct netr_Credential *return_credentials)
 {
 	struct netr_ServerAuthenticate r;
 	NTSTATUS status;
@@ -304,7 +304,7 @@ NTSTATUS rpccli_netr_ServerAuthenticate(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	*credentials = *r.out.credentials;
+	*return_credentials = *r.out.return_credentials;
 
 	/* Return result */
 	return r.out.result;
@@ -316,9 +316,9 @@ NTSTATUS rpccli_netr_ServerPasswordSet(struct rpc_pipe_client *cli,
 				       const char *account_name,
 				       enum netr_SchannelType secure_channel_type,
 				       const char *computer_name,
-				       struct netr_Authenticator credential,
-				       struct samr_Password new_password,
-				       struct netr_Authenticator *return_authenticator)
+				       struct netr_Authenticator *credential,
+				       struct netr_Authenticator *return_authenticator,
+				       struct samr_Password *new_password)
 {
 	struct netr_ServerPasswordSet r;
 	NTSTATUS status;
@@ -365,12 +365,12 @@ NTSTATUS rpccli_netr_DatabaseDeltas(struct rpc_pipe_client *cli,
 				    TALLOC_CTX *mem_ctx,
 				    const char *logon_server,
 				    const char *computername,
-				    struct netr_Authenticator credential,
+				    struct netr_Authenticator *credential,
 				    struct netr_Authenticator *return_authenticator,
 				    enum netr_SamDatabaseID database_id,
 				    uint64_t *sequence_num,
-				    uint32_t preferredmaximumlength,
-				    struct netr_DELTA_ENUM_ARRAY *delta_enum_array)
+				    struct netr_DELTA_ENUM_ARRAY **delta_enum_array,
+				    uint32_t preferredmaximumlength)
 {
 	struct netr_DatabaseDeltas r;
 	NTSTATUS status;
@@ -410,9 +410,7 @@ NTSTATUS rpccli_netr_DatabaseDeltas(struct rpc_pipe_client *cli,
 	/* Return variables */
 	*return_authenticator = *r.out.return_authenticator;
 	*sequence_num = *r.out.sequence_num;
-	if (delta_enum_array && r.out.delta_enum_array) {
-		*delta_enum_array = *r.out.delta_enum_array;
-	}
+	*delta_enum_array = *r.out.delta_enum_array;
 
 	/* Return result */
 	return r.out.result;
@@ -467,9 +465,7 @@ NTSTATUS rpccli_netr_DatabaseSync(struct rpc_pipe_client *cli,
 	/* Return variables */
 	*return_authenticator = *r.out.return_authenticator;
 	*sync_context = *r.out.sync_context;
-	if (delta_enum_array && r.out.delta_enum_array) {
-		*delta_enum_array = *r.out.delta_enum_array;
-	}
+	*delta_enum_array = *r.out.delta_enum_array;
 
 	/* Return result */
 	return r.out.result;
@@ -604,7 +600,8 @@ NTSTATUS rpccli_netr_GetDcName(struct rpc_pipe_client *cli,
 			       TALLOC_CTX *mem_ctx,
 			       const char *logon_server,
 			       const char *domainname,
-			       const char **dcname)
+			       const char **dcname,
+			       WERROR *werror)
 {
 	struct netr_GetDcName r;
 	NTSTATUS status;
@@ -640,7 +637,11 @@ NTSTATUS rpccli_netr_GetDcName(struct rpc_pipe_client *cli,
 	*dcname = *r.out.dcname;
 
 	/* Return result */
-	return r.out.result;
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
 }
 
 NTSTATUS rpccli_netr_LogonControl(struct rpc_pipe_client *cli,
@@ -746,7 +747,7 @@ NTSTATUS rpccli_netr_LogonControl2(struct rpc_pipe_client *cli,
 				   const char *logon_server,
 				   uint32_t function_code,
 				   uint32_t level,
-				   union netr_CONTROL_DATA_INFORMATION data,
+				   union netr_CONTROL_DATA_INFORMATION *data,
 				   union netr_CONTROL_QUERY_INFORMATION *query,
 				   WERROR *werror)
 {
@@ -800,6 +801,7 @@ NTSTATUS rpccli_netr_ServerAuthenticate2(struct rpc_pipe_client *cli,
 					 enum netr_SchannelType secure_channel_type,
 					 const char *computer_name,
 					 struct netr_Credential *credentials,
+					 struct netr_Credential *return_credentials,
 					 uint32_t *negotiate_flags)
 {
 	struct netr_ServerAuthenticate2 r;
@@ -837,7 +839,7 @@ NTSTATUS rpccli_netr_ServerAuthenticate2(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	*credentials = *r.out.credentials;
+	*return_credentials = *r.out.return_credentials;
 	*negotiate_flags = *r.out.negotiate_flags;
 
 	/* Return result */
@@ -848,13 +850,13 @@ NTSTATUS rpccli_netr_DatabaseSync2(struct rpc_pipe_client *cli,
 				   TALLOC_CTX *mem_ctx,
 				   const char *logon_server,
 				   const char *computername,
-				   struct netr_Authenticator credential,
+				   struct netr_Authenticator *credential,
 				   struct netr_Authenticator *return_authenticator,
 				   enum netr_SamDatabaseID database_id,
 				   uint16_t restart_state,
 				   uint32_t *sync_context,
-				   uint32_t preferredmaximumlength,
-				   struct netr_DELTA_ENUM_ARRAY *delta_enum_array)
+				   struct netr_DELTA_ENUM_ARRAY **delta_enum_array,
+				   uint32_t preferredmaximumlength)
 {
 	struct netr_DatabaseSync2 r;
 	NTSTATUS status;
@@ -895,9 +897,7 @@ NTSTATUS rpccli_netr_DatabaseSync2(struct rpc_pipe_client *cli,
 	/* Return variables */
 	*return_authenticator = *r.out.return_authenticator;
 	*sync_context = *r.out.sync_context;
-	if (delta_enum_array && r.out.delta_enum_array) {
-		*delta_enum_array = *r.out.delta_enum_array;
-	}
+	*delta_enum_array = *r.out.delta_enum_array;
 
 	/* Return result */
 	return r.out.result;
@@ -949,9 +949,7 @@ NTSTATUS rpccli_netr_DatabaseRedo(struct rpc_pipe_client *cli,
 
 	/* Return variables */
 	*return_authenticator = *r.out.return_authenticator;
-	if (delta_enum_array && r.out.delta_enum_array) {
-		*delta_enum_array = *r.out.delta_enum_array;
-	}
+	*delta_enum_array = *r.out.delta_enum_array;
 
 	/* Return result */
 	return r.out.result;
@@ -1009,17 +1007,20 @@ NTSTATUS rpccli_netr_LogonControl2Ex(struct rpc_pipe_client *cli,
 	return werror_to_ntstatus(r.out.result);
 }
 
-NTSTATUS rpccli_netr_NETRENUMERATETRUSTEDDOMAINS(struct rpc_pipe_client *cli,
+NTSTATUS rpccli_netr_NetrEnumerateTrustedDomains(struct rpc_pipe_client *cli,
 						 TALLOC_CTX *mem_ctx,
+						 const char *server_name,
+						 struct netr_Blob *trusted_domains_blob,
 						 WERROR *werror)
 {
-	struct netr_NETRENUMERATETRUSTEDDOMAINS r;
+	struct netr_NetrEnumerateTrustedDomains r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.server_name = server_name;
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_NETRENUMERATETRUSTEDDOMAINS, &r);
+		NDR_PRINT_IN_DEBUG(netr_NetrEnumerateTrustedDomains, &r);
 	}
 
 	status = cli_do_rpc_ndr(cli,
@@ -1034,7 +1035,7 @@ NTSTATUS rpccli_netr_NETRENUMERATETRUSTEDDOMAINS(struct rpc_pipe_client *cli,
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_NETRENUMERATETRUSTEDDOMAINS, &r);
+		NDR_PRINT_OUT_DEBUG(netr_NetrEnumerateTrustedDomains, &r);
 	}
 
 	if (NT_STATUS_IS_ERR(status)) {
@@ -1042,6 +1043,7 @@ NTSTATUS rpccli_netr_NETRENUMERATETRUSTEDDOMAINS(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
+	*trusted_domains_blob = *r.out.trusted_domains_blob;
 
 	/* Return result */
 	if (werror) {
@@ -1058,7 +1060,7 @@ NTSTATUS rpccli_netr_DsRGetDCName(struct rpc_pipe_client *cli,
 				  struct GUID *domain_guid,
 				  struct GUID *site_guid,
 				  uint32_t flags,
-				  struct netr_DsRGetDCNameInfo *info,
+				  struct netr_DsRGetDCNameInfo **info,
 				  WERROR *werror)
 {
 	struct netr_DsRGetDCName r;
@@ -1095,9 +1097,7 @@ NTSTATUS rpccli_netr_DsRGetDCName(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	if (info && r.out.info) {
-		*info = *r.out.info;
-	}
+	*info = *r.out.info;
 
 	/* Return result */
 	if (werror) {
@@ -1191,24 +1191,29 @@ NTSTATUS rpccli_netr_NETRLOGONSETSERVICEBITS(struct rpc_pipe_client *cli,
 	return werror_to_ntstatus(r.out.result);
 }
 
-NTSTATUS rpccli_netr_NETRLOGONGETTRUSTRID(struct rpc_pipe_client *cli,
-					  TALLOC_CTX *mem_ctx,
-					  WERROR *werror)
+NTSTATUS rpccli_netr_LogonGetTrustRid(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      const char *server_name,
+				      const char *domain_name,
+				      uint32_t *rid,
+				      WERROR *werror)
 {
-	struct netr_NETRLOGONGETTRUSTRID r;
+	struct netr_LogonGetTrustRid r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.server_name = server_name;
+	r.in.domain_name = domain_name;
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_NETRLOGONGETTRUSTRID, &r);
+		NDR_PRINT_IN_DEBUG(netr_LogonGetTrustRid, &r);
 	}
 
 	status = cli_do_rpc_ndr(cli,
 				mem_ctx,
 				PI_NETLOGON,
 				&ndr_table_netlogon,
-				NDR_NETR_NETRLOGONGETTRUSTRID,
+				NDR_NETR_LOGONGETTRUSTRID,
 				&r);
 
 	if (!NT_STATUS_IS_OK(status)) {
@@ -1216,7 +1221,7 @@ NTSTATUS rpccli_netr_NETRLOGONGETTRUSTRID(struct rpc_pipe_client *cli,
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_NETRLOGONGETTRUSTRID, &r);
+		NDR_PRINT_OUT_DEBUG(netr_LogonGetTrustRid, &r);
 	}
 
 	if (NT_STATUS_IS_ERR(status)) {
@@ -1224,6 +1229,7 @@ NTSTATUS rpccli_netr_NETRLOGONGETTRUSTRID(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
+	*rid = *r.out.rid;
 
 	/* Return result */
 	if (werror) {
@@ -1377,7 +1383,7 @@ NTSTATUS rpccli_netr_DsRGetDCNameEx(struct rpc_pipe_client *cli,
 				    struct GUID *domain_guid,
 				    const char *site_name,
 				    uint32_t flags,
-				    struct netr_DsRGetDCNameInfo *info,
+				    struct netr_DsRGetDCNameInfo **info,
 				    WERROR *werror)
 {
 	struct netr_DsRGetDCNameEx r;
@@ -1414,9 +1420,7 @@ NTSTATUS rpccli_netr_DsRGetDCNameEx(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	if (info && r.out.info) {
-		*info = *r.out.info;
-	}
+	*info = *r.out.info;
 
 	/* Return result */
 	if (werror) {
@@ -1575,24 +1579,36 @@ NTSTATUS rpccli_netr_ServerPasswordSet2(struct rpc_pipe_client *cli,
 	return r.out.result;
 }
 
-NTSTATUS rpccli_netr_NETRSERVERPASSWORDGET(struct rpc_pipe_client *cli,
-					   TALLOC_CTX *mem_ctx,
-					   WERROR *werror)
+NTSTATUS rpccli_netr_ServerPasswordGet(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       const char *server_name,
+				       const char *account_name,
+				       enum netr_SchannelType secure_channel_type,
+				       const char *computer_name,
+				       struct netr_Authenticator *credential,
+				       struct netr_Authenticator *return_authenticator,
+				       struct samr_Password *password,
+				       WERROR *werror)
 {
-	struct netr_NETRSERVERPASSWORDGET r;
+	struct netr_ServerPasswordGet r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.server_name = server_name;
+	r.in.account_name = account_name;
+	r.in.secure_channel_type = secure_channel_type;
+	r.in.computer_name = computer_name;
+	r.in.credential = credential;
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_NETRSERVERPASSWORDGET, &r);
+		NDR_PRINT_IN_DEBUG(netr_ServerPasswordGet, &r);
 	}
 
 	status = cli_do_rpc_ndr(cli,
 				mem_ctx,
 				PI_NETLOGON,
 				&ndr_table_netlogon,
-				NDR_NETR_NETRSERVERPASSWORDGET,
+				NDR_NETR_SERVERPASSWORDGET,
 				&r);
 
 	if (!NT_STATUS_IS_OK(status)) {
@@ -1600,7 +1616,7 @@ NTSTATUS rpccli_netr_NETRSERVERPASSWORDGET(struct rpc_pipe_client *cli,
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_NETRSERVERPASSWORDGET, &r);
+		NDR_PRINT_OUT_DEBUG(netr_ServerPasswordGet, &r);
 	}
 
 	if (NT_STATUS_IS_ERR(status)) {
@@ -1608,6 +1624,8 @@ NTSTATUS rpccli_netr_NETRSERVERPASSWORDGET(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
+	*return_authenticator = *r.out.return_authenticator;
+	*password = *r.out.password;
 
 	/* Return result */
 	if (werror) {
@@ -1659,17 +1677,24 @@ NTSTATUS rpccli_netr_NETRLOGONSENDTOSAM(struct rpc_pipe_client *cli,
 	return werror_to_ntstatus(r.out.result);
 }
 
-NTSTATUS rpccli_netr_DSRADDRESSTOSITENAMESW(struct rpc_pipe_client *cli,
+NTSTATUS rpccli_netr_DsRAddressToSitenamesW(struct rpc_pipe_client *cli,
 					    TALLOC_CTX *mem_ctx,
+					    const char *server_name,
+					    uint32_t count,
+					    struct netr_DsRAddress *addresses,
+					    struct netr_DsRAddressToSitenamesWCtr **ctr,
 					    WERROR *werror)
 {
-	struct netr_DSRADDRESSTOSITENAMESW r;
+	struct netr_DsRAddressToSitenamesW r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.server_name = server_name;
+	r.in.count = count;
+	r.in.addresses = addresses;
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_DSRADDRESSTOSITENAMESW, &r);
+		NDR_PRINT_IN_DEBUG(netr_DsRAddressToSitenamesW, &r);
 	}
 
 	status = cli_do_rpc_ndr(cli,
@@ -1684,7 +1709,7 @@ NTSTATUS rpccli_netr_DSRADDRESSTOSITENAMESW(struct rpc_pipe_client *cli,
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_DSRADDRESSTOSITENAMESW, &r);
+		NDR_PRINT_OUT_DEBUG(netr_DsRAddressToSitenamesW, &r);
 	}
 
 	if (NT_STATUS_IS_ERR(status)) {
@@ -1692,6 +1717,7 @@ NTSTATUS rpccli_netr_DSRADDRESSTOSITENAMESW(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
+	*ctr = *r.out.ctr;
 
 	/* Return result */
 	if (werror) {
@@ -1710,7 +1736,7 @@ NTSTATUS rpccli_netr_DsRGetDCNameEx2(struct rpc_pipe_client *cli,
 				     struct GUID *domain_guid,
 				     const char *site_name,
 				     uint32_t flags,
-				     struct netr_DsRGetDCNameInfo *info,
+				     struct netr_DsRGetDCNameInfo **info,
 				     WERROR *werror)
 {
 	struct netr_DsRGetDCNameEx2 r;
@@ -1749,9 +1775,7 @@ NTSTATUS rpccli_netr_DsRGetDCNameEx2(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	if (info && r.out.info) {
-		*info = *r.out.info;
-	}
+	*info = *r.out.info;
 
 	/* Return result */
 	if (werror) {
@@ -1803,17 +1827,20 @@ NTSTATUS rpccli_netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct rpc_pipe_client
 	return werror_to_ntstatus(r.out.result);
 }
 
-NTSTATUS rpccli_netr_NETRENUMERATETRUSTEDDOMAINSEX(struct rpc_pipe_client *cli,
+NTSTATUS rpccli_netr_NetrEnumerateTrustedDomainsEx(struct rpc_pipe_client *cli,
 						   TALLOC_CTX *mem_ctx,
+						   const char *server_name,
+						   struct netr_DomainTrustList *dom_trust_list,
 						   WERROR *werror)
 {
-	struct netr_NETRENUMERATETRUSTEDDOMAINSEX r;
+	struct netr_NetrEnumerateTrustedDomainsEx r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.server_name = server_name;
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_NETRENUMERATETRUSTEDDOMAINSEX, &r);
+		NDR_PRINT_IN_DEBUG(netr_NetrEnumerateTrustedDomainsEx, &r);
 	}
 
 	status = cli_do_rpc_ndr(cli,
@@ -1828,7 +1855,7 @@ NTSTATUS rpccli_netr_NETRENUMERATETRUSTEDDOMAINSEX(struct rpc_pipe_client *cli,
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_NETRENUMERATETRUSTEDDOMAINSEX, &r);
+		NDR_PRINT_OUT_DEBUG(netr_NetrEnumerateTrustedDomainsEx, &r);
 	}
 
 	if (NT_STATUS_IS_ERR(status)) {
@@ -1836,6 +1863,7 @@ NTSTATUS rpccli_netr_NETRENUMERATETRUSTEDDOMAINSEX(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
+	*dom_trust_list = *r.out.dom_trust_list;
 
 	/* Return result */
 	if (werror) {
@@ -1845,17 +1873,24 @@ NTSTATUS rpccli_netr_NETRENUMERATETRUSTEDDOMAINSEX(struct rpc_pipe_client *cli,
 	return werror_to_ntstatus(r.out.result);
 }
 
-NTSTATUS rpccli_netr_DSRADDRESSTOSITENAMESEXW(struct rpc_pipe_client *cli,
+NTSTATUS rpccli_netr_DsRAddressToSitenamesExW(struct rpc_pipe_client *cli,
 					      TALLOC_CTX *mem_ctx,
+					      const char *server_name,
+					      uint32_t count,
+					      struct netr_DsRAddress *addresses,
+					      struct netr_DsRAddressToSitenamesExWCtr **ctr,
 					      WERROR *werror)
 {
-	struct netr_DSRADDRESSTOSITENAMESEXW r;
+	struct netr_DsRAddressToSitenamesExW r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.server_name = server_name;
+	r.in.count = count;
+	r.in.addresses = addresses;
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_DSRADDRESSTOSITENAMESEXW, &r);
+		NDR_PRINT_IN_DEBUG(netr_DsRAddressToSitenamesExW, &r);
 	}
 
 	status = cli_do_rpc_ndr(cli,
@@ -1870,7 +1905,7 @@ NTSTATUS rpccli_netr_DSRADDRESSTOSITENAMESEXW(struct rpc_pipe_client *cli,
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_DSRADDRESSTOSITENAMESEXW, &r);
+		NDR_PRINT_OUT_DEBUG(netr_DsRAddressToSitenamesExW, &r);
 	}
 
 	if (NT_STATUS_IS_ERR(status)) {
@@ -1878,6 +1913,7 @@ NTSTATUS rpccli_netr_DSRADDRESSTOSITENAMESEXW(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
+	*ctr = *r.out.ctr;
 
 	/* Return result */
 	if (werror) {
@@ -1887,17 +1923,20 @@ NTSTATUS rpccli_netr_DSRADDRESSTOSITENAMESEXW(struct rpc_pipe_client *cli,
 	return werror_to_ntstatus(r.out.result);
 }
 
-NTSTATUS rpccli_netr_DSRGETDCSITECOVERAGEW(struct rpc_pipe_client *cli,
+NTSTATUS rpccli_netr_DsrGetDcSiteCoverageW(struct rpc_pipe_client *cli,
 					   TALLOC_CTX *mem_ctx,
+					   const char *server_name,
+					   struct DcSitesCtr *ctr,
 					   WERROR *werror)
 {
-	struct netr_DSRGETDCSITECOVERAGEW r;
+	struct netr_DsrGetDcSiteCoverageW r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.server_name = server_name;
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_DSRGETDCSITECOVERAGEW, &r);
+		NDR_PRINT_IN_DEBUG(netr_DsrGetDcSiteCoverageW, &r);
 	}
 
 	status = cli_do_rpc_ndr(cli,
@@ -1912,7 +1951,7 @@ NTSTATUS rpccli_netr_DSRGETDCSITECOVERAGEW(struct rpc_pipe_client *cli,
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_DSRGETDCSITECOVERAGEW, &r);
+		NDR_PRINT_OUT_DEBUG(netr_DsrGetDcSiteCoverageW, &r);
 	}
 
 	if (NT_STATUS_IS_ERR(status)) {
@@ -1920,6 +1959,7 @@ NTSTATUS rpccli_netr_DSRGETDCSITECOVERAGEW(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
+	*ctr = *r.out.ctr;
 
 	/* Return result */
 	if (werror) {
@@ -1934,7 +1974,7 @@ NTSTATUS rpccli_netr_LogonSamLogonEx(struct rpc_pipe_client *cli,
 				     const char *server_name,
 				     const char *computer_name,
 				     uint16_t logon_level,
-				     union netr_LogonLevel logon,
+				     union netr_LogonLevel *logon,
 				     uint16_t validation_level,
 				     union netr_Validation *validation,
 				     uint8_t *authoritative,
@@ -1987,8 +2027,7 @@ NTSTATUS rpccli_netr_DsrEnumerateDomainTrusts(struct rpc_pipe_client *cli,
 					      TALLOC_CTX *mem_ctx,
 					      const char *server_name,
 					      uint32_t trust_flags,
-					      uint32_t *count,
-					      struct netr_DomainTrust **trusts,
+					      struct netr_DomainTrustList *trusts,
 					      WERROR *werror)
 {
 	struct netr_DsrEnumerateDomainTrusts r;
@@ -2022,8 +2061,7 @@ NTSTATUS rpccli_netr_DsrEnumerateDomainTrusts(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
-	*count = *r.out.count;
-	memcpy(trusts, r.out.trusts, count);
+	*trusts = *r.out.trusts;
 
 	/* Return result */
 	if (werror) {
@@ -2033,17 +2071,27 @@ NTSTATUS rpccli_netr_DsrEnumerateDomainTrusts(struct rpc_pipe_client *cli,
 	return werror_to_ntstatus(r.out.result);
 }
 
-NTSTATUS rpccli_netr_DSRDEREGISTERDNSHOSTRECORDS(struct rpc_pipe_client *cli,
+NTSTATUS rpccli_netr_DsrDeregisterDNSHostRecords(struct rpc_pipe_client *cli,
 						 TALLOC_CTX *mem_ctx,
+						 const char *server_name,
+						 const char *domain,
+						 struct GUID *domain_guid,
+						 struct GUID *dsa_guid,
+						 const char *dns_host,
 						 WERROR *werror)
 {
-	struct netr_DSRDEREGISTERDNSHOSTRECORDS r;
+	struct netr_DsrDeregisterDNSHostRecords r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.server_name = server_name;
+	r.in.domain = domain;
+	r.in.domain_guid = domain_guid;
+	r.in.dsa_guid = dsa_guid;
+	r.in.dns_host = dns_host;
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_DSRDEREGISTERDNSHOSTRECORDS, &r);
+		NDR_PRINT_IN_DEBUG(netr_DsrDeregisterDNSHostRecords, &r);
 	}
 
 	status = cli_do_rpc_ndr(cli,
@@ -2058,7 +2106,7 @@ NTSTATUS rpccli_netr_DSRDEREGISTERDNSHOSTRECORDS(struct rpc_pipe_client *cli,
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_DSRDEREGISTERDNSHOSTRECORDS, &r);
+		NDR_PRINT_OUT_DEBUG(netr_DsrDeregisterDNSHostRecords, &r);
 	}
 
 	if (NT_STATUS_IS_ERR(status)) {
@@ -2075,24 +2123,36 @@ NTSTATUS rpccli_netr_DSRDEREGISTERDNSHOSTRECORDS(struct rpc_pipe_client *cli,
 	return werror_to_ntstatus(r.out.result);
 }
 
-NTSTATUS rpccli_netr_NETRSERVERTRUSTPASSWORDSGET(struct rpc_pipe_client *cli,
-						 TALLOC_CTX *mem_ctx,
-						 WERROR *werror)
+NTSTATUS rpccli_netr_ServerTrustPasswordsGet(struct rpc_pipe_client *cli,
+					     TALLOC_CTX *mem_ctx,
+					     const char *server_name,
+					     const char *account_name,
+					     enum netr_SchannelType secure_channel_type,
+					     const char *computer_name,
+					     struct netr_Authenticator *credential,
+					     struct netr_Authenticator *return_authenticator,
+					     struct samr_Password *password,
+					     struct samr_Password *password2)
 {
-	struct netr_NETRSERVERTRUSTPASSWORDSGET r;
+	struct netr_ServerTrustPasswordsGet r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.server_name = server_name;
+	r.in.account_name = account_name;
+	r.in.secure_channel_type = secure_channel_type;
+	r.in.computer_name = computer_name;
+	r.in.credential = credential;
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_NETRSERVERTRUSTPASSWORDSGET, &r);
+		NDR_PRINT_IN_DEBUG(netr_ServerTrustPasswordsGet, &r);
 	}
 
 	status = cli_do_rpc_ndr(cli,
 				mem_ctx,
 				PI_NETLOGON,
 				&ndr_table_netlogon,
-				NDR_NETR_NETRSERVERTRUSTPASSWORDSGET,
+				NDR_NETR_SERVERTRUSTPASSWORDSGET,
 				&r);
 
 	if (!NT_STATUS_IS_OK(status)) {
@@ -2100,7 +2160,7 @@ NTSTATUS rpccli_netr_NETRSERVERTRUSTPASSWORDSGET(struct rpc_pipe_client *cli,
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_NETRSERVERTRUSTPASSWORDSGET, &r);
+		NDR_PRINT_OUT_DEBUG(netr_ServerTrustPasswordsGet, &r);
 	}
 
 	if (NT_STATUS_IS_ERR(status)) {
@@ -2108,26 +2168,32 @@ NTSTATUS rpccli_netr_NETRSERVERTRUSTPASSWORDSGET(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
+	*return_authenticator = *r.out.return_authenticator;
+	*password = *r.out.password;
+	*password2 = *r.out.password2;
 
 	/* Return result */
-	if (werror) {
-		*werror = r.out.result;
-	}
-
-	return werror_to_ntstatus(r.out.result);
+	return r.out.result;
 }
 
-NTSTATUS rpccli_netr_DSRGETFORESTTRUSTINFORMATION(struct rpc_pipe_client *cli,
+NTSTATUS rpccli_netr_DsRGetForestTrustInformation(struct rpc_pipe_client *cli,
 						  TALLOC_CTX *mem_ctx,
+						  const char *server_name,
+						  const char *trusted_domain_name,
+						  uint32_t flags,
+						  struct lsa_ForestTrustInformation **forest_trust_info,
 						  WERROR *werror)
 {
-	struct netr_DSRGETFORESTTRUSTINFORMATION r;
+	struct netr_DsRGetForestTrustInformation r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.server_name = server_name;
+	r.in.trusted_domain_name = trusted_domain_name;
+	r.in.flags = flags;
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_DSRGETFORESTTRUSTINFORMATION, &r);
+		NDR_PRINT_IN_DEBUG(netr_DsRGetForestTrustInformation, &r);
 	}
 
 	status = cli_do_rpc_ndr(cli,
@@ -2142,7 +2208,7 @@ NTSTATUS rpccli_netr_DSRGETFORESTTRUSTINFORMATION(struct rpc_pipe_client *cli,
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_DSRGETFORESTTRUSTINFORMATION, &r);
+		NDR_PRINT_OUT_DEBUG(netr_DsRGetForestTrustInformation, &r);
 	}
 
 	if (NT_STATUS_IS_ERR(status)) {
@@ -2150,6 +2216,7 @@ NTSTATUS rpccli_netr_DSRGETFORESTTRUSTINFORMATION(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
+	*forest_trust_info = *r.out.forest_trust_info;
 
 	/* Return result */
 	if (werror) {
@@ -2159,24 +2226,34 @@ NTSTATUS rpccli_netr_DSRGETFORESTTRUSTINFORMATION(struct rpc_pipe_client *cli,
 	return werror_to_ntstatus(r.out.result);
 }
 
-NTSTATUS rpccli_netr_NETRGETFORESTTRUSTINFORMATION(struct rpc_pipe_client *cli,
-						   TALLOC_CTX *mem_ctx,
-						   WERROR *werror)
+NTSTATUS rpccli_netr_GetForestTrustInformation(struct rpc_pipe_client *cli,
+					       TALLOC_CTX *mem_ctx,
+					       const char *server_name,
+					       const char *trusted_domain_name,
+					       struct netr_Authenticator *credential,
+					       struct netr_Authenticator *return_authenticator,
+					       uint32_t flags,
+					       struct lsa_ForestTrustInformation **forest_trust_info,
+					       WERROR *werror)
 {
-	struct netr_NETRGETFORESTTRUSTINFORMATION r;
+	struct netr_GetForestTrustInformation r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.server_name = server_name;
+	r.in.trusted_domain_name = trusted_domain_name;
+	r.in.credential = credential;
+	r.in.flags = flags;
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_NETRGETFORESTTRUSTINFORMATION, &r);
+		NDR_PRINT_IN_DEBUG(netr_GetForestTrustInformation, &r);
 	}
 
 	status = cli_do_rpc_ndr(cli,
 				mem_ctx,
 				PI_NETLOGON,
 				&ndr_table_netlogon,
-				NDR_NETR_NETRGETFORESTTRUSTINFORMATION,
+				NDR_NETR_GETFORESTTRUSTINFORMATION,
 				&r);
 
 	if (!NT_STATUS_IS_OK(status)) {
@@ -2184,7 +2261,7 @@ NTSTATUS rpccli_netr_NETRGETFORESTTRUSTINFORMATION(struct rpc_pipe_client *cli,
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_NETRGETFORESTTRUSTINFORMATION, &r);
+		NDR_PRINT_OUT_DEBUG(netr_GetForestTrustInformation, &r);
 	}
 
 	if (NT_STATUS_IS_ERR(status)) {
@@ -2192,6 +2269,8 @@ NTSTATUS rpccli_netr_NETRGETFORESTTRUSTINFORMATION(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
+	*return_authenticator = *r.out.return_authenticator;
+	*forest_trust_info = *r.out.forest_trust_info;
 
 	/* Return result */
 	if (werror) {
diff --git a/source3/librpc/gen_ndr/cli_netlogon.h b/source3/librpc/gen_ndr/cli_netlogon.h
index 9409077d09..1fdc1f6c46 100644
--- a/source3/librpc/gen_ndr/cli_netlogon.h
+++ b/source3/librpc/gen_ndr/cli_netlogon.h
@@ -22,7 +22,7 @@ NTSTATUS rpccli_netr_LogonSamLogon(struct rpc_pipe_client *cli,
 				   struct netr_Authenticator *credential,
 				   struct netr_Authenticator *return_authenticator,
 				   uint16_t logon_level,
-				   union netr_LogonLevel logon,
+				   union netr_LogonLevel *logon,
 				   uint16_t validation_level,
 				   union netr_Validation *validation,
 				   uint8_t *authoritative);
@@ -38,33 +38,35 @@ NTSTATUS rpccli_netr_ServerReqChallenge(struct rpc_pipe_client *cli,
 					TALLOC_CTX *mem_ctx,
 					const char *server_name,
 					const char *computer_name,
-					struct netr_Credential *credentials);
+					struct netr_Credential *credentials,
+					struct netr_Credential *return_credentials);
 NTSTATUS rpccli_netr_ServerAuthenticate(struct rpc_pipe_client *cli,
 					TALLOC_CTX *mem_ctx,
 					const char *server_name,
 					const char *account_name,
 					enum netr_SchannelType secure_channel_type,
 					const char *computer_name,
-					struct netr_Credential *credentials);
+					struct netr_Credential *credentials,
+					struct netr_Credential *return_credentials);
 NTSTATUS rpccli_netr_ServerPasswordSet(struct rpc_pipe_client *cli,
 				       TALLOC_CTX *mem_ctx,
 				       const char *server_name,
 				       const char *account_name,
 				       enum netr_SchannelType secure_channel_type,
 				       const char *computer_name,
-				       struct netr_Authenticator credential,
-				       struct samr_Password new_password,
-				       struct netr_Authenticator *return_authenticator);
+				       struct netr_Authenticator *credential,
+				       struct netr_Authenticator *return_authenticator,
+				       struct samr_Password *new_password);
 NTSTATUS rpccli_netr_DatabaseDeltas(struct rpc_pipe_client *cli,
 				    TALLOC_CTX *mem_ctx,
 				    const char *logon_server,
 				    const char *computername,
-				    struct netr_Authenticator credential,
+				    struct netr_Authenticator *credential,
 				    struct netr_Authenticator *return_authenticator,
 				    enum netr_SamDatabaseID database_id,
 				    uint64_t *sequence_num,
-				    uint32_t preferredmaximumlength,
-				    struct netr_DELTA_ENUM_ARRAY *delta_enum_array);
+				    struct netr_DELTA_ENUM_ARRAY **delta_enum_array,
+				    uint32_t preferredmaximumlength);
 NTSTATUS rpccli_netr_DatabaseSync(struct rpc_pipe_client *cli,
 				  TALLOC_CTX *mem_ctx,
 				  const char *logon_server,
@@ -107,7 +109,8 @@ NTSTATUS rpccli_netr_GetDcName(struct rpc_pipe_client *cli,
 			       TALLOC_CTX *mem_ctx,
 			       const char *logon_server,
 			       const char *domainname,
-			       const char **dcname);
+			       const char **dcname,
+			       WERROR *werror);
 NTSTATUS rpccli_netr_LogonControl(struct rpc_pipe_client *cli,
 				  TALLOC_CTX *mem_ctx,
 				  const char *logon_server,
@@ -126,7 +129,7 @@ NTSTATUS rpccli_netr_LogonControl2(struct rpc_pipe_client *cli,
 				   const char *logon_server,
 				   uint32_t function_code,
 				   uint32_t level,
-				   union netr_CONTROL_DATA_INFORMATION data,
+				   union netr_CONTROL_DATA_INFORMATION *data,
 				   union netr_CONTROL_QUERY_INFORMATION *query,
 				   WERROR *werror);
 NTSTATUS rpccli_netr_ServerAuthenticate2(struct rpc_pipe_client *cli,
@@ -136,18 +139,19 @@ NTSTATUS rpccli_netr_ServerAuthenticate2(struct rpc_pipe_client *cli,
 					 enum netr_SchannelType secure_channel_type,
 					 const char *computer_name,
 					 struct netr_Credential *credentials,
+					 struct netr_Credential *return_credentials,
 					 uint32_t *negotiate_flags);
 NTSTATUS rpccli_netr_DatabaseSync2(struct rpc_pipe_client *cli,
 				   TALLOC_CTX *mem_ctx,
 				   const char *logon_server,
 				   const char *computername,
-				   struct netr_Authenticator credential,
+				   struct netr_Authenticator *credential,
 				   struct netr_Authenticator *return_authenticator,
 				   enum netr_SamDatabaseID database_id,
 				   uint16_t restart_state,
 				   uint32_t *sync_context,
-				   uint32_t preferredmaximumlength,
-				   struct netr_DELTA_ENUM_ARRAY *delta_enum_array);
+				   struct netr_DELTA_ENUM_ARRAY **delta_enum_array,
+				   uint32_t preferredmaximumlength);
 NTSTATUS rpccli_netr_DatabaseRedo(struct rpc_pipe_client *cli,
 				  TALLOC_CTX *mem_ctx,
 				  const char *logon_server,
@@ -165,8 +169,10 @@ NTSTATUS rpccli_netr_LogonControl2Ex(struct rpc_pipe_client *cli,
 				     union netr_CONTROL_DATA_INFORMATION data,
 				     union netr_CONTROL_QUERY_INFORMATION *query,
 				     WERROR *werror);
-NTSTATUS rpccli_netr_NETRENUMERATETRUSTEDDOMAINS(struct rpc_pipe_client *cli,
+NTSTATUS rpccli_netr_NetrEnumerateTrustedDomains(struct rpc_pipe_client *cli,
 						 TALLOC_CTX *mem_ctx,
+						 const char *server_name,
+						 struct netr_Blob *trusted_domains_blob,
 						 WERROR *werror);
 NTSTATUS rpccli_netr_DsRGetDCName(struct rpc_pipe_client *cli,
 				  TALLOC_CTX *mem_ctx,
@@ -175,7 +181,7 @@ NTSTATUS rpccli_netr_DsRGetDCName(struct rpc_pipe_client *cli,
 				  struct GUID *domain_guid,
 				  struct GUID *site_guid,
 				  uint32_t flags,
-				  struct netr_DsRGetDCNameInfo *info,
+				  struct netr_DsRGetDCNameInfo **info,
 				  WERROR *werror);
 NTSTATUS rpccli_netr_NETRLOGONDUMMYROUTINE1(struct rpc_pipe_client *cli,
 					    TALLOC_CTX *mem_ctx,
@@ -183,9 +189,12 @@ NTSTATUS rpccli_netr_NETRLOGONDUMMYROUTINE1(struct rpc_pipe_client *cli,
 NTSTATUS rpccli_netr_NETRLOGONSETSERVICEBITS(struct rpc_pipe_client *cli,
 					     TALLOC_CTX *mem_ctx,
 					     WERROR *werror);
-NTSTATUS rpccli_netr_NETRLOGONGETTRUSTRID(struct rpc_pipe_client *cli,
-					  TALLOC_CTX *mem_ctx,
-					  WERROR *werror);
+NTSTATUS rpccli_netr_LogonGetTrustRid(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      const char *server_name,
+				      const char *domain_name,
+				      uint32_t *rid,
+				      WERROR *werror);
 NTSTATUS rpccli_netr_NETRLOGONCOMPUTESERVERDIGEST(struct rpc_pipe_client *cli,
 						  TALLOC_CTX *mem_ctx,
 						  WERROR *werror);
@@ -208,7 +217,7 @@ NTSTATUS rpccli_netr_DsRGetDCNameEx(struct rpc_pipe_client *cli,
 				    struct GUID *domain_guid,
 				    const char *site_name,
 				    uint32_t flags,
-				    struct netr_DsRGetDCNameInfo *info,
+				    struct netr_DsRGetDCNameInfo **info,
 				    WERROR *werror);
 NTSTATUS rpccli_netr_DsRGetSiteName(struct rpc_pipe_client *cli,
 				    TALLOC_CTX *mem_ctx,
@@ -233,14 +242,25 @@ NTSTATUS rpccli_netr_ServerPasswordSet2(struct rpc_pipe_client *cli,
 					struct netr_Authenticator credential,
 					struct netr_CryptPassword new_password,
 					struct netr_Authenticator *return_authenticator);
-NTSTATUS rpccli_netr_NETRSERVERPASSWORDGET(struct rpc_pipe_client *cli,
-					   TALLOC_CTX *mem_ctx,
-					   WERROR *werror);
+NTSTATUS rpccli_netr_ServerPasswordGet(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       const char *server_name,
+				       const char *account_name,
+				       enum netr_SchannelType secure_channel_type,
+				       const char *computer_name,
+				       struct netr_Authenticator *credential,
+				       struct netr_Authenticator *return_authenticator,
+				       struct samr_Password *password,
+				       WERROR *werror);
 NTSTATUS rpccli_netr_NETRLOGONSENDTOSAM(struct rpc_pipe_client *cli,
 					TALLOC_CTX *mem_ctx,
 					WERROR *werror);
-NTSTATUS rpccli_netr_DSRADDRESSTOSITENAMESW(struct rpc_pipe_client *cli,
+NTSTATUS rpccli_netr_DsRAddressToSitenamesW(struct rpc_pipe_client *cli,
 					    TALLOC_CTX *mem_ctx,
+					    const char *server_name,
+					    uint32_t count,
+					    struct netr_DsRAddress *addresses,
+					    struct netr_DsRAddressToSitenamesWCtr **ctr,
 					    WERROR *werror);
 NTSTATUS rpccli_netr_DsRGetDCNameEx2(struct rpc_pipe_client *cli,
 				     TALLOC_CTX *mem_ctx,
@@ -251,26 +271,34 @@ NTSTATUS rpccli_netr_DsRGetDCNameEx2(struct rpc_pipe_client *cli,
 				     struct GUID *domain_guid,
 				     const char *site_name,
 				     uint32_t flags,
-				     struct netr_DsRGetDCNameInfo *info,
+				     struct netr_DsRGetDCNameInfo **info,
 				     WERROR *werror);
 NTSTATUS rpccli_netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct rpc_pipe_client *cli,
 							 TALLOC_CTX *mem_ctx,
 							 WERROR *werror);
-NTSTATUS rpccli_netr_NETRENUMERATETRUSTEDDOMAINSEX(struct rpc_pipe_client *cli,
+NTSTATUS rpccli_netr_NetrEnumerateTrustedDomainsEx(struct rpc_pipe_client *cli,
 						   TALLOC_CTX *mem_ctx,
+						   const char *server_name,
+						   struct netr_DomainTrustList *dom_trust_list,
 						   WERROR *werror);
-NTSTATUS rpccli_netr_DSRADDRESSTOSITENAMESEXW(struct rpc_pipe_client *cli,
+NTSTATUS rpccli_netr_DsRAddressToSitenamesExW(struct rpc_pipe_client *cli,
 					      TALLOC_CTX *mem_ctx,
+					      const char *server_name,
+					      uint32_t count,
+					      struct netr_DsRAddress *addresses,
+					      struct netr_DsRAddressToSitenamesExWCtr **ctr,
 					      WERROR *werror);
-NTSTATUS rpccli_netr_DSRGETDCSITECOVERAGEW(struct rpc_pipe_client *cli,
+NTSTATUS rpccli_netr_DsrGetDcSiteCoverageW(struct rpc_pipe_client *cli,
 					   TALLOC_CTX *mem_ctx,
+					   const char *server_name,
+					   struct DcSitesCtr *ctr,
 					   WERROR *werror);
 NTSTATUS rpccli_netr_LogonSamLogonEx(struct rpc_pipe_client *cli,
 				     TALLOC_CTX *mem_ctx,
 				     const char *server_name,
 				     const char *computer_name,
 				     uint16_t logon_level,
-				     union netr_LogonLevel logon,
+				     union netr_LogonLevel *logon,
 				     uint16_t validation_level,
 				     union netr_Validation *validation,
 				     uint8_t *authoritative,
@@ -279,21 +307,42 @@ NTSTATUS rpccli_netr_DsrEnumerateDomainTrusts(struct rpc_pipe_client *cli,
 					      TALLOC_CTX *mem_ctx,
 					      const char *server_name,
 					      uint32_t trust_flags,
-					      uint32_t *count,
-					      struct netr_DomainTrust **trusts,
+					      struct netr_DomainTrustList *trusts,
 					      WERROR *werror);
-NTSTATUS rpccli_netr_DSRDEREGISTERDNSHOSTRECORDS(struct rpc_pipe_client *cli,
-						 TALLOC_CTX *mem_ctx,
-						 WERROR *werror);
-NTSTATUS rpccli_netr_NETRSERVERTRUSTPASSWORDSGET(struct rpc_pipe_client *cli,
+NTSTATUS rpccli_netr_DsrDeregisterDNSHostRecords(struct rpc_pipe_client *cli,
 						 TALLOC_CTX *mem_ctx,
+						 const char *server_name,
+						 const char *domain,
+						 struct GUID *domain_guid,
+						 struct GUID *dsa_guid,
+						 const char *dns_host,
 						 WERROR *werror);
-NTSTATUS rpccli_netr_DSRGETFORESTTRUSTINFORMATION(struct rpc_pipe_client *cli,
+NTSTATUS rpccli_netr_ServerTrustPasswordsGet(struct rpc_pipe_client *cli,
+					     TALLOC_CTX *mem_ctx,
+					     const char *server_name,
+					     const char *account_name,
+					     enum netr_SchannelType secure_channel_type,
+					     const char *computer_name,
+					     struct netr_Authenticator *credential,
+					     struct netr_Authenticator *return_authenticator,
+					     struct samr_Password *password,
+					     struct samr_Password *password2);
+NTSTATUS rpccli_netr_DsRGetForestTrustInformation(struct rpc_pipe_client *cli,
 						  TALLOC_CTX *mem_ctx,
+						  const char *server_name,
+						  const char *trusted_domain_name,
+						  uint32_t flags,
+						  struct lsa_ForestTrustInformation **forest_trust_info,
 						  WERROR *werror);
-NTSTATUS rpccli_netr_NETRGETFORESTTRUSTINFORMATION(struct rpc_pipe_client *cli,
-						   TALLOC_CTX *mem_ctx,
-						   WERROR *werror);
+NTSTATUS rpccli_netr_GetForestTrustInformation(struct rpc_pipe_client *cli,
+					       TALLOC_CTX *mem_ctx,
+					       const char *server_name,
+					       const char *trusted_domain_name,
+					       struct netr_Authenticator *credential,
+					       struct netr_Authenticator *return_authenticator,
+					       uint32_t flags,
+					       struct lsa_ForestTrustInformation **forest_trust_info,
+					       WERROR *werror);
 NTSTATUS rpccli_netr_LogonSamLogonWithFlags(struct rpc_pipe_client *cli,
 					    TALLOC_CTX *mem_ctx,
 					    const char *server_name,
diff --git a/source3/librpc/gen_ndr/cli_ntsvcs.c b/source3/librpc/gen_ndr/cli_ntsvcs.c
new file mode 100644
index 0000000000..5597fccdb5
--- /dev/null
+++ b/source3/librpc/gen_ndr/cli_ntsvcs.c
@@ -0,0 +1,2783 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * client auto-generated by pidl. DO NOT MODIFY!
+ */
+
+#include "includes.h"
+#include "librpc/gen_ndr/cli_ntsvcs.h"
+
+NTSTATUS rpccli_PNP_Disconnect(struct rpc_pipe_client *cli,
+			       TALLOC_CTX *mem_ctx,
+			       WERROR *werror)
+{
+	struct PNP_Disconnect r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_Disconnect, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_DISCONNECT,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_Disconnect, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_Connect(struct rpc_pipe_client *cli,
+			    TALLOC_CTX *mem_ctx,
+			    WERROR *werror)
+{
+	struct PNP_Connect r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_Connect, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_CONNECT,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_Connect, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetVersion(struct rpc_pipe_client *cli,
+			       TALLOC_CTX *mem_ctx,
+			       uint16_t *version,
+			       WERROR *werror)
+{
+	struct PNP_GetVersion r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetVersion, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETVERSION,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetVersion, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*version = *r.out.version;
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetGlobalState(struct rpc_pipe_client *cli,
+				   TALLOC_CTX *mem_ctx,
+				   WERROR *werror)
+{
+	struct PNP_GetGlobalState r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetGlobalState, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETGLOBALSTATE,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetGlobalState, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_InitDetection(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  WERROR *werror)
+{
+	struct PNP_InitDetection r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_InitDetection, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_INITDETECTION,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_InitDetection, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_ReportLogOn(struct rpc_pipe_client *cli,
+				TALLOC_CTX *mem_ctx,
+				WERROR *werror)
+{
+	struct PNP_ReportLogOn r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_ReportLogOn, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_REPORTLOGON,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_ReportLogOn, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_ValidateDeviceInstance(struct rpc_pipe_client *cli,
+					   TALLOC_CTX *mem_ctx,
+					   const char *devicepath,
+					   uint32_t flags,
+					   WERROR *werror)
+{
+	struct PNP_ValidateDeviceInstance r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.devicepath = devicepath;
+	r.in.flags = flags;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_ValidateDeviceInstance, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_VALIDATEDEVICEINSTANCE,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_ValidateDeviceInstance, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetRootDeviceInstance(struct rpc_pipe_client *cli,
+					  TALLOC_CTX *mem_ctx,
+					  WERROR *werror)
+{
+	struct PNP_GetRootDeviceInstance r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetRootDeviceInstance, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETROOTDEVICEINSTANCE,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetRootDeviceInstance, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetRelatedDeviceInstance(struct rpc_pipe_client *cli,
+					     TALLOC_CTX *mem_ctx,
+					     WERROR *werror)
+{
+	struct PNP_GetRelatedDeviceInstance r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetRelatedDeviceInstance, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETRELATEDDEVICEINSTANCE,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetRelatedDeviceInstance, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_EnumerateSubKeys(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     WERROR *werror)
+{
+	struct PNP_EnumerateSubKeys r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_EnumerateSubKeys, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_ENUMERATESUBKEYS,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_EnumerateSubKeys, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetDeviceList(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  WERROR *werror)
+{
+	struct PNP_GetDeviceList r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetDeviceList, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETDEVICELIST,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetDeviceList, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetDeviceListSize(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      const char *devicename,
+				      uint32_t *size,
+				      uint32_t flags,
+				      WERROR *werror)
+{
+	struct PNP_GetDeviceListSize r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.devicename = devicename;
+	r.in.flags = flags;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetDeviceListSize, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETDEVICELISTSIZE,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetDeviceListSize, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*size = *r.out.size;
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetDepth(struct rpc_pipe_client *cli,
+			     TALLOC_CTX *mem_ctx,
+			     WERROR *werror)
+{
+	struct PNP_GetDepth r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetDepth, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETDEPTH,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetDepth, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetDeviceRegProp(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     WERROR *werror)
+{
+	struct PNP_GetDeviceRegProp r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetDeviceRegProp, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETDEVICEREGPROP,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetDeviceRegProp, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_SetDeviceRegProp(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     WERROR *werror)
+{
+	struct PNP_SetDeviceRegProp r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_SetDeviceRegProp, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_SETDEVICEREGPROP,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_SetDeviceRegProp, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetClassInstance(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     WERROR *werror)
+{
+	struct PNP_GetClassInstance r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetClassInstance, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETCLASSINSTANCE,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetClassInstance, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_CreateKey(struct rpc_pipe_client *cli,
+			      TALLOC_CTX *mem_ctx,
+			      WERROR *werror)
+{
+	struct PNP_CreateKey r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_CreateKey, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_CREATEKEY,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_CreateKey, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_DeleteRegistryKey(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      WERROR *werror)
+{
+	struct PNP_DeleteRegistryKey r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_DeleteRegistryKey, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_DELETEREGISTRYKEY,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_DeleteRegistryKey, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetClassCount(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  WERROR *werror)
+{
+	struct PNP_GetClassCount r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetClassCount, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETCLASSCOUNT,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetClassCount, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetClassName(struct rpc_pipe_client *cli,
+				 TALLOC_CTX *mem_ctx,
+				 WERROR *werror)
+{
+	struct PNP_GetClassName r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetClassName, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETCLASSNAME,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetClassName, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_DeleteClassKey(struct rpc_pipe_client *cli,
+				   TALLOC_CTX *mem_ctx,
+				   WERROR *werror)
+{
+	struct PNP_DeleteClassKey r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_DeleteClassKey, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_DELETECLASSKEY,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_DeleteClassKey, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetInterfaceDeviceAlias(struct rpc_pipe_client *cli,
+					    TALLOC_CTX *mem_ctx,
+					    WERROR *werror)
+{
+	struct PNP_GetInterfaceDeviceAlias r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetInterfaceDeviceAlias, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETINTERFACEDEVICEALIAS,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetInterfaceDeviceAlias, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetInterfaceDeviceList(struct rpc_pipe_client *cli,
+					   TALLOC_CTX *mem_ctx,
+					   WERROR *werror)
+{
+	struct PNP_GetInterfaceDeviceList r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetInterfaceDeviceList, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETINTERFACEDEVICELIST,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetInterfaceDeviceList, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetInterfaceDeviceListSize(struct rpc_pipe_client *cli,
+					       TALLOC_CTX *mem_ctx,
+					       WERROR *werror)
+{
+	struct PNP_GetInterfaceDeviceListSize r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetInterfaceDeviceListSize, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETINTERFACEDEVICELISTSIZE,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetInterfaceDeviceListSize, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_RegisterDeviceClassAssociation(struct rpc_pipe_client *cli,
+						   TALLOC_CTX *mem_ctx,
+						   WERROR *werror)
+{
+	struct PNP_RegisterDeviceClassAssociation r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_RegisterDeviceClassAssociation, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_REGISTERDEVICECLASSASSOCIATION,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_RegisterDeviceClassAssociation, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_UnregisterDeviceClassAssociation(struct rpc_pipe_client *cli,
+						     TALLOC_CTX *mem_ctx,
+						     WERROR *werror)
+{
+	struct PNP_UnregisterDeviceClassAssociation r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_UnregisterDeviceClassAssociation, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_UNREGISTERDEVICECLASSASSOCIATION,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_UnregisterDeviceClassAssociation, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetClassRegProp(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    WERROR *werror)
+{
+	struct PNP_GetClassRegProp r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetClassRegProp, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETCLASSREGPROP,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetClassRegProp, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_SetClassRegProp(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    WERROR *werror)
+{
+	struct PNP_SetClassRegProp r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_SetClassRegProp, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_SETCLASSREGPROP,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_SetClassRegProp, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_CreateDevInst(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  WERROR *werror)
+{
+	struct PNP_CreateDevInst r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_CreateDevInst, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_CREATEDEVINST,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_CreateDevInst, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_DeviceInstanceAction(struct rpc_pipe_client *cli,
+					 TALLOC_CTX *mem_ctx,
+					 WERROR *werror)
+{
+	struct PNP_DeviceInstanceAction r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_DeviceInstanceAction, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_DEVICEINSTANCEACTION,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_DeviceInstanceAction, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetDeviceStatus(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    WERROR *werror)
+{
+	struct PNP_GetDeviceStatus r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetDeviceStatus, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETDEVICESTATUS,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetDeviceStatus, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_SetDeviceProblem(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     WERROR *werror)
+{
+	struct PNP_SetDeviceProblem r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_SetDeviceProblem, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_SETDEVICEPROBLEM,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_SetDeviceProblem, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_DisableDevInst(struct rpc_pipe_client *cli,
+				   TALLOC_CTX *mem_ctx,
+				   WERROR *werror)
+{
+	struct PNP_DisableDevInst r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_DisableDevInst, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_DISABLEDEVINST,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_DisableDevInst, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_UninstallDevInst(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     WERROR *werror)
+{
+	struct PNP_UninstallDevInst r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_UninstallDevInst, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_UNINSTALLDEVINST,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_UninstallDevInst, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_AddID(struct rpc_pipe_client *cli,
+			  TALLOC_CTX *mem_ctx,
+			  WERROR *werror)
+{
+	struct PNP_AddID r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_AddID, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_ADDID,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_AddID, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_RegisterDriver(struct rpc_pipe_client *cli,
+				   TALLOC_CTX *mem_ctx,
+				   WERROR *werror)
+{
+	struct PNP_RegisterDriver r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_RegisterDriver, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_REGISTERDRIVER,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_RegisterDriver, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_QueryRemove(struct rpc_pipe_client *cli,
+				TALLOC_CTX *mem_ctx,
+				WERROR *werror)
+{
+	struct PNP_QueryRemove r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_QueryRemove, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_QUERYREMOVE,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_QueryRemove, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_RequestDeviceEject(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       WERROR *werror)
+{
+	struct PNP_RequestDeviceEject r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_RequestDeviceEject, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_REQUESTDEVICEEJECT,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_RequestDeviceEject, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_IsDockStationPresent(struct rpc_pipe_client *cli,
+					 TALLOC_CTX *mem_ctx,
+					 WERROR *werror)
+{
+	struct PNP_IsDockStationPresent r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_IsDockStationPresent, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_ISDOCKSTATIONPRESENT,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_IsDockStationPresent, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_RequestEjectPC(struct rpc_pipe_client *cli,
+				   TALLOC_CTX *mem_ctx,
+				   WERROR *werror)
+{
+	struct PNP_RequestEjectPC r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_RequestEjectPC, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_REQUESTEJECTPC,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_RequestEjectPC, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_HwProfFlags(struct rpc_pipe_client *cli,
+				TALLOC_CTX *mem_ctx,
+				uint32_t unknown1,
+				const char *devicepath,
+				uint32_t unknown2,
+				uint32_t *unknown3,
+				uint16_t *unknown4,
+				const char *unknown5,
+				const char **unknown5a,
+				uint32_t unknown6,
+				uint32_t unknown7,
+				WERROR *werror)
+{
+	struct PNP_HwProfFlags r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.unknown1 = unknown1;
+	r.in.devicepath = devicepath;
+	r.in.unknown2 = unknown2;
+	r.in.unknown3 = unknown3;
+	r.in.unknown4 = unknown4;
+	r.in.unknown5 = unknown5;
+	r.in.unknown6 = unknown6;
+	r.in.unknown7 = unknown7;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_HwProfFlags, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_HWPROFFLAGS,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_HwProfFlags, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*unknown3 = *r.out.unknown3;
+	if (unknown4 && r.out.unknown4) {
+		*unknown4 = *r.out.unknown4;
+	}
+	if (unknown5a && r.out.unknown5a) {
+		*unknown5a = *r.out.unknown5a;
+	}
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetHwProfInfo(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  uint32_t idx,
+				  struct PNP_HwProfInfo *info,
+				  uint32_t unknown1,
+				  uint32_t unknown2,
+				  WERROR *werror)
+{
+	struct PNP_GetHwProfInfo r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.idx = idx;
+	r.in.info = info;
+	r.in.unknown1 = unknown1;
+	r.in.unknown2 = unknown2;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetHwProfInfo, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETHWPROFINFO,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetHwProfInfo, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*info = *r.out.info;
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_AddEmptyLogConf(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    WERROR *werror)
+{
+	struct PNP_AddEmptyLogConf r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_AddEmptyLogConf, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_ADDEMPTYLOGCONF,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_AddEmptyLogConf, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_FreeLogConf(struct rpc_pipe_client *cli,
+				TALLOC_CTX *mem_ctx,
+				WERROR *werror)
+{
+	struct PNP_FreeLogConf r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_FreeLogConf, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_FREELOGCONF,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_FreeLogConf, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetFirstLogConf(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    WERROR *werror)
+{
+	struct PNP_GetFirstLogConf r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetFirstLogConf, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETFIRSTLOGCONF,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetFirstLogConf, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetNextLogConf(struct rpc_pipe_client *cli,
+				   TALLOC_CTX *mem_ctx,
+				   WERROR *werror)
+{
+	struct PNP_GetNextLogConf r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetNextLogConf, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETNEXTLOGCONF,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetNextLogConf, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetLogConfPriority(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       WERROR *werror)
+{
+	struct PNP_GetLogConfPriority r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetLogConfPriority, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETLOGCONFPRIORITY,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetLogConfPriority, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_AddResDes(struct rpc_pipe_client *cli,
+			      TALLOC_CTX *mem_ctx,
+			      WERROR *werror)
+{
+	struct PNP_AddResDes r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_AddResDes, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_ADDRESDES,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_AddResDes, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_FreeResDes(struct rpc_pipe_client *cli,
+			       TALLOC_CTX *mem_ctx,
+			       WERROR *werror)
+{
+	struct PNP_FreeResDes r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_FreeResDes, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_FREERESDES,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_FreeResDes, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetNextResDes(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  WERROR *werror)
+{
+	struct PNP_GetNextResDes r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetNextResDes, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETNEXTRESDES,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetNextResDes, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetResDesData(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  WERROR *werror)
+{
+	struct PNP_GetResDesData r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetResDesData, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETRESDESDATA,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetResDesData, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetResDesDataSize(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      WERROR *werror)
+{
+	struct PNP_GetResDesDataSize r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetResDesDataSize, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETRESDESDATASIZE,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetResDesDataSize, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_ModifyResDes(struct rpc_pipe_client *cli,
+				 TALLOC_CTX *mem_ctx,
+				 WERROR *werror)
+{
+	struct PNP_ModifyResDes r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_ModifyResDes, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_MODIFYRESDES,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_ModifyResDes, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_DetectResourceLimit(struct rpc_pipe_client *cli,
+					TALLOC_CTX *mem_ctx,
+					WERROR *werror)
+{
+	struct PNP_DetectResourceLimit r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_DetectResourceLimit, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_DETECTRESOURCELIMIT,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_DetectResourceLimit, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_QueryResConfList(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     WERROR *werror)
+{
+	struct PNP_QueryResConfList r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_QueryResConfList, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_QUERYRESCONFLIST,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_QueryResConfList, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_SetHwProf(struct rpc_pipe_client *cli,
+			      TALLOC_CTX *mem_ctx,
+			      WERROR *werror)
+{
+	struct PNP_SetHwProf r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_SetHwProf, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_SETHWPROF,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_SetHwProf, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_QueryArbitratorFreeData(struct rpc_pipe_client *cli,
+					    TALLOC_CTX *mem_ctx,
+					    WERROR *werror)
+{
+	struct PNP_QueryArbitratorFreeData r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_QueryArbitratorFreeData, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_QUERYARBITRATORFREEDATA,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_QueryArbitratorFreeData, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_QueryArbitratorFreeSize(struct rpc_pipe_client *cli,
+					    TALLOC_CTX *mem_ctx,
+					    WERROR *werror)
+{
+	struct PNP_QueryArbitratorFreeSize r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_QueryArbitratorFreeSize, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_QUERYARBITRATORFREESIZE,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_QueryArbitratorFreeSize, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_RunDetection(struct rpc_pipe_client *cli,
+				 TALLOC_CTX *mem_ctx,
+				 WERROR *werror)
+{
+	struct PNP_RunDetection r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_RunDetection, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_RUNDETECTION,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_RunDetection, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_RegisterNotification(struct rpc_pipe_client *cli,
+					 TALLOC_CTX *mem_ctx,
+					 WERROR *werror)
+{
+	struct PNP_RegisterNotification r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_RegisterNotification, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_REGISTERNOTIFICATION,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_RegisterNotification, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_UnregisterNotification(struct rpc_pipe_client *cli,
+					   TALLOC_CTX *mem_ctx,
+					   WERROR *werror)
+{
+	struct PNP_UnregisterNotification r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_UnregisterNotification, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_UNREGISTERNOTIFICATION,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_UnregisterNotification, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetCustomDevProp(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     WERROR *werror)
+{
+	struct PNP_GetCustomDevProp r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetCustomDevProp, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETCUSTOMDEVPROP,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetCustomDevProp, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetVersionInternal(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       WERROR *werror)
+{
+	struct PNP_GetVersionInternal r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetVersionInternal, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETVERSIONINTERNAL,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetVersionInternal, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetBlockedDriverInfo(struct rpc_pipe_client *cli,
+					 TALLOC_CTX *mem_ctx,
+					 WERROR *werror)
+{
+	struct PNP_GetBlockedDriverInfo r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetBlockedDriverInfo, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETBLOCKEDDRIVERINFO,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetBlockedDriverInfo, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
+NTSTATUS rpccli_PNP_GetServerSideDeviceInstallFlags(struct rpc_pipe_client *cli,
+						    TALLOC_CTX *mem_ctx,
+						    WERROR *werror)
+{
+	struct PNP_GetServerSideDeviceInstallFlags r;
+	NTSTATUS status;
+
+	/* In parameters */
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetServerSideDeviceInstallFlags, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_NTSVCS,
+				&ndr_table_ntsvcs,
+				NDR_PNP_GETSERVERSIDEDEVICEINSTALLFLAGS,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetServerSideDeviceInstallFlags, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	if (werror) {
+		*werror = r.out.result;
+	}
+
+	return werror_to_ntstatus(r.out.result);
+}
+
diff --git a/source3/librpc/gen_ndr/cli_ntsvcs.h b/source3/librpc/gen_ndr/cli_ntsvcs.h
new file mode 100644
index 0000000000..33df63ee5d
--- /dev/null
+++ b/source3/librpc/gen_ndr/cli_ntsvcs.h
@@ -0,0 +1,218 @@
+#include "librpc/gen_ndr/ndr_ntsvcs.h"
+#ifndef __CLI_NTSVCS__
+#define __CLI_NTSVCS__
+NTSTATUS rpccli_PNP_Disconnect(struct rpc_pipe_client *cli,
+			       TALLOC_CTX *mem_ctx,
+			       WERROR *werror);
+NTSTATUS rpccli_PNP_Connect(struct rpc_pipe_client *cli,
+			    TALLOC_CTX *mem_ctx,
+			    WERROR *werror);
+NTSTATUS rpccli_PNP_GetVersion(struct rpc_pipe_client *cli,
+			       TALLOC_CTX *mem_ctx,
+			       uint16_t *version,
+			       WERROR *werror);
+NTSTATUS rpccli_PNP_GetGlobalState(struct rpc_pipe_client *cli,
+				   TALLOC_CTX *mem_ctx,
+				   WERROR *werror);
+NTSTATUS rpccli_PNP_InitDetection(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  WERROR *werror);
+NTSTATUS rpccli_PNP_ReportLogOn(struct rpc_pipe_client *cli,
+				TALLOC_CTX *mem_ctx,
+				WERROR *werror);
+NTSTATUS rpccli_PNP_ValidateDeviceInstance(struct rpc_pipe_client *cli,
+					   TALLOC_CTX *mem_ctx,
+					   const char *devicepath,
+					   uint32_t flags,
+					   WERROR *werror);
+NTSTATUS rpccli_PNP_GetRootDeviceInstance(struct rpc_pipe_client *cli,
+					  TALLOC_CTX *mem_ctx,
+					  WERROR *werror);
+NTSTATUS rpccli_PNP_GetRelatedDeviceInstance(struct rpc_pipe_client *cli,
+					     TALLOC_CTX *mem_ctx,
+					     WERROR *werror);
+NTSTATUS rpccli_PNP_EnumerateSubKeys(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     WERROR *werror);
+NTSTATUS rpccli_PNP_GetDeviceList(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  WERROR *werror);
+NTSTATUS rpccli_PNP_GetDeviceListSize(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      const char *devicename,
+				      uint32_t *size,
+				      uint32_t flags,
+				      WERROR *werror);
+NTSTATUS rpccli_PNP_GetDepth(struct rpc_pipe_client *cli,
+			     TALLOC_CTX *mem_ctx,
+			     WERROR *werror);
+NTSTATUS rpccli_PNP_GetDeviceRegProp(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     WERROR *werror);
+NTSTATUS rpccli_PNP_SetDeviceRegProp(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     WERROR *werror);
+NTSTATUS rpccli_PNP_GetClassInstance(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     WERROR *werror);
+NTSTATUS rpccli_PNP_CreateKey(struct rpc_pipe_client *cli,
+			      TALLOC_CTX *mem_ctx,
+			      WERROR *werror);
+NTSTATUS rpccli_PNP_DeleteRegistryKey(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      WERROR *werror);
+NTSTATUS rpccli_PNP_GetClassCount(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  WERROR *werror);
+NTSTATUS rpccli_PNP_GetClassName(struct rpc_pipe_client *cli,
+				 TALLOC_CTX *mem_ctx,
+				 WERROR *werror);
+NTSTATUS rpccli_PNP_DeleteClassKey(struct rpc_pipe_client *cli,
+				   TALLOC_CTX *mem_ctx,
+				   WERROR *werror);
+NTSTATUS rpccli_PNP_GetInterfaceDeviceAlias(struct rpc_pipe_client *cli,
+					    TALLOC_CTX *mem_ctx,
+					    WERROR *werror);
+NTSTATUS rpccli_PNP_GetInterfaceDeviceList(struct rpc_pipe_client *cli,
+					   TALLOC_CTX *mem_ctx,
+					   WERROR *werror);
+NTSTATUS rpccli_PNP_GetInterfaceDeviceListSize(struct rpc_pipe_client *cli,
+					       TALLOC_CTX *mem_ctx,
+					       WERROR *werror);
+NTSTATUS rpccli_PNP_RegisterDeviceClassAssociation(struct rpc_pipe_client *cli,
+						   TALLOC_CTX *mem_ctx,
+						   WERROR *werror);
+NTSTATUS rpccli_PNP_UnregisterDeviceClassAssociation(struct rpc_pipe_client *cli,
+						     TALLOC_CTX *mem_ctx,
+						     WERROR *werror);
+NTSTATUS rpccli_PNP_GetClassRegProp(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    WERROR *werror);
+NTSTATUS rpccli_PNP_SetClassRegProp(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    WERROR *werror);
+NTSTATUS rpccli_PNP_CreateDevInst(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  WERROR *werror);
+NTSTATUS rpccli_PNP_DeviceInstanceAction(struct rpc_pipe_client *cli,
+					 TALLOC_CTX *mem_ctx,
+					 WERROR *werror);
+NTSTATUS rpccli_PNP_GetDeviceStatus(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    WERROR *werror);
+NTSTATUS rpccli_PNP_SetDeviceProblem(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     WERROR *werror);
+NTSTATUS rpccli_PNP_DisableDevInst(struct rpc_pipe_client *cli,
+				   TALLOC_CTX *mem_ctx,
+				   WERROR *werror);
+NTSTATUS rpccli_PNP_UninstallDevInst(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     WERROR *werror);
+NTSTATUS rpccli_PNP_AddID(struct rpc_pipe_client *cli,
+			  TALLOC_CTX *mem_ctx,
+			  WERROR *werror);
+NTSTATUS rpccli_PNP_RegisterDriver(struct rpc_pipe_client *cli,
+				   TALLOC_CTX *mem_ctx,
+				   WERROR *werror);
+NTSTATUS rpccli_PNP_QueryRemove(struct rpc_pipe_client *cli,
+				TALLOC_CTX *mem_ctx,
+				WERROR *werror);
+NTSTATUS rpccli_PNP_RequestDeviceEject(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       WERROR *werror);
+NTSTATUS rpccli_PNP_IsDockStationPresent(struct rpc_pipe_client *cli,
+					 TALLOC_CTX *mem_ctx,
+					 WERROR *werror);
+NTSTATUS rpccli_PNP_RequestEjectPC(struct rpc_pipe_client *cli,
+				   TALLOC_CTX *mem_ctx,
+				   WERROR *werror);
+NTSTATUS rpccli_PNP_HwProfFlags(struct rpc_pipe_client *cli,
+				TALLOC_CTX *mem_ctx,
+				uint32_t unknown1,
+				const char *devicepath,
+				uint32_t unknown2,
+				uint32_t *unknown3,
+				uint16_t *unknown4,
+				const char *unknown5,
+				const char **unknown5a,
+				uint32_t unknown6,
+				uint32_t unknown7,
+				WERROR *werror);
+NTSTATUS rpccli_PNP_GetHwProfInfo(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  uint32_t idx,
+				  struct PNP_HwProfInfo *info,
+				  uint32_t unknown1,
+				  uint32_t unknown2,
+				  WERROR *werror);
+NTSTATUS rpccli_PNP_AddEmptyLogConf(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    WERROR *werror);
+NTSTATUS rpccli_PNP_FreeLogConf(struct rpc_pipe_client *cli,
+				TALLOC_CTX *mem_ctx,
+				WERROR *werror);
+NTSTATUS rpccli_PNP_GetFirstLogConf(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    WERROR *werror);
+NTSTATUS rpccli_PNP_GetNextLogConf(struct rpc_pipe_client *cli,
+				   TALLOC_CTX *mem_ctx,
+				   WERROR *werror);
+NTSTATUS rpccli_PNP_GetLogConfPriority(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       WERROR *werror);
+NTSTATUS rpccli_PNP_AddResDes(struct rpc_pipe_client *cli,
+			      TALLOC_CTX *mem_ctx,
+			      WERROR *werror);
+NTSTATUS rpccli_PNP_FreeResDes(struct rpc_pipe_client *cli,
+			       TALLOC_CTX *mem_ctx,
+			       WERROR *werror);
+NTSTATUS rpccli_PNP_GetNextResDes(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  WERROR *werror);
+NTSTATUS rpccli_PNP_GetResDesData(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  WERROR *werror);
+NTSTATUS rpccli_PNP_GetResDesDataSize(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      WERROR *werror);
+NTSTATUS rpccli_PNP_ModifyResDes(struct rpc_pipe_client *cli,
+				 TALLOC_CTX *mem_ctx,
+				 WERROR *werror);
+NTSTATUS rpccli_PNP_DetectResourceLimit(struct rpc_pipe_client *cli,
+					TALLOC_CTX *mem_ctx,
+					WERROR *werror);
+NTSTATUS rpccli_PNP_QueryResConfList(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     WERROR *werror);
+NTSTATUS rpccli_PNP_SetHwProf(struct rpc_pipe_client *cli,
+			      TALLOC_CTX *mem_ctx,
+			      WERROR *werror);
+NTSTATUS rpccli_PNP_QueryArbitratorFreeData(struct rpc_pipe_client *cli,
+					    TALLOC_CTX *mem_ctx,
+					    WERROR *werror);
+NTSTATUS rpccli_PNP_QueryArbitratorFreeSize(struct rpc_pipe_client *cli,
+					    TALLOC_CTX *mem_ctx,
+					    WERROR *werror);
+NTSTATUS rpccli_PNP_RunDetection(struct rpc_pipe_client *cli,
+				 TALLOC_CTX *mem_ctx,
+				 WERROR *werror);
+NTSTATUS rpccli_PNP_RegisterNotification(struct rpc_pipe_client *cli,
+					 TALLOC_CTX *mem_ctx,
+					 WERROR *werror);
+NTSTATUS rpccli_PNP_UnregisterNotification(struct rpc_pipe_client *cli,
+					   TALLOC_CTX *mem_ctx,
+					   WERROR *werror);
+NTSTATUS rpccli_PNP_GetCustomDevProp(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     WERROR *werror);
+NTSTATUS rpccli_PNP_GetVersionInternal(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       WERROR *werror);
+NTSTATUS rpccli_PNP_GetBlockedDriverInfo(struct rpc_pipe_client *cli,
+					 TALLOC_CTX *mem_ctx,
+					 WERROR *werror);
+NTSTATUS rpccli_PNP_GetServerSideDeviceInstallFlags(struct rpc_pipe_client *cli,
+						    TALLOC_CTX *mem_ctx,
+						    WERROR *werror);
+#endif /* __CLI_NTSVCS__ */
diff --git a/source3/librpc/gen_ndr/cli_samr.c b/source3/librpc/gen_ndr/cli_samr.c
new file mode 100644
index 0000000000..663d620d67
--- /dev/null
+++ b/source3/librpc/gen_ndr/cli_samr.c
@@ -0,0 +1,3030 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * client auto-generated by pidl. DO NOT MODIFY!
+ */
+
+#include "includes.h"
+#include "librpc/gen_ndr/cli_samr.h"
+
+NTSTATUS rpccli_samr_Connect(struct rpc_pipe_client *cli,
+			     TALLOC_CTX *mem_ctx,
+			     uint16_t *system_name,
+			     uint32_t access_mask,
+			     struct policy_handle *connect_handle)
+{
+	struct samr_Connect r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.system_name = system_name;
+	r.in.access_mask = access_mask;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_Connect, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_CONNECT,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_Connect, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*connect_handle = *r.out.connect_handle;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_Close(struct rpc_pipe_client *cli,
+			   TALLOC_CTX *mem_ctx,
+			   struct policy_handle *handle)
+{
+	struct samr_Close r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.handle = handle;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_Close, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_CLOSE,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_Close, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*handle = *r.out.handle;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_SetSecurity(struct rpc_pipe_client *cli,
+				 TALLOC_CTX *mem_ctx,
+				 struct policy_handle *handle,
+				 uint32_t sec_info,
+				 struct sec_desc_buf *sdbuf)
+{
+	struct samr_SetSecurity r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.handle = handle;
+	r.in.sec_info = sec_info;
+	r.in.sdbuf = sdbuf;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_SetSecurity, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_SETSECURITY,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_SetSecurity, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_QuerySecurity(struct rpc_pipe_client *cli,
+				   TALLOC_CTX *mem_ctx,
+				   struct policy_handle *handle,
+				   uint32_t sec_info,
+				   struct sec_desc_buf **sdbuf)
+{
+	struct samr_QuerySecurity r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.handle = handle;
+	r.in.sec_info = sec_info;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QuerySecurity, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_QUERYSECURITY,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QuerySecurity, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*sdbuf = *r.out.sdbuf;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_Shutdown(struct rpc_pipe_client *cli,
+			      TALLOC_CTX *mem_ctx,
+			      struct policy_handle *connect_handle)
+{
+	struct samr_Shutdown r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.connect_handle = connect_handle;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_Shutdown, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_SHUTDOWN,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_Shutdown, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_LookupDomain(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  struct policy_handle *connect_handle,
+				  struct lsa_String *domain_name,
+				  struct dom_sid2 **sid)
+{
+	struct samr_LookupDomain r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.connect_handle = connect_handle;
+	r.in.domain_name = domain_name;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_LookupDomain, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_LOOKUPDOMAIN,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_LookupDomain, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*sid = *r.out.sid;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_EnumDomains(struct rpc_pipe_client *cli,
+				 TALLOC_CTX *mem_ctx,
+				 struct policy_handle *connect_handle,
+				 uint32_t *resume_handle,
+				 struct samr_SamArray **sam,
+				 uint32_t buf_size,
+				 uint32_t *num_entries)
+{
+	struct samr_EnumDomains r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.connect_handle = connect_handle;
+	r.in.resume_handle = resume_handle;
+	r.in.buf_size = buf_size;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_EnumDomains, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_ENUMDOMAINS,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_EnumDomains, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*resume_handle = *r.out.resume_handle;
+	*sam = *r.out.sam;
+	*num_entries = *r.out.num_entries;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_OpenDomain(struct rpc_pipe_client *cli,
+				TALLOC_CTX *mem_ctx,
+				struct policy_handle *connect_handle,
+				uint32_t access_mask,
+				struct dom_sid2 *sid,
+				struct policy_handle *domain_handle)
+{
+	struct samr_OpenDomain r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.connect_handle = connect_handle;
+	r.in.access_mask = access_mask;
+	r.in.sid = sid;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_OpenDomain, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_OPENDOMAIN,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_OpenDomain, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*domain_handle = *r.out.domain_handle;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_QueryDomainInfo(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     struct policy_handle *domain_handle,
+				     uint16_t level,
+				     union samr_DomainInfo **info)
+{
+	struct samr_QueryDomainInfo r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.level = level;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QueryDomainInfo, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_QUERYDOMAININFO,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QueryDomainInfo, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*info = *r.out.info;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_SetDomainInfo(struct rpc_pipe_client *cli,
+				   TALLOC_CTX *mem_ctx,
+				   struct policy_handle *domain_handle,
+				   uint16_t level,
+				   union samr_DomainInfo *info)
+{
+	struct samr_SetDomainInfo r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.level = level;
+	r.in.info = info;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_SetDomainInfo, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_SETDOMAININFO,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_SetDomainInfo, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_CreateDomainGroup(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       struct policy_handle *domain_handle,
+				       struct lsa_String *name,
+				       uint32_t access_mask,
+				       struct policy_handle *group_handle,
+				       uint32_t *rid)
+{
+	struct samr_CreateDomainGroup r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.name = name;
+	r.in.access_mask = access_mask;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_CreateDomainGroup, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_CREATEDOMAINGROUP,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_CreateDomainGroup, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*group_handle = *r.out.group_handle;
+	*rid = *r.out.rid;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_EnumDomainGroups(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      struct policy_handle *domain_handle,
+				      uint32_t *resume_handle,
+				      struct samr_SamArray **sam,
+				      uint32_t max_size,
+				      uint32_t *num_entries)
+{
+	struct samr_EnumDomainGroups r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.resume_handle = resume_handle;
+	r.in.max_size = max_size;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_EnumDomainGroups, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_ENUMDOMAINGROUPS,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_EnumDomainGroups, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*resume_handle = *r.out.resume_handle;
+	*sam = *r.out.sam;
+	*num_entries = *r.out.num_entries;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_CreateUser(struct rpc_pipe_client *cli,
+				TALLOC_CTX *mem_ctx,
+				struct policy_handle *domain_handle,
+				struct lsa_String *account_name,
+				uint32_t access_mask,
+				struct policy_handle *user_handle,
+				uint32_t *rid)
+{
+	struct samr_CreateUser r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.account_name = account_name;
+	r.in.access_mask = access_mask;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_CreateUser, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_CREATEUSER,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_CreateUser, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*user_handle = *r.out.user_handle;
+	*rid = *r.out.rid;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_EnumDomainUsers(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     struct policy_handle *domain_handle,
+				     uint32_t *resume_handle,
+				     uint32_t acct_flags,
+				     struct samr_SamArray **sam,
+				     uint32_t max_size,
+				     uint32_t *num_entries)
+{
+	struct samr_EnumDomainUsers r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.resume_handle = resume_handle;
+	r.in.acct_flags = acct_flags;
+	r.in.max_size = max_size;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_EnumDomainUsers, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_ENUMDOMAINUSERS,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_EnumDomainUsers, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*resume_handle = *r.out.resume_handle;
+	*sam = *r.out.sam;
+	*num_entries = *r.out.num_entries;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_CreateDomAlias(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    struct policy_handle *domain_handle,
+				    struct lsa_String *alias_name,
+				    uint32_t access_mask,
+				    struct policy_handle *alias_handle,
+				    uint32_t *rid)
+{
+	struct samr_CreateDomAlias r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.alias_name = alias_name;
+	r.in.access_mask = access_mask;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_CreateDomAlias, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_CREATEDOMALIAS,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_CreateDomAlias, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*alias_handle = *r.out.alias_handle;
+	*rid = *r.out.rid;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_EnumDomainAliases(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       struct policy_handle *domain_handle,
+				       uint32_t *resume_handle,
+				       struct samr_SamArray **sam,
+				       uint32_t max_size,
+				       uint32_t *num_entries)
+{
+	struct samr_EnumDomainAliases r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.resume_handle = resume_handle;
+	r.in.max_size = max_size;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_EnumDomainAliases, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_ENUMDOMAINALIASES,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_EnumDomainAliases, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*resume_handle = *r.out.resume_handle;
+	*sam = *r.out.sam;
+	*num_entries = *r.out.num_entries;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_GetAliasMembership(struct rpc_pipe_client *cli,
+					TALLOC_CTX *mem_ctx,
+					struct policy_handle *domain_handle,
+					struct lsa_SidArray *sids,
+					struct samr_Ids *rids)
+{
+	struct samr_GetAliasMembership r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.sids = sids;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_GetAliasMembership, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_GETALIASMEMBERSHIP,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_GetAliasMembership, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*rids = *r.out.rids;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_LookupNames(struct rpc_pipe_client *cli,
+				 TALLOC_CTX *mem_ctx,
+				 struct policy_handle *domain_handle,
+				 uint32_t num_names,
+				 struct lsa_String *names,
+				 struct samr_Ids *rids,
+				 struct samr_Ids *types)
+{
+	struct samr_LookupNames r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.num_names = num_names;
+	r.in.names = names;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_LookupNames, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_LOOKUPNAMES,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_LookupNames, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*rids = *r.out.rids;
+	*types = *r.out.types;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_LookupRids(struct rpc_pipe_client *cli,
+				TALLOC_CTX *mem_ctx,
+				struct policy_handle *domain_handle,
+				uint32_t num_rids,
+				uint32_t *rids,
+				struct lsa_Strings *names,
+				struct samr_Ids *types)
+{
+	struct samr_LookupRids r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.num_rids = num_rids;
+	r.in.rids = rids;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_LookupRids, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_LOOKUPRIDS,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_LookupRids, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*names = *r.out.names;
+	*types = *r.out.types;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_OpenGroup(struct rpc_pipe_client *cli,
+			       TALLOC_CTX *mem_ctx,
+			       struct policy_handle *domain_handle,
+			       uint32_t access_mask,
+			       uint32_t rid,
+			       struct policy_handle *group_handle)
+{
+	struct samr_OpenGroup r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.access_mask = access_mask;
+	r.in.rid = rid;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_OpenGroup, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_OPENGROUP,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_OpenGroup, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*group_handle = *r.out.group_handle;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_QueryGroupInfo(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    struct policy_handle *group_handle,
+				    enum samr_GroupInfoEnum level,
+				    union samr_GroupInfo **info)
+{
+	struct samr_QueryGroupInfo r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.group_handle = group_handle;
+	r.in.level = level;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QueryGroupInfo, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_QUERYGROUPINFO,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QueryGroupInfo, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*info = *r.out.info;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_SetGroupInfo(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  struct policy_handle *group_handle,
+				  enum samr_GroupInfoEnum level,
+				  union samr_GroupInfo *info)
+{
+	struct samr_SetGroupInfo r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.group_handle = group_handle;
+	r.in.level = level;
+	r.in.info = info;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_SetGroupInfo, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_SETGROUPINFO,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_SetGroupInfo, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_AddGroupMember(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    struct policy_handle *group_handle,
+				    uint32_t rid,
+				    uint32_t flags)
+{
+	struct samr_AddGroupMember r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.group_handle = group_handle;
+	r.in.rid = rid;
+	r.in.flags = flags;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_AddGroupMember, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_ADDGROUPMEMBER,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_AddGroupMember, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_DeleteDomainGroup(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       struct policy_handle *group_handle)
+{
+	struct samr_DeleteDomainGroup r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.group_handle = group_handle;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_DeleteDomainGroup, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_DELETEDOMAINGROUP,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_DeleteDomainGroup, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*group_handle = *r.out.group_handle;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_DeleteGroupMember(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       struct policy_handle *group_handle,
+				       uint32_t rid)
+{
+	struct samr_DeleteGroupMember r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.group_handle = group_handle;
+	r.in.rid = rid;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_DeleteGroupMember, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_DELETEGROUPMEMBER,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_DeleteGroupMember, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_QueryGroupMember(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      struct policy_handle *group_handle,
+				      struct samr_RidTypeArray **rids)
+{
+	struct samr_QueryGroupMember r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.group_handle = group_handle;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QueryGroupMember, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_QUERYGROUPMEMBER,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QueryGroupMember, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*rids = *r.out.rids;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_SetMemberAttributesOfGroup(struct rpc_pipe_client *cli,
+						TALLOC_CTX *mem_ctx,
+						struct policy_handle *group_handle,
+						uint32_t unknown1,
+						uint32_t unknown2)
+{
+	struct samr_SetMemberAttributesOfGroup r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.group_handle = group_handle;
+	r.in.unknown1 = unknown1;
+	r.in.unknown2 = unknown2;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_SetMemberAttributesOfGroup, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_SETMEMBERATTRIBUTESOFGROUP,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_SetMemberAttributesOfGroup, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_OpenAlias(struct rpc_pipe_client *cli,
+			       TALLOC_CTX *mem_ctx,
+			       struct policy_handle *domain_handle,
+			       uint32_t access_mask,
+			       uint32_t rid,
+			       struct policy_handle *alias_handle)
+{
+	struct samr_OpenAlias r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.access_mask = access_mask;
+	r.in.rid = rid;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_OpenAlias, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_OPENALIAS,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_OpenAlias, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*alias_handle = *r.out.alias_handle;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_QueryAliasInfo(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    struct policy_handle *alias_handle,
+				    enum samr_AliasInfoEnum level,
+				    union samr_AliasInfo **info)
+{
+	struct samr_QueryAliasInfo r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.alias_handle = alias_handle;
+	r.in.level = level;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QueryAliasInfo, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_QUERYALIASINFO,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QueryAliasInfo, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*info = *r.out.info;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_SetAliasInfo(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  struct policy_handle *alias_handle,
+				  enum samr_AliasInfoEnum level,
+				  union samr_AliasInfo *info)
+{
+	struct samr_SetAliasInfo r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.alias_handle = alias_handle;
+	r.in.level = level;
+	r.in.info = info;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_SetAliasInfo, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_SETALIASINFO,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_SetAliasInfo, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_DeleteDomAlias(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    struct policy_handle *alias_handle)
+{
+	struct samr_DeleteDomAlias r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.alias_handle = alias_handle;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_DeleteDomAlias, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_DELETEDOMALIAS,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_DeleteDomAlias, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*alias_handle = *r.out.alias_handle;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_AddAliasMember(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    struct policy_handle *alias_handle,
+				    struct dom_sid2 *sid)
+{
+	struct samr_AddAliasMember r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.alias_handle = alias_handle;
+	r.in.sid = sid;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_AddAliasMember, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_ADDALIASMEMBER,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_AddAliasMember, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_DeleteAliasMember(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       struct policy_handle *alias_handle,
+				       struct dom_sid2 *sid)
+{
+	struct samr_DeleteAliasMember r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.alias_handle = alias_handle;
+	r.in.sid = sid;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_DeleteAliasMember, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_DELETEALIASMEMBER,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_DeleteAliasMember, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_GetMembersInAlias(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       struct policy_handle *alias_handle,
+				       struct lsa_SidArray *sids)
+{
+	struct samr_GetMembersInAlias r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.alias_handle = alias_handle;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_GetMembersInAlias, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_GETMEMBERSINALIAS,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_GetMembersInAlias, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*sids = *r.out.sids;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_OpenUser(struct rpc_pipe_client *cli,
+			      TALLOC_CTX *mem_ctx,
+			      struct policy_handle *domain_handle,
+			      uint32_t access_mask,
+			      uint32_t rid,
+			      struct policy_handle *user_handle)
+{
+	struct samr_OpenUser r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.access_mask = access_mask;
+	r.in.rid = rid;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_OpenUser, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_OPENUSER,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_OpenUser, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*user_handle = *r.out.user_handle;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_DeleteUser(struct rpc_pipe_client *cli,
+				TALLOC_CTX *mem_ctx,
+				struct policy_handle *user_handle)
+{
+	struct samr_DeleteUser r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.user_handle = user_handle;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_DeleteUser, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_DELETEUSER,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_DeleteUser, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*user_handle = *r.out.user_handle;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_QueryUserInfo(struct rpc_pipe_client *cli,
+				   TALLOC_CTX *mem_ctx,
+				   struct policy_handle *user_handle,
+				   uint16_t level,
+				   union samr_UserInfo **info)
+{
+	struct samr_QueryUserInfo r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.user_handle = user_handle;
+	r.in.level = level;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QueryUserInfo, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_QUERYUSERINFO,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QueryUserInfo, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*info = *r.out.info;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_SetUserInfo(struct rpc_pipe_client *cli,
+				 TALLOC_CTX *mem_ctx,
+				 struct policy_handle *user_handle,
+				 uint16_t level,
+				 union samr_UserInfo *info)
+{
+	struct samr_SetUserInfo r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.user_handle = user_handle;
+	r.in.level = level;
+	r.in.info = info;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_SetUserInfo, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_SETUSERINFO,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_SetUserInfo, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_ChangePasswordUser(struct rpc_pipe_client *cli,
+					TALLOC_CTX *mem_ctx,
+					struct policy_handle *user_handle,
+					uint8_t lm_present,
+					struct samr_Password *old_lm_crypted,
+					struct samr_Password *new_lm_crypted,
+					uint8_t nt_present,
+					struct samr_Password *old_nt_crypted,
+					struct samr_Password *new_nt_crypted,
+					uint8_t cross1_present,
+					struct samr_Password *nt_cross,
+					uint8_t cross2_present,
+					struct samr_Password *lm_cross)
+{
+	struct samr_ChangePasswordUser r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.user_handle = user_handle;
+	r.in.lm_present = lm_present;
+	r.in.old_lm_crypted = old_lm_crypted;
+	r.in.new_lm_crypted = new_lm_crypted;
+	r.in.nt_present = nt_present;
+	r.in.old_nt_crypted = old_nt_crypted;
+	r.in.new_nt_crypted = new_nt_crypted;
+	r.in.cross1_present = cross1_present;
+	r.in.nt_cross = nt_cross;
+	r.in.cross2_present = cross2_present;
+	r.in.lm_cross = lm_cross;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_ChangePasswordUser, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_CHANGEPASSWORDUSER,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_ChangePasswordUser, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_GetGroupsForUser(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      struct policy_handle *user_handle,
+				      struct samr_RidWithAttributeArray **rids)
+{
+	struct samr_GetGroupsForUser r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.user_handle = user_handle;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_GetGroupsForUser, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_GETGROUPSFORUSER,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_GetGroupsForUser, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*rids = *r.out.rids;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_QueryDisplayInfo(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      struct policy_handle *domain_handle,
+				      uint16_t level,
+				      uint32_t start_idx,
+				      uint32_t max_entries,
+				      uint32_t buf_size,
+				      uint32_t *total_size,
+				      uint32_t *returned_size,
+				      union samr_DispInfo *info)
+{
+	struct samr_QueryDisplayInfo r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.level = level;
+	r.in.start_idx = start_idx;
+	r.in.max_entries = max_entries;
+	r.in.buf_size = buf_size;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QueryDisplayInfo, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_QUERYDISPLAYINFO,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QueryDisplayInfo, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*total_size = *r.out.total_size;
+	*returned_size = *r.out.returned_size;
+	*info = *r.out.info;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_GetDisplayEnumerationIndex(struct rpc_pipe_client *cli,
+						TALLOC_CTX *mem_ctx,
+						struct policy_handle *domain_handle,
+						uint16_t level,
+						struct lsa_String name,
+						uint32_t *idx)
+{
+	struct samr_GetDisplayEnumerationIndex r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.level = level;
+	r.in.name = name;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_GetDisplayEnumerationIndex, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_GETDISPLAYENUMERATIONINDEX,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_GetDisplayEnumerationIndex, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*idx = *r.out.idx;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_TestPrivateFunctionsDomain(struct rpc_pipe_client *cli,
+						TALLOC_CTX *mem_ctx,
+						struct policy_handle *domain_handle)
+{
+	struct samr_TestPrivateFunctionsDomain r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_TestPrivateFunctionsDomain, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_TESTPRIVATEFUNCTIONSDOMAIN,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_TestPrivateFunctionsDomain, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_TestPrivateFunctionsUser(struct rpc_pipe_client *cli,
+					      TALLOC_CTX *mem_ctx,
+					      struct policy_handle *user_handle)
+{
+	struct samr_TestPrivateFunctionsUser r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.user_handle = user_handle;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_TestPrivateFunctionsUser, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_TESTPRIVATEFUNCTIONSUSER,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_TestPrivateFunctionsUser, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_GetUserPwInfo(struct rpc_pipe_client *cli,
+				   TALLOC_CTX *mem_ctx,
+				   struct policy_handle *user_handle,
+				   struct samr_PwInfo *info)
+{
+	struct samr_GetUserPwInfo r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.user_handle = user_handle;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_GetUserPwInfo, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_GETUSERPWINFO,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_GetUserPwInfo, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*info = *r.out.info;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_RemoveMemberFromForeignDomain(struct rpc_pipe_client *cli,
+						   TALLOC_CTX *mem_ctx,
+						   struct policy_handle *domain_handle,
+						   struct dom_sid2 *sid)
+{
+	struct samr_RemoveMemberFromForeignDomain r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.sid = sid;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_RemoveMemberFromForeignDomain, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_REMOVEMEMBERFROMFOREIGNDOMAIN,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_RemoveMemberFromForeignDomain, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_QueryDomainInfo2(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      struct policy_handle *domain_handle,
+				      uint16_t level,
+				      union samr_DomainInfo **info)
+{
+	struct samr_QueryDomainInfo2 r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.level = level;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QueryDomainInfo2, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_QUERYDOMAININFO2,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QueryDomainInfo2, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*info = *r.out.info;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_QueryUserInfo2(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    struct policy_handle *user_handle,
+				    uint16_t level,
+				    union samr_UserInfo *info)
+{
+	struct samr_QueryUserInfo2 r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.user_handle = user_handle;
+	r.in.level = level;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QueryUserInfo2, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_QUERYUSERINFO2,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QueryUserInfo2, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*info = *r.out.info;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_QueryDisplayInfo2(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       struct policy_handle *domain_handle,
+				       uint16_t level,
+				       uint32_t start_idx,
+				       uint32_t max_entries,
+				       uint32_t buf_size,
+				       uint32_t *total_size,
+				       uint32_t *returned_size,
+				       union samr_DispInfo *info)
+{
+	struct samr_QueryDisplayInfo2 r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.level = level;
+	r.in.start_idx = start_idx;
+	r.in.max_entries = max_entries;
+	r.in.buf_size = buf_size;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QueryDisplayInfo2, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_QUERYDISPLAYINFO2,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QueryDisplayInfo2, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*total_size = *r.out.total_size;
+	*returned_size = *r.out.returned_size;
+	*info = *r.out.info;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_GetDisplayEnumerationIndex2(struct rpc_pipe_client *cli,
+						 TALLOC_CTX *mem_ctx,
+						 struct policy_handle *domain_handle,
+						 uint16_t level,
+						 struct lsa_String name,
+						 uint32_t *idx)
+{
+	struct samr_GetDisplayEnumerationIndex2 r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.level = level;
+	r.in.name = name;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_GetDisplayEnumerationIndex2, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_GETDISPLAYENUMERATIONINDEX2,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_GetDisplayEnumerationIndex2, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*idx = *r.out.idx;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_CreateUser2(struct rpc_pipe_client *cli,
+				 TALLOC_CTX *mem_ctx,
+				 struct policy_handle *domain_handle,
+				 struct lsa_String *account_name,
+				 uint32_t acct_flags,
+				 uint32_t access_mask,
+				 struct policy_handle *user_handle,
+				 uint32_t *access_granted,
+				 uint32_t *rid)
+{
+	struct samr_CreateUser2 r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.account_name = account_name;
+	r.in.acct_flags = acct_flags;
+	r.in.access_mask = access_mask;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_CreateUser2, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_CREATEUSER2,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_CreateUser2, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*user_handle = *r.out.user_handle;
+	*access_granted = *r.out.access_granted;
+	*rid = *r.out.rid;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_QueryDisplayInfo3(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       struct policy_handle *domain_handle,
+				       uint16_t level,
+				       uint32_t start_idx,
+				       uint32_t max_entries,
+				       uint32_t buf_size,
+				       uint32_t *total_size,
+				       uint32_t *returned_size,
+				       union samr_DispInfo *info)
+{
+	struct samr_QueryDisplayInfo3 r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.level = level;
+	r.in.start_idx = start_idx;
+	r.in.max_entries = max_entries;
+	r.in.buf_size = buf_size;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QueryDisplayInfo3, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_QUERYDISPLAYINFO3,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QueryDisplayInfo3, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*total_size = *r.out.total_size;
+	*returned_size = *r.out.returned_size;
+	*info = *r.out.info;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_AddMultipleMembersToAlias(struct rpc_pipe_client *cli,
+					       TALLOC_CTX *mem_ctx,
+					       struct policy_handle *alias_handle,
+					       struct lsa_SidArray *sids)
+{
+	struct samr_AddMultipleMembersToAlias r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.alias_handle = alias_handle;
+	r.in.sids = sids;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_AddMultipleMembersToAlias, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_ADDMULTIPLEMEMBERSTOALIAS,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_AddMultipleMembersToAlias, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_RemoveMultipleMembersFromAlias(struct rpc_pipe_client *cli,
+						    TALLOC_CTX *mem_ctx,
+						    struct policy_handle *alias_handle,
+						    struct lsa_SidArray *sids)
+{
+	struct samr_RemoveMultipleMembersFromAlias r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.alias_handle = alias_handle;
+	r.in.sids = sids;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_RemoveMultipleMembersFromAlias, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_REMOVEMULTIPLEMEMBERSFROMALIAS,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_RemoveMultipleMembersFromAlias, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_OemChangePasswordUser2(struct rpc_pipe_client *cli,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_AsciiString *server,
+					    struct lsa_AsciiString *account,
+					    struct samr_CryptPassword *password,
+					    struct samr_Password *hash)
+{
+	struct samr_OemChangePasswordUser2 r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.server = server;
+	r.in.account = account;
+	r.in.password = password;
+	r.in.hash = hash;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_OemChangePasswordUser2, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_OEMCHANGEPASSWORDUSER2,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_OemChangePasswordUser2, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_ChangePasswordUser2(struct rpc_pipe_client *cli,
+					 TALLOC_CTX *mem_ctx,
+					 struct lsa_String *server,
+					 struct lsa_String *account,
+					 struct samr_CryptPassword *nt_password,
+					 struct samr_Password *nt_verifier,
+					 uint8_t lm_change,
+					 struct samr_CryptPassword *lm_password,
+					 struct samr_Password *lm_verifier)
+{
+	struct samr_ChangePasswordUser2 r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.server = server;
+	r.in.account = account;
+	r.in.nt_password = nt_password;
+	r.in.nt_verifier = nt_verifier;
+	r.in.lm_change = lm_change;
+	r.in.lm_password = lm_password;
+	r.in.lm_verifier = lm_verifier;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_ChangePasswordUser2, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_CHANGEPASSWORDUSER2,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_ChangePasswordUser2, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_GetDomPwInfo(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  struct lsa_String *domain_name,
+				  struct samr_PwInfo *info)
+{
+	struct samr_GetDomPwInfo r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_name = domain_name;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_GetDomPwInfo, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_GETDOMPWINFO,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_GetDomPwInfo, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*info = *r.out.info;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_Connect2(struct rpc_pipe_client *cli,
+			      TALLOC_CTX *mem_ctx,
+			      const char *system_name,
+			      uint32_t access_mask,
+			      struct policy_handle *connect_handle)
+{
+	struct samr_Connect2 r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.system_name = system_name;
+	r.in.access_mask = access_mask;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_Connect2, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_CONNECT2,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_Connect2, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*connect_handle = *r.out.connect_handle;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_SetUserInfo2(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  struct policy_handle *user_handle,
+				  uint16_t level,
+				  union samr_UserInfo *info)
+{
+	struct samr_SetUserInfo2 r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.user_handle = user_handle;
+	r.in.level = level;
+	r.in.info = info;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_SetUserInfo2, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_SETUSERINFO2,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_SetUserInfo2, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_SetBootKeyInformation(struct rpc_pipe_client *cli,
+					   TALLOC_CTX *mem_ctx,
+					   struct policy_handle *connect_handle,
+					   uint32_t unknown1,
+					   uint32_t unknown2,
+					   uint32_t unknown3)
+{
+	struct samr_SetBootKeyInformation r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.connect_handle = connect_handle;
+	r.in.unknown1 = unknown1;
+	r.in.unknown2 = unknown2;
+	r.in.unknown3 = unknown3;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_SetBootKeyInformation, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_SETBOOTKEYINFORMATION,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_SetBootKeyInformation, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_GetBootKeyInformation(struct rpc_pipe_client *cli,
+					   TALLOC_CTX *mem_ctx,
+					   struct policy_handle *domain_handle,
+					   uint32_t *unknown)
+{
+	struct samr_GetBootKeyInformation r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_GetBootKeyInformation, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_GETBOOTKEYINFORMATION,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_GetBootKeyInformation, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*unknown = *r.out.unknown;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_Connect3(struct rpc_pipe_client *cli,
+			      TALLOC_CTX *mem_ctx,
+			      const char *system_name,
+			      uint32_t unknown,
+			      uint32_t access_mask,
+			      struct policy_handle *connect_handle)
+{
+	struct samr_Connect3 r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.system_name = system_name;
+	r.in.unknown = unknown;
+	r.in.access_mask = access_mask;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_Connect3, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_CONNECT3,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_Connect3, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*connect_handle = *r.out.connect_handle;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_Connect4(struct rpc_pipe_client *cli,
+			      TALLOC_CTX *mem_ctx,
+			      const char *system_name,
+			      enum samr_ConnectVersion client_version,
+			      uint32_t access_mask,
+			      struct policy_handle *connect_handle)
+{
+	struct samr_Connect4 r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.system_name = system_name;
+	r.in.client_version = client_version;
+	r.in.access_mask = access_mask;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_Connect4, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_CONNECT4,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_Connect4, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*connect_handle = *r.out.connect_handle;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_ChangePasswordUser3(struct rpc_pipe_client *cli,
+					 TALLOC_CTX *mem_ctx,
+					 struct lsa_String *server,
+					 struct lsa_String *account,
+					 struct samr_CryptPassword *nt_password,
+					 struct samr_Password *nt_verifier,
+					 uint8_t lm_change,
+					 struct samr_CryptPassword *lm_password,
+					 struct samr_Password *lm_verifier,
+					 struct samr_CryptPassword *password3,
+					 struct samr_DomInfo1 **dominfo,
+					 struct samr_ChangeReject **reject)
+{
+	struct samr_ChangePasswordUser3 r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.server = server;
+	r.in.account = account;
+	r.in.nt_password = nt_password;
+	r.in.nt_verifier = nt_verifier;
+	r.in.lm_change = lm_change;
+	r.in.lm_password = lm_password;
+	r.in.lm_verifier = lm_verifier;
+	r.in.password3 = password3;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_ChangePasswordUser3, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_CHANGEPASSWORDUSER3,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_ChangePasswordUser3, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*dominfo = *r.out.dominfo;
+	*reject = *r.out.reject;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_Connect5(struct rpc_pipe_client *cli,
+			      TALLOC_CTX *mem_ctx,
+			      const char *system_name,
+			      uint32_t access_mask,
+			      uint32_t level_in,
+			      union samr_ConnectInfo *info_in,
+			      uint32_t *level_out,
+			      union samr_ConnectInfo *info_out,
+			      struct policy_handle *connect_handle)
+{
+	struct samr_Connect5 r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.system_name = system_name;
+	r.in.access_mask = access_mask;
+	r.in.level_in = level_in;
+	r.in.info_in = info_in;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_Connect5, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_CONNECT5,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_Connect5, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*level_out = *r.out.level_out;
+	*info_out = *r.out.info_out;
+	*connect_handle = *r.out.connect_handle;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_RidToSid(struct rpc_pipe_client *cli,
+			      TALLOC_CTX *mem_ctx,
+			      struct policy_handle *domain_handle,
+			      uint32_t rid,
+			      struct dom_sid2 *sid)
+{
+	struct samr_RidToSid r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.domain_handle = domain_handle;
+	r.in.rid = rid;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_RidToSid, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_RIDTOSID,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_RidToSid, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*sid = *r.out.sid;
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_SetDsrmPassword(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     struct lsa_String *name,
+				     uint32_t unknown,
+				     struct samr_Password *hash)
+{
+	struct samr_SetDsrmPassword r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.name = name;
+	r.in.unknown = unknown;
+	r.in.hash = hash;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_SetDsrmPassword, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_SETDSRMPASSWORD,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_SetDsrmPassword, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+
+	/* Return result */
+	return r.out.result;
+}
+
+NTSTATUS rpccli_samr_ValidatePassword(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      enum samr_ValidatePasswordLevel level,
+				      union samr_ValidatePasswordReq req,
+				      union samr_ValidatePasswordRep *rep)
+{
+	struct samr_ValidatePassword r;
+	NTSTATUS status;
+
+	/* In parameters */
+	r.in.level = level;
+	r.in.req = req;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_ValidatePassword, &r);
+	}
+
+	status = cli_do_rpc_ndr(cli,
+				mem_ctx,
+				PI_SAMR,
+				&ndr_table_samr,
+				NDR_SAMR_VALIDATEPASSWORD,
+				&r);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_ValidatePassword, &r);
+	}
+
+	if (NT_STATUS_IS_ERR(status)) {
+		return status;
+	}
+
+	/* Return variables */
+	*rep = *r.out.rep;
+
+	/* Return result */
+	return r.out.result;
+}
+
diff --git a/source3/librpc/gen_ndr/cli_samr.h b/source3/librpc/gen_ndr/cli_samr.h
new file mode 100644
index 0000000000..92fcf73536
--- /dev/null
+++ b/source3/librpc/gen_ndr/cli_samr.h
@@ -0,0 +1,389 @@
+#include "librpc/gen_ndr/ndr_samr.h"
+#ifndef __CLI_SAMR__
+#define __CLI_SAMR__
+NTSTATUS rpccli_samr_Connect(struct rpc_pipe_client *cli,
+			     TALLOC_CTX *mem_ctx,
+			     uint16_t *system_name,
+			     uint32_t access_mask,
+			     struct policy_handle *connect_handle);
+NTSTATUS rpccli_samr_Close(struct rpc_pipe_client *cli,
+			   TALLOC_CTX *mem_ctx,
+			   struct policy_handle *handle);
+NTSTATUS rpccli_samr_SetSecurity(struct rpc_pipe_client *cli,
+				 TALLOC_CTX *mem_ctx,
+				 struct policy_handle *handle,
+				 uint32_t sec_info,
+				 struct sec_desc_buf *sdbuf);
+NTSTATUS rpccli_samr_QuerySecurity(struct rpc_pipe_client *cli,
+				   TALLOC_CTX *mem_ctx,
+				   struct policy_handle *handle,
+				   uint32_t sec_info,
+				   struct sec_desc_buf **sdbuf);
+NTSTATUS rpccli_samr_Shutdown(struct rpc_pipe_client *cli,
+			      TALLOC_CTX *mem_ctx,
+			      struct policy_handle *connect_handle);
+NTSTATUS rpccli_samr_LookupDomain(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  struct policy_handle *connect_handle,
+				  struct lsa_String *domain_name,
+				  struct dom_sid2 **sid);
+NTSTATUS rpccli_samr_EnumDomains(struct rpc_pipe_client *cli,
+				 TALLOC_CTX *mem_ctx,
+				 struct policy_handle *connect_handle,
+				 uint32_t *resume_handle,
+				 struct samr_SamArray **sam,
+				 uint32_t buf_size,
+				 uint32_t *num_entries);
+NTSTATUS rpccli_samr_OpenDomain(struct rpc_pipe_client *cli,
+				TALLOC_CTX *mem_ctx,
+				struct policy_handle *connect_handle,
+				uint32_t access_mask,
+				struct dom_sid2 *sid,
+				struct policy_handle *domain_handle);
+NTSTATUS rpccli_samr_QueryDomainInfo(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     struct policy_handle *domain_handle,
+				     uint16_t level,
+				     union samr_DomainInfo **info);
+NTSTATUS rpccli_samr_SetDomainInfo(struct rpc_pipe_client *cli,
+				   TALLOC_CTX *mem_ctx,
+				   struct policy_handle *domain_handle,
+				   uint16_t level,
+				   union samr_DomainInfo *info);
+NTSTATUS rpccli_samr_CreateDomainGroup(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       struct policy_handle *domain_handle,
+				       struct lsa_String *name,
+				       uint32_t access_mask,
+				       struct policy_handle *group_handle,
+				       uint32_t *rid);
+NTSTATUS rpccli_samr_EnumDomainGroups(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      struct policy_handle *domain_handle,
+				      uint32_t *resume_handle,
+				      struct samr_SamArray **sam,
+				      uint32_t max_size,
+				      uint32_t *num_entries);
+NTSTATUS rpccli_samr_CreateUser(struct rpc_pipe_client *cli,
+				TALLOC_CTX *mem_ctx,
+				struct policy_handle *domain_handle,
+				struct lsa_String *account_name,
+				uint32_t access_mask,
+				struct policy_handle *user_handle,
+				uint32_t *rid);
+NTSTATUS rpccli_samr_EnumDomainUsers(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     struct policy_handle *domain_handle,
+				     uint32_t *resume_handle,
+				     uint32_t acct_flags,
+				     struct samr_SamArray **sam,
+				     uint32_t max_size,
+				     uint32_t *num_entries);
+NTSTATUS rpccli_samr_CreateDomAlias(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    struct policy_handle *domain_handle,
+				    struct lsa_String *alias_name,
+				    uint32_t access_mask,
+				    struct policy_handle *alias_handle,
+				    uint32_t *rid);
+NTSTATUS rpccli_samr_EnumDomainAliases(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       struct policy_handle *domain_handle,
+				       uint32_t *resume_handle,
+				       struct samr_SamArray **sam,
+				       uint32_t max_size,
+				       uint32_t *num_entries);
+NTSTATUS rpccli_samr_GetAliasMembership(struct rpc_pipe_client *cli,
+					TALLOC_CTX *mem_ctx,
+					struct policy_handle *domain_handle,
+					struct lsa_SidArray *sids,
+					struct samr_Ids *rids);
+NTSTATUS rpccli_samr_LookupNames(struct rpc_pipe_client *cli,
+				 TALLOC_CTX *mem_ctx,
+				 struct policy_handle *domain_handle,
+				 uint32_t num_names,
+				 struct lsa_String *names,
+				 struct samr_Ids *rids,
+				 struct samr_Ids *types);
+NTSTATUS rpccli_samr_LookupRids(struct rpc_pipe_client *cli,
+				TALLOC_CTX *mem_ctx,
+				struct policy_handle *domain_handle,
+				uint32_t num_rids,
+				uint32_t *rids,
+				struct lsa_Strings *names,
+				struct samr_Ids *types);
+NTSTATUS rpccli_samr_OpenGroup(struct rpc_pipe_client *cli,
+			       TALLOC_CTX *mem_ctx,
+			       struct policy_handle *domain_handle,
+			       uint32_t access_mask,
+			       uint32_t rid,
+			       struct policy_handle *group_handle);
+NTSTATUS rpccli_samr_QueryGroupInfo(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    struct policy_handle *group_handle,
+				    enum samr_GroupInfoEnum level,
+				    union samr_GroupInfo **info);
+NTSTATUS rpccli_samr_SetGroupInfo(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  struct policy_handle *group_handle,
+				  enum samr_GroupInfoEnum level,
+				  union samr_GroupInfo *info);
+NTSTATUS rpccli_samr_AddGroupMember(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    struct policy_handle *group_handle,
+				    uint32_t rid,
+				    uint32_t flags);
+NTSTATUS rpccli_samr_DeleteDomainGroup(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       struct policy_handle *group_handle);
+NTSTATUS rpccli_samr_DeleteGroupMember(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       struct policy_handle *group_handle,
+				       uint32_t rid);
+NTSTATUS rpccli_samr_QueryGroupMember(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      struct policy_handle *group_handle,
+				      struct samr_RidTypeArray **rids);
+NTSTATUS rpccli_samr_SetMemberAttributesOfGroup(struct rpc_pipe_client *cli,
+						TALLOC_CTX *mem_ctx,
+						struct policy_handle *group_handle,
+						uint32_t unknown1,
+						uint32_t unknown2);
+NTSTATUS rpccli_samr_OpenAlias(struct rpc_pipe_client *cli,
+			       TALLOC_CTX *mem_ctx,
+			       struct policy_handle *domain_handle,
+			       uint32_t access_mask,
+			       uint32_t rid,
+			       struct policy_handle *alias_handle);
+NTSTATUS rpccli_samr_QueryAliasInfo(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    struct policy_handle *alias_handle,
+				    enum samr_AliasInfoEnum level,
+				    union samr_AliasInfo **info);
+NTSTATUS rpccli_samr_SetAliasInfo(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  struct policy_handle *alias_handle,
+				  enum samr_AliasInfoEnum level,
+				  union samr_AliasInfo *info);
+NTSTATUS rpccli_samr_DeleteDomAlias(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    struct policy_handle *alias_handle);
+NTSTATUS rpccli_samr_AddAliasMember(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    struct policy_handle *alias_handle,
+				    struct dom_sid2 *sid);
+NTSTATUS rpccli_samr_DeleteAliasMember(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       struct policy_handle *alias_handle,
+				       struct dom_sid2 *sid);
+NTSTATUS rpccli_samr_GetMembersInAlias(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       struct policy_handle *alias_handle,
+				       struct lsa_SidArray *sids);
+NTSTATUS rpccli_samr_OpenUser(struct rpc_pipe_client *cli,
+			      TALLOC_CTX *mem_ctx,
+			      struct policy_handle *domain_handle,
+			      uint32_t access_mask,
+			      uint32_t rid,
+			      struct policy_handle *user_handle);
+NTSTATUS rpccli_samr_DeleteUser(struct rpc_pipe_client *cli,
+				TALLOC_CTX *mem_ctx,
+				struct policy_handle *user_handle);
+NTSTATUS rpccli_samr_QueryUserInfo(struct rpc_pipe_client *cli,
+				   TALLOC_CTX *mem_ctx,
+				   struct policy_handle *user_handle,
+				   uint16_t level,
+				   union samr_UserInfo **info);
+NTSTATUS rpccli_samr_SetUserInfo(struct rpc_pipe_client *cli,
+				 TALLOC_CTX *mem_ctx,
+				 struct policy_handle *user_handle,
+				 uint16_t level,
+				 union samr_UserInfo *info);
+NTSTATUS rpccli_samr_ChangePasswordUser(struct rpc_pipe_client *cli,
+					TALLOC_CTX *mem_ctx,
+					struct policy_handle *user_handle,
+					uint8_t lm_present,
+					struct samr_Password *old_lm_crypted,
+					struct samr_Password *new_lm_crypted,
+					uint8_t nt_present,
+					struct samr_Password *old_nt_crypted,
+					struct samr_Password *new_nt_crypted,
+					uint8_t cross1_present,
+					struct samr_Password *nt_cross,
+					uint8_t cross2_present,
+					struct samr_Password *lm_cross);
+NTSTATUS rpccli_samr_GetGroupsForUser(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      struct policy_handle *user_handle,
+				      struct samr_RidWithAttributeArray **rids);
+NTSTATUS rpccli_samr_QueryDisplayInfo(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      struct policy_handle *domain_handle,
+				      uint16_t level,
+				      uint32_t start_idx,
+				      uint32_t max_entries,
+				      uint32_t buf_size,
+				      uint32_t *total_size,
+				      uint32_t *returned_size,
+				      union samr_DispInfo *info);
+NTSTATUS rpccli_samr_GetDisplayEnumerationIndex(struct rpc_pipe_client *cli,
+						TALLOC_CTX *mem_ctx,
+						struct policy_handle *domain_handle,
+						uint16_t level,
+						struct lsa_String name,
+						uint32_t *idx);
+NTSTATUS rpccli_samr_TestPrivateFunctionsDomain(struct rpc_pipe_client *cli,
+						TALLOC_CTX *mem_ctx,
+						struct policy_handle *domain_handle);
+NTSTATUS rpccli_samr_TestPrivateFunctionsUser(struct rpc_pipe_client *cli,
+					      TALLOC_CTX *mem_ctx,
+					      struct policy_handle *user_handle);
+NTSTATUS rpccli_samr_GetUserPwInfo(struct rpc_pipe_client *cli,
+				   TALLOC_CTX *mem_ctx,
+				   struct policy_handle *user_handle,
+				   struct samr_PwInfo *info);
+NTSTATUS rpccli_samr_RemoveMemberFromForeignDomain(struct rpc_pipe_client *cli,
+						   TALLOC_CTX *mem_ctx,
+						   struct policy_handle *domain_handle,
+						   struct dom_sid2 *sid);
+NTSTATUS rpccli_samr_QueryDomainInfo2(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      struct policy_handle *domain_handle,
+				      uint16_t level,
+				      union samr_DomainInfo **info);
+NTSTATUS rpccli_samr_QueryUserInfo2(struct rpc_pipe_client *cli,
+				    TALLOC_CTX *mem_ctx,
+				    struct policy_handle *user_handle,
+				    uint16_t level,
+				    union samr_UserInfo *info);
+NTSTATUS rpccli_samr_QueryDisplayInfo2(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       struct policy_handle *domain_handle,
+				       uint16_t level,
+				       uint32_t start_idx,
+				       uint32_t max_entries,
+				       uint32_t buf_size,
+				       uint32_t *total_size,
+				       uint32_t *returned_size,
+				       union samr_DispInfo *info);
+NTSTATUS rpccli_samr_GetDisplayEnumerationIndex2(struct rpc_pipe_client *cli,
+						 TALLOC_CTX *mem_ctx,
+						 struct policy_handle *domain_handle,
+						 uint16_t level,
+						 struct lsa_String name,
+						 uint32_t *idx);
+NTSTATUS rpccli_samr_CreateUser2(struct rpc_pipe_client *cli,
+				 TALLOC_CTX *mem_ctx,
+				 struct policy_handle *domain_handle,
+				 struct lsa_String *account_name,
+				 uint32_t acct_flags,
+				 uint32_t access_mask,
+				 struct policy_handle *user_handle,
+				 uint32_t *access_granted,
+				 uint32_t *rid);
+NTSTATUS rpccli_samr_QueryDisplayInfo3(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       struct policy_handle *domain_handle,
+				       uint16_t level,
+				       uint32_t start_idx,
+				       uint32_t max_entries,
+				       uint32_t buf_size,
+				       uint32_t *total_size,
+				       uint32_t *returned_size,
+				       union samr_DispInfo *info);
+NTSTATUS rpccli_samr_AddMultipleMembersToAlias(struct rpc_pipe_client *cli,
+					       TALLOC_CTX *mem_ctx,
+					       struct policy_handle *alias_handle,
+					       struct lsa_SidArray *sids);
+NTSTATUS rpccli_samr_RemoveMultipleMembersFromAlias(struct rpc_pipe_client *cli,
+						    TALLOC_CTX *mem_ctx,
+						    struct policy_handle *alias_handle,
+						    struct lsa_SidArray *sids);
+NTSTATUS rpccli_samr_OemChangePasswordUser2(struct rpc_pipe_client *cli,
+					    TALLOC_CTX *mem_ctx,
+					    struct lsa_AsciiString *server,
+					    struct lsa_AsciiString *account,
+					    struct samr_CryptPassword *password,
+					    struct samr_Password *hash);
+NTSTATUS rpccli_samr_ChangePasswordUser2(struct rpc_pipe_client *cli,
+					 TALLOC_CTX *mem_ctx,
+					 struct lsa_String *server,
+					 struct lsa_String *account,
+					 struct samr_CryptPassword *nt_password,
+					 struct samr_Password *nt_verifier,
+					 uint8_t lm_change,
+					 struct samr_CryptPassword *lm_password,
+					 struct samr_Password *lm_verifier);
+NTSTATUS rpccli_samr_GetDomPwInfo(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  struct lsa_String *domain_name,
+				  struct samr_PwInfo *info);
+NTSTATUS rpccli_samr_Connect2(struct rpc_pipe_client *cli,
+			      TALLOC_CTX *mem_ctx,
+			      const char *system_name,
+			      uint32_t access_mask,
+			      struct policy_handle *connect_handle);
+NTSTATUS rpccli_samr_SetUserInfo2(struct rpc_pipe_client *cli,
+				  TALLOC_CTX *mem_ctx,
+				  struct policy_handle *user_handle,
+				  uint16_t level,
+				  union samr_UserInfo *info);
+NTSTATUS rpccli_samr_SetBootKeyInformation(struct rpc_pipe_client *cli,
+					   TALLOC_CTX *mem_ctx,
+					   struct policy_handle *connect_handle,
+					   uint32_t unknown1,
+					   uint32_t unknown2,
+					   uint32_t unknown3);
+NTSTATUS rpccli_samr_GetBootKeyInformation(struct rpc_pipe_client *cli,
+					   TALLOC_CTX *mem_ctx,
+					   struct policy_handle *domain_handle,
+					   uint32_t *unknown);
+NTSTATUS rpccli_samr_Connect3(struct rpc_pipe_client *cli,
+			      TALLOC_CTX *mem_ctx,
+			      const char *system_name,
+			      uint32_t unknown,
+			      uint32_t access_mask,
+			      struct policy_handle *connect_handle);
+NTSTATUS rpccli_samr_Connect4(struct rpc_pipe_client *cli,
+			      TALLOC_CTX *mem_ctx,
+			      const char *system_name,
+			      enum samr_ConnectVersion client_version,
+			      uint32_t access_mask,
+			      struct policy_handle *connect_handle);
+NTSTATUS rpccli_samr_ChangePasswordUser3(struct rpc_pipe_client *cli,
+					 TALLOC_CTX *mem_ctx,
+					 struct lsa_String *server,
+					 struct lsa_String *account,
+					 struct samr_CryptPassword *nt_password,
+					 struct samr_Password *nt_verifier,
+					 uint8_t lm_change,
+					 struct samr_CryptPassword *lm_password,
+					 struct samr_Password *lm_verifier,
+					 struct samr_CryptPassword *password3,
+					 struct samr_DomInfo1 **dominfo,
+					 struct samr_ChangeReject **reject);
+NTSTATUS rpccli_samr_Connect5(struct rpc_pipe_client *cli,
+			      TALLOC_CTX *mem_ctx,
+			      const char *system_name,
+			      uint32_t access_mask,
+			      uint32_t level_in,
+			      union samr_ConnectInfo *info_in,
+			      uint32_t *level_out,
+			      union samr_ConnectInfo *info_out,
+			      struct policy_handle *connect_handle);
+NTSTATUS rpccli_samr_RidToSid(struct rpc_pipe_client *cli,
+			      TALLOC_CTX *mem_ctx,
+			      struct policy_handle *domain_handle,
+			      uint32_t rid,
+			      struct dom_sid2 *sid);
+NTSTATUS rpccli_samr_SetDsrmPassword(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     struct lsa_String *name,
+				     uint32_t unknown,
+				     struct samr_Password *hash);
+NTSTATUS rpccli_samr_ValidatePassword(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      enum samr_ValidatePasswordLevel level,
+				      union samr_ValidatePasswordReq req,
+				      union samr_ValidatePasswordRep *rep);
+#endif /* __CLI_SAMR__ */
diff --git a/source3/librpc/gen_ndr/cli_svcctl.c b/source3/librpc/gen_ndr/cli_svcctl.c
index 2a5d6badc6..b8f18afe1c 100644
--- a/source3/librpc/gen_ndr/cli_svcctl.c
+++ b/source3/librpc/gen_ndr/cli_svcctl.c
@@ -191,12 +191,20 @@ NTSTATUS rpccli_svcctl_LockServiceDatabase(struct rpc_pipe_client *cli,
 
 NTSTATUS rpccli_svcctl_QueryServiceObjectSecurity(struct rpc_pipe_client *cli,
 						  TALLOC_CTX *mem_ctx,
+						  struct policy_handle *handle,
+						  uint32_t security_flags,
+						  uint8_t *buffer,
+						  uint32_t buffer_size,
+						  uint32_t *needed,
 						  WERROR *werror)
 {
 	struct svcctl_QueryServiceObjectSecurity r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.handle = handle;
+	r.in.security_flags = security_flags;
+	r.in.buffer_size = buffer_size;
 
 	if (DEBUGLEVEL >= 10) {
 		NDR_PRINT_IN_DEBUG(svcctl_QueryServiceObjectSecurity, &r);
@@ -222,6 +230,8 @@ NTSTATUS rpccli_svcctl_QueryServiceObjectSecurity(struct rpc_pipe_client *cli,
 	}
 
 	/* Return variables */
+	memcpy(buffer, r.out.buffer, r.in.buffer_size);
+	*needed = *r.out.needed;
 
 	/* Return result */
 	if (werror) {
@@ -233,12 +243,20 @@ NTSTATUS rpccli_svcctl_QueryServiceObjectSecurity(struct rpc_pipe_client *cli,
 
 NTSTATUS rpccli_svcctl_SetServiceObjectSecurity(struct rpc_pipe_client *cli,
 						TALLOC_CTX *mem_ctx,
+						struct policy_handle *handle,
+						uint32_t security_flags,
+						uint8_t *buffer,
+						uint32_t buffer_size,
 						WERROR *werror)
 {
 	struct svcctl_SetServiceObjectSecurity r;
 	NTSTATUS status;
 
 	/* In parameters */
+	r.in.handle = handle;
+	r.in.security_flags = security_flags;
+	r.in.buffer = buffer;
+	r.in.buffer_size = buffer_size;
 
 	if (DEBUGLEVEL >= 10) {
 		NDR_PRINT_IN_DEBUG(svcctl_SetServiceObjectSecurity, &r);
diff --git a/source3/librpc/gen_ndr/cli_svcctl.h b/source3/librpc/gen_ndr/cli_svcctl.h
index e9eeb2d9e2..7c62519187 100644
--- a/source3/librpc/gen_ndr/cli_svcctl.h
+++ b/source3/librpc/gen_ndr/cli_svcctl.h
@@ -22,9 +22,18 @@ NTSTATUS rpccli_svcctl_LockServiceDatabase(struct rpc_pipe_client *cli,
 					   WERROR *werror);
 NTSTATUS rpccli_svcctl_QueryServiceObjectSecurity(struct rpc_pipe_client *cli,
 						  TALLOC_CTX *mem_ctx,
+						  struct policy_handle *handle,
+						  uint32_t security_flags,
+						  uint8_t *buffer,
+						  uint32_t buffer_size,
+						  uint32_t *needed,
 						  WERROR *werror);
 NTSTATUS rpccli_svcctl_SetServiceObjectSecurity(struct rpc_pipe_client *cli,
 						TALLOC_CTX *mem_ctx,
+						struct policy_handle *handle,
+						uint32_t security_flags,
+						uint8_t *buffer,
+						uint32_t buffer_size,
 						WERROR *werror);
 NTSTATUS rpccli_svcctl_QueryServiceStatus(struct rpc_pipe_client *cli,
 					  TALLOC_CTX *mem_ctx,
diff --git a/source3/librpc/gen_ndr/cli_unixinfo.c b/source3/librpc/gen_ndr/cli_unixinfo.c
deleted file mode 100644
index c8a6c926ef..0000000000
--- a/source3/librpc/gen_ndr/cli_unixinfo.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/*
- * Unix SMB/CIFS implementation.
- * client auto-generated by pidl. DO NOT MODIFY!
- */
-
-#include "includes.h"
-#include "librpc/gen_ndr/cli_unixinfo.h"
-
-NTSTATUS rpccli_unixinfo_SidToUid(struct rpc_pipe_client *cli,
-				  TALLOC_CTX *mem_ctx,
-				  struct dom_sid sid,
-				  uint64_t *uid)
-{
-	struct unixinfo_SidToUid r;
-	NTSTATUS status;
-
-	/* In parameters */
-	r.in.sid = sid;
-
-	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(unixinfo_SidToUid, &r);
-	}
-
-	status = cli_do_rpc_ndr(cli,
-				mem_ctx,
-				PI_UNIXINFO,
-				&ndr_table_unixinfo,
-				NDR_UNIXINFO_SIDTOUID,
-				&r);
-
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
-	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(unixinfo_SidToUid, &r);
-	}
-
-	if (NT_STATUS_IS_ERR(status)) {
-		return status;
-	}
-
-	/* Return variables */
-	*uid = *r.out.uid;
-
-	/* Return result */
-	return r.out.result;
-}
-
-NTSTATUS rpccli_unixinfo_UidToSid(struct rpc_pipe_client *cli,
-				  TALLOC_CTX *mem_ctx,
-				  uint64_t uid,
-				  struct dom_sid *sid)
-{
-	struct unixinfo_UidToSid r;
-	NTSTATUS status;
-
-	/* In parameters */
-	r.in.uid = uid;
-
-	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(unixinfo_UidToSid, &r);
-	}
-
-	status = cli_do_rpc_ndr(cli,
-				mem_ctx,
-				PI_UNIXINFO,
-				&ndr_table_unixinfo,
-				NDR_UNIXINFO_UIDTOSID,
-				&r);
-
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
-	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(unixinfo_UidToSid, &r);
-	}
-
-	if (NT_STATUS_IS_ERR(status)) {
-		return status;
-	}
-
-	/* Return variables */
-	*sid = *r.out.sid;
-
-	/* Return result */
-	return r.out.result;
-}
-
-NTSTATUS rpccli_unixinfo_SidToGid(struct rpc_pipe_client *cli,
-				  TALLOC_CTX *mem_ctx,
-				  struct dom_sid sid,
-				  uint64_t *gid)
-{
-	struct unixinfo_SidToGid r;
-	NTSTATUS status;
-
-	/* In parameters */
-	r.in.sid = sid;
-
-	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(unixinfo_SidToGid, &r);
-	}
-
-	status = cli_do_rpc_ndr(cli,
-				mem_ctx,
-				PI_UNIXINFO,
-				&ndr_table_unixinfo,
-				NDR_UNIXINFO_SIDTOGID,
-				&r);
-
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
-	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(unixinfo_SidToGid, &r);
-	}
-
-	if (NT_STATUS_IS_ERR(status)) {
-		return status;
-	}
-
-	/* Return variables */
-	*gid = *r.out.gid;
-
-	/* Return result */
-	return r.out.result;
-}
-
-NTSTATUS rpccli_unixinfo_GidToSid(struct rpc_pipe_client *cli,
-				  TALLOC_CTX *mem_ctx,
-				  uint64_t gid,
-				  struct dom_sid *sid)
-{
-	struct unixinfo_GidToSid r;
-	NTSTATUS status;
-
-	/* In parameters */
-	r.in.gid = gid;
-
-	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(unixinfo_GidToSid, &r);
-	}
-
-	status = cli_do_rpc_ndr(cli,
-				mem_ctx,
-				PI_UNIXINFO,
-				&ndr_table_unixinfo,
-				NDR_UNIXINFO_GIDTOSID,
-				&r);
-
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
-	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(unixinfo_GidToSid, &r);
-	}
-
-	if (NT_STATUS_IS_ERR(status)) {
-		return status;
-	}
-
-	/* Return variables */
-	*sid = *r.out.sid;
-
-	/* Return result */
-	return r.out.result;
-}
-
-NTSTATUS rpccli_unixinfo_GetPWUid(struct rpc_pipe_client *cli,
-				  TALLOC_CTX *mem_ctx,
-				  uint32_t *count,
-				  uint64_t *uids,
-				  struct unixinfo_GetPWUidInfo *infos)
-{
-	struct unixinfo_GetPWUid r;
-	NTSTATUS status;
-
-	/* In parameters */
-	r.in.count = count;
-	r.in.uids = uids;
-
-	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(unixinfo_GetPWUid, &r);
-	}
-
-	status = cli_do_rpc_ndr(cli,
-				mem_ctx,
-				PI_UNIXINFO,
-				&ndr_table_unixinfo,
-				NDR_UNIXINFO_GETPWUID,
-				&r);
-
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
-	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(unixinfo_GetPWUid, &r);
-	}
-
-	if (NT_STATUS_IS_ERR(status)) {
-		return status;
-	}
-
-	/* Return variables */
-	*count = *r.out.count;
-	memcpy(infos, r.out.infos, *r.in.count);
-
-	/* Return result */
-	return r.out.result;
-}
-
diff --git a/source3/librpc/gen_ndr/cli_unixinfo.h b/source3/librpc/gen_ndr/cli_unixinfo.h
deleted file mode 100644
index fa084cc75d..0000000000
--- a/source3/librpc/gen_ndr/cli_unixinfo.h
+++ /dev/null
@@ -1,25 +0,0 @@
-#include "librpc/gen_ndr/ndr_unixinfo.h"
-#ifndef __CLI_UNIXINFO__
-#define __CLI_UNIXINFO__
-NTSTATUS rpccli_unixinfo_SidToUid(struct rpc_pipe_client *cli,
-				  TALLOC_CTX *mem_ctx,
-				  struct dom_sid sid,
-				  uint64_t *uid);
-NTSTATUS rpccli_unixinfo_UidToSid(struct rpc_pipe_client *cli,
-				  TALLOC_CTX *mem_ctx,
-				  uint64_t uid,
-				  struct dom_sid *sid);
-NTSTATUS rpccli_unixinfo_SidToGid(struct rpc_pipe_client *cli,
-				  TALLOC_CTX *mem_ctx,
-				  struct dom_sid sid,
-				  uint64_t *gid);
-NTSTATUS rpccli_unixinfo_GidToSid(struct rpc_pipe_client *cli,
-				  TALLOC_CTX *mem_ctx,
-				  uint64_t gid,
-				  struct dom_sid *sid);
-NTSTATUS rpccli_unixinfo_GetPWUid(struct rpc_pipe_client *cli,
-				  TALLOC_CTX *mem_ctx,
-				  uint32_t *count,
-				  uint64_t *uids,
-				  struct unixinfo_GetPWUidInfo *infos);
-#endif /* __CLI_UNIXINFO__ */
diff --git a/source3/librpc/gen_ndr/cli_wkssvc.c b/source3/librpc/gen_ndr/cli_wkssvc.c
index 581a498146..adaa3dd7bd 100644
--- a/source3/librpc/gen_ndr/cli_wkssvc.c
+++ b/source3/librpc/gen_ndr/cli_wkssvc.c
@@ -1120,7 +1120,7 @@ NTSTATUS rpccli_wkssvc_NetrGetJoinableOus(struct rpc_pipe_client *cli,
 
 	/* Return variables */
 	*num_ous = *r.out.num_ous;
-	memcpy(ous, r.out.ous, *r.in.num_ous);
+	*ous = *r.out.ous;
 
 	/* Return result */
 	if (werror) {
@@ -1383,7 +1383,7 @@ NTSTATUS rpccli_wkssvc_NetrGetJoinableOus2(struct rpc_pipe_client *cli,
 
 	/* Return variables */
 	*num_ous = *r.out.num_ous;
-	memcpy(ous, r.out.ous, *r.in.num_ous);
+	*ous = *r.out.ous;
 
 	/* Return result */
 	if (werror) {
diff --git a/source3/librpc/gen_ndr/dfs.h b/source3/librpc/gen_ndr/dfs.h
index 89f243b7dd..dc11e70b59 100644
--- a/source3/librpc/gen_ndr/dfs.h
+++ b/source3/librpc/gen_ndr/dfs.h
@@ -32,13 +32,11 @@ struct dfs_Info1 {
 /* bitmap dfs_VolumeState */
 #define DFS_VOLUME_STATE_OK ( 0x1 )
 #define DFS_VOLUME_STATE_INCONSISTENT ( 0x2 )
-#define DFS_VOLUME_STATE_OFFLINE ( 0x4 )
-#define DFS_VOLUME_STATE_ONLINE ( 0x8 )
+#define DFS_VOLUME_STATE_OFFLINE ( 0x3 )
+#define DFS_VOLUME_STATE_ONLINE ( 0x4 )
 #define DFS_VOLUME_STATE_STANDALONE ( DFS_VOLUME_FLAVOR_STANDALONE )
 #define DFS_VOLUME_STATE_AD_BLOB ( DFS_VOLUME_FLAVOR_AD_BLOB )
 
-;
-
 struct dfs_Info2 {
 	const char *path;/* [unique,charset(UTF16)] */
 	const char *comment;/* [unique,charset(UTF16)] */
@@ -51,8 +49,6 @@ struct dfs_Info2 {
 #define DFS_STORAGE_STATE_ONLINE ( 2 )
 #define DFS_STORAGE_STATE_ACTIVE ( 4 )
 
-;
-
 struct dfs_StorageInfo {
 	uint32_t state;
 	const char *server;/* [unique,charset(UTF16)] */
@@ -84,8 +80,6 @@ struct dfs_Info4 {
 #define DFS_PROPERTY_FLAG_TARGET_FAILBACK ( 0x08 )
 #define DFS_PROPERTY_FLAG_CLUSTER_ENABLED ( 0x10 )
 
-;
-
 struct dfs_Info5 {
 	const char *path;/* [unique,charset(UTF16)] */
 	const char *comment;/* [unique,charset(UTF16)] */
@@ -238,6 +232,16 @@ struct dfs_EnumArray4 {
 	struct dfs_Info4 *s;/* [unique,size_is(count)] */
 };
 
+struct dfs_EnumArray5 {
+	uint32_t count;
+	struct dfs_Info5 *s;/* [unique,size_is(count)] */
+};
+
+struct dfs_EnumArray6 {
+	uint32_t count;
+	struct dfs_Info6 *s;/* [unique,size_is(count)] */
+};
+
 struct dfs_EnumArray200 {
 	uint32_t count;
 	struct dfs_Info200 *s;/* [unique,size_is(count)] */
@@ -253,6 +257,8 @@ union dfs_EnumInfo {
 	struct dfs_EnumArray2 *info2;/* [unique,case(2)] */
 	struct dfs_EnumArray3 *info3;/* [unique,case(3)] */
 	struct dfs_EnumArray4 *info4;/* [unique,case(4)] */
+	struct dfs_EnumArray5 *info5;/* [unique,case(5)] */
+	struct dfs_EnumArray6 *info6;/* [unique,case(6)] */
 	struct dfs_EnumArray200 *info200;/* [unique,case(200)] */
 	struct dfs_EnumArray300 *info300;/* [unique,case(300)] */
 };
@@ -485,6 +491,16 @@ struct dfs_AddStdRootForced {
 
 struct dfs_GetDcAddress {
 	struct {
+		const char *servername;/* [charset(UTF16)] */
+		const char **server_fullname;/* [ref,charset(UTF16)] */
+		uint8_t *is_root;/* [ref] */
+		uint32_t *ttl;/* [ref] */
+	} in;
+
+	struct {
+		const char **server_fullname;/* [ref,charset(UTF16)] */
+		uint8_t *is_root;/* [ref] */
+		uint32_t *ttl;/* [ref] */
 		WERROR result;
 	} out;
 
@@ -493,6 +509,13 @@ struct dfs_GetDcAddress {
 
 struct dfs_SetDcAddress {
 	struct {
+		const char *servername;/* [charset(UTF16)] */
+		const char *server_fullname;/* [charset(UTF16)] */
+		uint32_t flags;
+		uint32_t ttl;
+	} in;
+
+	struct {
 		WERROR result;
 	} out;
 
diff --git a/source3/librpc/gen_ndr/dssetup.h b/source3/librpc/gen_ndr/dssetup.h
new file mode 100644
index 0000000000..d284a63375
--- /dev/null
+++ b/source3/librpc/gen_ndr/dssetup.h
@@ -0,0 +1,211 @@
+/* header auto-generated by pidl */
+
+#include <stdint.h>
+
+#include "librpc/gen_ndr/misc.h"
+#ifndef _HEADER_dssetup
+#define _HEADER_dssetup
+
+enum dssetup_DsRole
+#ifndef USE_UINT_ENUMS
+ {
+	DS_ROLE_STANDALONE_WORKSTATION=0,
+	DS_ROLE_MEMBER_WORKSTATION=1,
+	DS_ROLE_STANDALONE_SERVER=2,
+	DS_ROLE_MEMBER_SERVER=3,
+	DS_ROLE_BACKUP_DC=4,
+	DS_ROLE_PRIMARY_DC=5
+}
+#else
+ { __donnot_use_enum_dssetup_DsRole=0x7FFFFFFF}
+#define DS_ROLE_STANDALONE_WORKSTATION ( 0 )
+#define DS_ROLE_MEMBER_WORKSTATION ( 1 )
+#define DS_ROLE_STANDALONE_SERVER ( 2 )
+#define DS_ROLE_MEMBER_SERVER ( 3 )
+#define DS_ROLE_BACKUP_DC ( 4 )
+#define DS_ROLE_PRIMARY_DC ( 5 )
+#endif
+;
+
+/* bitmap dssetup_DsRoleFlags */
+#define DS_ROLE_PRIMARY_DS_RUNNING ( 0x00000001 )
+#define DS_ROLE_PRIMARY_DS_MIXED_MODE ( 0x00000002 )
+#define DS_ROLE_UPGRADE_IN_PROGRESS ( 0x00000004 )
+#define DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT ( 0x01000000 )
+
+struct dssetup_DsRolePrimaryDomInfoBasic {
+	enum dssetup_DsRole role;
+	uint32_t flags;
+	const char *domain;/* [unique,charset(UTF16)] */
+	const char *dns_domain;/* [unique,charset(UTF16)] */
+	const char *forest;/* [unique,charset(UTF16)] */
+	struct GUID domain_guid;
+};
+
+enum dssetup_DsUpgrade
+#ifndef USE_UINT_ENUMS
+ {
+	DS_ROLE_NOT_UPGRADING=0,
+	DS_ROLE_UPGRADING=1
+}
+#else
+ { __donnot_use_enum_dssetup_DsUpgrade=0x7FFFFFFF}
+#define DS_ROLE_NOT_UPGRADING ( 0 )
+#define DS_ROLE_UPGRADING ( 1 )
+#endif
+;
+
+enum dssetup_DsPrevious
+#ifndef USE_UINT_ENUMS
+ {
+	DS_ROLE_PREVIOUS_UNKNOWN=0,
+	DS_ROLE_PREVIOUS_PRIMARY=1,
+	DS_ROLE_PREVIOUS_BACKUP=2
+}
+#else
+ { __donnot_use_enum_dssetup_DsPrevious=0x7FFFFFFF}
+#define DS_ROLE_PREVIOUS_UNKNOWN ( 0 )
+#define DS_ROLE_PREVIOUS_PRIMARY ( 1 )
+#define DS_ROLE_PREVIOUS_BACKUP ( 2 )
+#endif
+;
+
+struct dssetup_DsRoleUpgradeStatus {
+	enum dssetup_DsUpgrade upgrading;
+	enum dssetup_DsPrevious previous_role;
+};
+
+enum dssetup_DsRoleOp
+#ifndef USE_UINT_ENUMS
+ {
+	DS_ROLE_OP_IDLE=0,
+	DS_ROLE_OP_ACTIVE=1,
+	DS_ROLE_OP_NEEDS_REBOOT=2
+}
+#else
+ { __donnot_use_enum_dssetup_DsRoleOp=0x7FFFFFFF}
+#define DS_ROLE_OP_IDLE ( 0 )
+#define DS_ROLE_OP_ACTIVE ( 1 )
+#define DS_ROLE_OP_NEEDS_REBOOT ( 2 )
+#endif
+;
+
+struct dssetup_DsRoleOpStatus {
+	enum dssetup_DsRoleOp status;
+};
+
+enum dssetup_DsRoleInfoLevel
+#ifndef USE_UINT_ENUMS
+ {
+	DS_ROLE_BASIC_INFORMATION=1,
+	DS_ROLE_UPGRADE_STATUS=2,
+	DS_ROLE_OP_STATUS=3
+}
+#else
+ { __donnot_use_enum_dssetup_DsRoleInfoLevel=0x7FFFFFFF}
+#define DS_ROLE_BASIC_INFORMATION ( 1 )
+#define DS_ROLE_UPGRADE_STATUS ( 2 )
+#define DS_ROLE_OP_STATUS ( 3 )
+#endif
+;
+
+union dssetup_DsRoleInfo {
+	struct dssetup_DsRolePrimaryDomInfoBasic basic;/* [case(DS_ROLE_BASIC_INFORMATION)] */
+	struct dssetup_DsRoleUpgradeStatus upgrade;/* [case(DS_ROLE_UPGRADE_STATUS)] */
+	struct dssetup_DsRoleOpStatus opstatus;/* [case(DS_ROLE_OP_STATUS)] */
+}/* [switch_type(dssetup_DsRoleInfoLevel)] */;
+
+
+struct dssetup_DsRoleGetPrimaryDomainInformation {
+	struct {
+		enum dssetup_DsRoleInfoLevel level;
+	} in;
+
+	struct {
+		union dssetup_DsRoleInfo *info;/* [unique,switch_is(level)] */
+		WERROR result;
+	} out;
+
+};
+
+
+struct dssetup_DsRoleDnsNameToFlatName {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct dssetup_DsRoleDcAsDc {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct dssetup_DsRoleDcAsReplica {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct dssetup_DsRoleDemoteDc {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct dssetup_DsRoleGetDcOperationProgress {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct dssetup_DsRoleGetDcOperationResults {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct dssetup_DsRoleCancel {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct dssetup_DsRoleServerSaveStateForUpgrade {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct dssetup_DsRoleUpgradeDownlevelServer {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct dssetup_DsRoleAbortDownlevelServerUpgrade {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+#endif /* _HEADER_dssetup */
diff --git a/source3/librpc/gen_ndr/eventlog.h b/source3/librpc/gen_ndr/eventlog.h
index e13fb50a5d..0fd929dd99 100644
--- a/source3/librpc/gen_ndr/eventlog.h
+++ b/source3/librpc/gen_ndr/eventlog.h
@@ -13,8 +13,6 @@
 #define EVENTLOG_FORWARDS_READ ( 0x0004 )
 #define EVENTLOG_BACKWARDS_READ ( 0x0008 )
 
-;
-
 /* bitmap eventlogEventTypes */
 #define EVENTLOG_SUCCESS ( 0x0000 )
 #define EVENTLOG_ERROR_TYPE ( 0x0001 )
@@ -23,8 +21,6 @@
 #define EVENTLOG_AUDIT_SUCCESS ( 0x0008 )
 #define EVENTLOG_AUDIT_FAILURE ( 0x0010 )
 
-;
-
 struct eventlog_OpenUnknown0 {
 	uint16_t unknown0;
 	uint16_t unknown1;
@@ -57,7 +53,7 @@ struct eventlog_Record {
 struct eventlog_ClearEventLogW {
 	struct {
 		struct policy_handle *handle;/* [ref] */
-		struct lsa_String *unknown;/* [unique] */
+		struct lsa_String *backupfile;/* [unique] */
 	} in;
 
 	struct {
@@ -111,6 +107,11 @@ struct eventlog_GetNumRecords {
 
 struct eventlog_GetOldestRecord {
 	struct {
+		struct policy_handle *handle;/* [ref] */
+	} in;
+
+	struct {
+		uint32_t *oldest_entry;/* [ref] */
 		NTSTATUS result;
 	} out;
 
@@ -128,8 +129,8 @@ struct eventlog_ChangeNotify {
 struct eventlog_OpenEventLogW {
 	struct {
 		struct eventlog_OpenUnknown0 *unknown0;/* [unique] */
-		struct lsa_String logname;
-		struct lsa_String servername;
+		struct lsa_String *logname;/* [ref] */
+		struct lsa_String *servername;/* [ref] */
 		uint32_t unknown2;
 		uint32_t unknown3;
 	} in;
@@ -163,7 +164,7 @@ struct eventlog_ReadEventLogW {
 		struct policy_handle *handle;/* [ref] */
 		uint32_t flags;
 		uint32_t offset;
-		uint32_t number_of_bytes;
+		uint32_t number_of_bytes;/* [range(0,0x7FFFF)] */
 	} in;
 
 	struct {
diff --git a/source3/librpc/gen_ndr/initshutdown.h b/source3/librpc/gen_ndr/initshutdown.h
index 665d435919..acfe98846f 100644
--- a/source3/librpc/gen_ndr/initshutdown.h
+++ b/source3/librpc/gen_ndr/initshutdown.h
@@ -11,8 +11,8 @@ struct initshutdown_String_sub {
 };
 
 struct initshutdown_String {
-	uint16_t name_len;/* [value(strlen_m(r->name->name)*2)] */
-	uint16_t name_size;/* [value(strlen_m_term(r->name->name)*2)] */
+	uint16_t name_len;/* [value(strlen_m(name->name)*2)] */
+	uint16_t name_size;/* [value(strlen_m_term(name->name)*2)] */
 	struct initshutdown_String_sub *name;/* [unique] */
 }/* [public] */;
 
diff --git a/source3/librpc/gen_ndr/krb5pac.h b/source3/librpc/gen_ndr/krb5pac.h
new file mode 100644
index 0000000000..b8b9054bb6
--- /dev/null
+++ b/source3/librpc/gen_ndr/krb5pac.h
@@ -0,0 +1,121 @@
+/* header auto-generated by pidl */
+
+#include <stdint.h>
+
+#include "librpc/gen_ndr/security.h"
+#include "librpc/gen_ndr/netlogon.h"
+#include "librpc/gen_ndr/samr.h"
+#ifndef _HEADER_krb5pac
+#define _HEADER_krb5pac
+
+struct PAC_LOGON_NAME {
+	NTTIME logon_time;
+	uint16_t size;/* [value(2*strlen_m(account_name))] */
+	const char *account_name;/* [charset(UTF16)] */
+};
+
+struct PAC_SIGNATURE_DATA {
+	uint32_t type;
+	DATA_BLOB signature;/* [flag(LIBNDR_FLAG_REMAINING)] */
+}/* [public,flag(LIBNDR_PRINT_ARRAY_HEX)] */;
+
+struct PAC_LOGON_INFO {
+	struct netr_SamInfo3 info3;
+	struct dom_sid2 *res_group_dom_sid;/* [unique] */
+	struct samr_RidWithAttributeArray res_groups;
+}/* [gensize] */;
+
+struct PAC_LOGON_INFO_CTR {
+	uint32_t unknown1;/* [value(0x00081001)] */
+	uint32_t unknown2;/* [value(0xCCCCCCCC)] */
+	uint32_t _ndr_size;/* [value(NDR_ROUND(ndr_size_PAC_LOGON_INFO(info,ndr->flags)+4,8))] */
+	uint32_t unknown3;/* [value(0x00000000)] */
+	struct PAC_LOGON_INFO *info;/* [unique] */
+}/* [public] */;
+
+enum PAC_TYPE
+#ifndef USE_UINT_ENUMS
+ {
+	PAC_TYPE_LOGON_INFO=1,
+	PAC_TYPE_SRV_CHECKSUM=6,
+	PAC_TYPE_KDC_CHECKSUM=7,
+	PAC_TYPE_LOGON_NAME=10,
+	PAC_TYPE_CONSTRAINED_DELEGATION=11
+}
+#else
+ { __donnot_use_enum_PAC_TYPE=0x7FFFFFFF}
+#define PAC_TYPE_LOGON_INFO ( 1 )
+#define PAC_TYPE_SRV_CHECKSUM ( 6 )
+#define PAC_TYPE_KDC_CHECKSUM ( 7 )
+#define PAC_TYPE_LOGON_NAME ( 10 )
+#define PAC_TYPE_CONSTRAINED_DELEGATION ( 11 )
+#endif
+;
+
+union PAC_INFO {
+	struct PAC_LOGON_INFO_CTR logon_info;/* [case(PAC_TYPE_LOGON_INFO)] */
+	struct PAC_SIGNATURE_DATA srv_cksum;/* [case(PAC_TYPE_SRV_CHECKSUM)] */
+	struct PAC_SIGNATURE_DATA kdc_cksum;/* [case(PAC_TYPE_KDC_CHECKSUM)] */
+	struct PAC_LOGON_NAME logon_name;/* [case(PAC_TYPE_LOGON_NAME)] */
+}/* [gensize,nodiscriminant,public] */;
+
+struct PAC_BUFFER {
+	enum PAC_TYPE type;
+	uint32_t _ndr_size;/* [value(_ndr_size_PAC_INFO(info,type,0))] */
+	union PAC_INFO *info;/* [relative,subcontext_size(_subcontext_size_PAC_INFO(r,ndr->flags)),subcontext(0),switch_is(type),flag(LIBNDR_FLAG_ALIGN8)] */
+	uint32_t _pad;/* [value(0)] */
+}/* [noprint,nopull,public,nopush] */;
+
+struct PAC_DATA {
+	uint32_t num_buffers;
+	uint32_t version;
+	struct PAC_BUFFER *buffers;
+}/* [public] */;
+
+struct DATA_BLOB_REM {
+	DATA_BLOB remaining;/* [flag(LIBNDR_FLAG_REMAINING)] */
+};
+
+struct PAC_BUFFER_RAW {
+	enum PAC_TYPE type;
+	uint32_t ndr_size;
+	struct DATA_BLOB_REM *info;/* [relative,subcontext_size(NDR_ROUND(ndr_size,8)),subcontext(0),flag(LIBNDR_FLAG_ALIGN8)] */
+	uint32_t _pad;/* [value(0)] */
+}/* [public] */;
+
+struct PAC_DATA_RAW {
+	uint32_t num_buffers;
+	uint32_t version;
+	struct PAC_BUFFER_RAW *buffers;
+}/* [public] */;
+
+struct netsamlogoncache_entry {
+	time_t timestamp;
+	struct netr_SamInfo3 info3;
+}/* [public] */;
+
+
+struct decode_pac {
+	struct {
+		struct PAC_DATA pac;
+	} in;
+
+};
+
+
+struct decode_pac_raw {
+	struct {
+		struct PAC_DATA_RAW pac;
+	} in;
+
+};
+
+
+struct decode_login_info {
+	struct {
+		struct PAC_LOGON_INFO logon_info;
+	} in;
+
+};
+
+#endif /* _HEADER_krb5pac */
diff --git a/source3/librpc/gen_ndr/libnet_join.h b/source3/librpc/gen_ndr/libnet_join.h
index 40759cb489..8dbadcf0a2 100644
--- a/source3/librpc/gen_ndr/libnet_join.h
+++ b/source3/librpc/gen_ndr/libnet_join.h
@@ -7,8 +7,6 @@
 #ifndef _HEADER_libnetjoin
 #define _HEADER_libnetjoin
 
-;
-
 
 struct libnet_JoinCtx {
 	struct {
@@ -65,6 +63,8 @@ struct libnet_UnjoinCtx {
 		const char * dns_domain_name;
 		uint8_t modified_config;
 		const char * error_string;
+		uint8_t disabled_machine_account;
+		uint8_t deleted_machine_account;
 		WERROR result;
 	} out;
 
diff --git a/source3/librpc/gen_ndr/lsa.h b/source3/librpc/gen_ndr/lsa.h
index 513d17b5df..4fea08e99d 100644
--- a/source3/librpc/gen_ndr/lsa.h
+++ b/source3/librpc/gen_ndr/lsa.h
@@ -8,9 +8,9 @@
 
 #define LSA_ENUM_TRUST_DOMAIN_MULTIPLIER	( 60 )
 #define LSA_REF_DOMAIN_LIST_MULTIPLIER	( 32 )
+#define MAX_REF_DOMAINS	( LSA_REF_DOMAIN_LIST_MULTIPLIER )
+#define MAX_LOOKUP_SIDS	( 0x5000 )
 #define LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER	( 82 )
-;
-
 struct lsa_String {
 	uint16_t length;/* [value(2*strlen_m(string))] */
 	uint16_t size;/* [value(2*strlen_m(string))] */
@@ -19,7 +19,7 @@ struct lsa_String {
 
 struct lsa_StringLarge {
 	uint16_t length;/* [value(2*strlen_m(string))] */
-	uint16_t size;/* [value(2*(strlen_m(string)+1))] */
+	uint16_t size;/* [value(2*strlen_m_term(string))] */
 	const char *string;/* [unique,charset(UTF16),length_is(length/2),size_is(size/2)] */
 }/* [public] */;
 
@@ -31,7 +31,13 @@ struct lsa_Strings {
 struct lsa_AsciiString {
 	uint16_t length;/* [value(strlen_m(string))] */
 	uint16_t size;/* [value(strlen_m(string))] */
-	const char * string;/* [unique,flag(LIBNDR_FLAG_STR_NOTERM|LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_SIZE4|LIBNDR_FLAG_STR_LEN4)] */
+	const char *string;/* [unique,charset(DOS),length_is(length),size_is(size)] */
+}/* [public] */;
+
+struct lsa_AsciiStringLarge {
+	uint16_t length;/* [value(strlen_m(string))] */
+	uint16_t size;/* [value(strlen_m_term(string))] */
+	const char *string;/* [unique,charset(DOS),length_is(length),size_is(size)] */
 }/* [public] */;
 
 struct lsa_LUID {
@@ -65,6 +71,20 @@ struct lsa_ObjectAttribute {
 	struct lsa_QosInfo *sec_qos;/* [unique] */
 };
 
+/* bitmap lsa_PolicyAccessMask */
+#define LSA_POLICY_VIEW_LOCAL_INFORMATION ( 0x00000001 )
+#define LSA_POLICY_VIEW_AUDIT_INFORMATION ( 0x00000002 )
+#define LSA_POLICY_GET_PRIVATE_INFORMATION ( 0x00000004 )
+#define LSA_POLICY_TRUST_ADMIN ( 0x00000008 )
+#define LSA_POLICY_CREATE_ACCOUNT ( 0x00000010 )
+#define LSA_POLICY_CREATE_SECRET ( 0x00000020 )
+#define LSA_POLICY_CREATE_PRIVILEGE ( 0x00000040 )
+#define LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS ( 0x00000080 )
+#define LSA_POLICY_SET_AUDIT_REQUIREMENTS ( 0x00000100 )
+#define LSA_POLICY_AUDIT_LOG_ADMIN ( 0x00000200 )
+#define LSA_POLICY_SERVER_ADMIN ( 0x00000400 )
+#define LSA_POLICY_LOOKUP_NAMES ( 0x00000800 )
+
 struct lsa_AuditLogInfo {
 	uint32_t percent_full;
 	uint32_t log_size;
@@ -75,9 +95,55 @@ struct lsa_AuditLogInfo {
 	uint32_t unknown;
 };
 
+enum lsa_PolicyAuditPolicy
+#ifndef USE_UINT_ENUMS
+ {
+	LSA_AUDIT_POLICY_NONE=0,
+	LSA_AUDIT_POLICY_SUCCESS=1,
+	LSA_AUDIT_POLICY_FAILURE=2,
+	LSA_AUDIT_POLICY_ALL=(LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE),
+	LSA_AUDIT_POLICY_CLEAR=4
+}
+#else
+ { __donnot_use_enum_lsa_PolicyAuditPolicy=0x7FFFFFFF}
+#define LSA_AUDIT_POLICY_NONE ( 0 )
+#define LSA_AUDIT_POLICY_SUCCESS ( 1 )
+#define LSA_AUDIT_POLICY_FAILURE ( 2 )
+#define LSA_AUDIT_POLICY_ALL ( (LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE) )
+#define LSA_AUDIT_POLICY_CLEAR ( 4 )
+#endif
+;
+
+enum lsa_PolicyAuditEventType
+#ifndef USE_UINT_ENUMS
+ {
+	LSA_AUDIT_CATEGORY_SYSTEM=0,
+	LSA_AUDIT_CATEGORY_LOGON=1,
+	LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS=2,
+	LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS=3,
+	LSA_AUDIT_CATEGORY_PROCCESS_TRACKING=4,
+	LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES=5,
+	LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT=6,
+	LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS=7,
+	LSA_AUDIT_CATEGORY_ACCOUNT_LOGON=8
+}
+#else
+ { __donnot_use_enum_lsa_PolicyAuditEventType=0x7FFFFFFF}
+#define LSA_AUDIT_CATEGORY_SYSTEM ( 0 )
+#define LSA_AUDIT_CATEGORY_LOGON ( 1 )
+#define LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS ( 2 )
+#define LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS ( 3 )
+#define LSA_AUDIT_CATEGORY_PROCCESS_TRACKING ( 4 )
+#define LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES ( 5 )
+#define LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT ( 6 )
+#define LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS ( 7 )
+#define LSA_AUDIT_CATEGORY_ACCOUNT_LOGON ( 8 )
+#endif
+;
+
 struct lsa_AuditEventsInfo {
 	uint32_t auditing_mode;
-	uint32_t *settings;/* [unique,size_is(count)] */
+	enum lsa_PolicyAuditPolicy *settings;/* [unique,size_is(count)] */
 	uint32_t count;
 };
 
@@ -185,7 +251,7 @@ struct lsa_SidPtr {
 };
 
 struct lsa_SidArray {
-	uint32_t num_sids;/* [range(0 1000)] */
+	uint32_t num_sids;/* [range(0,1000)] */
 	struct lsa_SidPtr *sids;/* [unique,size_is(num_sids)] */
 }/* [public] */;
 
@@ -230,16 +296,37 @@ struct lsa_TranslatedSid {
 };
 
 struct lsa_TransSidArray {
-	uint32_t count;/* [range(0 1000)] */
+	uint32_t count;/* [range(0,1000)] */
 	struct lsa_TranslatedSid *sids;/* [unique,size_is(count)] */
 };
 
 struct lsa_RefDomainList {
-	uint32_t count;/* [range(0 1000)] */
+	uint32_t count;/* [range(0,1000)] */
 	struct lsa_DomainInfo *domains;/* [unique,size_is(count)] */
 	uint32_t max_size;
 };
 
+enum lsa_LookupNamesLevel
+#ifndef USE_UINT_ENUMS
+ {
+	LSA_LOOKUP_NAMES_ALL=1,
+	LSA_LOOKUP_NAMES_DOMAINS_ONLY=2,
+	LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY=3,
+	LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY=4,
+	LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY=5,
+	LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2=6
+}
+#else
+ { __donnot_use_enum_lsa_LookupNamesLevel=0x7FFFFFFF}
+#define LSA_LOOKUP_NAMES_ALL ( 1 )
+#define LSA_LOOKUP_NAMES_DOMAINS_ONLY ( 2 )
+#define LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY ( 3 )
+#define LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY ( 4 )
+#define LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY ( 5 )
+#define LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 ( 6 )
+#endif
+;
+
 struct lsa_TranslatedName {
 	enum lsa_SidType sid_type;
 	struct lsa_String name;
@@ -247,7 +334,7 @@ struct lsa_TranslatedName {
 };
 
 struct lsa_TransNameArray {
-	uint32_t count;/* [range(0 1000)] */
+	uint32_t count;/* [range(0,1000)] */
 	struct lsa_TranslatedName *names;/* [unique,size_is(count)] */
 };
 
@@ -257,7 +344,7 @@ struct lsa_LUIDAttribute {
 };
 
 struct lsa_PrivilegeSet {
-	uint32_t count;/* [range(0 1000)] */
+	uint32_t count;/* [range(0,1000)] */
 	uint32_t unknown;
 	struct lsa_LUIDAttribute *set;/* [size_is(count)] */
 };
@@ -269,7 +356,7 @@ struct lsa_DATA_BUF {
 }/* [flag(LIBNDR_PRINT_ARRAY_HEX)] */;
 
 struct lsa_DATA_BUF2 {
-	uint32_t size;/* [range(0 65536)] */
+	uint32_t size;/* [range(0,65536)] */
 	uint8_t *data;/* [unique,size_is(size)] */
 }/* [flag(LIBNDR_PRINT_ARRAY_HEX)] */;
 
@@ -383,14 +470,10 @@ struct lsa_RightAttribute {
 };
 
 struct lsa_RightSet {
-	uint32_t count;
+	uint32_t count;/* [range(0,256)] */
 	struct lsa_StringLarge *names;/* [unique,size_is(count)] */
 };
 
-struct lsa_StringPointer {
-	struct lsa_String *string;/* [unique] */
-};
-
 struct lsa_DomainListEx {
 	uint32_t count;
 	struct lsa_TrustDomainInfoInfoEx *domains;/* [unique,size_is(count)] */
@@ -436,7 +519,7 @@ struct lsa_TranslatedName2 {
 };
 
 struct lsa_TransNameArray2 {
-	uint32_t count;/* [range(0 1000)] */
+	uint32_t count;/* [range(0,1000)] */
 	struct lsa_TranslatedName2 *names;/* [unique,size_is(count)] */
 };
 
@@ -448,7 +531,7 @@ struct lsa_TranslatedSid2 {
 };
 
 struct lsa_TransSidArray2 {
-	uint32_t count;/* [range(0 1000)] */
+	uint32_t count;/* [range(0,1000)] */
 	struct lsa_TranslatedSid2 *sids;/* [unique,size_is(count)] */
 };
 
@@ -460,10 +543,57 @@ struct lsa_TranslatedSid3 {
 };
 
 struct lsa_TransSidArray3 {
-	uint32_t count;/* [range(0 1000)] */
+	uint32_t count;/* [range(0,1000)] */
 	struct lsa_TranslatedSid3 *sids;/* [unique,size_is(count)] */
 };
 
+struct lsa_ForestTrustBinaryData {
+	uint32_t length;/* [range(0,131072)] */
+	uint8_t *data;/* [unique,size_is(length)] */
+};
+
+struct lsa_ForestTrustDomainInfo {
+	struct dom_sid2 *domain_sid;/* [unique] */
+	struct lsa_StringLarge dns_domain_name;
+	struct lsa_StringLarge netbios_domain_name;
+};
+
+union lsa_ForestTrustData {
+	struct lsa_String top_level_name;/* [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] */
+	struct lsa_StringLarge top_level_name_ex;/* [case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] */
+	struct lsa_ForestTrustDomainInfo domain_info;/* [case(LSA_FOREST_TRUST_DOMAIN_INFO)] */
+	struct lsa_ForestTrustBinaryData data;/* [default] */
+}/* [switch_type(uint32)] */;
+
+enum lsa_ForestTrustRecordType
+#ifndef USE_UINT_ENUMS
+ {
+	LSA_FOREST_TRUST_TOP_LEVEL_NAME=0,
+	LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX=1,
+	LSA_FOREST_TRUST_DOMAIN_INFO=2,
+	LSA_FOREST_TRUST_RECORD_TYPE_LAST=3
+}
+#else
+ { __donnot_use_enum_lsa_ForestTrustRecordType=0x7FFFFFFF}
+#define LSA_FOREST_TRUST_TOP_LEVEL_NAME ( 0 )
+#define LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX ( 1 )
+#define LSA_FOREST_TRUST_DOMAIN_INFO ( 2 )
+#define LSA_FOREST_TRUST_RECORD_TYPE_LAST ( 3 )
+#endif
+;
+
+struct lsa_ForestTrustRecord {
+	uint32_t flags;
+	enum lsa_ForestTrustRecordType level;
+	uint64_t unknown;
+	union lsa_ForestTrustData forest_trust_data;/* [switch_is(level)] */
+};
+
+struct lsa_ForestTrustInformation {
+	uint32_t count;/* [range(0,4000)] */
+	struct lsa_ForestTrustRecord **entries;/* [unique,size_is(count)] */
+}/* [public] */;
+
 
 struct lsa_Close {
 	struct {
@@ -513,7 +643,7 @@ struct lsa_QuerySecurity {
 	} in;
 
 	struct {
-		struct sec_desc_buf *sdbuf;/* [unique] */
+		struct sec_desc_buf **sdbuf;/* [ref] */
 		NTSTATUS result;
 	} out;
 
@@ -522,6 +652,12 @@ struct lsa_QuerySecurity {
 
 struct lsa_SetSecObj {
 	struct {
+		struct policy_handle *handle;/* [ref] */
+		uint32_t sec_info;
+		struct sec_desc_buf *sdbuf;/* [ref] */
+	} in;
+
+	struct {
 		NTSTATUS result;
 	} out;
 
@@ -558,7 +694,7 @@ struct lsa_QueryInfoPolicy {
 	} in;
 
 	struct {
-		union lsa_PolicyInformation *info;/* [unique,switch_is(level)] */
+		union lsa_PolicyInformation **info;/* [ref,switch_is(level)] */
 		NTSTATUS result;
 	} out;
 
@@ -605,7 +741,7 @@ struct lsa_CreateAccount {
 struct lsa_EnumAccounts {
 	struct {
 		struct policy_handle *handle;/* [ref] */
-		uint32_t num_entries;/* [range(0 8192)] */
+		uint32_t num_entries;/* [range(0,8192)] */
 		uint32_t *resume_handle;/* [ref] */
 	} in;
 
@@ -636,7 +772,7 @@ struct lsa_CreateTrustedDomain {
 struct lsa_EnumTrustDom {
 	struct {
 		struct policy_handle *handle;/* [ref] */
-		uint32_t max_size;/* [range(0 1000)] */
+		uint32_t max_size;
 		uint32_t *resume_handle;/* [ref] */
 	} in;
 
@@ -652,15 +788,15 @@ struct lsa_EnumTrustDom {
 struct lsa_LookupNames {
 	struct {
 		struct policy_handle *handle;/* [ref] */
-		uint32_t num_names;/* [range(0 1000)] */
+		uint32_t num_names;/* [range(0,1000)] */
 		struct lsa_String *names;/* [size_is(num_names)] */
-		uint16_t level;
+		enum lsa_LookupNamesLevel level;
 		struct lsa_TransSidArray *sids;/* [ref] */
 		uint32_t *count;/* [ref] */
 	} in;
 
 	struct {
-		struct lsa_RefDomainList *domains;/* [unique] */
+		struct lsa_RefDomainList **domains;/* [ref] */
 		struct lsa_TransSidArray *sids;/* [ref] */
 		uint32_t *count;/* [ref] */
 		NTSTATUS result;
@@ -679,7 +815,7 @@ struct lsa_LookupSids {
 	} in;
 
 	struct {
-		struct lsa_RefDomainList *domains;/* [unique] */
+		struct lsa_RefDomainList **domains;/* [ref] */
 		struct lsa_TransNameArray *names;/* [ref] */
 		uint32_t *count;/* [ref] */
 		NTSTATUS result;
@@ -724,7 +860,7 @@ struct lsa_EnumPrivsAccount {
 	} in;
 
 	struct {
-		struct lsa_PrivilegeSet *privs;/* [unique] */
+		struct lsa_PrivilegeSet **privs;/* [ref] */
 		NTSTATUS result;
 	} out;
 
@@ -776,6 +912,11 @@ struct lsa_SetQuotasForAccount {
 
 struct lsa_GetSystemAccessAccount {
 	struct {
+		struct policy_handle *handle;/* [ref] */
+	} in;
+
+	struct {
+		uint32_t *access_mask;/* [ref] */
 		NTSTATUS result;
 	} out;
 
@@ -784,6 +925,11 @@ struct lsa_GetSystemAccessAccount {
 
 struct lsa_SetSystemAccessAccount {
 	struct {
+		struct policy_handle *handle;/* [ref] */
+		uint32_t access_mask;
+	} in;
+
+	struct {
 		NTSTATUS result;
 	} out;
 
@@ -908,13 +1054,13 @@ struct lsa_LookupPrivDisplayName {
 	struct {
 		struct policy_handle *handle;/* [ref] */
 		struct lsa_String *name;/* [ref] */
-		uint16_t unknown;
-		uint16_t *language_id;/* [ref] */
+		uint16_t language_id;
+		uint16_t language_id_sys;
 	} in;
 
 	struct {
-		struct lsa_StringLarge *disp_name;/* [unique] */
-		uint16_t *language_id;/* [ref] */
+		struct lsa_StringLarge **disp_name;/* [ref] */
+		uint16_t *returned_language_id;/* [ref] */
 		NTSTATUS result;
 	} out;
 
@@ -923,6 +1069,11 @@ struct lsa_LookupPrivDisplayName {
 
 struct lsa_DeleteObject {
 	struct {
+		struct policy_handle *handle;/* [ref] */
+	} in;
+
+	struct {
+		struct policy_handle *handle;/* [ref] */
 		NTSTATUS result;
 	} out;
 
@@ -975,7 +1126,7 @@ struct lsa_RemoveAccountRights {
 	struct {
 		struct policy_handle *handle;/* [ref] */
 		struct dom_sid2 *sid;/* [ref] */
-		uint32_t unknown;
+		uint8_t remove_all;
 		struct lsa_RightSet *rights;/* [ref] */
 	} in;
 
@@ -1056,13 +1207,13 @@ struct lsa_OpenPolicy2 {
 struct lsa_GetUserName {
 	struct {
 		const char *system_name;/* [unique,charset(UTF16)] */
-		struct lsa_String *account_name;/* [unique] */
-		struct lsa_StringPointer *authority_name;/* [unique] */
+		struct lsa_String **account_name;/* [ref] */
+		struct lsa_String **authority_name;/* [unique] */
 	} in;
 
 	struct {
-		struct lsa_String *account_name;/* [unique] */
-		struct lsa_StringPointer *authority_name;/* [unique] */
+		struct lsa_String **account_name;/* [ref] */
+		struct lsa_String **authority_name;/* [unique] */
 		NTSTATUS result;
 	} out;
 
@@ -1076,7 +1227,7 @@ struct lsa_QueryInfoPolicy2 {
 	} in;
 
 	struct {
-		union lsa_PolicyInformation *info;/* [unique,switch_is(level)] */
+		union lsa_PolicyInformation **info;/* [ref,switch_is(level)] */
 		NTSTATUS result;
 	} out;
 
@@ -1100,12 +1251,12 @@ struct lsa_SetInfoPolicy2 {
 struct lsa_QueryTrustedDomainInfoByName {
 	struct {
 		struct policy_handle *handle;/* [ref] */
-		struct lsa_String trusted_domain;
+		struct lsa_String *trusted_domain;/* [ref] */
 		enum lsa_TrustDomInfoEnum level;
 	} in;
 
 	struct {
-		union lsa_TrustedDomainInfo *info;/* [unique,switch_is(level)] */
+		union lsa_TrustedDomainInfo *info;/* [ref,switch_is(level)] */
 		NTSTATUS result;
 	} out;
 
@@ -1227,7 +1378,7 @@ struct lsa_LookupSids2 {
 	} in;
 
 	struct {
-		struct lsa_RefDomainList *domains;/* [unique] */
+		struct lsa_RefDomainList **domains;/* [ref] */
 		struct lsa_TransNameArray2 *names;/* [ref] */
 		uint32_t *count;/* [ref] */
 		NTSTATUS result;
@@ -1239,9 +1390,9 @@ struct lsa_LookupSids2 {
 struct lsa_LookupNames2 {
 	struct {
 		struct policy_handle *handle;/* [ref] */
-		uint32_t num_names;/* [range(0 1000)] */
+		uint32_t num_names;/* [range(0,1000)] */
 		struct lsa_String *names;/* [size_is(num_names)] */
-		uint16_t level;
+		enum lsa_LookupNamesLevel level;
 		uint32_t unknown1;
 		uint32_t unknown2;
 		struct lsa_TransSidArray2 *sids;/* [ref] */
@@ -1249,7 +1400,7 @@ struct lsa_LookupNames2 {
 	} in;
 
 	struct {
-		struct lsa_RefDomainList *domains;/* [unique] */
+		struct lsa_RefDomainList **domains;/* [ref] */
 		struct lsa_TransSidArray2 *sids;/* [ref] */
 		uint32_t *count;/* [ref] */
 		NTSTATUS result;
@@ -1333,9 +1484,9 @@ struct lsa_CREDRPROFILELOADED {
 struct lsa_LookupNames3 {
 	struct {
 		struct policy_handle *handle;/* [ref] */
-		uint32_t num_names;/* [range(0 1000)] */
+		uint32_t num_names;/* [range(0,1000)] */
 		struct lsa_String *names;/* [size_is(num_names)] */
-		uint16_t level;
+		enum lsa_LookupNamesLevel level;
 		uint32_t unknown1;
 		uint32_t unknown2;
 		struct lsa_TransSidArray3 *sids;/* [ref] */
@@ -1343,7 +1494,7 @@ struct lsa_LookupNames3 {
 	} in;
 
 	struct {
-		struct lsa_RefDomainList *domains;/* [unique] */
+		struct lsa_RefDomainList **domains;/* [ref] */
 		struct lsa_TransSidArray3 *sids;/* [ref] */
 		uint32_t *count;/* [ref] */
 		NTSTATUS result;
@@ -1384,8 +1535,15 @@ struct lsa_LSARUNREGISTERAUDITEVENT {
 };
 
 
-struct lsa_LSARQUERYFORESTTRUSTINFORMATION {
+struct lsa_lsaRQueryForestTrustInformation {
+	struct {
+		struct policy_handle *handle;/* [ref] */
+		struct lsa_String *trusted_domain_name;/* [ref] */
+		uint16_t unknown;
+	} in;
+
 	struct {
+		struct lsa_ForestTrustInformation **forest_trust_info;/* [ref] */
 		NTSTATUS result;
 	} out;
 
@@ -1419,7 +1577,7 @@ struct lsa_LookupSids3 {
 	} in;
 
 	struct {
-		struct lsa_RefDomainList *domains;/* [unique] */
+		struct lsa_RefDomainList **domains;/* [ref] */
 		struct lsa_TransNameArray2 *names;/* [ref] */
 		uint32_t *count;/* [ref] */
 		NTSTATUS result;
@@ -1430,9 +1588,9 @@ struct lsa_LookupSids3 {
 
 struct lsa_LookupNames4 {
 	struct {
-		uint32_t num_names;/* [range(0 1000)] */
+		uint32_t num_names;/* [range(0,1000)] */
 		struct lsa_String *names;/* [size_is(num_names)] */
-		uint16_t level;
+		enum lsa_LookupNamesLevel level;
 		uint32_t unknown1;
 		uint32_t unknown2;
 		struct lsa_TransSidArray3 *sids;/* [ref] */
@@ -1440,7 +1598,7 @@ struct lsa_LookupNames4 {
 	} in;
 
 	struct {
-		struct lsa_RefDomainList *domains;/* [unique] */
+		struct lsa_RefDomainList **domains;/* [ref] */
 		struct lsa_TransSidArray3 *sids;/* [ref] */
 		uint32_t *count;/* [ref] */
 		NTSTATUS result;
diff --git a/source3/librpc/gen_ndr/misc.h b/source3/librpc/gen_ndr/misc.h
new file mode 100644
index 0000000000..4fa7415db7
--- /dev/null
+++ b/source3/librpc/gen_ndr/misc.h
@@ -0,0 +1,73 @@
+/* header auto-generated by pidl */
+
+#include <stdint.h>
+
+#ifndef _HEADER_misc
+#define _HEADER_misc
+
+struct GUID {
+	uint32_t time_low;
+	uint16_t time_mid;
+	uint16_t time_hi_and_version;
+	uint8_t clock_seq[2];
+	uint8_t node[6];
+}/* [noprint,gensize,public,noejs] */;
+
+struct ndr_syntax_id {
+	struct GUID uuid;
+	uint32_t if_version;
+}/* [public] */;
+
+struct policy_handle {
+	uint32_t handle_type;
+	struct GUID uuid;
+}/* [public] */;
+
+enum netr_SchannelType
+#ifndef USE_UINT_ENUMS
+ {
+	SEC_CHAN_WKSTA=2,
+	SEC_CHAN_DOMAIN=4,
+	SEC_CHAN_BDC=6
+}
+#else
+ { __donnot_use_enum_netr_SchannelType=0x7FFFFFFF}
+#define SEC_CHAN_WKSTA ( 2 )
+#define SEC_CHAN_DOMAIN ( 4 )
+#define SEC_CHAN_BDC ( 6 )
+#endif
+;
+
+enum netr_SamDatabaseID
+#ifndef USE_UINT_ENUMS
+ {
+	SAM_DATABASE_DOMAIN=0,
+	SAM_DATABASE_BUILTIN=1,
+	SAM_DATABASE_PRIVS=2
+}
+#else
+ { __donnot_use_enum_netr_SamDatabaseID=0x7FFFFFFF}
+#define SAM_DATABASE_DOMAIN ( 0 )
+#define SAM_DATABASE_BUILTIN ( 1 )
+#define SAM_DATABASE_PRIVS ( 2 )
+#endif
+;
+
+enum samr_RejectReason
+#ifndef USE_UINT_ENUMS
+ {
+	SAMR_REJECT_OTHER=0,
+	SAMR_REJECT_TOO_SHORT=1,
+	SAMR_REJECT_IN_HISTORY=2,
+	SAMR_REJECT_COMPLEXITY=5
+}
+#else
+ { __donnot_use_enum_samr_RejectReason=0x7FFFFFFF}
+#define SAMR_REJECT_OTHER ( 0 )
+#define SAMR_REJECT_TOO_SHORT ( 1 )
+#define SAMR_REJECT_IN_HISTORY ( 2 )
+#define SAMR_REJECT_COMPLEXITY ( 5 )
+#endif
+;
+
+#endif /* _HEADER_misc */
diff --git a/source3/librpc/gen_ndr/ndr_dfs.c b/source3/librpc/gen_ndr/ndr_dfs.c
index 4b26487a0d..2e9873e929 100644
--- a/source3/librpc/gen_ndr/ndr_dfs.c
+++ b/source3/librpc/gen_ndr/ndr_dfs.c
@@ -506,8 +506,7 @@ _PUBLIC_ void ndr_print_dfs_Info3(struct ndr_print *ndr, const char *name, const
 		ndr->depth++;
 		for (cntr_stores_1=0;cntr_stores_1<r->num_stores;cntr_stores_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_stores_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_stores_1) != -1) {
 				ndr_print_dfs_StorageInfo(ndr, "stores", &r->stores[cntr_stores_1]);
 				free(idx_1);
 			}
@@ -670,8 +669,7 @@ _PUBLIC_ void ndr_print_dfs_Info4(struct ndr_print *ndr, const char *name, const
 		ndr->depth++;
 		for (cntr_stores_1=0;cntr_stores_1<r->num_stores;cntr_stores_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_stores_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_stores_1) != -1) {
 				ndr_print_dfs_StorageInfo(ndr, "stores", &r->stores[cntr_stores_1]);
 				free(idx_1);
 			}
@@ -1079,8 +1077,7 @@ _PUBLIC_ void ndr_print_dfs_Info6(struct ndr_print *ndr, const char *name, const
 		ndr->depth++;
 		for (cntr_stores_1=0;cntr_stores_1<r->num_stores;cntr_stores_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_stores_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_stores_1) != -1) {
 				ndr_print_dfs_StorageInfo2(ndr, "stores", &r->stores[cntr_stores_1]);
 				free(idx_1);
 			}
@@ -1562,65 +1559,65 @@ static enum ndr_err_code ndr_push_dfs_Info(struct ndr_push *ndr, int ndr_flags,
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 0:
+			case 0: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info0));
-			break;
+			break; }
 
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1));
-			break;
+			break; }
 
-			case 2:
+			case 2: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info2));
-			break;
+			break; }
 
-			case 3:
+			case 3: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info3));
-			break;
+			break; }
 
-			case 4:
+			case 4: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info4));
-			break;
+			break; }
 
-			case 5:
+			case 5: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info5));
-			break;
+			break; }
 
-			case 6:
+			case 6: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info6));
-			break;
+			break; }
 
-			case 7:
+			case 7: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info7));
-			break;
+			break; }
 
-			case 100:
+			case 100: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info100));
-			break;
+			break; }
 
-			case 101:
+			case 101: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info101));
-			break;
+			break; }
 
-			case 102:
+			case 102: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info102));
-			break;
+			break; }
 
-			case 103:
+			case 103: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info103));
-			break;
+			break; }
 
-			case 104:
+			case 104: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info104));
-			break;
+			break; }
 
-			case 105:
+			case 105: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info105));
-			break;
+			break; }
 
-			case 106:
+			case 106: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info106));
-			break;
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
@@ -2271,8 +2268,7 @@ _PUBLIC_ void ndr_print_dfs_EnumArray1(struct ndr_print *ndr, const char *name,
 		ndr->depth++;
 		for (cntr_s_1=0;cntr_s_1<r->count;cntr_s_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_s_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_s_1) != -1) {
 				ndr_print_dfs_Info1(ndr, "s", &r->s[cntr_s_1]);
 				free(idx_1);
 			}
@@ -2358,8 +2354,7 @@ _PUBLIC_ void ndr_print_dfs_EnumArray2(struct ndr_print *ndr, const char *name,
 		ndr->depth++;
 		for (cntr_s_1=0;cntr_s_1<r->count;cntr_s_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_s_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_s_1) != -1) {
 				ndr_print_dfs_Info2(ndr, "s", &r->s[cntr_s_1]);
 				free(idx_1);
 			}
@@ -2445,8 +2440,7 @@ _PUBLIC_ void ndr_print_dfs_EnumArray3(struct ndr_print *ndr, const char *name,
 		ndr->depth++;
 		for (cntr_s_1=0;cntr_s_1<r->count;cntr_s_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_s_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_s_1) != -1) {
 				ndr_print_dfs_Info3(ndr, "s", &r->s[cntr_s_1]);
 				free(idx_1);
 			}
@@ -2532,8 +2526,7 @@ _PUBLIC_ void ndr_print_dfs_EnumArray4(struct ndr_print *ndr, const char *name,
 		ndr->depth++;
 		for (cntr_s_1=0;cntr_s_1<r->count;cntr_s_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_s_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_s_1) != -1) {
 				ndr_print_dfs_Info4(ndr, "s", &r->s[cntr_s_1]);
 				free(idx_1);
 			}
@@ -2544,6 +2537,178 @@ _PUBLIC_ void ndr_print_dfs_EnumArray4(struct ndr_print *ndr, const char *name,
 	ndr->depth--;
 }
 
+static enum ndr_err_code ndr_push_dfs_EnumArray5(struct ndr_push *ndr, int ndr_flags, const struct dfs_EnumArray5 *r)
+{
+	uint32_t cntr_s_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->s));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->s) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+			for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) {
+				NDR_CHECK(ndr_push_dfs_Info5(ndr, NDR_SCALARS, &r->s[cntr_s_1]));
+			}
+			for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) {
+				NDR_CHECK(ndr_push_dfs_Info5(ndr, NDR_BUFFERS, &r->s[cntr_s_1]));
+			}
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dfs_EnumArray5(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray5 *r)
+{
+	uint32_t _ptr_s;
+	uint32_t cntr_s_1;
+	TALLOC_CTX *_mem_save_s_0;
+	TALLOC_CTX *_mem_save_s_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_s));
+		if (_ptr_s) {
+			NDR_PULL_ALLOC(ndr, r->s);
+		} else {
+			r->s = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->s) {
+			_mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->s, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->s));
+			NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s));
+			_mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->s, 0);
+			for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) {
+				NDR_CHECK(ndr_pull_dfs_Info5(ndr, NDR_SCALARS, &r->s[cntr_s_1]));
+			}
+			for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) {
+				NDR_CHECK(ndr_pull_dfs_Info5(ndr, NDR_BUFFERS, &r->s[cntr_s_1]));
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_0, 0);
+		}
+		if (r->s) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->s, r->count));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dfs_EnumArray5(struct ndr_print *ndr, const char *name, const struct dfs_EnumArray5 *r)
+{
+	uint32_t cntr_s_1;
+	ndr_print_struct(ndr, name, "dfs_EnumArray5");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "count", r->count);
+	ndr_print_ptr(ndr, "s", r->s);
+	ndr->depth++;
+	if (r->s) {
+		ndr->print(ndr, "%s: ARRAY(%d)", "s", r->count);
+		ndr->depth++;
+		for (cntr_s_1=0;cntr_s_1<r->count;cntr_s_1++) {
+			char *idx_1=NULL;
+			if (asprintf(&idx_1, "[%d]", cntr_s_1) != -1) {
+				ndr_print_dfs_Info5(ndr, "s", &r->s[cntr_s_1]);
+				free(idx_1);
+			}
+		}
+		ndr->depth--;
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_dfs_EnumArray6(struct ndr_push *ndr, int ndr_flags, const struct dfs_EnumArray6 *r)
+{
+	uint32_t cntr_s_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->s));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->s) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+			for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) {
+				NDR_CHECK(ndr_push_dfs_Info6(ndr, NDR_SCALARS, &r->s[cntr_s_1]));
+			}
+			for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) {
+				NDR_CHECK(ndr_push_dfs_Info6(ndr, NDR_BUFFERS, &r->s[cntr_s_1]));
+			}
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dfs_EnumArray6(struct ndr_pull *ndr, int ndr_flags, struct dfs_EnumArray6 *r)
+{
+	uint32_t _ptr_s;
+	uint32_t cntr_s_1;
+	TALLOC_CTX *_mem_save_s_0;
+	TALLOC_CTX *_mem_save_s_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_s));
+		if (_ptr_s) {
+			NDR_PULL_ALLOC(ndr, r->s);
+		} else {
+			r->s = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->s) {
+			_mem_save_s_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->s, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->s));
+			NDR_PULL_ALLOC_N(ndr, r->s, ndr_get_array_size(ndr, &r->s));
+			_mem_save_s_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->s, 0);
+			for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) {
+				NDR_CHECK(ndr_pull_dfs_Info6(ndr, NDR_SCALARS, &r->s[cntr_s_1]));
+			}
+			for (cntr_s_1 = 0; cntr_s_1 < r->count; cntr_s_1++) {
+				NDR_CHECK(ndr_pull_dfs_Info6(ndr, NDR_BUFFERS, &r->s[cntr_s_1]));
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_1, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s_0, 0);
+		}
+		if (r->s) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->s, r->count));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dfs_EnumArray6(struct ndr_print *ndr, const char *name, const struct dfs_EnumArray6 *r)
+{
+	uint32_t cntr_s_1;
+	ndr_print_struct(ndr, name, "dfs_EnumArray6");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "count", r->count);
+	ndr_print_ptr(ndr, "s", r->s);
+	ndr->depth++;
+	if (r->s) {
+		ndr->print(ndr, "%s: ARRAY(%d)", "s", r->count);
+		ndr->depth++;
+		for (cntr_s_1=0;cntr_s_1<r->count;cntr_s_1++) {
+			char *idx_1=NULL;
+			if (asprintf(&idx_1, "[%d]", cntr_s_1) != -1) {
+				ndr_print_dfs_Info6(ndr, "s", &r->s[cntr_s_1]);
+				free(idx_1);
+			}
+		}
+		ndr->depth--;
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
 static enum ndr_err_code ndr_push_dfs_EnumArray200(struct ndr_push *ndr, int ndr_flags, const struct dfs_EnumArray200 *r)
 {
 	uint32_t cntr_s_1;
@@ -2619,8 +2784,7 @@ _PUBLIC_ void ndr_print_dfs_EnumArray200(struct ndr_print *ndr, const char *name
 		ndr->depth++;
 		for (cntr_s_1=0;cntr_s_1<r->count;cntr_s_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_s_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_s_1) != -1) {
 				ndr_print_dfs_Info200(ndr, "s", &r->s[cntr_s_1]);
 				free(idx_1);
 			}
@@ -2706,8 +2870,7 @@ _PUBLIC_ void ndr_print_dfs_EnumArray300(struct ndr_print *ndr, const char *name
 		ndr->depth++;
 		for (cntr_s_1=0;cntr_s_1<r->count;cntr_s_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_s_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_s_1) != -1) {
 				ndr_print_dfs_Info300(ndr, "s", &r->s[cntr_s_1]);
 				free(idx_1);
 			}
@@ -2724,29 +2887,37 @@ static enum ndr_err_code ndr_push_dfs_EnumInfo(struct ndr_push *ndr, int ndr_fla
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1));
-			break;
+			break; }
 
-			case 2:
+			case 2: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info2));
-			break;
+			break; }
 
-			case 3:
+			case 3: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info3));
-			break;
+			break; }
 
-			case 4:
+			case 4: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info4));
-			break;
+			break; }
 
-			case 200:
+			case 5: {
+				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info5));
+			break; }
+
+			case 6: {
+				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info6));
+			break; }
+
+			case 200: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info200));
-			break;
+			break; }
 
-			case 300:
+			case 300: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info300));
-			break;
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
@@ -2779,6 +2950,18 @@ static enum ndr_err_code ndr_push_dfs_EnumInfo(struct ndr_push *ndr, int ndr_fla
 				}
 			break;
 
+			case 5:
+				if (r->info5) {
+					NDR_CHECK(ndr_push_dfs_EnumArray5(ndr, NDR_SCALARS|NDR_BUFFERS, r->info5));
+				}
+			break;
+
+			case 6:
+				if (r->info6) {
+					NDR_CHECK(ndr_push_dfs_EnumArray6(ndr, NDR_SCALARS|NDR_BUFFERS, r->info6));
+				}
+			break;
+
 			case 200:
 				if (r->info200) {
 					NDR_CHECK(ndr_push_dfs_EnumArray200(ndr, NDR_SCALARS|NDR_BUFFERS, r->info200));
@@ -2806,6 +2989,8 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla
 	TALLOC_CTX *_mem_save_info2_0;
 	TALLOC_CTX *_mem_save_info3_0;
 	TALLOC_CTX *_mem_save_info4_0;
+	TALLOC_CTX *_mem_save_info5_0;
+	TALLOC_CTX *_mem_save_info6_0;
 	TALLOC_CTX *_mem_save_info200_0;
 	TALLOC_CTX *_mem_save_info300_0;
 	level = ndr_pull_get_switch_value(ndr, r);
@@ -2855,6 +3040,26 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla
 				}
 			break; }
 
+			case 5: {
+				uint32_t _ptr_info5;
+				NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info5));
+				if (_ptr_info5) {
+					NDR_PULL_ALLOC(ndr, r->info5);
+				} else {
+					r->info5 = NULL;
+				}
+			break; }
+
+			case 6: {
+				uint32_t _ptr_info6;
+				NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info6));
+				if (_ptr_info6) {
+					NDR_PULL_ALLOC(ndr, r->info6);
+				} else {
+					r->info6 = NULL;
+				}
+			break; }
+
 			case 200: {
 				uint32_t _ptr_info200;
 				NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info200));
@@ -2917,6 +3122,24 @@ static enum ndr_err_code ndr_pull_dfs_EnumInfo(struct ndr_pull *ndr, int ndr_fla
 				}
 			break;
 
+			case 5:
+				if (r->info5) {
+					_mem_save_info5_0 = NDR_PULL_GET_MEM_CTX(ndr);
+					NDR_PULL_SET_MEM_CTX(ndr, r->info5, 0);
+					NDR_CHECK(ndr_pull_dfs_EnumArray5(ndr, NDR_SCALARS|NDR_BUFFERS, r->info5));
+					NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info5_0, 0);
+				}
+			break;
+
+			case 6:
+				if (r->info6) {
+					_mem_save_info6_0 = NDR_PULL_GET_MEM_CTX(ndr);
+					NDR_PULL_SET_MEM_CTX(ndr, r->info6, 0);
+					NDR_CHECK(ndr_pull_dfs_EnumArray6(ndr, NDR_SCALARS|NDR_BUFFERS, r->info6));
+					NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info6_0, 0);
+				}
+			break;
+
 			case 200:
 				if (r->info200) {
 					_mem_save_info200_0 = NDR_PULL_GET_MEM_CTX(ndr);
@@ -2984,6 +3207,24 @@ _PUBLIC_ void ndr_print_dfs_EnumInfo(struct ndr_print *ndr, const char *name, co
 			ndr->depth--;
 		break;
 
+		case 5:
+			ndr_print_ptr(ndr, "info5", r->info5);
+			ndr->depth++;
+			if (r->info5) {
+				ndr_print_dfs_EnumArray5(ndr, "info5", r->info5);
+			}
+			ndr->depth--;
+		break;
+
+		case 6:
+			ndr_print_ptr(ndr, "info6", r->info6);
+			ndr->depth++;
+			if (r->info6) {
+				ndr_print_dfs_EnumArray6(ndr, "info6", r->info6);
+			}
+			ndr->depth--;
+		break;
+
 		case 200:
 			ndr_print_ptr(ndr, "info200", r->info200);
 			ndr->depth++;
@@ -4715,8 +4956,48 @@ _PUBLIC_ void ndr_print_dfs_AddStdRootForced(struct ndr_print *ndr, const char *
 static enum ndr_err_code ndr_push_dfs_GetDcAddress(struct ndr_push *ndr, int flags, const struct dfs_GetDcAddress *r)
 {
 	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.servername, CH_UTF16)));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.servername, CH_UTF16)));
+		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.servername, ndr_charset_length(r->in.servername, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		if (r->in.server_fullname == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->in.server_fullname));
+		if (*r->in.server_fullname) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->in.server_fullname, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->in.server_fullname, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->in.server_fullname, ndr_charset_length(*r->in.server_fullname, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		if (r->in.is_root == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, *r->in.is_root));
+		if (r->in.ttl == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.ttl));
 	}
 	if (flags & NDR_OUT) {
+		if (r->out.server_fullname == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.server_fullname));
+		if (*r->out.server_fullname) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.server_fullname, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.server_fullname, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.server_fullname, ndr_charset_length(*r->out.server_fullname, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		if (r->out.is_root == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, *r->out.is_root));
+		if (r->out.ttl == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.ttl));
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -4724,9 +5005,105 @@ static enum ndr_err_code ndr_push_dfs_GetDcAddress(struct ndr_push *ndr, int fla
 
 static enum ndr_err_code ndr_pull_dfs_GetDcAddress(struct ndr_pull *ndr, int flags, struct dfs_GetDcAddress *r)
 {
+	uint32_t _ptr_server_fullname;
+	TALLOC_CTX *_mem_save_server_fullname_0;
+	TALLOC_CTX *_mem_save_server_fullname_1;
+	TALLOC_CTX *_mem_save_is_root_0;
+	TALLOC_CTX *_mem_save_ttl_0;
 	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername));
+		NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername));
+		if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) {
+			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername));
+		}
+		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t)));
+		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.server_fullname);
+		}
+		_mem_save_server_fullname_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.server_fullname, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_fullname));
+		if (_ptr_server_fullname) {
+			NDR_PULL_ALLOC(ndr, *r->in.server_fullname);
+		} else {
+			*r->in.server_fullname = NULL;
+		}
+		if (*r->in.server_fullname) {
+			_mem_save_server_fullname_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->in.server_fullname, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, r->in.server_fullname));
+			NDR_CHECK(ndr_pull_array_length(ndr, r->in.server_fullname));
+			if (ndr_get_array_length(ndr, r->in.server_fullname) > ndr_get_array_size(ndr, r->in.server_fullname)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->in.server_fullname), ndr_get_array_length(ndr, r->in.server_fullname));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->in.server_fullname), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->in.server_fullname, ndr_get_array_length(ndr, r->in.server_fullname), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_fullname_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_fullname_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.is_root);
+		}
+		_mem_save_is_root_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.is_root, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, r->in.is_root));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_is_root_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.ttl);
+		}
+		_mem_save_ttl_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.ttl, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.ttl));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ttl_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.server_fullname);
+		*r->out.server_fullname = *r->in.server_fullname;
+		NDR_PULL_ALLOC(ndr, r->out.is_root);
+		*r->out.is_root = *r->in.is_root;
+		NDR_PULL_ALLOC(ndr, r->out.ttl);
+		*r->out.ttl = *r->in.ttl;
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.server_fullname);
+		}
+		_mem_save_server_fullname_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.server_fullname, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_fullname));
+		if (_ptr_server_fullname) {
+			NDR_PULL_ALLOC(ndr, *r->out.server_fullname);
+		} else {
+			*r->out.server_fullname = NULL;
+		}
+		if (*r->out.server_fullname) {
+			_mem_save_server_fullname_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.server_fullname, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, r->out.server_fullname));
+			NDR_CHECK(ndr_pull_array_length(ndr, r->out.server_fullname));
+			if (ndr_get_array_length(ndr, r->out.server_fullname) > ndr_get_array_size(ndr, r->out.server_fullname)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.server_fullname), ndr_get_array_length(ndr, r->out.server_fullname));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.server_fullname), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.server_fullname, ndr_get_array_length(ndr, r->out.server_fullname), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_fullname_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_fullname_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.is_root);
+		}
+		_mem_save_is_root_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.is_root, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, r->out.is_root));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_is_root_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.ttl);
+		}
+		_mem_save_ttl_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.ttl, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.ttl));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ttl_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -4742,11 +5119,46 @@ _PUBLIC_ void ndr_print_dfs_GetDcAddress(struct ndr_print *ndr, const char *name
 	if (flags & NDR_IN) {
 		ndr_print_struct(ndr, "in", "dfs_GetDcAddress");
 		ndr->depth++;
+		ndr_print_string(ndr, "servername", r->in.servername);
+		ndr_print_ptr(ndr, "server_fullname", r->in.server_fullname);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "server_fullname", *r->in.server_fullname);
+		ndr->depth++;
+		if (*r->in.server_fullname) {
+			ndr_print_string(ndr, "server_fullname", *r->in.server_fullname);
+		}
+		ndr->depth--;
+		ndr->depth--;
+		ndr_print_ptr(ndr, "is_root", r->in.is_root);
+		ndr->depth++;
+		ndr_print_uint8(ndr, "is_root", *r->in.is_root);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "ttl", r->in.ttl);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "ttl", *r->in.ttl);
+		ndr->depth--;
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
 		ndr_print_struct(ndr, "out", "dfs_GetDcAddress");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "server_fullname", r->out.server_fullname);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "server_fullname", *r->out.server_fullname);
+		ndr->depth++;
+		if (*r->out.server_fullname) {
+			ndr_print_string(ndr, "server_fullname", *r->out.server_fullname);
+		}
+		ndr->depth--;
+		ndr->depth--;
+		ndr_print_ptr(ndr, "is_root", r->out.is_root);
+		ndr->depth++;
+		ndr_print_uint8(ndr, "is_root", *r->out.is_root);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "ttl", r->out.ttl);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "ttl", *r->out.ttl);
+		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -4756,6 +5168,16 @@ _PUBLIC_ void ndr_print_dfs_GetDcAddress(struct ndr_print *ndr, const char *name
 static enum ndr_err_code ndr_push_dfs_SetDcAddress(struct ndr_push *ndr, int flags, const struct dfs_SetDcAddress *r)
 {
 	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.servername, CH_UTF16)));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.servername, CH_UTF16)));
+		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.servername, ndr_charset_length(r->in.servername, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_fullname, CH_UTF16)));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_fullname, CH_UTF16)));
+		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.server_fullname, ndr_charset_length(r->in.server_fullname, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.flags));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.ttl));
 	}
 	if (flags & NDR_OUT) {
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
@@ -4766,6 +5188,22 @@ static enum ndr_err_code ndr_push_dfs_SetDcAddress(struct ndr_push *ndr, int fla
 static enum ndr_err_code ndr_pull_dfs_SetDcAddress(struct ndr_pull *ndr, int flags, struct dfs_SetDcAddress *r)
 {
 	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_pull_array_size(ndr, &r->in.servername));
+		NDR_CHECK(ndr_pull_array_length(ndr, &r->in.servername));
+		if (ndr_get_array_length(ndr, &r->in.servername) > ndr_get_array_size(ndr, &r->in.servername)) {
+			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.servername), ndr_get_array_length(ndr, &r->in.servername));
+		}
+		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t)));
+		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.servername, ndr_get_array_length(ndr, &r->in.servername), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_fullname));
+		NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_fullname));
+		if (ndr_get_array_length(ndr, &r->in.server_fullname) > ndr_get_array_size(ndr, &r->in.server_fullname)) {
+			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_fullname), ndr_get_array_length(ndr, &r->in.server_fullname));
+		}
+		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_fullname), sizeof(uint16_t)));
+		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_fullname, ndr_get_array_length(ndr, &r->in.server_fullname), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.ttl));
 	}
 	if (flags & NDR_OUT) {
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
@@ -4783,6 +5221,10 @@ _PUBLIC_ void ndr_print_dfs_SetDcAddress(struct ndr_print *ndr, const char *name
 	if (flags & NDR_IN) {
 		ndr_print_struct(ndr, "in", "dfs_SetDcAddress");
 		ndr->depth++;
+		ndr_print_string(ndr, "servername", r->in.servername);
+		ndr_print_string(ndr, "server_fullname", r->in.server_fullname);
+		ndr_print_uint32(ndr, "flags", r->in.flags);
+		ndr_print_uint32(ndr, "ttl", r->in.ttl);
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
@@ -5325,10 +5767,12 @@ static const struct ndr_interface_call netdfs_calls[] = {
 
 static const char * const netdfs_endpoint_strings[] = {
 	"ncacn_np:[\\pipe\\netdfs]", 
+	"ncacn_ip_tcp:", 
+	"ncalrpc:", 
 };
 
 static const struct ndr_interface_string_array netdfs_endpoints = {
-	.count	= 1,
+	.count	= 3,
 	.names	= netdfs_endpoint_strings
 };
 
@@ -5337,7 +5781,7 @@ static const char * const netdfs_authservice_strings[] = {
 };
 
 static const struct ndr_interface_string_array netdfs_authservices = {
-	.count	= 1,
+	.count	= 3,
 	.names	= netdfs_authservice_strings
 };
 
diff --git a/source3/librpc/gen_ndr/ndr_dfs.h b/source3/librpc/gen_ndr/ndr_dfs.h
index e4b00f322a..a7c66f9693 100644
--- a/source3/librpc/gen_ndr/ndr_dfs.h
+++ b/source3/librpc/gen_ndr/ndr_dfs.h
@@ -95,6 +95,8 @@ void ndr_print_dfs_EnumArray1(struct ndr_print *ndr, const char *name, const str
 void ndr_print_dfs_EnumArray2(struct ndr_print *ndr, const char *name, const struct dfs_EnumArray2 *r);
 void ndr_print_dfs_EnumArray3(struct ndr_print *ndr, const char *name, const struct dfs_EnumArray3 *r);
 void ndr_print_dfs_EnumArray4(struct ndr_print *ndr, const char *name, const struct dfs_EnumArray4 *r);
+void ndr_print_dfs_EnumArray5(struct ndr_print *ndr, const char *name, const struct dfs_EnumArray5 *r);
+void ndr_print_dfs_EnumArray6(struct ndr_print *ndr, const char *name, const struct dfs_EnumArray6 *r);
 void ndr_print_dfs_EnumArray200(struct ndr_print *ndr, const char *name, const struct dfs_EnumArray200 *r);
 void ndr_print_dfs_EnumArray300(struct ndr_print *ndr, const char *name, const struct dfs_EnumArray300 *r);
 void ndr_print_dfs_EnumInfo(struct ndr_print *ndr, const char *name, const union dfs_EnumInfo *r);
diff --git a/source3/librpc/gen_ndr/ndr_dssetup.c b/source3/librpc/gen_ndr/ndr_dssetup.c
new file mode 100644
index 0000000000..bdad3c44f6
--- /dev/null
+++ b/source3/librpc/gen_ndr/ndr_dssetup.c
@@ -0,0 +1,1082 @@
+/* parser auto-generated by pidl */
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_dssetup.h"
+
+#include "librpc/gen_ndr/ndr_misc.h"
+static enum ndr_err_code ndr_push_dssetup_DsRole(struct ndr_push *ndr, int ndr_flags, enum dssetup_DsRole r)
+{
+	NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsRole(struct ndr_pull *ndr, int ndr_flags, enum dssetup_DsRole *r)
+{
+	uint16_t v;
+	NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsRole(struct ndr_print *ndr, const char *name, enum dssetup_DsRole r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case DS_ROLE_STANDALONE_WORKSTATION: val = "DS_ROLE_STANDALONE_WORKSTATION"; break;
+		case DS_ROLE_MEMBER_WORKSTATION: val = "DS_ROLE_MEMBER_WORKSTATION"; break;
+		case DS_ROLE_STANDALONE_SERVER: val = "DS_ROLE_STANDALONE_SERVER"; break;
+		case DS_ROLE_MEMBER_SERVER: val = "DS_ROLE_MEMBER_SERVER"; break;
+		case DS_ROLE_BACKUP_DC: val = "DS_ROLE_BACKUP_DC"; break;
+		case DS_ROLE_PRIMARY_DC: val = "DS_ROLE_PRIMARY_DC"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
+static enum ndr_err_code ndr_push_dssetup_DsRoleFlags(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsRoleFlags(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsRoleFlags(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+	ndr_print_uint32(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_ROLE_PRIMARY_DS_RUNNING", DS_ROLE_PRIMARY_DS_RUNNING, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_ROLE_PRIMARY_DS_MIXED_MODE", DS_ROLE_PRIMARY_DS_MIXED_MODE, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_ROLE_UPGRADE_IN_PROGRESS", DS_ROLE_UPGRADE_IN_PROGRESS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT", DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT, r);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_dssetup_DsRolePrimaryDomInfoBasic(struct ndr_push *ndr, int ndr_flags, const struct dssetup_DsRolePrimaryDomInfoBasic *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_dssetup_DsRole(ndr, NDR_SCALARS, r->role));
+		NDR_CHECK(ndr_push_dssetup_DsRoleFlags(ndr, NDR_SCALARS, r->flags));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->domain));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->dns_domain));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->forest));
+		NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS, &r->domain_guid));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->domain) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->domain, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->domain, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->domain, ndr_charset_length(r->domain, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		if (r->dns_domain) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->dns_domain, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->dns_domain, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->dns_domain, ndr_charset_length(r->dns_domain, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		if (r->forest) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->forest, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->forest, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->forest, ndr_charset_length(r->forest, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsRolePrimaryDomInfoBasic(struct ndr_pull *ndr, int ndr_flags, struct dssetup_DsRolePrimaryDomInfoBasic *r)
+{
+	uint32_t _ptr_domain;
+	TALLOC_CTX *_mem_save_domain_0;
+	uint32_t _ptr_dns_domain;
+	TALLOC_CTX *_mem_save_dns_domain_0;
+	uint32_t _ptr_forest;
+	TALLOC_CTX *_mem_save_forest_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_dssetup_DsRole(ndr, NDR_SCALARS, &r->role));
+		NDR_CHECK(ndr_pull_dssetup_DsRoleFlags(ndr, NDR_SCALARS, &r->flags));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain));
+		if (_ptr_domain) {
+			NDR_PULL_ALLOC(ndr, r->domain);
+		} else {
+			r->domain = NULL;
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dns_domain));
+		if (_ptr_dns_domain) {
+			NDR_PULL_ALLOC(ndr, r->dns_domain);
+		} else {
+			r->dns_domain = NULL;
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_forest));
+		if (_ptr_forest) {
+			NDR_PULL_ALLOC(ndr, r->forest);
+		} else {
+			r->forest = NULL;
+		}
+		NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->domain_guid));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->domain) {
+			_mem_save_domain_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->domain, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->domain));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->domain));
+			if (ndr_get_array_length(ndr, &r->domain) > ndr_get_array_size(ndr, &r->domain)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->domain), ndr_get_array_length(ndr, &r->domain));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->domain, ndr_get_array_length(ndr, &r->domain), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0);
+		}
+		if (r->dns_domain) {
+			_mem_save_dns_domain_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->dns_domain, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->dns_domain));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->dns_domain));
+			if (ndr_get_array_length(ndr, &r->dns_domain) > ndr_get_array_size(ndr, &r->dns_domain)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dns_domain), ndr_get_array_length(ndr, &r->dns_domain));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dns_domain), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dns_domain, ndr_get_array_length(ndr, &r->dns_domain), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dns_domain_0, 0);
+		}
+		if (r->forest) {
+			_mem_save_forest_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->forest, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->forest));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->forest));
+			if (ndr_get_array_length(ndr, &r->forest) > ndr_get_array_size(ndr, &r->forest)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->forest), ndr_get_array_length(ndr, &r->forest));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->forest), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->forest, ndr_get_array_length(ndr, &r->forest), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_forest_0, 0);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsRolePrimaryDomInfoBasic(struct ndr_print *ndr, const char *name, const struct dssetup_DsRolePrimaryDomInfoBasic *r)
+{
+	ndr_print_struct(ndr, name, "dssetup_DsRolePrimaryDomInfoBasic");
+	ndr->depth++;
+	ndr_print_dssetup_DsRole(ndr, "role", r->role);
+	ndr_print_dssetup_DsRoleFlags(ndr, "flags", r->flags);
+	ndr_print_ptr(ndr, "domain", r->domain);
+	ndr->depth++;
+	if (r->domain) {
+		ndr_print_string(ndr, "domain", r->domain);
+	}
+	ndr->depth--;
+	ndr_print_ptr(ndr, "dns_domain", r->dns_domain);
+	ndr->depth++;
+	if (r->dns_domain) {
+		ndr_print_string(ndr, "dns_domain", r->dns_domain);
+	}
+	ndr->depth--;
+	ndr_print_ptr(ndr, "forest", r->forest);
+	ndr->depth++;
+	if (r->forest) {
+		ndr_print_string(ndr, "forest", r->forest);
+	}
+	ndr->depth--;
+	ndr_print_GUID(ndr, "domain_guid", &r->domain_guid);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_dssetup_DsUpgrade(struct ndr_push *ndr, int ndr_flags, enum dssetup_DsUpgrade r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsUpgrade(struct ndr_pull *ndr, int ndr_flags, enum dssetup_DsUpgrade *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsUpgrade(struct ndr_print *ndr, const char *name, enum dssetup_DsUpgrade r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case DS_ROLE_NOT_UPGRADING: val = "DS_ROLE_NOT_UPGRADING"; break;
+		case DS_ROLE_UPGRADING: val = "DS_ROLE_UPGRADING"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
+static enum ndr_err_code ndr_push_dssetup_DsPrevious(struct ndr_push *ndr, int ndr_flags, enum dssetup_DsPrevious r)
+{
+	NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsPrevious(struct ndr_pull *ndr, int ndr_flags, enum dssetup_DsPrevious *r)
+{
+	uint16_t v;
+	NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsPrevious(struct ndr_print *ndr, const char *name, enum dssetup_DsPrevious r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case DS_ROLE_PREVIOUS_UNKNOWN: val = "DS_ROLE_PREVIOUS_UNKNOWN"; break;
+		case DS_ROLE_PREVIOUS_PRIMARY: val = "DS_ROLE_PREVIOUS_PRIMARY"; break;
+		case DS_ROLE_PREVIOUS_BACKUP: val = "DS_ROLE_PREVIOUS_BACKUP"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
+static enum ndr_err_code ndr_push_dssetup_DsRoleUpgradeStatus(struct ndr_push *ndr, int ndr_flags, const struct dssetup_DsRoleUpgradeStatus *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_dssetup_DsUpgrade(ndr, NDR_SCALARS, r->upgrading));
+		NDR_CHECK(ndr_push_dssetup_DsPrevious(ndr, NDR_SCALARS, r->previous_role));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsRoleUpgradeStatus(struct ndr_pull *ndr, int ndr_flags, struct dssetup_DsRoleUpgradeStatus *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_dssetup_DsUpgrade(ndr, NDR_SCALARS, &r->upgrading));
+		NDR_CHECK(ndr_pull_dssetup_DsPrevious(ndr, NDR_SCALARS, &r->previous_role));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsRoleUpgradeStatus(struct ndr_print *ndr, const char *name, const struct dssetup_DsRoleUpgradeStatus *r)
+{
+	ndr_print_struct(ndr, name, "dssetup_DsRoleUpgradeStatus");
+	ndr->depth++;
+	ndr_print_dssetup_DsUpgrade(ndr, "upgrading", r->upgrading);
+	ndr_print_dssetup_DsPrevious(ndr, "previous_role", r->previous_role);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_dssetup_DsRoleOp(struct ndr_push *ndr, int ndr_flags, enum dssetup_DsRoleOp r)
+{
+	NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsRoleOp(struct ndr_pull *ndr, int ndr_flags, enum dssetup_DsRoleOp *r)
+{
+	uint16_t v;
+	NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsRoleOp(struct ndr_print *ndr, const char *name, enum dssetup_DsRoleOp r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case DS_ROLE_OP_IDLE: val = "DS_ROLE_OP_IDLE"; break;
+		case DS_ROLE_OP_ACTIVE: val = "DS_ROLE_OP_ACTIVE"; break;
+		case DS_ROLE_OP_NEEDS_REBOOT: val = "DS_ROLE_OP_NEEDS_REBOOT"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
+static enum ndr_err_code ndr_push_dssetup_DsRoleOpStatus(struct ndr_push *ndr, int ndr_flags, const struct dssetup_DsRoleOpStatus *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 2));
+		NDR_CHECK(ndr_push_dssetup_DsRoleOp(ndr, NDR_SCALARS, r->status));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsRoleOpStatus(struct ndr_pull *ndr, int ndr_flags, struct dssetup_DsRoleOpStatus *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 2));
+		NDR_CHECK(ndr_pull_dssetup_DsRoleOp(ndr, NDR_SCALARS, &r->status));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsRoleOpStatus(struct ndr_print *ndr, const char *name, const struct dssetup_DsRoleOpStatus *r)
+{
+	ndr_print_struct(ndr, name, "dssetup_DsRoleOpStatus");
+	ndr->depth++;
+	ndr_print_dssetup_DsRoleOp(ndr, "status", r->status);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_dssetup_DsRoleInfoLevel(struct ndr_push *ndr, int ndr_flags, enum dssetup_DsRoleInfoLevel r)
+{
+	NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsRoleInfoLevel(struct ndr_pull *ndr, int ndr_flags, enum dssetup_DsRoleInfoLevel *r)
+{
+	uint16_t v;
+	NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsRoleInfoLevel(struct ndr_print *ndr, const char *name, enum dssetup_DsRoleInfoLevel r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case DS_ROLE_BASIC_INFORMATION: val = "DS_ROLE_BASIC_INFORMATION"; break;
+		case DS_ROLE_UPGRADE_STATUS: val = "DS_ROLE_UPGRADE_STATUS"; break;
+		case DS_ROLE_OP_STATUS: val = "DS_ROLE_OP_STATUS"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
+static enum ndr_err_code ndr_push_dssetup_DsRoleInfo(struct ndr_push *ndr, int ndr_flags, const union dssetup_DsRoleInfo *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		NDR_CHECK(ndr_push_dssetup_DsRoleInfoLevel(ndr, NDR_SCALARS, level));
+		switch (level) {
+			case DS_ROLE_BASIC_INFORMATION: {
+				NDR_CHECK(ndr_push_dssetup_DsRolePrimaryDomInfoBasic(ndr, NDR_SCALARS, &r->basic));
+			break; }
+
+			case DS_ROLE_UPGRADE_STATUS: {
+				NDR_CHECK(ndr_push_dssetup_DsRoleUpgradeStatus(ndr, NDR_SCALARS, &r->upgrade));
+			break; }
+
+			case DS_ROLE_OP_STATUS: {
+				NDR_CHECK(ndr_push_dssetup_DsRoleOpStatus(ndr, NDR_SCALARS, &r->opstatus));
+			break; }
+
+			default:
+				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		switch (level) {
+			case DS_ROLE_BASIC_INFORMATION:
+				NDR_CHECK(ndr_push_dssetup_DsRolePrimaryDomInfoBasic(ndr, NDR_BUFFERS, &r->basic));
+			break;
+
+			case DS_ROLE_UPGRADE_STATUS:
+			break;
+
+			case DS_ROLE_OP_STATUS:
+			break;
+
+			default:
+				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsRoleInfo(struct ndr_pull *ndr, int ndr_flags, union dssetup_DsRoleInfo *r)
+{
+	int level;
+	uint16_t _level;
+	level = ndr_pull_get_switch_value(ndr, r);
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level));
+		if (_level != level) {
+			return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u for r", _level);
+		}
+		switch (level) {
+			case DS_ROLE_BASIC_INFORMATION: {
+				NDR_CHECK(ndr_pull_dssetup_DsRolePrimaryDomInfoBasic(ndr, NDR_SCALARS, &r->basic));
+			break; }
+
+			case DS_ROLE_UPGRADE_STATUS: {
+				NDR_CHECK(ndr_pull_dssetup_DsRoleUpgradeStatus(ndr, NDR_SCALARS, &r->upgrade));
+			break; }
+
+			case DS_ROLE_OP_STATUS: {
+				NDR_CHECK(ndr_pull_dssetup_DsRoleOpStatus(ndr, NDR_SCALARS, &r->opstatus));
+			break; }
+
+			default:
+				return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		switch (level) {
+			case DS_ROLE_BASIC_INFORMATION:
+				NDR_CHECK(ndr_pull_dssetup_DsRolePrimaryDomInfoBasic(ndr, NDR_BUFFERS, &r->basic));
+			break;
+
+			case DS_ROLE_UPGRADE_STATUS:
+			break;
+
+			case DS_ROLE_OP_STATUS:
+			break;
+
+			default:
+				return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsRoleInfo(struct ndr_print *ndr, const char *name, const union dssetup_DsRoleInfo *r)
+{
+	int level;
+	level = ndr_print_get_switch_value(ndr, r);
+	ndr_print_union(ndr, name, level, "dssetup_DsRoleInfo");
+	switch (level) {
+		case DS_ROLE_BASIC_INFORMATION:
+			ndr_print_dssetup_DsRolePrimaryDomInfoBasic(ndr, "basic", &r->basic);
+		break;
+
+		case DS_ROLE_UPGRADE_STATUS:
+			ndr_print_dssetup_DsRoleUpgradeStatus(ndr, "upgrade", &r->upgrade);
+		break;
+
+		case DS_ROLE_OP_STATUS:
+			ndr_print_dssetup_DsRoleOpStatus(ndr, "opstatus", &r->opstatus);
+		break;
+
+		default:
+			ndr_print_bad_level(ndr, name, level);
+	}
+}
+
+static enum ndr_err_code ndr_push_dssetup_DsRoleGetPrimaryDomainInformation(struct ndr_push *ndr, int flags, const struct dssetup_DsRoleGetPrimaryDomainInformation *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_dssetup_DsRoleInfoLevel(ndr, NDR_SCALARS, r->in.level));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.info));
+		if (r->out.info) {
+			NDR_CHECK(ndr_push_set_switch_value(ndr, r->out.info, r->in.level));
+			NDR_CHECK(ndr_push_dssetup_DsRoleInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
+		}
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsRoleGetPrimaryDomainInformation(struct ndr_pull *ndr, int flags, struct dssetup_DsRoleGetPrimaryDomainInformation *r)
+{
+	uint32_t _ptr_info;
+	TALLOC_CTX *_mem_save_info_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_dssetup_DsRoleInfoLevel(ndr, NDR_SCALARS, &r->in.level));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info));
+		if (_ptr_info) {
+			NDR_PULL_ALLOC(ndr, r->out.info);
+		} else {
+			r->out.info = NULL;
+		}
+		if (r->out.info) {
+			_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0);
+			NDR_CHECK(ndr_pull_set_switch_value(ndr, r->out.info, r->in.level));
+			NDR_CHECK(ndr_pull_dssetup_DsRoleInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0);
+		}
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsRoleGetPrimaryDomainInformation(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleGetPrimaryDomainInformation *r)
+{
+	ndr_print_struct(ndr, name, "dssetup_DsRoleGetPrimaryDomainInformation");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "dssetup_DsRoleGetPrimaryDomainInformation");
+		ndr->depth++;
+		ndr_print_dssetup_DsRoleInfoLevel(ndr, "level", r->in.level);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "dssetup_DsRoleGetPrimaryDomainInformation");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "info", r->out.info);
+		ndr->depth++;
+		if (r->out.info) {
+			ndr_print_set_switch_value(ndr, r->out.info, r->in.level);
+			ndr_print_dssetup_DsRoleInfo(ndr, "info", r->out.info);
+		}
+		ndr->depth--;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_dssetup_DsRoleDnsNameToFlatName(struct ndr_push *ndr, int flags, const struct dssetup_DsRoleDnsNameToFlatName *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsRoleDnsNameToFlatName(struct ndr_pull *ndr, int flags, struct dssetup_DsRoleDnsNameToFlatName *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsRoleDnsNameToFlatName(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleDnsNameToFlatName *r)
+{
+	ndr_print_struct(ndr, name, "dssetup_DsRoleDnsNameToFlatName");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "dssetup_DsRoleDnsNameToFlatName");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "dssetup_DsRoleDnsNameToFlatName");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_dssetup_DsRoleDcAsDc(struct ndr_push *ndr, int flags, const struct dssetup_DsRoleDcAsDc *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsRoleDcAsDc(struct ndr_pull *ndr, int flags, struct dssetup_DsRoleDcAsDc *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsRoleDcAsDc(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleDcAsDc *r)
+{
+	ndr_print_struct(ndr, name, "dssetup_DsRoleDcAsDc");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "dssetup_DsRoleDcAsDc");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "dssetup_DsRoleDcAsDc");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_dssetup_DsRoleDcAsReplica(struct ndr_push *ndr, int flags, const struct dssetup_DsRoleDcAsReplica *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsRoleDcAsReplica(struct ndr_pull *ndr, int flags, struct dssetup_DsRoleDcAsReplica *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsRoleDcAsReplica(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleDcAsReplica *r)
+{
+	ndr_print_struct(ndr, name, "dssetup_DsRoleDcAsReplica");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "dssetup_DsRoleDcAsReplica");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "dssetup_DsRoleDcAsReplica");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_dssetup_DsRoleDemoteDc(struct ndr_push *ndr, int flags, const struct dssetup_DsRoleDemoteDc *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsRoleDemoteDc(struct ndr_pull *ndr, int flags, struct dssetup_DsRoleDemoteDc *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsRoleDemoteDc(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleDemoteDc *r)
+{
+	ndr_print_struct(ndr, name, "dssetup_DsRoleDemoteDc");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "dssetup_DsRoleDemoteDc");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "dssetup_DsRoleDemoteDc");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_dssetup_DsRoleGetDcOperationProgress(struct ndr_push *ndr, int flags, const struct dssetup_DsRoleGetDcOperationProgress *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsRoleGetDcOperationProgress(struct ndr_pull *ndr, int flags, struct dssetup_DsRoleGetDcOperationProgress *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsRoleGetDcOperationProgress(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleGetDcOperationProgress *r)
+{
+	ndr_print_struct(ndr, name, "dssetup_DsRoleGetDcOperationProgress");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "dssetup_DsRoleGetDcOperationProgress");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "dssetup_DsRoleGetDcOperationProgress");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_dssetup_DsRoleGetDcOperationResults(struct ndr_push *ndr, int flags, const struct dssetup_DsRoleGetDcOperationResults *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsRoleGetDcOperationResults(struct ndr_pull *ndr, int flags, struct dssetup_DsRoleGetDcOperationResults *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsRoleGetDcOperationResults(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleGetDcOperationResults *r)
+{
+	ndr_print_struct(ndr, name, "dssetup_DsRoleGetDcOperationResults");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "dssetup_DsRoleGetDcOperationResults");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "dssetup_DsRoleGetDcOperationResults");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_dssetup_DsRoleCancel(struct ndr_push *ndr, int flags, const struct dssetup_DsRoleCancel *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsRoleCancel(struct ndr_pull *ndr, int flags, struct dssetup_DsRoleCancel *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsRoleCancel(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleCancel *r)
+{
+	ndr_print_struct(ndr, name, "dssetup_DsRoleCancel");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "dssetup_DsRoleCancel");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "dssetup_DsRoleCancel");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_dssetup_DsRoleServerSaveStateForUpgrade(struct ndr_push *ndr, int flags, const struct dssetup_DsRoleServerSaveStateForUpgrade *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsRoleServerSaveStateForUpgrade(struct ndr_pull *ndr, int flags, struct dssetup_DsRoleServerSaveStateForUpgrade *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsRoleServerSaveStateForUpgrade(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleServerSaveStateForUpgrade *r)
+{
+	ndr_print_struct(ndr, name, "dssetup_DsRoleServerSaveStateForUpgrade");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "dssetup_DsRoleServerSaveStateForUpgrade");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "dssetup_DsRoleServerSaveStateForUpgrade");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_dssetup_DsRoleUpgradeDownlevelServer(struct ndr_push *ndr, int flags, const struct dssetup_DsRoleUpgradeDownlevelServer *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsRoleUpgradeDownlevelServer(struct ndr_pull *ndr, int flags, struct dssetup_DsRoleUpgradeDownlevelServer *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsRoleUpgradeDownlevelServer(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleUpgradeDownlevelServer *r)
+{
+	ndr_print_struct(ndr, name, "dssetup_DsRoleUpgradeDownlevelServer");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "dssetup_DsRoleUpgradeDownlevelServer");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "dssetup_DsRoleUpgradeDownlevelServer");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_dssetup_DsRoleAbortDownlevelServerUpgrade(struct ndr_push *ndr, int flags, const struct dssetup_DsRoleAbortDownlevelServerUpgrade *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_dssetup_DsRoleAbortDownlevelServerUpgrade(struct ndr_pull *ndr, int flags, struct dssetup_DsRoleAbortDownlevelServerUpgrade *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_dssetup_DsRoleAbortDownlevelServerUpgrade(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleAbortDownlevelServerUpgrade *r)
+{
+	ndr_print_struct(ndr, name, "dssetup_DsRoleAbortDownlevelServerUpgrade");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "dssetup_DsRoleAbortDownlevelServerUpgrade");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "dssetup_DsRoleAbortDownlevelServerUpgrade");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static const struct ndr_interface_call dssetup_calls[] = {
+	{
+		"dssetup_DsRoleGetPrimaryDomainInformation",
+		sizeof(struct dssetup_DsRoleGetPrimaryDomainInformation),
+		(ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleGetPrimaryDomainInformation,
+		(ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleGetPrimaryDomainInformation,
+		(ndr_print_function_t) ndr_print_dssetup_DsRoleGetPrimaryDomainInformation,
+		false,
+	},
+	{
+		"dssetup_DsRoleDnsNameToFlatName",
+		sizeof(struct dssetup_DsRoleDnsNameToFlatName),
+		(ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleDnsNameToFlatName,
+		(ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleDnsNameToFlatName,
+		(ndr_print_function_t) ndr_print_dssetup_DsRoleDnsNameToFlatName,
+		false,
+	},
+	{
+		"dssetup_DsRoleDcAsDc",
+		sizeof(struct dssetup_DsRoleDcAsDc),
+		(ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleDcAsDc,
+		(ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleDcAsDc,
+		(ndr_print_function_t) ndr_print_dssetup_DsRoleDcAsDc,
+		false,
+	},
+	{
+		"dssetup_DsRoleDcAsReplica",
+		sizeof(struct dssetup_DsRoleDcAsReplica),
+		(ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleDcAsReplica,
+		(ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleDcAsReplica,
+		(ndr_print_function_t) ndr_print_dssetup_DsRoleDcAsReplica,
+		false,
+	},
+	{
+		"dssetup_DsRoleDemoteDc",
+		sizeof(struct dssetup_DsRoleDemoteDc),
+		(ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleDemoteDc,
+		(ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleDemoteDc,
+		(ndr_print_function_t) ndr_print_dssetup_DsRoleDemoteDc,
+		false,
+	},
+	{
+		"dssetup_DsRoleGetDcOperationProgress",
+		sizeof(struct dssetup_DsRoleGetDcOperationProgress),
+		(ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleGetDcOperationProgress,
+		(ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleGetDcOperationProgress,
+		(ndr_print_function_t) ndr_print_dssetup_DsRoleGetDcOperationProgress,
+		false,
+	},
+	{
+		"dssetup_DsRoleGetDcOperationResults",
+		sizeof(struct dssetup_DsRoleGetDcOperationResults),
+		(ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleGetDcOperationResults,
+		(ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleGetDcOperationResults,
+		(ndr_print_function_t) ndr_print_dssetup_DsRoleGetDcOperationResults,
+		false,
+	},
+	{
+		"dssetup_DsRoleCancel",
+		sizeof(struct dssetup_DsRoleCancel),
+		(ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleCancel,
+		(ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleCancel,
+		(ndr_print_function_t) ndr_print_dssetup_DsRoleCancel,
+		false,
+	},
+	{
+		"dssetup_DsRoleServerSaveStateForUpgrade",
+		sizeof(struct dssetup_DsRoleServerSaveStateForUpgrade),
+		(ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleServerSaveStateForUpgrade,
+		(ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleServerSaveStateForUpgrade,
+		(ndr_print_function_t) ndr_print_dssetup_DsRoleServerSaveStateForUpgrade,
+		false,
+	},
+	{
+		"dssetup_DsRoleUpgradeDownlevelServer",
+		sizeof(struct dssetup_DsRoleUpgradeDownlevelServer),
+		(ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleUpgradeDownlevelServer,
+		(ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleUpgradeDownlevelServer,
+		(ndr_print_function_t) ndr_print_dssetup_DsRoleUpgradeDownlevelServer,
+		false,
+	},
+	{
+		"dssetup_DsRoleAbortDownlevelServerUpgrade",
+		sizeof(struct dssetup_DsRoleAbortDownlevelServerUpgrade),
+		(ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleAbortDownlevelServerUpgrade,
+		(ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleAbortDownlevelServerUpgrade,
+		(ndr_print_function_t) ndr_print_dssetup_DsRoleAbortDownlevelServerUpgrade,
+		false,
+	},
+	{ NULL, 0, NULL, NULL, NULL, false }
+};
+
+static const char * const dssetup_endpoint_strings[] = {
+	"ncacn_np:[\\pipe\\lsarpc]", 
+	"ncacn_np:[\\pipe\\lsass]", 
+	"ncacn_ip_tcp:", 
+	"ncalrpc:", 
+};
+
+static const struct ndr_interface_string_array dssetup_endpoints = {
+	.count	= 4,
+	.names	= dssetup_endpoint_strings
+};
+
+static const char * const dssetup_authservice_strings[] = {
+	"host", 
+};
+
+static const struct ndr_interface_string_array dssetup_authservices = {
+	.count	= 4,
+	.names	= dssetup_authservice_strings
+};
+
+
+const struct ndr_interface_table ndr_table_dssetup = {
+	.name		= "dssetup",
+	.syntax_id	= {
+		{0x3919286a,0xb10c,0x11d0,{0x9b,0xa8},{0x00,0xc0,0x4f,0xd9,0x2e,0xf5}},
+		NDR_DSSETUP_VERSION
+	},
+	.helpstring	= NDR_DSSETUP_HELPSTRING,
+	.num_calls	= 11,
+	.calls		= dssetup_calls,
+	.endpoints	= &dssetup_endpoints,
+	.authservices	= &dssetup_authservices
+};
+
diff --git a/source3/librpc/gen_ndr/ndr_dssetup.h b/source3/librpc/gen_ndr/ndr_dssetup.h
new file mode 100644
index 0000000000..103ad116a3
--- /dev/null
+++ b/source3/librpc/gen_ndr/ndr_dssetup.h
@@ -0,0 +1,58 @@
+/* header auto-generated by pidl */
+
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/dssetup.h"
+
+#ifndef _HEADER_NDR_dssetup
+#define _HEADER_NDR_dssetup
+
+#define NDR_DSSETUP_UUID "3919286a-b10c-11d0-9ba8-00c04fd92ef5"
+#define NDR_DSSETUP_VERSION 0.0
+#define NDR_DSSETUP_NAME "dssetup"
+#define NDR_DSSETUP_HELPSTRING "Active Directory Setup"
+extern const struct ndr_interface_table ndr_table_dssetup;
+#define NDR_DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION (0x00)
+
+#define NDR_DSSETUP_DSROLEDNSNAMETOFLATNAME (0x01)
+
+#define NDR_DSSETUP_DSROLEDCASDC (0x02)
+
+#define NDR_DSSETUP_DSROLEDCASREPLICA (0x03)
+
+#define NDR_DSSETUP_DSROLEDEMOTEDC (0x04)
+
+#define NDR_DSSETUP_DSROLEGETDCOPERATIONPROGRESS (0x05)
+
+#define NDR_DSSETUP_DSROLEGETDCOPERATIONRESULTS (0x06)
+
+#define NDR_DSSETUP_DSROLECANCEL (0x07)
+
+#define NDR_DSSETUP_DSROLESERVERSAVESTATEFORUPGRADE (0x08)
+
+#define NDR_DSSETUP_DSROLEUPGRADEDOWNLEVELSERVER (0x09)
+
+#define NDR_DSSETUP_DSROLEABORTDOWNLEVELSERVERUPGRADE (0x0a)
+
+#define NDR_DSSETUP_CALL_COUNT (11)
+void ndr_print_dssetup_DsRole(struct ndr_print *ndr, const char *name, enum dssetup_DsRole r);
+void ndr_print_dssetup_DsRoleFlags(struct ndr_print *ndr, const char *name, uint32_t r);
+void ndr_print_dssetup_DsRolePrimaryDomInfoBasic(struct ndr_print *ndr, const char *name, const struct dssetup_DsRolePrimaryDomInfoBasic *r);
+void ndr_print_dssetup_DsUpgrade(struct ndr_print *ndr, const char *name, enum dssetup_DsUpgrade r);
+void ndr_print_dssetup_DsPrevious(struct ndr_print *ndr, const char *name, enum dssetup_DsPrevious r);
+void ndr_print_dssetup_DsRoleUpgradeStatus(struct ndr_print *ndr, const char *name, const struct dssetup_DsRoleUpgradeStatus *r);
+void ndr_print_dssetup_DsRoleOp(struct ndr_print *ndr, const char *name, enum dssetup_DsRoleOp r);
+void ndr_print_dssetup_DsRoleOpStatus(struct ndr_print *ndr, const char *name, const struct dssetup_DsRoleOpStatus *r);
+void ndr_print_dssetup_DsRoleInfoLevel(struct ndr_print *ndr, const char *name, enum dssetup_DsRoleInfoLevel r);
+void ndr_print_dssetup_DsRoleInfo(struct ndr_print *ndr, const char *name, const union dssetup_DsRoleInfo *r);
+void ndr_print_dssetup_DsRoleGetPrimaryDomainInformation(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleGetPrimaryDomainInformation *r);
+void ndr_print_dssetup_DsRoleDnsNameToFlatName(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleDnsNameToFlatName *r);
+void ndr_print_dssetup_DsRoleDcAsDc(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleDcAsDc *r);
+void ndr_print_dssetup_DsRoleDcAsReplica(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleDcAsReplica *r);
+void ndr_print_dssetup_DsRoleDemoteDc(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleDemoteDc *r);
+void ndr_print_dssetup_DsRoleGetDcOperationProgress(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleGetDcOperationProgress *r);
+void ndr_print_dssetup_DsRoleGetDcOperationResults(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleGetDcOperationResults *r);
+void ndr_print_dssetup_DsRoleCancel(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleCancel *r);
+void ndr_print_dssetup_DsRoleServerSaveStateForUpgrade(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleServerSaveStateForUpgrade *r);
+void ndr_print_dssetup_DsRoleUpgradeDownlevelServer(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleUpgradeDownlevelServer *r);
+void ndr_print_dssetup_DsRoleAbortDownlevelServerUpgrade(struct ndr_print *ndr, const char *name, int flags, const struct dssetup_DsRoleAbortDownlevelServerUpgrade *r);
+#endif /* _HEADER_NDR_dssetup */
diff --git a/source3/librpc/gen_ndr/ndr_echo.c b/source3/librpc/gen_ndr/ndr_echo.c
index 01b1d10fac..340167cf73 100644
--- a/source3/librpc/gen_ndr/ndr_echo.c
+++ b/source3/librpc/gen_ndr/ndr_echo.c
@@ -93,7 +93,7 @@ _PUBLIC_ void ndr_print_echo_info3(struct ndr_print *ndr, const char *name, cons
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_echo_info4(struct ndr_push *ndr, int ndr_flags, const struct echo_info4 *r)
+static enum ndr_err_code ndr_push_STRUCT_echo_info4(struct ndr_push *ndr, int ndr_flags, const struct echo_info4 *r)
 {
 	if (ndr_flags & NDR_SCALARS) {
 		NDR_CHECK(ndr_push_align(ndr, 8));
@@ -104,7 +104,7 @@ static enum ndr_err_code ndr_push_echo_info4(struct ndr_push *ndr, int ndr_flags
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_echo_info4(struct ndr_pull *ndr, int ndr_flags, struct echo_info4 *r)
+static enum ndr_err_code ndr_pull_STRUCT_echo_info4(struct ndr_pull *ndr, int ndr_flags, struct echo_info4 *r)
 {
 	if (ndr_flags & NDR_SCALARS) {
 		NDR_CHECK(ndr_pull_align(ndr, 8));
@@ -115,7 +115,7 @@ static enum ndr_err_code ndr_pull_echo_info4(struct ndr_pull *ndr, int ndr_flags
 	return NDR_ERR_SUCCESS;
 }
 
-_PUBLIC_ void ndr_print_echo_info4(struct ndr_print *ndr, const char *name, const struct echo_info4 *r)
+_PUBLIC_ void ndr_print_STRUCT_echo_info4(struct ndr_print *ndr, const char *name, const struct echo_info4 *r)
 {
 	ndr_print_struct(ndr, name, "echo_info4");
 	ndr->depth++;
@@ -194,7 +194,7 @@ static enum ndr_err_code ndr_push_echo_info7(struct ndr_push *ndr, int ndr_flags
 	if (ndr_flags & NDR_SCALARS) {
 		NDR_CHECK(ndr_push_align(ndr, 8));
 		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->v1));
-		NDR_CHECK(ndr_push_echo_info4(ndr, NDR_SCALARS, &r->info4));
+		NDR_CHECK(ndr_push_STRUCT_echo_info4(ndr, NDR_SCALARS, &r->info4));
 	}
 	if (ndr_flags & NDR_BUFFERS) {
 	}
@@ -206,7 +206,7 @@ static enum ndr_err_code ndr_pull_echo_info7(struct ndr_pull *ndr, int ndr_flags
 	if (ndr_flags & NDR_SCALARS) {
 		NDR_CHECK(ndr_pull_align(ndr, 8));
 		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->v1));
-		NDR_CHECK(ndr_pull_echo_info4(ndr, NDR_SCALARS, &r->info4));
+		NDR_CHECK(ndr_pull_STRUCT_echo_info4(ndr, NDR_SCALARS, &r->info4));
 	}
 	if (ndr_flags & NDR_BUFFERS) {
 	}
@@ -218,7 +218,7 @@ _PUBLIC_ void ndr_print_echo_info7(struct ndr_print *ndr, const char *name, cons
 	ndr_print_struct(ndr, name, "echo_info7");
 	ndr->depth++;
 	ndr_print_uint8(ndr, "v1", r->v1);
-	ndr_print_echo_info4(ndr, "info4", &r->info4);
+	ndr_print_STRUCT_echo_info4(ndr, "info4", &r->info4);
 	ndr->depth--;
 }
 
@@ -228,33 +228,33 @@ static enum ndr_err_code ndr_push_echo_Info(struct ndr_push *ndr, int ndr_flags,
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_echo_info1(ndr, NDR_SCALARS, &r->info1));
-			break;
+			break; }
 
-			case 2:
+			case 2: {
 				NDR_CHECK(ndr_push_echo_info2(ndr, NDR_SCALARS, &r->info2));
-			break;
+			break; }
 
-			case 3:
+			case 3: {
 				NDR_CHECK(ndr_push_echo_info3(ndr, NDR_SCALARS, &r->info3));
-			break;
+			break; }
 
-			case 4:
-				NDR_CHECK(ndr_push_echo_info4(ndr, NDR_SCALARS, &r->info4));
-			break;
+			case 4: {
+				NDR_CHECK(ndr_push_STRUCT_echo_info4(ndr, NDR_SCALARS, &r->info4));
+			break; }
 
-			case 5:
+			case 5: {
 				NDR_CHECK(ndr_push_echo_info5(ndr, NDR_SCALARS, &r->info5));
-			break;
+			break; }
 
-			case 6:
+			case 6: {
 				NDR_CHECK(ndr_push_echo_info6(ndr, NDR_SCALARS, &r->info6));
-			break;
+			break; }
 
-			case 7:
+			case 7: {
 				NDR_CHECK(ndr_push_echo_info7(ndr, NDR_SCALARS, &r->info7));
-			break;
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
@@ -315,7 +315,7 @@ static enum ndr_err_code ndr_pull_echo_Info(struct ndr_pull *ndr, int ndr_flags,
 			break; }
 
 			case 4: {
-				NDR_CHECK(ndr_pull_echo_info4(ndr, NDR_SCALARS, &r->info4));
+				NDR_CHECK(ndr_pull_STRUCT_echo_info4(ndr, NDR_SCALARS, &r->info4));
 			break; }
 
 			case 5: {
@@ -383,7 +383,7 @@ _PUBLIC_ void ndr_print_echo_Info(struct ndr_print *ndr, const char *name, const
 		break;
 
 		case 4:
-			ndr_print_echo_info4(ndr, "info4", &r->info4);
+			ndr_print_STRUCT_echo_info4(ndr, "info4", &r->info4);
 		break;
 
 		case 5:
@@ -492,13 +492,13 @@ static enum ndr_err_code ndr_push_echo_Enum3(struct ndr_push *ndr, int ndr_flags
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case ECHO_ENUM1:
+			case ECHO_ENUM1: {
 				NDR_CHECK(ndr_push_echo_Enum1(ndr, NDR_SCALARS, r->e1));
-			break;
+			break; }
 
-			case ECHO_ENUM2:
+			case ECHO_ENUM2: {
 				NDR_CHECK(ndr_push_echo_Enum2(ndr, NDR_SCALARS, &r->e2));
-			break;
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
@@ -627,8 +627,7 @@ _PUBLIC_ void ndr_print_echo_Surrounding(struct ndr_print *ndr, const char *name
 	ndr->depth++;
 	for (cntr_surrounding_0=0;cntr_surrounding_0<r->x;cntr_surrounding_0++) {
 		char *idx_0=NULL;
-		asprintf(&idx_0, "[%d]", cntr_surrounding_0);
-		if (idx_0) {
+		if (asprintf(&idx_0, "[%d]", cntr_surrounding_0) != -1) {
 			ndr_print_uint16(ndr, "surrounding", r->surrounding[cntr_surrounding_0]);
 			free(idx_0);
 		}
@@ -876,14 +875,13 @@ static enum ndr_err_code ndr_push_echo_TestCall(struct ndr_push *ndr, int flags,
 		if (r->out.s2 == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		if (*r->out.s2 == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.s2));
+		if (*r->out.s2) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.s2, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.s2, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.s2, ndr_charset_length(*r->out.s2, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		}
-		NDR_CHECK(ndr_push_ref_ptr(ndr));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.s2, CH_UTF16)));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.s2, CH_UTF16)));
-		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.s2, ndr_charset_length(*r->out.s2, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 	}
 	return NDR_ERR_SUCCESS;
 }
@@ -892,6 +890,7 @@ static enum ndr_err_code ndr_pull_echo_TestCall(struct ndr_pull *ndr, int flags,
 {
 	uint32_t _ptr_s2;
 	TALLOC_CTX *_mem_save_s2_0;
+	TALLOC_CTX *_mem_save_s2_1;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -911,14 +910,24 @@ static enum ndr_err_code ndr_pull_echo_TestCall(struct ndr_pull *ndr, int flags,
 		}
 		_mem_save_s2_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.s2, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_s2));
-		NDR_CHECK(ndr_pull_array_size(ndr, r->out.s2));
-		NDR_CHECK(ndr_pull_array_length(ndr, r->out.s2));
-		if (ndr_get_array_length(ndr, r->out.s2) > ndr_get_array_size(ndr, r->out.s2)) {
-			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.s2), ndr_get_array_length(ndr, r->out.s2));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_s2));
+		if (_ptr_s2) {
+			NDR_PULL_ALLOC(ndr, *r->out.s2);
+		} else {
+			*r->out.s2 = NULL;
+		}
+		if (*r->out.s2) {
+			_mem_save_s2_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.s2, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, r->out.s2));
+			NDR_CHECK(ndr_pull_array_length(ndr, r->out.s2));
+			if (ndr_get_array_length(ndr, r->out.s2) > ndr_get_array_size(ndr, r->out.s2)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.s2), ndr_get_array_length(ndr, r->out.s2));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.s2), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.s2, ndr_get_array_length(ndr, r->out.s2), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s2_1, 0);
 		}
-		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.s2), sizeof(uint16_t)));
-		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.s2, ndr_get_array_length(ndr, r->out.s2), sizeof(uint16_t), CH_UTF16));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_s2_0, LIBNDR_FLAG_REF_ALLOC);
 	}
 	return NDR_ERR_SUCCESS;
@@ -947,7 +956,9 @@ _PUBLIC_ void ndr_print_echo_TestCall(struct ndr_print *ndr, const char *name, i
 		ndr->depth++;
 		ndr_print_ptr(ndr, "s2", *r->out.s2);
 		ndr->depth++;
-		ndr_print_string(ndr, "s2", *r->out.s2);
+		if (*r->out.s2) {
+			ndr_print_string(ndr, "s2", *r->out.s2);
+		}
 		ndr->depth--;
 		ndr->depth--;
 		ndr->depth--;
@@ -1290,15 +1301,13 @@ static enum ndr_err_code ndr_push_echo_TestDoublePointer(struct ndr_push *ndr, i
 		if (r->in.data == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		if (*r->in.data == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
-		}
-		NDR_CHECK(ndr_push_ref_ptr(ndr));
-		if (**r->in.data == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->in.data));
+		if (*r->in.data) {
+			NDR_CHECK(ndr_push_unique_ptr(ndr, **r->in.data));
+			if (**r->in.data) {
+				NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, ***r->in.data));
+			}
 		}
-		NDR_CHECK(ndr_push_ref_ptr(ndr));
-		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, ***r->in.data));
 	}
 	if (flags & NDR_OUT) {
 		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->out.result));
@@ -1318,21 +1327,29 @@ static enum ndr_err_code ndr_pull_echo_TestDoublePointer(struct ndr_pull *ndr, i
 		}
 		_mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.data, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_data));
-		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_data));
+		if (_ptr_data) {
 			NDR_PULL_ALLOC(ndr, *r->in.data);
+		} else {
+			*r->in.data = NULL;
 		}
-		_mem_save_data_1 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, *r->in.data, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_data));
-		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
-			NDR_PULL_ALLOC(ndr, **r->in.data);
+		if (*r->in.data) {
+			_mem_save_data_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->in.data, 0);
+			NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_data));
+			if (_ptr_data) {
+				NDR_PULL_ALLOC(ndr, **r->in.data);
+			} else {
+				**r->in.data = NULL;
+			}
+			if (**r->in.data) {
+				_mem_save_data_2 = NDR_PULL_GET_MEM_CTX(ndr);
+				NDR_PULL_SET_MEM_CTX(ndr, **r->in.data, 0);
+				NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, **r->in.data));
+				NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_2, 0);
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_1, 0);
 		}
-		_mem_save_data_2 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, **r->in.data, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, **r->in.data));
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_2, LIBNDR_FLAG_REF_ALLOC);
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_1, LIBNDR_FLAG_REF_ALLOC);
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, LIBNDR_FLAG_REF_ALLOC);
 	}
 	if (flags & NDR_OUT) {
@@ -1355,10 +1372,14 @@ _PUBLIC_ void ndr_print_echo_TestDoublePointer(struct ndr_print *ndr, const char
 		ndr->depth++;
 		ndr_print_ptr(ndr, "data", *r->in.data);
 		ndr->depth++;
-		ndr_print_ptr(ndr, "data", **r->in.data);
-		ndr->depth++;
-		ndr_print_uint16(ndr, "data", ***r->in.data);
-		ndr->depth--;
+		if (*r->in.data) {
+			ndr_print_ptr(ndr, "data", **r->in.data);
+			ndr->depth++;
+			if (**r->in.data) {
+				ndr_print_uint16(ndr, "data", ***r->in.data);
+			}
+			ndr->depth--;
+		}
 		ndr->depth--;
 		ndr->depth--;
 		ndr->depth--;
diff --git a/source3/librpc/gen_ndr/ndr_echo.h b/source3/librpc/gen_ndr/ndr_echo.h
index 65989ccd1c..7af1c7446b 100644
--- a/source3/librpc/gen_ndr/ndr_echo.h
+++ b/source3/librpc/gen_ndr/ndr_echo.h
@@ -35,7 +35,7 @@ extern const struct ndr_interface_table ndr_table_rpcecho;
 void ndr_print_echo_info1(struct ndr_print *ndr, const char *name, const struct echo_info1 *r);
 void ndr_print_echo_info2(struct ndr_print *ndr, const char *name, const struct echo_info2 *r);
 void ndr_print_echo_info3(struct ndr_print *ndr, const char *name, const struct echo_info3 *r);
-void ndr_print_echo_info4(struct ndr_print *ndr, const char *name, const struct echo_info4 *r);
+void ndr_print_STRUCT_echo_info4(struct ndr_print *ndr, const char *name, const struct echo_info4 *r);
 void ndr_print_echo_info5(struct ndr_print *ndr, const char *name, const struct echo_info5 *r);
 void ndr_print_echo_info6(struct ndr_print *ndr, const char *name, const struct echo_info6 *r);
 void ndr_print_echo_info7(struct ndr_print *ndr, const char *name, const struct echo_info7 *r);
diff --git a/source3/librpc/gen_ndr/ndr_epmapper.c b/source3/librpc/gen_ndr/ndr_epmapper.c
index 17f4426279..2e709e11e0 100644
--- a/source3/librpc/gen_ndr/ndr_epmapper.c
+++ b/source3/librpc/gen_ndr/ndr_epmapper.c
@@ -867,118 +867,118 @@ static enum ndr_err_code ndr_push_epm_rhs(struct ndr_push *ndr, int ndr_flags, c
 		if (ndr_flags & NDR_SCALARS) {
 			int level = ndr_push_get_switch_value(ndr, r);
 			switch (level) {
-				case EPM_PROTOCOL_DNET_NSP:
+				case EPM_PROTOCOL_DNET_NSP: {
 					NDR_CHECK(ndr_push_epm_rhs_dnet_nsp(ndr, NDR_SCALARS, &r->dnet_nsp));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_OSI_TP4:
+				case EPM_PROTOCOL_OSI_TP4: {
 					NDR_CHECK(ndr_push_epm_rhs_osi_tp4(ndr, NDR_SCALARS, &r->osi_tp4));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_OSI_CLNS:
+				case EPM_PROTOCOL_OSI_CLNS: {
 					NDR_CHECK(ndr_push_epm_rhs_osi_clns(ndr, NDR_SCALARS, &r->osi_clns));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_TCP:
+				case EPM_PROTOCOL_TCP: {
 					NDR_CHECK(ndr_push_epm_rhs_tcp(ndr, NDR_SCALARS, &r->tcp));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_UDP:
+				case EPM_PROTOCOL_UDP: {
 					NDR_CHECK(ndr_push_epm_rhs_udp(ndr, NDR_SCALARS, &r->udp));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_IP:
+				case EPM_PROTOCOL_IP: {
 					NDR_CHECK(ndr_push_epm_rhs_ip(ndr, NDR_SCALARS, &r->ip));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_NCADG:
+				case EPM_PROTOCOL_NCADG: {
 					NDR_CHECK(ndr_push_epm_rhs_ncadg(ndr, NDR_SCALARS, &r->ncadg));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_NCACN:
+				case EPM_PROTOCOL_NCACN: {
 					NDR_CHECK(ndr_push_epm_rhs_ncacn(ndr, NDR_SCALARS, &r->ncacn));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_NCALRPC:
+				case EPM_PROTOCOL_NCALRPC: {
 					NDR_CHECK(ndr_push_epm_rhs_ncalrpc(ndr, NDR_SCALARS, &r->ncalrpc));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_UUID:
+				case EPM_PROTOCOL_UUID: {
 					NDR_CHECK(ndr_push_epm_rhs_uuid(ndr, NDR_SCALARS, &r->uuid));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_IPX:
+				case EPM_PROTOCOL_IPX: {
 					NDR_CHECK(ndr_push_epm_rhs_ipx(ndr, NDR_SCALARS, &r->ipx));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_SMB:
+				case EPM_PROTOCOL_SMB: {
 					NDR_CHECK(ndr_push_epm_rhs_smb(ndr, NDR_SCALARS, &r->smb));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_PIPE:
+				case EPM_PROTOCOL_PIPE: {
 					NDR_CHECK(ndr_push_epm_rhs_pipe(ndr, NDR_SCALARS, &r->pipe));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_NETBIOS:
+				case EPM_PROTOCOL_NETBIOS: {
 					NDR_CHECK(ndr_push_epm_rhs_netbios(ndr, NDR_SCALARS, &r->netbios));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_NETBEUI:
+				case EPM_PROTOCOL_NETBEUI: {
 					NDR_CHECK(ndr_push_epm_rhs_netbeui(ndr, NDR_SCALARS, &r->netbeui));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_SPX:
+				case EPM_PROTOCOL_SPX: {
 					NDR_CHECK(ndr_push_epm_rhs_spx(ndr, NDR_SCALARS, &r->spx));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_NB_IPX:
+				case EPM_PROTOCOL_NB_IPX: {
 					NDR_CHECK(ndr_push_epm_rhs_nb_ipx(ndr, NDR_SCALARS, &r->nb_ipx));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_DSP:
+				case EPM_PROTOCOL_DSP: {
 					NDR_CHECK(ndr_push_epm_rhs_atalk_stream(ndr, NDR_SCALARS, &r->atalk_stream));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_DDP:
+				case EPM_PROTOCOL_DDP: {
 					NDR_CHECK(ndr_push_epm_rhs_atalk_datagram(ndr, NDR_SCALARS, &r->atalk_datagram));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_APPLETALK:
+				case EPM_PROTOCOL_APPLETALK: {
 					NDR_CHECK(ndr_push_epm_rhs_appletalk(ndr, NDR_SCALARS, &r->appletalk));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_VINES_SPP:
+				case EPM_PROTOCOL_VINES_SPP: {
 					NDR_CHECK(ndr_push_epm_rhs_vines_spp(ndr, NDR_SCALARS, &r->vines_spp));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_VINES_IPC:
+				case EPM_PROTOCOL_VINES_IPC: {
 					NDR_CHECK(ndr_push_epm_rhs_vines_ipc(ndr, NDR_SCALARS, &r->vines_ipc));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_STREETTALK:
+				case EPM_PROTOCOL_STREETTALK: {
 					NDR_CHECK(ndr_push_epm_rhs_streettalk(ndr, NDR_SCALARS, &r->streettalk));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_HTTP:
+				case EPM_PROTOCOL_HTTP: {
 					NDR_CHECK(ndr_push_epm_rhs_http(ndr, NDR_SCALARS, &r->http));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_UNIX_DS:
+				case EPM_PROTOCOL_UNIX_DS: {
 					NDR_CHECK(ndr_push_epm_rhs_unix_ds(ndr, NDR_SCALARS, &r->unix_ds));
-				break;
+				break; }
 
-				case EPM_PROTOCOL_NULL:
+				case EPM_PROTOCOL_NULL: {
 					NDR_CHECK(ndr_push_epm_rhs_null(ndr, NDR_SCALARS, &r->null));
-				break;
+				break; }
 
-				default:
+				default: {
 					{
 						uint32_t _flags_save_DATA_BLOB = ndr->flags;
 						ndr_set_flags(&ndr->flags, LIBNDR_FLAG_REMAINING);
 						NDR_CHECK(ndr_push_DATA_BLOB(ndr, NDR_SCALARS, r->unknown));
 						ndr->flags = _flags_save_DATA_BLOB;
 					}
-				break;
+				break; }
 
 			}
 		}
@@ -1566,8 +1566,7 @@ _PUBLIC_ void ndr_print_epm_tower(struct ndr_print *ndr, const char *name, const
 		ndr->depth++;
 		for (cntr_floors_0=0;cntr_floors_0<r->num_floors;cntr_floors_0++) {
 			char *idx_0=NULL;
-			asprintf(&idx_0, "[%d]", cntr_floors_0);
-			if (idx_0) {
+			if (asprintf(&idx_0, "[%d]", cntr_floors_0) != -1) {
 				ndr_print_epm_floor(ndr, "floors", &r->floors[cntr_floors_0]);
 				free(idx_0);
 			}
@@ -1849,8 +1848,7 @@ _PUBLIC_ void ndr_print_epm_Insert(struct ndr_print *ndr, const char *name, int
 		ndr->depth++;
 		for (cntr_entries_0=0;cntr_entries_0<r->in.num_ents;cntr_entries_0++) {
 			char *idx_0=NULL;
-			asprintf(&idx_0, "[%d]", cntr_entries_0);
-			if (idx_0) {
+			if (asprintf(&idx_0, "[%d]", cntr_entries_0) != -1) {
 				ndr_print_epm_entry_t(ndr, "entries", &r->in.entries[cntr_entries_0]);
 				free(idx_0);
 			}
@@ -1930,8 +1928,7 @@ _PUBLIC_ void ndr_print_epm_Delete(struct ndr_print *ndr, const char *name, int
 		ndr->depth++;
 		for (cntr_entries_0=0;cntr_entries_0<r->in.num_ents;cntr_entries_0++) {
 			char *idx_0=NULL;
-			asprintf(&idx_0, "[%d]", cntr_entries_0);
-			if (idx_0) {
+			if (asprintf(&idx_0, "[%d]", cntr_entries_0) != -1) {
 				ndr_print_epm_entry_t(ndr, "entries", &r->in.entries[cntr_entries_0]);
 				free(idx_0);
 			}
@@ -2131,8 +2128,7 @@ _PUBLIC_ void ndr_print_epm_Lookup(struct ndr_print *ndr, const char *name, int
 		ndr->depth++;
 		for (cntr_entries_0=0;cntr_entries_0<*r->out.num_ents;cntr_entries_0++) {
 			char *idx_0=NULL;
-			asprintf(&idx_0, "[%d]", cntr_entries_0);
-			if (idx_0) {
+			if (asprintf(&idx_0, "[%d]", cntr_entries_0) != -1) {
 				ndr_print_epm_entry_t(ndr, "entries", &r->out.entries[cntr_entries_0]);
 				free(idx_0);
 			}
@@ -2321,8 +2317,7 @@ _PUBLIC_ void ndr_print_epm_Map(struct ndr_print *ndr, const char *name, int fla
 		ndr->depth++;
 		for (cntr_towers_0=0;cntr_towers_0<*r->out.num_towers;cntr_towers_0++) {
 			char *idx_0=NULL;
-			asprintf(&idx_0, "[%d]", cntr_towers_0);
-			if (idx_0) {
+			if (asprintf(&idx_0, "[%d]", cntr_towers_0) != -1) {
 				ndr_print_epm_twr_p_t(ndr, "towers", &r->out.towers[cntr_towers_0]);
 				free(idx_0);
 			}
diff --git a/source3/librpc/gen_ndr/ndr_eventlog.c b/source3/librpc/gen_ndr/ndr_eventlog.c
index ebd76515ff..c5461d99ab 100644
--- a/source3/librpc/gen_ndr/ndr_eventlog.c
+++ b/source3/librpc/gen_ndr/ndr_eventlog.c
@@ -130,7 +130,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_eventlog_Record(struct ndr_pull *ndr, int nd
 			ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_NULLTERM);
 			NDR_PULL_ALLOC_N(ndr, r->strings, r->num_of_strings);
 			_mem_save_strings_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, *r->strings, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, r->strings, 0);
 			for (cntr_strings_0 = 0; cntr_strings_0 < r->num_of_strings; cntr_strings_0++) {
 				NDR_CHECK(ndr_pull_string(ndr, NDR_SCALARS, &r->strings[cntr_strings_0]));
 			}
@@ -176,8 +176,7 @@ _PUBLIC_ void ndr_print_eventlog_Record(struct ndr_print *ndr, const char *name,
 	ndr->depth++;
 	for (cntr_strings_0=0;cntr_strings_0<r->num_of_strings;cntr_strings_0++) {
 		char *idx_0=NULL;
-		asprintf(&idx_0, "[%d]", cntr_strings_0);
-		if (idx_0) {
+		if (asprintf(&idx_0, "[%d]", cntr_strings_0) != -1) {
 			ndr_print_string(ndr, "strings", r->strings[cntr_strings_0]);
 			free(idx_0);
 		}
@@ -194,9 +193,9 @@ static enum ndr_err_code ndr_push_eventlog_ClearEventLogW(struct ndr_push *ndr,
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
 		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.unknown));
-		if (r->in.unknown) {
-			NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.unknown));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.backupfile));
+		if (r->in.backupfile) {
+			NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.backupfile));
 		}
 	}
 	if (flags & NDR_OUT) {
@@ -207,9 +206,9 @@ static enum ndr_err_code ndr_push_eventlog_ClearEventLogW(struct ndr_push *ndr,
 
 static enum ndr_err_code ndr_pull_eventlog_ClearEventLogW(struct ndr_pull *ndr, int flags, struct eventlog_ClearEventLogW *r)
 {
-	uint32_t _ptr_unknown;
+	uint32_t _ptr_backupfile;
 	TALLOC_CTX *_mem_save_handle_0;
-	TALLOC_CTX *_mem_save_unknown_0;
+	TALLOC_CTX *_mem_save_backupfile_0;
 	if (flags & NDR_IN) {
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->in.handle);
@@ -218,17 +217,17 @@ static enum ndr_err_code ndr_pull_eventlog_ClearEventLogW(struct ndr_pull *ndr,
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown));
-		if (_ptr_unknown) {
-			NDR_PULL_ALLOC(ndr, r->in.unknown);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_backupfile));
+		if (_ptr_backupfile) {
+			NDR_PULL_ALLOC(ndr, r->in.backupfile);
 		} else {
-			r->in.unknown = NULL;
+			r->in.backupfile = NULL;
 		}
-		if (r->in.unknown) {
-			_mem_save_unknown_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->in.unknown, 0);
-			NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.unknown));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown_0, 0);
+		if (r->in.backupfile) {
+			_mem_save_backupfile_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.backupfile, 0);
+			NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.backupfile));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_backupfile_0, 0);
 		}
 	}
 	if (flags & NDR_OUT) {
@@ -251,10 +250,10 @@ _PUBLIC_ void ndr_print_eventlog_ClearEventLogW(struct ndr_print *ndr, const cha
 		ndr->depth++;
 		ndr_print_policy_handle(ndr, "handle", r->in.handle);
 		ndr->depth--;
-		ndr_print_ptr(ndr, "unknown", r->in.unknown);
+		ndr_print_ptr(ndr, "backupfile", r->in.backupfile);
 		ndr->depth++;
-		if (r->in.unknown) {
-			ndr_print_lsa_String(ndr, "unknown", r->in.unknown);
+		if (r->in.backupfile) {
+			ndr_print_lsa_String(ndr, "backupfile", r->in.backupfile);
 		}
 		ndr->depth--;
 		ndr->depth--;
@@ -506,8 +505,16 @@ _PUBLIC_ void ndr_print_eventlog_GetNumRecords(struct ndr_print *ndr, const char
 static enum ndr_err_code ndr_push_eventlog_GetOldestRecord(struct ndr_push *ndr, int flags, const struct eventlog_GetOldestRecord *r)
 {
 	if (flags & NDR_IN) {
+		if (r->in.handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
 	}
 	if (flags & NDR_OUT) {
+		if (r->out.oldest_entry == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.oldest_entry));
 		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -515,9 +522,29 @@ static enum ndr_err_code ndr_push_eventlog_GetOldestRecord(struct ndr_push *ndr,
 
 static enum ndr_err_code ndr_pull_eventlog_GetOldestRecord(struct ndr_pull *ndr, int flags, struct eventlog_GetOldestRecord *r)
 {
+	TALLOC_CTX *_mem_save_handle_0;
+	TALLOC_CTX *_mem_save_oldest_entry_0;
 	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.handle);
+		}
+		_mem_save_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.oldest_entry);
+		ZERO_STRUCTP(r->out.oldest_entry);
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.oldest_entry);
+		}
+		_mem_save_oldest_entry_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.oldest_entry, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.oldest_entry));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_oldest_entry_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -533,11 +560,19 @@ _PUBLIC_ void ndr_print_eventlog_GetOldestRecord(struct ndr_print *ndr, const ch
 	if (flags & NDR_IN) {
 		ndr_print_struct(ndr, "in", "eventlog_GetOldestRecord");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "handle", r->in.handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "handle", r->in.handle);
+		ndr->depth--;
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
 		ndr_print_struct(ndr, "out", "eventlog_GetOldestRecord");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "oldest_entry", r->out.oldest_entry);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "oldest_entry", *r->out.oldest_entry);
+		ndr->depth--;
 		ndr_print_NTSTATUS(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -592,8 +627,14 @@ static enum ndr_err_code ndr_push_eventlog_OpenEventLogW(struct ndr_push *ndr, i
 		if (r->in.unknown0) {
 			NDR_CHECK(ndr_push_eventlog_OpenUnknown0(ndr, NDR_SCALARS, r->in.unknown0));
 		}
-		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.logname));
-		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.servername));
+		if (r->in.logname == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.logname));
+		if (r->in.servername == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.servername));
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown2));
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown3));
 	}
@@ -611,6 +652,8 @@ static enum ndr_err_code ndr_pull_eventlog_OpenEventLogW(struct ndr_pull *ndr, i
 {
 	uint32_t _ptr_unknown0;
 	TALLOC_CTX *_mem_save_unknown0_0;
+	TALLOC_CTX *_mem_save_logname_0;
+	TALLOC_CTX *_mem_save_servername_0;
 	TALLOC_CTX *_mem_save_handle_0;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
@@ -627,8 +670,20 @@ static enum ndr_err_code ndr_pull_eventlog_OpenEventLogW(struct ndr_pull *ndr, i
 			NDR_CHECK(ndr_pull_eventlog_OpenUnknown0(ndr, NDR_SCALARS, r->in.unknown0));
 			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown0_0, 0);
 		}
-		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.logname));
-		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.servername));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.logname);
+		}
+		_mem_save_logname_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.logname, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.logname));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logname_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.servername);
+		}
+		_mem_save_servername_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.servername, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.servername));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown2));
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown3));
 		NDR_PULL_ALLOC(ndr, r->out.handle);
@@ -663,8 +718,14 @@ _PUBLIC_ void ndr_print_eventlog_OpenEventLogW(struct ndr_print *ndr, const char
 			ndr_print_eventlog_OpenUnknown0(ndr, "unknown0", r->in.unknown0);
 		}
 		ndr->depth--;
-		ndr_print_lsa_String(ndr, "logname", &r->in.logname);
-		ndr_print_lsa_String(ndr, "servername", &r->in.servername);
+		ndr_print_ptr(ndr, "logname", r->in.logname);
+		ndr->depth++;
+		ndr_print_lsa_String(ndr, "logname", r->in.logname);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "servername", r->in.servername);
+		ndr->depth++;
+		ndr_print_lsa_String(ndr, "servername", r->in.servername);
+		ndr->depth--;
 		ndr_print_uint32(ndr, "unknown2", r->in.unknown2);
 		ndr_print_uint32(ndr, "unknown3", r->in.unknown3);
 		ndr->depth--;
@@ -812,8 +873,11 @@ static enum ndr_err_code ndr_pull_eventlog_ReadEventLogW(struct ndr_pull *ndr, i
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags));
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.offset));
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.number_of_bytes));
+		if (r->in.number_of_bytes < 0 || r->in.number_of_bytes > 0x7FFFF) {
+			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+		}
 		NDR_PULL_ALLOC_N(ndr, r->out.data, r->in.number_of_bytes);
-		memset(r->out.data, 0, r->in.number_of_bytes * sizeof(*r->out.data));
+		memset(r->out.data, 0, (r->in.number_of_bytes) * sizeof(*r->out.data));
 		NDR_PULL_ALLOC(ndr, r->out.sent_size);
 		ZERO_STRUCTP(r->out.sent_size);
 		NDR_PULL_ALLOC(ndr, r->out.real_size);
diff --git a/source3/librpc/gen_ndr/ndr_krb5pac.c b/source3/librpc/gen_ndr/ndr_krb5pac.c
new file mode 100644
index 0000000000..7c4dba0b0a
--- /dev/null
+++ b/source3/librpc/gen_ndr/ndr_krb5pac.c
@@ -0,0 +1,873 @@
+/* parser auto-generated by pidl */
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_krb5pac.h"
+
+#include "librpc/gen_ndr/ndr_security.h"
+#include "librpc/gen_ndr/ndr_netlogon.h"
+#include "librpc/gen_ndr/ndr_samr.h"
+static enum ndr_err_code ndr_push_PAC_LOGON_NAME(struct ndr_push *ndr, int ndr_flags, const struct PAC_LOGON_NAME *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->logon_time));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, 2 * strlen_m(r->account_name)));
+		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->account_name, 2 * strlen_m(r->account_name), sizeof(uint8_t), CH_UTF16));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PAC_LOGON_NAME(struct ndr_pull *ndr, int ndr_flags, struct PAC_LOGON_NAME *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->logon_time));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
+		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->account_name, r->size, sizeof(uint8_t), CH_UTF16));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PAC_LOGON_NAME(struct ndr_print *ndr, const char *name, const struct PAC_LOGON_NAME *r)
+{
+	ndr_print_struct(ndr, name, "PAC_LOGON_NAME");
+	ndr->depth++;
+	ndr_print_NTTIME(ndr, "logon_time", r->logon_time);
+	ndr_print_uint16(ndr, "size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?2 * strlen_m(r->account_name):r->size);
+	ndr_print_string(ndr, "account_name", r->account_name);
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_PAC_SIGNATURE_DATA(struct ndr_push *ndr, int ndr_flags, const struct PAC_SIGNATURE_DATA *r)
+{
+	{
+		uint32_t _flags_save_STRUCT = ndr->flags;
+		ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX);
+		if (ndr_flags & NDR_SCALARS) {
+			NDR_CHECK(ndr_push_align(ndr, 4));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->type));
+			{
+				uint32_t _flags_save_DATA_BLOB = ndr->flags;
+				ndr_set_flags(&ndr->flags, LIBNDR_FLAG_REMAINING);
+				NDR_CHECK(ndr_push_DATA_BLOB(ndr, NDR_SCALARS, r->signature));
+				ndr->flags = _flags_save_DATA_BLOB;
+			}
+		}
+		if (ndr_flags & NDR_BUFFERS) {
+		}
+		ndr->flags = _flags_save_STRUCT;
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_PAC_SIGNATURE_DATA(struct ndr_pull *ndr, int ndr_flags, struct PAC_SIGNATURE_DATA *r)
+{
+	{
+		uint32_t _flags_save_STRUCT = ndr->flags;
+		ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX);
+		if (ndr_flags & NDR_SCALARS) {
+			NDR_CHECK(ndr_pull_align(ndr, 4));
+			NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->type));
+			{
+				uint32_t _flags_save_DATA_BLOB = ndr->flags;
+				ndr_set_flags(&ndr->flags, LIBNDR_FLAG_REMAINING);
+				NDR_CHECK(ndr_pull_DATA_BLOB(ndr, NDR_SCALARS, &r->signature));
+				ndr->flags = _flags_save_DATA_BLOB;
+			}
+		}
+		if (ndr_flags & NDR_BUFFERS) {
+		}
+		ndr->flags = _flags_save_STRUCT;
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PAC_SIGNATURE_DATA(struct ndr_print *ndr, const char *name, const struct PAC_SIGNATURE_DATA *r)
+{
+	ndr_print_struct(ndr, name, "PAC_SIGNATURE_DATA");
+	{
+		uint32_t _flags_save_STRUCT = ndr->flags;
+		ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "type", r->type);
+		ndr_print_DATA_BLOB(ndr, "signature", r->signature);
+		ndr->depth--;
+		ndr->flags = _flags_save_STRUCT;
+	}
+}
+
+static enum ndr_err_code ndr_push_PAC_LOGON_INFO(struct ndr_push *ndr, int ndr_flags, const struct PAC_LOGON_INFO *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_netr_SamInfo3(ndr, NDR_SCALARS, &r->info3));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->res_group_dom_sid));
+		NDR_CHECK(ndr_push_samr_RidWithAttributeArray(ndr, NDR_SCALARS, &r->res_groups));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_netr_SamInfo3(ndr, NDR_BUFFERS, &r->info3));
+		if (r->res_group_dom_sid) {
+			NDR_CHECK(ndr_push_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->res_group_dom_sid));
+		}
+		NDR_CHECK(ndr_push_samr_RidWithAttributeArray(ndr, NDR_BUFFERS, &r->res_groups));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PAC_LOGON_INFO(struct ndr_pull *ndr, int ndr_flags, struct PAC_LOGON_INFO *r)
+{
+	uint32_t _ptr_res_group_dom_sid;
+	TALLOC_CTX *_mem_save_res_group_dom_sid_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_netr_SamInfo3(ndr, NDR_SCALARS, &r->info3));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_res_group_dom_sid));
+		if (_ptr_res_group_dom_sid) {
+			NDR_PULL_ALLOC(ndr, r->res_group_dom_sid);
+		} else {
+			r->res_group_dom_sid = NULL;
+		}
+		NDR_CHECK(ndr_pull_samr_RidWithAttributeArray(ndr, NDR_SCALARS, &r->res_groups));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_netr_SamInfo3(ndr, NDR_BUFFERS, &r->info3));
+		if (r->res_group_dom_sid) {
+			_mem_save_res_group_dom_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->res_group_dom_sid, 0);
+			NDR_CHECK(ndr_pull_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->res_group_dom_sid));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_res_group_dom_sid_0, 0);
+		}
+		NDR_CHECK(ndr_pull_samr_RidWithAttributeArray(ndr, NDR_BUFFERS, &r->res_groups));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PAC_LOGON_INFO(struct ndr_print *ndr, const char *name, const struct PAC_LOGON_INFO *r)
+{
+	ndr_print_struct(ndr, name, "PAC_LOGON_INFO");
+	ndr->depth++;
+	ndr_print_netr_SamInfo3(ndr, "info3", &r->info3);
+	ndr_print_ptr(ndr, "res_group_dom_sid", r->res_group_dom_sid);
+	ndr->depth++;
+	if (r->res_group_dom_sid) {
+		ndr_print_dom_sid2(ndr, "res_group_dom_sid", r->res_group_dom_sid);
+	}
+	ndr->depth--;
+	ndr_print_samr_RidWithAttributeArray(ndr, "res_groups", &r->res_groups);
+	ndr->depth--;
+}
+
+static size_t ndr_size_PAC_LOGON_INFO(const struct PAC_LOGON_INFO *r, int flags)
+{
+	return ndr_size_struct(r, flags, (ndr_push_flags_fn_t)ndr_push_PAC_LOGON_INFO);
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_PAC_LOGON_INFO_CTR(struct ndr_push *ndr, int ndr_flags, const struct PAC_LOGON_INFO_CTR *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0x00081001));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0xCCCCCCCC));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, NDR_ROUND(ndr_size_PAC_LOGON_INFO(r->info, ndr->flags) + 4, 8)));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0x00000000));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->info));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->info) {
+			NDR_CHECK(ndr_push_PAC_LOGON_INFO(ndr, NDR_SCALARS|NDR_BUFFERS, r->info));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_PAC_LOGON_INFO_CTR(struct ndr_pull *ndr, int ndr_flags, struct PAC_LOGON_INFO_CTR *r)
+{
+	uint32_t _ptr_info;
+	TALLOC_CTX *_mem_save_info_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown1));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown2));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->_ndr_size));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown3));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info));
+		if (_ptr_info) {
+			NDR_PULL_ALLOC(ndr, r->info);
+		} else {
+			r->info = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->info) {
+			_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->info, 0);
+			NDR_CHECK(ndr_pull_PAC_LOGON_INFO(ndr, NDR_SCALARS|NDR_BUFFERS, r->info));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PAC_LOGON_INFO_CTR(struct ndr_print *ndr, const char *name, const struct PAC_LOGON_INFO_CTR *r)
+{
+	ndr_print_struct(ndr, name, "PAC_LOGON_INFO_CTR");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "unknown1", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?0x00081001:r->unknown1);
+	ndr_print_uint32(ndr, "unknown2", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?0xCCCCCCCC:r->unknown2);
+	ndr_print_uint32(ndr, "_ndr_size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?NDR_ROUND(ndr_size_PAC_LOGON_INFO(r->info, ndr->flags) + 4, 8):r->_ndr_size);
+	ndr_print_uint32(ndr, "unknown3", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?0x00000000:r->unknown3);
+	ndr_print_ptr(ndr, "info", r->info);
+	ndr->depth++;
+	if (r->info) {
+		ndr_print_PAC_LOGON_INFO(ndr, "info", r->info);
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_PAC_TYPE(struct ndr_push *ndr, int ndr_flags, enum PAC_TYPE r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_PAC_TYPE(struct ndr_pull *ndr, int ndr_flags, enum PAC_TYPE *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PAC_TYPE(struct ndr_print *ndr, const char *name, enum PAC_TYPE r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case PAC_TYPE_LOGON_INFO: val = "PAC_TYPE_LOGON_INFO"; break;
+		case PAC_TYPE_SRV_CHECKSUM: val = "PAC_TYPE_SRV_CHECKSUM"; break;
+		case PAC_TYPE_KDC_CHECKSUM: val = "PAC_TYPE_KDC_CHECKSUM"; break;
+		case PAC_TYPE_LOGON_NAME: val = "PAC_TYPE_LOGON_NAME"; break;
+		case PAC_TYPE_CONSTRAINED_DELEGATION: val = "PAC_TYPE_CONSTRAINED_DELEGATION"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_PAC_INFO(struct ndr_push *ndr, int ndr_flags, const union PAC_INFO *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		switch (level) {
+			case PAC_TYPE_LOGON_INFO: {
+				NDR_CHECK(ndr_push_PAC_LOGON_INFO_CTR(ndr, NDR_SCALARS, &r->logon_info));
+			break; }
+
+			case PAC_TYPE_SRV_CHECKSUM: {
+				NDR_CHECK(ndr_push_PAC_SIGNATURE_DATA(ndr, NDR_SCALARS, &r->srv_cksum));
+			break; }
+
+			case PAC_TYPE_KDC_CHECKSUM: {
+				NDR_CHECK(ndr_push_PAC_SIGNATURE_DATA(ndr, NDR_SCALARS, &r->kdc_cksum));
+			break; }
+
+			case PAC_TYPE_LOGON_NAME: {
+				NDR_CHECK(ndr_push_PAC_LOGON_NAME(ndr, NDR_SCALARS, &r->logon_name));
+			break; }
+
+			default:
+				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		switch (level) {
+			case PAC_TYPE_LOGON_INFO:
+				NDR_CHECK(ndr_push_PAC_LOGON_INFO_CTR(ndr, NDR_BUFFERS, &r->logon_info));
+			break;
+
+			case PAC_TYPE_SRV_CHECKSUM:
+			break;
+
+			case PAC_TYPE_KDC_CHECKSUM:
+			break;
+
+			case PAC_TYPE_LOGON_NAME:
+			break;
+
+			default:
+				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_PAC_INFO(struct ndr_pull *ndr, int ndr_flags, union PAC_INFO *r)
+{
+	int level;
+	level = ndr_pull_get_switch_value(ndr, r);
+	if (ndr_flags & NDR_SCALARS) {
+		switch (level) {
+			case PAC_TYPE_LOGON_INFO: {
+				NDR_CHECK(ndr_pull_PAC_LOGON_INFO_CTR(ndr, NDR_SCALARS, &r->logon_info));
+			break; }
+
+			case PAC_TYPE_SRV_CHECKSUM: {
+				NDR_CHECK(ndr_pull_PAC_SIGNATURE_DATA(ndr, NDR_SCALARS, &r->srv_cksum));
+			break; }
+
+			case PAC_TYPE_KDC_CHECKSUM: {
+				NDR_CHECK(ndr_pull_PAC_SIGNATURE_DATA(ndr, NDR_SCALARS, &r->kdc_cksum));
+			break; }
+
+			case PAC_TYPE_LOGON_NAME: {
+				NDR_CHECK(ndr_pull_PAC_LOGON_NAME(ndr, NDR_SCALARS, &r->logon_name));
+			break; }
+
+			default:
+				return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		switch (level) {
+			case PAC_TYPE_LOGON_INFO:
+				NDR_CHECK(ndr_pull_PAC_LOGON_INFO_CTR(ndr, NDR_BUFFERS, &r->logon_info));
+			break;
+
+			case PAC_TYPE_SRV_CHECKSUM:
+			break;
+
+			case PAC_TYPE_KDC_CHECKSUM:
+			break;
+
+			case PAC_TYPE_LOGON_NAME:
+			break;
+
+			default:
+				return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PAC_INFO(struct ndr_print *ndr, const char *name, const union PAC_INFO *r)
+{
+	int level;
+	level = ndr_print_get_switch_value(ndr, r);
+	ndr_print_union(ndr, name, level, "PAC_INFO");
+	switch (level) {
+		case PAC_TYPE_LOGON_INFO:
+			ndr_print_PAC_LOGON_INFO_CTR(ndr, "logon_info", &r->logon_info);
+		break;
+
+		case PAC_TYPE_SRV_CHECKSUM:
+			ndr_print_PAC_SIGNATURE_DATA(ndr, "srv_cksum", &r->srv_cksum);
+		break;
+
+		case PAC_TYPE_KDC_CHECKSUM:
+			ndr_print_PAC_SIGNATURE_DATA(ndr, "kdc_cksum", &r->kdc_cksum);
+		break;
+
+		case PAC_TYPE_LOGON_NAME:
+			ndr_print_PAC_LOGON_NAME(ndr, "logon_name", &r->logon_name);
+		break;
+
+		default:
+			ndr_print_bad_level(ndr, name, level);
+	}
+}
+
+_PUBLIC_ size_t ndr_size_PAC_INFO(const union PAC_INFO *r, uint32_t level, int flags)
+{
+	return ndr_size_union(r, flags, level, (ndr_push_flags_fn_t)ndr_push_PAC_INFO);
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_PAC_DATA(struct ndr_push *ndr, int ndr_flags, const struct PAC_DATA *r)
+{
+	uint32_t cntr_buffers_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->num_buffers));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->version));
+		for (cntr_buffers_0 = 0; cntr_buffers_0 < r->num_buffers; cntr_buffers_0++) {
+			NDR_CHECK(ndr_push_PAC_BUFFER(ndr, NDR_SCALARS, &r->buffers[cntr_buffers_0]));
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		for (cntr_buffers_0 = 0; cntr_buffers_0 < r->num_buffers; cntr_buffers_0++) {
+			NDR_CHECK(ndr_push_PAC_BUFFER(ndr, NDR_BUFFERS, &r->buffers[cntr_buffers_0]));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_PAC_DATA(struct ndr_pull *ndr, int ndr_flags, struct PAC_DATA *r)
+{
+	uint32_t cntr_buffers_0;
+	TALLOC_CTX *_mem_save_buffers_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_buffers));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->version));
+		NDR_PULL_ALLOC_N(ndr, r->buffers, r->num_buffers);
+		_mem_save_buffers_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->buffers, 0);
+		for (cntr_buffers_0 = 0; cntr_buffers_0 < r->num_buffers; cntr_buffers_0++) {
+			NDR_CHECK(ndr_pull_PAC_BUFFER(ndr, NDR_SCALARS, &r->buffers[cntr_buffers_0]));
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffers_0, 0);
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		_mem_save_buffers_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->buffers, 0);
+		for (cntr_buffers_0 = 0; cntr_buffers_0 < r->num_buffers; cntr_buffers_0++) {
+			NDR_CHECK(ndr_pull_PAC_BUFFER(ndr, NDR_BUFFERS, &r->buffers[cntr_buffers_0]));
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffers_0, 0);
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PAC_DATA(struct ndr_print *ndr, const char *name, const struct PAC_DATA *r)
+{
+	uint32_t cntr_buffers_0;
+	ndr_print_struct(ndr, name, "PAC_DATA");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "num_buffers", r->num_buffers);
+	ndr_print_uint32(ndr, "version", r->version);
+	ndr->print(ndr, "%s: ARRAY(%d)", "buffers", r->num_buffers);
+	ndr->depth++;
+	for (cntr_buffers_0=0;cntr_buffers_0<r->num_buffers;cntr_buffers_0++) {
+		char *idx_0=NULL;
+		if (asprintf(&idx_0, "[%d]", cntr_buffers_0) != -1) {
+			ndr_print_PAC_BUFFER(ndr, "buffers", &r->buffers[cntr_buffers_0]);
+			free(idx_0);
+		}
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_DATA_BLOB_REM(struct ndr_push *ndr, int ndr_flags, const struct DATA_BLOB_REM *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		{
+			uint32_t _flags_save_DATA_BLOB = ndr->flags;
+			ndr_set_flags(&ndr->flags, LIBNDR_FLAG_REMAINING);
+			NDR_CHECK(ndr_push_DATA_BLOB(ndr, NDR_SCALARS, r->remaining));
+			ndr->flags = _flags_save_DATA_BLOB;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_DATA_BLOB_REM(struct ndr_pull *ndr, int ndr_flags, struct DATA_BLOB_REM *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		{
+			uint32_t _flags_save_DATA_BLOB = ndr->flags;
+			ndr_set_flags(&ndr->flags, LIBNDR_FLAG_REMAINING);
+			NDR_CHECK(ndr_pull_DATA_BLOB(ndr, NDR_SCALARS, &r->remaining));
+			ndr->flags = _flags_save_DATA_BLOB;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_DATA_BLOB_REM(struct ndr_print *ndr, const char *name, const struct DATA_BLOB_REM *r)
+{
+	ndr_print_struct(ndr, name, "DATA_BLOB_REM");
+	ndr->depth++;
+	ndr_print_DATA_BLOB(ndr, "remaining", r->remaining);
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_PAC_BUFFER_RAW(struct ndr_push *ndr, int ndr_flags, const struct PAC_BUFFER_RAW *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_PAC_TYPE(ndr, NDR_SCALARS, r->type));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->ndr_size));
+		{
+			uint32_t _flags_save_DATA_BLOB_REM = ndr->flags;
+			ndr_set_flags(&ndr->flags, LIBNDR_FLAG_ALIGN8);
+			NDR_CHECK(ndr_push_relative_ptr1(ndr, r->info));
+			ndr->flags = _flags_save_DATA_BLOB_REM;
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		{
+			uint32_t _flags_save_DATA_BLOB_REM = ndr->flags;
+			ndr_set_flags(&ndr->flags, LIBNDR_FLAG_ALIGN8);
+			if (r->info) {
+				NDR_CHECK(ndr_push_relative_ptr2(ndr, r->info));
+				{
+					struct ndr_push *_ndr_info;
+					NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_info, 0, NDR_ROUND(r->ndr_size, 8)));
+					NDR_CHECK(ndr_push_DATA_BLOB_REM(_ndr_info, NDR_SCALARS, r->info));
+					NDR_CHECK(ndr_push_subcontext_end(ndr, _ndr_info, 0, NDR_ROUND(r->ndr_size, 8)));
+				}
+			}
+			ndr->flags = _flags_save_DATA_BLOB_REM;
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_PAC_BUFFER_RAW(struct ndr_pull *ndr, int ndr_flags, struct PAC_BUFFER_RAW *r)
+{
+	uint32_t _ptr_info;
+	TALLOC_CTX *_mem_save_info_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_PAC_TYPE(ndr, NDR_SCALARS, &r->type));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->ndr_size));
+		{
+			uint32_t _flags_save_DATA_BLOB_REM = ndr->flags;
+			ndr_set_flags(&ndr->flags, LIBNDR_FLAG_ALIGN8);
+			NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info));
+			if (_ptr_info) {
+				NDR_PULL_ALLOC(ndr, r->info);
+				NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->info, _ptr_info));
+			} else {
+				r->info = NULL;
+			}
+			ndr->flags = _flags_save_DATA_BLOB_REM;
+		}
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->_pad));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		{
+			uint32_t _flags_save_DATA_BLOB_REM = ndr->flags;
+			ndr_set_flags(&ndr->flags, LIBNDR_FLAG_ALIGN8);
+			if (r->info) {
+				uint32_t _relative_save_offset;
+				_relative_save_offset = ndr->offset;
+				NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->info));
+				_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+				NDR_PULL_SET_MEM_CTX(ndr, r->info, 0);
+				{
+					struct ndr_pull *_ndr_info;
+					NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_info, 0, NDR_ROUND(r->ndr_size, 8)));
+					NDR_CHECK(ndr_pull_DATA_BLOB_REM(_ndr_info, NDR_SCALARS, r->info));
+					NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_info, 0, NDR_ROUND(r->ndr_size, 8)));
+				}
+				NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0);
+				ndr->offset = _relative_save_offset;
+			}
+			ndr->flags = _flags_save_DATA_BLOB_REM;
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PAC_BUFFER_RAW(struct ndr_print *ndr, const char *name, const struct PAC_BUFFER_RAW *r)
+{
+	ndr_print_struct(ndr, name, "PAC_BUFFER_RAW");
+	ndr->depth++;
+	ndr_print_PAC_TYPE(ndr, "type", r->type);
+	ndr_print_uint32(ndr, "ndr_size", r->ndr_size);
+	ndr_print_ptr(ndr, "info", r->info);
+	ndr->depth++;
+	if (r->info) {
+		ndr_print_DATA_BLOB_REM(ndr, "info", r->info);
+	}
+	ndr->depth--;
+	ndr_print_uint32(ndr, "_pad", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?0:r->_pad);
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_PAC_DATA_RAW(struct ndr_push *ndr, int ndr_flags, const struct PAC_DATA_RAW *r)
+{
+	uint32_t cntr_buffers_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->num_buffers));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->version));
+		for (cntr_buffers_0 = 0; cntr_buffers_0 < r->num_buffers; cntr_buffers_0++) {
+			NDR_CHECK(ndr_push_PAC_BUFFER_RAW(ndr, NDR_SCALARS, &r->buffers[cntr_buffers_0]));
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		for (cntr_buffers_0 = 0; cntr_buffers_0 < r->num_buffers; cntr_buffers_0++) {
+			NDR_CHECK(ndr_push_PAC_BUFFER_RAW(ndr, NDR_BUFFERS, &r->buffers[cntr_buffers_0]));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_PAC_DATA_RAW(struct ndr_pull *ndr, int ndr_flags, struct PAC_DATA_RAW *r)
+{
+	uint32_t cntr_buffers_0;
+	TALLOC_CTX *_mem_save_buffers_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_buffers));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->version));
+		NDR_PULL_ALLOC_N(ndr, r->buffers, r->num_buffers);
+		_mem_save_buffers_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->buffers, 0);
+		for (cntr_buffers_0 = 0; cntr_buffers_0 < r->num_buffers; cntr_buffers_0++) {
+			NDR_CHECK(ndr_pull_PAC_BUFFER_RAW(ndr, NDR_SCALARS, &r->buffers[cntr_buffers_0]));
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffers_0, 0);
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		_mem_save_buffers_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->buffers, 0);
+		for (cntr_buffers_0 = 0; cntr_buffers_0 < r->num_buffers; cntr_buffers_0++) {
+			NDR_CHECK(ndr_pull_PAC_BUFFER_RAW(ndr, NDR_BUFFERS, &r->buffers[cntr_buffers_0]));
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffers_0, 0);
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PAC_DATA_RAW(struct ndr_print *ndr, const char *name, const struct PAC_DATA_RAW *r)
+{
+	uint32_t cntr_buffers_0;
+	ndr_print_struct(ndr, name, "PAC_DATA_RAW");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "num_buffers", r->num_buffers);
+	ndr_print_uint32(ndr, "version", r->version);
+	ndr->print(ndr, "%s: ARRAY(%d)", "buffers", r->num_buffers);
+	ndr->depth++;
+	for (cntr_buffers_0=0;cntr_buffers_0<r->num_buffers;cntr_buffers_0++) {
+		char *idx_0=NULL;
+		if (asprintf(&idx_0, "[%d]", cntr_buffers_0) != -1) {
+			ndr_print_PAC_BUFFER_RAW(ndr, "buffers", &r->buffers[cntr_buffers_0]);
+			free(idx_0);
+		}
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_netsamlogoncache_entry(struct ndr_push *ndr, int ndr_flags, const struct netsamlogoncache_entry *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_time_t(ndr, NDR_SCALARS, r->timestamp));
+		NDR_CHECK(ndr_push_netr_SamInfo3(ndr, NDR_SCALARS, &r->info3));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_netr_SamInfo3(ndr, NDR_BUFFERS, &r->info3));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_netsamlogoncache_entry(struct ndr_pull *ndr, int ndr_flags, struct netsamlogoncache_entry *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_time_t(ndr, NDR_SCALARS, &r->timestamp));
+		NDR_CHECK(ndr_pull_netr_SamInfo3(ndr, NDR_SCALARS, &r->info3));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_netr_SamInfo3(ndr, NDR_BUFFERS, &r->info3));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_netsamlogoncache_entry(struct ndr_print *ndr, const char *name, const struct netsamlogoncache_entry *r)
+{
+	ndr_print_struct(ndr, name, "netsamlogoncache_entry");
+	ndr->depth++;
+	ndr_print_time_t(ndr, "timestamp", r->timestamp);
+	ndr_print_netr_SamInfo3(ndr, "info3", &r->info3);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_decode_pac(struct ndr_push *ndr, int flags, const struct decode_pac *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_PAC_DATA(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.pac));
+	}
+	if (flags & NDR_OUT) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_decode_pac(struct ndr_pull *ndr, int flags, struct decode_pac *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_pull_PAC_DATA(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.pac));
+	}
+	if (flags & NDR_OUT) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_decode_pac(struct ndr_print *ndr, const char *name, int flags, const struct decode_pac *r)
+{
+	ndr_print_struct(ndr, name, "decode_pac");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "decode_pac");
+		ndr->depth++;
+		ndr_print_PAC_DATA(ndr, "pac", &r->in.pac);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "decode_pac");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_decode_pac_raw(struct ndr_push *ndr, int flags, const struct decode_pac_raw *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_PAC_DATA_RAW(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.pac));
+	}
+	if (flags & NDR_OUT) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_decode_pac_raw(struct ndr_pull *ndr, int flags, struct decode_pac_raw *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_pull_PAC_DATA_RAW(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.pac));
+	}
+	if (flags & NDR_OUT) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_decode_pac_raw(struct ndr_print *ndr, const char *name, int flags, const struct decode_pac_raw *r)
+{
+	ndr_print_struct(ndr, name, "decode_pac_raw");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "decode_pac_raw");
+		ndr->depth++;
+		ndr_print_PAC_DATA_RAW(ndr, "pac", &r->in.pac);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "decode_pac_raw");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_decode_login_info(struct ndr_push *ndr, int flags, const struct decode_login_info *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_PAC_LOGON_INFO(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.logon_info));
+	}
+	if (flags & NDR_OUT) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_decode_login_info(struct ndr_pull *ndr, int flags, struct decode_login_info *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_pull_PAC_LOGON_INFO(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.logon_info));
+	}
+	if (flags & NDR_OUT) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_decode_login_info(struct ndr_print *ndr, const char *name, int flags, const struct decode_login_info *r)
+{
+	ndr_print_struct(ndr, name, "decode_login_info");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "decode_login_info");
+		ndr->depth++;
+		ndr_print_PAC_LOGON_INFO(ndr, "logon_info", &r->in.logon_info);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "decode_login_info");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static const struct ndr_interface_call krb5pac_calls[] = {
+	{
+		"decode_pac",
+		sizeof(struct decode_pac),
+		(ndr_push_flags_fn_t) ndr_push_decode_pac,
+		(ndr_pull_flags_fn_t) ndr_pull_decode_pac,
+		(ndr_print_function_t) ndr_print_decode_pac,
+		false,
+	},
+	{
+		"decode_pac_raw",
+		sizeof(struct decode_pac_raw),
+		(ndr_push_flags_fn_t) ndr_push_decode_pac_raw,
+		(ndr_pull_flags_fn_t) ndr_pull_decode_pac_raw,
+		(ndr_print_function_t) ndr_print_decode_pac_raw,
+		false,
+	},
+	{
+		"decode_login_info",
+		sizeof(struct decode_login_info),
+		(ndr_push_flags_fn_t) ndr_push_decode_login_info,
+		(ndr_pull_flags_fn_t) ndr_pull_decode_login_info,
+		(ndr_print_function_t) ndr_print_decode_login_info,
+		false,
+	},
+	{ NULL, 0, NULL, NULL, NULL, false }
+};
+
+static const char * const krb5pac_endpoint_strings[] = {
+	"ncacn_np:[\\pipe\\krb5pac]", 
+};
+
+static const struct ndr_interface_string_array krb5pac_endpoints = {
+	.count	= 1,
+	.names	= krb5pac_endpoint_strings
+};
+
+static const char * const krb5pac_authservice_strings[] = {
+	"host", 
+};
+
+static const struct ndr_interface_string_array krb5pac_authservices = {
+	.count	= 1,
+	.names	= krb5pac_authservice_strings
+};
+
+
+const struct ndr_interface_table ndr_table_krb5pac = {
+	.name		= "krb5pac",
+	.syntax_id	= {
+		{0x12345778,0x1234,0xabcd,{0x00,0x00},{0x00,0x00,0x00,0x00}},
+		NDR_KRB5PAC_VERSION
+	},
+	.helpstring	= NDR_KRB5PAC_HELPSTRING,
+	.num_calls	= 3,
+	.calls		= krb5pac_calls,
+	.endpoints	= &krb5pac_endpoints,
+	.authservices	= &krb5pac_authservices
+};
+
diff --git a/source3/librpc/gen_ndr/ndr_krb5pac.h b/source3/librpc/gen_ndr/ndr_krb5pac.h
new file mode 100644
index 0000000000..f23505d4f0
--- /dev/null
+++ b/source3/librpc/gen_ndr/ndr_krb5pac.h
@@ -0,0 +1,55 @@
+/* header auto-generated by pidl */
+
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/krb5pac.h"
+
+#ifndef _HEADER_NDR_krb5pac
+#define _HEADER_NDR_krb5pac
+
+#define NDR_KRB5PAC_UUID "12345778-1234-abcd-0000-00000000"
+#define NDR_KRB5PAC_VERSION 0.0
+#define NDR_KRB5PAC_NAME "krb5pac"
+#define NDR_KRB5PAC_HELPSTRING "Active Directory KRB5 PAC"
+extern const struct ndr_interface_table ndr_table_krb5pac;
+#define NDR_DECODE_PAC (0x00)
+
+#define NDR_DECODE_PAC_RAW (0x01)
+
+#define NDR_DECODE_LOGIN_INFO (0x02)
+
+#define NDR_KRB5PAC_CALL_COUNT (3)
+void ndr_print_PAC_LOGON_NAME(struct ndr_print *ndr, const char *name, const struct PAC_LOGON_NAME *r);
+enum ndr_err_code ndr_push_PAC_SIGNATURE_DATA(struct ndr_push *ndr, int ndr_flags, const struct PAC_SIGNATURE_DATA *r);
+enum ndr_err_code ndr_pull_PAC_SIGNATURE_DATA(struct ndr_pull *ndr, int ndr_flags, struct PAC_SIGNATURE_DATA *r);
+void ndr_print_PAC_SIGNATURE_DATA(struct ndr_print *ndr, const char *name, const struct PAC_SIGNATURE_DATA *r);
+void ndr_print_PAC_LOGON_INFO(struct ndr_print *ndr, const char *name, const struct PAC_LOGON_INFO *r);
+enum ndr_err_code ndr_push_PAC_LOGON_INFO_CTR(struct ndr_push *ndr, int ndr_flags, const struct PAC_LOGON_INFO_CTR *r);
+enum ndr_err_code ndr_pull_PAC_LOGON_INFO_CTR(struct ndr_pull *ndr, int ndr_flags, struct PAC_LOGON_INFO_CTR *r);
+void ndr_print_PAC_LOGON_INFO_CTR(struct ndr_print *ndr, const char *name, const struct PAC_LOGON_INFO_CTR *r);
+enum ndr_err_code ndr_push_PAC_TYPE(struct ndr_push *ndr, int ndr_flags, enum PAC_TYPE r);
+enum ndr_err_code ndr_pull_PAC_TYPE(struct ndr_pull *ndr, int ndr_flags, enum PAC_TYPE *r);
+void ndr_print_PAC_TYPE(struct ndr_print *ndr, const char *name, enum PAC_TYPE r);
+enum ndr_err_code ndr_push_PAC_INFO(struct ndr_push *ndr, int ndr_flags, const union PAC_INFO *r);
+enum ndr_err_code ndr_pull_PAC_INFO(struct ndr_pull *ndr, int ndr_flags, union PAC_INFO *r);
+void ndr_print_PAC_INFO(struct ndr_print *ndr, const char *name, const union PAC_INFO *r);
+size_t ndr_size_PAC_INFO(const union PAC_INFO *r, uint32_t level, int flags);
+enum ndr_err_code ndr_push_PAC_BUFFER(struct ndr_push *ndr, int ndr_flags, const struct PAC_BUFFER *r);
+enum ndr_err_code ndr_pull_PAC_BUFFER(struct ndr_pull *ndr, int ndr_flags, struct PAC_BUFFER *r);
+void ndr_print_PAC_BUFFER(struct ndr_print *ndr, const char *name, const struct PAC_BUFFER *r);
+enum ndr_err_code ndr_push_PAC_DATA(struct ndr_push *ndr, int ndr_flags, const struct PAC_DATA *r);
+enum ndr_err_code ndr_pull_PAC_DATA(struct ndr_pull *ndr, int ndr_flags, struct PAC_DATA *r);
+void ndr_print_PAC_DATA(struct ndr_print *ndr, const char *name, const struct PAC_DATA *r);
+void ndr_print_DATA_BLOB_REM(struct ndr_print *ndr, const char *name, const struct DATA_BLOB_REM *r);
+enum ndr_err_code ndr_push_PAC_BUFFER_RAW(struct ndr_push *ndr, int ndr_flags, const struct PAC_BUFFER_RAW *r);
+enum ndr_err_code ndr_pull_PAC_BUFFER_RAW(struct ndr_pull *ndr, int ndr_flags, struct PAC_BUFFER_RAW *r);
+void ndr_print_PAC_BUFFER_RAW(struct ndr_print *ndr, const char *name, const struct PAC_BUFFER_RAW *r);
+enum ndr_err_code ndr_push_PAC_DATA_RAW(struct ndr_push *ndr, int ndr_flags, const struct PAC_DATA_RAW *r);
+enum ndr_err_code ndr_pull_PAC_DATA_RAW(struct ndr_pull *ndr, int ndr_flags, struct PAC_DATA_RAW *r);
+void ndr_print_PAC_DATA_RAW(struct ndr_print *ndr, const char *name, const struct PAC_DATA_RAW *r);
+enum ndr_err_code ndr_push_netsamlogoncache_entry(struct ndr_push *ndr, int ndr_flags, const struct netsamlogoncache_entry *r);
+enum ndr_err_code ndr_pull_netsamlogoncache_entry(struct ndr_pull *ndr, int ndr_flags, struct netsamlogoncache_entry *r);
+void ndr_print_netsamlogoncache_entry(struct ndr_print *ndr, const char *name, const struct netsamlogoncache_entry *r);
+void ndr_print_decode_pac(struct ndr_print *ndr, const char *name, int flags, const struct decode_pac *r);
+void ndr_print_decode_pac_raw(struct ndr_print *ndr, const char *name, int flags, const struct decode_pac_raw *r);
+void ndr_print_decode_login_info(struct ndr_print *ndr, const char *name, int flags, const struct decode_login_info *r);
+#endif /* _HEADER_NDR_krb5pac */
diff --git a/source3/librpc/gen_ndr/ndr_libnet_join.c b/source3/librpc/gen_ndr/ndr_libnet_join.c
index 5345bc0ad4..6e65d03977 100644
--- a/source3/librpc/gen_ndr/ndr_libnet_join.c
+++ b/source3/librpc/gen_ndr/ndr_libnet_join.c
@@ -95,6 +95,8 @@ _PUBLIC_ void ndr_print_libnet_UnjoinCtx(struct ndr_print *ndr, const char *name
 		ndr_print_string(ndr, "dns_domain_name", r->out.dns_domain_name);
 		ndr_print_uint8(ndr, "modified_config", r->out.modified_config);
 		ndr_print_string(ndr, "error_string", r->out.error_string);
+		ndr_print_uint8(ndr, "disabled_machine_account", r->out.disabled_machine_account);
+		ndr_print_uint8(ndr, "deleted_machine_account", r->out.deleted_machine_account);
 		ndr_print_WERROR(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
diff --git a/source3/librpc/gen_ndr/ndr_libnet_join.h b/source3/librpc/gen_ndr/ndr_libnet_join.h
index 4a5fdf0d50..14c8a863aa 100644
--- a/source3/librpc/gen_ndr/ndr_libnet_join.h
+++ b/source3/librpc/gen_ndr/ndr_libnet_join.h
@@ -6,11 +6,7 @@
 #ifndef _HEADER_NDR_libnetjoin
 #define _HEADER_NDR_libnetjoin
 
-#define NDR_LIBNET_JOINCTX (0x00)
-
-#define NDR_LIBNET_UNJOINCTX (0x01)
-
-#define NDR_LIBNETJOIN_CALL_COUNT (2)
+#define NDR_LIBNETJOIN_CALL_COUNT (0)
 enum ndr_err_code ndr_push_libnet_JoinCtx(struct ndr_push *ndr, int flags, const struct libnet_JoinCtx *r);
 enum ndr_err_code ndr_pull_libnet_JoinCtx(struct ndr_pull *ndr, int flags, struct libnet_JoinCtx *r);
 void ndr_print_libnet_JoinCtx(struct ndr_print *ndr, const char *name, int flags, const struct libnet_JoinCtx *r);
diff --git a/source3/librpc/gen_ndr/ndr_lsa.c b/source3/librpc/gen_ndr/ndr_lsa.c
index eed2a8e0e3..03e1c21e55 100644
--- a/source3/librpc/gen_ndr/ndr_lsa.c
+++ b/source3/librpc/gen_ndr/ndr_lsa.c
@@ -80,12 +80,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_StringLarge(struct ndr_push *ndr, int nd
 	if (ndr_flags & NDR_SCALARS) {
 		NDR_CHECK(ndr_push_align(ndr, 4));
 		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, 2 * strlen_m(r->string)));
-		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, 2 * (strlen_m(r->string) + 1)));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, 2 * strlen_m_term(r->string)));
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->string));
 	}
 	if (ndr_flags & NDR_BUFFERS) {
 		if (r->string) {
-			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 2 * (strlen_m(r->string) + 1) / 2));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 2 * strlen_m_term(r->string) / 2));
 			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
 			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 2 * strlen_m(r->string) / 2));
 			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->string, 2 * strlen_m(r->string) / 2, sizeof(uint16_t), CH_UTF16));
@@ -136,7 +136,7 @@ _PUBLIC_ void ndr_print_lsa_StringLarge(struct ndr_print *ndr, const char *name,
 	ndr_print_struct(ndr, name, "lsa_StringLarge");
 	ndr->depth++;
 	ndr_print_uint16(ndr, "length", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?2 * strlen_m(r->string):r->length);
-	ndr_print_uint16(ndr, "size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?2 * (strlen_m(r->string) + 1):r->size);
+	ndr_print_uint16(ndr, "size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?2 * strlen_m_term(r->string):r->size);
 	ndr_print_ptr(ndr, "string", r->string);
 	ndr->depth++;
 	if (r->string) {
@@ -221,8 +221,7 @@ _PUBLIC_ void ndr_print_lsa_Strings(struct ndr_print *ndr, const char *name, con
 		ndr->depth++;
 		for (cntr_names_1=0;cntr_names_1<r->count;cntr_names_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_names_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_names_1) != -1) {
 				ndr_print_lsa_String(ndr, "names", &r->names[cntr_names_1]);
 				free(idx_1);
 			}
@@ -239,21 +238,14 @@ _PUBLIC_ enum ndr_err_code ndr_push_lsa_AsciiString(struct ndr_push *ndr, int nd
 		NDR_CHECK(ndr_push_align(ndr, 4));
 		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, strlen_m(r->string)));
 		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, strlen_m(r->string)));
-		{
-			uint32_t _flags_save_string = ndr->flags;
-			ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_NOTERM|LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_SIZE4|LIBNDR_FLAG_STR_LEN4);
-			NDR_CHECK(ndr_push_unique_ptr(ndr, r->string));
-			ndr->flags = _flags_save_string;
-		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->string));
 	}
 	if (ndr_flags & NDR_BUFFERS) {
-		{
-			uint32_t _flags_save_string = ndr->flags;
-			ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_NOTERM|LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_SIZE4|LIBNDR_FLAG_STR_LEN4);
-			if (r->string) {
-				NDR_CHECK(ndr_push_string(ndr, NDR_SCALARS, r->string));
-			}
-			ndr->flags = _flags_save_string;
+		if (r->string) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, strlen_m(r->string)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, strlen_m(r->string)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->string, strlen_m(r->string), sizeof(uint8_t), CH_DOS));
 		}
 	}
 	return NDR_ERR_SUCCESS;
@@ -267,29 +259,30 @@ _PUBLIC_ enum ndr_err_code ndr_pull_lsa_AsciiString(struct ndr_pull *ndr, int nd
 		NDR_CHECK(ndr_pull_align(ndr, 4));
 		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->length));
 		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
-		{
-			uint32_t _flags_save_string = ndr->flags;
-			ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_NOTERM|LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_SIZE4|LIBNDR_FLAG_STR_LEN4);
-			NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_string));
-			if (_ptr_string) {
-				NDR_PULL_ALLOC(ndr, r->string);
-			} else {
-				r->string = NULL;
-			}
-			ndr->flags = _flags_save_string;
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_string));
+		if (_ptr_string) {
+			NDR_PULL_ALLOC(ndr, r->string);
+		} else {
+			r->string = NULL;
 		}
 	}
 	if (ndr_flags & NDR_BUFFERS) {
-		{
-			uint32_t _flags_save_string = ndr->flags;
-			ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_NOTERM|LIBNDR_FLAG_STR_ASCII|LIBNDR_FLAG_STR_SIZE4|LIBNDR_FLAG_STR_LEN4);
-			if (r->string) {
-				_mem_save_string_0 = NDR_PULL_GET_MEM_CTX(ndr);
-				NDR_PULL_SET_MEM_CTX(ndr, r->string, 0);
-				NDR_CHECK(ndr_pull_string(ndr, NDR_SCALARS, &r->string));
-				NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0);
+		if (r->string) {
+			_mem_save_string_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->string, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->string));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->string));
+			if (ndr_get_array_length(ndr, &r->string) > ndr_get_array_size(ndr, &r->string)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string), ndr_get_array_length(ndr, &r->string));
 			}
-			ndr->flags = _flags_save_string;
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_length(ndr, &r->string), sizeof(uint8_t), CH_DOS));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0);
+		}
+		if (r->string) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->string, r->size));
+		}
+		if (r->string) {
+			NDR_CHECK(ndr_check_array_length(ndr, (void*)&r->string, r->length));
 		}
 	}
 	return NDR_ERR_SUCCESS;
@@ -310,6 +303,77 @@ _PUBLIC_ void ndr_print_lsa_AsciiString(struct ndr_print *ndr, const char *name,
 	ndr->depth--;
 }
 
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_AsciiStringLarge(struct ndr_push *ndr, int ndr_flags, const struct lsa_AsciiStringLarge *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, strlen_m(r->string)));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, strlen_m_term(r->string)));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->string));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->string) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, strlen_m_term(r->string)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, strlen_m(r->string)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->string, strlen_m(r->string), sizeof(uint8_t), CH_DOS));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_AsciiStringLarge(struct ndr_pull *ndr, int ndr_flags, struct lsa_AsciiStringLarge *r)
+{
+	uint32_t _ptr_string;
+	TALLOC_CTX *_mem_save_string_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->length));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_string));
+		if (_ptr_string) {
+			NDR_PULL_ALLOC(ndr, r->string);
+		} else {
+			r->string = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->string) {
+			_mem_save_string_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->string, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->string));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->string));
+			if (ndr_get_array_length(ndr, &r->string) > ndr_get_array_size(ndr, &r->string)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->string), ndr_get_array_length(ndr, &r->string));
+			}
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->string, ndr_get_array_length(ndr, &r->string), sizeof(uint8_t), CH_DOS));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0);
+		}
+		if (r->string) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->string, r->size));
+		}
+		if (r->string) {
+			NDR_CHECK(ndr_check_array_length(ndr, (void*)&r->string, r->length));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_lsa_AsciiStringLarge(struct ndr_print *ndr, const char *name, const struct lsa_AsciiStringLarge *r)
+{
+	ndr_print_struct(ndr, name, "lsa_AsciiStringLarge");
+	ndr->depth++;
+	ndr_print_uint16(ndr, "length", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?strlen_m(r->string):r->length);
+	ndr_print_uint16(ndr, "size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?strlen_m_term(r->string):r->size);
+	ndr_print_ptr(ndr, "string", r->string);
+	ndr->depth++;
+	if (r->string) {
+		ndr_print_string(ndr, "string", r->string);
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
 static enum ndr_err_code ndr_push_lsa_LUID(struct ndr_push *ndr, int ndr_flags, const struct lsa_LUID *r)
 {
 	if (ndr_flags & NDR_SCALARS) {
@@ -453,8 +517,7 @@ _PUBLIC_ void ndr_print_lsa_PrivArray(struct ndr_print *ndr, const char *name, c
 		ndr->depth++;
 		for (cntr_privs_1=0;cntr_privs_1<r->count;cntr_privs_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_privs_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_privs_1) != -1) {
 				ndr_print_lsa_PrivEntry(ndr, "privs", &r->privs[cntr_privs_1]);
 				free(idx_1);
 			}
@@ -642,6 +705,39 @@ _PUBLIC_ void ndr_print_lsa_ObjectAttribute(struct ndr_print *ndr, const char *n
 	ndr->depth--;
 }
 
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_PolicyAccessMask(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_PolicyAccessMask(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_lsa_PolicyAccessMask(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+	ndr_print_uint32(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_VIEW_LOCAL_INFORMATION", LSA_POLICY_VIEW_LOCAL_INFORMATION, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_VIEW_AUDIT_INFORMATION", LSA_POLICY_VIEW_AUDIT_INFORMATION, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_GET_PRIVATE_INFORMATION", LSA_POLICY_GET_PRIVATE_INFORMATION, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_TRUST_ADMIN", LSA_POLICY_TRUST_ADMIN, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_CREATE_ACCOUNT", LSA_POLICY_CREATE_ACCOUNT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_CREATE_SECRET", LSA_POLICY_CREATE_SECRET, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_CREATE_PRIVILEGE", LSA_POLICY_CREATE_PRIVILEGE, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS", LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_SET_AUDIT_REQUIREMENTS", LSA_POLICY_SET_AUDIT_REQUIREMENTS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_AUDIT_LOG_ADMIN", LSA_POLICY_AUDIT_LOG_ADMIN, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_SERVER_ADMIN", LSA_POLICY_SERVER_ADMIN, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "LSA_POLICY_LOOKUP_NAMES", LSA_POLICY_LOOKUP_NAMES, r);
+	ndr->depth--;
+}
+
 static enum ndr_err_code ndr_push_lsa_AuditLogInfo(struct ndr_push *ndr, int ndr_flags, const struct lsa_AuditLogInfo *r)
 {
 	if (ndr_flags & NDR_SCALARS) {
@@ -690,6 +786,34 @@ _PUBLIC_ void ndr_print_lsa_AuditLogInfo(struct ndr_print *ndr, const char *name
 	ndr->depth--;
 }
 
+static enum ndr_err_code ndr_push_lsa_PolicyAuditPolicy(struct ndr_push *ndr, int ndr_flags, enum lsa_PolicyAuditPolicy r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_lsa_PolicyAuditPolicy(struct ndr_pull *ndr, int ndr_flags, enum lsa_PolicyAuditPolicy *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_lsa_PolicyAuditPolicy(struct ndr_print *ndr, const char *name, enum lsa_PolicyAuditPolicy r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case LSA_AUDIT_POLICY_NONE: val = "LSA_AUDIT_POLICY_NONE"; break;
+		case LSA_AUDIT_POLICY_SUCCESS: val = "LSA_AUDIT_POLICY_SUCCESS"; break;
+		case LSA_AUDIT_POLICY_FAILURE: val = "LSA_AUDIT_POLICY_FAILURE"; break;
+		case LSA_AUDIT_POLICY_ALL: val = "LSA_AUDIT_POLICY_ALL"; break;
+		case LSA_AUDIT_POLICY_CLEAR: val = "LSA_AUDIT_POLICY_CLEAR"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
 static enum ndr_err_code ndr_push_lsa_AuditEventsInfo(struct ndr_push *ndr, int ndr_flags, const struct lsa_AuditEventsInfo *r)
 {
 	uint32_t cntr_settings_1;
@@ -703,7 +827,7 @@ static enum ndr_err_code ndr_push_lsa_AuditEventsInfo(struct ndr_push *ndr, int
 		if (r->settings) {
 			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
 			for (cntr_settings_1 = 0; cntr_settings_1 < r->count; cntr_settings_1++) {
-				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->settings[cntr_settings_1]));
+				NDR_CHECK(ndr_push_lsa_PolicyAuditPolicy(ndr, NDR_SCALARS, r->settings[cntr_settings_1]));
 			}
 		}
 	}
@@ -736,7 +860,7 @@ static enum ndr_err_code ndr_pull_lsa_AuditEventsInfo(struct ndr_pull *ndr, int
 			_mem_save_settings_1 = NDR_PULL_GET_MEM_CTX(ndr);
 			NDR_PULL_SET_MEM_CTX(ndr, r->settings, 0);
 			for (cntr_settings_1 = 0; cntr_settings_1 < r->count; cntr_settings_1++) {
-				NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->settings[cntr_settings_1]));
+				NDR_CHECK(ndr_pull_lsa_PolicyAuditPolicy(ndr, NDR_SCALARS, &r->settings[cntr_settings_1]));
 			}
 			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_settings_1, 0);
 			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_settings_0, 0);
@@ -761,9 +885,8 @@ _PUBLIC_ void ndr_print_lsa_AuditEventsInfo(struct ndr_print *ndr, const char *n
 		ndr->depth++;
 		for (cntr_settings_1=0;cntr_settings_1<r->count;cntr_settings_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_settings_1);
-			if (idx_1) {
-				ndr_print_uint32(ndr, "settings", r->settings[cntr_settings_1]);
+			if (asprintf(&idx_1, "[%d]", cntr_settings_1) != -1) {
+				ndr_print_lsa_PolicyAuditPolicy(ndr, "settings", r->settings[cntr_settings_1]);
 				free(idx_1);
 			}
 		}
@@ -1188,53 +1311,53 @@ static enum ndr_err_code ndr_push_lsa_PolicyInformation(struct ndr_push *ndr, in
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case LSA_POLICY_INFO_AUDIT_LOG:
+			case LSA_POLICY_INFO_AUDIT_LOG: {
 				NDR_CHECK(ndr_push_lsa_AuditLogInfo(ndr, NDR_SCALARS, &r->audit_log));
-			break;
+			break; }
 
-			case LSA_POLICY_INFO_AUDIT_EVENTS:
+			case LSA_POLICY_INFO_AUDIT_EVENTS: {
 				NDR_CHECK(ndr_push_lsa_AuditEventsInfo(ndr, NDR_SCALARS, &r->audit_events));
-			break;
+			break; }
 
-			case LSA_POLICY_INFO_DOMAIN:
+			case LSA_POLICY_INFO_DOMAIN: {
 				NDR_CHECK(ndr_push_lsa_DomainInfo(ndr, NDR_SCALARS, &r->domain));
-			break;
+			break; }
 
-			case LSA_POLICY_INFO_PD:
+			case LSA_POLICY_INFO_PD: {
 				NDR_CHECK(ndr_push_lsa_PDAccountInfo(ndr, NDR_SCALARS, &r->pd));
-			break;
+			break; }
 
-			case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
+			case LSA_POLICY_INFO_ACCOUNT_DOMAIN: {
 				NDR_CHECK(ndr_push_lsa_DomainInfo(ndr, NDR_SCALARS, &r->account_domain));
-			break;
+			break; }
 
-			case LSA_POLICY_INFO_ROLE:
+			case LSA_POLICY_INFO_ROLE: {
 				NDR_CHECK(ndr_push_lsa_ServerRole(ndr, NDR_SCALARS, &r->role));
-			break;
+			break; }
 
-			case LSA_POLICY_INFO_REPLICA:
+			case LSA_POLICY_INFO_REPLICA: {
 				NDR_CHECK(ndr_push_lsa_ReplicaSourceInfo(ndr, NDR_SCALARS, &r->replica));
-			break;
+			break; }
 
-			case LSA_POLICY_INFO_QUOTA:
+			case LSA_POLICY_INFO_QUOTA: {
 				NDR_CHECK(ndr_push_lsa_DefaultQuotaInfo(ndr, NDR_SCALARS, &r->quota));
-			break;
+			break; }
 
-			case LSA_POLICY_INFO_DB:
+			case LSA_POLICY_INFO_DB: {
 				NDR_CHECK(ndr_push_lsa_ModificationInfo(ndr, NDR_SCALARS, &r->db));
-			break;
+			break; }
 
-			case LSA_POLICY_INFO_AUDIT_FULL_SET:
+			case LSA_POLICY_INFO_AUDIT_FULL_SET: {
 				NDR_CHECK(ndr_push_lsa_AuditFullSetInfo(ndr, NDR_SCALARS, &r->auditfullset));
-			break;
+			break; }
 
-			case LSA_POLICY_INFO_AUDIT_FULL_QUERY:
+			case LSA_POLICY_INFO_AUDIT_FULL_QUERY: {
 				NDR_CHECK(ndr_push_lsa_AuditFullQueryInfo(ndr, NDR_SCALARS, &r->auditfullquery));
-			break;
+			break; }
 
-			case LSA_POLICY_INFO_DNS:
+			case LSA_POLICY_INFO_DNS: {
 				NDR_CHECK(ndr_push_lsa_DnsDomainInfo(ndr, NDR_SCALARS, &r->dns));
-			break;
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
@@ -1594,8 +1717,7 @@ _PUBLIC_ void ndr_print_lsa_SidArray(struct ndr_print *ndr, const char *name, co
 		ndr->depth++;
 		for (cntr_sids_1=0;cntr_sids_1<r->num_sids;cntr_sids_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_sids_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_sids_1) != -1) {
 				ndr_print_lsa_SidPtr(ndr, "sids", &r->sids[cntr_sids_1]);
 				free(idx_1);
 			}
@@ -1681,8 +1803,7 @@ _PUBLIC_ void ndr_print_lsa_DomainList(struct ndr_print *ndr, const char *name,
 		ndr->depth++;
 		for (cntr_domains_1=0;cntr_domains_1<r->count;cntr_domains_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_domains_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_domains_1) != -1) {
 				ndr_print_lsa_DomainInfo(ndr, "domains", &r->domains[cntr_domains_1]);
 				free(idx_1);
 			}
@@ -1834,8 +1955,7 @@ _PUBLIC_ void ndr_print_lsa_TransSidArray(struct ndr_print *ndr, const char *nam
 		ndr->depth++;
 		for (cntr_sids_1=0;cntr_sids_1<r->count;cntr_sids_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_sids_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_sids_1) != -1) {
 				ndr_print_lsa_TranslatedSid(ndr, "sids", &r->sids[cntr_sids_1]);
 				free(idx_1);
 			}
@@ -1926,8 +2046,7 @@ _PUBLIC_ void ndr_print_lsa_RefDomainList(struct ndr_print *ndr, const char *nam
 		ndr->depth++;
 		for (cntr_domains_1=0;cntr_domains_1<r->count;cntr_domains_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_domains_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_domains_1) != -1) {
 				ndr_print_lsa_DomainInfo(ndr, "domains", &r->domains[cntr_domains_1]);
 				free(idx_1);
 			}
@@ -1939,6 +2058,35 @@ _PUBLIC_ void ndr_print_lsa_RefDomainList(struct ndr_print *ndr, const char *nam
 	ndr->depth--;
 }
 
+static enum ndr_err_code ndr_push_lsa_LookupNamesLevel(struct ndr_push *ndr, int ndr_flags, enum lsa_LookupNamesLevel r)
+{
+	NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_lsa_LookupNamesLevel(struct ndr_pull *ndr, int ndr_flags, enum lsa_LookupNamesLevel *r)
+{
+	uint16_t v;
+	NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_lsa_LookupNamesLevel(struct ndr_print *ndr, const char *name, enum lsa_LookupNamesLevel r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case LSA_LOOKUP_NAMES_ALL: val = "LSA_LOOKUP_NAMES_ALL"; break;
+		case LSA_LOOKUP_NAMES_DOMAINS_ONLY: val = "LSA_LOOKUP_NAMES_DOMAINS_ONLY"; break;
+		case LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY: val = "LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY"; break;
+		case LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY: val = "LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY"; break;
+		case LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY: val = "LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY"; break;
+		case LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2: val = "LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
 static enum ndr_err_code ndr_push_lsa_TranslatedName(struct ndr_push *ndr, int ndr_flags, const struct lsa_TranslatedName *r)
 {
 	if (ndr_flags & NDR_SCALARS) {
@@ -2055,8 +2203,7 @@ _PUBLIC_ void ndr_print_lsa_TransNameArray(struct ndr_print *ndr, const char *na
 		ndr->depth++;
 		for (cntr_names_1=0;cntr_names_1<r->count;cntr_names_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_names_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_names_1) != -1) {
 				ndr_print_lsa_TranslatedName(ndr, "names", &r->names[cntr_names_1]);
 				free(idx_1);
 			}
@@ -2156,8 +2303,7 @@ _PUBLIC_ void ndr_print_lsa_PrivilegeSet(struct ndr_print *ndr, const char *name
 	ndr->depth++;
 	for (cntr_set_0=0;cntr_set_0<r->count;cntr_set_0++) {
 		char *idx_0=NULL;
-		asprintf(&idx_0, "[%d]", cntr_set_0);
-		if (idx_0) {
+		if (asprintf(&idx_0, "[%d]", cntr_set_0) != -1) {
 			ndr_print_lsa_LUIDAttribute(ndr, "set", &r->set[cntr_set_0]);
 			free(idx_0);
 		}
@@ -2922,41 +3068,41 @@ static enum ndr_err_code ndr_push_lsa_TrustedDomainInfo(struct ndr_push *ndr, in
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_lsa_TrustDomInfoEnum(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case LSA_TRUSTED_DOMAIN_INFO_NAME:
+			case LSA_TRUSTED_DOMAIN_INFO_NAME: {
 				NDR_CHECK(ndr_push_lsa_TrustDomainInfoName(ndr, NDR_SCALARS, &r->name));
-			break;
+			break; }
 
-			case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET:
+			case LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET: {
 				NDR_CHECK(ndr_push_lsa_TrustDomainInfoPosixOffset(ndr, NDR_SCALARS, &r->posix_offset));
-			break;
+			break; }
 
-			case LSA_TRUSTED_DOMAIN_INFO_PASSWORD:
+			case LSA_TRUSTED_DOMAIN_INFO_PASSWORD: {
 				NDR_CHECK(ndr_push_lsa_TrustDomainInfoPassword(ndr, NDR_SCALARS, &r->password));
-			break;
+			break; }
 
-			case LSA_TRUSTED_DOMAIN_INFO_BASIC:
+			case LSA_TRUSTED_DOMAIN_INFO_BASIC: {
 				NDR_CHECK(ndr_push_lsa_TrustDomainInfoBasic(ndr, NDR_SCALARS, &r->info_basic));
-			break;
+			break; }
 
-			case LSA_TRUSTED_DOMAIN_INFO_INFO_EX:
+			case LSA_TRUSTED_DOMAIN_INFO_INFO_EX: {
 				NDR_CHECK(ndr_push_lsa_TrustDomainInfoInfoEx(ndr, NDR_SCALARS, &r->info_ex));
-			break;
+			break; }
 
-			case LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO:
+			case LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO: {
 				NDR_CHECK(ndr_push_lsa_TrustDomainInfoAuthInfo(ndr, NDR_SCALARS, &r->auth_info));
-			break;
+			break; }
 
-			case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO:
+			case LSA_TRUSTED_DOMAIN_INFO_FULL_INFO: {
 				NDR_CHECK(ndr_push_lsa_TrustDomainInfoFullInfo(ndr, NDR_SCALARS, &r->full_info));
-			break;
+			break; }
 
-			case LSA_TRUSTED_DOMAIN_INFO_11:
+			case LSA_TRUSTED_DOMAIN_INFO_11: {
 				NDR_CHECK(ndr_push_lsa_TrustDomainInfo11(ndr, NDR_SCALARS, &r->info11));
-			break;
+			break; }
 
-			case LSA_TRUSTED_DOMAIN_INFO_INFO_ALL:
+			case LSA_TRUSTED_DOMAIN_INFO_INFO_ALL: {
 				NDR_CHECK(ndr_push_lsa_TrustDomainInfoInfoAll(ndr, NDR_SCALARS, &r->info_all));
-			break;
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
@@ -3231,6 +3377,9 @@ static enum ndr_err_code ndr_pull_lsa_RightSet(struct ndr_pull *ndr, int ndr_fla
 	if (ndr_flags & NDR_SCALARS) {
 		NDR_CHECK(ndr_pull_align(ndr, 4));
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count));
+		if (r->count < 0 || r->count > 256) {
+			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+		}
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_names));
 		if (_ptr_names) {
 			NDR_PULL_ALLOC(ndr, r->names);
@@ -3275,8 +3424,7 @@ _PUBLIC_ void ndr_print_lsa_RightSet(struct ndr_print *ndr, const char *name, co
 		ndr->depth++;
 		for (cntr_names_1=0;cntr_names_1<r->count;cntr_names_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_names_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_names_1) != -1) {
 				ndr_print_lsa_StringLarge(ndr, "names", &r->names[cntr_names_1]);
 				free(idx_1);
 			}
@@ -3287,57 +3435,6 @@ _PUBLIC_ void ndr_print_lsa_RightSet(struct ndr_print *ndr, const char *name, co
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_lsa_StringPointer(struct ndr_push *ndr, int ndr_flags, const struct lsa_StringPointer *r)
-{
-	if (ndr_flags & NDR_SCALARS) {
-		NDR_CHECK(ndr_push_align(ndr, 4));
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->string));
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-		if (r->string) {
-			NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->string));
-		}
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_lsa_StringPointer(struct ndr_pull *ndr, int ndr_flags, struct lsa_StringPointer *r)
-{
-	uint32_t _ptr_string;
-	TALLOC_CTX *_mem_save_string_0;
-	if (ndr_flags & NDR_SCALARS) {
-		NDR_CHECK(ndr_pull_align(ndr, 4));
-		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_string));
-		if (_ptr_string) {
-			NDR_PULL_ALLOC(ndr, r->string);
-		} else {
-			r->string = NULL;
-		}
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-		if (r->string) {
-			_mem_save_string_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->string, 0);
-			NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->string));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_string_0, 0);
-		}
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-_PUBLIC_ void ndr_print_lsa_StringPointer(struct ndr_print *ndr, const char *name, const struct lsa_StringPointer *r)
-{
-	ndr_print_struct(ndr, name, "lsa_StringPointer");
-	ndr->depth++;
-	ndr_print_ptr(ndr, "string", r->string);
-	ndr->depth++;
-	if (r->string) {
-		ndr_print_lsa_String(ndr, "string", r->string);
-	}
-	ndr->depth--;
-	ndr->depth--;
-}
-
 static enum ndr_err_code ndr_push_lsa_DomainListEx(struct ndr_push *ndr, int ndr_flags, const struct lsa_DomainListEx *r)
 {
 	uint32_t cntr_domains_1;
@@ -3413,8 +3510,7 @@ _PUBLIC_ void ndr_print_lsa_DomainListEx(struct ndr_print *ndr, const char *name
 		ndr->depth++;
 		for (cntr_domains_1=0;cntr_domains_1<r->count;cntr_domains_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_domains_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_domains_1) != -1) {
 				ndr_print_lsa_TrustDomainInfoInfoEx(ndr, "domains", &r->domains[cntr_domains_1]);
 				free(idx_1);
 			}
@@ -3536,13 +3632,13 @@ static enum ndr_err_code ndr_push_lsa_DomainInformationPolicy(struct ndr_push *n
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case LSA_DOMAIN_INFO_POLICY_EFS:
+			case LSA_DOMAIN_INFO_POLICY_EFS: {
 				NDR_CHECK(ndr_push_lsa_DomainInfoEfs(ndr, NDR_SCALARS, &r->efs_info));
-			break;
+			break; }
 
-			case LSA_DOMAIN_INFO_POLICY_KERBEROS:
+			case LSA_DOMAIN_INFO_POLICY_KERBEROS: {
 				NDR_CHECK(ndr_push_lsa_DomainInfoKerberos(ndr, NDR_SCALARS, &r->kerberos_info));
-			break;
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
@@ -3742,8 +3838,7 @@ _PUBLIC_ void ndr_print_lsa_TransNameArray2(struct ndr_print *ndr, const char *n
 		ndr->depth++;
 		for (cntr_names_1=0;cntr_names_1<r->count;cntr_names_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_names_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_names_1) != -1) {
 				ndr_print_lsa_TranslatedName2(ndr, "names", &r->names[cntr_names_1]);
 				free(idx_1);
 			}
@@ -3865,8 +3960,7 @@ _PUBLIC_ void ndr_print_lsa_TransSidArray2(struct ndr_print *ndr, const char *na
 		ndr->depth++;
 		for (cntr_sids_1=0;cntr_sids_1<r->count;cntr_sids_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_sids_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_sids_1) != -1) {
 				ndr_print_lsa_TranslatedSid2(ndr, "sids", &r->sids[cntr_sids_1]);
 				free(idx_1);
 			}
@@ -4015,8 +4109,7 @@ _PUBLIC_ void ndr_print_lsa_TransSidArray3(struct ndr_print *ndr, const char *na
 		ndr->depth++;
 		for (cntr_sids_1=0;cntr_sids_1<r->count;cntr_sids_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_sids_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_sids_1) != -1) {
 				ndr_print_lsa_TranslatedSid3(ndr, "sids", &r->sids[cntr_sids_1]);
 				free(idx_1);
 			}
@@ -4027,6 +4120,433 @@ _PUBLIC_ void ndr_print_lsa_TransSidArray3(struct ndr_print *ndr, const char *na
 	ndr->depth--;
 }
 
+static enum ndr_err_code ndr_push_lsa_ForestTrustBinaryData(struct ndr_push *ndr, int ndr_flags, const struct lsa_ForestTrustBinaryData *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->length));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->data));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->data) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->length));
+			NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->data, r->length));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_lsa_ForestTrustBinaryData(struct ndr_pull *ndr, int ndr_flags, struct lsa_ForestTrustBinaryData *r)
+{
+	uint32_t _ptr_data;
+	TALLOC_CTX *_mem_save_data_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->length));
+		if (r->length < 0 || r->length > 131072) {
+			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_data));
+		if (_ptr_data) {
+			NDR_PULL_ALLOC(ndr, r->data);
+		} else {
+			r->data = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->data) {
+			_mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->data, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->data));
+			NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data));
+			NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data)));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0);
+		}
+		if (r->data) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->data, r->length));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_lsa_ForestTrustBinaryData(struct ndr_print *ndr, const char *name, const struct lsa_ForestTrustBinaryData *r)
+{
+	ndr_print_struct(ndr, name, "lsa_ForestTrustBinaryData");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "length", r->length);
+	ndr_print_ptr(ndr, "data", r->data);
+	ndr->depth++;
+	if (r->data) {
+		ndr_print_array_uint8(ndr, "data", r->data, r->length);
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_lsa_ForestTrustDomainInfo(struct ndr_push *ndr, int ndr_flags, const struct lsa_ForestTrustDomainInfo *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->domain_sid));
+		NDR_CHECK(ndr_push_lsa_StringLarge(ndr, NDR_SCALARS, &r->dns_domain_name));
+		NDR_CHECK(ndr_push_lsa_StringLarge(ndr, NDR_SCALARS, &r->netbios_domain_name));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->domain_sid) {
+			NDR_CHECK(ndr_push_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->domain_sid));
+		}
+		NDR_CHECK(ndr_push_lsa_StringLarge(ndr, NDR_BUFFERS, &r->dns_domain_name));
+		NDR_CHECK(ndr_push_lsa_StringLarge(ndr, NDR_BUFFERS, &r->netbios_domain_name));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_lsa_ForestTrustDomainInfo(struct ndr_pull *ndr, int ndr_flags, struct lsa_ForestTrustDomainInfo *r)
+{
+	uint32_t _ptr_domain_sid;
+	TALLOC_CTX *_mem_save_domain_sid_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_sid));
+		if (_ptr_domain_sid) {
+			NDR_PULL_ALLOC(ndr, r->domain_sid);
+		} else {
+			r->domain_sid = NULL;
+		}
+		NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_SCALARS, &r->dns_domain_name));
+		NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_SCALARS, &r->netbios_domain_name));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->domain_sid) {
+			_mem_save_domain_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->domain_sid, 0);
+			NDR_CHECK(ndr_pull_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->domain_sid));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_sid_0, 0);
+		}
+		NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_BUFFERS, &r->dns_domain_name));
+		NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_BUFFERS, &r->netbios_domain_name));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_lsa_ForestTrustDomainInfo(struct ndr_print *ndr, const char *name, const struct lsa_ForestTrustDomainInfo *r)
+{
+	ndr_print_struct(ndr, name, "lsa_ForestTrustDomainInfo");
+	ndr->depth++;
+	ndr_print_ptr(ndr, "domain_sid", r->domain_sid);
+	ndr->depth++;
+	if (r->domain_sid) {
+		ndr_print_dom_sid2(ndr, "domain_sid", r->domain_sid);
+	}
+	ndr->depth--;
+	ndr_print_lsa_StringLarge(ndr, "dns_domain_name", &r->dns_domain_name);
+	ndr_print_lsa_StringLarge(ndr, "netbios_domain_name", &r->netbios_domain_name);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_lsa_ForestTrustData(struct ndr_push *ndr, int ndr_flags, const union lsa_ForestTrustData *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
+		switch (level) {
+			case LSA_FOREST_TRUST_TOP_LEVEL_NAME: {
+				NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->top_level_name));
+			break; }
+
+			case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX: {
+				NDR_CHECK(ndr_push_lsa_StringLarge(ndr, NDR_SCALARS, &r->top_level_name_ex));
+			break; }
+
+			case LSA_FOREST_TRUST_DOMAIN_INFO: {
+				NDR_CHECK(ndr_push_lsa_ForestTrustDomainInfo(ndr, NDR_SCALARS, &r->domain_info));
+			break; }
+
+			default: {
+				NDR_CHECK(ndr_push_lsa_ForestTrustBinaryData(ndr, NDR_SCALARS, &r->data));
+			break; }
+
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		switch (level) {
+			case LSA_FOREST_TRUST_TOP_LEVEL_NAME:
+				NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->top_level_name));
+			break;
+
+			case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX:
+				NDR_CHECK(ndr_push_lsa_StringLarge(ndr, NDR_BUFFERS, &r->top_level_name_ex));
+			break;
+
+			case LSA_FOREST_TRUST_DOMAIN_INFO:
+				NDR_CHECK(ndr_push_lsa_ForestTrustDomainInfo(ndr, NDR_BUFFERS, &r->domain_info));
+			break;
+
+			default:
+				NDR_CHECK(ndr_push_lsa_ForestTrustBinaryData(ndr, NDR_BUFFERS, &r->data));
+			break;
+
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_lsa_ForestTrustData(struct ndr_pull *ndr, int ndr_flags, union lsa_ForestTrustData *r)
+{
+	int level;
+	uint32_t _level;
+	level = ndr_pull_get_switch_value(ndr, r);
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level));
+		if (_level != level) {
+			return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u for r", _level);
+		}
+		switch (level) {
+			case LSA_FOREST_TRUST_TOP_LEVEL_NAME: {
+				NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->top_level_name));
+			break; }
+
+			case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX: {
+				NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_SCALARS, &r->top_level_name_ex));
+			break; }
+
+			case LSA_FOREST_TRUST_DOMAIN_INFO: {
+				NDR_CHECK(ndr_pull_lsa_ForestTrustDomainInfo(ndr, NDR_SCALARS, &r->domain_info));
+			break; }
+
+			default: {
+				NDR_CHECK(ndr_pull_lsa_ForestTrustBinaryData(ndr, NDR_SCALARS, &r->data));
+			break; }
+
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		switch (level) {
+			case LSA_FOREST_TRUST_TOP_LEVEL_NAME:
+				NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->top_level_name));
+			break;
+
+			case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX:
+				NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_BUFFERS, &r->top_level_name_ex));
+			break;
+
+			case LSA_FOREST_TRUST_DOMAIN_INFO:
+				NDR_CHECK(ndr_pull_lsa_ForestTrustDomainInfo(ndr, NDR_BUFFERS, &r->domain_info));
+			break;
+
+			default:
+				NDR_CHECK(ndr_pull_lsa_ForestTrustBinaryData(ndr, NDR_BUFFERS, &r->data));
+			break;
+
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_lsa_ForestTrustData(struct ndr_print *ndr, const char *name, const union lsa_ForestTrustData *r)
+{
+	int level;
+	level = ndr_print_get_switch_value(ndr, r);
+	ndr_print_union(ndr, name, level, "lsa_ForestTrustData");
+	switch (level) {
+		case LSA_FOREST_TRUST_TOP_LEVEL_NAME:
+			ndr_print_lsa_String(ndr, "top_level_name", &r->top_level_name);
+		break;
+
+		case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX:
+			ndr_print_lsa_StringLarge(ndr, "top_level_name_ex", &r->top_level_name_ex);
+		break;
+
+		case LSA_FOREST_TRUST_DOMAIN_INFO:
+			ndr_print_lsa_ForestTrustDomainInfo(ndr, "domain_info", &r->domain_info);
+		break;
+
+		default:
+			ndr_print_lsa_ForestTrustBinaryData(ndr, "data", &r->data);
+		break;
+
+	}
+}
+
+static enum ndr_err_code ndr_push_lsa_ForestTrustRecordType(struct ndr_push *ndr, int ndr_flags, enum lsa_ForestTrustRecordType r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_lsa_ForestTrustRecordType(struct ndr_pull *ndr, int ndr_flags, enum lsa_ForestTrustRecordType *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_lsa_ForestTrustRecordType(struct ndr_print *ndr, const char *name, enum lsa_ForestTrustRecordType r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case LSA_FOREST_TRUST_TOP_LEVEL_NAME: val = "LSA_FOREST_TRUST_TOP_LEVEL_NAME"; break;
+		case LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX: val = "LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX"; break;
+		case LSA_FOREST_TRUST_DOMAIN_INFO: val = "LSA_FOREST_TRUST_DOMAIN_INFO"; break;
+		case LSA_FOREST_TRUST_RECORD_TYPE_LAST: val = "LSA_FOREST_TRUST_RECORD_TYPE_LAST"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
+static enum ndr_err_code ndr_push_lsa_ForestTrustRecord(struct ndr_push *ndr, int ndr_flags, const struct lsa_ForestTrustRecord *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 8));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->flags));
+		NDR_CHECK(ndr_push_lsa_ForestTrustRecordType(ndr, NDR_SCALARS, r->level));
+		NDR_CHECK(ndr_push_hyper(ndr, NDR_SCALARS, r->unknown));
+		NDR_CHECK(ndr_push_set_switch_value(ndr, &r->forest_trust_data, r->level));
+		NDR_CHECK(ndr_push_lsa_ForestTrustData(ndr, NDR_SCALARS, &r->forest_trust_data));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_ForestTrustData(ndr, NDR_BUFFERS, &r->forest_trust_data));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_lsa_ForestTrustRecord(struct ndr_pull *ndr, int ndr_flags, struct lsa_ForestTrustRecord *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 8));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->flags));
+		NDR_CHECK(ndr_pull_lsa_ForestTrustRecordType(ndr, NDR_SCALARS, &r->level));
+		NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, &r->unknown));
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->forest_trust_data, r->level));
+		NDR_CHECK(ndr_pull_lsa_ForestTrustData(ndr, NDR_SCALARS, &r->forest_trust_data));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_ForestTrustData(ndr, NDR_BUFFERS, &r->forest_trust_data));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_lsa_ForestTrustRecord(struct ndr_print *ndr, const char *name, const struct lsa_ForestTrustRecord *r)
+{
+	ndr_print_struct(ndr, name, "lsa_ForestTrustRecord");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "flags", r->flags);
+	ndr_print_lsa_ForestTrustRecordType(ndr, "level", r->level);
+	ndr_print_hyper(ndr, "unknown", r->unknown);
+	ndr_print_set_switch_value(ndr, &r->forest_trust_data, r->level);
+	ndr_print_lsa_ForestTrustData(ndr, "forest_trust_data", &r->forest_trust_data);
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_ForestTrustInformation(struct ndr_push *ndr, int ndr_flags, const struct lsa_ForestTrustInformation *r)
+{
+	uint32_t cntr_entries_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->entries));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->entries) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_push_unique_ptr(ndr, r->entries[cntr_entries_1]));
+			}
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				if (r->entries[cntr_entries_1]) {
+					NDR_CHECK(ndr_push_lsa_ForestTrustRecord(ndr, NDR_SCALARS|NDR_BUFFERS, r->entries[cntr_entries_1]));
+				}
+			}
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_ForestTrustInformation(struct ndr_pull *ndr, int ndr_flags, struct lsa_ForestTrustInformation *r)
+{
+	uint32_t _ptr_entries;
+	uint32_t cntr_entries_1;
+	TALLOC_CTX *_mem_save_entries_0;
+	TALLOC_CTX *_mem_save_entries_1;
+	TALLOC_CTX *_mem_save_entries_2;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count));
+		if (r->count < 0 || r->count > 4000) {
+			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_entries));
+		if (_ptr_entries) {
+			NDR_PULL_ALLOC(ndr, r->entries);
+		} else {
+			r->entries = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->entries) {
+			_mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->entries));
+			NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries));
+			_mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0);
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_entries));
+				if (_ptr_entries) {
+					NDR_PULL_ALLOC(ndr, r->entries[cntr_entries_1]);
+				} else {
+					r->entries[cntr_entries_1] = NULL;
+				}
+			}
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				if (r->entries[cntr_entries_1]) {
+					_mem_save_entries_2 = NDR_PULL_GET_MEM_CTX(ndr);
+					NDR_PULL_SET_MEM_CTX(ndr, r->entries[cntr_entries_1], 0);
+					NDR_CHECK(ndr_pull_lsa_ForestTrustRecord(ndr, NDR_SCALARS|NDR_BUFFERS, r->entries[cntr_entries_1]));
+					NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_2, 0);
+				}
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0);
+		}
+		if (r->entries) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->entries, r->count));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_lsa_ForestTrustInformation(struct ndr_print *ndr, const char *name, const struct lsa_ForestTrustInformation *r)
+{
+	uint32_t cntr_entries_1;
+	ndr_print_struct(ndr, name, "lsa_ForestTrustInformation");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "count", r->count);
+	ndr_print_ptr(ndr, "entries", r->entries);
+	ndr->depth++;
+	if (r->entries) {
+		ndr->print(ndr, "%s: ARRAY(%d)", "entries", r->count);
+		ndr->depth++;
+		for (cntr_entries_1=0;cntr_entries_1<r->count;cntr_entries_1++) {
+			char *idx_1=NULL;
+			if (asprintf(&idx_1, "[%d]", cntr_entries_1) != -1) {
+				ndr_print_ptr(ndr, "entries", r->entries[cntr_entries_1]);
+				ndr->depth++;
+				if (r->entries[cntr_entries_1]) {
+					ndr_print_lsa_ForestTrustRecord(ndr, "entries", r->entries[cntr_entries_1]);
+				}
+				ndr->depth--;
+				free(idx_1);
+			}
+		}
+		ndr->depth--;
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
 static enum ndr_err_code ndr_push_lsa_Close(struct ndr_push *ndr, int flags, const struct lsa_Close *r)
 {
 	if (flags & NDR_IN) {
@@ -4103,7 +4623,7 @@ _PUBLIC_ void ndr_print_lsa_Close(struct ndr_print *ndr, const char *name, int f
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_lsa_Delete(struct ndr_push *ndr, int flags, const struct lsa_Delete *r)
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_Delete(struct ndr_push *ndr, int flags, const struct lsa_Delete *r)
 {
 	if (flags & NDR_IN) {
 		if (r->in.handle == NULL) {
@@ -4117,7 +4637,7 @@ static enum ndr_err_code ndr_push_lsa_Delete(struct ndr_push *ndr, int flags, co
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_lsa_Delete(struct ndr_pull *ndr, int flags, struct lsa_Delete *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_Delete(struct ndr_pull *ndr, int flags, struct lsa_Delete *r)
 {
 	TALLOC_CTX *_mem_save_handle_0;
 	if (flags & NDR_IN) {
@@ -4160,7 +4680,7 @@ _PUBLIC_ void ndr_print_lsa_Delete(struct ndr_print *ndr, const char *name, int
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_lsa_EnumPrivs(struct ndr_push *ndr, int flags, const struct lsa_EnumPrivs *r)
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_EnumPrivs(struct ndr_push *ndr, int flags, const struct lsa_EnumPrivs *r)
 {
 	if (flags & NDR_IN) {
 		if (r->in.handle == NULL) {
@@ -4187,7 +4707,7 @@ static enum ndr_err_code ndr_push_lsa_EnumPrivs(struct ndr_push *ndr, int flags,
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_lsa_EnumPrivs(struct ndr_pull *ndr, int flags, struct lsa_EnumPrivs *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_EnumPrivs(struct ndr_pull *ndr, int flags, struct lsa_EnumPrivs *r)
 {
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_resume_handle_0;
@@ -4283,9 +4803,12 @@ static enum ndr_err_code ndr_push_lsa_QuerySecurity(struct ndr_push *ndr, int fl
 		NDR_CHECK(ndr_push_security_secinfo(ndr, NDR_SCALARS, r->in.sec_info));
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.sdbuf));
-		if (r->out.sdbuf) {
-			NDR_CHECK(ndr_push_sec_desc_buf(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.sdbuf));
+		if (r->out.sdbuf == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.sdbuf));
+		if (*r->out.sdbuf) {
+			NDR_CHECK(ndr_push_sec_desc_buf(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.sdbuf));
 		}
 		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
 	}
@@ -4297,6 +4820,7 @@ static enum ndr_err_code ndr_pull_lsa_QuerySecurity(struct ndr_pull *ndr, int fl
 	uint32_t _ptr_sdbuf;
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_sdbuf_0;
+	TALLOC_CTX *_mem_save_sdbuf_1;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -4308,20 +4832,28 @@ static enum ndr_err_code ndr_pull_lsa_QuerySecurity(struct ndr_pull *ndr, int fl
 		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_security_secinfo(ndr, NDR_SCALARS, &r->in.sec_info));
+		NDR_PULL_ALLOC(ndr, r->out.sdbuf);
+		ZERO_STRUCTP(r->out.sdbuf);
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.sdbuf);
+		}
+		_mem_save_sdbuf_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.sdbuf, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sdbuf));
 		if (_ptr_sdbuf) {
-			NDR_PULL_ALLOC(ndr, r->out.sdbuf);
+			NDR_PULL_ALLOC(ndr, *r->out.sdbuf);
 		} else {
-			r->out.sdbuf = NULL;
+			*r->out.sdbuf = NULL;
 		}
-		if (r->out.sdbuf) {
-			_mem_save_sdbuf_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.sdbuf, 0);
-			NDR_CHECK(ndr_pull_sec_desc_buf(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.sdbuf));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sdbuf_0, 0);
+		if (*r->out.sdbuf) {
+			_mem_save_sdbuf_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.sdbuf, 0);
+			NDR_CHECK(ndr_pull_sec_desc_buf(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.sdbuf));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sdbuf_1, 0);
 		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sdbuf_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -4349,10 +4881,13 @@ _PUBLIC_ void ndr_print_lsa_QuerySecurity(struct ndr_print *ndr, const char *nam
 		ndr->depth++;
 		ndr_print_ptr(ndr, "sdbuf", r->out.sdbuf);
 		ndr->depth++;
-		if (r->out.sdbuf) {
-			ndr_print_sec_desc_buf(ndr, "sdbuf", r->out.sdbuf);
+		ndr_print_ptr(ndr, "sdbuf", *r->out.sdbuf);
+		ndr->depth++;
+		if (*r->out.sdbuf) {
+			ndr_print_sec_desc_buf(ndr, "sdbuf", *r->out.sdbuf);
 		}
 		ndr->depth--;
+		ndr->depth--;
 		ndr_print_NTSTATUS(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -4362,6 +4897,15 @@ _PUBLIC_ void ndr_print_lsa_QuerySecurity(struct ndr_print *ndr, const char *nam
 static enum ndr_err_code ndr_push_lsa_SetSecObj(struct ndr_push *ndr, int flags, const struct lsa_SetSecObj *r)
 {
 	if (flags & NDR_IN) {
+		if (r->in.handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
+		NDR_CHECK(ndr_push_security_secinfo(ndr, NDR_SCALARS, r->in.sec_info));
+		if (r->in.sdbuf == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_sec_desc_buf(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sdbuf));
 	}
 	if (flags & NDR_OUT) {
 		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
@@ -4371,7 +4915,24 @@ static enum ndr_err_code ndr_push_lsa_SetSecObj(struct ndr_push *ndr, int flags,
 
 static enum ndr_err_code ndr_pull_lsa_SetSecObj(struct ndr_pull *ndr, int flags, struct lsa_SetSecObj *r)
 {
+	TALLOC_CTX *_mem_save_handle_0;
+	TALLOC_CTX *_mem_save_sdbuf_0;
 	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.handle);
+		}
+		_mem_save_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_security_secinfo(ndr, NDR_SCALARS, &r->in.sec_info));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.sdbuf);
+		}
+		_mem_save_sdbuf_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.sdbuf, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_sec_desc_buf(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sdbuf));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sdbuf_0, LIBNDR_FLAG_REF_ALLOC);
 	}
 	if (flags & NDR_OUT) {
 		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
@@ -4389,6 +4950,15 @@ _PUBLIC_ void ndr_print_lsa_SetSecObj(struct ndr_print *ndr, const char *name, i
 	if (flags & NDR_IN) {
 		ndr_print_struct(ndr, "in", "lsa_SetSecObj");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "handle", r->in.handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "handle", r->in.handle);
+		ndr->depth--;
+		ndr_print_security_secinfo(ndr, "sec_info", r->in.sec_info);
+		ndr_print_ptr(ndr, "sdbuf", r->in.sdbuf);
+		ndr->depth++;
+		ndr_print_sec_desc_buf(ndr, "sdbuf", r->in.sdbuf);
+		ndr->depth--;
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
@@ -4441,7 +5011,7 @@ _PUBLIC_ void ndr_print_lsa_ChangePassword(struct ndr_print *ndr, const char *na
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_lsa_OpenPolicy(struct ndr_push *ndr, int flags, const struct lsa_OpenPolicy *r)
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_OpenPolicy(struct ndr_push *ndr, int flags, const struct lsa_OpenPolicy *r)
 {
 	if (flags & NDR_IN) {
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.system_name));
@@ -4452,7 +5022,7 @@ static enum ndr_err_code ndr_push_lsa_OpenPolicy(struct ndr_push *ndr, int flags
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
 		NDR_CHECK(ndr_push_lsa_ObjectAttribute(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.attr));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.access_mask));
+		NDR_CHECK(ndr_push_lsa_PolicyAccessMask(ndr, NDR_SCALARS, r->in.access_mask));
 	}
 	if (flags & NDR_OUT) {
 		if (r->out.handle == NULL) {
@@ -4464,7 +5034,7 @@ static enum ndr_err_code ndr_push_lsa_OpenPolicy(struct ndr_push *ndr, int flags
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_lsa_OpenPolicy(struct ndr_pull *ndr, int flags, struct lsa_OpenPolicy *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_OpenPolicy(struct ndr_pull *ndr, int flags, struct lsa_OpenPolicy *r)
 {
 	uint32_t _ptr_system_name;
 	TALLOC_CTX *_mem_save_system_name_0;
@@ -4492,7 +5062,7 @@ static enum ndr_err_code ndr_pull_lsa_OpenPolicy(struct ndr_pull *ndr, int flags
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.attr, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_lsa_ObjectAttribute(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.attr));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attr_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.access_mask));
+		NDR_CHECK(ndr_pull_lsa_PolicyAccessMask(ndr, NDR_SCALARS, &r->in.access_mask));
 		NDR_PULL_ALLOC(ndr, r->out.handle);
 		ZERO_STRUCTP(r->out.handle);
 	}
@@ -4529,7 +5099,7 @@ _PUBLIC_ void ndr_print_lsa_OpenPolicy(struct ndr_print *ndr, const char *name,
 		ndr->depth++;
 		ndr_print_lsa_ObjectAttribute(ndr, "attr", r->in.attr);
 		ndr->depth--;
-		ndr_print_uint32(ndr, "access_mask", r->in.access_mask);
+		ndr_print_lsa_PolicyAccessMask(ndr, "access_mask", r->in.access_mask);
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
@@ -4555,10 +5125,13 @@ static enum ndr_err_code ndr_push_lsa_QueryInfoPolicy(struct ndr_push *ndr, int
 		NDR_CHECK(ndr_push_lsa_PolicyInfo(ndr, NDR_SCALARS, r->in.level));
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.info));
-		if (r->out.info) {
-			NDR_CHECK(ndr_push_set_switch_value(ndr, r->out.info, r->in.level));
-			NDR_CHECK(ndr_push_lsa_PolicyInformation(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
+		if (r->out.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.info));
+		if (*r->out.info) {
+			NDR_CHECK(ndr_push_set_switch_value(ndr, *r->out.info, r->in.level));
+			NDR_CHECK(ndr_push_lsa_PolicyInformation(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.info));
 		}
 		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
 	}
@@ -4570,6 +5143,7 @@ static enum ndr_err_code ndr_pull_lsa_QueryInfoPolicy(struct ndr_pull *ndr, int
 	uint32_t _ptr_info;
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_info_0;
+	TALLOC_CTX *_mem_save_info_1;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -4581,21 +5155,29 @@ static enum ndr_err_code ndr_pull_lsa_QueryInfoPolicy(struct ndr_pull *ndr, int
 		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_lsa_PolicyInfo(ndr, NDR_SCALARS, &r->in.level));
+		NDR_PULL_ALLOC(ndr, r->out.info);
+		ZERO_STRUCTP(r->out.info);
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.info, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info));
 		if (_ptr_info) {
-			NDR_PULL_ALLOC(ndr, r->out.info);
+			NDR_PULL_ALLOC(ndr, *r->out.info);
 		} else {
-			r->out.info = NULL;
+			*r->out.info = NULL;
 		}
-		if (r->out.info) {
-			_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0);
-			NDR_CHECK(ndr_pull_set_switch_value(ndr, r->out.info, r->in.level));
-			NDR_CHECK(ndr_pull_lsa_PolicyInformation(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0);
+		if (*r->out.info) {
+			_mem_save_info_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.info, 0);
+			NDR_CHECK(ndr_pull_set_switch_value(ndr, *r->out.info, r->in.level));
+			NDR_CHECK(ndr_pull_lsa_PolicyInformation(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.info));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_1, 0);
 		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -4623,11 +5205,14 @@ _PUBLIC_ void ndr_print_lsa_QueryInfoPolicy(struct ndr_print *ndr, const char *n
 		ndr->depth++;
 		ndr_print_ptr(ndr, "info", r->out.info);
 		ndr->depth++;
-		if (r->out.info) {
-			ndr_print_set_switch_value(ndr, r->out.info, r->in.level);
-			ndr_print_lsa_PolicyInformation(ndr, "info", r->out.info);
+		ndr_print_ptr(ndr, "info", *r->out.info);
+		ndr->depth++;
+		if (*r->out.info) {
+			ndr_print_set_switch_value(ndr, *r->out.info, r->in.level);
+			ndr_print_lsa_PolicyInformation(ndr, "info", *r->out.info);
 		}
 		ndr->depth--;
+		ndr->depth--;
 		ndr_print_NTSTATUS(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -4754,7 +5339,7 @@ _PUBLIC_ void ndr_print_lsa_ClearAuditLog(struct ndr_print *ndr, const char *nam
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_lsa_CreateAccount(struct ndr_push *ndr, int flags, const struct lsa_CreateAccount *r)
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_CreateAccount(struct ndr_push *ndr, int flags, const struct lsa_CreateAccount *r)
 {
 	if (flags & NDR_IN) {
 		if (r->in.handle == NULL) {
@@ -4777,7 +5362,7 @@ static enum ndr_err_code ndr_push_lsa_CreateAccount(struct ndr_push *ndr, int fl
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_lsa_CreateAccount(struct ndr_pull *ndr, int flags, struct lsa_CreateAccount *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_CreateAccount(struct ndr_pull *ndr, int flags, struct lsa_CreateAccount *r)
 {
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_sid_0;
@@ -4850,7 +5435,7 @@ _PUBLIC_ void ndr_print_lsa_CreateAccount(struct ndr_print *ndr, const char *nam
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_lsa_EnumAccounts(struct ndr_push *ndr, int flags, const struct lsa_EnumAccounts *r)
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_EnumAccounts(struct ndr_push *ndr, int flags, const struct lsa_EnumAccounts *r)
 {
 	if (flags & NDR_IN) {
 		if (r->in.handle == NULL) {
@@ -4877,7 +5462,7 @@ static enum ndr_err_code ndr_push_lsa_EnumAccounts(struct ndr_push *ndr, int fla
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_lsa_EnumAccounts(struct ndr_pull *ndr, int flags, struct lsa_EnumAccounts *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_EnumAccounts(struct ndr_pull *ndr, int flags, struct lsa_EnumAccounts *r)
 {
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_resume_handle_0;
@@ -4966,7 +5551,7 @@ _PUBLIC_ void ndr_print_lsa_EnumAccounts(struct ndr_print *ndr, const char *name
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_lsa_CreateTrustedDomain(struct ndr_push *ndr, int flags, const struct lsa_CreateTrustedDomain *r)
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_CreateTrustedDomain(struct ndr_push *ndr, int flags, const struct lsa_CreateTrustedDomain *r)
 {
 	if (flags & NDR_IN) {
 		if (r->in.handle == NULL) {
@@ -4989,7 +5574,7 @@ static enum ndr_err_code ndr_push_lsa_CreateTrustedDomain(struct ndr_push *ndr,
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_lsa_CreateTrustedDomain(struct ndr_pull *ndr, int flags, struct lsa_CreateTrustedDomain *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_CreateTrustedDomain(struct ndr_pull *ndr, int flags, struct lsa_CreateTrustedDomain *r)
 {
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_info_0;
@@ -5112,9 +5697,6 @@ static enum ndr_err_code ndr_pull_lsa_EnumTrustDom(struct ndr_pull *ndr, int fla
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.resume_handle));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.max_size));
-		if (r->in.max_size < 0 || r->in.max_size > 1000) {
-			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
-		}
 		NDR_PULL_ALLOC(ndr, r->out.resume_handle);
 		*r->out.resume_handle = *r->in.resume_handle;
 		NDR_PULL_ALLOC(ndr, r->out.domains);
@@ -5178,7 +5760,7 @@ _PUBLIC_ void ndr_print_lsa_EnumTrustDom(struct ndr_print *ndr, const char *name
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_lsa_LookupNames(struct ndr_push *ndr, int flags, const struct lsa_LookupNames *r)
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_LookupNames(struct ndr_push *ndr, int flags, const struct lsa_LookupNames *r)
 {
 	uint32_t cntr_names_0;
 	if (flags & NDR_IN) {
@@ -5198,16 +5780,19 @@ static enum ndr_err_code ndr_push_lsa_LookupNames(struct ndr_push *ndr, int flag
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
 		NDR_CHECK(ndr_push_lsa_TransSidArray(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sids));
-		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.level));
+		NDR_CHECK(ndr_push_lsa_LookupNamesLevel(ndr, NDR_SCALARS, r->in.level));
 		if (r->in.count == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.count));
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.domains));
-		if (r->out.domains) {
-			NDR_CHECK(ndr_push_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.domains));
+		if (r->out.domains == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.domains));
+		if (*r->out.domains) {
+			NDR_CHECK(ndr_push_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.domains));
 		}
 		if (r->out.sids == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
@@ -5222,13 +5807,14 @@ static enum ndr_err_code ndr_push_lsa_LookupNames(struct ndr_push *ndr, int flag
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_lsa_LookupNames(struct ndr_pull *ndr, int flags, struct lsa_LookupNames *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames(struct ndr_pull *ndr, int flags, struct lsa_LookupNames *r)
 {
 	uint32_t cntr_names_0;
 	uint32_t _ptr_domains;
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_names_0;
 	TALLOC_CTX *_mem_save_domains_0;
+	TALLOC_CTX *_mem_save_domains_1;
 	TALLOC_CTX *_mem_save_sids_0;
 	TALLOC_CTX *_mem_save_count_0;
 	if (flags & NDR_IN) {
@@ -5263,7 +5849,7 @@ static enum ndr_err_code ndr_pull_lsa_LookupNames(struct ndr_pull *ndr, int flag
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.sids, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_lsa_TransSidArray(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sids));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.level));
+		NDR_CHECK(ndr_pull_lsa_LookupNamesLevel(ndr, NDR_SCALARS, &r->in.level));
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->in.count);
 		}
@@ -5271,6 +5857,8 @@ static enum ndr_err_code ndr_pull_lsa_LookupNames(struct ndr_pull *ndr, int flag
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.count, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.count));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_count_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.domains);
+		ZERO_STRUCTP(r->out.domains);
 		NDR_PULL_ALLOC(ndr, r->out.sids);
 		*r->out.sids = *r->in.sids;
 		NDR_PULL_ALLOC(ndr, r->out.count);
@@ -5280,18 +5868,24 @@ static enum ndr_err_code ndr_pull_lsa_LookupNames(struct ndr_pull *ndr, int flag
 		}
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.domains);
+		}
+		_mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.domains, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domains));
 		if (_ptr_domains) {
-			NDR_PULL_ALLOC(ndr, r->out.domains);
+			NDR_PULL_ALLOC(ndr, *r->out.domains);
 		} else {
-			r->out.domains = NULL;
+			*r->out.domains = NULL;
 		}
-		if (r->out.domains) {
-			_mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.domains, 0);
-			NDR_CHECK(ndr_pull_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.domains));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_0, 0);
+		if (*r->out.domains) {
+			_mem_save_domains_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.domains, 0);
+			NDR_CHECK(ndr_pull_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.domains));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_1, 0);
 		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_0, LIBNDR_FLAG_REF_ALLOC);
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->out.sids);
 		}
@@ -5331,8 +5925,7 @@ _PUBLIC_ void ndr_print_lsa_LookupNames(struct ndr_print *ndr, const char *name,
 		ndr->depth++;
 		for (cntr_names_0=0;cntr_names_0<r->in.num_names;cntr_names_0++) {
 			char *idx_0=NULL;
-			asprintf(&idx_0, "[%d]", cntr_names_0);
-			if (idx_0) {
+			if (asprintf(&idx_0, "[%d]", cntr_names_0) != -1) {
 				ndr_print_lsa_String(ndr, "names", &r->in.names[cntr_names_0]);
 				free(idx_0);
 			}
@@ -5342,7 +5935,7 @@ _PUBLIC_ void ndr_print_lsa_LookupNames(struct ndr_print *ndr, const char *name,
 		ndr->depth++;
 		ndr_print_lsa_TransSidArray(ndr, "sids", r->in.sids);
 		ndr->depth--;
-		ndr_print_uint16(ndr, "level", r->in.level);
+		ndr_print_lsa_LookupNamesLevel(ndr, "level", r->in.level);
 		ndr_print_ptr(ndr, "count", r->in.count);
 		ndr->depth++;
 		ndr_print_uint32(ndr, "count", *r->in.count);
@@ -5354,10 +5947,13 @@ _PUBLIC_ void ndr_print_lsa_LookupNames(struct ndr_print *ndr, const char *name,
 		ndr->depth++;
 		ndr_print_ptr(ndr, "domains", r->out.domains);
 		ndr->depth++;
-		if (r->out.domains) {
-			ndr_print_lsa_RefDomainList(ndr, "domains", r->out.domains);
+		ndr_print_ptr(ndr, "domains", *r->out.domains);
+		ndr->depth++;
+		if (*r->out.domains) {
+			ndr_print_lsa_RefDomainList(ndr, "domains", *r->out.domains);
 		}
 		ndr->depth--;
+		ndr->depth--;
 		ndr_print_ptr(ndr, "sids", r->out.sids);
 		ndr->depth++;
 		ndr_print_lsa_TransSidArray(ndr, "sids", r->out.sids);
@@ -5372,7 +5968,7 @@ _PUBLIC_ void ndr_print_lsa_LookupNames(struct ndr_print *ndr, const char *name,
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_lsa_LookupSids(struct ndr_push *ndr, int flags, const struct lsa_LookupSids *r)
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_LookupSids(struct ndr_push *ndr, int flags, const struct lsa_LookupSids *r)
 {
 	if (flags & NDR_IN) {
 		if (r->in.handle == NULL) {
@@ -5394,9 +5990,12 @@ static enum ndr_err_code ndr_push_lsa_LookupSids(struct ndr_push *ndr, int flags
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.count));
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.domains));
-		if (r->out.domains) {
-			NDR_CHECK(ndr_push_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.domains));
+		if (r->out.domains == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.domains));
+		if (*r->out.domains) {
+			NDR_CHECK(ndr_push_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.domains));
 		}
 		if (r->out.names == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
@@ -5411,12 +6010,13 @@ static enum ndr_err_code ndr_push_lsa_LookupSids(struct ndr_push *ndr, int flags
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_lsa_LookupSids(struct ndr_pull *ndr, int flags, struct lsa_LookupSids *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupSids(struct ndr_pull *ndr, int flags, struct lsa_LookupSids *r)
 {
 	uint32_t _ptr_domains;
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_sids_0;
 	TALLOC_CTX *_mem_save_domains_0;
+	TALLOC_CTX *_mem_save_domains_1;
 	TALLOC_CTX *_mem_save_names_0;
 	TALLOC_CTX *_mem_save_count_0;
 	if (flags & NDR_IN) {
@@ -5451,24 +6051,32 @@ static enum ndr_err_code ndr_pull_lsa_LookupSids(struct ndr_pull *ndr, int flags
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.count, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.count));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_count_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.domains);
+		ZERO_STRUCTP(r->out.domains);
 		NDR_PULL_ALLOC(ndr, r->out.names);
 		*r->out.names = *r->in.names;
 		NDR_PULL_ALLOC(ndr, r->out.count);
 		*r->out.count = *r->in.count;
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.domains);
+		}
+		_mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.domains, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domains));
 		if (_ptr_domains) {
-			NDR_PULL_ALLOC(ndr, r->out.domains);
+			NDR_PULL_ALLOC(ndr, *r->out.domains);
 		} else {
-			r->out.domains = NULL;
+			*r->out.domains = NULL;
 		}
-		if (r->out.domains) {
-			_mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.domains, 0);
-			NDR_CHECK(ndr_pull_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.domains));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_0, 0);
+		if (*r->out.domains) {
+			_mem_save_domains_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.domains, 0);
+			NDR_CHECK(ndr_pull_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.domains));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_1, 0);
 		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_0, LIBNDR_FLAG_REF_ALLOC);
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->out.names);
 		}
@@ -5522,10 +6130,13 @@ _PUBLIC_ void ndr_print_lsa_LookupSids(struct ndr_print *ndr, const char *name,
 		ndr->depth++;
 		ndr_print_ptr(ndr, "domains", r->out.domains);
 		ndr->depth++;
-		if (r->out.domains) {
-			ndr_print_lsa_RefDomainList(ndr, "domains", r->out.domains);
+		ndr_print_ptr(ndr, "domains", *r->out.domains);
+		ndr->depth++;
+		if (*r->out.domains) {
+			ndr_print_lsa_RefDomainList(ndr, "domains", *r->out.domains);
 		}
 		ndr->depth--;
+		ndr->depth--;
 		ndr_print_ptr(ndr, "names", r->out.names);
 		ndr->depth++;
 		ndr_print_lsa_TransNameArray(ndr, "names", r->out.names);
@@ -5540,7 +6151,7 @@ _PUBLIC_ void ndr_print_lsa_LookupSids(struct ndr_print *ndr, const char *name,
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_lsa_CreateSecret(struct ndr_push *ndr, int flags, const struct lsa_CreateSecret *r)
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_CreateSecret(struct ndr_push *ndr, int flags, const struct lsa_CreateSecret *r)
 {
 	if (flags & NDR_IN) {
 		if (r->in.handle == NULL) {
@@ -5560,7 +6171,7 @@ static enum ndr_err_code ndr_push_lsa_CreateSecret(struct ndr_push *ndr, int fla
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_lsa_CreateSecret(struct ndr_pull *ndr, int flags, struct lsa_CreateSecret *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_CreateSecret(struct ndr_pull *ndr, int flags, struct lsa_CreateSecret *r)
 {
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_sec_handle_0;
@@ -5728,9 +6339,12 @@ static enum ndr_err_code ndr_push_lsa_EnumPrivsAccount(struct ndr_push *ndr, int
 		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.privs));
-		if (r->out.privs) {
-			NDR_CHECK(ndr_push_lsa_PrivilegeSet(ndr, NDR_SCALARS, r->out.privs));
+		if (r->out.privs == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.privs));
+		if (*r->out.privs) {
+			NDR_CHECK(ndr_push_lsa_PrivilegeSet(ndr, NDR_SCALARS, *r->out.privs));
 		}
 		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
 	}
@@ -5742,6 +6356,7 @@ static enum ndr_err_code ndr_pull_lsa_EnumPrivsAccount(struct ndr_pull *ndr, int
 	uint32_t _ptr_privs;
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_privs_0;
+	TALLOC_CTX *_mem_save_privs_1;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -5752,20 +6367,28 @@ static enum ndr_err_code ndr_pull_lsa_EnumPrivsAccount(struct ndr_pull *ndr, int
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.privs);
+		ZERO_STRUCTP(r->out.privs);
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.privs);
+		}
+		_mem_save_privs_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.privs, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_privs));
 		if (_ptr_privs) {
-			NDR_PULL_ALLOC(ndr, r->out.privs);
+			NDR_PULL_ALLOC(ndr, *r->out.privs);
 		} else {
-			r->out.privs = NULL;
+			*r->out.privs = NULL;
 		}
-		if (r->out.privs) {
-			_mem_save_privs_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.privs, 0);
-			NDR_CHECK(ndr_pull_lsa_PrivilegeSet(ndr, NDR_SCALARS, r->out.privs));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_privs_0, 0);
+		if (*r->out.privs) {
+			_mem_save_privs_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.privs, 0);
+			NDR_CHECK(ndr_pull_lsa_PrivilegeSet(ndr, NDR_SCALARS, *r->out.privs));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_privs_1, 0);
 		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_privs_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -5792,10 +6415,13 @@ _PUBLIC_ void ndr_print_lsa_EnumPrivsAccount(struct ndr_print *ndr, const char *
 		ndr->depth++;
 		ndr_print_ptr(ndr, "privs", r->out.privs);
 		ndr->depth++;
-		if (r->out.privs) {
-			ndr_print_lsa_PrivilegeSet(ndr, "privs", r->out.privs);
+		ndr_print_ptr(ndr, "privs", *r->out.privs);
+		ndr->depth++;
+		if (*r->out.privs) {
+			ndr_print_lsa_PrivilegeSet(ndr, "privs", *r->out.privs);
 		}
 		ndr->depth--;
+		ndr->depth--;
 		ndr_print_NTSTATUS(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -6044,8 +6670,16 @@ _PUBLIC_ void ndr_print_lsa_SetQuotasForAccount(struct ndr_print *ndr, const cha
 static enum ndr_err_code ndr_push_lsa_GetSystemAccessAccount(struct ndr_push *ndr, int flags, const struct lsa_GetSystemAccessAccount *r)
 {
 	if (flags & NDR_IN) {
+		if (r->in.handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
 	}
 	if (flags & NDR_OUT) {
+		if (r->out.access_mask == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.access_mask));
 		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -6053,9 +6687,29 @@ static enum ndr_err_code ndr_push_lsa_GetSystemAccessAccount(struct ndr_push *nd
 
 static enum ndr_err_code ndr_pull_lsa_GetSystemAccessAccount(struct ndr_pull *ndr, int flags, struct lsa_GetSystemAccessAccount *r)
 {
+	TALLOC_CTX *_mem_save_handle_0;
+	TALLOC_CTX *_mem_save_access_mask_0;
 	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.handle);
+		}
+		_mem_save_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.access_mask);
+		ZERO_STRUCTP(r->out.access_mask);
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.access_mask);
+		}
+		_mem_save_access_mask_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.access_mask, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.access_mask));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_access_mask_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -6071,11 +6725,19 @@ _PUBLIC_ void ndr_print_lsa_GetSystemAccessAccount(struct ndr_print *ndr, const
 	if (flags & NDR_IN) {
 		ndr_print_struct(ndr, "in", "lsa_GetSystemAccessAccount");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "handle", r->in.handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "handle", r->in.handle);
+		ndr->depth--;
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
 		ndr_print_struct(ndr, "out", "lsa_GetSystemAccessAccount");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "access_mask", r->out.access_mask);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "access_mask", *r->out.access_mask);
+		ndr->depth--;
 		ndr_print_NTSTATUS(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -6085,6 +6747,11 @@ _PUBLIC_ void ndr_print_lsa_GetSystemAccessAccount(struct ndr_print *ndr, const
 static enum ndr_err_code ndr_push_lsa_SetSystemAccessAccount(struct ndr_push *ndr, int flags, const struct lsa_SetSystemAccessAccount *r)
 {
 	if (flags & NDR_IN) {
+		if (r->in.handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.access_mask));
 	}
 	if (flags & NDR_OUT) {
 		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
@@ -6094,7 +6761,16 @@ static enum ndr_err_code ndr_push_lsa_SetSystemAccessAccount(struct ndr_push *nd
 
 static enum ndr_err_code ndr_pull_lsa_SetSystemAccessAccount(struct ndr_pull *ndr, int flags, struct lsa_SetSystemAccessAccount *r)
 {
+	TALLOC_CTX *_mem_save_handle_0;
 	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.handle);
+		}
+		_mem_save_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.access_mask));
 	}
 	if (flags & NDR_OUT) {
 		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
@@ -6112,6 +6788,11 @@ _PUBLIC_ void ndr_print_lsa_SetSystemAccessAccount(struct ndr_print *ndr, const
 	if (flags & NDR_IN) {
 		ndr_print_struct(ndr, "in", "lsa_SetSystemAccessAccount");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "handle", r->in.handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "handle", r->in.handle);
+		ndr->depth--;
+		ndr_print_uint32(ndr, "access_mask", r->in.access_mask);
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
@@ -6349,7 +7030,7 @@ _PUBLIC_ void ndr_print_lsa_SetInformationTrustedDomain(struct ndr_print *ndr, c
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_lsa_OpenSecret(struct ndr_push *ndr, int flags, const struct lsa_OpenSecret *r)
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_OpenSecret(struct ndr_push *ndr, int flags, const struct lsa_OpenSecret *r)
 {
 	if (flags & NDR_IN) {
 		if (r->in.handle == NULL) {
@@ -6369,7 +7050,7 @@ static enum ndr_err_code ndr_push_lsa_OpenSecret(struct ndr_push *ndr, int flags
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_lsa_OpenSecret(struct ndr_pull *ndr, int flags, struct lsa_OpenSecret *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_OpenSecret(struct ndr_pull *ndr, int flags, struct lsa_OpenSecret *r)
 {
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_sec_handle_0;
@@ -6432,7 +7113,7 @@ _PUBLIC_ void ndr_print_lsa_OpenSecret(struct ndr_print *ndr, const char *name,
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_lsa_SetSecret(struct ndr_push *ndr, int flags, const struct lsa_SetSecret *r)
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_SetSecret(struct ndr_push *ndr, int flags, const struct lsa_SetSecret *r)
 {
 	if (flags & NDR_IN) {
 		if (r->in.sec_handle == NULL) {
@@ -6454,7 +7135,7 @@ static enum ndr_err_code ndr_push_lsa_SetSecret(struct ndr_push *ndr, int flags,
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_lsa_SetSecret(struct ndr_pull *ndr, int flags, struct lsa_SetSecret *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_SetSecret(struct ndr_pull *ndr, int flags, struct lsa_SetSecret *r)
 {
 	uint32_t _ptr_new_val;
 	uint32_t _ptr_old_val;
@@ -6537,7 +7218,7 @@ _PUBLIC_ void ndr_print_lsa_SetSecret(struct ndr_print *ndr, const char *name, i
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_lsa_QuerySecret(struct ndr_push *ndr, int flags, const struct lsa_QuerySecret *r)
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_QuerySecret(struct ndr_push *ndr, int flags, const struct lsa_QuerySecret *r)
 {
 	if (flags & NDR_IN) {
 		if (r->in.sec_handle == NULL) {
@@ -6583,7 +7264,7 @@ static enum ndr_err_code ndr_push_lsa_QuerySecret(struct ndr_push *ndr, int flag
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_lsa_QuerySecret(struct ndr_pull *ndr, int flags, struct lsa_QuerySecret *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_QuerySecret(struct ndr_pull *ndr, int flags, struct lsa_QuerySecret *r)
 {
 	uint32_t _ptr_new_val;
 	uint32_t _ptr_new_mtime;
@@ -6983,21 +7664,21 @@ static enum ndr_err_code ndr_push_lsa_LookupPrivDisplayName(struct ndr_push *ndr
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
 		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.name));
-		if (r->in.language_id == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
-		}
-		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, *r->in.language_id));
-		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.unknown));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.language_id));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.language_id_sys));
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.disp_name));
-		if (r->out.disp_name) {
-			NDR_CHECK(ndr_push_lsa_StringLarge(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.disp_name));
+		if (r->out.disp_name == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.disp_name));
+		if (*r->out.disp_name) {
+			NDR_CHECK(ndr_push_lsa_StringLarge(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.disp_name));
 		}
-		if (r->out.language_id == NULL) {
+		if (r->out.returned_language_id == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, *r->out.language_id));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, *r->out.returned_language_id));
 		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -7009,7 +7690,8 @@ static enum ndr_err_code ndr_pull_lsa_LookupPrivDisplayName(struct ndr_pull *ndr
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_name_0;
 	TALLOC_CTX *_mem_save_disp_name_0;
-	TALLOC_CTX *_mem_save_language_id_0;
+	TALLOC_CTX *_mem_save_disp_name_1;
+	TALLOC_CTX *_mem_save_returned_language_id_0;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -7027,37 +7709,39 @@ static enum ndr_err_code ndr_pull_lsa_LookupPrivDisplayName(struct ndr_pull *ndr
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.name, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.name));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, LIBNDR_FLAG_REF_ALLOC);
-		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
-			NDR_PULL_ALLOC(ndr, r->in.language_id);
-		}
-		_mem_save_language_id_0 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, r->in.language_id, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, r->in.language_id));
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_language_id_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.unknown));
-		NDR_PULL_ALLOC(ndr, r->out.language_id);
-		*r->out.language_id = *r->in.language_id;
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.language_id));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.language_id_sys));
+		NDR_PULL_ALLOC(ndr, r->out.disp_name);
+		ZERO_STRUCTP(r->out.disp_name);
+		NDR_PULL_ALLOC(ndr, r->out.returned_language_id);
+		ZERO_STRUCTP(r->out.returned_language_id);
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.disp_name);
+		}
+		_mem_save_disp_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.disp_name, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_disp_name));
 		if (_ptr_disp_name) {
-			NDR_PULL_ALLOC(ndr, r->out.disp_name);
+			NDR_PULL_ALLOC(ndr, *r->out.disp_name);
 		} else {
-			r->out.disp_name = NULL;
+			*r->out.disp_name = NULL;
 		}
-		if (r->out.disp_name) {
-			_mem_save_disp_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.disp_name, 0);
-			NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.disp_name));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_disp_name_0, 0);
+		if (*r->out.disp_name) {
+			_mem_save_disp_name_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.disp_name, 0);
+			NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.disp_name));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_disp_name_1, 0);
 		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_disp_name_0, LIBNDR_FLAG_REF_ALLOC);
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
-			NDR_PULL_ALLOC(ndr, r->out.language_id);
+			NDR_PULL_ALLOC(ndr, r->out.returned_language_id);
 		}
-		_mem_save_language_id_0 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, r->out.language_id, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, r->out.language_id));
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_language_id_0, LIBNDR_FLAG_REF_ALLOC);
+		_mem_save_returned_language_id_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.returned_language_id, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, r->out.returned_language_id));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_returned_language_id_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -7081,11 +7765,8 @@ _PUBLIC_ void ndr_print_lsa_LookupPrivDisplayName(struct ndr_print *ndr, const c
 		ndr->depth++;
 		ndr_print_lsa_String(ndr, "name", r->in.name);
 		ndr->depth--;
-		ndr_print_ptr(ndr, "language_id", r->in.language_id);
-		ndr->depth++;
-		ndr_print_uint16(ndr, "language_id", *r->in.language_id);
-		ndr->depth--;
-		ndr_print_uint16(ndr, "unknown", r->in.unknown);
+		ndr_print_uint16(ndr, "language_id", r->in.language_id);
+		ndr_print_uint16(ndr, "language_id_sys", r->in.language_id_sys);
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
@@ -7093,13 +7774,16 @@ _PUBLIC_ void ndr_print_lsa_LookupPrivDisplayName(struct ndr_print *ndr, const c
 		ndr->depth++;
 		ndr_print_ptr(ndr, "disp_name", r->out.disp_name);
 		ndr->depth++;
-		if (r->out.disp_name) {
-			ndr_print_lsa_StringLarge(ndr, "disp_name", r->out.disp_name);
+		ndr_print_ptr(ndr, "disp_name", *r->out.disp_name);
+		ndr->depth++;
+		if (*r->out.disp_name) {
+			ndr_print_lsa_StringLarge(ndr, "disp_name", *r->out.disp_name);
 		}
 		ndr->depth--;
-		ndr_print_ptr(ndr, "language_id", r->out.language_id);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "returned_language_id", r->out.returned_language_id);
 		ndr->depth++;
-		ndr_print_uint16(ndr, "language_id", *r->out.language_id);
+		ndr_print_uint16(ndr, "returned_language_id", *r->out.returned_language_id);
 		ndr->depth--;
 		ndr_print_NTSTATUS(ndr, "result", r->out.result);
 		ndr->depth--;
@@ -7110,8 +7794,16 @@ _PUBLIC_ void ndr_print_lsa_LookupPrivDisplayName(struct ndr_print *ndr, const c
 static enum ndr_err_code ndr_push_lsa_DeleteObject(struct ndr_push *ndr, int flags, const struct lsa_DeleteObject *r)
 {
 	if (flags & NDR_IN) {
+		if (r->in.handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
 	}
 	if (flags & NDR_OUT) {
+		if (r->out.handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.handle));
 		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -7119,9 +7811,28 @@ static enum ndr_err_code ndr_push_lsa_DeleteObject(struct ndr_push *ndr, int fla
 
 static enum ndr_err_code ndr_pull_lsa_DeleteObject(struct ndr_pull *ndr, int flags, struct lsa_DeleteObject *r)
 {
+	TALLOC_CTX *_mem_save_handle_0;
 	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.handle);
+		}
+		_mem_save_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.handle);
+		*r->out.handle = *r->in.handle;
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.handle);
+		}
+		_mem_save_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -7137,11 +7848,19 @@ _PUBLIC_ void ndr_print_lsa_DeleteObject(struct ndr_print *ndr, const char *name
 	if (flags & NDR_IN) {
 		ndr_print_struct(ndr, "in", "lsa_DeleteObject");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "handle", r->in.handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "handle", r->in.handle);
+		ndr->depth--;
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
 		ndr_print_struct(ndr, "out", "lsa_DeleteObject");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "handle", r->out.handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "handle", r->out.handle);
+		ndr->depth--;
 		ndr_print_NTSTATUS(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -7442,7 +8161,7 @@ static enum ndr_err_code ndr_push_lsa_RemoveAccountRights(struct ndr_push *ndr,
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
 		NDR_CHECK(ndr_push_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sid));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown));
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->in.remove_all));
 		if (r->in.rights == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
@@ -7474,7 +8193,7 @@ static enum ndr_err_code ndr_pull_lsa_RemoveAccountRights(struct ndr_pull *ndr,
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.sid, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sid));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sid_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown));
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->in.remove_all));
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->in.rights);
 		}
@@ -7507,7 +8226,7 @@ _PUBLIC_ void ndr_print_lsa_RemoveAccountRights(struct ndr_print *ndr, const cha
 		ndr->depth++;
 		ndr_print_dom_sid2(ndr, "sid", r->in.sid);
 		ndr->depth--;
-		ndr_print_uint32(ndr, "unknown", r->in.unknown);
+		ndr_print_uint8(ndr, "remove_all", r->in.remove_all);
 		ndr_print_ptr(ndr, "rights", r->in.rights);
 		ndr->depth++;
 		ndr_print_lsa_RightSet(ndr, "rights", r->in.rights);
@@ -7824,7 +8543,7 @@ _PUBLIC_ void ndr_print_lsa_RetrievePrivateData(struct ndr_print *ndr, const cha
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_lsa_OpenPolicy2(struct ndr_push *ndr, int flags, const struct lsa_OpenPolicy2 *r)
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_OpenPolicy2(struct ndr_push *ndr, int flags, const struct lsa_OpenPolicy2 *r)
 {
 	if (flags & NDR_IN) {
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.system_name));
@@ -7838,7 +8557,7 @@ static enum ndr_err_code ndr_push_lsa_OpenPolicy2(struct ndr_push *ndr, int flag
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
 		NDR_CHECK(ndr_push_lsa_ObjectAttribute(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.attr));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.access_mask));
+		NDR_CHECK(ndr_push_lsa_PolicyAccessMask(ndr, NDR_SCALARS, r->in.access_mask));
 	}
 	if (flags & NDR_OUT) {
 		if (r->out.handle == NULL) {
@@ -7850,7 +8569,7 @@ static enum ndr_err_code ndr_push_lsa_OpenPolicy2(struct ndr_push *ndr, int flag
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_lsa_OpenPolicy2(struct ndr_pull *ndr, int flags, struct lsa_OpenPolicy2 *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_OpenPolicy2(struct ndr_pull *ndr, int flags, struct lsa_OpenPolicy2 *r)
 {
 	uint32_t _ptr_system_name;
 	TALLOC_CTX *_mem_save_system_name_0;
@@ -7884,7 +8603,7 @@ static enum ndr_err_code ndr_pull_lsa_OpenPolicy2(struct ndr_pull *ndr, int flag
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.attr, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_lsa_ObjectAttribute(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.attr));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_attr_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.access_mask));
+		NDR_CHECK(ndr_pull_lsa_PolicyAccessMask(ndr, NDR_SCALARS, &r->in.access_mask));
 		NDR_PULL_ALLOC(ndr, r->out.handle);
 		ZERO_STRUCTP(r->out.handle);
 	}
@@ -7921,7 +8640,7 @@ _PUBLIC_ void ndr_print_lsa_OpenPolicy2(struct ndr_print *ndr, const char *name,
 		ndr->depth++;
 		ndr_print_lsa_ObjectAttribute(ndr, "attr", r->in.attr);
 		ndr->depth--;
-		ndr_print_uint32(ndr, "access_mask", r->in.access_mask);
+		ndr_print_lsa_PolicyAccessMask(ndr, "access_mask", r->in.access_mask);
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
@@ -7947,23 +8666,35 @@ static enum ndr_err_code ndr_push_lsa_GetUserName(struct ndr_push *ndr, int flag
 			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.system_name, CH_UTF16)));
 			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.system_name, ndr_charset_length(r->in.system_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		}
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.account_name));
-		if (r->in.account_name) {
-			NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.account_name));
+		if (r->in.account_name == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->in.account_name));
+		if (*r->in.account_name) {
+			NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, *r->in.account_name));
 		}
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.authority_name));
 		if (r->in.authority_name) {
-			NDR_CHECK(ndr_push_lsa_StringPointer(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.authority_name));
+			NDR_CHECK(ndr_push_unique_ptr(ndr, *r->in.authority_name));
+			if (*r->in.authority_name) {
+				NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, *r->in.authority_name));
+			}
 		}
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.account_name));
-		if (r->out.account_name) {
-			NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.account_name));
+		if (r->out.account_name == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.account_name));
+		if (*r->out.account_name) {
+			NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.account_name));
 		}
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.authority_name));
 		if (r->out.authority_name) {
-			NDR_CHECK(ndr_push_lsa_StringPointer(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.authority_name));
+			NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.authority_name));
+			if (*r->out.authority_name) {
+				NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.authority_name));
+			}
 		}
 		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
 	}
@@ -7977,7 +8708,9 @@ static enum ndr_err_code ndr_pull_lsa_GetUserName(struct ndr_pull *ndr, int flag
 	uint32_t _ptr_authority_name;
 	TALLOC_CTX *_mem_save_system_name_0;
 	TALLOC_CTX *_mem_save_account_name_0;
+	TALLOC_CTX *_mem_save_account_name_1;
 	TALLOC_CTX *_mem_save_authority_name_0;
+	TALLOC_CTX *_mem_save_authority_name_1;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -7999,18 +8732,24 @@ static enum ndr_err_code ndr_pull_lsa_GetUserName(struct ndr_pull *ndr, int flag
 			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16));
 			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0);
 		}
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.account_name);
+		}
+		_mem_save_account_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.account_name, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_account_name));
 		if (_ptr_account_name) {
-			NDR_PULL_ALLOC(ndr, r->in.account_name);
+			NDR_PULL_ALLOC(ndr, *r->in.account_name);
 		} else {
-			r->in.account_name = NULL;
+			*r->in.account_name = NULL;
 		}
-		if (r->in.account_name) {
-			_mem_save_account_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->in.account_name, 0);
-			NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.account_name));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_name_0, 0);
+		if (*r->in.account_name) {
+			_mem_save_account_name_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->in.account_name, 0);
+			NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, *r->in.account_name));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_name_1, 0);
 		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_name_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_authority_name));
 		if (_ptr_authority_name) {
 			NDR_PULL_ALLOC(ndr, r->in.authority_name);
@@ -8020,23 +8759,42 @@ static enum ndr_err_code ndr_pull_lsa_GetUserName(struct ndr_pull *ndr, int flag
 		if (r->in.authority_name) {
 			_mem_save_authority_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
 			NDR_PULL_SET_MEM_CTX(ndr, r->in.authority_name, 0);
-			NDR_CHECK(ndr_pull_lsa_StringPointer(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.authority_name));
+			NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_authority_name));
+			if (_ptr_authority_name) {
+				NDR_PULL_ALLOC(ndr, *r->in.authority_name);
+			} else {
+				*r->in.authority_name = NULL;
+			}
+			if (*r->in.authority_name) {
+				_mem_save_authority_name_1 = NDR_PULL_GET_MEM_CTX(ndr);
+				NDR_PULL_SET_MEM_CTX(ndr, *r->in.authority_name, 0);
+				NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, *r->in.authority_name));
+				NDR_PULL_SET_MEM_CTX(ndr, _mem_save_authority_name_1, 0);
+			}
 			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_authority_name_0, 0);
 		}
+		NDR_PULL_ALLOC(ndr, r->out.account_name);
+		*r->out.account_name = *r->in.account_name;
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.account_name);
+		}
+		_mem_save_account_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.account_name, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_account_name));
 		if (_ptr_account_name) {
-			NDR_PULL_ALLOC(ndr, r->out.account_name);
+			NDR_PULL_ALLOC(ndr, *r->out.account_name);
 		} else {
-			r->out.account_name = NULL;
+			*r->out.account_name = NULL;
 		}
-		if (r->out.account_name) {
-			_mem_save_account_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.account_name, 0);
-			NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.account_name));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_name_0, 0);
+		if (*r->out.account_name) {
+			_mem_save_account_name_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.account_name, 0);
+			NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.account_name));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_name_1, 0);
 		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_name_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_authority_name));
 		if (_ptr_authority_name) {
 			NDR_PULL_ALLOC(ndr, r->out.authority_name);
@@ -8046,7 +8804,18 @@ static enum ndr_err_code ndr_pull_lsa_GetUserName(struct ndr_pull *ndr, int flag
 		if (r->out.authority_name) {
 			_mem_save_authority_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
 			NDR_PULL_SET_MEM_CTX(ndr, r->out.authority_name, 0);
-			NDR_CHECK(ndr_pull_lsa_StringPointer(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.authority_name));
+			NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_authority_name));
+			if (_ptr_authority_name) {
+				NDR_PULL_ALLOC(ndr, *r->out.authority_name);
+			} else {
+				*r->out.authority_name = NULL;
+			}
+			if (*r->out.authority_name) {
+				_mem_save_authority_name_1 = NDR_PULL_GET_MEM_CTX(ndr);
+				NDR_PULL_SET_MEM_CTX(ndr, *r->out.authority_name, 0);
+				NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.authority_name));
+				NDR_PULL_SET_MEM_CTX(ndr, _mem_save_authority_name_1, 0);
+			}
 			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_authority_name_0, 0);
 		}
 		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
@@ -8072,14 +8841,22 @@ _PUBLIC_ void ndr_print_lsa_GetUserName(struct ndr_print *ndr, const char *name,
 		ndr->depth--;
 		ndr_print_ptr(ndr, "account_name", r->in.account_name);
 		ndr->depth++;
-		if (r->in.account_name) {
-			ndr_print_lsa_String(ndr, "account_name", r->in.account_name);
+		ndr_print_ptr(ndr, "account_name", *r->in.account_name);
+		ndr->depth++;
+		if (*r->in.account_name) {
+			ndr_print_lsa_String(ndr, "account_name", *r->in.account_name);
 		}
 		ndr->depth--;
+		ndr->depth--;
 		ndr_print_ptr(ndr, "authority_name", r->in.authority_name);
 		ndr->depth++;
 		if (r->in.authority_name) {
-			ndr_print_lsa_StringPointer(ndr, "authority_name", r->in.authority_name);
+			ndr_print_ptr(ndr, "authority_name", *r->in.authority_name);
+			ndr->depth++;
+			if (*r->in.authority_name) {
+				ndr_print_lsa_String(ndr, "authority_name", *r->in.authority_name);
+			}
+			ndr->depth--;
 		}
 		ndr->depth--;
 		ndr->depth--;
@@ -8089,14 +8866,22 @@ _PUBLIC_ void ndr_print_lsa_GetUserName(struct ndr_print *ndr, const char *name,
 		ndr->depth++;
 		ndr_print_ptr(ndr, "account_name", r->out.account_name);
 		ndr->depth++;
-		if (r->out.account_name) {
-			ndr_print_lsa_String(ndr, "account_name", r->out.account_name);
+		ndr_print_ptr(ndr, "account_name", *r->out.account_name);
+		ndr->depth++;
+		if (*r->out.account_name) {
+			ndr_print_lsa_String(ndr, "account_name", *r->out.account_name);
 		}
 		ndr->depth--;
+		ndr->depth--;
 		ndr_print_ptr(ndr, "authority_name", r->out.authority_name);
 		ndr->depth++;
 		if (r->out.authority_name) {
-			ndr_print_lsa_StringPointer(ndr, "authority_name", r->out.authority_name);
+			ndr_print_ptr(ndr, "authority_name", *r->out.authority_name);
+			ndr->depth++;
+			if (*r->out.authority_name) {
+				ndr_print_lsa_String(ndr, "authority_name", *r->out.authority_name);
+			}
+			ndr->depth--;
 		}
 		ndr->depth--;
 		ndr_print_NTSTATUS(ndr, "result", r->out.result);
@@ -8115,10 +8900,13 @@ static enum ndr_err_code ndr_push_lsa_QueryInfoPolicy2(struct ndr_push *ndr, int
 		NDR_CHECK(ndr_push_lsa_PolicyInfo(ndr, NDR_SCALARS, r->in.level));
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.info));
-		if (r->out.info) {
-			NDR_CHECK(ndr_push_set_switch_value(ndr, r->out.info, r->in.level));
-			NDR_CHECK(ndr_push_lsa_PolicyInformation(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
+		if (r->out.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.info));
+		if (*r->out.info) {
+			NDR_CHECK(ndr_push_set_switch_value(ndr, *r->out.info, r->in.level));
+			NDR_CHECK(ndr_push_lsa_PolicyInformation(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.info));
 		}
 		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
 	}
@@ -8130,6 +8918,7 @@ static enum ndr_err_code ndr_pull_lsa_QueryInfoPolicy2(struct ndr_pull *ndr, int
 	uint32_t _ptr_info;
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_info_0;
+	TALLOC_CTX *_mem_save_info_1;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -8141,21 +8930,29 @@ static enum ndr_err_code ndr_pull_lsa_QueryInfoPolicy2(struct ndr_pull *ndr, int
 		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_lsa_PolicyInfo(ndr, NDR_SCALARS, &r->in.level));
+		NDR_PULL_ALLOC(ndr, r->out.info);
+		ZERO_STRUCTP(r->out.info);
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.info, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info));
 		if (_ptr_info) {
-			NDR_PULL_ALLOC(ndr, r->out.info);
+			NDR_PULL_ALLOC(ndr, *r->out.info);
 		} else {
-			r->out.info = NULL;
+			*r->out.info = NULL;
 		}
-		if (r->out.info) {
-			_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0);
-			NDR_CHECK(ndr_pull_set_switch_value(ndr, r->out.info, r->in.level));
-			NDR_CHECK(ndr_pull_lsa_PolicyInformation(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0);
+		if (*r->out.info) {
+			_mem_save_info_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.info, 0);
+			NDR_CHECK(ndr_pull_set_switch_value(ndr, *r->out.info, r->in.level));
+			NDR_CHECK(ndr_pull_lsa_PolicyInformation(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.info));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_1, 0);
 		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -8183,11 +8980,14 @@ _PUBLIC_ void ndr_print_lsa_QueryInfoPolicy2(struct ndr_print *ndr, const char *
 		ndr->depth++;
 		ndr_print_ptr(ndr, "info", r->out.info);
 		ndr->depth++;
-		if (r->out.info) {
-			ndr_print_set_switch_value(ndr, r->out.info, r->in.level);
-			ndr_print_lsa_PolicyInformation(ndr, "info", r->out.info);
+		ndr_print_ptr(ndr, "info", *r->out.info);
+		ndr->depth++;
+		if (*r->out.info) {
+			ndr_print_set_switch_value(ndr, *r->out.info, r->in.level);
+			ndr_print_lsa_PolicyInformation(ndr, "info", *r->out.info);
 		}
 		ndr->depth--;
+		ndr->depth--;
 		ndr_print_NTSTATUS(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -8280,15 +9080,18 @@ static enum ndr_err_code ndr_push_lsa_QueryTrustedDomainInfoByName(struct ndr_pu
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
 		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
-		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.trusted_domain));
+		if (r->in.trusted_domain == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.trusted_domain));
 		NDR_CHECK(ndr_push_lsa_TrustDomInfoEnum(ndr, NDR_SCALARS, r->in.level));
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.info));
-		if (r->out.info) {
-			NDR_CHECK(ndr_push_set_switch_value(ndr, r->out.info, r->in.level));
-			NDR_CHECK(ndr_push_lsa_TrustedDomainInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
+		if (r->out.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
+		NDR_CHECK(ndr_push_set_switch_value(ndr, r->out.info, r->in.level));
+		NDR_CHECK(ndr_push_lsa_TrustedDomainInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
 		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -8296,8 +9099,8 @@ static enum ndr_err_code ndr_push_lsa_QueryTrustedDomainInfoByName(struct ndr_pu
 
 static enum ndr_err_code ndr_pull_lsa_QueryTrustedDomainInfoByName(struct ndr_pull *ndr, int flags, struct lsa_QueryTrustedDomainInfoByName *r)
 {
-	uint32_t _ptr_info;
 	TALLOC_CTX *_mem_save_handle_0;
+	TALLOC_CTX *_mem_save_trusted_domain_0;
 	TALLOC_CTX *_mem_save_info_0;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
@@ -8309,23 +9112,26 @@ static enum ndr_err_code ndr_pull_lsa_QueryTrustedDomainInfoByName(struct ndr_pu
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.trusted_domain));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.trusted_domain);
+		}
+		_mem_save_trusted_domain_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.trusted_domain, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.trusted_domain));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusted_domain_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_lsa_TrustDomInfoEnum(ndr, NDR_SCALARS, &r->in.level));
+		NDR_PULL_ALLOC(ndr, r->out.info);
+		ZERO_STRUCTP(r->out.info);
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info));
-		if (_ptr_info) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->out.info);
-		} else {
-			r->out.info = NULL;
-		}
-		if (r->out.info) {
-			_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0);
-			NDR_CHECK(ndr_pull_set_switch_value(ndr, r->out.info, r->in.level));
-			NDR_CHECK(ndr_pull_lsa_TrustedDomainInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0);
 		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, r->out.info, r->in.level));
+		NDR_CHECK(ndr_pull_lsa_TrustedDomainInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -8345,7 +9151,10 @@ _PUBLIC_ void ndr_print_lsa_QueryTrustedDomainInfoByName(struct ndr_print *ndr,
 		ndr->depth++;
 		ndr_print_policy_handle(ndr, "handle", r->in.handle);
 		ndr->depth--;
-		ndr_print_lsa_String(ndr, "trusted_domain", &r->in.trusted_domain);
+		ndr_print_ptr(ndr, "trusted_domain", r->in.trusted_domain);
+		ndr->depth++;
+		ndr_print_lsa_String(ndr, "trusted_domain", r->in.trusted_domain);
+		ndr->depth--;
 		ndr_print_lsa_TrustDomInfoEnum(ndr, "level", r->in.level);
 		ndr->depth--;
 	}
@@ -8354,10 +9163,8 @@ _PUBLIC_ void ndr_print_lsa_QueryTrustedDomainInfoByName(struct ndr_print *ndr,
 		ndr->depth++;
 		ndr_print_ptr(ndr, "info", r->out.info);
 		ndr->depth++;
-		if (r->out.info) {
-			ndr_print_set_switch_value(ndr, r->out.info, r->in.level);
-			ndr_print_lsa_TrustedDomainInfo(ndr, "info", r->out.info);
-		}
+		ndr_print_set_switch_value(ndr, r->out.info, r->in.level);
+		ndr_print_lsa_TrustedDomainInfo(ndr, "info", r->out.info);
 		ndr->depth--;
 		ndr_print_NTSTATUS(ndr, "result", r->out.result);
 		ndr->depth--;
@@ -8985,7 +9792,7 @@ _PUBLIC_ void ndr_print_lsa_TestCall(struct ndr_print *ndr, const char *name, in
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_lsa_LookupSids2(struct ndr_push *ndr, int flags, const struct lsa_LookupSids2 *r)
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_LookupSids2(struct ndr_push *ndr, int flags, const struct lsa_LookupSids2 *r)
 {
 	if (flags & NDR_IN) {
 		if (r->in.handle == NULL) {
@@ -9009,9 +9816,12 @@ static enum ndr_err_code ndr_push_lsa_LookupSids2(struct ndr_push *ndr, int flag
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown2));
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.domains));
-		if (r->out.domains) {
-			NDR_CHECK(ndr_push_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.domains));
+		if (r->out.domains == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.domains));
+		if (*r->out.domains) {
+			NDR_CHECK(ndr_push_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.domains));
 		}
 		if (r->out.names == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
@@ -9026,12 +9836,13 @@ static enum ndr_err_code ndr_push_lsa_LookupSids2(struct ndr_push *ndr, int flag
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_lsa_LookupSids2(struct ndr_pull *ndr, int flags, struct lsa_LookupSids2 *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupSids2(struct ndr_pull *ndr, int flags, struct lsa_LookupSids2 *r)
 {
 	uint32_t _ptr_domains;
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_sids_0;
 	TALLOC_CTX *_mem_save_domains_0;
+	TALLOC_CTX *_mem_save_domains_1;
 	TALLOC_CTX *_mem_save_names_0;
 	TALLOC_CTX *_mem_save_count_0;
 	if (flags & NDR_IN) {
@@ -9068,24 +9879,32 @@ static enum ndr_err_code ndr_pull_lsa_LookupSids2(struct ndr_pull *ndr, int flag
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_count_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown1));
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown2));
+		NDR_PULL_ALLOC(ndr, r->out.domains);
+		ZERO_STRUCTP(r->out.domains);
 		NDR_PULL_ALLOC(ndr, r->out.names);
 		*r->out.names = *r->in.names;
 		NDR_PULL_ALLOC(ndr, r->out.count);
 		*r->out.count = *r->in.count;
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.domains);
+		}
+		_mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.domains, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domains));
 		if (_ptr_domains) {
-			NDR_PULL_ALLOC(ndr, r->out.domains);
+			NDR_PULL_ALLOC(ndr, *r->out.domains);
 		} else {
-			r->out.domains = NULL;
+			*r->out.domains = NULL;
 		}
-		if (r->out.domains) {
-			_mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.domains, 0);
-			NDR_CHECK(ndr_pull_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.domains));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_0, 0);
+		if (*r->out.domains) {
+			_mem_save_domains_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.domains, 0);
+			NDR_CHECK(ndr_pull_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.domains));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_1, 0);
 		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_0, LIBNDR_FLAG_REF_ALLOC);
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->out.names);
 		}
@@ -9141,10 +9960,13 @@ _PUBLIC_ void ndr_print_lsa_LookupSids2(struct ndr_print *ndr, const char *name,
 		ndr->depth++;
 		ndr_print_ptr(ndr, "domains", r->out.domains);
 		ndr->depth++;
-		if (r->out.domains) {
-			ndr_print_lsa_RefDomainList(ndr, "domains", r->out.domains);
+		ndr_print_ptr(ndr, "domains", *r->out.domains);
+		ndr->depth++;
+		if (*r->out.domains) {
+			ndr_print_lsa_RefDomainList(ndr, "domains", *r->out.domains);
 		}
 		ndr->depth--;
+		ndr->depth--;
 		ndr_print_ptr(ndr, "names", r->out.names);
 		ndr->depth++;
 		ndr_print_lsa_TransNameArray2(ndr, "names", r->out.names);
@@ -9159,7 +9981,7 @@ _PUBLIC_ void ndr_print_lsa_LookupSids2(struct ndr_print *ndr, const char *name,
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_lsa_LookupNames2(struct ndr_push *ndr, int flags, const struct lsa_LookupNames2 *r)
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_LookupNames2(struct ndr_push *ndr, int flags, const struct lsa_LookupNames2 *r)
 {
 	uint32_t cntr_names_0;
 	if (flags & NDR_IN) {
@@ -9179,7 +10001,7 @@ static enum ndr_err_code ndr_push_lsa_LookupNames2(struct ndr_push *ndr, int fla
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
 		NDR_CHECK(ndr_push_lsa_TransSidArray2(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sids));
-		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.level));
+		NDR_CHECK(ndr_push_lsa_LookupNamesLevel(ndr, NDR_SCALARS, r->in.level));
 		if (r->in.count == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
@@ -9188,9 +10010,12 @@ static enum ndr_err_code ndr_push_lsa_LookupNames2(struct ndr_push *ndr, int fla
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown2));
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.domains));
-		if (r->out.domains) {
-			NDR_CHECK(ndr_push_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.domains));
+		if (r->out.domains == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.domains));
+		if (*r->out.domains) {
+			NDR_CHECK(ndr_push_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.domains));
 		}
 		if (r->out.sids == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
@@ -9205,13 +10030,14 @@ static enum ndr_err_code ndr_push_lsa_LookupNames2(struct ndr_push *ndr, int fla
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_lsa_LookupNames2(struct ndr_pull *ndr, int flags, struct lsa_LookupNames2 *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames2(struct ndr_pull *ndr, int flags, struct lsa_LookupNames2 *r)
 {
 	uint32_t cntr_names_0;
 	uint32_t _ptr_domains;
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_names_0;
 	TALLOC_CTX *_mem_save_domains_0;
+	TALLOC_CTX *_mem_save_domains_1;
 	TALLOC_CTX *_mem_save_sids_0;
 	TALLOC_CTX *_mem_save_count_0;
 	if (flags & NDR_IN) {
@@ -9246,7 +10072,7 @@ static enum ndr_err_code ndr_pull_lsa_LookupNames2(struct ndr_pull *ndr, int fla
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.sids, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_lsa_TransSidArray2(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sids));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.level));
+		NDR_CHECK(ndr_pull_lsa_LookupNamesLevel(ndr, NDR_SCALARS, &r->in.level));
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->in.count);
 		}
@@ -9256,6 +10082,8 @@ static enum ndr_err_code ndr_pull_lsa_LookupNames2(struct ndr_pull *ndr, int fla
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_count_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown1));
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown2));
+		NDR_PULL_ALLOC(ndr, r->out.domains);
+		ZERO_STRUCTP(r->out.domains);
 		NDR_PULL_ALLOC(ndr, r->out.sids);
 		*r->out.sids = *r->in.sids;
 		NDR_PULL_ALLOC(ndr, r->out.count);
@@ -9265,18 +10093,24 @@ static enum ndr_err_code ndr_pull_lsa_LookupNames2(struct ndr_pull *ndr, int fla
 		}
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.domains);
+		}
+		_mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.domains, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domains));
 		if (_ptr_domains) {
-			NDR_PULL_ALLOC(ndr, r->out.domains);
+			NDR_PULL_ALLOC(ndr, *r->out.domains);
 		} else {
-			r->out.domains = NULL;
+			*r->out.domains = NULL;
 		}
-		if (r->out.domains) {
-			_mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.domains, 0);
-			NDR_CHECK(ndr_pull_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.domains));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_0, 0);
+		if (*r->out.domains) {
+			_mem_save_domains_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.domains, 0);
+			NDR_CHECK(ndr_pull_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.domains));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_1, 0);
 		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_0, LIBNDR_FLAG_REF_ALLOC);
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->out.sids);
 		}
@@ -9316,8 +10150,7 @@ _PUBLIC_ void ndr_print_lsa_LookupNames2(struct ndr_print *ndr, const char *name
 		ndr->depth++;
 		for (cntr_names_0=0;cntr_names_0<r->in.num_names;cntr_names_0++) {
 			char *idx_0=NULL;
-			asprintf(&idx_0, "[%d]", cntr_names_0);
-			if (idx_0) {
+			if (asprintf(&idx_0, "[%d]", cntr_names_0) != -1) {
 				ndr_print_lsa_String(ndr, "names", &r->in.names[cntr_names_0]);
 				free(idx_0);
 			}
@@ -9327,7 +10160,7 @@ _PUBLIC_ void ndr_print_lsa_LookupNames2(struct ndr_print *ndr, const char *name
 		ndr->depth++;
 		ndr_print_lsa_TransSidArray2(ndr, "sids", r->in.sids);
 		ndr->depth--;
-		ndr_print_uint16(ndr, "level", r->in.level);
+		ndr_print_lsa_LookupNamesLevel(ndr, "level", r->in.level);
 		ndr_print_ptr(ndr, "count", r->in.count);
 		ndr->depth++;
 		ndr_print_uint32(ndr, "count", *r->in.count);
@@ -9341,10 +10174,13 @@ _PUBLIC_ void ndr_print_lsa_LookupNames2(struct ndr_print *ndr, const char *name
 		ndr->depth++;
 		ndr_print_ptr(ndr, "domains", r->out.domains);
 		ndr->depth++;
-		if (r->out.domains) {
-			ndr_print_lsa_RefDomainList(ndr, "domains", r->out.domains);
+		ndr_print_ptr(ndr, "domains", *r->out.domains);
+		ndr->depth++;
+		if (*r->out.domains) {
+			ndr_print_lsa_RefDomainList(ndr, "domains", *r->out.domains);
 		}
 		ndr->depth--;
+		ndr->depth--;
 		ndr_print_ptr(ndr, "sids", r->out.sids);
 		ndr->depth++;
 		ndr_print_lsa_TransSidArray2(ndr, "sids", r->out.sids);
@@ -9728,7 +10564,7 @@ _PUBLIC_ void ndr_print_lsa_CREDRPROFILELOADED(struct ndr_print *ndr, const char
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_lsa_LookupNames3(struct ndr_push *ndr, int flags, const struct lsa_LookupNames3 *r)
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_LookupNames3(struct ndr_push *ndr, int flags, const struct lsa_LookupNames3 *r)
 {
 	uint32_t cntr_names_0;
 	if (flags & NDR_IN) {
@@ -9748,7 +10584,7 @@ static enum ndr_err_code ndr_push_lsa_LookupNames3(struct ndr_push *ndr, int fla
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
 		NDR_CHECK(ndr_push_lsa_TransSidArray3(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sids));
-		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.level));
+		NDR_CHECK(ndr_push_lsa_LookupNamesLevel(ndr, NDR_SCALARS, r->in.level));
 		if (r->in.count == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
@@ -9757,9 +10593,12 @@ static enum ndr_err_code ndr_push_lsa_LookupNames3(struct ndr_push *ndr, int fla
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown2));
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.domains));
-		if (r->out.domains) {
-			NDR_CHECK(ndr_push_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.domains));
+		if (r->out.domains == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.domains));
+		if (*r->out.domains) {
+			NDR_CHECK(ndr_push_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.domains));
 		}
 		if (r->out.sids == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
@@ -9774,13 +10613,14 @@ static enum ndr_err_code ndr_push_lsa_LookupNames3(struct ndr_push *ndr, int fla
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_lsa_LookupNames3(struct ndr_pull *ndr, int flags, struct lsa_LookupNames3 *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupNames3(struct ndr_pull *ndr, int flags, struct lsa_LookupNames3 *r)
 {
 	uint32_t cntr_names_0;
 	uint32_t _ptr_domains;
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_names_0;
 	TALLOC_CTX *_mem_save_domains_0;
+	TALLOC_CTX *_mem_save_domains_1;
 	TALLOC_CTX *_mem_save_sids_0;
 	TALLOC_CTX *_mem_save_count_0;
 	if (flags & NDR_IN) {
@@ -9815,7 +10655,7 @@ static enum ndr_err_code ndr_pull_lsa_LookupNames3(struct ndr_pull *ndr, int fla
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.sids, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_lsa_TransSidArray3(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sids));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.level));
+		NDR_CHECK(ndr_pull_lsa_LookupNamesLevel(ndr, NDR_SCALARS, &r->in.level));
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->in.count);
 		}
@@ -9825,6 +10665,8 @@ static enum ndr_err_code ndr_pull_lsa_LookupNames3(struct ndr_pull *ndr, int fla
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_count_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown1));
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown2));
+		NDR_PULL_ALLOC(ndr, r->out.domains);
+		ZERO_STRUCTP(r->out.domains);
 		NDR_PULL_ALLOC(ndr, r->out.sids);
 		*r->out.sids = *r->in.sids;
 		NDR_PULL_ALLOC(ndr, r->out.count);
@@ -9834,18 +10676,24 @@ static enum ndr_err_code ndr_pull_lsa_LookupNames3(struct ndr_pull *ndr, int fla
 		}
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.domains);
+		}
+		_mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.domains, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domains));
 		if (_ptr_domains) {
-			NDR_PULL_ALLOC(ndr, r->out.domains);
+			NDR_PULL_ALLOC(ndr, *r->out.domains);
 		} else {
-			r->out.domains = NULL;
+			*r->out.domains = NULL;
 		}
-		if (r->out.domains) {
-			_mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.domains, 0);
-			NDR_CHECK(ndr_pull_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.domains));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_0, 0);
+		if (*r->out.domains) {
+			_mem_save_domains_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.domains, 0);
+			NDR_CHECK(ndr_pull_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.domains));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_1, 0);
 		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_0, LIBNDR_FLAG_REF_ALLOC);
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->out.sids);
 		}
@@ -9885,8 +10733,7 @@ _PUBLIC_ void ndr_print_lsa_LookupNames3(struct ndr_print *ndr, const char *name
 		ndr->depth++;
 		for (cntr_names_0=0;cntr_names_0<r->in.num_names;cntr_names_0++) {
 			char *idx_0=NULL;
-			asprintf(&idx_0, "[%d]", cntr_names_0);
-			if (idx_0) {
+			if (asprintf(&idx_0, "[%d]", cntr_names_0) != -1) {
 				ndr_print_lsa_String(ndr, "names", &r->in.names[cntr_names_0]);
 				free(idx_0);
 			}
@@ -9896,7 +10743,7 @@ _PUBLIC_ void ndr_print_lsa_LookupNames3(struct ndr_print *ndr, const char *name
 		ndr->depth++;
 		ndr_print_lsa_TransSidArray3(ndr, "sids", r->in.sids);
 		ndr->depth--;
-		ndr_print_uint16(ndr, "level", r->in.level);
+		ndr_print_lsa_LookupNamesLevel(ndr, "level", r->in.level);
 		ndr_print_ptr(ndr, "count", r->in.count);
 		ndr->depth++;
 		ndr_print_uint32(ndr, "count", *r->in.count);
@@ -9910,10 +10757,13 @@ _PUBLIC_ void ndr_print_lsa_LookupNames3(struct ndr_print *ndr, const char *name
 		ndr->depth++;
 		ndr_print_ptr(ndr, "domains", r->out.domains);
 		ndr->depth++;
-		if (r->out.domains) {
-			ndr_print_lsa_RefDomainList(ndr, "domains", r->out.domains);
+		ndr_print_ptr(ndr, "domains", *r->out.domains);
+		ndr->depth++;
+		if (*r->out.domains) {
+			ndr_print_lsa_RefDomainList(ndr, "domains", *r->out.domains);
 		}
 		ndr->depth--;
+		ndr->depth--;
 		ndr_print_ptr(ndr, "sids", r->out.sids);
 		ndr->depth++;
 		ndr_print_lsa_TransSidArray3(ndr, "sids", r->out.sids);
@@ -10092,41 +10942,117 @@ _PUBLIC_ void ndr_print_lsa_LSARUNREGISTERAUDITEVENT(struct ndr_print *ndr, cons
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_lsa_LSARQUERYFORESTTRUSTINFORMATION(struct ndr_push *ndr, int flags, const struct lsa_LSARQUERYFORESTTRUSTINFORMATION *r)
+static enum ndr_err_code ndr_push_lsa_lsaRQueryForestTrustInformation(struct ndr_push *ndr, int flags, const struct lsa_lsaRQueryForestTrustInformation *r)
 {
 	if (flags & NDR_IN) {
+		if (r->in.handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
+		if (r->in.trusted_domain_name == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.trusted_domain_name));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.unknown));
 	}
 	if (flags & NDR_OUT) {
+		if (r->out.forest_trust_info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.forest_trust_info));
+		if (*r->out.forest_trust_info) {
+			NDR_CHECK(ndr_push_lsa_ForestTrustInformation(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.forest_trust_info));
+		}
 		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_lsa_LSARQUERYFORESTTRUSTINFORMATION(struct ndr_pull *ndr, int flags, struct lsa_LSARQUERYFORESTTRUSTINFORMATION *r)
+static enum ndr_err_code ndr_pull_lsa_lsaRQueryForestTrustInformation(struct ndr_pull *ndr, int flags, struct lsa_lsaRQueryForestTrustInformation *r)
 {
+	uint32_t _ptr_forest_trust_info;
+	TALLOC_CTX *_mem_save_handle_0;
+	TALLOC_CTX *_mem_save_trusted_domain_name_0;
+	TALLOC_CTX *_mem_save_forest_trust_info_0;
+	TALLOC_CTX *_mem_save_forest_trust_info_1;
 	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.handle);
+		}
+		_mem_save_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.trusted_domain_name);
+		}
+		_mem_save_trusted_domain_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.trusted_domain_name, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.trusted_domain_name));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusted_domain_name_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.unknown));
+		NDR_PULL_ALLOC(ndr, r->out.forest_trust_info);
+		ZERO_STRUCTP(r->out.forest_trust_info);
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.forest_trust_info);
+		}
+		_mem_save_forest_trust_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.forest_trust_info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_forest_trust_info));
+		if (_ptr_forest_trust_info) {
+			NDR_PULL_ALLOC(ndr, *r->out.forest_trust_info);
+		} else {
+			*r->out.forest_trust_info = NULL;
+		}
+		if (*r->out.forest_trust_info) {
+			_mem_save_forest_trust_info_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.forest_trust_info, 0);
+			NDR_CHECK(ndr_pull_lsa_ForestTrustInformation(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.forest_trust_info));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_forest_trust_info_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_forest_trust_info_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-_PUBLIC_ void ndr_print_lsa_LSARQUERYFORESTTRUSTINFORMATION(struct ndr_print *ndr, const char *name, int flags, const struct lsa_LSARQUERYFORESTTRUSTINFORMATION *r)
+_PUBLIC_ void ndr_print_lsa_lsaRQueryForestTrustInformation(struct ndr_print *ndr, const char *name, int flags, const struct lsa_lsaRQueryForestTrustInformation *r)
 {
-	ndr_print_struct(ndr, name, "lsa_LSARQUERYFORESTTRUSTINFORMATION");
+	ndr_print_struct(ndr, name, "lsa_lsaRQueryForestTrustInformation");
 	ndr->depth++;
 	if (flags & NDR_SET_VALUES) {
 		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
 	}
 	if (flags & NDR_IN) {
-		ndr_print_struct(ndr, "in", "lsa_LSARQUERYFORESTTRUSTINFORMATION");
+		ndr_print_struct(ndr, "in", "lsa_lsaRQueryForestTrustInformation");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "handle", r->in.handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "handle", r->in.handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "trusted_domain_name", r->in.trusted_domain_name);
+		ndr->depth++;
+		ndr_print_lsa_String(ndr, "trusted_domain_name", r->in.trusted_domain_name);
+		ndr->depth--;
+		ndr_print_uint16(ndr, "unknown", r->in.unknown);
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
-		ndr_print_struct(ndr, "out", "lsa_LSARQUERYFORESTTRUSTINFORMATION");
+		ndr_print_struct(ndr, "out", "lsa_lsaRQueryForestTrustInformation");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "forest_trust_info", r->out.forest_trust_info);
 		ndr->depth++;
+		ndr_print_ptr(ndr, "forest_trust_info", *r->out.forest_trust_info);
+		ndr->depth++;
+		if (*r->out.forest_trust_info) {
+			ndr_print_lsa_ForestTrustInformation(ndr, "forest_trust_info", *r->out.forest_trust_info);
+		}
+		ndr->depth--;
+		ndr->depth--;
 		ndr_print_NTSTATUS(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -10215,7 +11141,7 @@ _PUBLIC_ void ndr_print_lsa_CREDRRENAME(struct ndr_print *ndr, const char *name,
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_lsa_LookupSids3(struct ndr_push *ndr, int flags, const struct lsa_LookupSids3 *r)
+_PUBLIC_ enum ndr_err_code ndr_push_lsa_LookupSids3(struct ndr_push *ndr, int flags, const struct lsa_LookupSids3 *r)
 {
 	if (flags & NDR_IN) {
 		if (r->in.sids == NULL) {
@@ -10235,9 +11161,12 @@ static enum ndr_err_code ndr_push_lsa_LookupSids3(struct ndr_push *ndr, int flag
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown2));
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.domains));
-		if (r->out.domains) {
-			NDR_CHECK(ndr_push_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.domains));
+		if (r->out.domains == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.domains));
+		if (*r->out.domains) {
+			NDR_CHECK(ndr_push_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.domains));
 		}
 		if (r->out.names == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
@@ -10252,11 +11181,12 @@ static enum ndr_err_code ndr_push_lsa_LookupSids3(struct ndr_push *ndr, int flag
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_lsa_LookupSids3(struct ndr_pull *ndr, int flags, struct lsa_LookupSids3 *r)
+_PUBLIC_ enum ndr_err_code ndr_pull_lsa_LookupSids3(struct ndr_pull *ndr, int flags, struct lsa_LookupSids3 *r)
 {
 	uint32_t _ptr_domains;
 	TALLOC_CTX *_mem_save_sids_0;
 	TALLOC_CTX *_mem_save_domains_0;
+	TALLOC_CTX *_mem_save_domains_1;
 	TALLOC_CTX *_mem_save_names_0;
 	TALLOC_CTX *_mem_save_count_0;
 	if (flags & NDR_IN) {
@@ -10286,24 +11216,32 @@ static enum ndr_err_code ndr_pull_lsa_LookupSids3(struct ndr_pull *ndr, int flag
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_count_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown1));
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown2));
+		NDR_PULL_ALLOC(ndr, r->out.domains);
+		ZERO_STRUCTP(r->out.domains);
 		NDR_PULL_ALLOC(ndr, r->out.names);
 		*r->out.names = *r->in.names;
 		NDR_PULL_ALLOC(ndr, r->out.count);
 		*r->out.count = *r->in.count;
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.domains);
+		}
+		_mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.domains, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domains));
 		if (_ptr_domains) {
-			NDR_PULL_ALLOC(ndr, r->out.domains);
+			NDR_PULL_ALLOC(ndr, *r->out.domains);
 		} else {
-			r->out.domains = NULL;
+			*r->out.domains = NULL;
 		}
-		if (r->out.domains) {
-			_mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.domains, 0);
-			NDR_CHECK(ndr_pull_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.domains));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_0, 0);
+		if (*r->out.domains) {
+			_mem_save_domains_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.domains, 0);
+			NDR_CHECK(ndr_pull_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.domains));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_1, 0);
 		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_0, LIBNDR_FLAG_REF_ALLOC);
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->out.names);
 		}
@@ -10355,10 +11293,13 @@ _PUBLIC_ void ndr_print_lsa_LookupSids3(struct ndr_print *ndr, const char *name,
 		ndr->depth++;
 		ndr_print_ptr(ndr, "domains", r->out.domains);
 		ndr->depth++;
-		if (r->out.domains) {
-			ndr_print_lsa_RefDomainList(ndr, "domains", r->out.domains);
+		ndr_print_ptr(ndr, "domains", *r->out.domains);
+		ndr->depth++;
+		if (*r->out.domains) {
+			ndr_print_lsa_RefDomainList(ndr, "domains", *r->out.domains);
 		}
 		ndr->depth--;
+		ndr->depth--;
 		ndr_print_ptr(ndr, "names", r->out.names);
 		ndr->depth++;
 		ndr_print_lsa_TransNameArray2(ndr, "names", r->out.names);
@@ -10389,7 +11330,7 @@ static enum ndr_err_code ndr_push_lsa_LookupNames4(struct ndr_push *ndr, int fla
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
 		NDR_CHECK(ndr_push_lsa_TransSidArray3(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sids));
-		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.level));
+		NDR_CHECK(ndr_push_lsa_LookupNamesLevel(ndr, NDR_SCALARS, r->in.level));
 		if (r->in.count == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
@@ -10398,9 +11339,12 @@ static enum ndr_err_code ndr_push_lsa_LookupNames4(struct ndr_push *ndr, int fla
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown2));
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.domains));
-		if (r->out.domains) {
-			NDR_CHECK(ndr_push_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.domains));
+		if (r->out.domains == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.domains));
+		if (*r->out.domains) {
+			NDR_CHECK(ndr_push_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.domains));
 		}
 		if (r->out.sids == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
@@ -10421,6 +11365,7 @@ static enum ndr_err_code ndr_pull_lsa_LookupNames4(struct ndr_pull *ndr, int fla
 	uint32_t _ptr_domains;
 	TALLOC_CTX *_mem_save_names_0;
 	TALLOC_CTX *_mem_save_domains_0;
+	TALLOC_CTX *_mem_save_domains_1;
 	TALLOC_CTX *_mem_save_sids_0;
 	TALLOC_CTX *_mem_save_count_0;
 	if (flags & NDR_IN) {
@@ -10448,7 +11393,7 @@ static enum ndr_err_code ndr_pull_lsa_LookupNames4(struct ndr_pull *ndr, int fla
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.sids, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_lsa_TransSidArray3(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sids));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.level));
+		NDR_CHECK(ndr_pull_lsa_LookupNamesLevel(ndr, NDR_SCALARS, &r->in.level));
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->in.count);
 		}
@@ -10458,6 +11403,8 @@ static enum ndr_err_code ndr_pull_lsa_LookupNames4(struct ndr_pull *ndr, int fla
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_count_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown1));
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown2));
+		NDR_PULL_ALLOC(ndr, r->out.domains);
+		ZERO_STRUCTP(r->out.domains);
 		NDR_PULL_ALLOC(ndr, r->out.sids);
 		*r->out.sids = *r->in.sids;
 		NDR_PULL_ALLOC(ndr, r->out.count);
@@ -10467,18 +11414,24 @@ static enum ndr_err_code ndr_pull_lsa_LookupNames4(struct ndr_pull *ndr, int fla
 		}
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.domains);
+		}
+		_mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.domains, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domains));
 		if (_ptr_domains) {
-			NDR_PULL_ALLOC(ndr, r->out.domains);
+			NDR_PULL_ALLOC(ndr, *r->out.domains);
 		} else {
-			r->out.domains = NULL;
+			*r->out.domains = NULL;
 		}
-		if (r->out.domains) {
-			_mem_save_domains_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.domains, 0);
-			NDR_CHECK(ndr_pull_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.domains));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_0, 0);
+		if (*r->out.domains) {
+			_mem_save_domains_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.domains, 0);
+			NDR_CHECK(ndr_pull_lsa_RefDomainList(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.domains));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_1, 0);
 		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domains_0, LIBNDR_FLAG_REF_ALLOC);
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->out.sids);
 		}
@@ -10514,8 +11467,7 @@ _PUBLIC_ void ndr_print_lsa_LookupNames4(struct ndr_print *ndr, const char *name
 		ndr->depth++;
 		for (cntr_names_0=0;cntr_names_0<r->in.num_names;cntr_names_0++) {
 			char *idx_0=NULL;
-			asprintf(&idx_0, "[%d]", cntr_names_0);
-			if (idx_0) {
+			if (asprintf(&idx_0, "[%d]", cntr_names_0) != -1) {
 				ndr_print_lsa_String(ndr, "names", &r->in.names[cntr_names_0]);
 				free(idx_0);
 			}
@@ -10525,7 +11477,7 @@ _PUBLIC_ void ndr_print_lsa_LookupNames4(struct ndr_print *ndr, const char *name
 		ndr->depth++;
 		ndr_print_lsa_TransSidArray3(ndr, "sids", r->in.sids);
 		ndr->depth--;
-		ndr_print_uint16(ndr, "level", r->in.level);
+		ndr_print_lsa_LookupNamesLevel(ndr, "level", r->in.level);
 		ndr_print_ptr(ndr, "count", r->in.count);
 		ndr->depth++;
 		ndr_print_uint32(ndr, "count", *r->in.count);
@@ -10539,10 +11491,13 @@ _PUBLIC_ void ndr_print_lsa_LookupNames4(struct ndr_print *ndr, const char *name
 		ndr->depth++;
 		ndr_print_ptr(ndr, "domains", r->out.domains);
 		ndr->depth++;
-		if (r->out.domains) {
-			ndr_print_lsa_RefDomainList(ndr, "domains", r->out.domains);
+		ndr_print_ptr(ndr, "domains", *r->out.domains);
+		ndr->depth++;
+		if (*r->out.domains) {
+			ndr_print_lsa_RefDomainList(ndr, "domains", *r->out.domains);
 		}
 		ndr->depth--;
+		ndr->depth--;
 		ndr_print_ptr(ndr, "sids", r->out.sids);
 		ndr->depth++;
 		ndr_print_lsa_TransSidArray3(ndr, "sids", r->out.sids);
@@ -11307,11 +12262,11 @@ static const struct ndr_interface_call lsarpc_calls[] = {
 		false,
 	},
 	{
-		"lsa_LSARQUERYFORESTTRUSTINFORMATION",
-		sizeof(struct lsa_LSARQUERYFORESTTRUSTINFORMATION),
-		(ndr_push_flags_fn_t) ndr_push_lsa_LSARQUERYFORESTTRUSTINFORMATION,
-		(ndr_pull_flags_fn_t) ndr_pull_lsa_LSARQUERYFORESTTRUSTINFORMATION,
-		(ndr_print_function_t) ndr_print_lsa_LSARQUERYFORESTTRUSTINFORMATION,
+		"lsa_lsaRQueryForestTrustInformation",
+		sizeof(struct lsa_lsaRQueryForestTrustInformation),
+		(ndr_push_flags_fn_t) ndr_push_lsa_lsaRQueryForestTrustInformation,
+		(ndr_pull_flags_fn_t) ndr_pull_lsa_lsaRQueryForestTrustInformation,
+		(ndr_print_function_t) ndr_print_lsa_lsaRQueryForestTrustInformation,
 		false,
 	},
 	{
diff --git a/source3/librpc/gen_ndr/ndr_lsa.h b/source3/librpc/gen_ndr/ndr_lsa.h
index dc100297f5..a96f2d41b9 100644
--- a/source3/librpc/gen_ndr/ndr_lsa.h
+++ b/source3/librpc/gen_ndr/ndr_lsa.h
@@ -188,12 +188,19 @@ void ndr_print_lsa_Strings(struct ndr_print *ndr, const char *name, const struct
 enum ndr_err_code ndr_push_lsa_AsciiString(struct ndr_push *ndr, int ndr_flags, const struct lsa_AsciiString *r);
 enum ndr_err_code ndr_pull_lsa_AsciiString(struct ndr_pull *ndr, int ndr_flags, struct lsa_AsciiString *r);
 void ndr_print_lsa_AsciiString(struct ndr_print *ndr, const char *name, const struct lsa_AsciiString *r);
+enum ndr_err_code ndr_push_lsa_AsciiStringLarge(struct ndr_push *ndr, int ndr_flags, const struct lsa_AsciiStringLarge *r);
+enum ndr_err_code ndr_pull_lsa_AsciiStringLarge(struct ndr_pull *ndr, int ndr_flags, struct lsa_AsciiStringLarge *r);
+void ndr_print_lsa_AsciiStringLarge(struct ndr_print *ndr, const char *name, const struct lsa_AsciiStringLarge *r);
 void ndr_print_lsa_LUID(struct ndr_print *ndr, const char *name, const struct lsa_LUID *r);
 void ndr_print_lsa_PrivEntry(struct ndr_print *ndr, const char *name, const struct lsa_PrivEntry *r);
 void ndr_print_lsa_PrivArray(struct ndr_print *ndr, const char *name, const struct lsa_PrivArray *r);
 void ndr_print_lsa_QosInfo(struct ndr_print *ndr, const char *name, const struct lsa_QosInfo *r);
 void ndr_print_lsa_ObjectAttribute(struct ndr_print *ndr, const char *name, const struct lsa_ObjectAttribute *r);
+enum ndr_err_code ndr_push_lsa_PolicyAccessMask(struct ndr_push *ndr, int ndr_flags, uint32_t r);
+enum ndr_err_code ndr_pull_lsa_PolicyAccessMask(struct ndr_pull *ndr, int ndr_flags, uint32_t *r);
+void ndr_print_lsa_PolicyAccessMask(struct ndr_print *ndr, const char *name, uint32_t r);
 void ndr_print_lsa_AuditLogInfo(struct ndr_print *ndr, const char *name, const struct lsa_AuditLogInfo *r);
+void ndr_print_lsa_PolicyAuditPolicy(struct ndr_print *ndr, const char *name, enum lsa_PolicyAuditPolicy r);
 void ndr_print_lsa_AuditEventsInfo(struct ndr_print *ndr, const char *name, const struct lsa_AuditEventsInfo *r);
 void ndr_print_lsa_DomainInfo(struct ndr_print *ndr, const char *name, const struct lsa_DomainInfo *r);
 void ndr_print_lsa_PDAccountInfo(struct ndr_print *ndr, const char *name, const struct lsa_PDAccountInfo *r);
@@ -215,6 +222,7 @@ void ndr_print_lsa_SidType(struct ndr_print *ndr, const char *name, enum lsa_Sid
 void ndr_print_lsa_TranslatedSid(struct ndr_print *ndr, const char *name, const struct lsa_TranslatedSid *r);
 void ndr_print_lsa_TransSidArray(struct ndr_print *ndr, const char *name, const struct lsa_TransSidArray *r);
 void ndr_print_lsa_RefDomainList(struct ndr_print *ndr, const char *name, const struct lsa_RefDomainList *r);
+void ndr_print_lsa_LookupNamesLevel(struct ndr_print *ndr, const char *name, enum lsa_LookupNamesLevel r);
 void ndr_print_lsa_TranslatedName(struct ndr_print *ndr, const char *name, const struct lsa_TranslatedName *r);
 void ndr_print_lsa_TransNameArray(struct ndr_print *ndr, const char *name, const struct lsa_TransNameArray *r);
 void ndr_print_lsa_LUIDAttribute(struct ndr_print *ndr, const char *name, const struct lsa_LUIDAttribute *r);
@@ -235,7 +243,6 @@ void ndr_print_lsa_TrustDomainInfoInfoAll(struct ndr_print *ndr, const char *nam
 void ndr_print_lsa_TrustedDomainInfo(struct ndr_print *ndr, const char *name, const union lsa_TrustedDomainInfo *r);
 void ndr_print_lsa_DATA_BUF_PTR(struct ndr_print *ndr, const char *name, const struct lsa_DATA_BUF_PTR *r);
 void ndr_print_lsa_RightSet(struct ndr_print *ndr, const char *name, const struct lsa_RightSet *r);
-void ndr_print_lsa_StringPointer(struct ndr_print *ndr, const char *name, const struct lsa_StringPointer *r);
 void ndr_print_lsa_DomainListEx(struct ndr_print *ndr, const char *name, const struct lsa_DomainListEx *r);
 void ndr_print_lsa_DomainInfoKerberos(struct ndr_print *ndr, const char *name, const struct lsa_DomainInfoKerberos *r);
 void ndr_print_lsa_DomainInfoEfs(struct ndr_print *ndr, const char *name, const struct lsa_DomainInfoEfs *r);
@@ -246,22 +253,48 @@ void ndr_print_lsa_TranslatedSid2(struct ndr_print *ndr, const char *name, const
 void ndr_print_lsa_TransSidArray2(struct ndr_print *ndr, const char *name, const struct lsa_TransSidArray2 *r);
 void ndr_print_lsa_TranslatedSid3(struct ndr_print *ndr, const char *name, const struct lsa_TranslatedSid3 *r);
 void ndr_print_lsa_TransSidArray3(struct ndr_print *ndr, const char *name, const struct lsa_TransSidArray3 *r);
+void ndr_print_lsa_ForestTrustBinaryData(struct ndr_print *ndr, const char *name, const struct lsa_ForestTrustBinaryData *r);
+void ndr_print_lsa_ForestTrustDomainInfo(struct ndr_print *ndr, const char *name, const struct lsa_ForestTrustDomainInfo *r);
+void ndr_print_lsa_ForestTrustData(struct ndr_print *ndr, const char *name, const union lsa_ForestTrustData *r);
+void ndr_print_lsa_ForestTrustRecordType(struct ndr_print *ndr, const char *name, enum lsa_ForestTrustRecordType r);
+void ndr_print_lsa_ForestTrustRecord(struct ndr_print *ndr, const char *name, const struct lsa_ForestTrustRecord *r);
+enum ndr_err_code ndr_push_lsa_ForestTrustInformation(struct ndr_push *ndr, int ndr_flags, const struct lsa_ForestTrustInformation *r);
+enum ndr_err_code ndr_pull_lsa_ForestTrustInformation(struct ndr_pull *ndr, int ndr_flags, struct lsa_ForestTrustInformation *r);
+void ndr_print_lsa_ForestTrustInformation(struct ndr_print *ndr, const char *name, const struct lsa_ForestTrustInformation *r);
 void ndr_print_lsa_Close(struct ndr_print *ndr, const char *name, int flags, const struct lsa_Close *r);
+enum ndr_err_code ndr_push_lsa_Delete(struct ndr_push *ndr, int flags, const struct lsa_Delete *r);
+enum ndr_err_code ndr_pull_lsa_Delete(struct ndr_pull *ndr, int flags, struct lsa_Delete *r);
 void ndr_print_lsa_Delete(struct ndr_print *ndr, const char *name, int flags, const struct lsa_Delete *r);
+enum ndr_err_code ndr_push_lsa_EnumPrivs(struct ndr_push *ndr, int flags, const struct lsa_EnumPrivs *r);
+enum ndr_err_code ndr_pull_lsa_EnumPrivs(struct ndr_pull *ndr, int flags, struct lsa_EnumPrivs *r);
 void ndr_print_lsa_EnumPrivs(struct ndr_print *ndr, const char *name, int flags, const struct lsa_EnumPrivs *r);
 void ndr_print_lsa_QuerySecurity(struct ndr_print *ndr, const char *name, int flags, const struct lsa_QuerySecurity *r);
 void ndr_print_lsa_SetSecObj(struct ndr_print *ndr, const char *name, int flags, const struct lsa_SetSecObj *r);
 void ndr_print_lsa_ChangePassword(struct ndr_print *ndr, const char *name, int flags, const struct lsa_ChangePassword *r);
+enum ndr_err_code ndr_push_lsa_OpenPolicy(struct ndr_push *ndr, int flags, const struct lsa_OpenPolicy *r);
+enum ndr_err_code ndr_pull_lsa_OpenPolicy(struct ndr_pull *ndr, int flags, struct lsa_OpenPolicy *r);
 void ndr_print_lsa_OpenPolicy(struct ndr_print *ndr, const char *name, int flags, const struct lsa_OpenPolicy *r);
 void ndr_print_lsa_QueryInfoPolicy(struct ndr_print *ndr, const char *name, int flags, const struct lsa_QueryInfoPolicy *r);
 void ndr_print_lsa_SetInfoPolicy(struct ndr_print *ndr, const char *name, int flags, const struct lsa_SetInfoPolicy *r);
 void ndr_print_lsa_ClearAuditLog(struct ndr_print *ndr, const char *name, int flags, const struct lsa_ClearAuditLog *r);
+enum ndr_err_code ndr_push_lsa_CreateAccount(struct ndr_push *ndr, int flags, const struct lsa_CreateAccount *r);
+enum ndr_err_code ndr_pull_lsa_CreateAccount(struct ndr_pull *ndr, int flags, struct lsa_CreateAccount *r);
 void ndr_print_lsa_CreateAccount(struct ndr_print *ndr, const char *name, int flags, const struct lsa_CreateAccount *r);
+enum ndr_err_code ndr_push_lsa_EnumAccounts(struct ndr_push *ndr, int flags, const struct lsa_EnumAccounts *r);
+enum ndr_err_code ndr_pull_lsa_EnumAccounts(struct ndr_pull *ndr, int flags, struct lsa_EnumAccounts *r);
 void ndr_print_lsa_EnumAccounts(struct ndr_print *ndr, const char *name, int flags, const struct lsa_EnumAccounts *r);
+enum ndr_err_code ndr_push_lsa_CreateTrustedDomain(struct ndr_push *ndr, int flags, const struct lsa_CreateTrustedDomain *r);
+enum ndr_err_code ndr_pull_lsa_CreateTrustedDomain(struct ndr_pull *ndr, int flags, struct lsa_CreateTrustedDomain *r);
 void ndr_print_lsa_CreateTrustedDomain(struct ndr_print *ndr, const char *name, int flags, const struct lsa_CreateTrustedDomain *r);
 void ndr_print_lsa_EnumTrustDom(struct ndr_print *ndr, const char *name, int flags, const struct lsa_EnumTrustDom *r);
+enum ndr_err_code ndr_push_lsa_LookupNames(struct ndr_push *ndr, int flags, const struct lsa_LookupNames *r);
+enum ndr_err_code ndr_pull_lsa_LookupNames(struct ndr_pull *ndr, int flags, struct lsa_LookupNames *r);
 void ndr_print_lsa_LookupNames(struct ndr_print *ndr, const char *name, int flags, const struct lsa_LookupNames *r);
+enum ndr_err_code ndr_push_lsa_LookupSids(struct ndr_push *ndr, int flags, const struct lsa_LookupSids *r);
+enum ndr_err_code ndr_pull_lsa_LookupSids(struct ndr_pull *ndr, int flags, struct lsa_LookupSids *r);
 void ndr_print_lsa_LookupSids(struct ndr_print *ndr, const char *name, int flags, const struct lsa_LookupSids *r);
+enum ndr_err_code ndr_push_lsa_CreateSecret(struct ndr_push *ndr, int flags, const struct lsa_CreateSecret *r);
+enum ndr_err_code ndr_pull_lsa_CreateSecret(struct ndr_pull *ndr, int flags, struct lsa_CreateSecret *r);
 void ndr_print_lsa_CreateSecret(struct ndr_print *ndr, const char *name, int flags, const struct lsa_CreateSecret *r);
 void ndr_print_lsa_OpenAccount(struct ndr_print *ndr, const char *name, int flags, const struct lsa_OpenAccount *r);
 void ndr_print_lsa_EnumPrivsAccount(struct ndr_print *ndr, const char *name, int flags, const struct lsa_EnumPrivsAccount *r);
@@ -274,8 +307,14 @@ void ndr_print_lsa_SetSystemAccessAccount(struct ndr_print *ndr, const char *nam
 void ndr_print_lsa_OpenTrustedDomain(struct ndr_print *ndr, const char *name, int flags, const struct lsa_OpenTrustedDomain *r);
 void ndr_print_lsa_QueryTrustedDomainInfo(struct ndr_print *ndr, const char *name, int flags, const struct lsa_QueryTrustedDomainInfo *r);
 void ndr_print_lsa_SetInformationTrustedDomain(struct ndr_print *ndr, const char *name, int flags, const struct lsa_SetInformationTrustedDomain *r);
+enum ndr_err_code ndr_push_lsa_OpenSecret(struct ndr_push *ndr, int flags, const struct lsa_OpenSecret *r);
+enum ndr_err_code ndr_pull_lsa_OpenSecret(struct ndr_pull *ndr, int flags, struct lsa_OpenSecret *r);
 void ndr_print_lsa_OpenSecret(struct ndr_print *ndr, const char *name, int flags, const struct lsa_OpenSecret *r);
+enum ndr_err_code ndr_push_lsa_SetSecret(struct ndr_push *ndr, int flags, const struct lsa_SetSecret *r);
+enum ndr_err_code ndr_pull_lsa_SetSecret(struct ndr_pull *ndr, int flags, struct lsa_SetSecret *r);
 void ndr_print_lsa_SetSecret(struct ndr_print *ndr, const char *name, int flags, const struct lsa_SetSecret *r);
+enum ndr_err_code ndr_push_lsa_QuerySecret(struct ndr_push *ndr, int flags, const struct lsa_QuerySecret *r);
+enum ndr_err_code ndr_pull_lsa_QuerySecret(struct ndr_pull *ndr, int flags, struct lsa_QuerySecret *r);
 void ndr_print_lsa_QuerySecret(struct ndr_print *ndr, const char *name, int flags, const struct lsa_QuerySecret *r);
 void ndr_print_lsa_LookupPrivValue(struct ndr_print *ndr, const char *name, int flags, const struct lsa_LookupPrivValue *r);
 void ndr_print_lsa_LookupPrivName(struct ndr_print *ndr, const char *name, int flags, const struct lsa_LookupPrivName *r);
@@ -290,6 +329,8 @@ void ndr_print_lsa_SetTrustedDomainInfo(struct ndr_print *ndr, const char *name,
 void ndr_print_lsa_DeleteTrustedDomain(struct ndr_print *ndr, const char *name, int flags, const struct lsa_DeleteTrustedDomain *r);
 void ndr_print_lsa_StorePrivateData(struct ndr_print *ndr, const char *name, int flags, const struct lsa_StorePrivateData *r);
 void ndr_print_lsa_RetrievePrivateData(struct ndr_print *ndr, const char *name, int flags, const struct lsa_RetrievePrivateData *r);
+enum ndr_err_code ndr_push_lsa_OpenPolicy2(struct ndr_push *ndr, int flags, const struct lsa_OpenPolicy2 *r);
+enum ndr_err_code ndr_pull_lsa_OpenPolicy2(struct ndr_pull *ndr, int flags, struct lsa_OpenPolicy2 *r);
 void ndr_print_lsa_OpenPolicy2(struct ndr_print *ndr, const char *name, int flags, const struct lsa_OpenPolicy2 *r);
 void ndr_print_lsa_GetUserName(struct ndr_print *ndr, const char *name, int flags, const struct lsa_GetUserName *r);
 void ndr_print_lsa_QueryInfoPolicy2(struct ndr_print *ndr, const char *name, int flags, const struct lsa_QueryInfoPolicy2 *r);
@@ -303,7 +344,11 @@ void ndr_print_lsa_QueryDomainInformationPolicy(struct ndr_print *ndr, const cha
 void ndr_print_lsa_SetDomainInformationPolicy(struct ndr_print *ndr, const char *name, int flags, const struct lsa_SetDomainInformationPolicy *r);
 void ndr_print_lsa_OpenTrustedDomainByName(struct ndr_print *ndr, const char *name, int flags, const struct lsa_OpenTrustedDomainByName *r);
 void ndr_print_lsa_TestCall(struct ndr_print *ndr, const char *name, int flags, const struct lsa_TestCall *r);
+enum ndr_err_code ndr_push_lsa_LookupSids2(struct ndr_push *ndr, int flags, const struct lsa_LookupSids2 *r);
+enum ndr_err_code ndr_pull_lsa_LookupSids2(struct ndr_pull *ndr, int flags, struct lsa_LookupSids2 *r);
 void ndr_print_lsa_LookupSids2(struct ndr_print *ndr, const char *name, int flags, const struct lsa_LookupSids2 *r);
+enum ndr_err_code ndr_push_lsa_LookupNames2(struct ndr_push *ndr, int flags, const struct lsa_LookupNames2 *r);
+enum ndr_err_code ndr_pull_lsa_LookupNames2(struct ndr_pull *ndr, int flags, struct lsa_LookupNames2 *r);
 void ndr_print_lsa_LookupNames2(struct ndr_print *ndr, const char *name, int flags, const struct lsa_LookupNames2 *r);
 void ndr_print_lsa_CreateTrustedDomainEx2(struct ndr_print *ndr, const char *name, int flags, const struct lsa_CreateTrustedDomainEx2 *r);
 void ndr_print_lsa_CREDRWRITE(struct ndr_print *ndr, const char *name, int flags, const struct lsa_CREDRWRITE *r);
@@ -314,14 +359,18 @@ void ndr_print_lsa_CREDRREADDOMAINCREDENTIALS(struct ndr_print *ndr, const char
 void ndr_print_lsa_CREDRDELETE(struct ndr_print *ndr, const char *name, int flags, const struct lsa_CREDRDELETE *r);
 void ndr_print_lsa_CREDRGETTARGETINFO(struct ndr_print *ndr, const char *name, int flags, const struct lsa_CREDRGETTARGETINFO *r);
 void ndr_print_lsa_CREDRPROFILELOADED(struct ndr_print *ndr, const char *name, int flags, const struct lsa_CREDRPROFILELOADED *r);
+enum ndr_err_code ndr_push_lsa_LookupNames3(struct ndr_push *ndr, int flags, const struct lsa_LookupNames3 *r);
+enum ndr_err_code ndr_pull_lsa_LookupNames3(struct ndr_pull *ndr, int flags, struct lsa_LookupNames3 *r);
 void ndr_print_lsa_LookupNames3(struct ndr_print *ndr, const char *name, int flags, const struct lsa_LookupNames3 *r);
 void ndr_print_lsa_CREDRGETSESSIONTYPES(struct ndr_print *ndr, const char *name, int flags, const struct lsa_CREDRGETSESSIONTYPES *r);
 void ndr_print_lsa_LSARREGISTERAUDITEVENT(struct ndr_print *ndr, const char *name, int flags, const struct lsa_LSARREGISTERAUDITEVENT *r);
 void ndr_print_lsa_LSARGENAUDITEVENT(struct ndr_print *ndr, const char *name, int flags, const struct lsa_LSARGENAUDITEVENT *r);
 void ndr_print_lsa_LSARUNREGISTERAUDITEVENT(struct ndr_print *ndr, const char *name, int flags, const struct lsa_LSARUNREGISTERAUDITEVENT *r);
-void ndr_print_lsa_LSARQUERYFORESTTRUSTINFORMATION(struct ndr_print *ndr, const char *name, int flags, const struct lsa_LSARQUERYFORESTTRUSTINFORMATION *r);
+void ndr_print_lsa_lsaRQueryForestTrustInformation(struct ndr_print *ndr, const char *name, int flags, const struct lsa_lsaRQueryForestTrustInformation *r);
 void ndr_print_lsa_LSARSETFORESTTRUSTINFORMATION(struct ndr_print *ndr, const char *name, int flags, const struct lsa_LSARSETFORESTTRUSTINFORMATION *r);
 void ndr_print_lsa_CREDRRENAME(struct ndr_print *ndr, const char *name, int flags, const struct lsa_CREDRRENAME *r);
+enum ndr_err_code ndr_push_lsa_LookupSids3(struct ndr_push *ndr, int flags, const struct lsa_LookupSids3 *r);
+enum ndr_err_code ndr_pull_lsa_LookupSids3(struct ndr_pull *ndr, int flags, struct lsa_LookupSids3 *r);
 void ndr_print_lsa_LookupSids3(struct ndr_print *ndr, const char *name, int flags, const struct lsa_LookupSids3 *r);
 void ndr_print_lsa_LookupNames4(struct ndr_print *ndr, const char *name, int flags, const struct lsa_LookupNames4 *r);
 void ndr_print_lsa_LSAROPENPOLICYSCE(struct ndr_print *ndr, const char *name, int flags, const struct lsa_LSAROPENPOLICYSCE *r);
diff --git a/source3/librpc/gen_ndr/ndr_messaging.c b/source3/librpc/gen_ndr/ndr_messaging.c
index 413421f770..db886316f1 100644
--- a/source3/librpc/gen_ndr/ndr_messaging.c
+++ b/source3/librpc/gen_ndr/ndr_messaging.c
@@ -103,8 +103,7 @@ _PUBLIC_ void ndr_print_messaging_array(struct ndr_print *ndr, const char *name,
 	ndr->depth++;
 	for (cntr_messages_0=0;cntr_messages_0<r->num_messages;cntr_messages_0++) {
 		char *idx_0=NULL;
-		asprintf(&idx_0, "[%d]", cntr_messages_0);
-		if (idx_0) {
+		if (asprintf(&idx_0, "[%d]", cntr_messages_0) != -1) {
 			ndr_print_messaging_rec(ndr, "messages", &r->messages[cntr_messages_0]);
 			free(idx_0);
 		}
diff --git a/source3/librpc/gen_ndr/ndr_misc.c b/source3/librpc/gen_ndr/ndr_misc.c
new file mode 100644
index 0000000000..56105d499f
--- /dev/null
+++ b/source3/librpc/gen_ndr/ndr_misc.c
@@ -0,0 +1,185 @@
+/* parser auto-generated by pidl */
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+
+_PUBLIC_ enum ndr_err_code ndr_push_GUID(struct ndr_push *ndr, int ndr_flags, const struct GUID *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->time_low));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->time_mid));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->time_hi_and_version));
+		NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->clock_seq, 2));
+		NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->node, 6));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_GUID(struct ndr_pull *ndr, int ndr_flags, struct GUID *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->time_low));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->time_mid));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->time_hi_and_version));
+		NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->clock_seq, 2));
+		NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->node, 6));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ size_t ndr_size_GUID(const struct GUID *r, int flags)
+{
+	return ndr_size_struct(r, flags, (ndr_push_flags_fn_t)ndr_push_GUID);
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_ndr_syntax_id(struct ndr_push *ndr, int ndr_flags, const struct ndr_syntax_id *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS, &r->uuid));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->if_version));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_ndr_syntax_id(struct ndr_pull *ndr, int ndr_flags, struct ndr_syntax_id *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->uuid));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->if_version));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_ndr_syntax_id(struct ndr_print *ndr, const char *name, const struct ndr_syntax_id *r)
+{
+	ndr_print_struct(ndr, name, "ndr_syntax_id");
+	ndr->depth++;
+	ndr_print_GUID(ndr, "uuid", &r->uuid);
+	ndr_print_uint32(ndr, "if_version", r->if_version);
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_policy_handle(struct ndr_push *ndr, int ndr_flags, const struct policy_handle *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->handle_type));
+		NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS, &r->uuid));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_policy_handle(struct ndr_pull *ndr, int ndr_flags, struct policy_handle *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->handle_type));
+		NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->uuid));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_policy_handle(struct ndr_print *ndr, const char *name, const struct policy_handle *r)
+{
+	ndr_print_struct(ndr, name, "policy_handle");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "handle_type", r->handle_type);
+	ndr_print_GUID(ndr, "uuid", &r->uuid);
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_netr_SchannelType(struct ndr_push *ndr, int ndr_flags, enum netr_SchannelType r)
+{
+	NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_netr_SchannelType(struct ndr_pull *ndr, int ndr_flags, enum netr_SchannelType *r)
+{
+	uint16_t v;
+	NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_netr_SchannelType(struct ndr_print *ndr, const char *name, enum netr_SchannelType r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case SEC_CHAN_WKSTA: val = "SEC_CHAN_WKSTA"; break;
+		case SEC_CHAN_DOMAIN: val = "SEC_CHAN_DOMAIN"; break;
+		case SEC_CHAN_BDC: val = "SEC_CHAN_BDC"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_netr_SamDatabaseID(struct ndr_push *ndr, int ndr_flags, enum netr_SamDatabaseID r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_netr_SamDatabaseID(struct ndr_pull *ndr, int ndr_flags, enum netr_SamDatabaseID *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_netr_SamDatabaseID(struct ndr_print *ndr, const char *name, enum netr_SamDatabaseID r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case SAM_DATABASE_DOMAIN: val = "SAM_DATABASE_DOMAIN"; break;
+		case SAM_DATABASE_BUILTIN: val = "SAM_DATABASE_BUILTIN"; break;
+		case SAM_DATABASE_PRIVS: val = "SAM_DATABASE_PRIVS"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_samr_RejectReason(struct ndr_push *ndr, int ndr_flags, enum samr_RejectReason r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_samr_RejectReason(struct ndr_pull *ndr, int ndr_flags, enum samr_RejectReason *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_RejectReason(struct ndr_print *ndr, const char *name, enum samr_RejectReason r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case SAMR_REJECT_OTHER: val = "SAMR_REJECT_OTHER"; break;
+		case SAMR_REJECT_TOO_SHORT: val = "SAMR_REJECT_TOO_SHORT"; break;
+		case SAMR_REJECT_IN_HISTORY: val = "SAMR_REJECT_IN_HISTORY"; break;
+		case SAMR_REJECT_COMPLEXITY: val = "SAMR_REJECT_COMPLEXITY"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
diff --git a/source3/librpc/gen_ndr/ndr_misc.h b/source3/librpc/gen_ndr/ndr_misc.h
index d43a7d8b4a..a15a781367 100644
--- a/source3/librpc/gen_ndr/ndr_misc.h
+++ b/source3/librpc/gen_ndr/ndr_misc.h
@@ -1 +1,29 @@
-#include "ndr/ndr_misc.h"
+/* header auto-generated by pidl */
+
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/misc.h"
+
+#ifndef _HEADER_NDR_misc
+#define _HEADER_NDR_misc
+
+#define NDR_MISC_CALL_COUNT (0)
+enum ndr_err_code ndr_push_GUID(struct ndr_push *ndr, int ndr_flags, const struct GUID *r);
+enum ndr_err_code ndr_pull_GUID(struct ndr_pull *ndr, int ndr_flags, struct GUID *r);
+void ndr_print_GUID(struct ndr_print *ndr, const char *name, const struct GUID *r);
+size_t ndr_size_GUID(const struct GUID *r, int flags);
+enum ndr_err_code ndr_push_ndr_syntax_id(struct ndr_push *ndr, int ndr_flags, const struct ndr_syntax_id *r);
+enum ndr_err_code ndr_pull_ndr_syntax_id(struct ndr_pull *ndr, int ndr_flags, struct ndr_syntax_id *r);
+void ndr_print_ndr_syntax_id(struct ndr_print *ndr, const char *name, const struct ndr_syntax_id *r);
+enum ndr_err_code ndr_push_policy_handle(struct ndr_push *ndr, int ndr_flags, const struct policy_handle *r);
+enum ndr_err_code ndr_pull_policy_handle(struct ndr_pull *ndr, int ndr_flags, struct policy_handle *r);
+void ndr_print_policy_handle(struct ndr_print *ndr, const char *name, const struct policy_handle *r);
+enum ndr_err_code ndr_push_netr_SchannelType(struct ndr_push *ndr, int ndr_flags, enum netr_SchannelType r);
+enum ndr_err_code ndr_pull_netr_SchannelType(struct ndr_pull *ndr, int ndr_flags, enum netr_SchannelType *r);
+void ndr_print_netr_SchannelType(struct ndr_print *ndr, const char *name, enum netr_SchannelType r);
+enum ndr_err_code ndr_push_netr_SamDatabaseID(struct ndr_push *ndr, int ndr_flags, enum netr_SamDatabaseID r);
+enum ndr_err_code ndr_pull_netr_SamDatabaseID(struct ndr_pull *ndr, int ndr_flags, enum netr_SamDatabaseID *r);
+void ndr_print_netr_SamDatabaseID(struct ndr_print *ndr, const char *name, enum netr_SamDatabaseID r);
+enum ndr_err_code ndr_push_samr_RejectReason(struct ndr_push *ndr, int ndr_flags, enum samr_RejectReason r);
+enum ndr_err_code ndr_pull_samr_RejectReason(struct ndr_pull *ndr, int ndr_flags, enum samr_RejectReason *r);
+void ndr_print_samr_RejectReason(struct ndr_print *ndr, const char *name, enum samr_RejectReason r);
+#endif /* _HEADER_NDR_misc */
diff --git a/source3/librpc/gen_ndr/ndr_netlogon.c b/source3/librpc/gen_ndr/ndr_netlogon.c
index 081c87fb12..4c46fb0735 100644
--- a/source3/librpc/gen_ndr/ndr_netlogon.c
+++ b/source3/librpc/gen_ndr/ndr_netlogon.c
@@ -315,8 +315,7 @@ _PUBLIC_ void ndr_print_netr_AcctLockStr(struct ndr_print *ndr, const char *name
 		ndr->depth++;
 		for (cntr_bindata_1=0;cntr_bindata_1<r->length / 2;cntr_bindata_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_bindata_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_bindata_1) != -1) {
 				ndr_print_uint16(ndr, "bindata", r->bindata[cntr_bindata_1]);
 				free(idx_1);
 			}
@@ -327,12 +326,39 @@ _PUBLIC_ void ndr_print_netr_AcctLockStr(struct ndr_print *ndr, const char *name
 	ndr->depth--;
 }
 
+_PUBLIC_ enum ndr_err_code ndr_push_netr_LogonParameterControl(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_netr_LogonParameterControl(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_netr_LogonParameterControl(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+	ndr_print_uint32(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "MSV1_0_CLEARTEXT_PASSWORD_ALLOWED", MSV1_0_CLEARTEXT_PASSWORD_ALLOWED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "MSV1_0_UPDATE_LOGON_STATISTICS", MSV1_0_UPDATE_LOGON_STATISTICS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "MSV1_0_RETURN_USER_PARAMETERS", MSV1_0_RETURN_USER_PARAMETERS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT", MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "MSV1_0_RETURN_PROFILE_PATH", MSV1_0_RETURN_PROFILE_PATH, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT", MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT, r);
+	ndr->depth--;
+}
+
 static enum ndr_err_code ndr_push_netr_IdentityInfo(struct ndr_push *ndr, int ndr_flags, const struct netr_IdentityInfo *r)
 {
 	if (ndr_flags & NDR_SCALARS) {
 		NDR_CHECK(ndr_push_align(ndr, 4));
 		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->domain_name));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->parameter_control));
+		NDR_CHECK(ndr_push_netr_LogonParameterControl(ndr, NDR_SCALARS, r->parameter_control));
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->logon_id_low));
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->logon_id_high));
 		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->account_name));
@@ -351,7 +377,7 @@ static enum ndr_err_code ndr_pull_netr_IdentityInfo(struct ndr_pull *ndr, int nd
 	if (ndr_flags & NDR_SCALARS) {
 		NDR_CHECK(ndr_pull_align(ndr, 4));
 		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->domain_name));
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->parameter_control));
+		NDR_CHECK(ndr_pull_netr_LogonParameterControl(ndr, NDR_SCALARS, &r->parameter_control));
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->logon_id_low));
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->logon_id_high));
 		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->account_name));
@@ -370,7 +396,7 @@ _PUBLIC_ void ndr_print_netr_IdentityInfo(struct ndr_print *ndr, const char *nam
 	ndr_print_struct(ndr, name, "netr_IdentityInfo");
 	ndr->depth++;
 	ndr_print_lsa_String(ndr, "domain_name", &r->domain_name);
-	ndr_print_uint32(ndr, "parameter_control", r->parameter_control);
+	ndr_print_netr_LogonParameterControl(ndr, "parameter_control", r->parameter_control);
 	ndr_print_uint32(ndr, "logon_id_low", r->logon_id_low);
 	ndr_print_uint32(ndr, "logon_id_high", r->logon_id_high);
 	ndr_print_lsa_String(ndr, "account_name", &r->account_name);
@@ -573,25 +599,25 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_LogonLevel(struct ndr_push *ndr, int nd
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->password));
-			break;
+			break; }
 
-			case 2:
+			case 2: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->network));
-			break;
+			break; }
 
-			case 3:
+			case 3: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->password));
-			break;
+			break; }
 
-			case 5:
+			case 5: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->password));
-			break;
+			break; }
 
-			case 6:
+			case 6: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->network));
-			break;
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
@@ -814,39 +840,6 @@ _PUBLIC_ void ndr_print_netr_LogonLevel(struct ndr_print *ndr, const char *name,
 	}
 }
 
-_PUBLIC_ enum ndr_err_code ndr_push_netr_GroupMembership(struct ndr_push *ndr, int ndr_flags, const struct netr_GroupMembership *r)
-{
-	if (ndr_flags & NDR_SCALARS) {
-		NDR_CHECK(ndr_push_align(ndr, 4));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->attributes));
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-_PUBLIC_ enum ndr_err_code ndr_pull_netr_GroupMembership(struct ndr_pull *ndr, int ndr_flags, struct netr_GroupMembership *r)
-{
-	if (ndr_flags & NDR_SCALARS) {
-		NDR_CHECK(ndr_pull_align(ndr, 4));
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->rid));
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->attributes));
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-_PUBLIC_ void ndr_print_netr_GroupMembership(struct ndr_print *ndr, const char *name, const struct netr_GroupMembership *r)
-{
-	ndr_print_struct(ndr, name, "netr_GroupMembership");
-	ndr->depth++;
-	ndr_print_uint32(ndr, "rid", r->rid);
-	ndr_print_uint32(ndr, "attributes", r->attributes);
-	ndr->depth--;
-}
-
 _PUBLIC_ enum ndr_err_code ndr_push_netr_UserSessionKey(struct ndr_push *ndr, int ndr_flags, const struct netr_UserSessionKey *r)
 {
 	{
@@ -965,6 +958,7 @@ _PUBLIC_ void ndr_print_netr_UserFlags(struct ndr_print *ndr, const char *name,
 	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_NTLMV2_ENABLED", NETLOGON_NTLMV2_ENABLED, r);
 	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_RESOURCE_GROUPS", NETLOGON_RESOURCE_GROUPS, r);
 	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_PROFILE_PATH_RETURNED", NETLOGON_PROFILE_PATH_RETURNED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "NETLOGON_GRACE_LOGON", NETLOGON_GRACE_LOGON, r);
 	ndr->depth--;
 }
 
@@ -1116,8 +1110,7 @@ _PUBLIC_ void ndr_print_netr_SamBaseInfo(struct ndr_print *ndr, const char *name
 	ndr->depth++;
 	for (cntr_unknown_0=0;cntr_unknown_0<7;cntr_unknown_0++) {
 		char *idx_0=NULL;
-		asprintf(&idx_0, "[%d]", cntr_unknown_0);
-		if (idx_0) {
+		if (asprintf(&idx_0, "[%d]", cntr_unknown_0) != -1) {
 			ndr_print_uint32(ndr, "unknown", r->unknown[cntr_unknown_0]);
 			free(idx_0);
 		}
@@ -1163,7 +1156,7 @@ static enum ndr_err_code ndr_push_netr_SidAttr(struct ndr_push *ndr, int ndr_fla
 	if (ndr_flags & NDR_SCALARS) {
 		NDR_CHECK(ndr_push_align(ndr, 4));
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->sid));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->attribute));
+		NDR_CHECK(ndr_push_samr_GroupAttrs(ndr, NDR_SCALARS, r->attributes));
 	}
 	if (ndr_flags & NDR_BUFFERS) {
 		if (r->sid) {
@@ -1185,7 +1178,7 @@ static enum ndr_err_code ndr_pull_netr_SidAttr(struct ndr_pull *ndr, int ndr_fla
 		} else {
 			r->sid = NULL;
 		}
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->attribute));
+		NDR_CHECK(ndr_pull_samr_GroupAttrs(ndr, NDR_SCALARS, &r->attributes));
 	}
 	if (ndr_flags & NDR_BUFFERS) {
 		if (r->sid) {
@@ -1208,7 +1201,7 @@ _PUBLIC_ void ndr_print_netr_SidAttr(struct ndr_print *ndr, const char *name, co
 		ndr_print_dom_sid2(ndr, "sid", r->sid);
 	}
 	ndr->depth--;
-	ndr_print_uint32(ndr, "attribute", r->attribute);
+	ndr_print_samr_GroupAttrs(ndr, "attributes", r->attributes);
 	ndr->depth--;
 }
 
@@ -1292,8 +1285,7 @@ _PUBLIC_ void ndr_print_netr_SamInfo3(struct ndr_print *ndr, const char *name, c
 		ndr->depth++;
 		for (cntr_sids_1=0;cntr_sids_1<r->sidcount;cntr_sids_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_sids_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_sids_1) != -1) {
 				ndr_print_netr_SidAttr(ndr, "sids", &r->sids[cntr_sids_1]);
 				free(idx_1);
 			}
@@ -1401,8 +1393,7 @@ _PUBLIC_ void ndr_print_netr_SamInfo6(struct ndr_print *ndr, const char *name, c
 		ndr->depth++;
 		for (cntr_sids_1=0;cntr_sids_1<r->sidcount;cntr_sids_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_sids_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_sids_1) != -1) {
 				ndr_print_netr_SidAttr(ndr, "sids", &r->sids[cntr_sids_1]);
 				free(idx_1);
 			}
@@ -1416,8 +1407,7 @@ _PUBLIC_ void ndr_print_netr_SamInfo6(struct ndr_print *ndr, const char *name, c
 	ndr->depth++;
 	for (cntr_unknown4_0=0;cntr_unknown4_0<20;cntr_unknown4_0++) {
 		char *idx_0=NULL;
-		asprintf(&idx_0, "[%d]", cntr_unknown4_0);
-		if (idx_0) {
+		if (asprintf(&idx_0, "[%d]", cntr_unknown4_0) != -1) {
 			ndr_print_uint32(ndr, "unknown4", r->unknown4[cntr_unknown4_0]);
 			free(idx_0);
 		}
@@ -1563,8 +1553,7 @@ _PUBLIC_ void ndr_print_netr_PacInfo(struct ndr_print *ndr, const char *name, co
 	ndr->depth++;
 	for (cntr_expansionroom_0=0;cntr_expansionroom_0<10;cntr_expansionroom_0++) {
 		char *idx_0=NULL;
-		asprintf(&idx_0, "[%d]", cntr_expansionroom_0);
-		if (idx_0) {
+		if (asprintf(&idx_0, "[%d]", cntr_expansionroom_0) != -1) {
 			ndr_print_uint32(ndr, "expansionroom", r->expansionroom[cntr_expansionroom_0]);
 			free(idx_0);
 		}
@@ -1583,25 +1572,25 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_Validation(struct ndr_push *ndr, int nd
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 2:
+			case 2: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->sam2));
-			break;
+			break; }
 
-			case 3:
+			case 3: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->sam3));
-			break;
+			break; }
 
-			case 4:
+			case 4: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->pac));
-			break;
+			break; }
 
-			case 5:
+			case 5: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->pac));
-			break;
+			break; }
 
-			case 6:
+			case 6: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->sam6));
-			break;
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
@@ -2042,10 +2031,10 @@ static enum ndr_err_code ndr_push_netr_PasswordHistory(struct ndr_push *ndr, int
 	if (ndr_flags & NDR_SCALARS) {
 		NDR_CHECK(ndr_push_align(ndr, 4));
 		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->nt_length));
-		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->nt_size));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->nt_length));
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->nt_flags));
 		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->lm_length));
-		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->lm_size));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->lm_length));
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->lm_flags));
 		NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->nt_history, r->nt_length));
 		NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->lm_history, r->lm_length));
@@ -2080,10 +2069,10 @@ _PUBLIC_ void ndr_print_netr_PasswordHistory(struct ndr_print *ndr, const char *
 	ndr_print_struct(ndr, name, "netr_PasswordHistory");
 	ndr->depth++;
 	ndr_print_uint16(ndr, "nt_length", r->nt_length);
-	ndr_print_uint16(ndr, "nt_size", r->nt_size);
+	ndr_print_uint16(ndr, "nt_size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?r->nt_length:r->nt_size);
 	ndr_print_uint32(ndr, "nt_flags", r->nt_flags);
 	ndr_print_uint16(ndr, "lm_length", r->lm_length);
-	ndr_print_uint16(ndr, "lm_size", r->lm_size);
+	ndr_print_uint16(ndr, "lm_size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?r->lm_length:r->lm_size);
 	ndr_print_uint32(ndr, "lm_flags", r->lm_flags);
 	ndr_print_array_uint8(ndr, "nt_history", r->nt_history, r->nt_length);
 	ndr_print_array_uint8(ndr, "lm_history", r->lm_history, r->lm_length);
@@ -2096,7 +2085,7 @@ static enum ndr_err_code ndr_push_netr_USER_KEYS2(struct ndr_push *ndr, int ndr_
 		NDR_CHECK(ndr_push_align(ndr, 4));
 		NDR_CHECK(ndr_push_netr_USER_KEY16(ndr, NDR_SCALARS, &r->lmpassword));
 		NDR_CHECK(ndr_push_netr_USER_KEY16(ndr, NDR_SCALARS, &r->ntpassword));
-		NDR_CHECK(ndr_push_netr_PasswordHistory(ndr, NDR_SCALARS, &r->lmhistory));
+		NDR_CHECK(ndr_push_netr_PasswordHistory(ndr, NDR_SCALARS, &r->history));
 	}
 	if (ndr_flags & NDR_BUFFERS) {
 		NDR_CHECK(ndr_push_netr_USER_KEY16(ndr, NDR_BUFFERS, &r->lmpassword));
@@ -2111,7 +2100,7 @@ static enum ndr_err_code ndr_pull_netr_USER_KEYS2(struct ndr_pull *ndr, int ndr_
 		NDR_CHECK(ndr_pull_align(ndr, 4));
 		NDR_CHECK(ndr_pull_netr_USER_KEY16(ndr, NDR_SCALARS, &r->lmpassword));
 		NDR_CHECK(ndr_pull_netr_USER_KEY16(ndr, NDR_SCALARS, &r->ntpassword));
-		NDR_CHECK(ndr_pull_netr_PasswordHistory(ndr, NDR_SCALARS, &r->lmhistory));
+		NDR_CHECK(ndr_pull_netr_PasswordHistory(ndr, NDR_SCALARS, &r->history));
 	}
 	if (ndr_flags & NDR_BUFFERS) {
 		NDR_CHECK(ndr_pull_netr_USER_KEY16(ndr, NDR_BUFFERS, &r->lmpassword));
@@ -2126,7 +2115,7 @@ _PUBLIC_ void ndr_print_netr_USER_KEYS2(struct ndr_print *ndr, const char *name,
 	ndr->depth++;
 	ndr_print_netr_USER_KEY16(ndr, "lmpassword", &r->lmpassword);
 	ndr_print_netr_USER_KEY16(ndr, "ntpassword", &r->ntpassword);
-	ndr_print_netr_PasswordHistory(ndr, "lmhistory", &r->lmhistory);
+	ndr_print_netr_PasswordHistory(ndr, "history", &r->history);
 	ndr->depth--;
 }
 
@@ -2815,8 +2804,7 @@ _PUBLIC_ void ndr_print_netr_DELTA_GROUP_MEMBER(struct ndr_print *ndr, const cha
 		ndr->depth++;
 		for (cntr_rids_1=0;cntr_rids_1<r->num_rids;cntr_rids_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_rids_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_rids_1) != -1) {
 				ndr_print_uint32(ndr, "rids", r->rids[cntr_rids_1]);
 				free(idx_1);
 			}
@@ -2831,8 +2819,7 @@ _PUBLIC_ void ndr_print_netr_DELTA_GROUP_MEMBER(struct ndr_print *ndr, const cha
 		ndr->depth++;
 		for (cntr_attribs_1=0;cntr_attribs_1<r->num_rids;cntr_attribs_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_attribs_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_attribs_1) != -1) {
 				ndr_print_uint32(ndr, "attribs", r->attribs[cntr_attribs_1]);
 				free(idx_1);
 			}
@@ -3148,8 +3135,7 @@ _PUBLIC_ void ndr_print_netr_DELTA_POLICY(struct ndr_print *ndr, const char *nam
 		ndr->depth++;
 		for (cntr_eventauditoptions_1=0;cntr_eventauditoptions_1<r->maxauditeventcount + 1;cntr_eventauditoptions_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_eventauditoptions_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_eventauditoptions_1) != -1) {
 				ndr_print_uint32(ndr, "eventauditoptions", r->eventauditoptions[cntr_eventauditoptions_1]);
 				free(idx_1);
 			}
@@ -3290,8 +3276,7 @@ _PUBLIC_ void ndr_print_netr_DELTA_TRUSTED_DOMAIN(struct ndr_print *ndr, const c
 		ndr->depth++;
 		for (cntr_controller_names_1=0;cntr_controller_names_1<r->num_controllers;cntr_controller_names_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_controller_names_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_controller_names_1) != -1) {
 				ndr_print_lsa_String(ndr, "controller_names", &r->controller_names[cntr_controller_names_1]);
 				free(idx_1);
 			}
@@ -3489,8 +3474,7 @@ _PUBLIC_ void ndr_print_netr_DELTA_ACCOUNT(struct ndr_print *ndr, const char *na
 		ndr->depth++;
 		for (cntr_privilege_attrib_1=0;cntr_privilege_attrib_1<r->privilege_entries;cntr_privilege_attrib_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_privilege_attrib_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_privilege_attrib_1) != -1) {
 				ndr_print_uint32(ndr, "privilege_attrib", r->privilege_attrib[cntr_privilege_attrib_1]);
 				free(idx_1);
 			}
@@ -3505,8 +3489,7 @@ _PUBLIC_ void ndr_print_netr_DELTA_ACCOUNT(struct ndr_print *ndr, const char *na
 		ndr->depth++;
 		for (cntr_privilege_name_1=0;cntr_privilege_name_1<r->privilege_entries;cntr_privilege_name_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_privilege_name_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_privilege_name_1) != -1) {
 				ndr_print_lsa_String(ndr, "privilege_name", &r->privilege_name[cntr_privilege_name_1]);
 				free(idx_1);
 			}
@@ -3795,90 +3778,90 @@ static enum ndr_err_code ndr_push_netr_DELTA_UNION(struct ndr_push *ndr, int ndr
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_netr_DeltaEnum(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case NETR_DELTA_DOMAIN:
+			case NETR_DELTA_DOMAIN: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->domain));
-			break;
+			break; }
 
-			case NETR_DELTA_GROUP:
+			case NETR_DELTA_GROUP: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->group));
-			break;
+			break; }
 
-			case NETR_DELTA_DELETE_GROUP:
-			break;
+			case NETR_DELTA_DELETE_GROUP: {
+			break; }
 
-			case NETR_DELTA_RENAME_GROUP:
+			case NETR_DELTA_RENAME_GROUP: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->rename_group));
-			break;
+			break; }
 
-			case NETR_DELTA_USER:
+			case NETR_DELTA_USER: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->user));
-			break;
+			break; }
 
-			case NETR_DELTA_DELETE_USER:
-			break;
+			case NETR_DELTA_DELETE_USER: {
+			break; }
 
-			case NETR_DELTA_RENAME_USER:
+			case NETR_DELTA_RENAME_USER: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->rename_user));
-			break;
+			break; }
 
-			case NETR_DELTA_GROUP_MEMBER:
+			case NETR_DELTA_GROUP_MEMBER: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->group_member));
-			break;
+			break; }
 
-			case NETR_DELTA_ALIAS:
+			case NETR_DELTA_ALIAS: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->alias));
-			break;
+			break; }
 
-			case NETR_DELTA_DELETE_ALIAS:
-			break;
+			case NETR_DELTA_DELETE_ALIAS: {
+			break; }
 
-			case NETR_DELTA_RENAME_ALIAS:
+			case NETR_DELTA_RENAME_ALIAS: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->rename_alias));
-			break;
+			break; }
 
-			case NETR_DELTA_ALIAS_MEMBER:
+			case NETR_DELTA_ALIAS_MEMBER: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->alias_member));
-			break;
+			break; }
 
-			case NETR_DELTA_POLICY:
+			case NETR_DELTA_POLICY: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->policy));
-			break;
+			break; }
 
-			case NETR_DELTA_TRUSTED_DOMAIN:
+			case NETR_DELTA_TRUSTED_DOMAIN: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->trusted_domain));
-			break;
+			break; }
 
-			case NETR_DELTA_DELETE_TRUST:
+			case NETR_DELTA_DELETE_TRUST: {
 				NDR_CHECK(ndr_push_netr_DELTA_DELETE_TRUST(ndr, NDR_SCALARS, &r->delete_trust));
-			break;
+			break; }
 
-			case NETR_DELTA_ACCOUNT:
+			case NETR_DELTA_ACCOUNT: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->account));
-			break;
+			break; }
 
-			case NETR_DELTA_DELETE_ACCOUNT:
+			case NETR_DELTA_DELETE_ACCOUNT: {
 				NDR_CHECK(ndr_push_netr_DELTA_DELETE_ACCOUNT(ndr, NDR_SCALARS, &r->delete_account));
-			break;
+			break; }
 
-			case NETR_DELTA_SECRET:
+			case NETR_DELTA_SECRET: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->secret));
-			break;
+			break; }
 
-			case NETR_DELTA_DELETE_SECRET:
+			case NETR_DELTA_DELETE_SECRET: {
 				NDR_CHECK(ndr_push_netr_DELTA_DELETE_SECRET(ndr, NDR_SCALARS, &r->delete_secret));
-			break;
+			break; }
 
-			case NETR_DELTA_DELETE_GROUP2:
+			case NETR_DELTA_DELETE_GROUP2: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->delete_group));
-			break;
+			break; }
 
-			case NETR_DELTA_DELETE_USER2:
+			case NETR_DELTA_DELETE_USER2: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->delete_user));
-			break;
+			break; }
 
-			case NETR_DELTA_MODIFY_COUNT:
+			case NETR_DELTA_MODIFY_COUNT: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->modified_count));
-			break;
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
@@ -4573,92 +4556,92 @@ static enum ndr_err_code ndr_push_netr_DELTA_ID_UNION(struct ndr_push *ndr, int
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_netr_DeltaEnum(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case NETR_DELTA_DOMAIN:
+			case NETR_DELTA_DOMAIN: {
 				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
-			break;
+			break; }
 
-			case NETR_DELTA_GROUP:
+			case NETR_DELTA_GROUP: {
 				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
-			break;
+			break; }
 
-			case NETR_DELTA_DELETE_GROUP:
+			case NETR_DELTA_DELETE_GROUP: {
 				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
-			break;
+			break; }
 
-			case NETR_DELTA_RENAME_GROUP:
+			case NETR_DELTA_RENAME_GROUP: {
 				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
-			break;
+			break; }
 
-			case NETR_DELTA_USER:
+			case NETR_DELTA_USER: {
 				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
-			break;
+			break; }
 
-			case NETR_DELTA_DELETE_USER:
+			case NETR_DELTA_DELETE_USER: {
 				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
-			break;
+			break; }
 
-			case NETR_DELTA_RENAME_USER:
+			case NETR_DELTA_RENAME_USER: {
 				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
-			break;
+			break; }
 
-			case NETR_DELTA_GROUP_MEMBER:
+			case NETR_DELTA_GROUP_MEMBER: {
 				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
-			break;
+			break; }
 
-			case NETR_DELTA_ALIAS:
+			case NETR_DELTA_ALIAS: {
 				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
-			break;
+			break; }
 
-			case NETR_DELTA_DELETE_ALIAS:
+			case NETR_DELTA_DELETE_ALIAS: {
 				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
-			break;
+			break; }
 
-			case NETR_DELTA_RENAME_ALIAS:
+			case NETR_DELTA_RENAME_ALIAS: {
 				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
-			break;
+			break; }
 
-			case NETR_DELTA_ALIAS_MEMBER:
+			case NETR_DELTA_ALIAS_MEMBER: {
 				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
-			break;
+			break; }
 
-			case NETR_DELTA_POLICY:
+			case NETR_DELTA_POLICY: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->sid));
-			break;
+			break; }
 
-			case NETR_DELTA_TRUSTED_DOMAIN:
+			case NETR_DELTA_TRUSTED_DOMAIN: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->sid));
-			break;
+			break; }
 
-			case NETR_DELTA_DELETE_TRUST:
+			case NETR_DELTA_DELETE_TRUST: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->sid));
-			break;
+			break; }
 
-			case NETR_DELTA_ACCOUNT:
+			case NETR_DELTA_ACCOUNT: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->sid));
-			break;
+			break; }
 
-			case NETR_DELTA_DELETE_ACCOUNT:
+			case NETR_DELTA_DELETE_ACCOUNT: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->sid));
-			break;
+			break; }
 
-			case NETR_DELTA_SECRET:
+			case NETR_DELTA_SECRET: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->name));
-			break;
+			break; }
 
-			case NETR_DELTA_DELETE_SECRET:
+			case NETR_DELTA_DELETE_SECRET: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->name));
-			break;
+			break; }
 
-			case NETR_DELTA_DELETE_GROUP2:
+			case NETR_DELTA_DELETE_GROUP2: {
 				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
-			break;
+			break; }
 
-			case NETR_DELTA_DELETE_USER2:
+			case NETR_DELTA_DELETE_USER2: {
 				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
-			break;
+			break; }
 
-			case NETR_DELTA_MODIFY_COUNT:
-			break;
+			case NETR_DELTA_MODIFY_COUNT: {
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
@@ -5296,8 +5279,7 @@ _PUBLIC_ void ndr_print_netr_DELTA_ENUM_ARRAY(struct ndr_print *ndr, const char
 		ndr->depth++;
 		for (cntr_delta_enum_1=0;cntr_delta_enum_1<r->num_deltas;cntr_delta_enum_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_delta_enum_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_delta_enum_1) != -1) {
 				ndr_print_netr_DELTA_ENUM(ndr, "delta_enum", &r->delta_enum[cntr_delta_enum_1]);
 				free(idx_1);
 			}
@@ -5534,17 +5516,17 @@ static enum ndr_err_code ndr_push_netr_CONTROL_QUERY_INFORMATION(struct ndr_push
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1));
-			break;
+			break; }
 
-			case 2:
+			case 2: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info2));
-			break;
+			break; }
 
-			case 3:
+			case 3: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info3));
-			break;
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
@@ -5719,6 +5701,7 @@ _PUBLIC_ void ndr_print_netr_LogonControlCode(struct ndr_print *ndr, const char
 	const char *val = NULL;
 
 	switch (r) {
+		case NETLOGON_CONTROL_SYNC: val = "NETLOGON_CONTROL_SYNC"; break;
 		case NETLOGON_CONTROL_REDISCOVER: val = "NETLOGON_CONTROL_REDISCOVER"; break;
 		case NETLOGON_CONTROL_TC_QUERY: val = "NETLOGON_CONTROL_TC_QUERY"; break;
 		case NETLOGON_CONTROL_TRANSPORT_NOTIFY: val = "NETLOGON_CONTROL_TRANSPORT_NOTIFY"; break;
@@ -5733,21 +5716,21 @@ static enum ndr_err_code ndr_push_netr_CONTROL_DATA_INFORMATION(struct ndr_push
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case NETLOGON_CONTROL_REDISCOVER:
+			case NETLOGON_CONTROL_REDISCOVER: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->domain));
-			break;
+			break; }
 
-			case NETLOGON_CONTROL_TC_QUERY:
+			case NETLOGON_CONTROL_TC_QUERY: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->domain));
-			break;
+			break; }
 
-			case NETLOGON_CONTROL_TRANSPORT_NOTIFY:
+			case NETLOGON_CONTROL_TRANSPORT_NOTIFY: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->domain));
-			break;
+			break; }
 
-			case NETLOGON_CONTROL_SET_DBFLAG:
+			case NETLOGON_CONTROL_SET_DBFLAG: {
 				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->debug_level));
-			break;
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
@@ -5942,17 +5925,178 @@ _PUBLIC_ void ndr_print_netr_CONTROL_DATA_INFORMATION(struct ndr_print *ndr, con
 	}
 }
 
+static enum ndr_err_code ndr_push_netr_Blob(struct ndr_push *ndr, int ndr_flags, const struct netr_Blob *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->length));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->data));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->data) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->length));
+			NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->data, r->length));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_netr_Blob(struct ndr_pull *ndr, int ndr_flags, struct netr_Blob *r)
+{
+	uint32_t _ptr_data;
+	TALLOC_CTX *_mem_save_data_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->length));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_data));
+		if (_ptr_data) {
+			NDR_PULL_ALLOC(ndr, r->data);
+		} else {
+			r->data = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->data) {
+			_mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->data, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->data));
+			NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data));
+			NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data)));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0);
+		}
+		if (r->data) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->data, r->length));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_netr_Blob(struct ndr_print *ndr, const char *name, const struct netr_Blob *r)
+{
+	ndr_print_struct(ndr, name, "netr_Blob");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "length", r->length);
+	ndr_print_ptr(ndr, "data", r->data);
+	ndr->depth++;
+	if (r->data) {
+		ndr_print_array_uint8(ndr, "data", r->data, r->length);
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_netr_DsRGetDCName_flags(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_netr_DsRGetDCName_flags(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_netr_DsRGetDCName_flags(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+	ndr_print_uint32(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_FORCE_REDISCOVERY", DS_FORCE_REDISCOVERY, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_DIRECTORY_SERVICE_REQUIRED", DS_DIRECTORY_SERVICE_REQUIRED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_DIRECTORY_SERVICE_PREFERRED", DS_DIRECTORY_SERVICE_PREFERRED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_GC_SERVER_REQUIRED", DS_GC_SERVER_REQUIRED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_PDC_REQUIRED", DS_PDC_REQUIRED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_BACKGROUND_ONLY", DS_BACKGROUND_ONLY, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_IP_REQUIRED", DS_IP_REQUIRED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_KDC_REQUIRED", DS_KDC_REQUIRED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_TIMESERV_REQUIRED", DS_TIMESERV_REQUIRED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_WRITABLE_REQUIRED", DS_WRITABLE_REQUIRED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_GOOD_TIMESERV_PREFERRED", DS_GOOD_TIMESERV_PREFERRED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_AVOID_SELF", DS_AVOID_SELF, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_ONLY_LDAP_NEEDED", DS_ONLY_LDAP_NEEDED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_IS_FLAT_NAME", DS_IS_FLAT_NAME, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_IS_DNS_NAME", DS_IS_DNS_NAME, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_TRY_NEXTCLOSEST_SITE", DS_TRY_NEXTCLOSEST_SITE, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_DIRECTORY_SERVICE_6_REQUIRED", DS_DIRECTORY_SERVICE_6_REQUIRED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_RETURN_DNS_NAME", DS_RETURN_DNS_NAME, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_RETURN_FLAT_NAME", DS_RETURN_FLAT_NAME, r);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_netr_DsRGetDCNameInfo_AddressType(struct ndr_push *ndr, int ndr_flags, enum netr_DsRGetDCNameInfo_AddressType r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo_AddressType(struct ndr_pull *ndr, int ndr_flags, enum netr_DsRGetDCNameInfo_AddressType *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_netr_DsRGetDCNameInfo_AddressType(struct ndr_print *ndr, const char *name, enum netr_DsRGetDCNameInfo_AddressType r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case DS_ADDRESS_TYPE_INET: val = "DS_ADDRESS_TYPE_INET"; break;
+		case DS_ADDRESS_TYPE_NETBIOS: val = "DS_ADDRESS_TYPE_NETBIOS"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
+static enum ndr_err_code ndr_push_netr_DsR_DcFlags(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_netr_DsR_DcFlags(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_netr_DsR_DcFlags(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+	ndr_print_uint32(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_SERVER_PDC", DS_SERVER_PDC, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_SERVER_GC", DS_SERVER_GC, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_SERVER_LDAP", DS_SERVER_LDAP, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_SERVER_DS", DS_SERVER_DS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_SERVER_KDC", DS_SERVER_KDC, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_SERVER_TIMESERV", DS_SERVER_TIMESERV, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_SERVER_CLOSEST", DS_SERVER_CLOSEST, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_SERVER_WRITABLE", DS_SERVER_WRITABLE, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_SERVER_GOOD_TIMESERV", DS_SERVER_GOOD_TIMESERV, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_SERVER_NDNC", DS_SERVER_NDNC, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_SERVER_SELECT_SECRET_DOMAIN_6", DS_SERVER_SELECT_SECRET_DOMAIN_6, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_SERVER_FULL_SECRET_DOMAIN_6", DS_SERVER_FULL_SECRET_DOMAIN_6, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_DNS_CONTROLLER", DS_DNS_CONTROLLER, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_DNS_DOMAIN", DS_DNS_DOMAIN, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DS_DNS_FOREST", DS_DNS_FOREST, r);
+	ndr->depth--;
+}
+
 static enum ndr_err_code ndr_push_netr_DsRGetDCNameInfo(struct ndr_push *ndr, int ndr_flags, const struct netr_DsRGetDCNameInfo *r)
 {
 	if (ndr_flags & NDR_SCALARS) {
 		NDR_CHECK(ndr_push_align(ndr, 4));
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->dc_unc));
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->dc_address));
-		NDR_CHECK(ndr_push_int32(ndr, NDR_SCALARS, r->dc_address_type));
+		NDR_CHECK(ndr_push_netr_DsRGetDCNameInfo_AddressType(ndr, NDR_SCALARS, r->dc_address_type));
 		NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS, &r->domain_guid));
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->domain_name));
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->forest_name));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->dc_flags));
+		NDR_CHECK(ndr_push_netr_DsR_DcFlags(ndr, NDR_SCALARS, r->dc_flags));
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->dc_site_name));
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->client_site_name));
 	}
@@ -6026,7 +6170,7 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, in
 		} else {
 			r->dc_address = NULL;
 		}
-		NDR_CHECK(ndr_pull_int32(ndr, NDR_SCALARS, &r->dc_address_type));
+		NDR_CHECK(ndr_pull_netr_DsRGetDCNameInfo_AddressType(ndr, NDR_SCALARS, &r->dc_address_type));
 		NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->domain_guid));
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_name));
 		if (_ptr_domain_name) {
@@ -6040,7 +6184,7 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameInfo(struct ndr_pull *ndr, in
 		} else {
 			r->forest_name = NULL;
 		}
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->dc_flags));
+		NDR_CHECK(ndr_pull_netr_DsR_DcFlags(ndr, NDR_SCALARS, &r->dc_flags));
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dc_site_name));
 		if (_ptr_dc_site_name) {
 			NDR_PULL_ALLOC(ndr, r->dc_site_name);
@@ -6148,7 +6292,7 @@ _PUBLIC_ void ndr_print_netr_DsRGetDCNameInfo(struct ndr_print *ndr, const char
 		ndr_print_string(ndr, "dc_address", r->dc_address);
 	}
 	ndr->depth--;
-	ndr_print_int32(ndr, "dc_address_type", r->dc_address_type);
+	ndr_print_netr_DsRGetDCNameInfo_AddressType(ndr, "dc_address_type", r->dc_address_type);
 	ndr_print_GUID(ndr, "domain_guid", &r->domain_guid);
 	ndr_print_ptr(ndr, "domain_name", r->domain_name);
 	ndr->depth++;
@@ -6162,7 +6306,7 @@ _PUBLIC_ void ndr_print_netr_DsRGetDCNameInfo(struct ndr_print *ndr, const char
 		ndr_print_string(ndr, "forest_name", r->forest_name);
 	}
 	ndr->depth--;
-	ndr_print_uint32(ndr, "dc_flags", r->dc_flags);
+	ndr_print_netr_DsR_DcFlags(ndr, "dc_flags", r->dc_flags);
 	ndr_print_ptr(ndr, "dc_site_name", r->dc_site_name);
 	ndr->depth++;
 	if (r->dc_site_name) {
@@ -6178,66 +6322,6 @@ _PUBLIC_ void ndr_print_netr_DsRGetDCNameInfo(struct ndr_print *ndr, const char
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_netr_Blob(struct ndr_push *ndr, int ndr_flags, const struct netr_Blob *r)
-{
-	if (ndr_flags & NDR_SCALARS) {
-		NDR_CHECK(ndr_push_align(ndr, 4));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->length));
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->data));
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-		if (r->data) {
-			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->length));
-			NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->data, r->length));
-		}
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_netr_Blob(struct ndr_pull *ndr, int ndr_flags, struct netr_Blob *r)
-{
-	uint32_t _ptr_data;
-	TALLOC_CTX *_mem_save_data_0;
-	if (ndr_flags & NDR_SCALARS) {
-		NDR_CHECK(ndr_pull_align(ndr, 4));
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->length));
-		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_data));
-		if (_ptr_data) {
-			NDR_PULL_ALLOC(ndr, r->data);
-		} else {
-			r->data = NULL;
-		}
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-		if (r->data) {
-			_mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->data, 0);
-			NDR_CHECK(ndr_pull_array_size(ndr, &r->data));
-			NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data));
-			NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data)));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0);
-		}
-		if (r->data) {
-			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->data, r->length));
-		}
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-_PUBLIC_ void ndr_print_netr_Blob(struct ndr_print *ndr, const char *name, const struct netr_Blob *r)
-{
-	ndr_print_struct(ndr, name, "netr_Blob");
-	ndr->depth++;
-	ndr_print_uint32(ndr, "length", r->length);
-	ndr_print_ptr(ndr, "data", r->data);
-	ndr->depth++;
-	if (r->data) {
-		ndr_print_array_uint8(ndr, "data", r->data, r->length);
-	}
-	ndr->depth--;
-	ndr->depth--;
-}
-
 static enum ndr_err_code ndr_push_netr_BinaryString(struct ndr_push *ndr, int ndr_flags, const struct netr_BinaryString *r)
 {
 	uint32_t cntr_data_1;
@@ -6332,8 +6416,7 @@ _PUBLIC_ void ndr_print_netr_BinaryString(struct ndr_print *ndr, const char *nam
 			ndr->depth++;
 			for (cntr_data_1=0;cntr_data_1<r->length / 2;cntr_data_1++) {
 				char *idx_1=NULL;
-				asprintf(&idx_1, "[%d]", cntr_data_1);
-				if (idx_1) {
+				if (asprintf(&idx_1, "[%d]", cntr_data_1) != -1) {
 					ndr_print_uint16(ndr, "data", r->data[cntr_data_1]);
 					free(idx_1);
 				}
@@ -6606,8 +6689,7 @@ _PUBLIC_ void ndr_print_netr_DomainQuery1(struct ndr_print *ndr, const char *nam
 	ndr->depth++;
 	for (cntr_unknown7_0=0;cntr_unknown7_0<4;cntr_unknown7_0++) {
 		char *idx_0=NULL;
-		asprintf(&idx_0, "[%d]", cntr_unknown7_0);
-		if (idx_0) {
+		if (asprintf(&idx_0, "[%d]", cntr_unknown7_0) != -1) {
 			ndr_print_uint32(ndr, "unknown7", r->unknown7[cntr_unknown7_0]);
 			free(idx_0);
 		}
@@ -6622,13 +6704,13 @@ static enum ndr_err_code ndr_push_netr_DomainQuery(struct ndr_push *ndr, int ndr
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->query1));
-			break;
+			break; }
 
-			case 2:
+			case 2: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->query1));
-			break;
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
@@ -6844,8 +6926,7 @@ _PUBLIC_ void ndr_print_netr_DomainTrustInfo(struct ndr_print *ndr, const char *
 	ndr->depth++;
 	for (cntr_unknown1_0=0;cntr_unknown1_0<4;cntr_unknown1_0++) {
 		char *idx_0=NULL;
-		asprintf(&idx_0, "[%d]", cntr_unknown1_0);
-		if (idx_0) {
+		if (asprintf(&idx_0, "[%d]", cntr_unknown1_0) != -1) {
 			ndr_print_netr_BinaryString(ndr, "unknown1", &r->unknown1[cntr_unknown1_0]);
 			free(idx_0);
 		}
@@ -6855,8 +6936,7 @@ _PUBLIC_ void ndr_print_netr_DomainTrustInfo(struct ndr_print *ndr, const char *
 	ndr->depth++;
 	for (cntr_unknown_0=0;cntr_unknown_0<4;cntr_unknown_0++) {
 		char *idx_0=NULL;
-		asprintf(&idx_0, "[%d]", cntr_unknown_0);
-		if (idx_0) {
+		if (asprintf(&idx_0, "[%d]", cntr_unknown_0) != -1) {
 			ndr_print_uint32(ndr, "unknown", r->unknown[cntr_unknown_0]);
 			free(idx_0);
 		}
@@ -6954,8 +7034,7 @@ _PUBLIC_ void ndr_print_netr_DomainInfo1(struct ndr_print *ndr, const char *name
 		ndr->depth++;
 		for (cntr_trusts_1=0;cntr_trusts_1<r->num_trusts;cntr_trusts_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_trusts_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_trusts_1) != -1) {
 				ndr_print_netr_DomainTrustInfo(ndr, "trusts", &r->trusts[cntr_trusts_1]);
 				free(idx_1);
 			}
@@ -6967,8 +7046,7 @@ _PUBLIC_ void ndr_print_netr_DomainInfo1(struct ndr_print *ndr, const char *name
 	ndr->depth++;
 	for (cntr_unknown_0=0;cntr_unknown_0<14;cntr_unknown_0++) {
 		char *idx_0=NULL;
-		asprintf(&idx_0, "[%d]", cntr_unknown_0);
-		if (idx_0) {
+		if (asprintf(&idx_0, "[%d]", cntr_unknown_0) != -1) {
 			ndr_print_uint32(ndr, "unknown", r->unknown[cntr_unknown_0]);
 			free(idx_0);
 		}
@@ -6983,13 +7061,13 @@ static enum ndr_err_code ndr_push_netr_DomainInfo(struct ndr_push *ndr, int ndr_
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1));
-			break;
+			break; }
 
-			case 2:
+			case 2: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1));
-			break;
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
@@ -7157,6 +7235,152 @@ _PUBLIC_ void ndr_print_netr_CryptPassword(struct ndr_print *ndr, const char *na
 	}
 }
 
+static enum ndr_err_code ndr_push_netr_DsRAddressToSitenamesWCtr(struct ndr_push *ndr, int ndr_flags, const struct netr_DsRAddressToSitenamesWCtr *r)
+{
+	uint32_t cntr_sitename_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->sitename));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->sitename) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+			for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) {
+				NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->sitename[cntr_sitename_1]));
+			}
+			for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) {
+				NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->sitename[cntr_sitename_1]));
+			}
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesWCtr(struct ndr_pull *ndr, int ndr_flags, struct netr_DsRAddressToSitenamesWCtr *r)
+{
+	uint32_t _ptr_sitename;
+	uint32_t cntr_sitename_1;
+	TALLOC_CTX *_mem_save_sitename_0;
+	TALLOC_CTX *_mem_save_sitename_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sitename));
+		if (_ptr_sitename) {
+			NDR_PULL_ALLOC(ndr, r->sitename);
+		} else {
+			r->sitename = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->sitename) {
+			_mem_save_sitename_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->sitename));
+			NDR_PULL_ALLOC_N(ndr, r->sitename, ndr_get_array_size(ndr, &r->sitename));
+			_mem_save_sitename_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0);
+			for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) {
+				NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->sitename[cntr_sitename_1]));
+			}
+			for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) {
+				NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->sitename[cntr_sitename_1]));
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sitename_1, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sitename_0, 0);
+		}
+		if (r->sitename) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->sitename, r->count));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_netr_DsRAddressToSitenamesWCtr(struct ndr_print *ndr, const char *name, const struct netr_DsRAddressToSitenamesWCtr *r)
+{
+	uint32_t cntr_sitename_1;
+	ndr_print_struct(ndr, name, "netr_DsRAddressToSitenamesWCtr");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "count", r->count);
+	ndr_print_ptr(ndr, "sitename", r->sitename);
+	ndr->depth++;
+	if (r->sitename) {
+		ndr->print(ndr, "%s: ARRAY(%d)", "sitename", r->count);
+		ndr->depth++;
+		for (cntr_sitename_1=0;cntr_sitename_1<r->count;cntr_sitename_1++) {
+			char *idx_1=NULL;
+			if (asprintf(&idx_1, "[%d]", cntr_sitename_1) != -1) {
+				ndr_print_lsa_String(ndr, "sitename", &r->sitename[cntr_sitename_1]);
+				free(idx_1);
+			}
+		}
+		ndr->depth--;
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_netr_DsRAddress(struct ndr_push *ndr, int ndr_flags, const struct netr_DsRAddress *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->buffer));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->size));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->buffer) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->size));
+			NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->buffer, r->size));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_netr_DsRAddress(struct ndr_pull *ndr, int ndr_flags, struct netr_DsRAddress *r)
+{
+	uint32_t _ptr_buffer;
+	TALLOC_CTX *_mem_save_buffer_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_buffer));
+		if (_ptr_buffer) {
+			NDR_PULL_ALLOC(ndr, r->buffer);
+		} else {
+			r->buffer = NULL;
+		}
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->size));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->buffer) {
+			_mem_save_buffer_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->buffer, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->buffer));
+			NDR_PULL_ALLOC_N(ndr, r->buffer, ndr_get_array_size(ndr, &r->buffer));
+			NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->buffer, ndr_get_array_size(ndr, &r->buffer)));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffer_0, 0);
+		}
+		if (r->buffer) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->buffer, r->size));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_netr_DsRAddress(struct ndr_print *ndr, const char *name, const struct netr_DsRAddress *r)
+{
+	ndr_print_struct(ndr, name, "netr_DsRAddress");
+	ndr->depth++;
+	ndr_print_ptr(ndr, "buffer", r->buffer);
+	ndr->depth++;
+	if (r->buffer) {
+		ndr_print_array_uint8(ndr, "buffer", r->buffer, r->size);
+	}
+	ndr->depth--;
+	ndr_print_uint32(ndr, "size", r->size);
+	ndr->depth--;
+}
+
 static enum ndr_err_code ndr_push_netr_TrustFlags(struct ndr_push *ndr, int ndr_flags, uint32_t r)
 {
 	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
@@ -7373,6 +7597,320 @@ _PUBLIC_ void ndr_print_netr_DomainTrust(struct ndr_print *ndr, const char *name
 	ndr->depth--;
 }
 
+static enum ndr_err_code ndr_push_netr_DomainTrustList(struct ndr_push *ndr, int ndr_flags, const struct netr_DomainTrustList *r)
+{
+	uint32_t cntr_array_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->array));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->array) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+			for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) {
+				NDR_CHECK(ndr_push_netr_DomainTrust(ndr, NDR_SCALARS, &r->array[cntr_array_1]));
+			}
+			for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) {
+				NDR_CHECK(ndr_push_netr_DomainTrust(ndr, NDR_BUFFERS, &r->array[cntr_array_1]));
+			}
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_netr_DomainTrustList(struct ndr_pull *ndr, int ndr_flags, struct netr_DomainTrustList *r)
+{
+	uint32_t _ptr_array;
+	uint32_t cntr_array_1;
+	TALLOC_CTX *_mem_save_array_0;
+	TALLOC_CTX *_mem_save_array_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_array));
+		if (_ptr_array) {
+			NDR_PULL_ALLOC(ndr, r->array);
+		} else {
+			r->array = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->array) {
+			_mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->array, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->array));
+			NDR_PULL_ALLOC_N(ndr, r->array, ndr_get_array_size(ndr, &r->array));
+			_mem_save_array_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->array, 0);
+			for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) {
+				NDR_CHECK(ndr_pull_netr_DomainTrust(ndr, NDR_SCALARS, &r->array[cntr_array_1]));
+			}
+			for (cntr_array_1 = 0; cntr_array_1 < r->count; cntr_array_1++) {
+				NDR_CHECK(ndr_pull_netr_DomainTrust(ndr, NDR_BUFFERS, &r->array[cntr_array_1]));
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_1, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0);
+		}
+		if (r->array) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->array, r->count));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_netr_DomainTrustList(struct ndr_print *ndr, const char *name, const struct netr_DomainTrustList *r)
+{
+	uint32_t cntr_array_1;
+	ndr_print_struct(ndr, name, "netr_DomainTrustList");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "count", r->count);
+	ndr_print_ptr(ndr, "array", r->array);
+	ndr->depth++;
+	if (r->array) {
+		ndr->print(ndr, "%s: ARRAY(%d)", "array", r->count);
+		ndr->depth++;
+		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
+			char *idx_1=NULL;
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
+				ndr_print_netr_DomainTrust(ndr, "array", &r->array[cntr_array_1]);
+				free(idx_1);
+			}
+		}
+		ndr->depth--;
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_netr_DsRAddressToSitenamesExWCtr(struct ndr_push *ndr, int ndr_flags, const struct netr_DsRAddressToSitenamesExWCtr *r)
+{
+	uint32_t cntr_sitename_1;
+	uint32_t cntr_subnetname_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->sitename));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->subnetname));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->sitename) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+			for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) {
+				NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->sitename[cntr_sitename_1]));
+			}
+			for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) {
+				NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->sitename[cntr_sitename_1]));
+			}
+		}
+		if (r->subnetname) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+			for (cntr_subnetname_1 = 0; cntr_subnetname_1 < r->count; cntr_subnetname_1++) {
+				NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->subnetname[cntr_subnetname_1]));
+			}
+			for (cntr_subnetname_1 = 0; cntr_subnetname_1 < r->count; cntr_subnetname_1++) {
+				NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->subnetname[cntr_subnetname_1]));
+			}
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExWCtr(struct ndr_pull *ndr, int ndr_flags, struct netr_DsRAddressToSitenamesExWCtr *r)
+{
+	uint32_t _ptr_sitename;
+	uint32_t cntr_sitename_1;
+	TALLOC_CTX *_mem_save_sitename_0;
+	TALLOC_CTX *_mem_save_sitename_1;
+	uint32_t _ptr_subnetname;
+	uint32_t cntr_subnetname_1;
+	TALLOC_CTX *_mem_save_subnetname_0;
+	TALLOC_CTX *_mem_save_subnetname_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sitename));
+		if (_ptr_sitename) {
+			NDR_PULL_ALLOC(ndr, r->sitename);
+		} else {
+			r->sitename = NULL;
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_subnetname));
+		if (_ptr_subnetname) {
+			NDR_PULL_ALLOC(ndr, r->subnetname);
+		} else {
+			r->subnetname = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->sitename) {
+			_mem_save_sitename_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->sitename));
+			NDR_PULL_ALLOC_N(ndr, r->sitename, ndr_get_array_size(ndr, &r->sitename));
+			_mem_save_sitename_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->sitename, 0);
+			for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) {
+				NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->sitename[cntr_sitename_1]));
+			}
+			for (cntr_sitename_1 = 0; cntr_sitename_1 < r->count; cntr_sitename_1++) {
+				NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->sitename[cntr_sitename_1]));
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sitename_1, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sitename_0, 0);
+		}
+		if (r->subnetname) {
+			_mem_save_subnetname_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->subnetname, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->subnetname));
+			NDR_PULL_ALLOC_N(ndr, r->subnetname, ndr_get_array_size(ndr, &r->subnetname));
+			_mem_save_subnetname_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->subnetname, 0);
+			for (cntr_subnetname_1 = 0; cntr_subnetname_1 < r->count; cntr_subnetname_1++) {
+				NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->subnetname[cntr_subnetname_1]));
+			}
+			for (cntr_subnetname_1 = 0; cntr_subnetname_1 < r->count; cntr_subnetname_1++) {
+				NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->subnetname[cntr_subnetname_1]));
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_subnetname_1, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_subnetname_0, 0);
+		}
+		if (r->sitename) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->sitename, r->count));
+		}
+		if (r->subnetname) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->subnetname, r->count));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_netr_DsRAddressToSitenamesExWCtr(struct ndr_print *ndr, const char *name, const struct netr_DsRAddressToSitenamesExWCtr *r)
+{
+	uint32_t cntr_sitename_1;
+	uint32_t cntr_subnetname_1;
+	ndr_print_struct(ndr, name, "netr_DsRAddressToSitenamesExWCtr");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "count", r->count);
+	ndr_print_ptr(ndr, "sitename", r->sitename);
+	ndr->depth++;
+	if (r->sitename) {
+		ndr->print(ndr, "%s: ARRAY(%d)", "sitename", r->count);
+		ndr->depth++;
+		for (cntr_sitename_1=0;cntr_sitename_1<r->count;cntr_sitename_1++) {
+			char *idx_1=NULL;
+			if (asprintf(&idx_1, "[%d]", cntr_sitename_1) != -1) {
+				ndr_print_lsa_String(ndr, "sitename", &r->sitename[cntr_sitename_1]);
+				free(idx_1);
+			}
+		}
+		ndr->depth--;
+	}
+	ndr->depth--;
+	ndr_print_ptr(ndr, "subnetname", r->subnetname);
+	ndr->depth++;
+	if (r->subnetname) {
+		ndr->print(ndr, "%s: ARRAY(%d)", "subnetname", r->count);
+		ndr->depth++;
+		for (cntr_subnetname_1=0;cntr_subnetname_1<r->count;cntr_subnetname_1++) {
+			char *idx_1=NULL;
+			if (asprintf(&idx_1, "[%d]", cntr_subnetname_1) != -1) {
+				ndr_print_lsa_String(ndr, "subnetname", &r->subnetname[cntr_subnetname_1]);
+				free(idx_1);
+			}
+		}
+		ndr->depth--;
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_DcSitesCtr(struct ndr_push *ndr, int ndr_flags, const struct DcSitesCtr *r)
+{
+	uint32_t cntr_sites_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->num_sites));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->sites));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->sites) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->num_sites));
+			for (cntr_sites_1 = 0; cntr_sites_1 < r->num_sites; cntr_sites_1++) {
+				NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->sites[cntr_sites_1]));
+			}
+			for (cntr_sites_1 = 0; cntr_sites_1 < r->num_sites; cntr_sites_1++) {
+				NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->sites[cntr_sites_1]));
+			}
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_DcSitesCtr(struct ndr_pull *ndr, int ndr_flags, struct DcSitesCtr *r)
+{
+	uint32_t _ptr_sites;
+	uint32_t cntr_sites_1;
+	TALLOC_CTX *_mem_save_sites_0;
+	TALLOC_CTX *_mem_save_sites_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_sites));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sites));
+		if (_ptr_sites) {
+			NDR_PULL_ALLOC(ndr, r->sites);
+		} else {
+			r->sites = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->sites) {
+			_mem_save_sites_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->sites, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->sites));
+			NDR_PULL_ALLOC_N(ndr, r->sites, ndr_get_array_size(ndr, &r->sites));
+			_mem_save_sites_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->sites, 0);
+			for (cntr_sites_1 = 0; cntr_sites_1 < r->num_sites; cntr_sites_1++) {
+				NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->sites[cntr_sites_1]));
+			}
+			for (cntr_sites_1 = 0; cntr_sites_1 < r->num_sites; cntr_sites_1++) {
+				NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->sites[cntr_sites_1]));
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sites_1, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sites_0, 0);
+		}
+		if (r->sites) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->sites, r->num_sites));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_DcSitesCtr(struct ndr_print *ndr, const char *name, const struct DcSitesCtr *r)
+{
+	uint32_t cntr_sites_1;
+	ndr_print_struct(ndr, name, "DcSitesCtr");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "num_sites", r->num_sites);
+	ndr_print_ptr(ndr, "sites", r->sites);
+	ndr->depth++;
+	if (r->sites) {
+		ndr->print(ndr, "%s: ARRAY(%d)", "sites", r->num_sites);
+		ndr->depth++;
+		for (cntr_sites_1=0;cntr_sites_1<r->num_sites;cntr_sites_1++) {
+			char *idx_1=NULL;
+			if (asprintf(&idx_1, "[%d]", cntr_sites_1) != -1) {
+				ndr_print_lsa_String(ndr, "sites", &r->sites[cntr_sites_1]);
+				free(idx_1);
+			}
+		}
+		ndr->depth--;
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
 static enum ndr_err_code ndr_push_netr_LogonUasLogon(struct ndr_push *ndr, int flags, const struct netr_LogonUasLogon *r)
 {
 	if (flags & NDR_IN) {
@@ -7393,10 +7931,10 @@ static enum ndr_err_code ndr_push_netr_LogonUasLogon(struct ndr_push *ndr, int f
 		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.workstation, ndr_charset_length(r->in.workstation, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.info));
-		if (r->out.info) {
-			NDR_CHECK(ndr_push_netr_UasInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
+		if (r->out.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
+		NDR_CHECK(ndr_push_netr_UasInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -7405,7 +7943,6 @@ static enum ndr_err_code ndr_push_netr_LogonUasLogon(struct ndr_push *ndr, int f
 static enum ndr_err_code ndr_pull_netr_LogonUasLogon(struct ndr_pull *ndr, int flags, struct netr_LogonUasLogon *r)
 {
 	uint32_t _ptr_server_name;
-	uint32_t _ptr_info;
 	TALLOC_CTX *_mem_save_server_name_0;
 	TALLOC_CTX *_mem_save_info_0;
 	if (flags & NDR_IN) {
@@ -7443,20 +7980,17 @@ static enum ndr_err_code ndr_pull_netr_LogonUasLogon(struct ndr_pull *ndr, int f
 		}
 		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.workstation), sizeof(uint16_t)));
 		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.workstation, ndr_get_array_length(ndr, &r->in.workstation), sizeof(uint16_t), CH_UTF16));
+		NDR_PULL_ALLOC(ndr, r->out.info);
+		ZERO_STRUCTP(r->out.info);
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info));
-		if (_ptr_info) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->out.info);
-		} else {
-			r->out.info = NULL;
-		}
-		if (r->out.info) {
-			_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0);
-			NDR_CHECK(ndr_pull_netr_UasInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0);
 		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_netr_UasInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -7487,9 +8021,7 @@ _PUBLIC_ void ndr_print_netr_LogonUasLogon(struct ndr_print *ndr, const char *na
 		ndr->depth++;
 		ndr_print_ptr(ndr, "info", r->out.info);
 		ndr->depth++;
-		if (r->out.info) {
-			ndr_print_netr_UasInfo(ndr, "info", r->out.info);
-		}
+		ndr_print_netr_UasInfo(ndr, "info", r->out.info);
 		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
 		ndr->depth--;
@@ -7641,8 +8173,11 @@ static enum ndr_err_code ndr_push_netr_LogonSamLogon(struct ndr_push *ndr, int f
 			NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->in.return_authenticator));
 		}
 		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.logon_level));
-		NDR_CHECK(ndr_push_set_switch_value(ndr, &r->in.logon, r->in.logon_level));
-		NDR_CHECK(ndr_push_netr_LogonLevel(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.logon));
+		if (r->in.logon == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_set_switch_value(ndr, r->in.logon, r->in.logon_level));
+		NDR_CHECK(ndr_push_netr_LogonLevel(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.logon));
 		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.validation_level));
 	}
 	if (flags & NDR_OUT) {
@@ -7674,6 +8209,7 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogon(struct ndr_pull *ndr, int f
 	TALLOC_CTX *_mem_save_computer_name_0;
 	TALLOC_CTX *_mem_save_credential_0;
 	TALLOC_CTX *_mem_save_return_authenticator_0;
+	TALLOC_CTX *_mem_save_logon_0;
 	TALLOC_CTX *_mem_save_validation_0;
 	TALLOC_CTX *_mem_save_authoritative_0;
 	if (flags & NDR_IN) {
@@ -7740,8 +8276,14 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogon(struct ndr_pull *ndr, int f
 			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_return_authenticator_0, 0);
 		}
 		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.logon_level));
-		NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->in.logon, r->in.logon_level));
-		NDR_CHECK(ndr_pull_netr_LogonLevel(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.logon));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.logon);
+		}
+		_mem_save_logon_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.logon, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, r->in.logon, r->in.logon_level));
+		NDR_CHECK(ndr_pull_netr_LogonLevel(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.logon));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.validation_level));
 		NDR_PULL_ALLOC(ndr, r->out.validation);
 		ZERO_STRUCTP(r->out.validation);
@@ -7816,8 +8358,11 @@ _PUBLIC_ void ndr_print_netr_LogonSamLogon(struct ndr_print *ndr, const char *na
 		}
 		ndr->depth--;
 		ndr_print_uint16(ndr, "logon_level", r->in.logon_level);
-		ndr_print_set_switch_value(ndr, &r->in.logon, r->in.logon_level);
-		ndr_print_netr_LogonLevel(ndr, "logon", &r->in.logon);
+		ndr_print_ptr(ndr, "logon", r->in.logon);
+		ndr->depth++;
+		ndr_print_set_switch_value(ndr, r->in.logon, r->in.logon_level);
+		ndr_print_netr_LogonLevel(ndr, "logon", r->in.logon);
+		ndr->depth--;
 		ndr_print_uint16(ndr, "validation_level", r->in.validation_level);
 		ndr->depth--;
 	}
@@ -8053,10 +8598,10 @@ static enum ndr_err_code ndr_push_netr_ServerReqChallenge(struct ndr_push *ndr,
 		NDR_CHECK(ndr_push_netr_Credential(ndr, NDR_SCALARS, r->in.credentials));
 	}
 	if (flags & NDR_OUT) {
-		if (r->out.credentials == NULL) {
+		if (r->out.return_credentials == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		NDR_CHECK(ndr_push_netr_Credential(ndr, NDR_SCALARS, r->out.credentials));
+		NDR_CHECK(ndr_push_netr_Credential(ndr, NDR_SCALARS, r->out.return_credentials));
 		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -8067,6 +8612,7 @@ static enum ndr_err_code ndr_pull_netr_ServerReqChallenge(struct ndr_pull *ndr,
 	uint32_t _ptr_server_name;
 	TALLOC_CTX *_mem_save_server_name_0;
 	TALLOC_CTX *_mem_save_credentials_0;
+	TALLOC_CTX *_mem_save_return_credentials_0;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -8102,17 +8648,17 @@ static enum ndr_err_code ndr_pull_netr_ServerReqChallenge(struct ndr_pull *ndr,
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.credentials, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_netr_Credential(ndr, NDR_SCALARS, r->in.credentials));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_credentials_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_PULL_ALLOC(ndr, r->out.credentials);
-		*r->out.credentials = *r->in.credentials;
+		NDR_PULL_ALLOC(ndr, r->out.return_credentials);
+		ZERO_STRUCTP(r->out.return_credentials);
 	}
 	if (flags & NDR_OUT) {
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
-			NDR_PULL_ALLOC(ndr, r->out.credentials);
+			NDR_PULL_ALLOC(ndr, r->out.return_credentials);
 		}
-		_mem_save_credentials_0 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, r->out.credentials, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_netr_Credential(ndr, NDR_SCALARS, r->out.credentials));
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_credentials_0, LIBNDR_FLAG_REF_ALLOC);
+		_mem_save_return_credentials_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.return_credentials, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_netr_Credential(ndr, NDR_SCALARS, r->out.return_credentials));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_return_credentials_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -8144,9 +8690,9 @@ _PUBLIC_ void ndr_print_netr_ServerReqChallenge(struct ndr_print *ndr, const cha
 	if (flags & NDR_OUT) {
 		ndr_print_struct(ndr, "out", "netr_ServerReqChallenge");
 		ndr->depth++;
-		ndr_print_ptr(ndr, "credentials", r->out.credentials);
+		ndr_print_ptr(ndr, "return_credentials", r->out.return_credentials);
 		ndr->depth++;
-		ndr_print_netr_Credential(ndr, "credentials", r->out.credentials);
+		ndr_print_netr_Credential(ndr, "return_credentials", r->out.return_credentials);
 		ndr->depth--;
 		ndr_print_NTSTATUS(ndr, "result", r->out.result);
 		ndr->depth--;
@@ -8179,10 +8725,10 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate(struct ndr_push *ndr,
 		NDR_CHECK(ndr_push_netr_Credential(ndr, NDR_SCALARS, r->in.credentials));
 	}
 	if (flags & NDR_OUT) {
-		if (r->out.credentials == NULL) {
+		if (r->out.return_credentials == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		NDR_CHECK(ndr_push_netr_Credential(ndr, NDR_SCALARS, r->out.credentials));
+		NDR_CHECK(ndr_push_netr_Credential(ndr, NDR_SCALARS, r->out.return_credentials));
 		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -8193,6 +8739,7 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate(struct ndr_pull *ndr,
 	uint32_t _ptr_server_name;
 	TALLOC_CTX *_mem_save_server_name_0;
 	TALLOC_CTX *_mem_save_credentials_0;
+	TALLOC_CTX *_mem_save_return_credentials_0;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -8236,17 +8783,17 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate(struct ndr_pull *ndr,
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.credentials, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_netr_Credential(ndr, NDR_SCALARS, r->in.credentials));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_credentials_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_PULL_ALLOC(ndr, r->out.credentials);
-		*r->out.credentials = *r->in.credentials;
+		NDR_PULL_ALLOC(ndr, r->out.return_credentials);
+		ZERO_STRUCTP(r->out.return_credentials);
 	}
 	if (flags & NDR_OUT) {
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
-			NDR_PULL_ALLOC(ndr, r->out.credentials);
+			NDR_PULL_ALLOC(ndr, r->out.return_credentials);
 		}
-		_mem_save_credentials_0 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, r->out.credentials, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_netr_Credential(ndr, NDR_SCALARS, r->out.credentials));
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_credentials_0, LIBNDR_FLAG_REF_ALLOC);
+		_mem_save_return_credentials_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.return_credentials, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_netr_Credential(ndr, NDR_SCALARS, r->out.return_credentials));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_return_credentials_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -8280,9 +8827,9 @@ _PUBLIC_ void ndr_print_netr_ServerAuthenticate(struct ndr_print *ndr, const cha
 	if (flags & NDR_OUT) {
 		ndr_print_struct(ndr, "out", "netr_ServerAuthenticate");
 		ndr->depth++;
-		ndr_print_ptr(ndr, "credentials", r->out.credentials);
+		ndr_print_ptr(ndr, "return_credentials", r->out.return_credentials);
 		ndr->depth++;
-		ndr_print_netr_Credential(ndr, "credentials", r->out.credentials);
+		ndr_print_netr_Credential(ndr, "return_credentials", r->out.return_credentials);
 		ndr->depth--;
 		ndr_print_NTSTATUS(ndr, "result", r->out.result);
 		ndr->depth--;
@@ -8309,8 +8856,14 @@ static enum ndr_err_code ndr_push_netr_ServerPasswordSet(struct ndr_push *ndr, i
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.computer_name, CH_UTF16)));
 		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.computer_name, ndr_charset_length(r->in.computer_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
-		NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential));
-		NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.new_password));
+		if (r->in.credential == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential));
+		if (r->in.new_password == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.new_password));
 	}
 	if (flags & NDR_OUT) {
 		if (r->out.return_authenticator == NULL) {
@@ -8326,7 +8879,9 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordSet(struct ndr_pull *ndr, i
 {
 	uint32_t _ptr_server_name;
 	TALLOC_CTX *_mem_save_server_name_0;
+	TALLOC_CTX *_mem_save_credential_0;
 	TALLOC_CTX *_mem_save_return_authenticator_0;
+	TALLOC_CTX *_mem_save_new_password_0;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -8363,8 +8918,20 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordSet(struct ndr_pull *ndr, i
 		}
 		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t)));
 		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16));
-		NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential));
-		NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.new_password));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.credential);
+		}
+		_mem_save_credential_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.credential, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_credential_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.new_password);
+		}
+		_mem_save_new_password_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.new_password, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.new_password));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_new_password_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_PULL_ALLOC(ndr, r->out.return_authenticator);
 		ZERO_STRUCTP(r->out.return_authenticator);
 	}
@@ -8400,8 +8967,14 @@ _PUBLIC_ void ndr_print_netr_ServerPasswordSet(struct ndr_print *ndr, const char
 		ndr_print_string(ndr, "account_name", r->in.account_name);
 		ndr_print_netr_SchannelType(ndr, "secure_channel_type", r->in.secure_channel_type);
 		ndr_print_string(ndr, "computer_name", r->in.computer_name);
-		ndr_print_netr_Authenticator(ndr, "credential", &r->in.credential);
-		ndr_print_samr_Password(ndr, "new_password", &r->in.new_password);
+		ndr_print_ptr(ndr, "credential", r->in.credential);
+		ndr->depth++;
+		ndr_print_netr_Authenticator(ndr, "credential", r->in.credential);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "new_password", r->in.new_password);
+		ndr->depth++;
+		ndr_print_samr_Password(ndr, "new_password", r->in.new_password);
+		ndr->depth--;
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
@@ -8428,7 +9001,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseDeltas(struct ndr_push *ndr, int
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.computername, CH_UTF16)));
 		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.computername, ndr_charset_length(r->in.computername, CH_UTF16), sizeof(uint16_t), CH_UTF16));
-		NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential));
+		if (r->in.credential == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential));
 		if (r->in.return_authenticator == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
@@ -8449,9 +9025,12 @@ static enum ndr_err_code ndr_push_netr_DatabaseDeltas(struct ndr_push *ndr, int
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
 		NDR_CHECK(ndr_push_udlong(ndr, NDR_SCALARS, *r->out.sequence_num));
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.delta_enum_array));
-		if (r->out.delta_enum_array) {
-			NDR_CHECK(ndr_push_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.delta_enum_array));
+		if (r->out.delta_enum_array == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.delta_enum_array));
+		if (*r->out.delta_enum_array) {
+			NDR_CHECK(ndr_push_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.delta_enum_array));
 		}
 		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
 	}
@@ -8461,9 +9040,11 @@ static enum ndr_err_code ndr_push_netr_DatabaseDeltas(struct ndr_push *ndr, int
 static enum ndr_err_code ndr_pull_netr_DatabaseDeltas(struct ndr_pull *ndr, int flags, struct netr_DatabaseDeltas *r)
 {
 	uint32_t _ptr_delta_enum_array;
+	TALLOC_CTX *_mem_save_credential_0;
 	TALLOC_CTX *_mem_save_return_authenticator_0;
 	TALLOC_CTX *_mem_save_sequence_num_0;
 	TALLOC_CTX *_mem_save_delta_enum_array_0;
+	TALLOC_CTX *_mem_save_delta_enum_array_1;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -8481,7 +9062,13 @@ static enum ndr_err_code ndr_pull_netr_DatabaseDeltas(struct ndr_pull *ndr, int
 		}
 		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t)));
 		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16));
-		NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.credential);
+		}
+		_mem_save_credential_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.credential, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_credential_0, LIBNDR_FLAG_REF_ALLOC);
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->in.return_authenticator);
 		}
@@ -8502,6 +9089,8 @@ static enum ndr_err_code ndr_pull_netr_DatabaseDeltas(struct ndr_pull *ndr, int
 		*r->out.return_authenticator = *r->in.return_authenticator;
 		NDR_PULL_ALLOC(ndr, r->out.sequence_num);
 		*r->out.sequence_num = *r->in.sequence_num;
+		NDR_PULL_ALLOC(ndr, r->out.delta_enum_array);
+		ZERO_STRUCTP(r->out.delta_enum_array);
 	}
 	if (flags & NDR_OUT) {
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
@@ -8518,18 +9107,24 @@ static enum ndr_err_code ndr_pull_netr_DatabaseDeltas(struct ndr_pull *ndr, int
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.sequence_num, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_udlong(ndr, NDR_SCALARS, r->out.sequence_num));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sequence_num_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.delta_enum_array);
+		}
+		_mem_save_delta_enum_array_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.delta_enum_array, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_delta_enum_array));
 		if (_ptr_delta_enum_array) {
-			NDR_PULL_ALLOC(ndr, r->out.delta_enum_array);
+			NDR_PULL_ALLOC(ndr, *r->out.delta_enum_array);
 		} else {
-			r->out.delta_enum_array = NULL;
+			*r->out.delta_enum_array = NULL;
 		}
-		if (r->out.delta_enum_array) {
-			_mem_save_delta_enum_array_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.delta_enum_array, 0);
-			NDR_CHECK(ndr_pull_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.delta_enum_array));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_delta_enum_array_0, 0);
+		if (*r->out.delta_enum_array) {
+			_mem_save_delta_enum_array_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.delta_enum_array, 0);
+			NDR_CHECK(ndr_pull_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.delta_enum_array));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_delta_enum_array_1, 0);
 		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_delta_enum_array_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -8547,7 +9142,10 @@ _PUBLIC_ void ndr_print_netr_DatabaseDeltas(struct ndr_print *ndr, const char *n
 		ndr->depth++;
 		ndr_print_string(ndr, "logon_server", r->in.logon_server);
 		ndr_print_string(ndr, "computername", r->in.computername);
-		ndr_print_netr_Authenticator(ndr, "credential", &r->in.credential);
+		ndr_print_ptr(ndr, "credential", r->in.credential);
+		ndr->depth++;
+		ndr_print_netr_Authenticator(ndr, "credential", r->in.credential);
+		ndr->depth--;
 		ndr_print_ptr(ndr, "return_authenticator", r->in.return_authenticator);
 		ndr->depth++;
 		ndr_print_netr_Authenticator(ndr, "return_authenticator", r->in.return_authenticator);
@@ -8573,10 +9171,13 @@ _PUBLIC_ void ndr_print_netr_DatabaseDeltas(struct ndr_print *ndr, const char *n
 		ndr->depth--;
 		ndr_print_ptr(ndr, "delta_enum_array", r->out.delta_enum_array);
 		ndr->depth++;
-		if (r->out.delta_enum_array) {
-			ndr_print_netr_DELTA_ENUM_ARRAY(ndr, "delta_enum_array", r->out.delta_enum_array);
+		ndr_print_ptr(ndr, "delta_enum_array", *r->out.delta_enum_array);
+		ndr->depth++;
+		if (*r->out.delta_enum_array) {
+			ndr_print_netr_DELTA_ENUM_ARRAY(ndr, "delta_enum_array", *r->out.delta_enum_array);
 		}
 		ndr->depth--;
+		ndr->depth--;
 		ndr_print_NTSTATUS(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -8615,10 +9216,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseSync(struct ndr_push *ndr, int fl
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.sync_context));
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.delta_enum_array));
-		if (r->out.delta_enum_array) {
-			NDR_CHECK(ndr_push_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.delta_enum_array));
+		if (r->out.delta_enum_array == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
+		NDR_CHECK(ndr_push_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.delta_enum_array));
 		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -8626,7 +9227,6 @@ static enum ndr_err_code ndr_push_netr_DatabaseSync(struct ndr_push *ndr, int fl
 
 static enum ndr_err_code ndr_pull_netr_DatabaseSync(struct ndr_pull *ndr, int flags, struct netr_DatabaseSync *r)
 {
-	uint32_t _ptr_delta_enum_array;
 	TALLOC_CTX *_mem_save_return_authenticator_0;
 	TALLOC_CTX *_mem_save_sync_context_0;
 	TALLOC_CTX *_mem_save_delta_enum_array_0;
@@ -8668,6 +9268,8 @@ static enum ndr_err_code ndr_pull_netr_DatabaseSync(struct ndr_pull *ndr, int fl
 		*r->out.return_authenticator = *r->in.return_authenticator;
 		NDR_PULL_ALLOC(ndr, r->out.sync_context);
 		*r->out.sync_context = *r->in.sync_context;
+		NDR_PULL_ALLOC(ndr, r->out.delta_enum_array);
+		ZERO_STRUCTP(r->out.delta_enum_array);
 	}
 	if (flags & NDR_OUT) {
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
@@ -8684,18 +9286,13 @@ static enum ndr_err_code ndr_pull_netr_DatabaseSync(struct ndr_pull *ndr, int fl
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.sync_context, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.sync_context));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sync_context_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_delta_enum_array));
-		if (_ptr_delta_enum_array) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->out.delta_enum_array);
-		} else {
-			r->out.delta_enum_array = NULL;
-		}
-		if (r->out.delta_enum_array) {
-			_mem_save_delta_enum_array_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.delta_enum_array, 0);
-			NDR_CHECK(ndr_pull_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.delta_enum_array));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_delta_enum_array_0, 0);
 		}
+		_mem_save_delta_enum_array_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.delta_enum_array, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.delta_enum_array));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_delta_enum_array_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -8739,9 +9336,7 @@ _PUBLIC_ void ndr_print_netr_DatabaseSync(struct ndr_print *ndr, const char *nam
 		ndr->depth--;
 		ndr_print_ptr(ndr, "delta_enum_array", r->out.delta_enum_array);
 		ndr->depth++;
-		if (r->out.delta_enum_array) {
-			ndr_print_netr_DELTA_ENUM_ARRAY(ndr, "delta_enum_array", r->out.delta_enum_array);
-		}
+		ndr_print_netr_DELTA_ENUM_ARRAY(ndr, "delta_enum_array", r->out.delta_enum_array);
 		ndr->depth--;
 		ndr_print_NTSTATUS(ndr, "result", r->out.result);
 		ndr->depth--;
@@ -9234,15 +9829,14 @@ static enum ndr_err_code ndr_push_netr_GetDcName(struct ndr_push *ndr, int flags
 		if (r->out.dcname == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		if (*r->out.dcname == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.dcname));
+		if (*r->out.dcname) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.dcname, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.dcname, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.dcname, ndr_charset_length(*r->out.dcname, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		}
-		NDR_CHECK(ndr_push_ref_ptr(ndr));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.dcname, CH_UTF16)));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.dcname, CH_UTF16)));
-		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.dcname, ndr_charset_length(*r->out.dcname, CH_UTF16), sizeof(uint16_t), CH_UTF16));
-		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
@@ -9253,6 +9847,7 @@ static enum ndr_err_code ndr_pull_netr_GetDcName(struct ndr_pull *ndr, int flags
 	uint32_t _ptr_dcname;
 	TALLOC_CTX *_mem_save_domainname_0;
 	TALLOC_CTX *_mem_save_dcname_0;
+	TALLOC_CTX *_mem_save_dcname_1;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -9290,16 +9885,26 @@ static enum ndr_err_code ndr_pull_netr_GetDcName(struct ndr_pull *ndr, int flags
 		}
 		_mem_save_dcname_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.dcname, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_dcname));
-		NDR_CHECK(ndr_pull_array_size(ndr, r->out.dcname));
-		NDR_CHECK(ndr_pull_array_length(ndr, r->out.dcname));
-		if (ndr_get_array_length(ndr, r->out.dcname) > ndr_get_array_size(ndr, r->out.dcname)) {
-			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.dcname), ndr_get_array_length(ndr, r->out.dcname));
-		}
-		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t)));
-		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.dcname, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dcname));
+		if (_ptr_dcname) {
+			NDR_PULL_ALLOC(ndr, *r->out.dcname);
+		} else {
+			*r->out.dcname = NULL;
+		}
+		if (*r->out.dcname) {
+			_mem_save_dcname_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.dcname, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, r->out.dcname));
+			NDR_CHECK(ndr_pull_array_length(ndr, r->out.dcname));
+			if (ndr_get_array_length(ndr, r->out.dcname) > ndr_get_array_size(ndr, r->out.dcname)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.dcname), ndr_get_array_length(ndr, r->out.dcname));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.dcname, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dcname_1, 0);
+		}
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dcname_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
@@ -9330,10 +9935,12 @@ _PUBLIC_ void ndr_print_netr_GetDcName(struct ndr_print *ndr, const char *name,
 		ndr->depth++;
 		ndr_print_ptr(ndr, "dcname", *r->out.dcname);
 		ndr->depth++;
-		ndr_print_string(ndr, "dcname", *r->out.dcname);
+		if (*r->out.dcname) {
+			ndr_print_string(ndr, "dcname", *r->out.dcname);
+		}
 		ndr->depth--;
 		ndr->depth--;
-		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr_print_WERROR(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
 	ndr->depth--;
@@ -9464,14 +10071,13 @@ static enum ndr_err_code ndr_push_netr_GetAnyDCName(struct ndr_push *ndr, int fl
 		if (r->out.dcname == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		if (*r->out.dcname == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.dcname));
+		if (*r->out.dcname) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.dcname, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.dcname, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.dcname, ndr_charset_length(*r->out.dcname, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		}
-		NDR_CHECK(ndr_push_ref_ptr(ndr));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.dcname, CH_UTF16)));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.dcname, CH_UTF16)));
-		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.dcname, ndr_charset_length(*r->out.dcname, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -9485,6 +10091,7 @@ static enum ndr_err_code ndr_pull_netr_GetAnyDCName(struct ndr_pull *ndr, int fl
 	TALLOC_CTX *_mem_save_logon_server_0;
 	TALLOC_CTX *_mem_save_domainname_0;
 	TALLOC_CTX *_mem_save_dcname_0;
+	TALLOC_CTX *_mem_save_dcname_1;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -9533,14 +10140,24 @@ static enum ndr_err_code ndr_pull_netr_GetAnyDCName(struct ndr_pull *ndr, int fl
 		}
 		_mem_save_dcname_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.dcname, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_dcname));
-		NDR_CHECK(ndr_pull_array_size(ndr, r->out.dcname));
-		NDR_CHECK(ndr_pull_array_length(ndr, r->out.dcname));
-		if (ndr_get_array_length(ndr, r->out.dcname) > ndr_get_array_size(ndr, r->out.dcname)) {
-			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.dcname), ndr_get_array_length(ndr, r->out.dcname));
-		}
-		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t)));
-		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.dcname, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dcname));
+		if (_ptr_dcname) {
+			NDR_PULL_ALLOC(ndr, *r->out.dcname);
+		} else {
+			*r->out.dcname = NULL;
+		}
+		if (*r->out.dcname) {
+			_mem_save_dcname_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.dcname, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, r->out.dcname));
+			NDR_CHECK(ndr_pull_array_length(ndr, r->out.dcname));
+			if (ndr_get_array_length(ndr, r->out.dcname) > ndr_get_array_size(ndr, r->out.dcname)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.dcname), ndr_get_array_length(ndr, r->out.dcname));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.dcname, ndr_get_array_length(ndr, r->out.dcname), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dcname_1, 0);
+		}
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dcname_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
@@ -9578,7 +10195,9 @@ _PUBLIC_ void ndr_print_netr_GetAnyDCName(struct ndr_print *ndr, const char *nam
 		ndr->depth++;
 		ndr_print_ptr(ndr, "dcname", *r->out.dcname);
 		ndr->depth++;
-		ndr_print_string(ndr, "dcname", *r->out.dcname);
+		if (*r->out.dcname) {
+			ndr_print_string(ndr, "dcname", *r->out.dcname);
+		}
 		ndr->depth--;
 		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
@@ -9599,8 +10218,11 @@ static enum ndr_err_code ndr_push_netr_LogonControl2(struct ndr_push *ndr, int f
 		}
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.function_code));
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.level));
-		NDR_CHECK(ndr_push_set_switch_value(ndr, &r->in.data, r->in.function_code));
-		NDR_CHECK(ndr_push_netr_CONTROL_DATA_INFORMATION(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.data));
+		if (r->in.data == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_set_switch_value(ndr, r->in.data, r->in.function_code));
+		NDR_CHECK(ndr_push_netr_CONTROL_DATA_INFORMATION(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.data));
 	}
 	if (flags & NDR_OUT) {
 		if (r->out.query == NULL) {
@@ -9617,6 +10239,7 @@ static enum ndr_err_code ndr_pull_netr_LogonControl2(struct ndr_pull *ndr, int f
 {
 	uint32_t _ptr_logon_server;
 	TALLOC_CTX *_mem_save_logon_server_0;
+	TALLOC_CTX *_mem_save_data_0;
 	TALLOC_CTX *_mem_save_query_0;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
@@ -9641,8 +10264,14 @@ static enum ndr_err_code ndr_pull_netr_LogonControl2(struct ndr_pull *ndr, int f
 		}
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.function_code));
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level));
-		NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->in.data, r->in.function_code));
-		NDR_CHECK(ndr_pull_netr_CONTROL_DATA_INFORMATION(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.data));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.data);
+		}
+		_mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.data, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, r->in.data, r->in.function_code));
+		NDR_CHECK(ndr_pull_netr_CONTROL_DATA_INFORMATION(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.data));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_PULL_ALLOC(ndr, r->out.query);
 		ZERO_STRUCTP(r->out.query);
 	}
@@ -9678,8 +10307,11 @@ _PUBLIC_ void ndr_print_netr_LogonControl2(struct ndr_print *ndr, const char *na
 		ndr->depth--;
 		ndr_print_uint32(ndr, "function_code", r->in.function_code);
 		ndr_print_uint32(ndr, "level", r->in.level);
-		ndr_print_set_switch_value(ndr, &r->in.data, r->in.function_code);
-		ndr_print_netr_CONTROL_DATA_INFORMATION(ndr, "data", &r->in.data);
+		ndr_print_ptr(ndr, "data", r->in.data);
+		ndr->depth++;
+		ndr_print_set_switch_value(ndr, r->in.data, r->in.function_code);
+		ndr_print_netr_CONTROL_DATA_INFORMATION(ndr, "data", r->in.data);
+		ndr->depth--;
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
@@ -9725,10 +10357,10 @@ static enum ndr_err_code ndr_push_netr_ServerAuthenticate2(struct ndr_push *ndr,
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.negotiate_flags));
 	}
 	if (flags & NDR_OUT) {
-		if (r->out.credentials == NULL) {
+		if (r->out.return_credentials == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		NDR_CHECK(ndr_push_netr_Credential(ndr, NDR_SCALARS, r->out.credentials));
+		NDR_CHECK(ndr_push_netr_Credential(ndr, NDR_SCALARS, r->out.return_credentials));
 		if (r->out.negotiate_flags == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
@@ -9743,6 +10375,7 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate2(struct ndr_pull *ndr,
 	uint32_t _ptr_server_name;
 	TALLOC_CTX *_mem_save_server_name_0;
 	TALLOC_CTX *_mem_save_credentials_0;
+	TALLOC_CTX *_mem_save_return_credentials_0;
 	TALLOC_CTX *_mem_save_negotiate_flags_0;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
@@ -9794,19 +10427,19 @@ static enum ndr_err_code ndr_pull_netr_ServerAuthenticate2(struct ndr_pull *ndr,
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.negotiate_flags, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.negotiate_flags));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_negotiate_flags_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_PULL_ALLOC(ndr, r->out.credentials);
-		*r->out.credentials = *r->in.credentials;
+		NDR_PULL_ALLOC(ndr, r->out.return_credentials);
+		ZERO_STRUCTP(r->out.return_credentials);
 		NDR_PULL_ALLOC(ndr, r->out.negotiate_flags);
 		*r->out.negotiate_flags = *r->in.negotiate_flags;
 	}
 	if (flags & NDR_OUT) {
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
-			NDR_PULL_ALLOC(ndr, r->out.credentials);
+			NDR_PULL_ALLOC(ndr, r->out.return_credentials);
 		}
-		_mem_save_credentials_0 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, r->out.credentials, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_netr_Credential(ndr, NDR_SCALARS, r->out.credentials));
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_credentials_0, LIBNDR_FLAG_REF_ALLOC);
+		_mem_save_return_credentials_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.return_credentials, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_netr_Credential(ndr, NDR_SCALARS, r->out.return_credentials));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_return_credentials_0, LIBNDR_FLAG_REF_ALLOC);
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->out.negotiate_flags);
 		}
@@ -9851,9 +10484,9 @@ _PUBLIC_ void ndr_print_netr_ServerAuthenticate2(struct ndr_print *ndr, const ch
 	if (flags & NDR_OUT) {
 		ndr_print_struct(ndr, "out", "netr_ServerAuthenticate2");
 		ndr->depth++;
-		ndr_print_ptr(ndr, "credentials", r->out.credentials);
+		ndr_print_ptr(ndr, "return_credentials", r->out.return_credentials);
 		ndr->depth++;
-		ndr_print_netr_Credential(ndr, "credentials", r->out.credentials);
+		ndr_print_netr_Credential(ndr, "return_credentials", r->out.return_credentials);
 		ndr->depth--;
 		ndr_print_ptr(ndr, "negotiate_flags", r->out.negotiate_flags);
 		ndr->depth++;
@@ -9876,7 +10509,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseSync2(struct ndr_push *ndr, int f
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.computername, CH_UTF16)));
 		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.computername, ndr_charset_length(r->in.computername, CH_UTF16), sizeof(uint16_t), CH_UTF16));
-		NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential));
+		if (r->in.credential == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential));
 		if (r->in.return_authenticator == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
@@ -9898,9 +10534,12 @@ static enum ndr_err_code ndr_push_netr_DatabaseSync2(struct ndr_push *ndr, int f
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.sync_context));
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.delta_enum_array));
-		if (r->out.delta_enum_array) {
-			NDR_CHECK(ndr_push_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.delta_enum_array));
+		if (r->out.delta_enum_array == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.delta_enum_array));
+		if (*r->out.delta_enum_array) {
+			NDR_CHECK(ndr_push_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.delta_enum_array));
 		}
 		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
 	}
@@ -9910,9 +10549,11 @@ static enum ndr_err_code ndr_push_netr_DatabaseSync2(struct ndr_push *ndr, int f
 static enum ndr_err_code ndr_pull_netr_DatabaseSync2(struct ndr_pull *ndr, int flags, struct netr_DatabaseSync2 *r)
 {
 	uint32_t _ptr_delta_enum_array;
+	TALLOC_CTX *_mem_save_credential_0;
 	TALLOC_CTX *_mem_save_return_authenticator_0;
 	TALLOC_CTX *_mem_save_sync_context_0;
 	TALLOC_CTX *_mem_save_delta_enum_array_0;
+	TALLOC_CTX *_mem_save_delta_enum_array_1;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -9930,7 +10571,13 @@ static enum ndr_err_code ndr_pull_netr_DatabaseSync2(struct ndr_pull *ndr, int f
 		}
 		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t)));
 		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computername, ndr_get_array_length(ndr, &r->in.computername), sizeof(uint16_t), CH_UTF16));
-		NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, &r->in.credential));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.credential);
+		}
+		_mem_save_credential_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.credential, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_credential_0, LIBNDR_FLAG_REF_ALLOC);
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->in.return_authenticator);
 		}
@@ -9952,6 +10599,8 @@ static enum ndr_err_code ndr_pull_netr_DatabaseSync2(struct ndr_pull *ndr, int f
 		*r->out.return_authenticator = *r->in.return_authenticator;
 		NDR_PULL_ALLOC(ndr, r->out.sync_context);
 		*r->out.sync_context = *r->in.sync_context;
+		NDR_PULL_ALLOC(ndr, r->out.delta_enum_array);
+		ZERO_STRUCTP(r->out.delta_enum_array);
 	}
 	if (flags & NDR_OUT) {
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
@@ -9968,18 +10617,24 @@ static enum ndr_err_code ndr_pull_netr_DatabaseSync2(struct ndr_pull *ndr, int f
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.sync_context, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.sync_context));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sync_context_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.delta_enum_array);
+		}
+		_mem_save_delta_enum_array_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.delta_enum_array, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_delta_enum_array));
 		if (_ptr_delta_enum_array) {
-			NDR_PULL_ALLOC(ndr, r->out.delta_enum_array);
+			NDR_PULL_ALLOC(ndr, *r->out.delta_enum_array);
 		} else {
-			r->out.delta_enum_array = NULL;
+			*r->out.delta_enum_array = NULL;
 		}
-		if (r->out.delta_enum_array) {
-			_mem_save_delta_enum_array_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.delta_enum_array, 0);
-			NDR_CHECK(ndr_pull_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.delta_enum_array));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_delta_enum_array_0, 0);
+		if (*r->out.delta_enum_array) {
+			_mem_save_delta_enum_array_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.delta_enum_array, 0);
+			NDR_CHECK(ndr_pull_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.delta_enum_array));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_delta_enum_array_1, 0);
 		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_delta_enum_array_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -9997,7 +10652,10 @@ _PUBLIC_ void ndr_print_netr_DatabaseSync2(struct ndr_print *ndr, const char *na
 		ndr->depth++;
 		ndr_print_string(ndr, "logon_server", r->in.logon_server);
 		ndr_print_string(ndr, "computername", r->in.computername);
-		ndr_print_netr_Authenticator(ndr, "credential", &r->in.credential);
+		ndr_print_ptr(ndr, "credential", r->in.credential);
+		ndr->depth++;
+		ndr_print_netr_Authenticator(ndr, "credential", r->in.credential);
+		ndr->depth--;
 		ndr_print_ptr(ndr, "return_authenticator", r->in.return_authenticator);
 		ndr->depth++;
 		ndr_print_netr_Authenticator(ndr, "return_authenticator", r->in.return_authenticator);
@@ -10024,10 +10682,13 @@ _PUBLIC_ void ndr_print_netr_DatabaseSync2(struct ndr_print *ndr, const char *na
 		ndr->depth--;
 		ndr_print_ptr(ndr, "delta_enum_array", r->out.delta_enum_array);
 		ndr->depth++;
-		if (r->out.delta_enum_array) {
-			ndr_print_netr_DELTA_ENUM_ARRAY(ndr, "delta_enum_array", r->out.delta_enum_array);
+		ndr_print_ptr(ndr, "delta_enum_array", *r->out.delta_enum_array);
+		ndr->depth++;
+		if (*r->out.delta_enum_array) {
+			ndr_print_netr_DELTA_ENUM_ARRAY(ndr, "delta_enum_array", *r->out.delta_enum_array);
 		}
 		ndr->depth--;
+		ndr->depth--;
 		ndr_print_NTSTATUS(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -10062,10 +10723,10 @@ static enum ndr_err_code ndr_push_netr_DatabaseRedo(struct ndr_push *ndr, int fl
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
 		NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->out.return_authenticator));
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.delta_enum_array));
-		if (r->out.delta_enum_array) {
-			NDR_CHECK(ndr_push_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.delta_enum_array));
+		if (r->out.delta_enum_array == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
+		NDR_CHECK(ndr_push_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.delta_enum_array));
 		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -10074,7 +10735,6 @@ static enum ndr_err_code ndr_push_netr_DatabaseRedo(struct ndr_push *ndr, int fl
 static enum ndr_err_code ndr_pull_netr_DatabaseRedo(struct ndr_pull *ndr, int flags, struct netr_DatabaseRedo *r)
 {
 	uint32_t _ptr_change_log_entry;
-	uint32_t _ptr_delta_enum_array;
 	TALLOC_CTX *_mem_save_return_authenticator_0;
 	TALLOC_CTX *_mem_save_change_log_entry_0;
 	TALLOC_CTX *_mem_save_delta_enum_array_0;
@@ -10120,6 +10780,8 @@ static enum ndr_err_code ndr_pull_netr_DatabaseRedo(struct ndr_pull *ndr, int fl
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.change_log_entry_size));
 		NDR_PULL_ALLOC(ndr, r->out.return_authenticator);
 		*r->out.return_authenticator = *r->in.return_authenticator;
+		NDR_PULL_ALLOC(ndr, r->out.delta_enum_array);
+		ZERO_STRUCTP(r->out.delta_enum_array);
 		if (r->in.change_log_entry) {
 			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.change_log_entry, r->in.change_log_entry_size));
 		}
@@ -10132,18 +10794,13 @@ static enum ndr_err_code ndr_pull_netr_DatabaseRedo(struct ndr_pull *ndr, int fl
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.return_authenticator, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->out.return_authenticator));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_return_authenticator_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_delta_enum_array));
-		if (_ptr_delta_enum_array) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->out.delta_enum_array);
-		} else {
-			r->out.delta_enum_array = NULL;
-		}
-		if (r->out.delta_enum_array) {
-			_mem_save_delta_enum_array_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.delta_enum_array, 0);
-			NDR_CHECK(ndr_pull_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.delta_enum_array));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_delta_enum_array_0, 0);
 		}
+		_mem_save_delta_enum_array_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.delta_enum_array, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_netr_DELTA_ENUM_ARRAY(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.delta_enum_array));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_delta_enum_array_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -10184,9 +10841,7 @@ _PUBLIC_ void ndr_print_netr_DatabaseRedo(struct ndr_print *ndr, const char *nam
 		ndr->depth--;
 		ndr_print_ptr(ndr, "delta_enum_array", r->out.delta_enum_array);
 		ndr->depth++;
-		if (r->out.delta_enum_array) {
-			ndr_print_netr_DELTA_ENUM_ARRAY(ndr, "delta_enum_array", r->out.delta_enum_array);
-		}
+		ndr_print_netr_DELTA_ENUM_ARRAY(ndr, "delta_enum_array", r->out.delta_enum_array);
 		ndr->depth--;
 		ndr_print_NTSTATUS(ndr, "result", r->out.result);
 		ndr->depth--;
@@ -10303,41 +10958,94 @@ _PUBLIC_ void ndr_print_netr_LogonControl2Ex(struct ndr_print *ndr, const char *
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_netr_NETRENUMERATETRUSTEDDOMAINS(struct ndr_push *ndr, int flags, const struct netr_NETRENUMERATETRUSTEDDOMAINS *r)
+static enum ndr_err_code ndr_push_netr_NetrEnumerateTrustedDomains(struct ndr_push *ndr, int flags, const struct netr_NetrEnumerateTrustedDomains *r)
 {
 	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.server_name));
+		if (r->in.server_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.server_name, ndr_charset_length(r->in.server_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
 	}
 	if (flags & NDR_OUT) {
+		if (r->out.trusted_domains_blob == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_netr_Blob(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.trusted_domains_blob));
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_netr_NETRENUMERATETRUSTEDDOMAINS(struct ndr_pull *ndr, int flags, struct netr_NETRENUMERATETRUSTEDDOMAINS *r)
+static enum ndr_err_code ndr_pull_netr_NetrEnumerateTrustedDomains(struct ndr_pull *ndr, int flags, struct netr_NetrEnumerateTrustedDomains *r)
 {
+	uint32_t _ptr_server_name;
+	TALLOC_CTX *_mem_save_server_name_0;
+	TALLOC_CTX *_mem_save_trusted_domains_blob_0;
 	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_name));
+		if (_ptr_server_name) {
+			NDR_PULL_ALLOC(ndr, r->in.server_name);
+		} else {
+			r->in.server_name = NULL;
+		}
+		if (r->in.server_name) {
+			_mem_save_server_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name));
+			if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0);
+		}
+		NDR_PULL_ALLOC(ndr, r->out.trusted_domains_blob);
+		ZERO_STRUCTP(r->out.trusted_domains_blob);
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.trusted_domains_blob);
+		}
+		_mem_save_trusted_domains_blob_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.trusted_domains_blob, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_netr_Blob(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.trusted_domains_blob));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusted_domains_blob_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-_PUBLIC_ void ndr_print_netr_NETRENUMERATETRUSTEDDOMAINS(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRENUMERATETRUSTEDDOMAINS *r)
+_PUBLIC_ void ndr_print_netr_NetrEnumerateTrustedDomains(struct ndr_print *ndr, const char *name, int flags, const struct netr_NetrEnumerateTrustedDomains *r)
 {
-	ndr_print_struct(ndr, name, "netr_NETRENUMERATETRUSTEDDOMAINS");
+	ndr_print_struct(ndr, name, "netr_NetrEnumerateTrustedDomains");
 	ndr->depth++;
 	if (flags & NDR_SET_VALUES) {
 		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
 	}
 	if (flags & NDR_IN) {
-		ndr_print_struct(ndr, "in", "netr_NETRENUMERATETRUSTEDDOMAINS");
+		ndr_print_struct(ndr, "in", "netr_NetrEnumerateTrustedDomains");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "server_name", r->in.server_name);
 		ndr->depth++;
+		if (r->in.server_name) {
+			ndr_print_string(ndr, "server_name", r->in.server_name);
+		}
+		ndr->depth--;
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
-		ndr_print_struct(ndr, "out", "netr_NETRENUMERATETRUSTEDDOMAINS");
+		ndr_print_struct(ndr, "out", "netr_NetrEnumerateTrustedDomains");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "trusted_domains_blob", r->out.trusted_domains_blob);
+		ndr->depth++;
+		ndr_print_netr_Blob(ndr, "trusted_domains_blob", r->out.trusted_domains_blob);
+		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -10369,12 +11077,15 @@ static enum ndr_err_code ndr_push_netr_DsRGetDCName(struct ndr_push *ndr, int fl
 		if (r->in.site_guid) {
 			NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.site_guid));
 		}
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.flags));
+		NDR_CHECK(ndr_push_netr_DsRGetDCName_flags(ndr, NDR_SCALARS, r->in.flags));
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.info));
-		if (r->out.info) {
-			NDR_CHECK(ndr_push_netr_DsRGetDCNameInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
+		if (r->out.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.info));
+		if (*r->out.info) {
+			NDR_CHECK(ndr_push_netr_DsRGetDCNameInfo(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.info));
 		}
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
@@ -10393,6 +11104,7 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCName(struct ndr_pull *ndr, int fl
 	TALLOC_CTX *_mem_save_domain_guid_0;
 	TALLOC_CTX *_mem_save_site_guid_0;
 	TALLOC_CTX *_mem_save_info_0;
+	TALLOC_CTX *_mem_save_info_1;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -10456,21 +11168,29 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCName(struct ndr_pull *ndr, int fl
 			NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.site_guid));
 			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_guid_0, 0);
 		}
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags));
+		NDR_CHECK(ndr_pull_netr_DsRGetDCName_flags(ndr, NDR_SCALARS, &r->in.flags));
+		NDR_PULL_ALLOC(ndr, r->out.info);
+		ZERO_STRUCTP(r->out.info);
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.info, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info));
 		if (_ptr_info) {
-			NDR_PULL_ALLOC(ndr, r->out.info);
+			NDR_PULL_ALLOC(ndr, *r->out.info);
 		} else {
-			r->out.info = NULL;
+			*r->out.info = NULL;
 		}
-		if (r->out.info) {
-			_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0);
-			NDR_CHECK(ndr_pull_netr_DsRGetDCNameInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0);
+		if (*r->out.info) {
+			_mem_save_info_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.info, 0);
+			NDR_CHECK(ndr_pull_netr_DsRGetDCNameInfo(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.info));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_1, 0);
 		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -10510,7 +11230,7 @@ _PUBLIC_ void ndr_print_netr_DsRGetDCName(struct ndr_print *ndr, const char *nam
 			ndr_print_GUID(ndr, "site_guid", r->in.site_guid);
 		}
 		ndr->depth--;
-		ndr_print_uint32(ndr, "flags", r->in.flags);
+		ndr_print_netr_DsRGetDCName_flags(ndr, "flags", r->in.flags);
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
@@ -10518,10 +11238,13 @@ _PUBLIC_ void ndr_print_netr_DsRGetDCName(struct ndr_print *ndr, const char *nam
 		ndr->depth++;
 		ndr_print_ptr(ndr, "info", r->out.info);
 		ndr->depth++;
-		if (r->out.info) {
-			ndr_print_netr_DsRGetDCNameInfo(ndr, "info", r->out.info);
+		ndr_print_ptr(ndr, "info", *r->out.info);
+		ndr->depth++;
+		if (*r->out.info) {
+			ndr_print_netr_DsRGetDCNameInfo(ndr, "info", *r->out.info);
 		}
 		ndr->depth--;
+		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -10610,41 +11333,127 @@ _PUBLIC_ void ndr_print_netr_NETRLOGONSETSERVICEBITS(struct ndr_print *ndr, cons
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_netr_NETRLOGONGETTRUSTRID(struct ndr_push *ndr, int flags, const struct netr_NETRLOGONGETTRUSTRID *r)
+static enum ndr_err_code ndr_push_netr_LogonGetTrustRid(struct ndr_push *ndr, int flags, const struct netr_LogonGetTrustRid *r)
 {
 	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.server_name));
+		if (r->in.server_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.server_name, ndr_charset_length(r->in.server_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.domain_name));
+		if (r->in.domain_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.domain_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.domain_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.domain_name, ndr_charset_length(r->in.domain_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
 	}
 	if (flags & NDR_OUT) {
+		if (r->out.rid == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.rid));
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_netr_NETRLOGONGETTRUSTRID(struct ndr_pull *ndr, int flags, struct netr_NETRLOGONGETTRUSTRID *r)
+static enum ndr_err_code ndr_pull_netr_LogonGetTrustRid(struct ndr_pull *ndr, int flags, struct netr_LogonGetTrustRid *r)
 {
+	uint32_t _ptr_server_name;
+	uint32_t _ptr_domain_name;
+	TALLOC_CTX *_mem_save_server_name_0;
+	TALLOC_CTX *_mem_save_domain_name_0;
+	TALLOC_CTX *_mem_save_rid_0;
 	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_name));
+		if (_ptr_server_name) {
+			NDR_PULL_ALLOC(ndr, r->in.server_name);
+		} else {
+			r->in.server_name = NULL;
+		}
+		if (r->in.server_name) {
+			_mem_save_server_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name));
+			if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0);
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_name));
+		if (_ptr_domain_name) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_name);
+		} else {
+			r->in.domain_name = NULL;
+		}
+		if (r->in.domain_name) {
+			_mem_save_domain_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain_name));
+			if (ndr_get_array_length(ndr, &r->in.domain_name) > ndr_get_array_size(ndr, &r->in.domain_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain_name), ndr_get_array_length(ndr, &r->in.domain_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain_name, ndr_get_array_length(ndr, &r->in.domain_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0);
+		}
+		NDR_PULL_ALLOC(ndr, r->out.rid);
+		ZERO_STRUCTP(r->out.rid);
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.rid);
+		}
+		_mem_save_rid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.rid, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.rid));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rid_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-_PUBLIC_ void ndr_print_netr_NETRLOGONGETTRUSTRID(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRLOGONGETTRUSTRID *r)
+_PUBLIC_ void ndr_print_netr_LogonGetTrustRid(struct ndr_print *ndr, const char *name, int flags, const struct netr_LogonGetTrustRid *r)
 {
-	ndr_print_struct(ndr, name, "netr_NETRLOGONGETTRUSTRID");
+	ndr_print_struct(ndr, name, "netr_LogonGetTrustRid");
 	ndr->depth++;
 	if (flags & NDR_SET_VALUES) {
 		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
 	}
 	if (flags & NDR_IN) {
-		ndr_print_struct(ndr, "in", "netr_NETRLOGONGETTRUSTRID");
+		ndr_print_struct(ndr, "in", "netr_LogonGetTrustRid");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "server_name", r->in.server_name);
+		ndr->depth++;
+		if (r->in.server_name) {
+			ndr_print_string(ndr, "server_name", r->in.server_name);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "domain_name", r->in.domain_name);
 		ndr->depth++;
+		if (r->in.domain_name) {
+			ndr_print_string(ndr, "domain_name", r->in.domain_name);
+		}
+		ndr->depth--;
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
-		ndr_print_struct(ndr, "out", "netr_NETRLOGONGETTRUSTRID");
+		ndr_print_struct(ndr, "out", "netr_LogonGetTrustRid");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "rid", r->out.rid);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "rid", *r->out.rid);
+		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -10948,12 +11757,15 @@ static enum ndr_err_code ndr_push_netr_DsRGetDCNameEx(struct ndr_push *ndr, int
 			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.site_name, CH_UTF16)));
 			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.site_name, ndr_charset_length(r->in.site_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		}
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.flags));
+		NDR_CHECK(ndr_push_netr_DsRGetDCName_flags(ndr, NDR_SCALARS, r->in.flags));
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.info));
-		if (r->out.info) {
-			NDR_CHECK(ndr_push_netr_DsRGetDCNameInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
+		if (r->out.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.info));
+		if (*r->out.info) {
+			NDR_CHECK(ndr_push_netr_DsRGetDCNameInfo(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.info));
 		}
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
@@ -10972,6 +11784,7 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx(struct ndr_pull *ndr, int
 	TALLOC_CTX *_mem_save_domain_guid_0;
 	TALLOC_CTX *_mem_save_site_name_0;
 	TALLOC_CTX *_mem_save_info_0;
+	TALLOC_CTX *_mem_save_info_1;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -11041,21 +11854,29 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx(struct ndr_pull *ndr, int
 			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.site_name, ndr_get_array_length(ndr, &r->in.site_name), sizeof(uint16_t), CH_UTF16));
 			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0);
 		}
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags));
+		NDR_CHECK(ndr_pull_netr_DsRGetDCName_flags(ndr, NDR_SCALARS, &r->in.flags));
+		NDR_PULL_ALLOC(ndr, r->out.info);
+		ZERO_STRUCTP(r->out.info);
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.info, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info));
 		if (_ptr_info) {
-			NDR_PULL_ALLOC(ndr, r->out.info);
+			NDR_PULL_ALLOC(ndr, *r->out.info);
 		} else {
-			r->out.info = NULL;
+			*r->out.info = NULL;
 		}
-		if (r->out.info) {
-			_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0);
-			NDR_CHECK(ndr_pull_netr_DsRGetDCNameInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0);
+		if (*r->out.info) {
+			_mem_save_info_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.info, 0);
+			NDR_CHECK(ndr_pull_netr_DsRGetDCNameInfo(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.info));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_1, 0);
 		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -11095,7 +11916,7 @@ _PUBLIC_ void ndr_print_netr_DsRGetDCNameEx(struct ndr_print *ndr, const char *n
 			ndr_print_string(ndr, "site_name", r->in.site_name);
 		}
 		ndr->depth--;
-		ndr_print_uint32(ndr, "flags", r->in.flags);
+		ndr_print_netr_DsRGetDCName_flags(ndr, "flags", r->in.flags);
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
@@ -11103,10 +11924,13 @@ _PUBLIC_ void ndr_print_netr_DsRGetDCNameEx(struct ndr_print *ndr, const char *n
 		ndr->depth++;
 		ndr_print_ptr(ndr, "info", r->out.info);
 		ndr->depth++;
-		if (r->out.info) {
-			ndr_print_netr_DsRGetDCNameInfo(ndr, "info", r->out.info);
+		ndr_print_ptr(ndr, "info", *r->out.info);
+		ndr->depth++;
+		if (*r->out.info) {
+			ndr_print_netr_DsRGetDCNameInfo(ndr, "info", *r->out.info);
 		}
 		ndr->depth--;
+		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -11128,14 +11952,13 @@ static enum ndr_err_code ndr_push_netr_DsRGetSiteName(struct ndr_push *ndr, int
 		if (r->out.site == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		if (*r->out.site == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.site));
+		if (*r->out.site) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.site, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.site, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.site, ndr_charset_length(*r->out.site, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		}
-		NDR_CHECK(ndr_push_ref_ptr(ndr));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.site, CH_UTF16)));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.site, CH_UTF16)));
-		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.site, ndr_charset_length(*r->out.site, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -11147,6 +11970,7 @@ static enum ndr_err_code ndr_pull_netr_DsRGetSiteName(struct ndr_pull *ndr, int
 	uint32_t _ptr_site;
 	TALLOC_CTX *_mem_save_computer_name_0;
 	TALLOC_CTX *_mem_save_site_0;
+	TALLOC_CTX *_mem_save_site_1;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -11177,14 +12001,24 @@ static enum ndr_err_code ndr_pull_netr_DsRGetSiteName(struct ndr_pull *ndr, int
 		}
 		_mem_save_site_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.site, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_site));
-		NDR_CHECK(ndr_pull_array_size(ndr, r->out.site));
-		NDR_CHECK(ndr_pull_array_length(ndr, r->out.site));
-		if (ndr_get_array_length(ndr, r->out.site) > ndr_get_array_size(ndr, r->out.site)) {
-			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.site), ndr_get_array_length(ndr, r->out.site));
-		}
-		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.site), sizeof(uint16_t)));
-		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.site, ndr_get_array_length(ndr, r->out.site), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_site));
+		if (_ptr_site) {
+			NDR_PULL_ALLOC(ndr, *r->out.site);
+		} else {
+			*r->out.site = NULL;
+		}
+		if (*r->out.site) {
+			_mem_save_site_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.site, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, r->out.site));
+			NDR_CHECK(ndr_pull_array_length(ndr, r->out.site));
+			if (ndr_get_array_length(ndr, r->out.site) > ndr_get_array_size(ndr, r->out.site)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.site), ndr_get_array_length(ndr, r->out.site));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.site), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.site, ndr_get_array_length(ndr, r->out.site), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_1, 0);
+		}
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
@@ -11216,7 +12050,9 @@ _PUBLIC_ void ndr_print_netr_DsRGetSiteName(struct ndr_print *ndr, const char *n
 		ndr->depth++;
 		ndr_print_ptr(ndr, "site", *r->out.site);
 		ndr->depth++;
-		ndr_print_string(ndr, "site", *r->out.site);
+		if (*r->out.site) {
+			ndr_print_string(ndr, "site", *r->out.site);
+		}
 		ndr->depth--;
 		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
@@ -11519,41 +12355,155 @@ _PUBLIC_ void ndr_print_netr_ServerPasswordSet2(struct ndr_print *ndr, const cha
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_netr_NETRSERVERPASSWORDGET(struct ndr_push *ndr, int flags, const struct netr_NETRSERVERPASSWORDGET *r)
+static enum ndr_err_code ndr_push_netr_ServerPasswordGet(struct ndr_push *ndr, int flags, const struct netr_ServerPasswordGet *r)
 {
 	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.server_name));
+		if (r->in.server_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.server_name, ndr_charset_length(r->in.server_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.account_name, CH_UTF16)));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.account_name, CH_UTF16)));
+		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.account_name, ndr_charset_length(r->in.account_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_push_netr_SchannelType(ndr, NDR_SCALARS, r->in.secure_channel_type));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.computer_name, CH_UTF16)));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.computer_name, CH_UTF16)));
+		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.computer_name, ndr_charset_length(r->in.computer_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		if (r->in.credential == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential));
 	}
 	if (flags & NDR_OUT) {
+		if (r->out.return_authenticator == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->out.return_authenticator));
+		if (r->out.password == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.password));
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_netr_NETRSERVERPASSWORDGET(struct ndr_pull *ndr, int flags, struct netr_NETRSERVERPASSWORDGET *r)
+static enum ndr_err_code ndr_pull_netr_ServerPasswordGet(struct ndr_pull *ndr, int flags, struct netr_ServerPasswordGet *r)
 {
+	uint32_t _ptr_server_name;
+	TALLOC_CTX *_mem_save_server_name_0;
+	TALLOC_CTX *_mem_save_credential_0;
+	TALLOC_CTX *_mem_save_return_authenticator_0;
+	TALLOC_CTX *_mem_save_password_0;
 	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_name));
+		if (_ptr_server_name) {
+			NDR_PULL_ALLOC(ndr, r->in.server_name);
+		} else {
+			r->in.server_name = NULL;
+		}
+		if (r->in.server_name) {
+			_mem_save_server_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name));
+			if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0);
+		}
+		NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name));
+		NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name));
+		if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) {
+			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name));
+		}
+		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t)));
+		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type));
+		NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name));
+		NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name));
+		if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) {
+			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name));
+		}
+		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t)));
+		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.credential);
+		}
+		_mem_save_credential_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.credential, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_credential_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.return_authenticator);
+		ZERO_STRUCTP(r->out.return_authenticator);
+		NDR_PULL_ALLOC(ndr, r->out.password);
+		ZERO_STRUCTP(r->out.password);
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.return_authenticator);
+		}
+		_mem_save_return_authenticator_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.return_authenticator, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->out.return_authenticator));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_return_authenticator_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.password);
+		}
+		_mem_save_password_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.password, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.password));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-_PUBLIC_ void ndr_print_netr_NETRSERVERPASSWORDGET(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRSERVERPASSWORDGET *r)
+_PUBLIC_ void ndr_print_netr_ServerPasswordGet(struct ndr_print *ndr, const char *name, int flags, const struct netr_ServerPasswordGet *r)
 {
-	ndr_print_struct(ndr, name, "netr_NETRSERVERPASSWORDGET");
+	ndr_print_struct(ndr, name, "netr_ServerPasswordGet");
 	ndr->depth++;
 	if (flags & NDR_SET_VALUES) {
 		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
 	}
 	if (flags & NDR_IN) {
-		ndr_print_struct(ndr, "in", "netr_NETRSERVERPASSWORDGET");
+		ndr_print_struct(ndr, "in", "netr_ServerPasswordGet");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "server_name", r->in.server_name);
+		ndr->depth++;
+		if (r->in.server_name) {
+			ndr_print_string(ndr, "server_name", r->in.server_name);
+		}
+		ndr->depth--;
+		ndr_print_string(ndr, "account_name", r->in.account_name);
+		ndr_print_netr_SchannelType(ndr, "secure_channel_type", r->in.secure_channel_type);
+		ndr_print_string(ndr, "computer_name", r->in.computer_name);
+		ndr_print_ptr(ndr, "credential", r->in.credential);
 		ndr->depth++;
+		ndr_print_netr_Authenticator(ndr, "credential", r->in.credential);
+		ndr->depth--;
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
-		ndr_print_struct(ndr, "out", "netr_NETRSERVERPASSWORDGET");
+		ndr_print_struct(ndr, "out", "netr_ServerPasswordGet");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "return_authenticator", r->out.return_authenticator);
 		ndr->depth++;
+		ndr_print_netr_Authenticator(ndr, "return_authenticator", r->out.return_authenticator);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "password", r->out.password);
+		ndr->depth++;
+		ndr_print_samr_Password(ndr, "password", r->out.password);
+		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -11601,41 +12551,164 @@ _PUBLIC_ void ndr_print_netr_NETRLOGONSENDTOSAM(struct ndr_print *ndr, const cha
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_netr_DSRADDRESSTOSITENAMESW(struct ndr_push *ndr, int flags, const struct netr_DSRADDRESSTOSITENAMESW *r)
+static enum ndr_err_code ndr_push_netr_DsRAddressToSitenamesW(struct ndr_push *ndr, int flags, const struct netr_DsRAddressToSitenamesW *r)
 {
+	uint32_t cntr_addresses_1;
 	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.server_name));
+		if (r->in.server_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.server_name, ndr_charset_length(r->in.server_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.count));
+		if (r->in.addresses == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.count));
+		for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) {
+			NDR_CHECK(ndr_push_netr_DsRAddress(ndr, NDR_SCALARS, &r->in.addresses[cntr_addresses_1]));
+		}
+		for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) {
+			NDR_CHECK(ndr_push_netr_DsRAddress(ndr, NDR_BUFFERS, &r->in.addresses[cntr_addresses_1]));
+		}
 	}
 	if (flags & NDR_OUT) {
+		if (r->out.ctr == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.ctr));
+		if (*r->out.ctr) {
+			NDR_CHECK(ndr_push_netr_DsRAddressToSitenamesWCtr(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.ctr));
+		}
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_netr_DSRADDRESSTOSITENAMESW(struct ndr_pull *ndr, int flags, struct netr_DSRADDRESSTOSITENAMESW *r)
+static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesW(struct ndr_pull *ndr, int flags, struct netr_DsRAddressToSitenamesW *r)
 {
+	uint32_t _ptr_server_name;
+	uint32_t cntr_addresses_1;
+	uint32_t _ptr_ctr;
+	TALLOC_CTX *_mem_save_server_name_0;
+	TALLOC_CTX *_mem_save_addresses_1;
+	TALLOC_CTX *_mem_save_ctr_0;
+	TALLOC_CTX *_mem_save_ctr_1;
 	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_name));
+		if (_ptr_server_name) {
+			NDR_PULL_ALLOC(ndr, r->in.server_name);
+		} else {
+			r->in.server_name = NULL;
+		}
+		if (r->in.server_name) {
+			_mem_save_server_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name));
+			if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0);
+		}
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count));
+		if (r->in.count < 0 || r->in.count > 32000) {
+			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+		}
+		NDR_CHECK(ndr_pull_array_size(ndr, &r->in.addresses));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC_N(ndr, r->in.addresses, ndr_get_array_size(ndr, &r->in.addresses));
+		}
+		_mem_save_addresses_1 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.addresses, 0);
+		for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) {
+			NDR_CHECK(ndr_pull_netr_DsRAddress(ndr, NDR_SCALARS, &r->in.addresses[cntr_addresses_1]));
+		}
+		for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) {
+			NDR_CHECK(ndr_pull_netr_DsRAddress(ndr, NDR_BUFFERS, &r->in.addresses[cntr_addresses_1]));
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addresses_1, 0);
+		NDR_PULL_ALLOC(ndr, r->out.ctr);
+		ZERO_STRUCTP(r->out.ctr);
+		if (r->in.addresses) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.addresses, r->in.count));
+		}
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.ctr);
+		}
+		_mem_save_ctr_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.ctr, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr));
+		if (_ptr_ctr) {
+			NDR_PULL_ALLOC(ndr, *r->out.ctr);
+		} else {
+			*r->out.ctr = NULL;
+		}
+		if (*r->out.ctr) {
+			_mem_save_ctr_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.ctr, 0);
+			NDR_CHECK(ndr_pull_netr_DsRAddressToSitenamesWCtr(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.ctr));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ctr_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ctr_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-_PUBLIC_ void ndr_print_netr_DSRADDRESSTOSITENAMESW(struct ndr_print *ndr, const char *name, int flags, const struct netr_DSRADDRESSTOSITENAMESW *r)
+_PUBLIC_ void ndr_print_netr_DsRAddressToSitenamesW(struct ndr_print *ndr, const char *name, int flags, const struct netr_DsRAddressToSitenamesW *r)
 {
-	ndr_print_struct(ndr, name, "netr_DSRADDRESSTOSITENAMESW");
+	uint32_t cntr_addresses_1;
+	ndr_print_struct(ndr, name, "netr_DsRAddressToSitenamesW");
 	ndr->depth++;
 	if (flags & NDR_SET_VALUES) {
 		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
 	}
 	if (flags & NDR_IN) {
-		ndr_print_struct(ndr, "in", "netr_DSRADDRESSTOSITENAMESW");
+		ndr_print_struct(ndr, "in", "netr_DsRAddressToSitenamesW");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "server_name", r->in.server_name);
+		ndr->depth++;
+		if (r->in.server_name) {
+			ndr_print_string(ndr, "server_name", r->in.server_name);
+		}
+		ndr->depth--;
+		ndr_print_uint32(ndr, "count", r->in.count);
+		ndr_print_ptr(ndr, "addresses", r->in.addresses);
 		ndr->depth++;
+		ndr->print(ndr, "%s: ARRAY(%d)", "addresses", r->in.count);
+		ndr->depth++;
+		for (cntr_addresses_1=0;cntr_addresses_1<r->in.count;cntr_addresses_1++) {
+			char *idx_1=NULL;
+			if (asprintf(&idx_1, "[%d]", cntr_addresses_1) != -1) {
+				ndr_print_netr_DsRAddress(ndr, "addresses", &r->in.addresses[cntr_addresses_1]);
+				free(idx_1);
+			}
+		}
+		ndr->depth--;
+		ndr->depth--;
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
-		ndr_print_struct(ndr, "out", "netr_DSRADDRESSTOSITENAMESW");
+		ndr_print_struct(ndr, "out", "netr_DsRAddressToSitenamesW");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "ctr", r->out.ctr);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "ctr", *r->out.ctr);
 		ndr->depth++;
+		if (*r->out.ctr) {
+			ndr_print_netr_DsRAddressToSitenamesWCtr(ndr, "ctr", *r->out.ctr);
+		}
+		ndr->depth--;
+		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -11659,7 +12732,7 @@ static enum ndr_err_code ndr_push_netr_DsRGetDCNameEx2(struct ndr_push *ndr, int
 			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.client_account, CH_UTF16)));
 			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.client_account, ndr_charset_length(r->in.client_account, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		}
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.mask));
+		NDR_CHECK(ndr_push_samr_AcctFlags(ndr, NDR_SCALARS, r->in.mask));
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.domain_name));
 		if (r->in.domain_name) {
 			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.domain_name, CH_UTF16)));
@@ -11678,12 +12751,15 @@ static enum ndr_err_code ndr_push_netr_DsRGetDCNameEx2(struct ndr_push *ndr, int
 			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.site_name, CH_UTF16)));
 			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.site_name, ndr_charset_length(r->in.site_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		}
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.flags));
+		NDR_CHECK(ndr_push_netr_DsRGetDCName_flags(ndr, NDR_SCALARS, r->in.flags));
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.info));
-		if (r->out.info) {
-			NDR_CHECK(ndr_push_netr_DsRGetDCNameInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
+		if (r->out.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.info));
+		if (*r->out.info) {
+			NDR_CHECK(ndr_push_netr_DsRGetDCNameInfo(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.info));
 		}
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
@@ -11704,6 +12780,7 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int
 	TALLOC_CTX *_mem_save_domain_guid_0;
 	TALLOC_CTX *_mem_save_site_name_0;
 	TALLOC_CTX *_mem_save_info_0;
+	TALLOC_CTX *_mem_save_info_1;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -11743,7 +12820,7 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int
 			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.client_account, ndr_get_array_length(ndr, &r->in.client_account), sizeof(uint16_t), CH_UTF16));
 			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_client_account_0, 0);
 		}
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.mask));
+		NDR_CHECK(ndr_pull_samr_AcctFlags(ndr, NDR_SCALARS, &r->in.mask));
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_name));
 		if (_ptr_domain_name) {
 			NDR_PULL_ALLOC(ndr, r->in.domain_name);
@@ -11792,21 +12869,29 @@ static enum ndr_err_code ndr_pull_netr_DsRGetDCNameEx2(struct ndr_pull *ndr, int
 			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.site_name, ndr_get_array_length(ndr, &r->in.site_name), sizeof(uint16_t), CH_UTF16));
 			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_site_name_0, 0);
 		}
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags));
+		NDR_CHECK(ndr_pull_netr_DsRGetDCName_flags(ndr, NDR_SCALARS, &r->in.flags));
+		NDR_PULL_ALLOC(ndr, r->out.info);
+		ZERO_STRUCTP(r->out.info);
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.info, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info));
 		if (_ptr_info) {
-			NDR_PULL_ALLOC(ndr, r->out.info);
+			NDR_PULL_ALLOC(ndr, *r->out.info);
 		} else {
-			r->out.info = NULL;
+			*r->out.info = NULL;
 		}
-		if (r->out.info) {
-			_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.info, 0);
-			NDR_CHECK(ndr_pull_netr_DsRGetDCNameInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0);
+		if (*r->out.info) {
+			_mem_save_info_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.info, 0);
+			NDR_CHECK(ndr_pull_netr_DsRGetDCNameInfo(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.info));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_1, 0);
 		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -11834,7 +12919,7 @@ _PUBLIC_ void ndr_print_netr_DsRGetDCNameEx2(struct ndr_print *ndr, const char *
 			ndr_print_string(ndr, "client_account", r->in.client_account);
 		}
 		ndr->depth--;
-		ndr_print_uint32(ndr, "mask", r->in.mask);
+		ndr_print_samr_AcctFlags(ndr, "mask", r->in.mask);
 		ndr_print_ptr(ndr, "domain_name", r->in.domain_name);
 		ndr->depth++;
 		if (r->in.domain_name) {
@@ -11853,7 +12938,7 @@ _PUBLIC_ void ndr_print_netr_DsRGetDCNameEx2(struct ndr_print *ndr, const char *
 			ndr_print_string(ndr, "site_name", r->in.site_name);
 		}
 		ndr->depth--;
-		ndr_print_uint32(ndr, "flags", r->in.flags);
+		ndr_print_netr_DsRGetDCName_flags(ndr, "flags", r->in.flags);
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
@@ -11861,10 +12946,13 @@ _PUBLIC_ void ndr_print_netr_DsRGetDCNameEx2(struct ndr_print *ndr, const char *
 		ndr->depth++;
 		ndr_print_ptr(ndr, "info", r->out.info);
 		ndr->depth++;
-		if (r->out.info) {
-			ndr_print_netr_DsRGetDCNameInfo(ndr, "info", r->out.info);
+		ndr_print_ptr(ndr, "info", *r->out.info);
+		ndr->depth++;
+		if (*r->out.info) {
+			ndr_print_netr_DsRGetDCNameInfo(ndr, "info", *r->out.info);
 		}
 		ndr->depth--;
+		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -11912,123 +13000,352 @@ _PUBLIC_ void ndr_print_netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct ndr_prin
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_netr_NETRENUMERATETRUSTEDDOMAINSEX(struct ndr_push *ndr, int flags, const struct netr_NETRENUMERATETRUSTEDDOMAINSEX *r)
+static enum ndr_err_code ndr_push_netr_NetrEnumerateTrustedDomainsEx(struct ndr_push *ndr, int flags, const struct netr_NetrEnumerateTrustedDomainsEx *r)
 {
 	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.server_name));
+		if (r->in.server_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.server_name, ndr_charset_length(r->in.server_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
 	}
 	if (flags & NDR_OUT) {
+		if (r->out.dom_trust_list == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_netr_DomainTrustList(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.dom_trust_list));
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_netr_NETRENUMERATETRUSTEDDOMAINSEX(struct ndr_pull *ndr, int flags, struct netr_NETRENUMERATETRUSTEDDOMAINSEX *r)
+static enum ndr_err_code ndr_pull_netr_NetrEnumerateTrustedDomainsEx(struct ndr_pull *ndr, int flags, struct netr_NetrEnumerateTrustedDomainsEx *r)
 {
+	uint32_t _ptr_server_name;
+	TALLOC_CTX *_mem_save_server_name_0;
+	TALLOC_CTX *_mem_save_dom_trust_list_0;
 	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_name));
+		if (_ptr_server_name) {
+			NDR_PULL_ALLOC(ndr, r->in.server_name);
+		} else {
+			r->in.server_name = NULL;
+		}
+		if (r->in.server_name) {
+			_mem_save_server_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name));
+			if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0);
+		}
+		NDR_PULL_ALLOC(ndr, r->out.dom_trust_list);
+		ZERO_STRUCTP(r->out.dom_trust_list);
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.dom_trust_list);
+		}
+		_mem_save_dom_trust_list_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.dom_trust_list, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_netr_DomainTrustList(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.dom_trust_list));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dom_trust_list_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-_PUBLIC_ void ndr_print_netr_NETRENUMERATETRUSTEDDOMAINSEX(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRENUMERATETRUSTEDDOMAINSEX *r)
+_PUBLIC_ void ndr_print_netr_NetrEnumerateTrustedDomainsEx(struct ndr_print *ndr, const char *name, int flags, const struct netr_NetrEnumerateTrustedDomainsEx *r)
 {
-	ndr_print_struct(ndr, name, "netr_NETRENUMERATETRUSTEDDOMAINSEX");
+	ndr_print_struct(ndr, name, "netr_NetrEnumerateTrustedDomainsEx");
 	ndr->depth++;
 	if (flags & NDR_SET_VALUES) {
 		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
 	}
 	if (flags & NDR_IN) {
-		ndr_print_struct(ndr, "in", "netr_NETRENUMERATETRUSTEDDOMAINSEX");
+		ndr_print_struct(ndr, "in", "netr_NetrEnumerateTrustedDomainsEx");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "server_name", r->in.server_name);
 		ndr->depth++;
+		if (r->in.server_name) {
+			ndr_print_string(ndr, "server_name", r->in.server_name);
+		}
+		ndr->depth--;
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
-		ndr_print_struct(ndr, "out", "netr_NETRENUMERATETRUSTEDDOMAINSEX");
+		ndr_print_struct(ndr, "out", "netr_NetrEnumerateTrustedDomainsEx");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "dom_trust_list", r->out.dom_trust_list);
+		ndr->depth++;
+		ndr_print_netr_DomainTrustList(ndr, "dom_trust_list", r->out.dom_trust_list);
+		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_netr_DSRADDRESSTOSITENAMESEXW(struct ndr_push *ndr, int flags, const struct netr_DSRADDRESSTOSITENAMESEXW *r)
+static enum ndr_err_code ndr_push_netr_DsRAddressToSitenamesExW(struct ndr_push *ndr, int flags, const struct netr_DsRAddressToSitenamesExW *r)
 {
+	uint32_t cntr_addresses_1;
 	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.server_name));
+		if (r->in.server_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.server_name, ndr_charset_length(r->in.server_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.count));
+		if (r->in.addresses == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.count));
+		for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) {
+			NDR_CHECK(ndr_push_netr_DsRAddress(ndr, NDR_SCALARS, &r->in.addresses[cntr_addresses_1]));
+		}
+		for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) {
+			NDR_CHECK(ndr_push_netr_DsRAddress(ndr, NDR_BUFFERS, &r->in.addresses[cntr_addresses_1]));
+		}
 	}
 	if (flags & NDR_OUT) {
+		if (r->out.ctr == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.ctr));
+		if (*r->out.ctr) {
+			NDR_CHECK(ndr_push_netr_DsRAddressToSitenamesExWCtr(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.ctr));
+		}
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_netr_DSRADDRESSTOSITENAMESEXW(struct ndr_pull *ndr, int flags, struct netr_DSRADDRESSTOSITENAMESEXW *r)
+static enum ndr_err_code ndr_pull_netr_DsRAddressToSitenamesExW(struct ndr_pull *ndr, int flags, struct netr_DsRAddressToSitenamesExW *r)
 {
+	uint32_t _ptr_server_name;
+	uint32_t cntr_addresses_1;
+	uint32_t _ptr_ctr;
+	TALLOC_CTX *_mem_save_server_name_0;
+	TALLOC_CTX *_mem_save_addresses_1;
+	TALLOC_CTX *_mem_save_ctr_0;
+	TALLOC_CTX *_mem_save_ctr_1;
 	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_name));
+		if (_ptr_server_name) {
+			NDR_PULL_ALLOC(ndr, r->in.server_name);
+		} else {
+			r->in.server_name = NULL;
+		}
+		if (r->in.server_name) {
+			_mem_save_server_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name));
+			if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0);
+		}
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.count));
+		if (r->in.count < 0 || r->in.count > 32000) {
+			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+		}
+		NDR_CHECK(ndr_pull_array_size(ndr, &r->in.addresses));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC_N(ndr, r->in.addresses, ndr_get_array_size(ndr, &r->in.addresses));
+		}
+		_mem_save_addresses_1 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.addresses, 0);
+		for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) {
+			NDR_CHECK(ndr_pull_netr_DsRAddress(ndr, NDR_SCALARS, &r->in.addresses[cntr_addresses_1]));
+		}
+		for (cntr_addresses_1 = 0; cntr_addresses_1 < r->in.count; cntr_addresses_1++) {
+			NDR_CHECK(ndr_pull_netr_DsRAddress(ndr, NDR_BUFFERS, &r->in.addresses[cntr_addresses_1]));
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_addresses_1, 0);
+		NDR_PULL_ALLOC(ndr, r->out.ctr);
+		ZERO_STRUCTP(r->out.ctr);
+		if (r->in.addresses) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.addresses, r->in.count));
+		}
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.ctr);
+		}
+		_mem_save_ctr_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.ctr, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr));
+		if (_ptr_ctr) {
+			NDR_PULL_ALLOC(ndr, *r->out.ctr);
+		} else {
+			*r->out.ctr = NULL;
+		}
+		if (*r->out.ctr) {
+			_mem_save_ctr_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.ctr, 0);
+			NDR_CHECK(ndr_pull_netr_DsRAddressToSitenamesExWCtr(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.ctr));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ctr_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ctr_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-_PUBLIC_ void ndr_print_netr_DSRADDRESSTOSITENAMESEXW(struct ndr_print *ndr, const char *name, int flags, const struct netr_DSRADDRESSTOSITENAMESEXW *r)
+_PUBLIC_ void ndr_print_netr_DsRAddressToSitenamesExW(struct ndr_print *ndr, const char *name, int flags, const struct netr_DsRAddressToSitenamesExW *r)
 {
-	ndr_print_struct(ndr, name, "netr_DSRADDRESSTOSITENAMESEXW");
+	uint32_t cntr_addresses_1;
+	ndr_print_struct(ndr, name, "netr_DsRAddressToSitenamesExW");
 	ndr->depth++;
 	if (flags & NDR_SET_VALUES) {
 		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
 	}
 	if (flags & NDR_IN) {
-		ndr_print_struct(ndr, "in", "netr_DSRADDRESSTOSITENAMESEXW");
+		ndr_print_struct(ndr, "in", "netr_DsRAddressToSitenamesExW");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "server_name", r->in.server_name);
+		ndr->depth++;
+		if (r->in.server_name) {
+			ndr_print_string(ndr, "server_name", r->in.server_name);
+		}
+		ndr->depth--;
+		ndr_print_uint32(ndr, "count", r->in.count);
+		ndr_print_ptr(ndr, "addresses", r->in.addresses);
+		ndr->depth++;
+		ndr->print(ndr, "%s: ARRAY(%d)", "addresses", r->in.count);
+		ndr->depth++;
+		for (cntr_addresses_1=0;cntr_addresses_1<r->in.count;cntr_addresses_1++) {
+			char *idx_1=NULL;
+			if (asprintf(&idx_1, "[%d]", cntr_addresses_1) != -1) {
+				ndr_print_netr_DsRAddress(ndr, "addresses", &r->in.addresses[cntr_addresses_1]);
+				free(idx_1);
+			}
+		}
+		ndr->depth--;
+		ndr->depth--;
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
-		ndr_print_struct(ndr, "out", "netr_DSRADDRESSTOSITENAMESEXW");
+		ndr_print_struct(ndr, "out", "netr_DsRAddressToSitenamesExW");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "ctr", r->out.ctr);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "ctr", *r->out.ctr);
 		ndr->depth++;
+		if (*r->out.ctr) {
+			ndr_print_netr_DsRAddressToSitenamesExWCtr(ndr, "ctr", *r->out.ctr);
+		}
+		ndr->depth--;
+		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_netr_DSRGETDCSITECOVERAGEW(struct ndr_push *ndr, int flags, const struct netr_DSRGETDCSITECOVERAGEW *r)
+static enum ndr_err_code ndr_push_netr_DsrGetDcSiteCoverageW(struct ndr_push *ndr, int flags, const struct netr_DsrGetDcSiteCoverageW *r)
 {
 	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.server_name));
+		if (r->in.server_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.server_name, ndr_charset_length(r->in.server_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
 	}
 	if (flags & NDR_OUT) {
+		if (r->out.ctr == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_DcSitesCtr(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.ctr));
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_netr_DSRGETDCSITECOVERAGEW(struct ndr_pull *ndr, int flags, struct netr_DSRGETDCSITECOVERAGEW *r)
+static enum ndr_err_code ndr_pull_netr_DsrGetDcSiteCoverageW(struct ndr_pull *ndr, int flags, struct netr_DsrGetDcSiteCoverageW *r)
 {
+	uint32_t _ptr_server_name;
+	TALLOC_CTX *_mem_save_server_name_0;
+	TALLOC_CTX *_mem_save_ctr_0;
 	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_name));
+		if (_ptr_server_name) {
+			NDR_PULL_ALLOC(ndr, r->in.server_name);
+		} else {
+			r->in.server_name = NULL;
+		}
+		if (r->in.server_name) {
+			_mem_save_server_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name));
+			if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0);
+		}
+		NDR_PULL_ALLOC(ndr, r->out.ctr);
+		ZERO_STRUCTP(r->out.ctr);
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.ctr);
+		}
+		_mem_save_ctr_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.ctr, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_DcSitesCtr(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.ctr));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ctr_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-_PUBLIC_ void ndr_print_netr_DSRGETDCSITECOVERAGEW(struct ndr_print *ndr, const char *name, int flags, const struct netr_DSRGETDCSITECOVERAGEW *r)
+_PUBLIC_ void ndr_print_netr_DsrGetDcSiteCoverageW(struct ndr_print *ndr, const char *name, int flags, const struct netr_DsrGetDcSiteCoverageW *r)
 {
-	ndr_print_struct(ndr, name, "netr_DSRGETDCSITECOVERAGEW");
+	ndr_print_struct(ndr, name, "netr_DsrGetDcSiteCoverageW");
 	ndr->depth++;
 	if (flags & NDR_SET_VALUES) {
 		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
 	}
 	if (flags & NDR_IN) {
-		ndr_print_struct(ndr, "in", "netr_DSRGETDCSITECOVERAGEW");
+		ndr_print_struct(ndr, "in", "netr_DsrGetDcSiteCoverageW");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "server_name", r->in.server_name);
 		ndr->depth++;
+		if (r->in.server_name) {
+			ndr_print_string(ndr, "server_name", r->in.server_name);
+		}
+		ndr->depth--;
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
-		ndr_print_struct(ndr, "out", "netr_DSRGETDCSITECOVERAGEW");
+		ndr_print_struct(ndr, "out", "netr_DsrGetDcSiteCoverageW");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "ctr", r->out.ctr);
+		ndr->depth++;
+		ndr_print_DcSitesCtr(ndr, "ctr", r->out.ctr);
+		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -12053,8 +13370,11 @@ static enum ndr_err_code ndr_push_netr_LogonSamLogonEx(struct ndr_push *ndr, int
 			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.computer_name, ndr_charset_length(r->in.computer_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		}
 		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.logon_level));
-		NDR_CHECK(ndr_push_set_switch_value(ndr, &r->in.logon, r->in.logon_level));
-		NDR_CHECK(ndr_push_netr_LogonLevel(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.logon));
+		if (r->in.logon == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_set_switch_value(ndr, r->in.logon, r->in.logon_level));
+		NDR_CHECK(ndr_push_netr_LogonLevel(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.logon));
 		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.validation_level));
 		if (r->in.flags == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
@@ -12086,6 +13406,7 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogonEx(struct ndr_pull *ndr, int
 	uint32_t _ptr_computer_name;
 	TALLOC_CTX *_mem_save_server_name_0;
 	TALLOC_CTX *_mem_save_computer_name_0;
+	TALLOC_CTX *_mem_save_logon_0;
 	TALLOC_CTX *_mem_save_validation_0;
 	TALLOC_CTX *_mem_save_authoritative_0;
 	TALLOC_CTX *_mem_save_flags_0;
@@ -12129,8 +13450,14 @@ static enum ndr_err_code ndr_pull_netr_LogonSamLogonEx(struct ndr_pull *ndr, int
 			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_computer_name_0, 0);
 		}
 		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.logon_level));
-		NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->in.logon, r->in.logon_level));
-		NDR_CHECK(ndr_pull_netr_LogonLevel(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.logon));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.logon);
+		}
+		_mem_save_logon_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.logon, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, r->in.logon, r->in.logon_level));
+		NDR_CHECK(ndr_pull_netr_LogonLevel(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.logon));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_logon_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.validation_level));
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->in.flags);
@@ -12197,8 +13524,11 @@ _PUBLIC_ void ndr_print_netr_LogonSamLogonEx(struct ndr_print *ndr, const char *
 		}
 		ndr->depth--;
 		ndr_print_uint16(ndr, "logon_level", r->in.logon_level);
-		ndr_print_set_switch_value(ndr, &r->in.logon, r->in.logon_level);
-		ndr_print_netr_LogonLevel(ndr, "logon", &r->in.logon);
+		ndr_print_ptr(ndr, "logon", r->in.logon);
+		ndr->depth++;
+		ndr_print_set_switch_value(ndr, r->in.logon, r->in.logon_level);
+		ndr_print_netr_LogonLevel(ndr, "logon", r->in.logon);
+		ndr->depth--;
 		ndr_print_uint16(ndr, "validation_level", r->in.validation_level);
 		ndr_print_ptr(ndr, "flags", r->in.flags);
 		ndr->depth++;
@@ -12230,7 +13560,6 @@ _PUBLIC_ void ndr_print_netr_LogonSamLogonEx(struct ndr_print *ndr, const char *
 
 static enum ndr_err_code ndr_push_netr_DsrEnumerateDomainTrusts(struct ndr_push *ndr, int flags, const struct netr_DsrEnumerateDomainTrusts *r)
 {
-	uint32_t cntr_trusts_1;
 	if (flags & NDR_IN) {
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.server_name));
 		if (r->in.server_name) {
@@ -12242,23 +13571,10 @@ static enum ndr_err_code ndr_push_netr_DsrEnumerateDomainTrusts(struct ndr_push
 		NDR_CHECK(ndr_push_netr_TrustFlags(ndr, NDR_SCALARS, r->in.trust_flags));
 	}
 	if (flags & NDR_OUT) {
-		if (r->out.count == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
-		}
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.count));
 		if (r->out.trusts == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->out.count));
-		for (cntr_trusts_1 = 0; cntr_trusts_1 < r->out.count; cntr_trusts_1++) {
-			if (r->out.trusts[cntr_trusts_1] == NULL) {
-				return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
-			}
-			NDR_CHECK(ndr_push_ref_ptr(ndr));
-		}
-		for (cntr_trusts_1 = 0; cntr_trusts_1 < r->out.count; cntr_trusts_1++) {
-			NDR_CHECK(ndr_push_netr_DomainTrust(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.trusts[cntr_trusts_1]));
-		}
+		NDR_CHECK(ndr_push_netr_DomainTrustList(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.trusts));
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -12267,12 +13583,8 @@ static enum ndr_err_code ndr_push_netr_DsrEnumerateDomainTrusts(struct ndr_push
 static enum ndr_err_code ndr_pull_netr_DsrEnumerateDomainTrusts(struct ndr_pull *ndr, int flags, struct netr_DsrEnumerateDomainTrusts *r)
 {
 	uint32_t _ptr_server_name;
-	uint32_t _ptr_trusts;
-	uint32_t cntr_trusts_1;
 	TALLOC_CTX *_mem_save_server_name_0;
-	TALLOC_CTX *_mem_save_count_0;
-	TALLOC_CTX *_mem_save_trusts_1;
-	TALLOC_CTX *_mem_save_trusts_2;
+	TALLOC_CTX *_mem_save_trusts_0;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -12295,49 +13607,24 @@ static enum ndr_err_code ndr_pull_netr_DsrEnumerateDomainTrusts(struct ndr_pull
 			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0);
 		}
 		NDR_CHECK(ndr_pull_netr_TrustFlags(ndr, NDR_SCALARS, &r->in.trust_flags));
-		NDR_PULL_ALLOC(ndr, r->out.count);
-		ZERO_STRUCTP(r->out.count);
-		NDR_PULL_ALLOC_N(ndr, r->out.trusts, count);
-		memset(r->out.trusts, 0, count * sizeof(*r->out.trusts));
+		NDR_PULL_ALLOC(ndr, r->out.trusts);
+		ZERO_STRUCTP(r->out.trusts);
 	}
 	if (flags & NDR_OUT) {
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
-			NDR_PULL_ALLOC(ndr, r->out.count);
-		}
-		_mem_save_count_0 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, r->out.count, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.count));
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_count_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_array_size(ndr, &r->out.trusts));
-		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
-			NDR_PULL_ALLOC_N(ndr, r->out.trusts, ndr_get_array_size(ndr, &r->out.trusts));
-		}
-		_mem_save_trusts_1 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, r->out.trusts, 0);
-		for (cntr_trusts_1 = 0; cntr_trusts_1 < r->out.count; cntr_trusts_1++) {
-			NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_trusts));
-			if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
-				NDR_PULL_ALLOC(ndr, r->out.trusts[cntr_trusts_1]);
-			}
+			NDR_PULL_ALLOC(ndr, r->out.trusts);
 		}
-		for (cntr_trusts_1 = 0; cntr_trusts_1 < r->out.count; cntr_trusts_1++) {
-			_mem_save_trusts_2 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->out.trusts[cntr_trusts_1], LIBNDR_FLAG_REF_ALLOC);
-			NDR_CHECK(ndr_pull_netr_DomainTrust(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.trusts[cntr_trusts_1]));
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusts_2, LIBNDR_FLAG_REF_ALLOC);
-		}
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusts_1, 0);
+		_mem_save_trusts_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.trusts, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_netr_DomainTrustList(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.trusts));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusts_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
-		if (r->out.trusts) {
-			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.trusts, r->out.count));
-		}
 	}
 	return NDR_ERR_SUCCESS;
 }
 
 _PUBLIC_ void ndr_print_netr_DsrEnumerateDomainTrusts(struct ndr_print *ndr, const char *name, int flags, const struct netr_DsrEnumerateDomainTrusts *r)
 {
-	uint32_t cntr_trusts_1;
 	ndr_print_struct(ndr, name, "netr_DsrEnumerateDomainTrusts");
 	ndr->depth++;
 	if (flags & NDR_SET_VALUES) {
@@ -12358,26 +13645,9 @@ _PUBLIC_ void ndr_print_netr_DsrEnumerateDomainTrusts(struct ndr_print *ndr, con
 	if (flags & NDR_OUT) {
 		ndr_print_struct(ndr, "out", "netr_DsrEnumerateDomainTrusts");
 		ndr->depth++;
-		ndr_print_ptr(ndr, "count", r->out.count);
-		ndr->depth++;
-		ndr_print_uint32(ndr, "count", *r->out.count);
-		ndr->depth--;
 		ndr_print_ptr(ndr, "trusts", r->out.trusts);
 		ndr->depth++;
-		ndr->print(ndr, "%s: ARRAY(%d)", "trusts", r->out.count);
-		ndr->depth++;
-		for (cntr_trusts_1=0;cntr_trusts_1<r->out.count;cntr_trusts_1++) {
-			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_trusts_1);
-			if (idx_1) {
-				ndr_print_ptr(ndr, "trusts", r->out.trusts[cntr_trusts_1]);
-				ndr->depth++;
-				ndr_print_netr_DomainTrust(ndr, "trusts", r->out.trusts[cntr_trusts_1]);
-				ndr->depth--;
-				free(idx_1);
-			}
-		}
-		ndr->depth--;
+		ndr_print_netr_DomainTrustList(ndr, "trusts", r->out.trusts);
 		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
 		ndr->depth--;
@@ -12385,9 +13655,38 @@ _PUBLIC_ void ndr_print_netr_DsrEnumerateDomainTrusts(struct ndr_print *ndr, con
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_netr_DSRDEREGISTERDNSHOSTRECORDS(struct ndr_push *ndr, int flags, const struct netr_DSRDEREGISTERDNSHOSTRECORDS *r)
+static enum ndr_err_code ndr_push_netr_DsrDeregisterDNSHostRecords(struct ndr_push *ndr, int flags, const struct netr_DsrDeregisterDNSHostRecords *r)
 {
 	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.server_name));
+		if (r->in.server_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.server_name, ndr_charset_length(r->in.server_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.domain));
+		if (r->in.domain) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.domain, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.domain, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.domain, ndr_charset_length(r->in.domain, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.domain_guid));
+		if (r->in.domain_guid) {
+			NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.domain_guid));
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.dsa_guid));
+		if (r->in.dsa_guid) {
+			NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.dsa_guid));
+		}
+		if (r->in.dns_host == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.dns_host, CH_UTF16)));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.dns_host, CH_UTF16)));
+		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.dns_host, ndr_charset_length(r->in.dns_host, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 	}
 	if (flags & NDR_OUT) {
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
@@ -12395,9 +13694,84 @@ static enum ndr_err_code ndr_push_netr_DSRDEREGISTERDNSHOSTRECORDS(struct ndr_pu
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_netr_DSRDEREGISTERDNSHOSTRECORDS(struct ndr_pull *ndr, int flags, struct netr_DSRDEREGISTERDNSHOSTRECORDS *r)
+static enum ndr_err_code ndr_pull_netr_DsrDeregisterDNSHostRecords(struct ndr_pull *ndr, int flags, struct netr_DsrDeregisterDNSHostRecords *r)
 {
+	uint32_t _ptr_server_name;
+	uint32_t _ptr_domain;
+	uint32_t _ptr_domain_guid;
+	uint32_t _ptr_dsa_guid;
+	TALLOC_CTX *_mem_save_server_name_0;
+	TALLOC_CTX *_mem_save_domain_0;
+	TALLOC_CTX *_mem_save_domain_guid_0;
+	TALLOC_CTX *_mem_save_dsa_guid_0;
 	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_name));
+		if (_ptr_server_name) {
+			NDR_PULL_ALLOC(ndr, r->in.server_name);
+		} else {
+			r->in.server_name = NULL;
+		}
+		if (r->in.server_name) {
+			_mem_save_server_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name));
+			if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0);
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain));
+		if (_ptr_domain) {
+			NDR_PULL_ALLOC(ndr, r->in.domain);
+		} else {
+			r->in.domain = NULL;
+		}
+		if (r->in.domain) {
+			_mem_save_domain_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.domain, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.domain));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.domain));
+			if (ndr_get_array_length(ndr, &r->in.domain) > ndr_get_array_size(ndr, &r->in.domain)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.domain), ndr_get_array_length(ndr, &r->in.domain));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.domain), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.domain, ndr_get_array_length(ndr, &r->in.domain), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_0, 0);
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_guid));
+		if (_ptr_domain_guid) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_guid);
+		} else {
+			r->in.domain_guid = NULL;
+		}
+		if (r->in.domain_guid) {
+			_mem_save_domain_guid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_guid, 0);
+			NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.domain_guid));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_guid_0, 0);
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dsa_guid));
+		if (_ptr_dsa_guid) {
+			NDR_PULL_ALLOC(ndr, r->in.dsa_guid);
+		} else {
+			r->in.dsa_guid = NULL;
+		}
+		if (r->in.dsa_guid) {
+			_mem_save_dsa_guid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.dsa_guid, 0);
+			NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.dsa_guid));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dsa_guid_0, 0);
+		}
+		NDR_CHECK(ndr_pull_array_size(ndr, &r->in.dns_host));
+		NDR_CHECK(ndr_pull_array_length(ndr, &r->in.dns_host));
+		if (ndr_get_array_length(ndr, &r->in.dns_host) > ndr_get_array_size(ndr, &r->in.dns_host)) {
+			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.dns_host), ndr_get_array_length(ndr, &r->in.dns_host));
+		}
+		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.dns_host), sizeof(uint16_t)));
+		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.dns_host, ndr_get_array_length(ndr, &r->in.dns_host), sizeof(uint16_t), CH_UTF16));
 	}
 	if (flags & NDR_OUT) {
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
@@ -12405,20 +13779,48 @@ static enum ndr_err_code ndr_pull_netr_DSRDEREGISTERDNSHOSTRECORDS(struct ndr_pu
 	return NDR_ERR_SUCCESS;
 }
 
-_PUBLIC_ void ndr_print_netr_DSRDEREGISTERDNSHOSTRECORDS(struct ndr_print *ndr, const char *name, int flags, const struct netr_DSRDEREGISTERDNSHOSTRECORDS *r)
+_PUBLIC_ void ndr_print_netr_DsrDeregisterDNSHostRecords(struct ndr_print *ndr, const char *name, int flags, const struct netr_DsrDeregisterDNSHostRecords *r)
 {
-	ndr_print_struct(ndr, name, "netr_DSRDEREGISTERDNSHOSTRECORDS");
+	ndr_print_struct(ndr, name, "netr_DsrDeregisterDNSHostRecords");
 	ndr->depth++;
 	if (flags & NDR_SET_VALUES) {
 		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
 	}
 	if (flags & NDR_IN) {
-		ndr_print_struct(ndr, "in", "netr_DSRDEREGISTERDNSHOSTRECORDS");
+		ndr_print_struct(ndr, "in", "netr_DsrDeregisterDNSHostRecords");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "server_name", r->in.server_name);
 		ndr->depth++;
+		if (r->in.server_name) {
+			ndr_print_string(ndr, "server_name", r->in.server_name);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "domain", r->in.domain);
+		ndr->depth++;
+		if (r->in.domain) {
+			ndr_print_string(ndr, "domain", r->in.domain);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "domain_guid", r->in.domain_guid);
+		ndr->depth++;
+		if (r->in.domain_guid) {
+			ndr_print_GUID(ndr, "domain_guid", r->in.domain_guid);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "dsa_guid", r->in.dsa_guid);
+		ndr->depth++;
+		if (r->in.dsa_guid) {
+			ndr_print_GUID(ndr, "dsa_guid", r->in.dsa_guid);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "dns_host", r->in.dns_host);
+		ndr->depth++;
+		ndr_print_string(ndr, "dns_host", r->in.dns_host);
+		ndr->depth--;
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
-		ndr_print_struct(ndr, "out", "netr_DSRDEREGISTERDNSHOSTRECORDS");
+		ndr_print_struct(ndr, "out", "netr_DsrDeregisterDNSHostRecords");
 		ndr->depth++;
 		ndr_print_WERROR(ndr, "result", r->out.result);
 		ndr->depth--;
@@ -12426,123 +13828,494 @@ _PUBLIC_ void ndr_print_netr_DSRDEREGISTERDNSHOSTRECORDS(struct ndr_print *ndr,
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_netr_NETRSERVERTRUSTPASSWORDSGET(struct ndr_push *ndr, int flags, const struct netr_NETRSERVERTRUSTPASSWORDSGET *r)
+static enum ndr_err_code ndr_push_netr_ServerTrustPasswordsGet(struct ndr_push *ndr, int flags, const struct netr_ServerTrustPasswordsGet *r)
 {
 	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.server_name));
+		if (r->in.server_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.server_name, ndr_charset_length(r->in.server_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.account_name, CH_UTF16)));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.account_name, CH_UTF16)));
+		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.account_name, ndr_charset_length(r->in.account_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_push_netr_SchannelType(ndr, NDR_SCALARS, r->in.secure_channel_type));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.computer_name, CH_UTF16)));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.computer_name, CH_UTF16)));
+		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.computer_name, ndr_charset_length(r->in.computer_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		if (r->in.credential == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential));
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+		if (r->out.return_authenticator == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->out.return_authenticator));
+		if (r->out.password == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.password));
+		if (r->out.password2 == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.password2));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_netr_NETRSERVERTRUSTPASSWORDSGET(struct ndr_pull *ndr, int flags, struct netr_NETRSERVERTRUSTPASSWORDSGET *r)
+static enum ndr_err_code ndr_pull_netr_ServerTrustPasswordsGet(struct ndr_pull *ndr, int flags, struct netr_ServerTrustPasswordsGet *r)
 {
+	uint32_t _ptr_server_name;
+	TALLOC_CTX *_mem_save_server_name_0;
+	TALLOC_CTX *_mem_save_credential_0;
+	TALLOC_CTX *_mem_save_return_authenticator_0;
+	TALLOC_CTX *_mem_save_password_0;
+	TALLOC_CTX *_mem_save_password2_0;
 	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_name));
+		if (_ptr_server_name) {
+			NDR_PULL_ALLOC(ndr, r->in.server_name);
+		} else {
+			r->in.server_name = NULL;
+		}
+		if (r->in.server_name) {
+			_mem_save_server_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name));
+			if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0);
+		}
+		NDR_CHECK(ndr_pull_array_size(ndr, &r->in.account_name));
+		NDR_CHECK(ndr_pull_array_length(ndr, &r->in.account_name));
+		if (ndr_get_array_length(ndr, &r->in.account_name) > ndr_get_array_size(ndr, &r->in.account_name)) {
+			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.account_name), ndr_get_array_length(ndr, &r->in.account_name));
+		}
+		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t)));
+		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.account_name, ndr_get_array_length(ndr, &r->in.account_name), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_pull_netr_SchannelType(ndr, NDR_SCALARS, &r->in.secure_channel_type));
+		NDR_CHECK(ndr_pull_array_size(ndr, &r->in.computer_name));
+		NDR_CHECK(ndr_pull_array_length(ndr, &r->in.computer_name));
+		if (ndr_get_array_length(ndr, &r->in.computer_name) > ndr_get_array_size(ndr, &r->in.computer_name)) {
+			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.computer_name), ndr_get_array_length(ndr, &r->in.computer_name));
+		}
+		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t)));
+		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.computer_name, ndr_get_array_length(ndr, &r->in.computer_name), sizeof(uint16_t), CH_UTF16));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.credential);
+		}
+		_mem_save_credential_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.credential, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_credential_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.return_authenticator);
+		ZERO_STRUCTP(r->out.return_authenticator);
+		NDR_PULL_ALLOC(ndr, r->out.password);
+		ZERO_STRUCTP(r->out.password);
+		NDR_PULL_ALLOC(ndr, r->out.password2);
+		ZERO_STRUCTP(r->out.password2);
 	}
 	if (flags & NDR_OUT) {
-		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.return_authenticator);
+		}
+		_mem_save_return_authenticator_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.return_authenticator, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->out.return_authenticator));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_return_authenticator_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.password);
+		}
+		_mem_save_password_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.password, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.password));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.password2);
+		}
+		_mem_save_password2_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.password2, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.password2));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password2_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-_PUBLIC_ void ndr_print_netr_NETRSERVERTRUSTPASSWORDSGET(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRSERVERTRUSTPASSWORDSGET *r)
+_PUBLIC_ void ndr_print_netr_ServerTrustPasswordsGet(struct ndr_print *ndr, const char *name, int flags, const struct netr_ServerTrustPasswordsGet *r)
 {
-	ndr_print_struct(ndr, name, "netr_NETRSERVERTRUSTPASSWORDSGET");
+	ndr_print_struct(ndr, name, "netr_ServerTrustPasswordsGet");
 	ndr->depth++;
 	if (flags & NDR_SET_VALUES) {
 		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
 	}
 	if (flags & NDR_IN) {
-		ndr_print_struct(ndr, "in", "netr_NETRSERVERTRUSTPASSWORDSGET");
+		ndr_print_struct(ndr, "in", "netr_ServerTrustPasswordsGet");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "server_name", r->in.server_name);
 		ndr->depth++;
+		if (r->in.server_name) {
+			ndr_print_string(ndr, "server_name", r->in.server_name);
+		}
+		ndr->depth--;
+		ndr_print_string(ndr, "account_name", r->in.account_name);
+		ndr_print_netr_SchannelType(ndr, "secure_channel_type", r->in.secure_channel_type);
+		ndr_print_string(ndr, "computer_name", r->in.computer_name);
+		ndr_print_ptr(ndr, "credential", r->in.credential);
+		ndr->depth++;
+		ndr_print_netr_Authenticator(ndr, "credential", r->in.credential);
+		ndr->depth--;
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
-		ndr_print_struct(ndr, "out", "netr_NETRSERVERTRUSTPASSWORDSGET");
+		ndr_print_struct(ndr, "out", "netr_ServerTrustPasswordsGet");
 		ndr->depth++;
-		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr_print_ptr(ndr, "return_authenticator", r->out.return_authenticator);
+		ndr->depth++;
+		ndr_print_netr_Authenticator(ndr, "return_authenticator", r->out.return_authenticator);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "password", r->out.password);
+		ndr->depth++;
+		ndr_print_samr_Password(ndr, "password", r->out.password);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "password2", r->out.password2);
+		ndr->depth++;
+		ndr_print_samr_Password(ndr, "password2", r->out.password2);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_netr_DSRGETFORESTTRUSTINFORMATION(struct ndr_push *ndr, int flags, const struct netr_DSRGETFORESTTRUSTINFORMATION *r)
+static enum ndr_err_code ndr_push_netr_DsRGetForestTrustInformation(struct ndr_push *ndr, int flags, const struct netr_DsRGetForestTrustInformation *r)
 {
 	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.server_name));
+		if (r->in.server_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.server_name, ndr_charset_length(r->in.server_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.trusted_domain_name));
+		if (r->in.trusted_domain_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.trusted_domain_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.trusted_domain_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.trusted_domain_name, ndr_charset_length(r->in.trusted_domain_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.flags));
 	}
 	if (flags & NDR_OUT) {
+		if (r->out.forest_trust_info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.forest_trust_info));
+		if (*r->out.forest_trust_info) {
+			NDR_CHECK(ndr_push_lsa_ForestTrustInformation(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.forest_trust_info));
+		}
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_netr_DSRGETFORESTTRUSTINFORMATION(struct ndr_pull *ndr, int flags, struct netr_DSRGETFORESTTRUSTINFORMATION *r)
+static enum ndr_err_code ndr_pull_netr_DsRGetForestTrustInformation(struct ndr_pull *ndr, int flags, struct netr_DsRGetForestTrustInformation *r)
 {
+	uint32_t _ptr_server_name;
+	uint32_t _ptr_trusted_domain_name;
+	uint32_t _ptr_forest_trust_info;
+	TALLOC_CTX *_mem_save_server_name_0;
+	TALLOC_CTX *_mem_save_trusted_domain_name_0;
+	TALLOC_CTX *_mem_save_forest_trust_info_0;
+	TALLOC_CTX *_mem_save_forest_trust_info_1;
 	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_name));
+		if (_ptr_server_name) {
+			NDR_PULL_ALLOC(ndr, r->in.server_name);
+		} else {
+			r->in.server_name = NULL;
+		}
+		if (r->in.server_name) {
+			_mem_save_server_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name));
+			if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0);
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_trusted_domain_name));
+		if (_ptr_trusted_domain_name) {
+			NDR_PULL_ALLOC(ndr, r->in.trusted_domain_name);
+		} else {
+			r->in.trusted_domain_name = NULL;
+		}
+		if (r->in.trusted_domain_name) {
+			_mem_save_trusted_domain_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.trusted_domain_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.trusted_domain_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.trusted_domain_name));
+			if (ndr_get_array_length(ndr, &r->in.trusted_domain_name) > ndr_get_array_size(ndr, &r->in.trusted_domain_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.trusted_domain_name), ndr_get_array_length(ndr, &r->in.trusted_domain_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.trusted_domain_name, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_trusted_domain_name_0, 0);
+		}
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags));
+		NDR_PULL_ALLOC(ndr, r->out.forest_trust_info);
+		ZERO_STRUCTP(r->out.forest_trust_info);
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.forest_trust_info);
+		}
+		_mem_save_forest_trust_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.forest_trust_info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_forest_trust_info));
+		if (_ptr_forest_trust_info) {
+			NDR_PULL_ALLOC(ndr, *r->out.forest_trust_info);
+		} else {
+			*r->out.forest_trust_info = NULL;
+		}
+		if (*r->out.forest_trust_info) {
+			_mem_save_forest_trust_info_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.forest_trust_info, 0);
+			NDR_CHECK(ndr_pull_lsa_ForestTrustInformation(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.forest_trust_info));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_forest_trust_info_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_forest_trust_info_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-_PUBLIC_ void ndr_print_netr_DSRGETFORESTTRUSTINFORMATION(struct ndr_print *ndr, const char *name, int flags, const struct netr_DSRGETFORESTTRUSTINFORMATION *r)
+_PUBLIC_ void ndr_print_netr_DsRGetForestTrustInformation(struct ndr_print *ndr, const char *name, int flags, const struct netr_DsRGetForestTrustInformation *r)
 {
-	ndr_print_struct(ndr, name, "netr_DSRGETFORESTTRUSTINFORMATION");
+	ndr_print_struct(ndr, name, "netr_DsRGetForestTrustInformation");
 	ndr->depth++;
 	if (flags & NDR_SET_VALUES) {
 		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
 	}
 	if (flags & NDR_IN) {
-		ndr_print_struct(ndr, "in", "netr_DSRGETFORESTTRUSTINFORMATION");
+		ndr_print_struct(ndr, "in", "netr_DsRGetForestTrustInformation");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "server_name", r->in.server_name);
 		ndr->depth++;
+		if (r->in.server_name) {
+			ndr_print_string(ndr, "server_name", r->in.server_name);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "trusted_domain_name", r->in.trusted_domain_name);
+		ndr->depth++;
+		if (r->in.trusted_domain_name) {
+			ndr_print_string(ndr, "trusted_domain_name", r->in.trusted_domain_name);
+		}
+		ndr->depth--;
+		ndr_print_uint32(ndr, "flags", r->in.flags);
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
-		ndr_print_struct(ndr, "out", "netr_DSRGETFORESTTRUSTINFORMATION");
+		ndr_print_struct(ndr, "out", "netr_DsRGetForestTrustInformation");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "forest_trust_info", r->out.forest_trust_info);
 		ndr->depth++;
+		ndr_print_ptr(ndr, "forest_trust_info", *r->out.forest_trust_info);
+		ndr->depth++;
+		if (*r->out.forest_trust_info) {
+			ndr_print_lsa_ForestTrustInformation(ndr, "forest_trust_info", *r->out.forest_trust_info);
+		}
+		ndr->depth--;
+		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
 	ndr->depth--;
 }
 
-static enum ndr_err_code ndr_push_netr_NETRGETFORESTTRUSTINFORMATION(struct ndr_push *ndr, int flags, const struct netr_NETRGETFORESTTRUSTINFORMATION *r)
+static enum ndr_err_code ndr_push_netr_GetForestTrustInformation(struct ndr_push *ndr, int flags, const struct netr_GetForestTrustInformation *r)
 {
 	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.server_name));
+		if (r->in.server_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.server_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.server_name, ndr_charset_length(r->in.server_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		if (r->in.trusted_domain_name == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.trusted_domain_name, CH_UTF16)));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.trusted_domain_name, CH_UTF16)));
+		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.trusted_domain_name, ndr_charset_length(r->in.trusted_domain_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		if (r->in.credential == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.flags));
 	}
 	if (flags & NDR_OUT) {
+		if (r->out.return_authenticator == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->out.return_authenticator));
+		if (r->out.forest_trust_info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.forest_trust_info));
+		if (*r->out.forest_trust_info) {
+			NDR_CHECK(ndr_push_lsa_ForestTrustInformation(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.forest_trust_info));
+		}
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-static enum ndr_err_code ndr_pull_netr_NETRGETFORESTTRUSTINFORMATION(struct ndr_pull *ndr, int flags, struct netr_NETRGETFORESTTRUSTINFORMATION *r)
+static enum ndr_err_code ndr_pull_netr_GetForestTrustInformation(struct ndr_pull *ndr, int flags, struct netr_GetForestTrustInformation *r)
 {
+	uint32_t _ptr_server_name;
+	uint32_t _ptr_forest_trust_info;
+	TALLOC_CTX *_mem_save_server_name_0;
+	TALLOC_CTX *_mem_save_credential_0;
+	TALLOC_CTX *_mem_save_return_authenticator_0;
+	TALLOC_CTX *_mem_save_forest_trust_info_0;
+	TALLOC_CTX *_mem_save_forest_trust_info_1;
 	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server_name));
+		if (_ptr_server_name) {
+			NDR_PULL_ALLOC(ndr, r->in.server_name);
+		} else {
+			r->in.server_name = NULL;
+		}
+		if (r->in.server_name) {
+			_mem_save_server_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.server_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.server_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.server_name));
+			if (ndr_get_array_length(ndr, &r->in.server_name) > ndr_get_array_size(ndr, &r->in.server_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.server_name), ndr_get_array_length(ndr, &r->in.server_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.server_name, ndr_get_array_length(ndr, &r->in.server_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_name_0, 0);
+		}
+		NDR_CHECK(ndr_pull_array_size(ndr, &r->in.trusted_domain_name));
+		NDR_CHECK(ndr_pull_array_length(ndr, &r->in.trusted_domain_name));
+		if (ndr_get_array_length(ndr, &r->in.trusted_domain_name) > ndr_get_array_size(ndr, &r->in.trusted_domain_name)) {
+			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.trusted_domain_name), ndr_get_array_length(ndr, &r->in.trusted_domain_name));
+		}
+		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t)));
+		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.trusted_domain_name, ndr_get_array_length(ndr, &r->in.trusted_domain_name), sizeof(uint16_t), CH_UTF16));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.credential);
+		}
+		_mem_save_credential_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.credential, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->in.credential));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_credential_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags));
+		NDR_PULL_ALLOC(ndr, r->out.return_authenticator);
+		ZERO_STRUCTP(r->out.return_authenticator);
+		NDR_PULL_ALLOC(ndr, r->out.forest_trust_info);
+		ZERO_STRUCTP(r->out.forest_trust_info);
 	}
 	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.return_authenticator);
+		}
+		_mem_save_return_authenticator_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.return_authenticator, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->out.return_authenticator));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_return_authenticator_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.forest_trust_info);
+		}
+		_mem_save_forest_trust_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.forest_trust_info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_forest_trust_info));
+		if (_ptr_forest_trust_info) {
+			NDR_PULL_ALLOC(ndr, *r->out.forest_trust_info);
+		} else {
+			*r->out.forest_trust_info = NULL;
+		}
+		if (*r->out.forest_trust_info) {
+			_mem_save_forest_trust_info_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.forest_trust_info, 0);
+			NDR_CHECK(ndr_pull_lsa_ForestTrustInformation(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.forest_trust_info));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_forest_trust_info_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_forest_trust_info_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
 }
 
-_PUBLIC_ void ndr_print_netr_NETRGETFORESTTRUSTINFORMATION(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRGETFORESTTRUSTINFORMATION *r)
+_PUBLIC_ void ndr_print_netr_GetForestTrustInformation(struct ndr_print *ndr, const char *name, int flags, const struct netr_GetForestTrustInformation *r)
 {
-	ndr_print_struct(ndr, name, "netr_NETRGETFORESTTRUSTINFORMATION");
+	ndr_print_struct(ndr, name, "netr_GetForestTrustInformation");
 	ndr->depth++;
 	if (flags & NDR_SET_VALUES) {
 		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
 	}
 	if (flags & NDR_IN) {
-		ndr_print_struct(ndr, "in", "netr_NETRGETFORESTTRUSTINFORMATION");
+		ndr_print_struct(ndr, "in", "netr_GetForestTrustInformation");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "server_name", r->in.server_name);
 		ndr->depth++;
+		if (r->in.server_name) {
+			ndr_print_string(ndr, "server_name", r->in.server_name);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "trusted_domain_name", r->in.trusted_domain_name);
+		ndr->depth++;
+		ndr_print_string(ndr, "trusted_domain_name", r->in.trusted_domain_name);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "credential", r->in.credential);
+		ndr->depth++;
+		ndr_print_netr_Authenticator(ndr, "credential", r->in.credential);
+		ndr->depth--;
+		ndr_print_uint32(ndr, "flags", r->in.flags);
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
-		ndr_print_struct(ndr, "out", "netr_NETRGETFORESTTRUSTINFORMATION");
+		ndr_print_struct(ndr, "out", "netr_GetForestTrustInformation");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "return_authenticator", r->out.return_authenticator);
+		ndr->depth++;
+		ndr_print_netr_Authenticator(ndr, "return_authenticator", r->out.return_authenticator);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "forest_trust_info", r->out.forest_trust_info);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "forest_trust_info", *r->out.forest_trust_info);
+		ndr->depth++;
+		if (*r->out.forest_trust_info) {
+			ndr_print_lsa_ForestTrustInformation(ndr, "forest_trust_info", *r->out.forest_trust_info);
+		}
+		ndr->depth--;
+		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -13007,11 +14780,11 @@ static const struct ndr_interface_call netlogon_calls[] = {
 		false,
 	},
 	{
-		"netr_NETRENUMERATETRUSTEDDOMAINS",
-		sizeof(struct netr_NETRENUMERATETRUSTEDDOMAINS),
-		(ndr_push_flags_fn_t) ndr_push_netr_NETRENUMERATETRUSTEDDOMAINS,
-		(ndr_pull_flags_fn_t) ndr_pull_netr_NETRENUMERATETRUSTEDDOMAINS,
-		(ndr_print_function_t) ndr_print_netr_NETRENUMERATETRUSTEDDOMAINS,
+		"netr_NetrEnumerateTrustedDomains",
+		sizeof(struct netr_NetrEnumerateTrustedDomains),
+		(ndr_push_flags_fn_t) ndr_push_netr_NetrEnumerateTrustedDomains,
+		(ndr_pull_flags_fn_t) ndr_pull_netr_NetrEnumerateTrustedDomains,
+		(ndr_print_function_t) ndr_print_netr_NetrEnumerateTrustedDomains,
 		false,
 	},
 	{
@@ -13039,11 +14812,11 @@ static const struct ndr_interface_call netlogon_calls[] = {
 		false,
 	},
 	{
-		"netr_NETRLOGONGETTRUSTRID",
-		sizeof(struct netr_NETRLOGONGETTRUSTRID),
-		(ndr_push_flags_fn_t) ndr_push_netr_NETRLOGONGETTRUSTRID,
-		(ndr_pull_flags_fn_t) ndr_pull_netr_NETRLOGONGETTRUSTRID,
-		(ndr_print_function_t) ndr_print_netr_NETRLOGONGETTRUSTRID,
+		"netr_LogonGetTrustRid",
+		sizeof(struct netr_LogonGetTrustRid),
+		(ndr_push_flags_fn_t) ndr_push_netr_LogonGetTrustRid,
+		(ndr_pull_flags_fn_t) ndr_pull_netr_LogonGetTrustRid,
+		(ndr_print_function_t) ndr_print_netr_LogonGetTrustRid,
 		false,
 	},
 	{
@@ -13103,11 +14876,11 @@ static const struct ndr_interface_call netlogon_calls[] = {
 		false,
 	},
 	{
-		"netr_NETRSERVERPASSWORDGET",
-		sizeof(struct netr_NETRSERVERPASSWORDGET),
-		(ndr_push_flags_fn_t) ndr_push_netr_NETRSERVERPASSWORDGET,
-		(ndr_pull_flags_fn_t) ndr_pull_netr_NETRSERVERPASSWORDGET,
-		(ndr_print_function_t) ndr_print_netr_NETRSERVERPASSWORDGET,
+		"netr_ServerPasswordGet",
+		sizeof(struct netr_ServerPasswordGet),
+		(ndr_push_flags_fn_t) ndr_push_netr_ServerPasswordGet,
+		(ndr_pull_flags_fn_t) ndr_pull_netr_ServerPasswordGet,
+		(ndr_print_function_t) ndr_print_netr_ServerPasswordGet,
 		false,
 	},
 	{
@@ -13119,11 +14892,11 @@ static const struct ndr_interface_call netlogon_calls[] = {
 		false,
 	},
 	{
-		"netr_DSRADDRESSTOSITENAMESW",
-		sizeof(struct netr_DSRADDRESSTOSITENAMESW),
-		(ndr_push_flags_fn_t) ndr_push_netr_DSRADDRESSTOSITENAMESW,
-		(ndr_pull_flags_fn_t) ndr_pull_netr_DSRADDRESSTOSITENAMESW,
-		(ndr_print_function_t) ndr_print_netr_DSRADDRESSTOSITENAMESW,
+		"netr_DsRAddressToSitenamesW",
+		sizeof(struct netr_DsRAddressToSitenamesW),
+		(ndr_push_flags_fn_t) ndr_push_netr_DsRAddressToSitenamesW,
+		(ndr_pull_flags_fn_t) ndr_pull_netr_DsRAddressToSitenamesW,
+		(ndr_print_function_t) ndr_print_netr_DsRAddressToSitenamesW,
 		false,
 	},
 	{
@@ -13143,27 +14916,27 @@ static const struct ndr_interface_call netlogon_calls[] = {
 		false,
 	},
 	{
-		"netr_NETRENUMERATETRUSTEDDOMAINSEX",
-		sizeof(struct netr_NETRENUMERATETRUSTEDDOMAINSEX),
-		(ndr_push_flags_fn_t) ndr_push_netr_NETRENUMERATETRUSTEDDOMAINSEX,
-		(ndr_pull_flags_fn_t) ndr_pull_netr_NETRENUMERATETRUSTEDDOMAINSEX,
-		(ndr_print_function_t) ndr_print_netr_NETRENUMERATETRUSTEDDOMAINSEX,
+		"netr_NetrEnumerateTrustedDomainsEx",
+		sizeof(struct netr_NetrEnumerateTrustedDomainsEx),
+		(ndr_push_flags_fn_t) ndr_push_netr_NetrEnumerateTrustedDomainsEx,
+		(ndr_pull_flags_fn_t) ndr_pull_netr_NetrEnumerateTrustedDomainsEx,
+		(ndr_print_function_t) ndr_print_netr_NetrEnumerateTrustedDomainsEx,
 		false,
 	},
 	{
-		"netr_DSRADDRESSTOSITENAMESEXW",
-		sizeof(struct netr_DSRADDRESSTOSITENAMESEXW),
-		(ndr_push_flags_fn_t) ndr_push_netr_DSRADDRESSTOSITENAMESEXW,
-		(ndr_pull_flags_fn_t) ndr_pull_netr_DSRADDRESSTOSITENAMESEXW,
-		(ndr_print_function_t) ndr_print_netr_DSRADDRESSTOSITENAMESEXW,
+		"netr_DsRAddressToSitenamesExW",
+		sizeof(struct netr_DsRAddressToSitenamesExW),
+		(ndr_push_flags_fn_t) ndr_push_netr_DsRAddressToSitenamesExW,
+		(ndr_pull_flags_fn_t) ndr_pull_netr_DsRAddressToSitenamesExW,
+		(ndr_print_function_t) ndr_print_netr_DsRAddressToSitenamesExW,
 		false,
 	},
 	{
-		"netr_DSRGETDCSITECOVERAGEW",
-		sizeof(struct netr_DSRGETDCSITECOVERAGEW),
-		(ndr_push_flags_fn_t) ndr_push_netr_DSRGETDCSITECOVERAGEW,
-		(ndr_pull_flags_fn_t) ndr_pull_netr_DSRGETDCSITECOVERAGEW,
-		(ndr_print_function_t) ndr_print_netr_DSRGETDCSITECOVERAGEW,
+		"netr_DsrGetDcSiteCoverageW",
+		sizeof(struct netr_DsrGetDcSiteCoverageW),
+		(ndr_push_flags_fn_t) ndr_push_netr_DsrGetDcSiteCoverageW,
+		(ndr_pull_flags_fn_t) ndr_pull_netr_DsrGetDcSiteCoverageW,
+		(ndr_print_function_t) ndr_print_netr_DsrGetDcSiteCoverageW,
 		false,
 	},
 	{
@@ -13183,35 +14956,35 @@ static const struct ndr_interface_call netlogon_calls[] = {
 		false,
 	},
 	{
-		"netr_DSRDEREGISTERDNSHOSTRECORDS",
-		sizeof(struct netr_DSRDEREGISTERDNSHOSTRECORDS),
-		(ndr_push_flags_fn_t) ndr_push_netr_DSRDEREGISTERDNSHOSTRECORDS,
-		(ndr_pull_flags_fn_t) ndr_pull_netr_DSRDEREGISTERDNSHOSTRECORDS,
-		(ndr_print_function_t) ndr_print_netr_DSRDEREGISTERDNSHOSTRECORDS,
+		"netr_DsrDeregisterDNSHostRecords",
+		sizeof(struct netr_DsrDeregisterDNSHostRecords),
+		(ndr_push_flags_fn_t) ndr_push_netr_DsrDeregisterDNSHostRecords,
+		(ndr_pull_flags_fn_t) ndr_pull_netr_DsrDeregisterDNSHostRecords,
+		(ndr_print_function_t) ndr_print_netr_DsrDeregisterDNSHostRecords,
 		false,
 	},
 	{
-		"netr_NETRSERVERTRUSTPASSWORDSGET",
-		sizeof(struct netr_NETRSERVERTRUSTPASSWORDSGET),
-		(ndr_push_flags_fn_t) ndr_push_netr_NETRSERVERTRUSTPASSWORDSGET,
-		(ndr_pull_flags_fn_t) ndr_pull_netr_NETRSERVERTRUSTPASSWORDSGET,
-		(ndr_print_function_t) ndr_print_netr_NETRSERVERTRUSTPASSWORDSGET,
+		"netr_ServerTrustPasswordsGet",
+		sizeof(struct netr_ServerTrustPasswordsGet),
+		(ndr_push_flags_fn_t) ndr_push_netr_ServerTrustPasswordsGet,
+		(ndr_pull_flags_fn_t) ndr_pull_netr_ServerTrustPasswordsGet,
+		(ndr_print_function_t) ndr_print_netr_ServerTrustPasswordsGet,
 		false,
 	},
 	{
-		"netr_DSRGETFORESTTRUSTINFORMATION",
-		sizeof(struct netr_DSRGETFORESTTRUSTINFORMATION),
-		(ndr_push_flags_fn_t) ndr_push_netr_DSRGETFORESTTRUSTINFORMATION,
-		(ndr_pull_flags_fn_t) ndr_pull_netr_DSRGETFORESTTRUSTINFORMATION,
-		(ndr_print_function_t) ndr_print_netr_DSRGETFORESTTRUSTINFORMATION,
+		"netr_DsRGetForestTrustInformation",
+		sizeof(struct netr_DsRGetForestTrustInformation),
+		(ndr_push_flags_fn_t) ndr_push_netr_DsRGetForestTrustInformation,
+		(ndr_pull_flags_fn_t) ndr_pull_netr_DsRGetForestTrustInformation,
+		(ndr_print_function_t) ndr_print_netr_DsRGetForestTrustInformation,
 		false,
 	},
 	{
-		"netr_NETRGETFORESTTRUSTINFORMATION",
-		sizeof(struct netr_NETRGETFORESTTRUSTINFORMATION),
-		(ndr_push_flags_fn_t) ndr_push_netr_NETRGETFORESTTRUSTINFORMATION,
-		(ndr_pull_flags_fn_t) ndr_pull_netr_NETRGETFORESTTRUSTINFORMATION,
-		(ndr_print_function_t) ndr_print_netr_NETRGETFORESTTRUSTINFORMATION,
+		"netr_GetForestTrustInformation",
+		sizeof(struct netr_GetForestTrustInformation),
+		(ndr_push_flags_fn_t) ndr_push_netr_GetForestTrustInformation,
+		(ndr_pull_flags_fn_t) ndr_pull_netr_GetForestTrustInformation,
+		(ndr_print_function_t) ndr_print_netr_GetForestTrustInformation,
 		false,
 	},
 	{
diff --git a/source3/librpc/gen_ndr/ndr_netlogon.h b/source3/librpc/gen_ndr/ndr_netlogon.h
index 07c96f8c89..9a2eea8eff 100644
--- a/source3/librpc/gen_ndr/ndr_netlogon.h
+++ b/source3/librpc/gen_ndr/ndr_netlogon.h
@@ -57,7 +57,7 @@ extern const struct ndr_interface_table ndr_table_netlogon;
 
 #define NDR_NETR_NETRLOGONSETSERVICEBITS (0x16)
 
-#define NDR_NETR_NETRLOGONGETTRUSTRID (0x17)
+#define NDR_NETR_LOGONGETTRUSTRID (0x17)
 
 #define NDR_NETR_NETRLOGONCOMPUTESERVERDIGEST (0x18)
 
@@ -73,7 +73,7 @@ extern const struct ndr_interface_table ndr_table_netlogon;
 
 #define NDR_NETR_SERVERPASSWORDSET2 (0x1e)
 
-#define NDR_NETR_NETRSERVERPASSWORDGET (0x1f)
+#define NDR_NETR_SERVERPASSWORDGET (0x1f)
 
 #define NDR_NETR_NETRLOGONSENDTOSAM (0x20)
 
@@ -95,11 +95,11 @@ extern const struct ndr_interface_table ndr_table_netlogon;
 
 #define NDR_NETR_DSRDEREGISTERDNSHOSTRECORDS (0x29)
 
-#define NDR_NETR_NETRSERVERTRUSTPASSWORDSGET (0x2a)
+#define NDR_NETR_SERVERTRUSTPASSWORDSGET (0x2a)
 
 #define NDR_NETR_DSRGETFORESTTRUSTINFORMATION (0x2b)
 
-#define NDR_NETR_NETRGETFORESTTRUSTINFORMATION (0x2c)
+#define NDR_NETR_GETFORESTTRUSTINFORMATION (0x2c)
 
 #define NDR_NETR_LOGONSAMLOGONWITHFLAGS (0x2d)
 
@@ -109,6 +109,9 @@ extern const struct ndr_interface_table ndr_table_netlogon;
 void ndr_print_netr_UasInfo(struct ndr_print *ndr, const char *name, const struct netr_UasInfo *r);
 void ndr_print_netr_UasLogoffInfo(struct ndr_print *ndr, const char *name, const struct netr_UasLogoffInfo *r);
 void ndr_print_netr_AcctLockStr(struct ndr_print *ndr, const char *name, const struct netr_AcctLockStr *r);
+enum ndr_err_code ndr_push_netr_LogonParameterControl(struct ndr_push *ndr, int ndr_flags, uint32_t r);
+enum ndr_err_code ndr_pull_netr_LogonParameterControl(struct ndr_pull *ndr, int ndr_flags, uint32_t *r);
+void ndr_print_netr_LogonParameterControl(struct ndr_print *ndr, const char *name, uint32_t r);
 void ndr_print_netr_IdentityInfo(struct ndr_print *ndr, const char *name, const struct netr_IdentityInfo *r);
 void ndr_print_netr_PasswordInfo(struct ndr_print *ndr, const char *name, const struct netr_PasswordInfo *r);
 void ndr_print_netr_ChallengeResponse(struct ndr_print *ndr, const char *name, const struct netr_ChallengeResponse *r);
@@ -116,9 +119,6 @@ void ndr_print_netr_NetworkInfo(struct ndr_print *ndr, const char *name, const s
 enum ndr_err_code ndr_push_netr_LogonLevel(struct ndr_push *ndr, int ndr_flags, const union netr_LogonLevel *r);
 enum ndr_err_code ndr_pull_netr_LogonLevel(struct ndr_pull *ndr, int ndr_flags, union netr_LogonLevel *r);
 void ndr_print_netr_LogonLevel(struct ndr_print *ndr, const char *name, const union netr_LogonLevel *r);
-enum ndr_err_code ndr_push_netr_GroupMembership(struct ndr_push *ndr, int ndr_flags, const struct netr_GroupMembership *r);
-enum ndr_err_code ndr_pull_netr_GroupMembership(struct ndr_pull *ndr, int ndr_flags, struct netr_GroupMembership *r);
-void ndr_print_netr_GroupMembership(struct ndr_print *ndr, const char *name, const struct netr_GroupMembership *r);
 enum ndr_err_code ndr_push_netr_UserSessionKey(struct ndr_push *ndr, int ndr_flags, const struct netr_UserSessionKey *r);
 enum ndr_err_code ndr_pull_netr_UserSessionKey(struct ndr_pull *ndr, int ndr_flags, struct netr_UserSessionKey *r);
 void ndr_print_netr_UserSessionKey(struct ndr_print *ndr, const char *name, const struct netr_UserSessionKey *r);
@@ -183,8 +183,11 @@ void ndr_print_netr_NETLOGON_INFO_3(struct ndr_print *ndr, const char *name, con
 void ndr_print_netr_CONTROL_QUERY_INFORMATION(struct ndr_print *ndr, const char *name, const union netr_CONTROL_QUERY_INFORMATION *r);
 void ndr_print_netr_LogonControlCode(struct ndr_print *ndr, const char *name, enum netr_LogonControlCode r);
 void ndr_print_netr_CONTROL_DATA_INFORMATION(struct ndr_print *ndr, const char *name, const union netr_CONTROL_DATA_INFORMATION *r);
-void ndr_print_netr_DsRGetDCNameInfo(struct ndr_print *ndr, const char *name, const struct netr_DsRGetDCNameInfo *r);
 void ndr_print_netr_Blob(struct ndr_print *ndr, const char *name, const struct netr_Blob *r);
+void ndr_print_netr_DsRGetDCName_flags(struct ndr_print *ndr, const char *name, uint32_t r);
+void ndr_print_netr_DsRGetDCNameInfo_AddressType(struct ndr_print *ndr, const char *name, enum netr_DsRGetDCNameInfo_AddressType r);
+void ndr_print_netr_DsR_DcFlags(struct ndr_print *ndr, const char *name, uint32_t r);
+void ndr_print_netr_DsRGetDCNameInfo(struct ndr_print *ndr, const char *name, const struct netr_DsRGetDCNameInfo *r);
 void ndr_print_netr_BinaryString(struct ndr_print *ndr, const char *name, const struct netr_BinaryString *r);
 void ndr_print_netr_DomainQuery1(struct ndr_print *ndr, const char *name, const struct netr_DomainQuery1 *r);
 void ndr_print_netr_DomainQuery(struct ndr_print *ndr, const char *name, const union netr_DomainQuery *r);
@@ -192,10 +195,15 @@ void ndr_print_netr_DomainTrustInfo(struct ndr_print *ndr, const char *name, con
 void ndr_print_netr_DomainInfo1(struct ndr_print *ndr, const char *name, const struct netr_DomainInfo1 *r);
 void ndr_print_netr_DomainInfo(struct ndr_print *ndr, const char *name, const union netr_DomainInfo *r);
 void ndr_print_netr_CryptPassword(struct ndr_print *ndr, const char *name, const struct netr_CryptPassword *r);
+void ndr_print_netr_DsRAddressToSitenamesWCtr(struct ndr_print *ndr, const char *name, const struct netr_DsRAddressToSitenamesWCtr *r);
+void ndr_print_netr_DsRAddress(struct ndr_print *ndr, const char *name, const struct netr_DsRAddress *r);
 void ndr_print_netr_TrustFlags(struct ndr_print *ndr, const char *name, uint32_t r);
 void ndr_print_netr_TrustType(struct ndr_print *ndr, const char *name, enum netr_TrustType r);
 void ndr_print_netr_TrustAttributes(struct ndr_print *ndr, const char *name, uint32_t r);
 void ndr_print_netr_DomainTrust(struct ndr_print *ndr, const char *name, const struct netr_DomainTrust *r);
+void ndr_print_netr_DomainTrustList(struct ndr_print *ndr, const char *name, const struct netr_DomainTrustList *r);
+void ndr_print_netr_DsRAddressToSitenamesExWCtr(struct ndr_print *ndr, const char *name, const struct netr_DsRAddressToSitenamesExWCtr *r);
+void ndr_print_DcSitesCtr(struct ndr_print *ndr, const char *name, const struct DcSitesCtr *r);
 void ndr_print_netr_LogonUasLogon(struct ndr_print *ndr, const char *name, int flags, const struct netr_LogonUasLogon *r);
 void ndr_print_netr_LogonUasLogoff(struct ndr_print *ndr, const char *name, int flags, const struct netr_LogonUasLogoff *r);
 void ndr_print_netr_LogonSamLogon(struct ndr_print *ndr, const char *name, int flags, const struct netr_LogonSamLogon *r);
@@ -215,11 +223,11 @@ void ndr_print_netr_ServerAuthenticate2(struct ndr_print *ndr, const char *name,
 void ndr_print_netr_DatabaseSync2(struct ndr_print *ndr, const char *name, int flags, const struct netr_DatabaseSync2 *r);
 void ndr_print_netr_DatabaseRedo(struct ndr_print *ndr, const char *name, int flags, const struct netr_DatabaseRedo *r);
 void ndr_print_netr_LogonControl2Ex(struct ndr_print *ndr, const char *name, int flags, const struct netr_LogonControl2Ex *r);
-void ndr_print_netr_NETRENUMERATETRUSTEDDOMAINS(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRENUMERATETRUSTEDDOMAINS *r);
+void ndr_print_netr_NetrEnumerateTrustedDomains(struct ndr_print *ndr, const char *name, int flags, const struct netr_NetrEnumerateTrustedDomains *r);
 void ndr_print_netr_DsRGetDCName(struct ndr_print *ndr, const char *name, int flags, const struct netr_DsRGetDCName *r);
 void ndr_print_netr_NETRLOGONDUMMYROUTINE1(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRLOGONDUMMYROUTINE1 *r);
 void ndr_print_netr_NETRLOGONSETSERVICEBITS(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRLOGONSETSERVICEBITS *r);
-void ndr_print_netr_NETRLOGONGETTRUSTRID(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRLOGONGETTRUSTRID *r);
+void ndr_print_netr_LogonGetTrustRid(struct ndr_print *ndr, const char *name, int flags, const struct netr_LogonGetTrustRid *r);
 void ndr_print_netr_NETRLOGONCOMPUTESERVERDIGEST(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRLOGONCOMPUTESERVERDIGEST *r);
 void ndr_print_netr_NETRLOGONCOMPUTECLIENTDIGEST(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r);
 void ndr_print_netr_ServerAuthenticate3(struct ndr_print *ndr, const char *name, int flags, const struct netr_ServerAuthenticate3 *r);
@@ -227,20 +235,20 @@ void ndr_print_netr_DsRGetDCNameEx(struct ndr_print *ndr, const char *name, int
 void ndr_print_netr_DsRGetSiteName(struct ndr_print *ndr, const char *name, int flags, const struct netr_DsRGetSiteName *r);
 void ndr_print_netr_LogonGetDomainInfo(struct ndr_print *ndr, const char *name, int flags, const struct netr_LogonGetDomainInfo *r);
 void ndr_print_netr_ServerPasswordSet2(struct ndr_print *ndr, const char *name, int flags, const struct netr_ServerPasswordSet2 *r);
-void ndr_print_netr_NETRSERVERPASSWORDGET(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRSERVERPASSWORDGET *r);
+void ndr_print_netr_ServerPasswordGet(struct ndr_print *ndr, const char *name, int flags, const struct netr_ServerPasswordGet *r);
 void ndr_print_netr_NETRLOGONSENDTOSAM(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRLOGONSENDTOSAM *r);
-void ndr_print_netr_DSRADDRESSTOSITENAMESW(struct ndr_print *ndr, const char *name, int flags, const struct netr_DSRADDRESSTOSITENAMESW *r);
+void ndr_print_netr_DsRAddressToSitenamesW(struct ndr_print *ndr, const char *name, int flags, const struct netr_DsRAddressToSitenamesW *r);
 void ndr_print_netr_DsRGetDCNameEx2(struct ndr_print *ndr, const char *name, int flags, const struct netr_DsRGetDCNameEx2 *r);
 void ndr_print_netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r);
-void ndr_print_netr_NETRENUMERATETRUSTEDDOMAINSEX(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRENUMERATETRUSTEDDOMAINSEX *r);
-void ndr_print_netr_DSRADDRESSTOSITENAMESEXW(struct ndr_print *ndr, const char *name, int flags, const struct netr_DSRADDRESSTOSITENAMESEXW *r);
-void ndr_print_netr_DSRGETDCSITECOVERAGEW(struct ndr_print *ndr, const char *name, int flags, const struct netr_DSRGETDCSITECOVERAGEW *r);
+void ndr_print_netr_NetrEnumerateTrustedDomainsEx(struct ndr_print *ndr, const char *name, int flags, const struct netr_NetrEnumerateTrustedDomainsEx *r);
+void ndr_print_netr_DsRAddressToSitenamesExW(struct ndr_print *ndr, const char *name, int flags, const struct netr_DsRAddressToSitenamesExW *r);
+void ndr_print_netr_DsrGetDcSiteCoverageW(struct ndr_print *ndr, const char *name, int flags, const struct netr_DsrGetDcSiteCoverageW *r);
 void ndr_print_netr_LogonSamLogonEx(struct ndr_print *ndr, const char *name, int flags, const struct netr_LogonSamLogonEx *r);
 void ndr_print_netr_DsrEnumerateDomainTrusts(struct ndr_print *ndr, const char *name, int flags, const struct netr_DsrEnumerateDomainTrusts *r);
-void ndr_print_netr_DSRDEREGISTERDNSHOSTRECORDS(struct ndr_print *ndr, const char *name, int flags, const struct netr_DSRDEREGISTERDNSHOSTRECORDS *r);
-void ndr_print_netr_NETRSERVERTRUSTPASSWORDSGET(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRSERVERTRUSTPASSWORDSGET *r);
-void ndr_print_netr_DSRGETFORESTTRUSTINFORMATION(struct ndr_print *ndr, const char *name, int flags, const struct netr_DSRGETFORESTTRUSTINFORMATION *r);
-void ndr_print_netr_NETRGETFORESTTRUSTINFORMATION(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRGETFORESTTRUSTINFORMATION *r);
+void ndr_print_netr_DsrDeregisterDNSHostRecords(struct ndr_print *ndr, const char *name, int flags, const struct netr_DsrDeregisterDNSHostRecords *r);
+void ndr_print_netr_ServerTrustPasswordsGet(struct ndr_print *ndr, const char *name, int flags, const struct netr_ServerTrustPasswordsGet *r);
+void ndr_print_netr_DsRGetForestTrustInformation(struct ndr_print *ndr, const char *name, int flags, const struct netr_DsRGetForestTrustInformation *r);
+void ndr_print_netr_GetForestTrustInformation(struct ndr_print *ndr, const char *name, int flags, const struct netr_GetForestTrustInformation *r);
 void ndr_print_netr_LogonSamLogonWithFlags(struct ndr_print *ndr, const char *name, int flags, const struct netr_LogonSamLogonWithFlags *r);
 void ndr_print_netr_NETRSERVERGETTRUSTINFO(struct ndr_print *ndr, const char *name, int flags, const struct netr_NETRSERVERGETTRUSTINFO *r);
 #endif /* _HEADER_NDR_netlogon */
diff --git a/source3/librpc/gen_ndr/ndr_notify.c b/source3/librpc/gen_ndr/ndr_notify.c
index 8abfdfdf92..195d421408 100644
--- a/source3/librpc/gen_ndr/ndr_notify.c
+++ b/source3/librpc/gen_ndr/ndr_notify.c
@@ -120,8 +120,7 @@ _PUBLIC_ void ndr_print_notify_depth(struct ndr_print *ndr, const char *name, co
 	ndr->depth++;
 	for (cntr_entries_0=0;cntr_entries_0<r->num_entries;cntr_entries_0++) {
 		char *idx_0=NULL;
-		asprintf(&idx_0, "[%d]", cntr_entries_0);
-		if (idx_0) {
+		if (asprintf(&idx_0, "[%d]", cntr_entries_0) != -1) {
 			ndr_print_notify_entry(ndr, "entries", &r->entries[cntr_entries_0]);
 			free(idx_0);
 		}
@@ -184,8 +183,7 @@ _PUBLIC_ void ndr_print_notify_array(struct ndr_print *ndr, const char *name, co
 	ndr->depth++;
 	for (cntr_depth_0=0;cntr_depth_0<r->num_depths;cntr_depth_0++) {
 		char *idx_0=NULL;
-		asprintf(&idx_0, "[%d]", cntr_depth_0);
-		if (idx_0) {
+		if (asprintf(&idx_0, "[%d]", cntr_depth_0) != -1) {
 			ndr_print_notify_depth(ndr, "depth", &r->depth[cntr_depth_0]);
 			free(idx_0);
 		}
diff --git a/source3/librpc/gen_ndr/ndr_ntsvcs.c b/source3/librpc/gen_ndr/ndr_ntsvcs.c
new file mode 100644
index 0000000000..9a0e2bcf4f
--- /dev/null
+++ b/source3/librpc/gen_ndr/ndr_ntsvcs.c
@@ -0,0 +1,3616 @@
+/* parser auto-generated by pidl */
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_ntsvcs.h"
+
+static enum ndr_err_code ndr_push_PNP_HwProfInfo(struct ndr_push *ndr, int ndr_flags, const struct PNP_HwProfInfo *r)
+{
+	uint32_t cntr_unknown2_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown1));
+		for (cntr_unknown2_0 = 0; cntr_unknown2_0 < 160; cntr_unknown2_0++) {
+			NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->unknown2[cntr_unknown2_0]));
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown3));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_HwProfInfo(struct ndr_pull *ndr, int ndr_flags, struct PNP_HwProfInfo *r)
+{
+	uint32_t cntr_unknown2_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown1));
+		for (cntr_unknown2_0 = 0; cntr_unknown2_0 < 160; cntr_unknown2_0++) {
+			NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->unknown2[cntr_unknown2_0]));
+		}
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown3));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_HwProfInfo(struct ndr_print *ndr, const char *name, const struct PNP_HwProfInfo *r)
+{
+	uint32_t cntr_unknown2_0;
+	ndr_print_struct(ndr, name, "PNP_HwProfInfo");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "unknown1", r->unknown1);
+	ndr->print(ndr, "%s: ARRAY(%d)", "unknown2", 160);
+	ndr->depth++;
+	for (cntr_unknown2_0=0;cntr_unknown2_0<160;cntr_unknown2_0++) {
+		char *idx_0=NULL;
+		if (asprintf(&idx_0, "[%d]", cntr_unknown2_0) != -1) {
+			ndr_print_uint16(ndr, "unknown2", r->unknown2[cntr_unknown2_0]);
+			free(idx_0);
+		}
+	}
+	ndr->depth--;
+	ndr_print_uint32(ndr, "unknown3", r->unknown3);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_Disconnect(struct ndr_push *ndr, int flags, const struct PNP_Disconnect *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_Disconnect(struct ndr_pull *ndr, int flags, struct PNP_Disconnect *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_Disconnect(struct ndr_print *ndr, const char *name, int flags, const struct PNP_Disconnect *r)
+{
+	ndr_print_struct(ndr, name, "PNP_Disconnect");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_Disconnect");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_Disconnect");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_Connect(struct ndr_push *ndr, int flags, const struct PNP_Connect *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_Connect(struct ndr_pull *ndr, int flags, struct PNP_Connect *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_Connect(struct ndr_print *ndr, const char *name, int flags, const struct PNP_Connect *r)
+{
+	ndr_print_struct(ndr, name, "PNP_Connect");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_Connect");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_Connect");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetVersion(struct ndr_push *ndr, int flags, const struct PNP_GetVersion *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.version == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, *r->out.version));
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetVersion(struct ndr_pull *ndr, int flags, struct PNP_GetVersion *r)
+{
+	TALLOC_CTX *_mem_save_version_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_PULL_ALLOC(ndr, r->out.version);
+		ZERO_STRUCTP(r->out.version);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.version);
+		}
+		_mem_save_version_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.version, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, r->out.version));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_version_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetVersion(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetVersion *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetVersion");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetVersion");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetVersion");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "version", r->out.version);
+		ndr->depth++;
+		ndr_print_uint16(ndr, "version", *r->out.version);
+		ndr->depth--;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetGlobalState(struct ndr_push *ndr, int flags, const struct PNP_GetGlobalState *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetGlobalState(struct ndr_pull *ndr, int flags, struct PNP_GetGlobalState *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetGlobalState(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetGlobalState *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetGlobalState");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetGlobalState");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetGlobalState");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_InitDetection(struct ndr_push *ndr, int flags, const struct PNP_InitDetection *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_InitDetection(struct ndr_pull *ndr, int flags, struct PNP_InitDetection *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_InitDetection(struct ndr_print *ndr, const char *name, int flags, const struct PNP_InitDetection *r)
+{
+	ndr_print_struct(ndr, name, "PNP_InitDetection");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_InitDetection");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_InitDetection");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_ReportLogOn(struct ndr_push *ndr, int flags, const struct PNP_ReportLogOn *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_ReportLogOn(struct ndr_pull *ndr, int flags, struct PNP_ReportLogOn *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_ReportLogOn(struct ndr_print *ndr, const char *name, int flags, const struct PNP_ReportLogOn *r)
+{
+	ndr_print_struct(ndr, name, "PNP_ReportLogOn");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_ReportLogOn");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_ReportLogOn");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_ValidateDeviceInstance(struct ndr_push *ndr, int flags, const struct PNP_ValidateDeviceInstance *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.devicepath == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.devicepath, CH_UTF16)));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.devicepath, CH_UTF16)));
+		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.devicepath, ndr_charset_length(r->in.devicepath, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.flags));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_ValidateDeviceInstance(struct ndr_pull *ndr, int flags, struct PNP_ValidateDeviceInstance *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_pull_array_size(ndr, &r->in.devicepath));
+		NDR_CHECK(ndr_pull_array_length(ndr, &r->in.devicepath));
+		if (ndr_get_array_length(ndr, &r->in.devicepath) > ndr_get_array_size(ndr, &r->in.devicepath)) {
+			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.devicepath), ndr_get_array_length(ndr, &r->in.devicepath));
+		}
+		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t)));
+		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_ValidateDeviceInstance(struct ndr_print *ndr, const char *name, int flags, const struct PNP_ValidateDeviceInstance *r)
+{
+	ndr_print_struct(ndr, name, "PNP_ValidateDeviceInstance");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_ValidateDeviceInstance");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "devicepath", r->in.devicepath);
+		ndr->depth++;
+		ndr_print_string(ndr, "devicepath", r->in.devicepath);
+		ndr->depth--;
+		ndr_print_uint32(ndr, "flags", r->in.flags);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_ValidateDeviceInstance");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetRootDeviceInstance(struct ndr_push *ndr, int flags, const struct PNP_GetRootDeviceInstance *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetRootDeviceInstance(struct ndr_pull *ndr, int flags, struct PNP_GetRootDeviceInstance *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetRootDeviceInstance(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetRootDeviceInstance *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetRootDeviceInstance");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetRootDeviceInstance");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetRootDeviceInstance");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetRelatedDeviceInstance(struct ndr_push *ndr, int flags, const struct PNP_GetRelatedDeviceInstance *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetRelatedDeviceInstance(struct ndr_pull *ndr, int flags, struct PNP_GetRelatedDeviceInstance *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetRelatedDeviceInstance(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetRelatedDeviceInstance *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetRelatedDeviceInstance");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetRelatedDeviceInstance");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetRelatedDeviceInstance");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_EnumerateSubKeys(struct ndr_push *ndr, int flags, const struct PNP_EnumerateSubKeys *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_EnumerateSubKeys(struct ndr_pull *ndr, int flags, struct PNP_EnumerateSubKeys *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_EnumerateSubKeys(struct ndr_print *ndr, const char *name, int flags, const struct PNP_EnumerateSubKeys *r)
+{
+	ndr_print_struct(ndr, name, "PNP_EnumerateSubKeys");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_EnumerateSubKeys");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_EnumerateSubKeys");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetDeviceList(struct ndr_push *ndr, int flags, const struct PNP_GetDeviceList *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetDeviceList(struct ndr_pull *ndr, int flags, struct PNP_GetDeviceList *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetDeviceList(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetDeviceList *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetDeviceList");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetDeviceList");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetDeviceList");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetDeviceListSize(struct ndr_push *ndr, int flags, const struct PNP_GetDeviceListSize *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.devicename));
+		if (r->in.devicename) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.devicename, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.devicename, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.devicename, ndr_charset_length(r->in.devicename, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.flags));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.size == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.size));
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetDeviceListSize(struct ndr_pull *ndr, int flags, struct PNP_GetDeviceListSize *r)
+{
+	uint32_t _ptr_devicename;
+	TALLOC_CTX *_mem_save_devicename_0;
+	TALLOC_CTX *_mem_save_size_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_devicename));
+		if (_ptr_devicename) {
+			NDR_PULL_ALLOC(ndr, r->in.devicename);
+		} else {
+			r->in.devicename = NULL;
+		}
+		if (r->in.devicename) {
+			_mem_save_devicename_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.devicename, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.devicename));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.devicename));
+			if (ndr_get_array_length(ndr, &r->in.devicename) > ndr_get_array_size(ndr, &r->in.devicename)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.devicename), ndr_get_array_length(ndr, &r->in.devicename));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.devicename), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicename, ndr_get_array_length(ndr, &r->in.devicename), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_devicename_0, 0);
+		}
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags));
+		NDR_PULL_ALLOC(ndr, r->out.size);
+		ZERO_STRUCTP(r->out.size);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.size);
+		}
+		_mem_save_size_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.size, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.size));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_size_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetDeviceListSize(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetDeviceListSize *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetDeviceListSize");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetDeviceListSize");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "devicename", r->in.devicename);
+		ndr->depth++;
+		if (r->in.devicename) {
+			ndr_print_string(ndr, "devicename", r->in.devicename);
+		}
+		ndr->depth--;
+		ndr_print_uint32(ndr, "flags", r->in.flags);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetDeviceListSize");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "size", r->out.size);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "size", *r->out.size);
+		ndr->depth--;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetDepth(struct ndr_push *ndr, int flags, const struct PNP_GetDepth *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetDepth(struct ndr_pull *ndr, int flags, struct PNP_GetDepth *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetDepth(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetDepth *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetDepth");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetDepth");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetDepth");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetDeviceRegProp(struct ndr_push *ndr, int flags, const struct PNP_GetDeviceRegProp *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetDeviceRegProp(struct ndr_pull *ndr, int flags, struct PNP_GetDeviceRegProp *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetDeviceRegProp(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetDeviceRegProp *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetDeviceRegProp");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetDeviceRegProp");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetDeviceRegProp");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_SetDeviceRegProp(struct ndr_push *ndr, int flags, const struct PNP_SetDeviceRegProp *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_SetDeviceRegProp(struct ndr_pull *ndr, int flags, struct PNP_SetDeviceRegProp *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_SetDeviceRegProp(struct ndr_print *ndr, const char *name, int flags, const struct PNP_SetDeviceRegProp *r)
+{
+	ndr_print_struct(ndr, name, "PNP_SetDeviceRegProp");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_SetDeviceRegProp");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_SetDeviceRegProp");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetClassInstance(struct ndr_push *ndr, int flags, const struct PNP_GetClassInstance *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetClassInstance(struct ndr_pull *ndr, int flags, struct PNP_GetClassInstance *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetClassInstance(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetClassInstance *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetClassInstance");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetClassInstance");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetClassInstance");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_CreateKey(struct ndr_push *ndr, int flags, const struct PNP_CreateKey *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_CreateKey(struct ndr_pull *ndr, int flags, struct PNP_CreateKey *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_CreateKey(struct ndr_print *ndr, const char *name, int flags, const struct PNP_CreateKey *r)
+{
+	ndr_print_struct(ndr, name, "PNP_CreateKey");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_CreateKey");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_CreateKey");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_DeleteRegistryKey(struct ndr_push *ndr, int flags, const struct PNP_DeleteRegistryKey *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_DeleteRegistryKey(struct ndr_pull *ndr, int flags, struct PNP_DeleteRegistryKey *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_DeleteRegistryKey(struct ndr_print *ndr, const char *name, int flags, const struct PNP_DeleteRegistryKey *r)
+{
+	ndr_print_struct(ndr, name, "PNP_DeleteRegistryKey");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_DeleteRegistryKey");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_DeleteRegistryKey");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetClassCount(struct ndr_push *ndr, int flags, const struct PNP_GetClassCount *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetClassCount(struct ndr_pull *ndr, int flags, struct PNP_GetClassCount *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetClassCount(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetClassCount *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetClassCount");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetClassCount");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetClassCount");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetClassName(struct ndr_push *ndr, int flags, const struct PNP_GetClassName *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetClassName(struct ndr_pull *ndr, int flags, struct PNP_GetClassName *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetClassName(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetClassName *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetClassName");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetClassName");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetClassName");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_DeleteClassKey(struct ndr_push *ndr, int flags, const struct PNP_DeleteClassKey *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_DeleteClassKey(struct ndr_pull *ndr, int flags, struct PNP_DeleteClassKey *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_DeleteClassKey(struct ndr_print *ndr, const char *name, int flags, const struct PNP_DeleteClassKey *r)
+{
+	ndr_print_struct(ndr, name, "PNP_DeleteClassKey");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_DeleteClassKey");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_DeleteClassKey");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetInterfaceDeviceAlias(struct ndr_push *ndr, int flags, const struct PNP_GetInterfaceDeviceAlias *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetInterfaceDeviceAlias(struct ndr_pull *ndr, int flags, struct PNP_GetInterfaceDeviceAlias *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetInterfaceDeviceAlias(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetInterfaceDeviceAlias *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetInterfaceDeviceAlias");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetInterfaceDeviceAlias");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetInterfaceDeviceAlias");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetInterfaceDeviceList(struct ndr_push *ndr, int flags, const struct PNP_GetInterfaceDeviceList *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetInterfaceDeviceList(struct ndr_pull *ndr, int flags, struct PNP_GetInterfaceDeviceList *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetInterfaceDeviceList(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetInterfaceDeviceList *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetInterfaceDeviceList");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetInterfaceDeviceList");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetInterfaceDeviceList");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetInterfaceDeviceListSize(struct ndr_push *ndr, int flags, const struct PNP_GetInterfaceDeviceListSize *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetInterfaceDeviceListSize(struct ndr_pull *ndr, int flags, struct PNP_GetInterfaceDeviceListSize *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetInterfaceDeviceListSize(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetInterfaceDeviceListSize *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetInterfaceDeviceListSize");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetInterfaceDeviceListSize");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetInterfaceDeviceListSize");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_RegisterDeviceClassAssociation(struct ndr_push *ndr, int flags, const struct PNP_RegisterDeviceClassAssociation *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_RegisterDeviceClassAssociation(struct ndr_pull *ndr, int flags, struct PNP_RegisterDeviceClassAssociation *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_RegisterDeviceClassAssociation(struct ndr_print *ndr, const char *name, int flags, const struct PNP_RegisterDeviceClassAssociation *r)
+{
+	ndr_print_struct(ndr, name, "PNP_RegisterDeviceClassAssociation");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_RegisterDeviceClassAssociation");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_RegisterDeviceClassAssociation");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_UnregisterDeviceClassAssociation(struct ndr_push *ndr, int flags, const struct PNP_UnregisterDeviceClassAssociation *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_UnregisterDeviceClassAssociation(struct ndr_pull *ndr, int flags, struct PNP_UnregisterDeviceClassAssociation *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_UnregisterDeviceClassAssociation(struct ndr_print *ndr, const char *name, int flags, const struct PNP_UnregisterDeviceClassAssociation *r)
+{
+	ndr_print_struct(ndr, name, "PNP_UnregisterDeviceClassAssociation");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_UnregisterDeviceClassAssociation");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_UnregisterDeviceClassAssociation");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetClassRegProp(struct ndr_push *ndr, int flags, const struct PNP_GetClassRegProp *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetClassRegProp(struct ndr_pull *ndr, int flags, struct PNP_GetClassRegProp *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetClassRegProp(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetClassRegProp *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetClassRegProp");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetClassRegProp");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetClassRegProp");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_SetClassRegProp(struct ndr_push *ndr, int flags, const struct PNP_SetClassRegProp *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_SetClassRegProp(struct ndr_pull *ndr, int flags, struct PNP_SetClassRegProp *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_SetClassRegProp(struct ndr_print *ndr, const char *name, int flags, const struct PNP_SetClassRegProp *r)
+{
+	ndr_print_struct(ndr, name, "PNP_SetClassRegProp");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_SetClassRegProp");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_SetClassRegProp");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_CreateDevInst(struct ndr_push *ndr, int flags, const struct PNP_CreateDevInst *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_CreateDevInst(struct ndr_pull *ndr, int flags, struct PNP_CreateDevInst *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_CreateDevInst(struct ndr_print *ndr, const char *name, int flags, const struct PNP_CreateDevInst *r)
+{
+	ndr_print_struct(ndr, name, "PNP_CreateDevInst");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_CreateDevInst");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_CreateDevInst");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_DeviceInstanceAction(struct ndr_push *ndr, int flags, const struct PNP_DeviceInstanceAction *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_DeviceInstanceAction(struct ndr_pull *ndr, int flags, struct PNP_DeviceInstanceAction *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_DeviceInstanceAction(struct ndr_print *ndr, const char *name, int flags, const struct PNP_DeviceInstanceAction *r)
+{
+	ndr_print_struct(ndr, name, "PNP_DeviceInstanceAction");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_DeviceInstanceAction");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_DeviceInstanceAction");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetDeviceStatus(struct ndr_push *ndr, int flags, const struct PNP_GetDeviceStatus *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetDeviceStatus(struct ndr_pull *ndr, int flags, struct PNP_GetDeviceStatus *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetDeviceStatus(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetDeviceStatus *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetDeviceStatus");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetDeviceStatus");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetDeviceStatus");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_SetDeviceProblem(struct ndr_push *ndr, int flags, const struct PNP_SetDeviceProblem *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_SetDeviceProblem(struct ndr_pull *ndr, int flags, struct PNP_SetDeviceProblem *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_SetDeviceProblem(struct ndr_print *ndr, const char *name, int flags, const struct PNP_SetDeviceProblem *r)
+{
+	ndr_print_struct(ndr, name, "PNP_SetDeviceProblem");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_SetDeviceProblem");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_SetDeviceProblem");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_DisableDevInst(struct ndr_push *ndr, int flags, const struct PNP_DisableDevInst *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_DisableDevInst(struct ndr_pull *ndr, int flags, struct PNP_DisableDevInst *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_DisableDevInst(struct ndr_print *ndr, const char *name, int flags, const struct PNP_DisableDevInst *r)
+{
+	ndr_print_struct(ndr, name, "PNP_DisableDevInst");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_DisableDevInst");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_DisableDevInst");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_UninstallDevInst(struct ndr_push *ndr, int flags, const struct PNP_UninstallDevInst *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_UninstallDevInst(struct ndr_pull *ndr, int flags, struct PNP_UninstallDevInst *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_UninstallDevInst(struct ndr_print *ndr, const char *name, int flags, const struct PNP_UninstallDevInst *r)
+{
+	ndr_print_struct(ndr, name, "PNP_UninstallDevInst");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_UninstallDevInst");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_UninstallDevInst");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_AddID(struct ndr_push *ndr, int flags, const struct PNP_AddID *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_AddID(struct ndr_pull *ndr, int flags, struct PNP_AddID *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_AddID(struct ndr_print *ndr, const char *name, int flags, const struct PNP_AddID *r)
+{
+	ndr_print_struct(ndr, name, "PNP_AddID");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_AddID");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_AddID");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_RegisterDriver(struct ndr_push *ndr, int flags, const struct PNP_RegisterDriver *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_RegisterDriver(struct ndr_pull *ndr, int flags, struct PNP_RegisterDriver *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_RegisterDriver(struct ndr_print *ndr, const char *name, int flags, const struct PNP_RegisterDriver *r)
+{
+	ndr_print_struct(ndr, name, "PNP_RegisterDriver");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_RegisterDriver");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_RegisterDriver");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_QueryRemove(struct ndr_push *ndr, int flags, const struct PNP_QueryRemove *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_QueryRemove(struct ndr_pull *ndr, int flags, struct PNP_QueryRemove *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_QueryRemove(struct ndr_print *ndr, const char *name, int flags, const struct PNP_QueryRemove *r)
+{
+	ndr_print_struct(ndr, name, "PNP_QueryRemove");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_QueryRemove");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_QueryRemove");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_RequestDeviceEject(struct ndr_push *ndr, int flags, const struct PNP_RequestDeviceEject *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_RequestDeviceEject(struct ndr_pull *ndr, int flags, struct PNP_RequestDeviceEject *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_RequestDeviceEject(struct ndr_print *ndr, const char *name, int flags, const struct PNP_RequestDeviceEject *r)
+{
+	ndr_print_struct(ndr, name, "PNP_RequestDeviceEject");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_RequestDeviceEject");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_RequestDeviceEject");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_IsDockStationPresent(struct ndr_push *ndr, int flags, const struct PNP_IsDockStationPresent *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_IsDockStationPresent(struct ndr_pull *ndr, int flags, struct PNP_IsDockStationPresent *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_IsDockStationPresent(struct ndr_print *ndr, const char *name, int flags, const struct PNP_IsDockStationPresent *r)
+{
+	ndr_print_struct(ndr, name, "PNP_IsDockStationPresent");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_IsDockStationPresent");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_IsDockStationPresent");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_RequestEjectPC(struct ndr_push *ndr, int flags, const struct PNP_RequestEjectPC *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_RequestEjectPC(struct ndr_pull *ndr, int flags, struct PNP_RequestEjectPC *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_RequestEjectPC(struct ndr_print *ndr, const char *name, int flags, const struct PNP_RequestEjectPC *r)
+{
+	ndr_print_struct(ndr, name, "PNP_RequestEjectPC");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_RequestEjectPC");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_RequestEjectPC");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_HwProfFlags(struct ndr_push *ndr, int flags, const struct PNP_HwProfFlags *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown1));
+		if (r->in.devicepath == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.devicepath, CH_UTF16)));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.devicepath, CH_UTF16)));
+		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.devicepath, ndr_charset_length(r->in.devicepath, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown2));
+		if (r->in.unknown3 == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.unknown3));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.unknown4));
+		if (r->in.unknown4) {
+			NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, *r->in.unknown4));
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.unknown5));
+		if (r->in.unknown5) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.unknown5, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.unknown5, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.unknown5, ndr_charset_length(r->in.unknown5, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown6));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown7));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.unknown3 == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.unknown3));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.unknown4));
+		if (r->out.unknown4) {
+			NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, *r->out.unknown4));
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.unknown5a));
+		if (r->out.unknown5a) {
+			NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.unknown5a));
+			if (*r->out.unknown5a) {
+				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.unknown5a, CH_UTF16)));
+				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.unknown5a, CH_UTF16)));
+				NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.unknown5a, ndr_charset_length(*r->out.unknown5a, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+			}
+		}
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_HwProfFlags(struct ndr_pull *ndr, int flags, struct PNP_HwProfFlags *r)
+{
+	uint32_t _ptr_unknown4;
+	uint32_t _ptr_unknown5;
+	uint32_t _ptr_unknown5a;
+	TALLOC_CTX *_mem_save_unknown3_0;
+	TALLOC_CTX *_mem_save_unknown4_0;
+	TALLOC_CTX *_mem_save_unknown5_0;
+	TALLOC_CTX *_mem_save_unknown5a_0;
+	TALLOC_CTX *_mem_save_unknown5a_1;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown1));
+		NDR_CHECK(ndr_pull_array_size(ndr, &r->in.devicepath));
+		NDR_CHECK(ndr_pull_array_length(ndr, &r->in.devicepath));
+		if (ndr_get_array_length(ndr, &r->in.devicepath) > ndr_get_array_size(ndr, &r->in.devicepath)) {
+			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.devicepath), ndr_get_array_length(ndr, &r->in.devicepath));
+		}
+		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t)));
+		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown2));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.unknown3);
+		}
+		_mem_save_unknown3_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.unknown3, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.unknown3));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown3_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown4));
+		if (_ptr_unknown4) {
+			NDR_PULL_ALLOC(ndr, r->in.unknown4);
+		} else {
+			r->in.unknown4 = NULL;
+		}
+		if (r->in.unknown4) {
+			_mem_save_unknown4_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.unknown4, 0);
+			NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, r->in.unknown4));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown4_0, 0);
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown5));
+		if (_ptr_unknown5) {
+			NDR_PULL_ALLOC(ndr, r->in.unknown5);
+		} else {
+			r->in.unknown5 = NULL;
+		}
+		if (r->in.unknown5) {
+			_mem_save_unknown5_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.unknown5, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.unknown5));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.unknown5));
+			if (ndr_get_array_length(ndr, &r->in.unknown5) > ndr_get_array_size(ndr, &r->in.unknown5)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.unknown5), ndr_get_array_length(ndr, &r->in.unknown5));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.unknown5), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.unknown5, ndr_get_array_length(ndr, &r->in.unknown5), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown5_0, 0);
+		}
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown6));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown7));
+		NDR_PULL_ALLOC(ndr, r->out.unknown3);
+		*r->out.unknown3 = *r->in.unknown3;
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.unknown3);
+		}
+		_mem_save_unknown3_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.unknown3, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.unknown3));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown3_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown4));
+		if (_ptr_unknown4) {
+			NDR_PULL_ALLOC(ndr, r->out.unknown4);
+		} else {
+			r->out.unknown4 = NULL;
+		}
+		if (r->out.unknown4) {
+			_mem_save_unknown4_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->out.unknown4, 0);
+			NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, r->out.unknown4));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown4_0, 0);
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown5a));
+		if (_ptr_unknown5a) {
+			NDR_PULL_ALLOC(ndr, r->out.unknown5a);
+		} else {
+			r->out.unknown5a = NULL;
+		}
+		if (r->out.unknown5a) {
+			_mem_save_unknown5a_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->out.unknown5a, 0);
+			NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown5a));
+			if (_ptr_unknown5a) {
+				NDR_PULL_ALLOC(ndr, *r->out.unknown5a);
+			} else {
+				*r->out.unknown5a = NULL;
+			}
+			if (*r->out.unknown5a) {
+				_mem_save_unknown5a_1 = NDR_PULL_GET_MEM_CTX(ndr);
+				NDR_PULL_SET_MEM_CTX(ndr, *r->out.unknown5a, 0);
+				NDR_CHECK(ndr_pull_array_size(ndr, r->out.unknown5a));
+				NDR_CHECK(ndr_pull_array_length(ndr, r->out.unknown5a));
+				if (ndr_get_array_length(ndr, r->out.unknown5a) > ndr_get_array_size(ndr, r->out.unknown5a)) {
+					return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.unknown5a), ndr_get_array_length(ndr, r->out.unknown5a));
+				}
+				NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.unknown5a), sizeof(uint16_t)));
+				NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.unknown5a, ndr_get_array_length(ndr, r->out.unknown5a), sizeof(uint16_t), CH_UTF16));
+				NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown5a_1, 0);
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown5a_0, 0);
+		}
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_HwProfFlags(struct ndr_print *ndr, const char *name, int flags, const struct PNP_HwProfFlags *r)
+{
+	ndr_print_struct(ndr, name, "PNP_HwProfFlags");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_HwProfFlags");
+		ndr->depth++;
+		ndr_print_uint32(ndr, "unknown1", r->in.unknown1);
+		ndr_print_ptr(ndr, "devicepath", r->in.devicepath);
+		ndr->depth++;
+		ndr_print_string(ndr, "devicepath", r->in.devicepath);
+		ndr->depth--;
+		ndr_print_uint32(ndr, "unknown2", r->in.unknown2);
+		ndr_print_ptr(ndr, "unknown3", r->in.unknown3);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "unknown3", *r->in.unknown3);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "unknown4", r->in.unknown4);
+		ndr->depth++;
+		if (r->in.unknown4) {
+			ndr_print_uint16(ndr, "unknown4", *r->in.unknown4);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "unknown5", r->in.unknown5);
+		ndr->depth++;
+		if (r->in.unknown5) {
+			ndr_print_string(ndr, "unknown5", r->in.unknown5);
+		}
+		ndr->depth--;
+		ndr_print_uint32(ndr, "unknown6", r->in.unknown6);
+		ndr_print_uint32(ndr, "unknown7", r->in.unknown7);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_HwProfFlags");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "unknown3", r->out.unknown3);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "unknown3", *r->out.unknown3);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "unknown4", r->out.unknown4);
+		ndr->depth++;
+		if (r->out.unknown4) {
+			ndr_print_uint16(ndr, "unknown4", *r->out.unknown4);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "unknown5a", r->out.unknown5a);
+		ndr->depth++;
+		if (r->out.unknown5a) {
+			ndr_print_ptr(ndr, "unknown5a", *r->out.unknown5a);
+			ndr->depth++;
+			if (*r->out.unknown5a) {
+				ndr_print_string(ndr, "unknown5a", *r->out.unknown5a);
+			}
+			ndr->depth--;
+		}
+		ndr->depth--;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetHwProfInfo(struct ndr_push *ndr, int flags, const struct PNP_GetHwProfInfo *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.idx));
+		if (r->in.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_PNP_HwProfInfo(ndr, NDR_SCALARS, r->in.info));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown1));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown2));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_PNP_HwProfInfo(ndr, NDR_SCALARS, r->out.info));
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetHwProfInfo(struct ndr_pull *ndr, int flags, struct PNP_GetHwProfInfo *r)
+{
+	TALLOC_CTX *_mem_save_info_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.idx));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_PNP_HwProfInfo(ndr, NDR_SCALARS, r->in.info));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown1));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown2));
+		NDR_PULL_ALLOC(ndr, r->out.info);
+		*r->out.info = *r->in.info;
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_PNP_HwProfInfo(ndr, NDR_SCALARS, r->out.info));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetHwProfInfo(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetHwProfInfo *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetHwProfInfo");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetHwProfInfo");
+		ndr->depth++;
+		ndr_print_uint32(ndr, "idx", r->in.idx);
+		ndr_print_ptr(ndr, "info", r->in.info);
+		ndr->depth++;
+		ndr_print_PNP_HwProfInfo(ndr, "info", r->in.info);
+		ndr->depth--;
+		ndr_print_uint32(ndr, "unknown1", r->in.unknown1);
+		ndr_print_uint32(ndr, "unknown2", r->in.unknown2);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetHwProfInfo");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "info", r->out.info);
+		ndr->depth++;
+		ndr_print_PNP_HwProfInfo(ndr, "info", r->out.info);
+		ndr->depth--;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_AddEmptyLogConf(struct ndr_push *ndr, int flags, const struct PNP_AddEmptyLogConf *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_AddEmptyLogConf(struct ndr_pull *ndr, int flags, struct PNP_AddEmptyLogConf *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_AddEmptyLogConf(struct ndr_print *ndr, const char *name, int flags, const struct PNP_AddEmptyLogConf *r)
+{
+	ndr_print_struct(ndr, name, "PNP_AddEmptyLogConf");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_AddEmptyLogConf");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_AddEmptyLogConf");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_FreeLogConf(struct ndr_push *ndr, int flags, const struct PNP_FreeLogConf *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_FreeLogConf(struct ndr_pull *ndr, int flags, struct PNP_FreeLogConf *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_FreeLogConf(struct ndr_print *ndr, const char *name, int flags, const struct PNP_FreeLogConf *r)
+{
+	ndr_print_struct(ndr, name, "PNP_FreeLogConf");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_FreeLogConf");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_FreeLogConf");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetFirstLogConf(struct ndr_push *ndr, int flags, const struct PNP_GetFirstLogConf *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetFirstLogConf(struct ndr_pull *ndr, int flags, struct PNP_GetFirstLogConf *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetFirstLogConf(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetFirstLogConf *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetFirstLogConf");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetFirstLogConf");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetFirstLogConf");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetNextLogConf(struct ndr_push *ndr, int flags, const struct PNP_GetNextLogConf *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetNextLogConf(struct ndr_pull *ndr, int flags, struct PNP_GetNextLogConf *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetNextLogConf(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetNextLogConf *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetNextLogConf");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetNextLogConf");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetNextLogConf");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetLogConfPriority(struct ndr_push *ndr, int flags, const struct PNP_GetLogConfPriority *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetLogConfPriority(struct ndr_pull *ndr, int flags, struct PNP_GetLogConfPriority *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetLogConfPriority(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetLogConfPriority *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetLogConfPriority");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetLogConfPriority");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetLogConfPriority");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_AddResDes(struct ndr_push *ndr, int flags, const struct PNP_AddResDes *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_AddResDes(struct ndr_pull *ndr, int flags, struct PNP_AddResDes *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_AddResDes(struct ndr_print *ndr, const char *name, int flags, const struct PNP_AddResDes *r)
+{
+	ndr_print_struct(ndr, name, "PNP_AddResDes");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_AddResDes");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_AddResDes");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_FreeResDes(struct ndr_push *ndr, int flags, const struct PNP_FreeResDes *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_FreeResDes(struct ndr_pull *ndr, int flags, struct PNP_FreeResDes *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_FreeResDes(struct ndr_print *ndr, const char *name, int flags, const struct PNP_FreeResDes *r)
+{
+	ndr_print_struct(ndr, name, "PNP_FreeResDes");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_FreeResDes");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_FreeResDes");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetNextResDes(struct ndr_push *ndr, int flags, const struct PNP_GetNextResDes *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetNextResDes(struct ndr_pull *ndr, int flags, struct PNP_GetNextResDes *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetNextResDes(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetNextResDes *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetNextResDes");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetNextResDes");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetNextResDes");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetResDesData(struct ndr_push *ndr, int flags, const struct PNP_GetResDesData *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetResDesData(struct ndr_pull *ndr, int flags, struct PNP_GetResDesData *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetResDesData(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetResDesData *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetResDesData");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetResDesData");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetResDesData");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetResDesDataSize(struct ndr_push *ndr, int flags, const struct PNP_GetResDesDataSize *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetResDesDataSize(struct ndr_pull *ndr, int flags, struct PNP_GetResDesDataSize *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetResDesDataSize(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetResDesDataSize *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetResDesDataSize");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetResDesDataSize");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetResDesDataSize");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_ModifyResDes(struct ndr_push *ndr, int flags, const struct PNP_ModifyResDes *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_ModifyResDes(struct ndr_pull *ndr, int flags, struct PNP_ModifyResDes *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_ModifyResDes(struct ndr_print *ndr, const char *name, int flags, const struct PNP_ModifyResDes *r)
+{
+	ndr_print_struct(ndr, name, "PNP_ModifyResDes");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_ModifyResDes");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_ModifyResDes");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_DetectResourceLimit(struct ndr_push *ndr, int flags, const struct PNP_DetectResourceLimit *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_DetectResourceLimit(struct ndr_pull *ndr, int flags, struct PNP_DetectResourceLimit *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_DetectResourceLimit(struct ndr_print *ndr, const char *name, int flags, const struct PNP_DetectResourceLimit *r)
+{
+	ndr_print_struct(ndr, name, "PNP_DetectResourceLimit");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_DetectResourceLimit");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_DetectResourceLimit");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_QueryResConfList(struct ndr_push *ndr, int flags, const struct PNP_QueryResConfList *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_QueryResConfList(struct ndr_pull *ndr, int flags, struct PNP_QueryResConfList *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_QueryResConfList(struct ndr_print *ndr, const char *name, int flags, const struct PNP_QueryResConfList *r)
+{
+	ndr_print_struct(ndr, name, "PNP_QueryResConfList");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_QueryResConfList");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_QueryResConfList");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_SetHwProf(struct ndr_push *ndr, int flags, const struct PNP_SetHwProf *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_SetHwProf(struct ndr_pull *ndr, int flags, struct PNP_SetHwProf *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_SetHwProf(struct ndr_print *ndr, const char *name, int flags, const struct PNP_SetHwProf *r)
+{
+	ndr_print_struct(ndr, name, "PNP_SetHwProf");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_SetHwProf");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_SetHwProf");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_QueryArbitratorFreeData(struct ndr_push *ndr, int flags, const struct PNP_QueryArbitratorFreeData *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_QueryArbitratorFreeData(struct ndr_pull *ndr, int flags, struct PNP_QueryArbitratorFreeData *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_QueryArbitratorFreeData(struct ndr_print *ndr, const char *name, int flags, const struct PNP_QueryArbitratorFreeData *r)
+{
+	ndr_print_struct(ndr, name, "PNP_QueryArbitratorFreeData");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_QueryArbitratorFreeData");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_QueryArbitratorFreeData");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_QueryArbitratorFreeSize(struct ndr_push *ndr, int flags, const struct PNP_QueryArbitratorFreeSize *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_QueryArbitratorFreeSize(struct ndr_pull *ndr, int flags, struct PNP_QueryArbitratorFreeSize *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_QueryArbitratorFreeSize(struct ndr_print *ndr, const char *name, int flags, const struct PNP_QueryArbitratorFreeSize *r)
+{
+	ndr_print_struct(ndr, name, "PNP_QueryArbitratorFreeSize");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_QueryArbitratorFreeSize");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_QueryArbitratorFreeSize");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_RunDetection(struct ndr_push *ndr, int flags, const struct PNP_RunDetection *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_RunDetection(struct ndr_pull *ndr, int flags, struct PNP_RunDetection *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_RunDetection(struct ndr_print *ndr, const char *name, int flags, const struct PNP_RunDetection *r)
+{
+	ndr_print_struct(ndr, name, "PNP_RunDetection");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_RunDetection");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_RunDetection");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_RegisterNotification(struct ndr_push *ndr, int flags, const struct PNP_RegisterNotification *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_RegisterNotification(struct ndr_pull *ndr, int flags, struct PNP_RegisterNotification *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_RegisterNotification(struct ndr_print *ndr, const char *name, int flags, const struct PNP_RegisterNotification *r)
+{
+	ndr_print_struct(ndr, name, "PNP_RegisterNotification");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_RegisterNotification");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_RegisterNotification");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_UnregisterNotification(struct ndr_push *ndr, int flags, const struct PNP_UnregisterNotification *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_UnregisterNotification(struct ndr_pull *ndr, int flags, struct PNP_UnregisterNotification *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_UnregisterNotification(struct ndr_print *ndr, const char *name, int flags, const struct PNP_UnregisterNotification *r)
+{
+	ndr_print_struct(ndr, name, "PNP_UnregisterNotification");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_UnregisterNotification");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_UnregisterNotification");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetCustomDevProp(struct ndr_push *ndr, int flags, const struct PNP_GetCustomDevProp *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetCustomDevProp(struct ndr_pull *ndr, int flags, struct PNP_GetCustomDevProp *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetCustomDevProp(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetCustomDevProp *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetCustomDevProp");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetCustomDevProp");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetCustomDevProp");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetVersionInternal(struct ndr_push *ndr, int flags, const struct PNP_GetVersionInternal *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetVersionInternal(struct ndr_pull *ndr, int flags, struct PNP_GetVersionInternal *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetVersionInternal(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetVersionInternal *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetVersionInternal");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetVersionInternal");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetVersionInternal");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetBlockedDriverInfo(struct ndr_push *ndr, int flags, const struct PNP_GetBlockedDriverInfo *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetBlockedDriverInfo(struct ndr_pull *ndr, int flags, struct PNP_GetBlockedDriverInfo *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetBlockedDriverInfo(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetBlockedDriverInfo *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetBlockedDriverInfo");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetBlockedDriverInfo");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetBlockedDriverInfo");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_PNP_GetServerSideDeviceInstallFlags(struct ndr_push *ndr, int flags, const struct PNP_GetServerSideDeviceInstallFlags *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_PNP_GetServerSideDeviceInstallFlags(struct ndr_pull *ndr, int flags, struct PNP_GetServerSideDeviceInstallFlags *r)
+{
+	if (flags & NDR_IN) {
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_PNP_GetServerSideDeviceInstallFlags(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetServerSideDeviceInstallFlags *r)
+{
+	ndr_print_struct(ndr, name, "PNP_GetServerSideDeviceInstallFlags");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "PNP_GetServerSideDeviceInstallFlags");
+		ndr->depth++;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "PNP_GetServerSideDeviceInstallFlags");
+		ndr->depth++;
+		ndr_print_WERROR(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static const struct ndr_interface_call ntsvcs_calls[] = {
+	{
+		"PNP_Disconnect",
+		sizeof(struct PNP_Disconnect),
+		(ndr_push_flags_fn_t) ndr_push_PNP_Disconnect,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_Disconnect,
+		(ndr_print_function_t) ndr_print_PNP_Disconnect,
+		false,
+	},
+	{
+		"PNP_Connect",
+		sizeof(struct PNP_Connect),
+		(ndr_push_flags_fn_t) ndr_push_PNP_Connect,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_Connect,
+		(ndr_print_function_t) ndr_print_PNP_Connect,
+		false,
+	},
+	{
+		"PNP_GetVersion",
+		sizeof(struct PNP_GetVersion),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetVersion,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetVersion,
+		(ndr_print_function_t) ndr_print_PNP_GetVersion,
+		false,
+	},
+	{
+		"PNP_GetGlobalState",
+		sizeof(struct PNP_GetGlobalState),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetGlobalState,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetGlobalState,
+		(ndr_print_function_t) ndr_print_PNP_GetGlobalState,
+		false,
+	},
+	{
+		"PNP_InitDetection",
+		sizeof(struct PNP_InitDetection),
+		(ndr_push_flags_fn_t) ndr_push_PNP_InitDetection,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_InitDetection,
+		(ndr_print_function_t) ndr_print_PNP_InitDetection,
+		false,
+	},
+	{
+		"PNP_ReportLogOn",
+		sizeof(struct PNP_ReportLogOn),
+		(ndr_push_flags_fn_t) ndr_push_PNP_ReportLogOn,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_ReportLogOn,
+		(ndr_print_function_t) ndr_print_PNP_ReportLogOn,
+		false,
+	},
+	{
+		"PNP_ValidateDeviceInstance",
+		sizeof(struct PNP_ValidateDeviceInstance),
+		(ndr_push_flags_fn_t) ndr_push_PNP_ValidateDeviceInstance,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_ValidateDeviceInstance,
+		(ndr_print_function_t) ndr_print_PNP_ValidateDeviceInstance,
+		false,
+	},
+	{
+		"PNP_GetRootDeviceInstance",
+		sizeof(struct PNP_GetRootDeviceInstance),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetRootDeviceInstance,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetRootDeviceInstance,
+		(ndr_print_function_t) ndr_print_PNP_GetRootDeviceInstance,
+		false,
+	},
+	{
+		"PNP_GetRelatedDeviceInstance",
+		sizeof(struct PNP_GetRelatedDeviceInstance),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetRelatedDeviceInstance,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetRelatedDeviceInstance,
+		(ndr_print_function_t) ndr_print_PNP_GetRelatedDeviceInstance,
+		false,
+	},
+	{
+		"PNP_EnumerateSubKeys",
+		sizeof(struct PNP_EnumerateSubKeys),
+		(ndr_push_flags_fn_t) ndr_push_PNP_EnumerateSubKeys,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_EnumerateSubKeys,
+		(ndr_print_function_t) ndr_print_PNP_EnumerateSubKeys,
+		false,
+	},
+	{
+		"PNP_GetDeviceList",
+		sizeof(struct PNP_GetDeviceList),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetDeviceList,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetDeviceList,
+		(ndr_print_function_t) ndr_print_PNP_GetDeviceList,
+		false,
+	},
+	{
+		"PNP_GetDeviceListSize",
+		sizeof(struct PNP_GetDeviceListSize),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetDeviceListSize,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetDeviceListSize,
+		(ndr_print_function_t) ndr_print_PNP_GetDeviceListSize,
+		false,
+	},
+	{
+		"PNP_GetDepth",
+		sizeof(struct PNP_GetDepth),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetDepth,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetDepth,
+		(ndr_print_function_t) ndr_print_PNP_GetDepth,
+		false,
+	},
+	{
+		"PNP_GetDeviceRegProp",
+		sizeof(struct PNP_GetDeviceRegProp),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetDeviceRegProp,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetDeviceRegProp,
+		(ndr_print_function_t) ndr_print_PNP_GetDeviceRegProp,
+		false,
+	},
+	{
+		"PNP_SetDeviceRegProp",
+		sizeof(struct PNP_SetDeviceRegProp),
+		(ndr_push_flags_fn_t) ndr_push_PNP_SetDeviceRegProp,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_SetDeviceRegProp,
+		(ndr_print_function_t) ndr_print_PNP_SetDeviceRegProp,
+		false,
+	},
+	{
+		"PNP_GetClassInstance",
+		sizeof(struct PNP_GetClassInstance),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetClassInstance,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetClassInstance,
+		(ndr_print_function_t) ndr_print_PNP_GetClassInstance,
+		false,
+	},
+	{
+		"PNP_CreateKey",
+		sizeof(struct PNP_CreateKey),
+		(ndr_push_flags_fn_t) ndr_push_PNP_CreateKey,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_CreateKey,
+		(ndr_print_function_t) ndr_print_PNP_CreateKey,
+		false,
+	},
+	{
+		"PNP_DeleteRegistryKey",
+		sizeof(struct PNP_DeleteRegistryKey),
+		(ndr_push_flags_fn_t) ndr_push_PNP_DeleteRegistryKey,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_DeleteRegistryKey,
+		(ndr_print_function_t) ndr_print_PNP_DeleteRegistryKey,
+		false,
+	},
+	{
+		"PNP_GetClassCount",
+		sizeof(struct PNP_GetClassCount),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetClassCount,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetClassCount,
+		(ndr_print_function_t) ndr_print_PNP_GetClassCount,
+		false,
+	},
+	{
+		"PNP_GetClassName",
+		sizeof(struct PNP_GetClassName),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetClassName,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetClassName,
+		(ndr_print_function_t) ndr_print_PNP_GetClassName,
+		false,
+	},
+	{
+		"PNP_DeleteClassKey",
+		sizeof(struct PNP_DeleteClassKey),
+		(ndr_push_flags_fn_t) ndr_push_PNP_DeleteClassKey,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_DeleteClassKey,
+		(ndr_print_function_t) ndr_print_PNP_DeleteClassKey,
+		false,
+	},
+	{
+		"PNP_GetInterfaceDeviceAlias",
+		sizeof(struct PNP_GetInterfaceDeviceAlias),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetInterfaceDeviceAlias,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetInterfaceDeviceAlias,
+		(ndr_print_function_t) ndr_print_PNP_GetInterfaceDeviceAlias,
+		false,
+	},
+	{
+		"PNP_GetInterfaceDeviceList",
+		sizeof(struct PNP_GetInterfaceDeviceList),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetInterfaceDeviceList,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetInterfaceDeviceList,
+		(ndr_print_function_t) ndr_print_PNP_GetInterfaceDeviceList,
+		false,
+	},
+	{
+		"PNP_GetInterfaceDeviceListSize",
+		sizeof(struct PNP_GetInterfaceDeviceListSize),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetInterfaceDeviceListSize,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetInterfaceDeviceListSize,
+		(ndr_print_function_t) ndr_print_PNP_GetInterfaceDeviceListSize,
+		false,
+	},
+	{
+		"PNP_RegisterDeviceClassAssociation",
+		sizeof(struct PNP_RegisterDeviceClassAssociation),
+		(ndr_push_flags_fn_t) ndr_push_PNP_RegisterDeviceClassAssociation,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_RegisterDeviceClassAssociation,
+		(ndr_print_function_t) ndr_print_PNP_RegisterDeviceClassAssociation,
+		false,
+	},
+	{
+		"PNP_UnregisterDeviceClassAssociation",
+		sizeof(struct PNP_UnregisterDeviceClassAssociation),
+		(ndr_push_flags_fn_t) ndr_push_PNP_UnregisterDeviceClassAssociation,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_UnregisterDeviceClassAssociation,
+		(ndr_print_function_t) ndr_print_PNP_UnregisterDeviceClassAssociation,
+		false,
+	},
+	{
+		"PNP_GetClassRegProp",
+		sizeof(struct PNP_GetClassRegProp),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetClassRegProp,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetClassRegProp,
+		(ndr_print_function_t) ndr_print_PNP_GetClassRegProp,
+		false,
+	},
+	{
+		"PNP_SetClassRegProp",
+		sizeof(struct PNP_SetClassRegProp),
+		(ndr_push_flags_fn_t) ndr_push_PNP_SetClassRegProp,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_SetClassRegProp,
+		(ndr_print_function_t) ndr_print_PNP_SetClassRegProp,
+		false,
+	},
+	{
+		"PNP_CreateDevInst",
+		sizeof(struct PNP_CreateDevInst),
+		(ndr_push_flags_fn_t) ndr_push_PNP_CreateDevInst,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_CreateDevInst,
+		(ndr_print_function_t) ndr_print_PNP_CreateDevInst,
+		false,
+	},
+	{
+		"PNP_DeviceInstanceAction",
+		sizeof(struct PNP_DeviceInstanceAction),
+		(ndr_push_flags_fn_t) ndr_push_PNP_DeviceInstanceAction,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_DeviceInstanceAction,
+		(ndr_print_function_t) ndr_print_PNP_DeviceInstanceAction,
+		false,
+	},
+	{
+		"PNP_GetDeviceStatus",
+		sizeof(struct PNP_GetDeviceStatus),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetDeviceStatus,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetDeviceStatus,
+		(ndr_print_function_t) ndr_print_PNP_GetDeviceStatus,
+		false,
+	},
+	{
+		"PNP_SetDeviceProblem",
+		sizeof(struct PNP_SetDeviceProblem),
+		(ndr_push_flags_fn_t) ndr_push_PNP_SetDeviceProblem,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_SetDeviceProblem,
+		(ndr_print_function_t) ndr_print_PNP_SetDeviceProblem,
+		false,
+	},
+	{
+		"PNP_DisableDevInst",
+		sizeof(struct PNP_DisableDevInst),
+		(ndr_push_flags_fn_t) ndr_push_PNP_DisableDevInst,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_DisableDevInst,
+		(ndr_print_function_t) ndr_print_PNP_DisableDevInst,
+		false,
+	},
+	{
+		"PNP_UninstallDevInst",
+		sizeof(struct PNP_UninstallDevInst),
+		(ndr_push_flags_fn_t) ndr_push_PNP_UninstallDevInst,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_UninstallDevInst,
+		(ndr_print_function_t) ndr_print_PNP_UninstallDevInst,
+		false,
+	},
+	{
+		"PNP_AddID",
+		sizeof(struct PNP_AddID),
+		(ndr_push_flags_fn_t) ndr_push_PNP_AddID,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_AddID,
+		(ndr_print_function_t) ndr_print_PNP_AddID,
+		false,
+	},
+	{
+		"PNP_RegisterDriver",
+		sizeof(struct PNP_RegisterDriver),
+		(ndr_push_flags_fn_t) ndr_push_PNP_RegisterDriver,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_RegisterDriver,
+		(ndr_print_function_t) ndr_print_PNP_RegisterDriver,
+		false,
+	},
+	{
+		"PNP_QueryRemove",
+		sizeof(struct PNP_QueryRemove),
+		(ndr_push_flags_fn_t) ndr_push_PNP_QueryRemove,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_QueryRemove,
+		(ndr_print_function_t) ndr_print_PNP_QueryRemove,
+		false,
+	},
+	{
+		"PNP_RequestDeviceEject",
+		sizeof(struct PNP_RequestDeviceEject),
+		(ndr_push_flags_fn_t) ndr_push_PNP_RequestDeviceEject,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_RequestDeviceEject,
+		(ndr_print_function_t) ndr_print_PNP_RequestDeviceEject,
+		false,
+	},
+	{
+		"PNP_IsDockStationPresent",
+		sizeof(struct PNP_IsDockStationPresent),
+		(ndr_push_flags_fn_t) ndr_push_PNP_IsDockStationPresent,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_IsDockStationPresent,
+		(ndr_print_function_t) ndr_print_PNP_IsDockStationPresent,
+		false,
+	},
+	{
+		"PNP_RequestEjectPC",
+		sizeof(struct PNP_RequestEjectPC),
+		(ndr_push_flags_fn_t) ndr_push_PNP_RequestEjectPC,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_RequestEjectPC,
+		(ndr_print_function_t) ndr_print_PNP_RequestEjectPC,
+		false,
+	},
+	{
+		"PNP_HwProfFlags",
+		sizeof(struct PNP_HwProfFlags),
+		(ndr_push_flags_fn_t) ndr_push_PNP_HwProfFlags,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_HwProfFlags,
+		(ndr_print_function_t) ndr_print_PNP_HwProfFlags,
+		false,
+	},
+	{
+		"PNP_GetHwProfInfo",
+		sizeof(struct PNP_GetHwProfInfo),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetHwProfInfo,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetHwProfInfo,
+		(ndr_print_function_t) ndr_print_PNP_GetHwProfInfo,
+		false,
+	},
+	{
+		"PNP_AddEmptyLogConf",
+		sizeof(struct PNP_AddEmptyLogConf),
+		(ndr_push_flags_fn_t) ndr_push_PNP_AddEmptyLogConf,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_AddEmptyLogConf,
+		(ndr_print_function_t) ndr_print_PNP_AddEmptyLogConf,
+		false,
+	},
+	{
+		"PNP_FreeLogConf",
+		sizeof(struct PNP_FreeLogConf),
+		(ndr_push_flags_fn_t) ndr_push_PNP_FreeLogConf,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_FreeLogConf,
+		(ndr_print_function_t) ndr_print_PNP_FreeLogConf,
+		false,
+	},
+	{
+		"PNP_GetFirstLogConf",
+		sizeof(struct PNP_GetFirstLogConf),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetFirstLogConf,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetFirstLogConf,
+		(ndr_print_function_t) ndr_print_PNP_GetFirstLogConf,
+		false,
+	},
+	{
+		"PNP_GetNextLogConf",
+		sizeof(struct PNP_GetNextLogConf),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetNextLogConf,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetNextLogConf,
+		(ndr_print_function_t) ndr_print_PNP_GetNextLogConf,
+		false,
+	},
+	{
+		"PNP_GetLogConfPriority",
+		sizeof(struct PNP_GetLogConfPriority),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetLogConfPriority,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetLogConfPriority,
+		(ndr_print_function_t) ndr_print_PNP_GetLogConfPriority,
+		false,
+	},
+	{
+		"PNP_AddResDes",
+		sizeof(struct PNP_AddResDes),
+		(ndr_push_flags_fn_t) ndr_push_PNP_AddResDes,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_AddResDes,
+		(ndr_print_function_t) ndr_print_PNP_AddResDes,
+		false,
+	},
+	{
+		"PNP_FreeResDes",
+		sizeof(struct PNP_FreeResDes),
+		(ndr_push_flags_fn_t) ndr_push_PNP_FreeResDes,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_FreeResDes,
+		(ndr_print_function_t) ndr_print_PNP_FreeResDes,
+		false,
+	},
+	{
+		"PNP_GetNextResDes",
+		sizeof(struct PNP_GetNextResDes),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetNextResDes,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetNextResDes,
+		(ndr_print_function_t) ndr_print_PNP_GetNextResDes,
+		false,
+	},
+	{
+		"PNP_GetResDesData",
+		sizeof(struct PNP_GetResDesData),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetResDesData,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetResDesData,
+		(ndr_print_function_t) ndr_print_PNP_GetResDesData,
+		false,
+	},
+	{
+		"PNP_GetResDesDataSize",
+		sizeof(struct PNP_GetResDesDataSize),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetResDesDataSize,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetResDesDataSize,
+		(ndr_print_function_t) ndr_print_PNP_GetResDesDataSize,
+		false,
+	},
+	{
+		"PNP_ModifyResDes",
+		sizeof(struct PNP_ModifyResDes),
+		(ndr_push_flags_fn_t) ndr_push_PNP_ModifyResDes,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_ModifyResDes,
+		(ndr_print_function_t) ndr_print_PNP_ModifyResDes,
+		false,
+	},
+	{
+		"PNP_DetectResourceLimit",
+		sizeof(struct PNP_DetectResourceLimit),
+		(ndr_push_flags_fn_t) ndr_push_PNP_DetectResourceLimit,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_DetectResourceLimit,
+		(ndr_print_function_t) ndr_print_PNP_DetectResourceLimit,
+		false,
+	},
+	{
+		"PNP_QueryResConfList",
+		sizeof(struct PNP_QueryResConfList),
+		(ndr_push_flags_fn_t) ndr_push_PNP_QueryResConfList,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_QueryResConfList,
+		(ndr_print_function_t) ndr_print_PNP_QueryResConfList,
+		false,
+	},
+	{
+		"PNP_SetHwProf",
+		sizeof(struct PNP_SetHwProf),
+		(ndr_push_flags_fn_t) ndr_push_PNP_SetHwProf,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_SetHwProf,
+		(ndr_print_function_t) ndr_print_PNP_SetHwProf,
+		false,
+	},
+	{
+		"PNP_QueryArbitratorFreeData",
+		sizeof(struct PNP_QueryArbitratorFreeData),
+		(ndr_push_flags_fn_t) ndr_push_PNP_QueryArbitratorFreeData,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_QueryArbitratorFreeData,
+		(ndr_print_function_t) ndr_print_PNP_QueryArbitratorFreeData,
+		false,
+	},
+	{
+		"PNP_QueryArbitratorFreeSize",
+		sizeof(struct PNP_QueryArbitratorFreeSize),
+		(ndr_push_flags_fn_t) ndr_push_PNP_QueryArbitratorFreeSize,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_QueryArbitratorFreeSize,
+		(ndr_print_function_t) ndr_print_PNP_QueryArbitratorFreeSize,
+		false,
+	},
+	{
+		"PNP_RunDetection",
+		sizeof(struct PNP_RunDetection),
+		(ndr_push_flags_fn_t) ndr_push_PNP_RunDetection,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_RunDetection,
+		(ndr_print_function_t) ndr_print_PNP_RunDetection,
+		false,
+	},
+	{
+		"PNP_RegisterNotification",
+		sizeof(struct PNP_RegisterNotification),
+		(ndr_push_flags_fn_t) ndr_push_PNP_RegisterNotification,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_RegisterNotification,
+		(ndr_print_function_t) ndr_print_PNP_RegisterNotification,
+		false,
+	},
+	{
+		"PNP_UnregisterNotification",
+		sizeof(struct PNP_UnregisterNotification),
+		(ndr_push_flags_fn_t) ndr_push_PNP_UnregisterNotification,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_UnregisterNotification,
+		(ndr_print_function_t) ndr_print_PNP_UnregisterNotification,
+		false,
+	},
+	{
+		"PNP_GetCustomDevProp",
+		sizeof(struct PNP_GetCustomDevProp),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetCustomDevProp,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetCustomDevProp,
+		(ndr_print_function_t) ndr_print_PNP_GetCustomDevProp,
+		false,
+	},
+	{
+		"PNP_GetVersionInternal",
+		sizeof(struct PNP_GetVersionInternal),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetVersionInternal,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetVersionInternal,
+		(ndr_print_function_t) ndr_print_PNP_GetVersionInternal,
+		false,
+	},
+	{
+		"PNP_GetBlockedDriverInfo",
+		sizeof(struct PNP_GetBlockedDriverInfo),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetBlockedDriverInfo,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetBlockedDriverInfo,
+		(ndr_print_function_t) ndr_print_PNP_GetBlockedDriverInfo,
+		false,
+	},
+	{
+		"PNP_GetServerSideDeviceInstallFlags",
+		sizeof(struct PNP_GetServerSideDeviceInstallFlags),
+		(ndr_push_flags_fn_t) ndr_push_PNP_GetServerSideDeviceInstallFlags,
+		(ndr_pull_flags_fn_t) ndr_pull_PNP_GetServerSideDeviceInstallFlags,
+		(ndr_print_function_t) ndr_print_PNP_GetServerSideDeviceInstallFlags,
+		false,
+	},
+	{ NULL, 0, NULL, NULL, NULL, false }
+};
+
+static const char * const ntsvcs_endpoint_strings[] = {
+	"ncacn_np:[\\pipe\\ntsvcs]", 
+};
+
+static const struct ndr_interface_string_array ntsvcs_endpoints = {
+	.count	= 1,
+	.names	= ntsvcs_endpoint_strings
+};
+
+static const char * const ntsvcs_authservice_strings[] = {
+	"host", 
+};
+
+static const struct ndr_interface_string_array ntsvcs_authservices = {
+	.count	= 1,
+	.names	= ntsvcs_authservice_strings
+};
+
+
+const struct ndr_interface_table ndr_table_ntsvcs = {
+	.name		= "ntsvcs",
+	.syntax_id	= {
+		{0x8d9f4e40,0xa03d,0x11ce,{0x8f,0x69},{0x08,0x00,0x3e,0x30,0x05,0x1b}},
+		NDR_NTSVCS_VERSION
+	},
+	.helpstring	= NDR_NTSVCS_HELPSTRING,
+	.num_calls	= 65,
+	.calls		= ntsvcs_calls,
+	.endpoints	= &ntsvcs_endpoints,
+	.authservices	= &ntsvcs_authservices
+};
+
diff --git a/source3/librpc/gen_ndr/ndr_ntsvcs.h b/source3/librpc/gen_ndr/ndr_ntsvcs.h
new file mode 100644
index 0000000000..0e3b6b91c4
--- /dev/null
+++ b/source3/librpc/gen_ndr/ndr_ntsvcs.h
@@ -0,0 +1,211 @@
+/* header auto-generated by pidl */
+
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/ntsvcs.h"
+
+#ifndef _HEADER_NDR_ntsvcs
+#define _HEADER_NDR_ntsvcs
+
+#define NDR_NTSVCS_UUID "8d9f4e40-a03d-11ce-8f69-08003e30051b"
+#define NDR_NTSVCS_VERSION 1.0
+#define NDR_NTSVCS_NAME "ntsvcs"
+#define NDR_NTSVCS_HELPSTRING "Plug and Play services"
+extern const struct ndr_interface_table ndr_table_ntsvcs;
+#define NDR_PNP_DISCONNECT (0x00)
+
+#define NDR_PNP_CONNECT (0x01)
+
+#define NDR_PNP_GETVERSION (0x02)
+
+#define NDR_PNP_GETGLOBALSTATE (0x03)
+
+#define NDR_PNP_INITDETECTION (0x04)
+
+#define NDR_PNP_REPORTLOGON (0x05)
+
+#define NDR_PNP_VALIDATEDEVICEINSTANCE (0x06)
+
+#define NDR_PNP_GETROOTDEVICEINSTANCE (0x07)
+
+#define NDR_PNP_GETRELATEDDEVICEINSTANCE (0x08)
+
+#define NDR_PNP_ENUMERATESUBKEYS (0x09)
+
+#define NDR_PNP_GETDEVICELIST (0x0a)
+
+#define NDR_PNP_GETDEVICELISTSIZE (0x0b)
+
+#define NDR_PNP_GETDEPTH (0x0c)
+
+#define NDR_PNP_GETDEVICEREGPROP (0x0d)
+
+#define NDR_PNP_SETDEVICEREGPROP (0x0e)
+
+#define NDR_PNP_GETCLASSINSTANCE (0x0f)
+
+#define NDR_PNP_CREATEKEY (0x10)
+
+#define NDR_PNP_DELETEREGISTRYKEY (0x11)
+
+#define NDR_PNP_GETCLASSCOUNT (0x12)
+
+#define NDR_PNP_GETCLASSNAME (0x13)
+
+#define NDR_PNP_DELETECLASSKEY (0x14)
+
+#define NDR_PNP_GETINTERFACEDEVICEALIAS (0x15)
+
+#define NDR_PNP_GETINTERFACEDEVICELIST (0x16)
+
+#define NDR_PNP_GETINTERFACEDEVICELISTSIZE (0x17)
+
+#define NDR_PNP_REGISTERDEVICECLASSASSOCIATION (0x18)
+
+#define NDR_PNP_UNREGISTERDEVICECLASSASSOCIATION (0x19)
+
+#define NDR_PNP_GETCLASSREGPROP (0x1a)
+
+#define NDR_PNP_SETCLASSREGPROP (0x1b)
+
+#define NDR_PNP_CREATEDEVINST (0x1c)
+
+#define NDR_PNP_DEVICEINSTANCEACTION (0x1d)
+
+#define NDR_PNP_GETDEVICESTATUS (0x1e)
+
+#define NDR_PNP_SETDEVICEPROBLEM (0x1f)
+
+#define NDR_PNP_DISABLEDEVINST (0x20)
+
+#define NDR_PNP_UNINSTALLDEVINST (0x21)
+
+#define NDR_PNP_ADDID (0x22)
+
+#define NDR_PNP_REGISTERDRIVER (0x23)
+
+#define NDR_PNP_QUERYREMOVE (0x24)
+
+#define NDR_PNP_REQUESTDEVICEEJECT (0x25)
+
+#define NDR_PNP_ISDOCKSTATIONPRESENT (0x26)
+
+#define NDR_PNP_REQUESTEJECTPC (0x27)
+
+#define NDR_PNP_HWPROFFLAGS (0x28)
+
+#define NDR_PNP_GETHWPROFINFO (0x29)
+
+#define NDR_PNP_ADDEMPTYLOGCONF (0x2a)
+
+#define NDR_PNP_FREELOGCONF (0x2b)
+
+#define NDR_PNP_GETFIRSTLOGCONF (0x2c)
+
+#define NDR_PNP_GETNEXTLOGCONF (0x2d)
+
+#define NDR_PNP_GETLOGCONFPRIORITY (0x2e)
+
+#define NDR_PNP_ADDRESDES (0x2f)
+
+#define NDR_PNP_FREERESDES (0x30)
+
+#define NDR_PNP_GETNEXTRESDES (0x31)
+
+#define NDR_PNP_GETRESDESDATA (0x32)
+
+#define NDR_PNP_GETRESDESDATASIZE (0x33)
+
+#define NDR_PNP_MODIFYRESDES (0x34)
+
+#define NDR_PNP_DETECTRESOURCELIMIT (0x35)
+
+#define NDR_PNP_QUERYRESCONFLIST (0x36)
+
+#define NDR_PNP_SETHWPROF (0x37)
+
+#define NDR_PNP_QUERYARBITRATORFREEDATA (0x38)
+
+#define NDR_PNP_QUERYARBITRATORFREESIZE (0x39)
+
+#define NDR_PNP_RUNDETECTION (0x3a)
+
+#define NDR_PNP_REGISTERNOTIFICATION (0x3b)
+
+#define NDR_PNP_UNREGISTERNOTIFICATION (0x3c)
+
+#define NDR_PNP_GETCUSTOMDEVPROP (0x3d)
+
+#define NDR_PNP_GETVERSIONINTERNAL (0x3e)
+
+#define NDR_PNP_GETBLOCKEDDRIVERINFO (0x3f)
+
+#define NDR_PNP_GETSERVERSIDEDEVICEINSTALLFLAGS (0x40)
+
+#define NDR_NTSVCS_CALL_COUNT (65)
+void ndr_print_PNP_HwProfInfo(struct ndr_print *ndr, const char *name, const struct PNP_HwProfInfo *r);
+void ndr_print_PNP_Disconnect(struct ndr_print *ndr, const char *name, int flags, const struct PNP_Disconnect *r);
+void ndr_print_PNP_Connect(struct ndr_print *ndr, const char *name, int flags, const struct PNP_Connect *r);
+void ndr_print_PNP_GetVersion(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetVersion *r);
+void ndr_print_PNP_GetGlobalState(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetGlobalState *r);
+void ndr_print_PNP_InitDetection(struct ndr_print *ndr, const char *name, int flags, const struct PNP_InitDetection *r);
+void ndr_print_PNP_ReportLogOn(struct ndr_print *ndr, const char *name, int flags, const struct PNP_ReportLogOn *r);
+void ndr_print_PNP_ValidateDeviceInstance(struct ndr_print *ndr, const char *name, int flags, const struct PNP_ValidateDeviceInstance *r);
+void ndr_print_PNP_GetRootDeviceInstance(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetRootDeviceInstance *r);
+void ndr_print_PNP_GetRelatedDeviceInstance(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetRelatedDeviceInstance *r);
+void ndr_print_PNP_EnumerateSubKeys(struct ndr_print *ndr, const char *name, int flags, const struct PNP_EnumerateSubKeys *r);
+void ndr_print_PNP_GetDeviceList(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetDeviceList *r);
+void ndr_print_PNP_GetDeviceListSize(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetDeviceListSize *r);
+void ndr_print_PNP_GetDepth(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetDepth *r);
+void ndr_print_PNP_GetDeviceRegProp(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetDeviceRegProp *r);
+void ndr_print_PNP_SetDeviceRegProp(struct ndr_print *ndr, const char *name, int flags, const struct PNP_SetDeviceRegProp *r);
+void ndr_print_PNP_GetClassInstance(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetClassInstance *r);
+void ndr_print_PNP_CreateKey(struct ndr_print *ndr, const char *name, int flags, const struct PNP_CreateKey *r);
+void ndr_print_PNP_DeleteRegistryKey(struct ndr_print *ndr, const char *name, int flags, const struct PNP_DeleteRegistryKey *r);
+void ndr_print_PNP_GetClassCount(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetClassCount *r);
+void ndr_print_PNP_GetClassName(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetClassName *r);
+void ndr_print_PNP_DeleteClassKey(struct ndr_print *ndr, const char *name, int flags, const struct PNP_DeleteClassKey *r);
+void ndr_print_PNP_GetInterfaceDeviceAlias(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetInterfaceDeviceAlias *r);
+void ndr_print_PNP_GetInterfaceDeviceList(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetInterfaceDeviceList *r);
+void ndr_print_PNP_GetInterfaceDeviceListSize(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetInterfaceDeviceListSize *r);
+void ndr_print_PNP_RegisterDeviceClassAssociation(struct ndr_print *ndr, const char *name, int flags, const struct PNP_RegisterDeviceClassAssociation *r);
+void ndr_print_PNP_UnregisterDeviceClassAssociation(struct ndr_print *ndr, const char *name, int flags, const struct PNP_UnregisterDeviceClassAssociation *r);
+void ndr_print_PNP_GetClassRegProp(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetClassRegProp *r);
+void ndr_print_PNP_SetClassRegProp(struct ndr_print *ndr, const char *name, int flags, const struct PNP_SetClassRegProp *r);
+void ndr_print_PNP_CreateDevInst(struct ndr_print *ndr, const char *name, int flags, const struct PNP_CreateDevInst *r);
+void ndr_print_PNP_DeviceInstanceAction(struct ndr_print *ndr, const char *name, int flags, const struct PNP_DeviceInstanceAction *r);
+void ndr_print_PNP_GetDeviceStatus(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetDeviceStatus *r);
+void ndr_print_PNP_SetDeviceProblem(struct ndr_print *ndr, const char *name, int flags, const struct PNP_SetDeviceProblem *r);
+void ndr_print_PNP_DisableDevInst(struct ndr_print *ndr, const char *name, int flags, const struct PNP_DisableDevInst *r);
+void ndr_print_PNP_UninstallDevInst(struct ndr_print *ndr, const char *name, int flags, const struct PNP_UninstallDevInst *r);
+void ndr_print_PNP_AddID(struct ndr_print *ndr, const char *name, int flags, const struct PNP_AddID *r);
+void ndr_print_PNP_RegisterDriver(struct ndr_print *ndr, const char *name, int flags, const struct PNP_RegisterDriver *r);
+void ndr_print_PNP_QueryRemove(struct ndr_print *ndr, const char *name, int flags, const struct PNP_QueryRemove *r);
+void ndr_print_PNP_RequestDeviceEject(struct ndr_print *ndr, const char *name, int flags, const struct PNP_RequestDeviceEject *r);
+void ndr_print_PNP_IsDockStationPresent(struct ndr_print *ndr, const char *name, int flags, const struct PNP_IsDockStationPresent *r);
+void ndr_print_PNP_RequestEjectPC(struct ndr_print *ndr, const char *name, int flags, const struct PNP_RequestEjectPC *r);
+void ndr_print_PNP_HwProfFlags(struct ndr_print *ndr, const char *name, int flags, const struct PNP_HwProfFlags *r);
+void ndr_print_PNP_GetHwProfInfo(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetHwProfInfo *r);
+void ndr_print_PNP_AddEmptyLogConf(struct ndr_print *ndr, const char *name, int flags, const struct PNP_AddEmptyLogConf *r);
+void ndr_print_PNP_FreeLogConf(struct ndr_print *ndr, const char *name, int flags, const struct PNP_FreeLogConf *r);
+void ndr_print_PNP_GetFirstLogConf(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetFirstLogConf *r);
+void ndr_print_PNP_GetNextLogConf(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetNextLogConf *r);
+void ndr_print_PNP_GetLogConfPriority(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetLogConfPriority *r);
+void ndr_print_PNP_AddResDes(struct ndr_print *ndr, const char *name, int flags, const struct PNP_AddResDes *r);
+void ndr_print_PNP_FreeResDes(struct ndr_print *ndr, const char *name, int flags, const struct PNP_FreeResDes *r);
+void ndr_print_PNP_GetNextResDes(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetNextResDes *r);
+void ndr_print_PNP_GetResDesData(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetResDesData *r);
+void ndr_print_PNP_GetResDesDataSize(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetResDesDataSize *r);
+void ndr_print_PNP_ModifyResDes(struct ndr_print *ndr, const char *name, int flags, const struct PNP_ModifyResDes *r);
+void ndr_print_PNP_DetectResourceLimit(struct ndr_print *ndr, const char *name, int flags, const struct PNP_DetectResourceLimit *r);
+void ndr_print_PNP_QueryResConfList(struct ndr_print *ndr, const char *name, int flags, const struct PNP_QueryResConfList *r);
+void ndr_print_PNP_SetHwProf(struct ndr_print *ndr, const char *name, int flags, const struct PNP_SetHwProf *r);
+void ndr_print_PNP_QueryArbitratorFreeData(struct ndr_print *ndr, const char *name, int flags, const struct PNP_QueryArbitratorFreeData *r);
+void ndr_print_PNP_QueryArbitratorFreeSize(struct ndr_print *ndr, const char *name, int flags, const struct PNP_QueryArbitratorFreeSize *r);
+void ndr_print_PNP_RunDetection(struct ndr_print *ndr, const char *name, int flags, const struct PNP_RunDetection *r);
+void ndr_print_PNP_RegisterNotification(struct ndr_print *ndr, const char *name, int flags, const struct PNP_RegisterNotification *r);
+void ndr_print_PNP_UnregisterNotification(struct ndr_print *ndr, const char *name, int flags, const struct PNP_UnregisterNotification *r);
+void ndr_print_PNP_GetCustomDevProp(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetCustomDevProp *r);
+void ndr_print_PNP_GetVersionInternal(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetVersionInternal *r);
+void ndr_print_PNP_GetBlockedDriverInfo(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetBlockedDriverInfo *r);
+void ndr_print_PNP_GetServerSideDeviceInstallFlags(struct ndr_print *ndr, const char *name, int flags, const struct PNP_GetServerSideDeviceInstallFlags *r);
+#endif /* _HEADER_NDR_ntsvcs */
diff --git a/source3/librpc/gen_ndr/ndr_samr.c b/source3/librpc/gen_ndr/ndr_samr.c
new file mode 100644
index 0000000000..3af589f393
--- /dev/null
+++ b/source3/librpc/gen_ndr/ndr_samr.c
@@ -0,0 +1,12676 @@
+/* parser auto-generated by pidl */
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_samr.h"
+
+#include "librpc/gen_ndr/ndr_misc.h"
+#include "librpc/gen_ndr/ndr_lsa.h"
+#include "librpc/gen_ndr/ndr_security.h"
+_PUBLIC_ enum ndr_err_code ndr_push_samr_AcctFlags(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_samr_AcctFlags(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_AcctFlags(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+	ndr_print_uint32(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ACB_DISABLED", ACB_DISABLED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ACB_HOMDIRREQ", ACB_HOMDIRREQ, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ACB_PWNOTREQ", ACB_PWNOTREQ, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ACB_TEMPDUP", ACB_TEMPDUP, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ACB_NORMAL", ACB_NORMAL, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ACB_MNS", ACB_MNS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ACB_DOMTRUST", ACB_DOMTRUST, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ACB_WSTRUST", ACB_WSTRUST, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ACB_SVRTRUST", ACB_SVRTRUST, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ACB_PWNOEXP", ACB_PWNOEXP, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ACB_AUTOLOCK", ACB_AUTOLOCK, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ACB_ENC_TXT_PWD_ALLOWED", ACB_ENC_TXT_PWD_ALLOWED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ACB_SMARTCARD_REQUIRED", ACB_SMARTCARD_REQUIRED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ACB_TRUSTED_FOR_DELEGATION", ACB_TRUSTED_FOR_DELEGATION, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ACB_NOT_DELEGATED", ACB_NOT_DELEGATED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ACB_USE_DES_KEY_ONLY", ACB_USE_DES_KEY_ONLY, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ACB_DONT_REQUIRE_PREAUTH", ACB_DONT_REQUIRE_PREAUTH, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ACB_PW_EXPIRED", ACB_PW_EXPIRED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ACB_NO_AUTH_DATA_REQD", ACB_NO_AUTH_DATA_REQD, r);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_ConnectAccessMask(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_ConnectAccessMask(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_ConnectAccessMask(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+	ndr_print_uint32(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ACCESS_CONNECT_TO_SERVER", SAMR_ACCESS_CONNECT_TO_SERVER, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ACCESS_SHUTDOWN_SERVER", SAMR_ACCESS_SHUTDOWN_SERVER, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ACCESS_INITIALIZE_SERVER", SAMR_ACCESS_INITIALIZE_SERVER, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ACCESS_CREATE_DOMAIN", SAMR_ACCESS_CREATE_DOMAIN, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ACCESS_ENUM_DOMAINS", SAMR_ACCESS_ENUM_DOMAINS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ACCESS_OPEN_DOMAIN", SAMR_ACCESS_OPEN_DOMAIN, r);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_UserAccessMask(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserAccessMask(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserAccessMask(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+	ndr_print_uint32(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_GET_NAME_ETC", SAMR_USER_ACCESS_GET_NAME_ETC, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_GET_LOCALE", SAMR_USER_ACCESS_GET_LOCALE, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_SET_LOC_COM", SAMR_USER_ACCESS_SET_LOC_COM, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_GET_LOGONINFO", SAMR_USER_ACCESS_GET_LOGONINFO, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_GET_ATTRIBUTES", SAMR_USER_ACCESS_GET_ATTRIBUTES, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_SET_ATTRIBUTES", SAMR_USER_ACCESS_SET_ATTRIBUTES, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_CHANGE_PASSWORD", SAMR_USER_ACCESS_CHANGE_PASSWORD, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_SET_PASSWORD", SAMR_USER_ACCESS_SET_PASSWORD, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_GET_GROUPS", SAMR_USER_ACCESS_GET_GROUPS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP", SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP", SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP, r);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DomainAccessMask(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DomainAccessMask(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DomainAccessMask(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+	ndr_print_uint32(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1", SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_SET_INFO_1", SAMR_DOMAIN_ACCESS_SET_INFO_1, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2", SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_SET_INFO_2", SAMR_DOMAIN_ACCESS_SET_INFO_2, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_CREATE_USER", SAMR_DOMAIN_ACCESS_CREATE_USER, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_CREATE_GROUP", SAMR_DOMAIN_ACCESS_CREATE_GROUP, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_CREATE_ALIAS", SAMR_DOMAIN_ACCESS_CREATE_ALIAS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS", SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS", SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT", SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_DOMAIN_ACCESS_SET_INFO_3", SAMR_DOMAIN_ACCESS_SET_INFO_3, r);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_GroupAccessMask(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_GroupAccessMask(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_GroupAccessMask(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+	ndr_print_uint32(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_GROUP_ACCESS_LOOKUP_INFO", SAMR_GROUP_ACCESS_LOOKUP_INFO, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_GROUP_ACCESS_SET_INFO", SAMR_GROUP_ACCESS_SET_INFO, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_GROUP_ACCESS_ADD_MEMBER", SAMR_GROUP_ACCESS_ADD_MEMBER, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_GROUP_ACCESS_REMOVE_MEMBER", SAMR_GROUP_ACCESS_REMOVE_MEMBER, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_GROUP_ACCESS_GET_MEMBERS", SAMR_GROUP_ACCESS_GET_MEMBERS, r);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_AliasAccessMask(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_AliasAccessMask(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_AliasAccessMask(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+	ndr_print_uint32(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ALIAS_ACCESS_ADD_MEMBER", SAMR_ALIAS_ACCESS_ADD_MEMBER, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ALIAS_ACCESS_REMOVE_MEMBER", SAMR_ALIAS_ACCESS_REMOVE_MEMBER, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ALIAS_ACCESS_GET_MEMBERS", SAMR_ALIAS_ACCESS_GET_MEMBERS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ALIAS_ACCESS_LOOKUP_INFO", SAMR_ALIAS_ACCESS_LOOKUP_INFO, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_ALIAS_ACCESS_SET_INFO", SAMR_ALIAS_ACCESS_SET_INFO, r);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_SamEntry(struct ndr_push *ndr, int ndr_flags, const struct samr_SamEntry *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->idx));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->name));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->name));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_SamEntry(struct ndr_pull *ndr, int ndr_flags, struct samr_SamEntry *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->idx));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->name));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->name));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_SamEntry(struct ndr_print *ndr, const char *name, const struct samr_SamEntry *r)
+{
+	ndr_print_struct(ndr, name, "samr_SamEntry");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "idx", r->idx);
+	ndr_print_lsa_String(ndr, "name", &r->name);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_SamArray(struct ndr_push *ndr, int ndr_flags, const struct samr_SamArray *r)
+{
+	uint32_t cntr_entries_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->entries));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->entries) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_push_samr_SamEntry(ndr, NDR_SCALARS, &r->entries[cntr_entries_1]));
+			}
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_push_samr_SamEntry(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1]));
+			}
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_SamArray(struct ndr_pull *ndr, int ndr_flags, struct samr_SamArray *r)
+{
+	uint32_t _ptr_entries;
+	uint32_t cntr_entries_1;
+	TALLOC_CTX *_mem_save_entries_0;
+	TALLOC_CTX *_mem_save_entries_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_entries));
+		if (_ptr_entries) {
+			NDR_PULL_ALLOC(ndr, r->entries);
+		} else {
+			r->entries = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->entries) {
+			_mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->entries));
+			NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries));
+			_mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0);
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_pull_samr_SamEntry(ndr, NDR_SCALARS, &r->entries[cntr_entries_1]));
+			}
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_pull_samr_SamEntry(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1]));
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0);
+		}
+		if (r->entries) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->entries, r->count));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_SamArray(struct ndr_print *ndr, const char *name, const struct samr_SamArray *r)
+{
+	uint32_t cntr_entries_1;
+	ndr_print_struct(ndr, name, "samr_SamArray");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "count", r->count);
+	ndr_print_ptr(ndr, "entries", r->entries);
+	ndr->depth++;
+	if (r->entries) {
+		ndr->print(ndr, "%s: ARRAY(%d)", "entries", r->count);
+		ndr->depth++;
+		for (cntr_entries_1=0;cntr_entries_1<r->count;cntr_entries_1++) {
+			char *idx_1=NULL;
+			if (asprintf(&idx_1, "[%d]", cntr_entries_1) != -1) {
+				ndr_print_samr_SamEntry(ndr, "entries", &r->entries[cntr_entries_1]);
+				free(idx_1);
+			}
+		}
+		ndr->depth--;
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_Role(struct ndr_push *ndr, int ndr_flags, enum samr_Role r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_Role(struct ndr_pull *ndr, int ndr_flags, enum samr_Role *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_Role(struct ndr_print *ndr, const char *name, enum samr_Role r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case SAMR_ROLE_STANDALONE: val = "SAMR_ROLE_STANDALONE"; break;
+		case SAMR_ROLE_DOMAIN_MEMBER: val = "SAMR_ROLE_DOMAIN_MEMBER"; break;
+		case SAMR_ROLE_DOMAIN_BDC: val = "SAMR_ROLE_DOMAIN_BDC"; break;
+		case SAMR_ROLE_DOMAIN_PDC: val = "SAMR_ROLE_DOMAIN_PDC"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_samr_PasswordProperties(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_samr_PasswordProperties(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_PasswordProperties(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+	ndr_print_uint32(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DOMAIN_PASSWORD_COMPLEX", DOMAIN_PASSWORD_COMPLEX, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DOMAIN_PASSWORD_NO_ANON_CHANGE", DOMAIN_PASSWORD_NO_ANON_CHANGE, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DOMAIN_PASSWORD_NO_CLEAR_CHANGE", DOMAIN_PASSWORD_NO_CLEAR_CHANGE, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DOMAIN_PASSWORD_LOCKOUT_ADMINS", DOMAIN_PASSWORD_LOCKOUT_ADMINS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DOMAIN_PASSWORD_STORE_CLEARTEXT", DOMAIN_PASSWORD_STORE_CLEARTEXT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "DOMAIN_REFUSE_PASSWORD_CHANGE", DOMAIN_REFUSE_PASSWORD_CHANGE, r);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DomInfo1(struct ndr_push *ndr, int ndr_flags, const struct samr_DomInfo1 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->min_password_length));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->password_history_length));
+		NDR_CHECK(ndr_push_samr_PasswordProperties(ndr, NDR_SCALARS, r->password_properties));
+		NDR_CHECK(ndr_push_dlong(ndr, NDR_SCALARS, r->max_password_age));
+		NDR_CHECK(ndr_push_dlong(ndr, NDR_SCALARS, r->min_password_age));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DomInfo1(struct ndr_pull *ndr, int ndr_flags, struct samr_DomInfo1 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->min_password_length));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->password_history_length));
+		NDR_CHECK(ndr_pull_samr_PasswordProperties(ndr, NDR_SCALARS, &r->password_properties));
+		NDR_CHECK(ndr_pull_dlong(ndr, NDR_SCALARS, &r->max_password_age));
+		NDR_CHECK(ndr_pull_dlong(ndr, NDR_SCALARS, &r->min_password_age));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DomInfo1(struct ndr_print *ndr, const char *name, const struct samr_DomInfo1 *r)
+{
+	ndr_print_struct(ndr, name, "samr_DomInfo1");
+	ndr->depth++;
+	ndr_print_uint16(ndr, "min_password_length", r->min_password_length);
+	ndr_print_uint16(ndr, "password_history_length", r->password_history_length);
+	ndr_print_samr_PasswordProperties(ndr, "password_properties", r->password_properties);
+	ndr_print_dlong(ndr, "max_password_age", r->max_password_age);
+	ndr_print_dlong(ndr, "min_password_age", r->min_password_age);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DomInfo2(struct ndr_push *ndr, int ndr_flags, const struct samr_DomInfo2 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->force_logoff_time));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->comment));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->domain_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->primary));
+		NDR_CHECK(ndr_push_udlong(ndr, NDR_SCALARS, r->sequence_num));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown2));
+		NDR_CHECK(ndr_push_samr_Role(ndr, NDR_SCALARS, r->role));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown3));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->num_users));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->num_groups));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->num_aliases));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->comment));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->domain_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->primary));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DomInfo2(struct ndr_pull *ndr, int ndr_flags, struct samr_DomInfo2 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->force_logoff_time));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->comment));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->domain_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->primary));
+		NDR_CHECK(ndr_pull_udlong(ndr, NDR_SCALARS, &r->sequence_num));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown2));
+		NDR_CHECK(ndr_pull_samr_Role(ndr, NDR_SCALARS, &r->role));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown3));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_users));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_groups));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_aliases));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->comment));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->domain_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->primary));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DomInfo2(struct ndr_print *ndr, const char *name, const struct samr_DomInfo2 *r)
+{
+	ndr_print_struct(ndr, name, "samr_DomInfo2");
+	ndr->depth++;
+	ndr_print_NTTIME(ndr, "force_logoff_time", r->force_logoff_time);
+	ndr_print_lsa_String(ndr, "comment", &r->comment);
+	ndr_print_lsa_String(ndr, "domain_name", &r->domain_name);
+	ndr_print_lsa_String(ndr, "primary", &r->primary);
+	ndr_print_udlong(ndr, "sequence_num", r->sequence_num);
+	ndr_print_uint32(ndr, "unknown2", r->unknown2);
+	ndr_print_samr_Role(ndr, "role", r->role);
+	ndr_print_uint32(ndr, "unknown3", r->unknown3);
+	ndr_print_uint32(ndr, "num_users", r->num_users);
+	ndr_print_uint32(ndr, "num_groups", r->num_groups);
+	ndr_print_uint32(ndr, "num_aliases", r->num_aliases);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DomInfo3(struct ndr_push *ndr, int ndr_flags, const struct samr_DomInfo3 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->force_logoff_time));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DomInfo3(struct ndr_pull *ndr, int ndr_flags, struct samr_DomInfo3 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->force_logoff_time));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DomInfo3(struct ndr_print *ndr, const char *name, const struct samr_DomInfo3 *r)
+{
+	ndr_print_struct(ndr, name, "samr_DomInfo3");
+	ndr->depth++;
+	ndr_print_NTTIME(ndr, "force_logoff_time", r->force_logoff_time);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DomInfo4(struct ndr_push *ndr, int ndr_flags, const struct samr_DomInfo4 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->comment));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->comment));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DomInfo4(struct ndr_pull *ndr, int ndr_flags, struct samr_DomInfo4 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->comment));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->comment));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DomInfo4(struct ndr_print *ndr, const char *name, const struct samr_DomInfo4 *r)
+{
+	ndr_print_struct(ndr, name, "samr_DomInfo4");
+	ndr->depth++;
+	ndr_print_lsa_String(ndr, "comment", &r->comment);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DomInfo5(struct ndr_push *ndr, int ndr_flags, const struct samr_DomInfo5 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->domain_name));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->domain_name));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DomInfo5(struct ndr_pull *ndr, int ndr_flags, struct samr_DomInfo5 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->domain_name));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->domain_name));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DomInfo5(struct ndr_print *ndr, const char *name, const struct samr_DomInfo5 *r)
+{
+	ndr_print_struct(ndr, name, "samr_DomInfo5");
+	ndr->depth++;
+	ndr_print_lsa_String(ndr, "domain_name", &r->domain_name);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DomInfo6(struct ndr_push *ndr, int ndr_flags, const struct samr_DomInfo6 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->primary));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->primary));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DomInfo6(struct ndr_pull *ndr, int ndr_flags, struct samr_DomInfo6 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->primary));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->primary));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DomInfo6(struct ndr_print *ndr, const char *name, const struct samr_DomInfo6 *r)
+{
+	ndr_print_struct(ndr, name, "samr_DomInfo6");
+	ndr->depth++;
+	ndr_print_lsa_String(ndr, "primary", &r->primary);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DomInfo7(struct ndr_push *ndr, int ndr_flags, const struct samr_DomInfo7 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_samr_Role(ndr, NDR_SCALARS, r->role));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DomInfo7(struct ndr_pull *ndr, int ndr_flags, struct samr_DomInfo7 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_samr_Role(ndr, NDR_SCALARS, &r->role));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DomInfo7(struct ndr_print *ndr, const char *name, const struct samr_DomInfo7 *r)
+{
+	ndr_print_struct(ndr, name, "samr_DomInfo7");
+	ndr->depth++;
+	ndr_print_samr_Role(ndr, "role", r->role);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DomInfo8(struct ndr_push *ndr, int ndr_flags, const struct samr_DomInfo8 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 8));
+		NDR_CHECK(ndr_push_hyper(ndr, NDR_SCALARS, r->sequence_num));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->domain_create_time));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DomInfo8(struct ndr_pull *ndr, int ndr_flags, struct samr_DomInfo8 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 8));
+		NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, &r->sequence_num));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->domain_create_time));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DomInfo8(struct ndr_print *ndr, const char *name, const struct samr_DomInfo8 *r)
+{
+	ndr_print_struct(ndr, name, "samr_DomInfo8");
+	ndr->depth++;
+	ndr_print_hyper(ndr, "sequence_num", r->sequence_num);
+	ndr_print_NTTIME(ndr, "domain_create_time", r->domain_create_time);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DomInfo9(struct ndr_push *ndr, int ndr_flags, const struct samr_DomInfo9 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DomInfo9(struct ndr_pull *ndr, int ndr_flags, struct samr_DomInfo9 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DomInfo9(struct ndr_print *ndr, const char *name, const struct samr_DomInfo9 *r)
+{
+	ndr_print_struct(ndr, name, "samr_DomInfo9");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "unknown", r->unknown);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DomInfo11(struct ndr_push *ndr, int ndr_flags, const struct samr_DomInfo11 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 8));
+		NDR_CHECK(ndr_push_samr_DomInfo2(ndr, NDR_SCALARS, &r->info2));
+		NDR_CHECK(ndr_push_hyper(ndr, NDR_SCALARS, r->lockout_duration));
+		NDR_CHECK(ndr_push_hyper(ndr, NDR_SCALARS, r->lockout_window));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->lockout_threshold));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_samr_DomInfo2(ndr, NDR_BUFFERS, &r->info2));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DomInfo11(struct ndr_pull *ndr, int ndr_flags, struct samr_DomInfo11 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 8));
+		NDR_CHECK(ndr_pull_samr_DomInfo2(ndr, NDR_SCALARS, &r->info2));
+		NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, &r->lockout_duration));
+		NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, &r->lockout_window));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->lockout_threshold));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_samr_DomInfo2(ndr, NDR_BUFFERS, &r->info2));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DomInfo11(struct ndr_print *ndr, const char *name, const struct samr_DomInfo11 *r)
+{
+	ndr_print_struct(ndr, name, "samr_DomInfo11");
+	ndr->depth++;
+	ndr_print_samr_DomInfo2(ndr, "info2", &r->info2);
+	ndr_print_hyper(ndr, "lockout_duration", r->lockout_duration);
+	ndr_print_hyper(ndr, "lockout_window", r->lockout_window);
+	ndr_print_uint16(ndr, "lockout_threshold", r->lockout_threshold);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DomInfo12(struct ndr_push *ndr, int ndr_flags, const struct samr_DomInfo12 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 8));
+		NDR_CHECK(ndr_push_hyper(ndr, NDR_SCALARS, r->lockout_duration));
+		NDR_CHECK(ndr_push_hyper(ndr, NDR_SCALARS, r->lockout_window));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->lockout_threshold));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DomInfo12(struct ndr_pull *ndr, int ndr_flags, struct samr_DomInfo12 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 8));
+		NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, &r->lockout_duration));
+		NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, &r->lockout_window));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->lockout_threshold));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DomInfo12(struct ndr_print *ndr, const char *name, const struct samr_DomInfo12 *r)
+{
+	ndr_print_struct(ndr, name, "samr_DomInfo12");
+	ndr->depth++;
+	ndr_print_hyper(ndr, "lockout_duration", r->lockout_duration);
+	ndr_print_hyper(ndr, "lockout_window", r->lockout_window);
+	ndr_print_uint16(ndr, "lockout_threshold", r->lockout_threshold);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DomInfo13(struct ndr_push *ndr, int ndr_flags, const struct samr_DomInfo13 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 8));
+		NDR_CHECK(ndr_push_hyper(ndr, NDR_SCALARS, r->sequence_num));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->domain_create_time));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown1));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown2));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DomInfo13(struct ndr_pull *ndr, int ndr_flags, struct samr_DomInfo13 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 8));
+		NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, &r->sequence_num));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->domain_create_time));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown1));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown2));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DomInfo13(struct ndr_print *ndr, const char *name, const struct samr_DomInfo13 *r)
+{
+	ndr_print_struct(ndr, name, "samr_DomInfo13");
+	ndr->depth++;
+	ndr_print_hyper(ndr, "sequence_num", r->sequence_num);
+	ndr_print_NTTIME(ndr, "domain_create_time", r->domain_create_time);
+	ndr_print_uint32(ndr, "unknown1", r->unknown1);
+	ndr_print_uint32(ndr, "unknown2", r->unknown2);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DomainInfo(struct ndr_push *ndr, int ndr_flags, const union samr_DomainInfo *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, level));
+		switch (level) {
+			case 1: {
+				NDR_CHECK(ndr_push_samr_DomInfo1(ndr, NDR_SCALARS, &r->info1));
+			break; }
+
+			case 2: {
+				NDR_CHECK(ndr_push_samr_DomInfo2(ndr, NDR_SCALARS, &r->info2));
+			break; }
+
+			case 3: {
+				NDR_CHECK(ndr_push_samr_DomInfo3(ndr, NDR_SCALARS, &r->info3));
+			break; }
+
+			case 4: {
+				NDR_CHECK(ndr_push_samr_DomInfo4(ndr, NDR_SCALARS, &r->info4));
+			break; }
+
+			case 5: {
+				NDR_CHECK(ndr_push_samr_DomInfo5(ndr, NDR_SCALARS, &r->info5));
+			break; }
+
+			case 6: {
+				NDR_CHECK(ndr_push_samr_DomInfo6(ndr, NDR_SCALARS, &r->info6));
+			break; }
+
+			case 7: {
+				NDR_CHECK(ndr_push_samr_DomInfo7(ndr, NDR_SCALARS, &r->info7));
+			break; }
+
+			case 8: {
+				NDR_CHECK(ndr_push_samr_DomInfo8(ndr, NDR_SCALARS, &r->info8));
+			break; }
+
+			case 9: {
+				NDR_CHECK(ndr_push_samr_DomInfo9(ndr, NDR_SCALARS, &r->info9));
+			break; }
+
+			case 11: {
+				NDR_CHECK(ndr_push_samr_DomInfo11(ndr, NDR_SCALARS, &r->info11));
+			break; }
+
+			case 12: {
+				NDR_CHECK(ndr_push_samr_DomInfo12(ndr, NDR_SCALARS, &r->info12));
+			break; }
+
+			case 13: {
+				NDR_CHECK(ndr_push_samr_DomInfo13(ndr, NDR_SCALARS, &r->info13));
+			break; }
+
+			default:
+				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		switch (level) {
+			case 1:
+			break;
+
+			case 2:
+				NDR_CHECK(ndr_push_samr_DomInfo2(ndr, NDR_BUFFERS, &r->info2));
+			break;
+
+			case 3:
+			break;
+
+			case 4:
+				NDR_CHECK(ndr_push_samr_DomInfo4(ndr, NDR_BUFFERS, &r->info4));
+			break;
+
+			case 5:
+				NDR_CHECK(ndr_push_samr_DomInfo5(ndr, NDR_BUFFERS, &r->info5));
+			break;
+
+			case 6:
+				NDR_CHECK(ndr_push_samr_DomInfo6(ndr, NDR_BUFFERS, &r->info6));
+			break;
+
+			case 7:
+			break;
+
+			case 8:
+			break;
+
+			case 9:
+			break;
+
+			case 11:
+				NDR_CHECK(ndr_push_samr_DomInfo11(ndr, NDR_BUFFERS, &r->info11));
+			break;
+
+			case 12:
+			break;
+
+			case 13:
+			break;
+
+			default:
+				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DomainInfo(struct ndr_pull *ndr, int ndr_flags, union samr_DomainInfo *r)
+{
+	int level;
+	uint16_t _level;
+	level = ndr_pull_get_switch_value(ndr, r);
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level));
+		if (_level != level) {
+			return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u for r", _level);
+		}
+		switch (level) {
+			case 1: {
+				NDR_CHECK(ndr_pull_samr_DomInfo1(ndr, NDR_SCALARS, &r->info1));
+			break; }
+
+			case 2: {
+				NDR_CHECK(ndr_pull_samr_DomInfo2(ndr, NDR_SCALARS, &r->info2));
+			break; }
+
+			case 3: {
+				NDR_CHECK(ndr_pull_samr_DomInfo3(ndr, NDR_SCALARS, &r->info3));
+			break; }
+
+			case 4: {
+				NDR_CHECK(ndr_pull_samr_DomInfo4(ndr, NDR_SCALARS, &r->info4));
+			break; }
+
+			case 5: {
+				NDR_CHECK(ndr_pull_samr_DomInfo5(ndr, NDR_SCALARS, &r->info5));
+			break; }
+
+			case 6: {
+				NDR_CHECK(ndr_pull_samr_DomInfo6(ndr, NDR_SCALARS, &r->info6));
+			break; }
+
+			case 7: {
+				NDR_CHECK(ndr_pull_samr_DomInfo7(ndr, NDR_SCALARS, &r->info7));
+			break; }
+
+			case 8: {
+				NDR_CHECK(ndr_pull_samr_DomInfo8(ndr, NDR_SCALARS, &r->info8));
+			break; }
+
+			case 9: {
+				NDR_CHECK(ndr_pull_samr_DomInfo9(ndr, NDR_SCALARS, &r->info9));
+			break; }
+
+			case 11: {
+				NDR_CHECK(ndr_pull_samr_DomInfo11(ndr, NDR_SCALARS, &r->info11));
+			break; }
+
+			case 12: {
+				NDR_CHECK(ndr_pull_samr_DomInfo12(ndr, NDR_SCALARS, &r->info12));
+			break; }
+
+			case 13: {
+				NDR_CHECK(ndr_pull_samr_DomInfo13(ndr, NDR_SCALARS, &r->info13));
+			break; }
+
+			default:
+				return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		switch (level) {
+			case 1:
+			break;
+
+			case 2:
+				NDR_CHECK(ndr_pull_samr_DomInfo2(ndr, NDR_BUFFERS, &r->info2));
+			break;
+
+			case 3:
+			break;
+
+			case 4:
+				NDR_CHECK(ndr_pull_samr_DomInfo4(ndr, NDR_BUFFERS, &r->info4));
+			break;
+
+			case 5:
+				NDR_CHECK(ndr_pull_samr_DomInfo5(ndr, NDR_BUFFERS, &r->info5));
+			break;
+
+			case 6:
+				NDR_CHECK(ndr_pull_samr_DomInfo6(ndr, NDR_BUFFERS, &r->info6));
+			break;
+
+			case 7:
+			break;
+
+			case 8:
+			break;
+
+			case 9:
+			break;
+
+			case 11:
+				NDR_CHECK(ndr_pull_samr_DomInfo11(ndr, NDR_BUFFERS, &r->info11));
+			break;
+
+			case 12:
+			break;
+
+			case 13:
+			break;
+
+			default:
+				return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DomainInfo(struct ndr_print *ndr, const char *name, const union samr_DomainInfo *r)
+{
+	int level;
+	level = ndr_print_get_switch_value(ndr, r);
+	ndr_print_union(ndr, name, level, "samr_DomainInfo");
+	switch (level) {
+		case 1:
+			ndr_print_samr_DomInfo1(ndr, "info1", &r->info1);
+		break;
+
+		case 2:
+			ndr_print_samr_DomInfo2(ndr, "info2", &r->info2);
+		break;
+
+		case 3:
+			ndr_print_samr_DomInfo3(ndr, "info3", &r->info3);
+		break;
+
+		case 4:
+			ndr_print_samr_DomInfo4(ndr, "info4", &r->info4);
+		break;
+
+		case 5:
+			ndr_print_samr_DomInfo5(ndr, "info5", &r->info5);
+		break;
+
+		case 6:
+			ndr_print_samr_DomInfo6(ndr, "info6", &r->info6);
+		break;
+
+		case 7:
+			ndr_print_samr_DomInfo7(ndr, "info7", &r->info7);
+		break;
+
+		case 8:
+			ndr_print_samr_DomInfo8(ndr, "info8", &r->info8);
+		break;
+
+		case 9:
+			ndr_print_samr_DomInfo9(ndr, "info9", &r->info9);
+		break;
+
+		case 11:
+			ndr_print_samr_DomInfo11(ndr, "info11", &r->info11);
+		break;
+
+		case 12:
+			ndr_print_samr_DomInfo12(ndr, "info12", &r->info12);
+		break;
+
+		case 13:
+			ndr_print_samr_DomInfo13(ndr, "info13", &r->info13);
+		break;
+
+		default:
+			ndr_print_bad_level(ndr, name, level);
+	}
+}
+
+static enum ndr_err_code ndr_push_samr_Ids(struct ndr_push *ndr, int ndr_flags, const struct samr_Ids *r)
+{
+	uint32_t cntr_ids_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->ids));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->ids) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+			for (cntr_ids_1 = 0; cntr_ids_1 < r->count; cntr_ids_1++) {
+				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->ids[cntr_ids_1]));
+			}
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_Ids(struct ndr_pull *ndr, int ndr_flags, struct samr_Ids *r)
+{
+	uint32_t _ptr_ids;
+	uint32_t cntr_ids_1;
+	TALLOC_CTX *_mem_save_ids_0;
+	TALLOC_CTX *_mem_save_ids_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count));
+		if (r->count < 0 || r->count > 1024) {
+			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ids));
+		if (_ptr_ids) {
+			NDR_PULL_ALLOC(ndr, r->ids);
+		} else {
+			r->ids = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->ids) {
+			_mem_save_ids_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->ids, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->ids));
+			NDR_PULL_ALLOC_N(ndr, r->ids, ndr_get_array_size(ndr, &r->ids));
+			_mem_save_ids_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->ids, 0);
+			for (cntr_ids_1 = 0; cntr_ids_1 < r->count; cntr_ids_1++) {
+				NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->ids[cntr_ids_1]));
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ids_1, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ids_0, 0);
+		}
+		if (r->ids) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->ids, r->count));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_Ids(struct ndr_print *ndr, const char *name, const struct samr_Ids *r)
+{
+	uint32_t cntr_ids_1;
+	ndr_print_struct(ndr, name, "samr_Ids");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "count", r->count);
+	ndr_print_ptr(ndr, "ids", r->ids);
+	ndr->depth++;
+	if (r->ids) {
+		ndr->print(ndr, "%s: ARRAY(%d)", "ids", r->count);
+		ndr->depth++;
+		for (cntr_ids_1=0;cntr_ids_1<r->count;cntr_ids_1++) {
+			char *idx_1=NULL;
+			if (asprintf(&idx_1, "[%d]", cntr_ids_1) != -1) {
+				ndr_print_uint32(ndr, "ids", r->ids[cntr_ids_1]);
+				free(idx_1);
+			}
+		}
+		ndr->depth--;
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_samr_GroupAttrs(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_samr_GroupAttrs(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_GroupAttrs(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+	ndr_print_uint32(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SE_GROUP_MANDATORY", SE_GROUP_MANDATORY, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SE_GROUP_ENABLED_BY_DEFAULT", SE_GROUP_ENABLED_BY_DEFAULT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SE_GROUP_ENABLED", SE_GROUP_ENABLED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SE_GROUP_OWNER", SE_GROUP_OWNER, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SE_GROUP_USE_FOR_DENY_ONLY", SE_GROUP_USE_FOR_DENY_ONLY, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SE_GROUP_RESOURCE", SE_GROUP_RESOURCE, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SE_GROUP_LOGON_ID", SE_GROUP_LOGON_ID, r);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_GroupInfoAll(struct ndr_push *ndr, int ndr_flags, const struct samr_GroupInfoAll *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->name));
+		NDR_CHECK(ndr_push_samr_GroupAttrs(ndr, NDR_SCALARS, r->attributes));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->num_members));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->description));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->description));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_GroupInfoAll(struct ndr_pull *ndr, int ndr_flags, struct samr_GroupInfoAll *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->name));
+		NDR_CHECK(ndr_pull_samr_GroupAttrs(ndr, NDR_SCALARS, &r->attributes));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_members));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->description));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->description));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_GroupInfoAll(struct ndr_print *ndr, const char *name, const struct samr_GroupInfoAll *r)
+{
+	ndr_print_struct(ndr, name, "samr_GroupInfoAll");
+	ndr->depth++;
+	ndr_print_lsa_String(ndr, "name", &r->name);
+	ndr_print_samr_GroupAttrs(ndr, "attributes", r->attributes);
+	ndr_print_uint32(ndr, "num_members", r->num_members);
+	ndr_print_lsa_String(ndr, "description", &r->description);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_GroupInfoAttributes(struct ndr_push *ndr, int ndr_flags, const struct samr_GroupInfoAttributes *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_samr_GroupAttrs(ndr, NDR_SCALARS, r->attributes));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_GroupInfoAttributes(struct ndr_pull *ndr, int ndr_flags, struct samr_GroupInfoAttributes *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_samr_GroupAttrs(ndr, NDR_SCALARS, &r->attributes));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_GroupInfoAttributes(struct ndr_print *ndr, const char *name, const struct samr_GroupInfoAttributes *r)
+{
+	ndr_print_struct(ndr, name, "samr_GroupInfoAttributes");
+	ndr->depth++;
+	ndr_print_samr_GroupAttrs(ndr, "attributes", r->attributes);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_GroupInfoEnum(struct ndr_push *ndr, int ndr_flags, enum samr_GroupInfoEnum r)
+{
+	NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_GroupInfoEnum(struct ndr_pull *ndr, int ndr_flags, enum samr_GroupInfoEnum *r)
+{
+	uint16_t v;
+	NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_GroupInfoEnum(struct ndr_print *ndr, const char *name, enum samr_GroupInfoEnum r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case GROUPINFOALL: val = "GROUPINFOALL"; break;
+		case GROUPINFONAME: val = "GROUPINFONAME"; break;
+		case GROUPINFOATTRIBUTES: val = "GROUPINFOATTRIBUTES"; break;
+		case GROUPINFODESCRIPTION: val = "GROUPINFODESCRIPTION"; break;
+		case GROUPINFOALL2: val = "GROUPINFOALL2"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
+static enum ndr_err_code ndr_push_samr_GroupInfo(struct ndr_push *ndr, int ndr_flags, const union samr_GroupInfo *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		NDR_CHECK(ndr_push_samr_GroupInfoEnum(ndr, NDR_SCALARS, level));
+		switch (level) {
+			case GROUPINFOALL: {
+				NDR_CHECK(ndr_push_samr_GroupInfoAll(ndr, NDR_SCALARS, &r->all));
+			break; }
+
+			case GROUPINFONAME: {
+				NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->name));
+			break; }
+
+			case GROUPINFOATTRIBUTES: {
+				NDR_CHECK(ndr_push_samr_GroupInfoAttributes(ndr, NDR_SCALARS, &r->attributes));
+			break; }
+
+			case GROUPINFODESCRIPTION: {
+				NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->description));
+			break; }
+
+			case GROUPINFOALL2: {
+				NDR_CHECK(ndr_push_samr_GroupInfoAll(ndr, NDR_SCALARS, &r->all2));
+			break; }
+
+			default:
+				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		switch (level) {
+			case GROUPINFOALL:
+				NDR_CHECK(ndr_push_samr_GroupInfoAll(ndr, NDR_BUFFERS, &r->all));
+			break;
+
+			case GROUPINFONAME:
+				NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->name));
+			break;
+
+			case GROUPINFOATTRIBUTES:
+			break;
+
+			case GROUPINFODESCRIPTION:
+				NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->description));
+			break;
+
+			case GROUPINFOALL2:
+				NDR_CHECK(ndr_push_samr_GroupInfoAll(ndr, NDR_BUFFERS, &r->all2));
+			break;
+
+			default:
+				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_GroupInfo(struct ndr_pull *ndr, int ndr_flags, union samr_GroupInfo *r)
+{
+	int level;
+	uint16_t _level;
+	level = ndr_pull_get_switch_value(ndr, r);
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level));
+		if (_level != level) {
+			return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u for r", _level);
+		}
+		switch (level) {
+			case GROUPINFOALL: {
+				NDR_CHECK(ndr_pull_samr_GroupInfoAll(ndr, NDR_SCALARS, &r->all));
+			break; }
+
+			case GROUPINFONAME: {
+				NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->name));
+			break; }
+
+			case GROUPINFOATTRIBUTES: {
+				NDR_CHECK(ndr_pull_samr_GroupInfoAttributes(ndr, NDR_SCALARS, &r->attributes));
+			break; }
+
+			case GROUPINFODESCRIPTION: {
+				NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->description));
+			break; }
+
+			case GROUPINFOALL2: {
+				NDR_CHECK(ndr_pull_samr_GroupInfoAll(ndr, NDR_SCALARS, &r->all2));
+			break; }
+
+			default:
+				return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		switch (level) {
+			case GROUPINFOALL:
+				NDR_CHECK(ndr_pull_samr_GroupInfoAll(ndr, NDR_BUFFERS, &r->all));
+			break;
+
+			case GROUPINFONAME:
+				NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->name));
+			break;
+
+			case GROUPINFOATTRIBUTES:
+			break;
+
+			case GROUPINFODESCRIPTION:
+				NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->description));
+			break;
+
+			case GROUPINFOALL2:
+				NDR_CHECK(ndr_pull_samr_GroupInfoAll(ndr, NDR_BUFFERS, &r->all2));
+			break;
+
+			default:
+				return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_GroupInfo(struct ndr_print *ndr, const char *name, const union samr_GroupInfo *r)
+{
+	int level;
+	level = ndr_print_get_switch_value(ndr, r);
+	ndr_print_union(ndr, name, level, "samr_GroupInfo");
+	switch (level) {
+		case GROUPINFOALL:
+			ndr_print_samr_GroupInfoAll(ndr, "all", &r->all);
+		break;
+
+		case GROUPINFONAME:
+			ndr_print_lsa_String(ndr, "name", &r->name);
+		break;
+
+		case GROUPINFOATTRIBUTES:
+			ndr_print_samr_GroupInfoAttributes(ndr, "attributes", &r->attributes);
+		break;
+
+		case GROUPINFODESCRIPTION:
+			ndr_print_lsa_String(ndr, "description", &r->description);
+		break;
+
+		case GROUPINFOALL2:
+			ndr_print_samr_GroupInfoAll(ndr, "all2", &r->all2);
+		break;
+
+		default:
+			ndr_print_bad_level(ndr, name, level);
+	}
+}
+
+static enum ndr_err_code ndr_push_samr_RidTypeArray(struct ndr_push *ndr, int ndr_flags, const struct samr_RidTypeArray *r)
+{
+	uint32_t cntr_rids_1;
+	uint32_t cntr_types_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->rids));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->types));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->rids) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+			for (cntr_rids_1 = 0; cntr_rids_1 < r->count; cntr_rids_1++) {
+				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rids[cntr_rids_1]));
+			}
+		}
+		if (r->types) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+			for (cntr_types_1 = 0; cntr_types_1 < r->count; cntr_types_1++) {
+				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->types[cntr_types_1]));
+			}
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_RidTypeArray(struct ndr_pull *ndr, int ndr_flags, struct samr_RidTypeArray *r)
+{
+	uint32_t _ptr_rids;
+	uint32_t cntr_rids_1;
+	TALLOC_CTX *_mem_save_rids_0;
+	TALLOC_CTX *_mem_save_rids_1;
+	uint32_t _ptr_types;
+	uint32_t cntr_types_1;
+	TALLOC_CTX *_mem_save_types_0;
+	TALLOC_CTX *_mem_save_types_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_rids));
+		if (_ptr_rids) {
+			NDR_PULL_ALLOC(ndr, r->rids);
+		} else {
+			r->rids = NULL;
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_types));
+		if (_ptr_types) {
+			NDR_PULL_ALLOC(ndr, r->types);
+		} else {
+			r->types = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->rids) {
+			_mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->rids));
+			NDR_PULL_ALLOC_N(ndr, r->rids, ndr_get_array_size(ndr, &r->rids));
+			_mem_save_rids_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0);
+			for (cntr_rids_1 = 0; cntr_rids_1 < r->count; cntr_rids_1++) {
+				NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->rids[cntr_rids_1]));
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_1, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_0, 0);
+		}
+		if (r->types) {
+			_mem_save_types_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->types, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->types));
+			NDR_PULL_ALLOC_N(ndr, r->types, ndr_get_array_size(ndr, &r->types));
+			_mem_save_types_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->types, 0);
+			for (cntr_types_1 = 0; cntr_types_1 < r->count; cntr_types_1++) {
+				NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->types[cntr_types_1]));
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_types_1, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_types_0, 0);
+		}
+		if (r->rids) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->rids, r->count));
+		}
+		if (r->types) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->types, r->count));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_RidTypeArray(struct ndr_print *ndr, const char *name, const struct samr_RidTypeArray *r)
+{
+	uint32_t cntr_rids_1;
+	uint32_t cntr_types_1;
+	ndr_print_struct(ndr, name, "samr_RidTypeArray");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "count", r->count);
+	ndr_print_ptr(ndr, "rids", r->rids);
+	ndr->depth++;
+	if (r->rids) {
+		ndr->print(ndr, "%s: ARRAY(%d)", "rids", r->count);
+		ndr->depth++;
+		for (cntr_rids_1=0;cntr_rids_1<r->count;cntr_rids_1++) {
+			char *idx_1=NULL;
+			if (asprintf(&idx_1, "[%d]", cntr_rids_1) != -1) {
+				ndr_print_uint32(ndr, "rids", r->rids[cntr_rids_1]);
+				free(idx_1);
+			}
+		}
+		ndr->depth--;
+	}
+	ndr->depth--;
+	ndr_print_ptr(ndr, "types", r->types);
+	ndr->depth++;
+	if (r->types) {
+		ndr->print(ndr, "%s: ARRAY(%d)", "types", r->count);
+		ndr->depth++;
+		for (cntr_types_1=0;cntr_types_1<r->count;cntr_types_1++) {
+			char *idx_1=NULL;
+			if (asprintf(&idx_1, "[%d]", cntr_types_1) != -1) {
+				ndr_print_uint32(ndr, "types", r->types[cntr_types_1]);
+				free(idx_1);
+			}
+		}
+		ndr->depth--;
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_AliasInfoAll(struct ndr_push *ndr, int ndr_flags, const struct samr_AliasInfoAll *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->name));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->num_members));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->description));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->description));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_AliasInfoAll(struct ndr_pull *ndr, int ndr_flags, struct samr_AliasInfoAll *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->name));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_members));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->description));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->description));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_AliasInfoAll(struct ndr_print *ndr, const char *name, const struct samr_AliasInfoAll *r)
+{
+	ndr_print_struct(ndr, name, "samr_AliasInfoAll");
+	ndr->depth++;
+	ndr_print_lsa_String(ndr, "name", &r->name);
+	ndr_print_uint32(ndr, "num_members", r->num_members);
+	ndr_print_lsa_String(ndr, "description", &r->description);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_AliasInfoEnum(struct ndr_push *ndr, int ndr_flags, enum samr_AliasInfoEnum r)
+{
+	NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_AliasInfoEnum(struct ndr_pull *ndr, int ndr_flags, enum samr_AliasInfoEnum *r)
+{
+	uint16_t v;
+	NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_AliasInfoEnum(struct ndr_print *ndr, const char *name, enum samr_AliasInfoEnum r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case ALIASINFOALL: val = "ALIASINFOALL"; break;
+		case ALIASINFONAME: val = "ALIASINFONAME"; break;
+		case ALIASINFODESCRIPTION: val = "ALIASINFODESCRIPTION"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
+static enum ndr_err_code ndr_push_samr_AliasInfo(struct ndr_push *ndr, int ndr_flags, const union samr_AliasInfo *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		NDR_CHECK(ndr_push_samr_AliasInfoEnum(ndr, NDR_SCALARS, level));
+		switch (level) {
+			case ALIASINFOALL: {
+				NDR_CHECK(ndr_push_samr_AliasInfoAll(ndr, NDR_SCALARS, &r->all));
+			break; }
+
+			case ALIASINFONAME: {
+				NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->name));
+			break; }
+
+			case ALIASINFODESCRIPTION: {
+				NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->description));
+			break; }
+
+			default:
+				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		switch (level) {
+			case ALIASINFOALL:
+				NDR_CHECK(ndr_push_samr_AliasInfoAll(ndr, NDR_BUFFERS, &r->all));
+			break;
+
+			case ALIASINFONAME:
+				NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->name));
+			break;
+
+			case ALIASINFODESCRIPTION:
+				NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->description));
+			break;
+
+			default:
+				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_AliasInfo(struct ndr_pull *ndr, int ndr_flags, union samr_AliasInfo *r)
+{
+	int level;
+	uint16_t _level;
+	level = ndr_pull_get_switch_value(ndr, r);
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level));
+		if (_level != level) {
+			return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u for r", _level);
+		}
+		switch (level) {
+			case ALIASINFOALL: {
+				NDR_CHECK(ndr_pull_samr_AliasInfoAll(ndr, NDR_SCALARS, &r->all));
+			break; }
+
+			case ALIASINFONAME: {
+				NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->name));
+			break; }
+
+			case ALIASINFODESCRIPTION: {
+				NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->description));
+			break; }
+
+			default:
+				return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		switch (level) {
+			case ALIASINFOALL:
+				NDR_CHECK(ndr_pull_samr_AliasInfoAll(ndr, NDR_BUFFERS, &r->all));
+			break;
+
+			case ALIASINFONAME:
+				NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->name));
+			break;
+
+			case ALIASINFODESCRIPTION:
+				NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->description));
+			break;
+
+			default:
+				return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_AliasInfo(struct ndr_print *ndr, const char *name, const union samr_AliasInfo *r)
+{
+	int level;
+	level = ndr_print_get_switch_value(ndr, r);
+	ndr_print_union(ndr, name, level, "samr_AliasInfo");
+	switch (level) {
+		case ALIASINFOALL:
+			ndr_print_samr_AliasInfoAll(ndr, "all", &r->all);
+		break;
+
+		case ALIASINFONAME:
+			ndr_print_lsa_String(ndr, "name", &r->name);
+		break;
+
+		case ALIASINFODESCRIPTION:
+			ndr_print_lsa_String(ndr, "description", &r->description);
+		break;
+
+		default:
+			ndr_print_bad_level(ndr, name, level);
+	}
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo1(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo1 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->account_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->full_name));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->primary_gid));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->description));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->comment));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->account_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->full_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->description));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->comment));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo1(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo1 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->account_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->full_name));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->primary_gid));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->description));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->comment));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->account_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->full_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->description));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->comment));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo1(struct ndr_print *ndr, const char *name, const struct samr_UserInfo1 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo1");
+	ndr->depth++;
+	ndr_print_lsa_String(ndr, "account_name", &r->account_name);
+	ndr_print_lsa_String(ndr, "full_name", &r->full_name);
+	ndr_print_uint32(ndr, "primary_gid", r->primary_gid);
+	ndr_print_lsa_String(ndr, "description", &r->description);
+	ndr_print_lsa_String(ndr, "comment", &r->comment);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo2(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo2 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->comment));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->unknown));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->country_code));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->code_page));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->comment));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->unknown));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo2(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo2 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->comment));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->unknown));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->country_code));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->code_page));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->comment));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->unknown));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo2(struct ndr_print *ndr, const char *name, const struct samr_UserInfo2 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo2");
+	ndr->depth++;
+	ndr_print_lsa_String(ndr, "comment", &r->comment);
+	ndr_print_lsa_String(ndr, "unknown", &r->unknown);
+	ndr_print_uint16(ndr, "country_code", r->country_code);
+	ndr_print_uint16(ndr, "code_page", r->code_page);
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_samr_LogonHours(struct ndr_push *ndr, int ndr_flags, const struct samr_LogonHours *r)
+{
+	{
+		uint32_t _flags_save_STRUCT = ndr->flags;
+		ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX);
+		if (ndr_flags & NDR_SCALARS) {
+			NDR_CHECK(ndr_push_align(ndr, 4));
+			NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->units_per_week));
+			NDR_CHECK(ndr_push_unique_ptr(ndr, r->bits));
+		}
+		if (ndr_flags & NDR_BUFFERS) {
+			if (r->bits) {
+				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 1260));
+				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+				NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->units_per_week / 8));
+				NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->bits, r->units_per_week / 8));
+			}
+		}
+		ndr->flags = _flags_save_STRUCT;
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_samr_LogonHours(struct ndr_pull *ndr, int ndr_flags, struct samr_LogonHours *r)
+{
+	uint32_t _ptr_bits;
+	TALLOC_CTX *_mem_save_bits_0;
+	{
+		uint32_t _flags_save_STRUCT = ndr->flags;
+		ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX);
+		if (ndr_flags & NDR_SCALARS) {
+			NDR_CHECK(ndr_pull_align(ndr, 4));
+			NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->units_per_week));
+			NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_bits));
+			if (_ptr_bits) {
+				NDR_PULL_ALLOC(ndr, r->bits);
+			} else {
+				r->bits = NULL;
+			}
+		}
+		if (ndr_flags & NDR_BUFFERS) {
+			if (r->bits) {
+				_mem_save_bits_0 = NDR_PULL_GET_MEM_CTX(ndr);
+				NDR_PULL_SET_MEM_CTX(ndr, r->bits, 0);
+				NDR_CHECK(ndr_pull_array_size(ndr, &r->bits));
+				NDR_CHECK(ndr_pull_array_length(ndr, &r->bits));
+				if (ndr_get_array_length(ndr, &r->bits) > ndr_get_array_size(ndr, &r->bits)) {
+					return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->bits), ndr_get_array_length(ndr, &r->bits));
+				}
+				NDR_PULL_ALLOC_N(ndr, r->bits, ndr_get_array_size(ndr, &r->bits));
+				NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->bits, ndr_get_array_length(ndr, &r->bits)));
+				NDR_PULL_SET_MEM_CTX(ndr, _mem_save_bits_0, 0);
+			}
+			if (r->bits) {
+				NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->bits, 1260));
+			}
+			if (r->bits) {
+				NDR_CHECK(ndr_check_array_length(ndr, (void*)&r->bits, r->units_per_week / 8));
+			}
+		}
+		ndr->flags = _flags_save_STRUCT;
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_LogonHours(struct ndr_print *ndr, const char *name, const struct samr_LogonHours *r)
+{
+	ndr_print_struct(ndr, name, "samr_LogonHours");
+	{
+		uint32_t _flags_save_STRUCT = ndr->flags;
+		ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX);
+		ndr->depth++;
+		ndr_print_uint16(ndr, "units_per_week", r->units_per_week);
+		ndr_print_ptr(ndr, "bits", r->bits);
+		ndr->depth++;
+		if (r->bits) {
+			ndr_print_array_uint8(ndr, "bits", r->bits, r->units_per_week / 8);
+		}
+		ndr->depth--;
+		ndr->depth--;
+		ndr->flags = _flags_save_STRUCT;
+	}
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo3(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo3 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->account_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->full_name));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->primary_gid));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->home_directory));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->home_drive));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->logon_script));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->profile_path));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->workstations));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->last_logon));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->last_logoff));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->last_password_change));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->allow_password_change));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->force_password_change));
+		NDR_CHECK(ndr_push_samr_LogonHours(ndr, NDR_SCALARS, &r->logon_hours));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->bad_password_count));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->logon_count));
+		NDR_CHECK(ndr_push_samr_AcctFlags(ndr, NDR_SCALARS, r->acct_flags));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->account_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->full_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->home_directory));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->home_drive));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->logon_script));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->profile_path));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->workstations));
+		NDR_CHECK(ndr_push_samr_LogonHours(ndr, NDR_BUFFERS, &r->logon_hours));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo3(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo3 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->account_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->full_name));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->rid));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->primary_gid));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->home_directory));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->home_drive));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->logon_script));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->profile_path));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->workstations));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->last_logon));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->last_logoff));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->last_password_change));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->allow_password_change));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->force_password_change));
+		NDR_CHECK(ndr_pull_samr_LogonHours(ndr, NDR_SCALARS, &r->logon_hours));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->bad_password_count));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->logon_count));
+		NDR_CHECK(ndr_pull_samr_AcctFlags(ndr, NDR_SCALARS, &r->acct_flags));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->account_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->full_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->home_directory));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->home_drive));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->logon_script));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->profile_path));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->workstations));
+		NDR_CHECK(ndr_pull_samr_LogonHours(ndr, NDR_BUFFERS, &r->logon_hours));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo3(struct ndr_print *ndr, const char *name, const struct samr_UserInfo3 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo3");
+	ndr->depth++;
+	ndr_print_lsa_String(ndr, "account_name", &r->account_name);
+	ndr_print_lsa_String(ndr, "full_name", &r->full_name);
+	ndr_print_uint32(ndr, "rid", r->rid);
+	ndr_print_uint32(ndr, "primary_gid", r->primary_gid);
+	ndr_print_lsa_String(ndr, "home_directory", &r->home_directory);
+	ndr_print_lsa_String(ndr, "home_drive", &r->home_drive);
+	ndr_print_lsa_String(ndr, "logon_script", &r->logon_script);
+	ndr_print_lsa_String(ndr, "profile_path", &r->profile_path);
+	ndr_print_lsa_String(ndr, "workstations", &r->workstations);
+	ndr_print_NTTIME(ndr, "last_logon", r->last_logon);
+	ndr_print_NTTIME(ndr, "last_logoff", r->last_logoff);
+	ndr_print_NTTIME(ndr, "last_password_change", r->last_password_change);
+	ndr_print_NTTIME(ndr, "allow_password_change", r->allow_password_change);
+	ndr_print_NTTIME(ndr, "force_password_change", r->force_password_change);
+	ndr_print_samr_LogonHours(ndr, "logon_hours", &r->logon_hours);
+	ndr_print_uint16(ndr, "bad_password_count", r->bad_password_count);
+	ndr_print_uint16(ndr, "logon_count", r->logon_count);
+	ndr_print_samr_AcctFlags(ndr, "acct_flags", r->acct_flags);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo4(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo4 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_samr_LogonHours(ndr, NDR_SCALARS, &r->logon_hours));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_samr_LogonHours(ndr, NDR_BUFFERS, &r->logon_hours));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo4(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo4 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_samr_LogonHours(ndr, NDR_SCALARS, &r->logon_hours));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_samr_LogonHours(ndr, NDR_BUFFERS, &r->logon_hours));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo4(struct ndr_print *ndr, const char *name, const struct samr_UserInfo4 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo4");
+	ndr->depth++;
+	ndr_print_samr_LogonHours(ndr, "logon_hours", &r->logon_hours);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo5(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo5 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->account_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->full_name));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->primary_gid));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->home_directory));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->home_drive));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->logon_script));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->profile_path));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->description));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->workstations));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->last_logon));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->last_logoff));
+		NDR_CHECK(ndr_push_samr_LogonHours(ndr, NDR_SCALARS, &r->logon_hours));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->bad_password_count));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->logon_count));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->last_password_change));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->acct_expiry));
+		NDR_CHECK(ndr_push_samr_AcctFlags(ndr, NDR_SCALARS, r->acct_flags));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->account_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->full_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->home_directory));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->home_drive));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->logon_script));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->profile_path));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->description));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->workstations));
+		NDR_CHECK(ndr_push_samr_LogonHours(ndr, NDR_BUFFERS, &r->logon_hours));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo5(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo5 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->account_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->full_name));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->rid));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->primary_gid));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->home_directory));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->home_drive));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->logon_script));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->profile_path));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->description));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->workstations));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->last_logon));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->last_logoff));
+		NDR_CHECK(ndr_pull_samr_LogonHours(ndr, NDR_SCALARS, &r->logon_hours));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->bad_password_count));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->logon_count));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->last_password_change));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->acct_expiry));
+		NDR_CHECK(ndr_pull_samr_AcctFlags(ndr, NDR_SCALARS, &r->acct_flags));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->account_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->full_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->home_directory));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->home_drive));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->logon_script));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->profile_path));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->description));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->workstations));
+		NDR_CHECK(ndr_pull_samr_LogonHours(ndr, NDR_BUFFERS, &r->logon_hours));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo5(struct ndr_print *ndr, const char *name, const struct samr_UserInfo5 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo5");
+	ndr->depth++;
+	ndr_print_lsa_String(ndr, "account_name", &r->account_name);
+	ndr_print_lsa_String(ndr, "full_name", &r->full_name);
+	ndr_print_uint32(ndr, "rid", r->rid);
+	ndr_print_uint32(ndr, "primary_gid", r->primary_gid);
+	ndr_print_lsa_String(ndr, "home_directory", &r->home_directory);
+	ndr_print_lsa_String(ndr, "home_drive", &r->home_drive);
+	ndr_print_lsa_String(ndr, "logon_script", &r->logon_script);
+	ndr_print_lsa_String(ndr, "profile_path", &r->profile_path);
+	ndr_print_lsa_String(ndr, "description", &r->description);
+	ndr_print_lsa_String(ndr, "workstations", &r->workstations);
+	ndr_print_NTTIME(ndr, "last_logon", r->last_logon);
+	ndr_print_NTTIME(ndr, "last_logoff", r->last_logoff);
+	ndr_print_samr_LogonHours(ndr, "logon_hours", &r->logon_hours);
+	ndr_print_uint16(ndr, "bad_password_count", r->bad_password_count);
+	ndr_print_uint16(ndr, "logon_count", r->logon_count);
+	ndr_print_NTTIME(ndr, "last_password_change", r->last_password_change);
+	ndr_print_NTTIME(ndr, "acct_expiry", r->acct_expiry);
+	ndr_print_samr_AcctFlags(ndr, "acct_flags", r->acct_flags);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo6(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo6 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->account_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->full_name));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->account_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->full_name));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo6(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo6 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->account_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->full_name));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->account_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->full_name));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo6(struct ndr_print *ndr, const char *name, const struct samr_UserInfo6 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo6");
+	ndr->depth++;
+	ndr_print_lsa_String(ndr, "account_name", &r->account_name);
+	ndr_print_lsa_String(ndr, "full_name", &r->full_name);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo7(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo7 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->account_name));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->account_name));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo7(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo7 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->account_name));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->account_name));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo7(struct ndr_print *ndr, const char *name, const struct samr_UserInfo7 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo7");
+	ndr->depth++;
+	ndr_print_lsa_String(ndr, "account_name", &r->account_name);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo8(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo8 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->full_name));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->full_name));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo8(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo8 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->full_name));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->full_name));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo8(struct ndr_print *ndr, const char *name, const struct samr_UserInfo8 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo8");
+	ndr->depth++;
+	ndr_print_lsa_String(ndr, "full_name", &r->full_name);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo9(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo9 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->primary_gid));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo9(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo9 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->primary_gid));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo9(struct ndr_print *ndr, const char *name, const struct samr_UserInfo9 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo9");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "primary_gid", r->primary_gid);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo10(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo10 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->home_directory));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->home_drive));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->home_directory));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->home_drive));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo10(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo10 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->home_directory));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->home_drive));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->home_directory));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->home_drive));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo10(struct ndr_print *ndr, const char *name, const struct samr_UserInfo10 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo10");
+	ndr->depth++;
+	ndr_print_lsa_String(ndr, "home_directory", &r->home_directory);
+	ndr_print_lsa_String(ndr, "home_drive", &r->home_drive);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo11(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo11 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->logon_script));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->logon_script));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo11(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo11 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->logon_script));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->logon_script));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo11(struct ndr_print *ndr, const char *name, const struct samr_UserInfo11 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo11");
+	ndr->depth++;
+	ndr_print_lsa_String(ndr, "logon_script", &r->logon_script);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo12(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo12 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->profile_path));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->profile_path));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo12(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo12 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->profile_path));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->profile_path));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo12(struct ndr_print *ndr, const char *name, const struct samr_UserInfo12 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo12");
+	ndr->depth++;
+	ndr_print_lsa_String(ndr, "profile_path", &r->profile_path);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo13(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo13 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->description));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->description));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo13(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo13 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->description));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->description));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo13(struct ndr_print *ndr, const char *name, const struct samr_UserInfo13 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo13");
+	ndr->depth++;
+	ndr_print_lsa_String(ndr, "description", &r->description);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo14(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo14 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->workstations));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->workstations));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo14(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo14 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->workstations));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->workstations));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo14(struct ndr_print *ndr, const char *name, const struct samr_UserInfo14 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo14");
+	ndr->depth++;
+	ndr_print_lsa_String(ndr, "workstations", &r->workstations);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo16(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo16 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_samr_AcctFlags(ndr, NDR_SCALARS, r->acct_flags));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo16(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo16 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_samr_AcctFlags(ndr, NDR_SCALARS, &r->acct_flags));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo16(struct ndr_print *ndr, const char *name, const struct samr_UserInfo16 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo16");
+	ndr->depth++;
+	ndr_print_samr_AcctFlags(ndr, "acct_flags", r->acct_flags);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo17(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo17 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->acct_expiry));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo17(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo17 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->acct_expiry));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo17(struct ndr_print *ndr, const char *name, const struct samr_UserInfo17 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo17");
+	ndr->depth++;
+	ndr_print_NTTIME(ndr, "acct_expiry", r->acct_expiry);
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_samr_Password(struct ndr_push *ndr, int ndr_flags, const struct samr_Password *r)
+{
+	{
+		uint32_t _flags_save_STRUCT = ndr->flags;
+		ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX);
+		if (ndr_flags & NDR_SCALARS) {
+			NDR_CHECK(ndr_push_align(ndr, 1));
+			NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->hash, 16));
+		}
+		if (ndr_flags & NDR_BUFFERS) {
+		}
+		ndr->flags = _flags_save_STRUCT;
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_samr_Password(struct ndr_pull *ndr, int ndr_flags, struct samr_Password *r)
+{
+	{
+		uint32_t _flags_save_STRUCT = ndr->flags;
+		ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX);
+		if (ndr_flags & NDR_SCALARS) {
+			NDR_CHECK(ndr_pull_align(ndr, 1));
+			NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, 16));
+		}
+		if (ndr_flags & NDR_BUFFERS) {
+		}
+		ndr->flags = _flags_save_STRUCT;
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_Password(struct ndr_print *ndr, const char *name, const struct samr_Password *r)
+{
+	ndr_print_struct(ndr, name, "samr_Password");
+	{
+		uint32_t _flags_save_STRUCT = ndr->flags;
+		ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX);
+		ndr->depth++;
+		ndr_print_array_uint8(ndr, "hash", r->hash, 16);
+		ndr->depth--;
+		ndr->flags = _flags_save_STRUCT;
+	}
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo18(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo18 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 1));
+		NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, &r->lm_pwd));
+		NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, &r->nt_pwd));
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->lm_pwd_active));
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->nt_pwd_active));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo18(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo18 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 1));
+		NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, &r->lm_pwd));
+		NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, &r->nt_pwd));
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->lm_pwd_active));
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->nt_pwd_active));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo18(struct ndr_print *ndr, const char *name, const struct samr_UserInfo18 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo18");
+	ndr->depth++;
+	ndr_print_samr_Password(ndr, "lm_pwd", &r->lm_pwd);
+	ndr_print_samr_Password(ndr, "nt_pwd", &r->nt_pwd);
+	ndr_print_uint8(ndr, "lm_pwd_active", r->lm_pwd_active);
+	ndr_print_uint8(ndr, "nt_pwd_active", r->nt_pwd_active);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo20(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo20 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->parameters));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->parameters));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo20(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo20 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->parameters));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->parameters));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo20(struct ndr_print *ndr, const char *name, const struct samr_UserInfo20 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo20");
+	ndr->depth++;
+	ndr_print_lsa_String(ndr, "parameters", &r->parameters);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_FieldsPresent(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_FieldsPresent(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_FieldsPresent(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+	ndr_print_uint32(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_ACCOUNT_NAME", SAMR_FIELD_ACCOUNT_NAME, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_FULL_NAME", SAMR_FIELD_FULL_NAME, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_RID", SAMR_FIELD_RID, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_PRIMARY_GID", SAMR_FIELD_PRIMARY_GID, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_DESCRIPTION", SAMR_FIELD_DESCRIPTION, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_COMMENT", SAMR_FIELD_COMMENT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_HOME_DIRECTORY", SAMR_FIELD_HOME_DIRECTORY, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_HOME_DRIVE", SAMR_FIELD_HOME_DRIVE, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_LOGON_SCRIPT", SAMR_FIELD_LOGON_SCRIPT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_PROFILE_PATH", SAMR_FIELD_PROFILE_PATH, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_WORKSTATIONS", SAMR_FIELD_WORKSTATIONS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_LAST_LOGON", SAMR_FIELD_LAST_LOGON, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_LAST_LOGOFF", SAMR_FIELD_LAST_LOGOFF, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_LOGON_HOURS", SAMR_FIELD_LOGON_HOURS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_BAD_PWD_COUNT", SAMR_FIELD_BAD_PWD_COUNT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_NUM_LOGONS", SAMR_FIELD_NUM_LOGONS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_ALLOW_PWD_CHANGE", SAMR_FIELD_ALLOW_PWD_CHANGE, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_FORCE_PWD_CHANGE", SAMR_FIELD_FORCE_PWD_CHANGE, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_LAST_PWD_CHANGE", SAMR_FIELD_LAST_PWD_CHANGE, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_ACCT_EXPIRY", SAMR_FIELD_ACCT_EXPIRY, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_ACCT_FLAGS", SAMR_FIELD_ACCT_FLAGS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_PARAMETERS", SAMR_FIELD_PARAMETERS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_COUNTRY_CODE", SAMR_FIELD_COUNTRY_CODE, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_CODE_PAGE", SAMR_FIELD_CODE_PAGE, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_PASSWORD", SAMR_FIELD_PASSWORD, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_PASSWORD2", SAMR_FIELD_PASSWORD2, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_PRIVATE_DATA", SAMR_FIELD_PRIVATE_DATA, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_EXPIRED_FLAG", SAMR_FIELD_EXPIRED_FLAG, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_SEC_DESC", SAMR_FIELD_SEC_DESC, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_FIELD_OWF_PWD", SAMR_FIELD_OWF_PWD, r);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo21(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo21 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->last_logon));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->last_logoff));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->last_password_change));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->acct_expiry));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->allow_password_change));
+		NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->force_password_change));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->account_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->full_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->home_directory));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->home_drive));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->logon_script));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->profile_path));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->description));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->workstations));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->comment));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->parameters));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->unknown1));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->unknown2));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->unknown3));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->buf_count));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->buffer));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->primary_gid));
+		NDR_CHECK(ndr_push_samr_AcctFlags(ndr, NDR_SCALARS, r->acct_flags));
+		NDR_CHECK(ndr_push_samr_FieldsPresent(ndr, NDR_SCALARS, r->fields_present));
+		NDR_CHECK(ndr_push_samr_LogonHours(ndr, NDR_SCALARS, &r->logon_hours));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->bad_password_count));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->logon_count));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->country_code));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->code_page));
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->nt_password_set));
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->lm_password_set));
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->password_expired));
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->unknown4));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->account_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->full_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->home_directory));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->home_drive));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->logon_script));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->profile_path));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->description));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->workstations));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->comment));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->parameters));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->unknown1));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->unknown2));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->unknown3));
+		if (r->buffer) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->buf_count));
+			NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->buffer, r->buf_count));
+		}
+		NDR_CHECK(ndr_push_samr_LogonHours(ndr, NDR_BUFFERS, &r->logon_hours));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo21(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo21 *r)
+{
+	uint32_t _ptr_buffer;
+	TALLOC_CTX *_mem_save_buffer_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->last_logon));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->last_logoff));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->last_password_change));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->acct_expiry));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->allow_password_change));
+		NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->force_password_change));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->account_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->full_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->home_directory));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->home_drive));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->logon_script));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->profile_path));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->description));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->workstations));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->comment));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->parameters));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->unknown1));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->unknown2));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->unknown3));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->buf_count));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_buffer));
+		if (_ptr_buffer) {
+			NDR_PULL_ALLOC(ndr, r->buffer);
+		} else {
+			r->buffer = NULL;
+		}
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->rid));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->primary_gid));
+		NDR_CHECK(ndr_pull_samr_AcctFlags(ndr, NDR_SCALARS, &r->acct_flags));
+		NDR_CHECK(ndr_pull_samr_FieldsPresent(ndr, NDR_SCALARS, &r->fields_present));
+		NDR_CHECK(ndr_pull_samr_LogonHours(ndr, NDR_SCALARS, &r->logon_hours));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->bad_password_count));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->logon_count));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->country_code));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->code_page));
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->nt_password_set));
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->lm_password_set));
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->password_expired));
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->unknown4));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->account_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->full_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->home_directory));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->home_drive));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->logon_script));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->profile_path));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->description));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->workstations));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->comment));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->parameters));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->unknown1));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->unknown2));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->unknown3));
+		if (r->buffer) {
+			_mem_save_buffer_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->buffer, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->buffer));
+			NDR_PULL_ALLOC_N(ndr, r->buffer, ndr_get_array_size(ndr, &r->buffer));
+			NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->buffer, ndr_get_array_size(ndr, &r->buffer)));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffer_0, 0);
+		}
+		NDR_CHECK(ndr_pull_samr_LogonHours(ndr, NDR_BUFFERS, &r->logon_hours));
+		if (r->buffer) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->buffer, r->buf_count));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo21(struct ndr_print *ndr, const char *name, const struct samr_UserInfo21 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo21");
+	ndr->depth++;
+	ndr_print_NTTIME(ndr, "last_logon", r->last_logon);
+	ndr_print_NTTIME(ndr, "last_logoff", r->last_logoff);
+	ndr_print_NTTIME(ndr, "last_password_change", r->last_password_change);
+	ndr_print_NTTIME(ndr, "acct_expiry", r->acct_expiry);
+	ndr_print_NTTIME(ndr, "allow_password_change", r->allow_password_change);
+	ndr_print_NTTIME(ndr, "force_password_change", r->force_password_change);
+	ndr_print_lsa_String(ndr, "account_name", &r->account_name);
+	ndr_print_lsa_String(ndr, "full_name", &r->full_name);
+	ndr_print_lsa_String(ndr, "home_directory", &r->home_directory);
+	ndr_print_lsa_String(ndr, "home_drive", &r->home_drive);
+	ndr_print_lsa_String(ndr, "logon_script", &r->logon_script);
+	ndr_print_lsa_String(ndr, "profile_path", &r->profile_path);
+	ndr_print_lsa_String(ndr, "description", &r->description);
+	ndr_print_lsa_String(ndr, "workstations", &r->workstations);
+	ndr_print_lsa_String(ndr, "comment", &r->comment);
+	ndr_print_lsa_String(ndr, "parameters", &r->parameters);
+	ndr_print_lsa_String(ndr, "unknown1", &r->unknown1);
+	ndr_print_lsa_String(ndr, "unknown2", &r->unknown2);
+	ndr_print_lsa_String(ndr, "unknown3", &r->unknown3);
+	ndr_print_uint32(ndr, "buf_count", r->buf_count);
+	ndr_print_ptr(ndr, "buffer", r->buffer);
+	ndr->depth++;
+	if (r->buffer) {
+		ndr_print_array_uint8(ndr, "buffer", r->buffer, r->buf_count);
+	}
+	ndr->depth--;
+	ndr_print_uint32(ndr, "rid", r->rid);
+	ndr_print_uint32(ndr, "primary_gid", r->primary_gid);
+	ndr_print_samr_AcctFlags(ndr, "acct_flags", r->acct_flags);
+	ndr_print_samr_FieldsPresent(ndr, "fields_present", r->fields_present);
+	ndr_print_samr_LogonHours(ndr, "logon_hours", &r->logon_hours);
+	ndr_print_uint16(ndr, "bad_password_count", r->bad_password_count);
+	ndr_print_uint16(ndr, "logon_count", r->logon_count);
+	ndr_print_uint16(ndr, "country_code", r->country_code);
+	ndr_print_uint16(ndr, "code_page", r->code_page);
+	ndr_print_uint8(ndr, "nt_password_set", r->nt_password_set);
+	ndr_print_uint8(ndr, "lm_password_set", r->lm_password_set);
+	ndr_print_uint8(ndr, "password_expired", r->password_expired);
+	ndr_print_uint8(ndr, "unknown4", r->unknown4);
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_samr_CryptPassword(struct ndr_push *ndr, int ndr_flags, const struct samr_CryptPassword *r)
+{
+	{
+		uint32_t _flags_save_STRUCT = ndr->flags;
+		ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX);
+		if (ndr_flags & NDR_SCALARS) {
+			NDR_CHECK(ndr_push_align(ndr, 1));
+			NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->data, 516));
+		}
+		if (ndr_flags & NDR_BUFFERS) {
+		}
+		ndr->flags = _flags_save_STRUCT;
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_samr_CryptPassword(struct ndr_pull *ndr, int ndr_flags, struct samr_CryptPassword *r)
+{
+	{
+		uint32_t _flags_save_STRUCT = ndr->flags;
+		ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX);
+		if (ndr_flags & NDR_SCALARS) {
+			NDR_CHECK(ndr_pull_align(ndr, 1));
+			NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, 516));
+		}
+		if (ndr_flags & NDR_BUFFERS) {
+		}
+		ndr->flags = _flags_save_STRUCT;
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_CryptPassword(struct ndr_print *ndr, const char *name, const struct samr_CryptPassword *r)
+{
+	ndr_print_struct(ndr, name, "samr_CryptPassword");
+	{
+		uint32_t _flags_save_STRUCT = ndr->flags;
+		ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX);
+		ndr->depth++;
+		ndr_print_array_uint8(ndr, "data", r->data, 516);
+		ndr->depth--;
+		ndr->flags = _flags_save_STRUCT;
+	}
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo23(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo23 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_samr_UserInfo21(ndr, NDR_SCALARS, &r->info));
+		NDR_CHECK(ndr_push_samr_CryptPassword(ndr, NDR_SCALARS, &r->password));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_samr_UserInfo21(ndr, NDR_BUFFERS, &r->info));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo23(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo23 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_samr_UserInfo21(ndr, NDR_SCALARS, &r->info));
+		NDR_CHECK(ndr_pull_samr_CryptPassword(ndr, NDR_SCALARS, &r->password));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_samr_UserInfo21(ndr, NDR_BUFFERS, &r->info));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo23(struct ndr_print *ndr, const char *name, const struct samr_UserInfo23 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo23");
+	ndr->depth++;
+	ndr_print_samr_UserInfo21(ndr, "info", &r->info);
+	ndr_print_samr_CryptPassword(ndr, "password", &r->password);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo24(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo24 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 1));
+		NDR_CHECK(ndr_push_samr_CryptPassword(ndr, NDR_SCALARS, &r->password));
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->pw_len));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo24(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo24 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 1));
+		NDR_CHECK(ndr_pull_samr_CryptPassword(ndr, NDR_SCALARS, &r->password));
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->pw_len));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo24(struct ndr_print *ndr, const char *name, const struct samr_UserInfo24 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo24");
+	ndr->depth++;
+	ndr_print_samr_CryptPassword(ndr, "password", &r->password);
+	ndr_print_uint8(ndr, "pw_len", r->pw_len);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_CryptPasswordEx(struct ndr_push *ndr, int ndr_flags, const struct samr_CryptPasswordEx *r)
+{
+	{
+		uint32_t _flags_save_STRUCT = ndr->flags;
+		ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX);
+		if (ndr_flags & NDR_SCALARS) {
+			NDR_CHECK(ndr_push_align(ndr, 1));
+			NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->data, 532));
+		}
+		if (ndr_flags & NDR_BUFFERS) {
+		}
+		ndr->flags = _flags_save_STRUCT;
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_CryptPasswordEx(struct ndr_pull *ndr, int ndr_flags, struct samr_CryptPasswordEx *r)
+{
+	{
+		uint32_t _flags_save_STRUCT = ndr->flags;
+		ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX);
+		if (ndr_flags & NDR_SCALARS) {
+			NDR_CHECK(ndr_pull_align(ndr, 1));
+			NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, 532));
+		}
+		if (ndr_flags & NDR_BUFFERS) {
+		}
+		ndr->flags = _flags_save_STRUCT;
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_CryptPasswordEx(struct ndr_print *ndr, const char *name, const struct samr_CryptPasswordEx *r)
+{
+	ndr_print_struct(ndr, name, "samr_CryptPasswordEx");
+	{
+		uint32_t _flags_save_STRUCT = ndr->flags;
+		ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX);
+		ndr->depth++;
+		ndr_print_array_uint8(ndr, "data", r->data, 532);
+		ndr->depth--;
+		ndr->flags = _flags_save_STRUCT;
+	}
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo25(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo25 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_samr_UserInfo21(ndr, NDR_SCALARS, &r->info));
+		NDR_CHECK(ndr_push_samr_CryptPasswordEx(ndr, NDR_SCALARS, &r->password));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_samr_UserInfo21(ndr, NDR_BUFFERS, &r->info));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo25(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo25 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_samr_UserInfo21(ndr, NDR_SCALARS, &r->info));
+		NDR_CHECK(ndr_pull_samr_CryptPasswordEx(ndr, NDR_SCALARS, &r->password));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_samr_UserInfo21(ndr, NDR_BUFFERS, &r->info));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo25(struct ndr_print *ndr, const char *name, const struct samr_UserInfo25 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo25");
+	ndr->depth++;
+	ndr_print_samr_UserInfo21(ndr, "info", &r->info);
+	ndr_print_samr_CryptPasswordEx(ndr, "password", &r->password);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo26(struct ndr_push *ndr, int ndr_flags, const struct samr_UserInfo26 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 1));
+		NDR_CHECK(ndr_push_samr_CryptPasswordEx(ndr, NDR_SCALARS, &r->password));
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->pw_len));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo26(struct ndr_pull *ndr, int ndr_flags, struct samr_UserInfo26 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 1));
+		NDR_CHECK(ndr_pull_samr_CryptPasswordEx(ndr, NDR_SCALARS, &r->password));
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->pw_len));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo26(struct ndr_print *ndr, const char *name, const struct samr_UserInfo26 *r)
+{
+	ndr_print_struct(ndr, name, "samr_UserInfo26");
+	ndr->depth++;
+	ndr_print_samr_CryptPasswordEx(ndr, "password", &r->password);
+	ndr_print_uint8(ndr, "pw_len", r->pw_len);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_UserInfo(struct ndr_push *ndr, int ndr_flags, const union samr_UserInfo *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, level));
+		switch (level) {
+			case 1: {
+				NDR_CHECK(ndr_push_samr_UserInfo1(ndr, NDR_SCALARS, &r->info1));
+			break; }
+
+			case 2: {
+				NDR_CHECK(ndr_push_samr_UserInfo2(ndr, NDR_SCALARS, &r->info2));
+			break; }
+
+			case 3: {
+				NDR_CHECK(ndr_push_samr_UserInfo3(ndr, NDR_SCALARS, &r->info3));
+			break; }
+
+			case 4: {
+				NDR_CHECK(ndr_push_samr_UserInfo4(ndr, NDR_SCALARS, &r->info4));
+			break; }
+
+			case 5: {
+				NDR_CHECK(ndr_push_samr_UserInfo5(ndr, NDR_SCALARS, &r->info5));
+			break; }
+
+			case 6: {
+				NDR_CHECK(ndr_push_samr_UserInfo6(ndr, NDR_SCALARS, &r->info6));
+			break; }
+
+			case 7: {
+				NDR_CHECK(ndr_push_samr_UserInfo7(ndr, NDR_SCALARS, &r->info7));
+			break; }
+
+			case 8: {
+				NDR_CHECK(ndr_push_samr_UserInfo8(ndr, NDR_SCALARS, &r->info8));
+			break; }
+
+			case 9: {
+				NDR_CHECK(ndr_push_samr_UserInfo9(ndr, NDR_SCALARS, &r->info9));
+			break; }
+
+			case 10: {
+				NDR_CHECK(ndr_push_samr_UserInfo10(ndr, NDR_SCALARS, &r->info10));
+			break; }
+
+			case 11: {
+				NDR_CHECK(ndr_push_samr_UserInfo11(ndr, NDR_SCALARS, &r->info11));
+			break; }
+
+			case 12: {
+				NDR_CHECK(ndr_push_samr_UserInfo12(ndr, NDR_SCALARS, &r->info12));
+			break; }
+
+			case 13: {
+				NDR_CHECK(ndr_push_samr_UserInfo13(ndr, NDR_SCALARS, &r->info13));
+			break; }
+
+			case 14: {
+				NDR_CHECK(ndr_push_samr_UserInfo14(ndr, NDR_SCALARS, &r->info14));
+			break; }
+
+			case 16: {
+				NDR_CHECK(ndr_push_samr_UserInfo16(ndr, NDR_SCALARS, &r->info16));
+			break; }
+
+			case 17: {
+				NDR_CHECK(ndr_push_samr_UserInfo17(ndr, NDR_SCALARS, &r->info17));
+			break; }
+
+			case 18: {
+				NDR_CHECK(ndr_push_samr_UserInfo18(ndr, NDR_SCALARS, &r->info18));
+			break; }
+
+			case 20: {
+				NDR_CHECK(ndr_push_samr_UserInfo20(ndr, NDR_SCALARS, &r->info20));
+			break; }
+
+			case 21: {
+				NDR_CHECK(ndr_push_samr_UserInfo21(ndr, NDR_SCALARS, &r->info21));
+			break; }
+
+			case 23: {
+				NDR_CHECK(ndr_push_samr_UserInfo23(ndr, NDR_SCALARS, &r->info23));
+			break; }
+
+			case 24: {
+				NDR_CHECK(ndr_push_samr_UserInfo24(ndr, NDR_SCALARS, &r->info24));
+			break; }
+
+			case 25: {
+				NDR_CHECK(ndr_push_samr_UserInfo25(ndr, NDR_SCALARS, &r->info25));
+			break; }
+
+			case 26: {
+				NDR_CHECK(ndr_push_samr_UserInfo26(ndr, NDR_SCALARS, &r->info26));
+			break; }
+
+			default:
+				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		switch (level) {
+			case 1:
+				NDR_CHECK(ndr_push_samr_UserInfo1(ndr, NDR_BUFFERS, &r->info1));
+			break;
+
+			case 2:
+				NDR_CHECK(ndr_push_samr_UserInfo2(ndr, NDR_BUFFERS, &r->info2));
+			break;
+
+			case 3:
+				NDR_CHECK(ndr_push_samr_UserInfo3(ndr, NDR_BUFFERS, &r->info3));
+			break;
+
+			case 4:
+				NDR_CHECK(ndr_push_samr_UserInfo4(ndr, NDR_BUFFERS, &r->info4));
+			break;
+
+			case 5:
+				NDR_CHECK(ndr_push_samr_UserInfo5(ndr, NDR_BUFFERS, &r->info5));
+			break;
+
+			case 6:
+				NDR_CHECK(ndr_push_samr_UserInfo6(ndr, NDR_BUFFERS, &r->info6));
+			break;
+
+			case 7:
+				NDR_CHECK(ndr_push_samr_UserInfo7(ndr, NDR_BUFFERS, &r->info7));
+			break;
+
+			case 8:
+				NDR_CHECK(ndr_push_samr_UserInfo8(ndr, NDR_BUFFERS, &r->info8));
+			break;
+
+			case 9:
+			break;
+
+			case 10:
+				NDR_CHECK(ndr_push_samr_UserInfo10(ndr, NDR_BUFFERS, &r->info10));
+			break;
+
+			case 11:
+				NDR_CHECK(ndr_push_samr_UserInfo11(ndr, NDR_BUFFERS, &r->info11));
+			break;
+
+			case 12:
+				NDR_CHECK(ndr_push_samr_UserInfo12(ndr, NDR_BUFFERS, &r->info12));
+			break;
+
+			case 13:
+				NDR_CHECK(ndr_push_samr_UserInfo13(ndr, NDR_BUFFERS, &r->info13));
+			break;
+
+			case 14:
+				NDR_CHECK(ndr_push_samr_UserInfo14(ndr, NDR_BUFFERS, &r->info14));
+			break;
+
+			case 16:
+			break;
+
+			case 17:
+			break;
+
+			case 18:
+			break;
+
+			case 20:
+				NDR_CHECK(ndr_push_samr_UserInfo20(ndr, NDR_BUFFERS, &r->info20));
+			break;
+
+			case 21:
+				NDR_CHECK(ndr_push_samr_UserInfo21(ndr, NDR_BUFFERS, &r->info21));
+			break;
+
+			case 23:
+				NDR_CHECK(ndr_push_samr_UserInfo23(ndr, NDR_BUFFERS, &r->info23));
+			break;
+
+			case 24:
+			break;
+
+			case 25:
+				NDR_CHECK(ndr_push_samr_UserInfo25(ndr, NDR_BUFFERS, &r->info25));
+			break;
+
+			case 26:
+			break;
+
+			default:
+				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_UserInfo(struct ndr_pull *ndr, int ndr_flags, union samr_UserInfo *r)
+{
+	int level;
+	uint16_t _level;
+	level = ndr_pull_get_switch_value(ndr, r);
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level));
+		if (_level != level) {
+			return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u for r", _level);
+		}
+		switch (level) {
+			case 1: {
+				NDR_CHECK(ndr_pull_samr_UserInfo1(ndr, NDR_SCALARS, &r->info1));
+			break; }
+
+			case 2: {
+				NDR_CHECK(ndr_pull_samr_UserInfo2(ndr, NDR_SCALARS, &r->info2));
+			break; }
+
+			case 3: {
+				NDR_CHECK(ndr_pull_samr_UserInfo3(ndr, NDR_SCALARS, &r->info3));
+			break; }
+
+			case 4: {
+				NDR_CHECK(ndr_pull_samr_UserInfo4(ndr, NDR_SCALARS, &r->info4));
+			break; }
+
+			case 5: {
+				NDR_CHECK(ndr_pull_samr_UserInfo5(ndr, NDR_SCALARS, &r->info5));
+			break; }
+
+			case 6: {
+				NDR_CHECK(ndr_pull_samr_UserInfo6(ndr, NDR_SCALARS, &r->info6));
+			break; }
+
+			case 7: {
+				NDR_CHECK(ndr_pull_samr_UserInfo7(ndr, NDR_SCALARS, &r->info7));
+			break; }
+
+			case 8: {
+				NDR_CHECK(ndr_pull_samr_UserInfo8(ndr, NDR_SCALARS, &r->info8));
+			break; }
+
+			case 9: {
+				NDR_CHECK(ndr_pull_samr_UserInfo9(ndr, NDR_SCALARS, &r->info9));
+			break; }
+
+			case 10: {
+				NDR_CHECK(ndr_pull_samr_UserInfo10(ndr, NDR_SCALARS, &r->info10));
+			break; }
+
+			case 11: {
+				NDR_CHECK(ndr_pull_samr_UserInfo11(ndr, NDR_SCALARS, &r->info11));
+			break; }
+
+			case 12: {
+				NDR_CHECK(ndr_pull_samr_UserInfo12(ndr, NDR_SCALARS, &r->info12));
+			break; }
+
+			case 13: {
+				NDR_CHECK(ndr_pull_samr_UserInfo13(ndr, NDR_SCALARS, &r->info13));
+			break; }
+
+			case 14: {
+				NDR_CHECK(ndr_pull_samr_UserInfo14(ndr, NDR_SCALARS, &r->info14));
+			break; }
+
+			case 16: {
+				NDR_CHECK(ndr_pull_samr_UserInfo16(ndr, NDR_SCALARS, &r->info16));
+			break; }
+
+			case 17: {
+				NDR_CHECK(ndr_pull_samr_UserInfo17(ndr, NDR_SCALARS, &r->info17));
+			break; }
+
+			case 18: {
+				NDR_CHECK(ndr_pull_samr_UserInfo18(ndr, NDR_SCALARS, &r->info18));
+			break; }
+
+			case 20: {
+				NDR_CHECK(ndr_pull_samr_UserInfo20(ndr, NDR_SCALARS, &r->info20));
+			break; }
+
+			case 21: {
+				NDR_CHECK(ndr_pull_samr_UserInfo21(ndr, NDR_SCALARS, &r->info21));
+			break; }
+
+			case 23: {
+				NDR_CHECK(ndr_pull_samr_UserInfo23(ndr, NDR_SCALARS, &r->info23));
+			break; }
+
+			case 24: {
+				NDR_CHECK(ndr_pull_samr_UserInfo24(ndr, NDR_SCALARS, &r->info24));
+			break; }
+
+			case 25: {
+				NDR_CHECK(ndr_pull_samr_UserInfo25(ndr, NDR_SCALARS, &r->info25));
+			break; }
+
+			case 26: {
+				NDR_CHECK(ndr_pull_samr_UserInfo26(ndr, NDR_SCALARS, &r->info26));
+			break; }
+
+			default:
+				return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		switch (level) {
+			case 1:
+				NDR_CHECK(ndr_pull_samr_UserInfo1(ndr, NDR_BUFFERS, &r->info1));
+			break;
+
+			case 2:
+				NDR_CHECK(ndr_pull_samr_UserInfo2(ndr, NDR_BUFFERS, &r->info2));
+			break;
+
+			case 3:
+				NDR_CHECK(ndr_pull_samr_UserInfo3(ndr, NDR_BUFFERS, &r->info3));
+			break;
+
+			case 4:
+				NDR_CHECK(ndr_pull_samr_UserInfo4(ndr, NDR_BUFFERS, &r->info4));
+			break;
+
+			case 5:
+				NDR_CHECK(ndr_pull_samr_UserInfo5(ndr, NDR_BUFFERS, &r->info5));
+			break;
+
+			case 6:
+				NDR_CHECK(ndr_pull_samr_UserInfo6(ndr, NDR_BUFFERS, &r->info6));
+			break;
+
+			case 7:
+				NDR_CHECK(ndr_pull_samr_UserInfo7(ndr, NDR_BUFFERS, &r->info7));
+			break;
+
+			case 8:
+				NDR_CHECK(ndr_pull_samr_UserInfo8(ndr, NDR_BUFFERS, &r->info8));
+			break;
+
+			case 9:
+			break;
+
+			case 10:
+				NDR_CHECK(ndr_pull_samr_UserInfo10(ndr, NDR_BUFFERS, &r->info10));
+			break;
+
+			case 11:
+				NDR_CHECK(ndr_pull_samr_UserInfo11(ndr, NDR_BUFFERS, &r->info11));
+			break;
+
+			case 12:
+				NDR_CHECK(ndr_pull_samr_UserInfo12(ndr, NDR_BUFFERS, &r->info12));
+			break;
+
+			case 13:
+				NDR_CHECK(ndr_pull_samr_UserInfo13(ndr, NDR_BUFFERS, &r->info13));
+			break;
+
+			case 14:
+				NDR_CHECK(ndr_pull_samr_UserInfo14(ndr, NDR_BUFFERS, &r->info14));
+			break;
+
+			case 16:
+			break;
+
+			case 17:
+			break;
+
+			case 18:
+			break;
+
+			case 20:
+				NDR_CHECK(ndr_pull_samr_UserInfo20(ndr, NDR_BUFFERS, &r->info20));
+			break;
+
+			case 21:
+				NDR_CHECK(ndr_pull_samr_UserInfo21(ndr, NDR_BUFFERS, &r->info21));
+			break;
+
+			case 23:
+				NDR_CHECK(ndr_pull_samr_UserInfo23(ndr, NDR_BUFFERS, &r->info23));
+			break;
+
+			case 24:
+			break;
+
+			case 25:
+				NDR_CHECK(ndr_pull_samr_UserInfo25(ndr, NDR_BUFFERS, &r->info25));
+			break;
+
+			case 26:
+			break;
+
+			default:
+				return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_UserInfo(struct ndr_print *ndr, const char *name, const union samr_UserInfo *r)
+{
+	int level;
+	level = ndr_print_get_switch_value(ndr, r);
+	ndr_print_union(ndr, name, level, "samr_UserInfo");
+	switch (level) {
+		case 1:
+			ndr_print_samr_UserInfo1(ndr, "info1", &r->info1);
+		break;
+
+		case 2:
+			ndr_print_samr_UserInfo2(ndr, "info2", &r->info2);
+		break;
+
+		case 3:
+			ndr_print_samr_UserInfo3(ndr, "info3", &r->info3);
+		break;
+
+		case 4:
+			ndr_print_samr_UserInfo4(ndr, "info4", &r->info4);
+		break;
+
+		case 5:
+			ndr_print_samr_UserInfo5(ndr, "info5", &r->info5);
+		break;
+
+		case 6:
+			ndr_print_samr_UserInfo6(ndr, "info6", &r->info6);
+		break;
+
+		case 7:
+			ndr_print_samr_UserInfo7(ndr, "info7", &r->info7);
+		break;
+
+		case 8:
+			ndr_print_samr_UserInfo8(ndr, "info8", &r->info8);
+		break;
+
+		case 9:
+			ndr_print_samr_UserInfo9(ndr, "info9", &r->info9);
+		break;
+
+		case 10:
+			ndr_print_samr_UserInfo10(ndr, "info10", &r->info10);
+		break;
+
+		case 11:
+			ndr_print_samr_UserInfo11(ndr, "info11", &r->info11);
+		break;
+
+		case 12:
+			ndr_print_samr_UserInfo12(ndr, "info12", &r->info12);
+		break;
+
+		case 13:
+			ndr_print_samr_UserInfo13(ndr, "info13", &r->info13);
+		break;
+
+		case 14:
+			ndr_print_samr_UserInfo14(ndr, "info14", &r->info14);
+		break;
+
+		case 16:
+			ndr_print_samr_UserInfo16(ndr, "info16", &r->info16);
+		break;
+
+		case 17:
+			ndr_print_samr_UserInfo17(ndr, "info17", &r->info17);
+		break;
+
+		case 18:
+			ndr_print_samr_UserInfo18(ndr, "info18", &r->info18);
+		break;
+
+		case 20:
+			ndr_print_samr_UserInfo20(ndr, "info20", &r->info20);
+		break;
+
+		case 21:
+			ndr_print_samr_UserInfo21(ndr, "info21", &r->info21);
+		break;
+
+		case 23:
+			ndr_print_samr_UserInfo23(ndr, "info23", &r->info23);
+		break;
+
+		case 24:
+			ndr_print_samr_UserInfo24(ndr, "info24", &r->info24);
+		break;
+
+		case 25:
+			ndr_print_samr_UserInfo25(ndr, "info25", &r->info25);
+		break;
+
+		case 26:
+			ndr_print_samr_UserInfo26(ndr, "info26", &r->info26);
+		break;
+
+		default:
+			ndr_print_bad_level(ndr, name, level);
+	}
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_samr_RidWithAttribute(struct ndr_push *ndr, int ndr_flags, const struct samr_RidWithAttribute *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
+		NDR_CHECK(ndr_push_samr_GroupAttrs(ndr, NDR_SCALARS, r->attributes));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_samr_RidWithAttribute(struct ndr_pull *ndr, int ndr_flags, struct samr_RidWithAttribute *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->rid));
+		NDR_CHECK(ndr_pull_samr_GroupAttrs(ndr, NDR_SCALARS, &r->attributes));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_RidWithAttribute(struct ndr_print *ndr, const char *name, const struct samr_RidWithAttribute *r)
+{
+	ndr_print_struct(ndr, name, "samr_RidWithAttribute");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "rid", r->rid);
+	ndr_print_samr_GroupAttrs(ndr, "attributes", r->attributes);
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_samr_RidWithAttributeArray(struct ndr_push *ndr, int ndr_flags, const struct samr_RidWithAttributeArray *r)
+{
+	uint32_t cntr_rids_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->rids));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->rids) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+			for (cntr_rids_1 = 0; cntr_rids_1 < r->count; cntr_rids_1++) {
+				NDR_CHECK(ndr_push_samr_RidWithAttribute(ndr, NDR_SCALARS, &r->rids[cntr_rids_1]));
+			}
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_samr_RidWithAttributeArray(struct ndr_pull *ndr, int ndr_flags, struct samr_RidWithAttributeArray *r)
+{
+	uint32_t _ptr_rids;
+	uint32_t cntr_rids_1;
+	TALLOC_CTX *_mem_save_rids_0;
+	TALLOC_CTX *_mem_save_rids_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_rids));
+		if (_ptr_rids) {
+			NDR_PULL_ALLOC(ndr, r->rids);
+		} else {
+			r->rids = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->rids) {
+			_mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->rids));
+			NDR_PULL_ALLOC_N(ndr, r->rids, ndr_get_array_size(ndr, &r->rids));
+			_mem_save_rids_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->rids, 0);
+			for (cntr_rids_1 = 0; cntr_rids_1 < r->count; cntr_rids_1++) {
+				NDR_CHECK(ndr_pull_samr_RidWithAttribute(ndr, NDR_SCALARS, &r->rids[cntr_rids_1]));
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_1, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_0, 0);
+		}
+		if (r->rids) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->rids, r->count));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_RidWithAttributeArray(struct ndr_print *ndr, const char *name, const struct samr_RidWithAttributeArray *r)
+{
+	uint32_t cntr_rids_1;
+	ndr_print_struct(ndr, name, "samr_RidWithAttributeArray");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "count", r->count);
+	ndr_print_ptr(ndr, "rids", r->rids);
+	ndr->depth++;
+	if (r->rids) {
+		ndr->print(ndr, "%s: ARRAY(%d)", "rids", r->count);
+		ndr->depth++;
+		for (cntr_rids_1=0;cntr_rids_1<r->count;cntr_rids_1++) {
+			char *idx_1=NULL;
+			if (asprintf(&idx_1, "[%d]", cntr_rids_1) != -1) {
+				ndr_print_samr_RidWithAttribute(ndr, "rids", &r->rids[cntr_rids_1]);
+				free(idx_1);
+			}
+		}
+		ndr->depth--;
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DispEntryGeneral(struct ndr_push *ndr, int ndr_flags, const struct samr_DispEntryGeneral *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->idx));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
+		NDR_CHECK(ndr_push_samr_AcctFlags(ndr, NDR_SCALARS, r->acct_flags));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->account_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->description));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->full_name));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->account_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->description));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->full_name));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DispEntryGeneral(struct ndr_pull *ndr, int ndr_flags, struct samr_DispEntryGeneral *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->idx));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->rid));
+		NDR_CHECK(ndr_pull_samr_AcctFlags(ndr, NDR_SCALARS, &r->acct_flags));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->account_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->description));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->full_name));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->account_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->description));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->full_name));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DispEntryGeneral(struct ndr_print *ndr, const char *name, const struct samr_DispEntryGeneral *r)
+{
+	ndr_print_struct(ndr, name, "samr_DispEntryGeneral");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "idx", r->idx);
+	ndr_print_uint32(ndr, "rid", r->rid);
+	ndr_print_samr_AcctFlags(ndr, "acct_flags", r->acct_flags);
+	ndr_print_lsa_String(ndr, "account_name", &r->account_name);
+	ndr_print_lsa_String(ndr, "description", &r->description);
+	ndr_print_lsa_String(ndr, "full_name", &r->full_name);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DispInfoGeneral(struct ndr_push *ndr, int ndr_flags, const struct samr_DispInfoGeneral *r)
+{
+	uint32_t cntr_entries_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->entries));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->entries) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_push_samr_DispEntryGeneral(ndr, NDR_SCALARS, &r->entries[cntr_entries_1]));
+			}
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_push_samr_DispEntryGeneral(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1]));
+			}
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DispInfoGeneral(struct ndr_pull *ndr, int ndr_flags, struct samr_DispInfoGeneral *r)
+{
+	uint32_t _ptr_entries;
+	uint32_t cntr_entries_1;
+	TALLOC_CTX *_mem_save_entries_0;
+	TALLOC_CTX *_mem_save_entries_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_entries));
+		if (_ptr_entries) {
+			NDR_PULL_ALLOC(ndr, r->entries);
+		} else {
+			r->entries = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->entries) {
+			_mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->entries));
+			NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries));
+			_mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0);
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_pull_samr_DispEntryGeneral(ndr, NDR_SCALARS, &r->entries[cntr_entries_1]));
+			}
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_pull_samr_DispEntryGeneral(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1]));
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0);
+		}
+		if (r->entries) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->entries, r->count));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DispInfoGeneral(struct ndr_print *ndr, const char *name, const struct samr_DispInfoGeneral *r)
+{
+	uint32_t cntr_entries_1;
+	ndr_print_struct(ndr, name, "samr_DispInfoGeneral");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "count", r->count);
+	ndr_print_ptr(ndr, "entries", r->entries);
+	ndr->depth++;
+	if (r->entries) {
+		ndr->print(ndr, "%s: ARRAY(%d)", "entries", r->count);
+		ndr->depth++;
+		for (cntr_entries_1=0;cntr_entries_1<r->count;cntr_entries_1++) {
+			char *idx_1=NULL;
+			if (asprintf(&idx_1, "[%d]", cntr_entries_1) != -1) {
+				ndr_print_samr_DispEntryGeneral(ndr, "entries", &r->entries[cntr_entries_1]);
+				free(idx_1);
+			}
+		}
+		ndr->depth--;
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DispEntryFull(struct ndr_push *ndr, int ndr_flags, const struct samr_DispEntryFull *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->idx));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
+		NDR_CHECK(ndr_push_samr_AcctFlags(ndr, NDR_SCALARS, r->acct_flags));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->account_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->description));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->account_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->description));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DispEntryFull(struct ndr_pull *ndr, int ndr_flags, struct samr_DispEntryFull *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->idx));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->rid));
+		NDR_CHECK(ndr_pull_samr_AcctFlags(ndr, NDR_SCALARS, &r->acct_flags));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->account_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->description));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->account_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->description));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DispEntryFull(struct ndr_print *ndr, const char *name, const struct samr_DispEntryFull *r)
+{
+	ndr_print_struct(ndr, name, "samr_DispEntryFull");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "idx", r->idx);
+	ndr_print_uint32(ndr, "rid", r->rid);
+	ndr_print_samr_AcctFlags(ndr, "acct_flags", r->acct_flags);
+	ndr_print_lsa_String(ndr, "account_name", &r->account_name);
+	ndr_print_lsa_String(ndr, "description", &r->description);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DispInfoFull(struct ndr_push *ndr, int ndr_flags, const struct samr_DispInfoFull *r)
+{
+	uint32_t cntr_entries_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->entries));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->entries) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_push_samr_DispEntryFull(ndr, NDR_SCALARS, &r->entries[cntr_entries_1]));
+			}
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_push_samr_DispEntryFull(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1]));
+			}
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DispInfoFull(struct ndr_pull *ndr, int ndr_flags, struct samr_DispInfoFull *r)
+{
+	uint32_t _ptr_entries;
+	uint32_t cntr_entries_1;
+	TALLOC_CTX *_mem_save_entries_0;
+	TALLOC_CTX *_mem_save_entries_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_entries));
+		if (_ptr_entries) {
+			NDR_PULL_ALLOC(ndr, r->entries);
+		} else {
+			r->entries = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->entries) {
+			_mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->entries));
+			NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries));
+			_mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0);
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_pull_samr_DispEntryFull(ndr, NDR_SCALARS, &r->entries[cntr_entries_1]));
+			}
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_pull_samr_DispEntryFull(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1]));
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0);
+		}
+		if (r->entries) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->entries, r->count));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DispInfoFull(struct ndr_print *ndr, const char *name, const struct samr_DispInfoFull *r)
+{
+	uint32_t cntr_entries_1;
+	ndr_print_struct(ndr, name, "samr_DispInfoFull");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "count", r->count);
+	ndr_print_ptr(ndr, "entries", r->entries);
+	ndr->depth++;
+	if (r->entries) {
+		ndr->print(ndr, "%s: ARRAY(%d)", "entries", r->count);
+		ndr->depth++;
+		for (cntr_entries_1=0;cntr_entries_1<r->count;cntr_entries_1++) {
+			char *idx_1=NULL;
+			if (asprintf(&idx_1, "[%d]", cntr_entries_1) != -1) {
+				ndr_print_samr_DispEntryFull(ndr, "entries", &r->entries[cntr_entries_1]);
+				free(idx_1);
+			}
+		}
+		ndr->depth--;
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DispEntryFullGroup(struct ndr_push *ndr, int ndr_flags, const struct samr_DispEntryFullGroup *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->idx));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->rid));
+		NDR_CHECK(ndr_push_samr_GroupAttrs(ndr, NDR_SCALARS, r->acct_flags));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->account_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->description));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->account_name));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->description));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DispEntryFullGroup(struct ndr_pull *ndr, int ndr_flags, struct samr_DispEntryFullGroup *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->idx));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->rid));
+		NDR_CHECK(ndr_pull_samr_GroupAttrs(ndr, NDR_SCALARS, &r->acct_flags));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->account_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->description));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->account_name));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->description));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DispEntryFullGroup(struct ndr_print *ndr, const char *name, const struct samr_DispEntryFullGroup *r)
+{
+	ndr_print_struct(ndr, name, "samr_DispEntryFullGroup");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "idx", r->idx);
+	ndr_print_uint32(ndr, "rid", r->rid);
+	ndr_print_samr_GroupAttrs(ndr, "acct_flags", r->acct_flags);
+	ndr_print_lsa_String(ndr, "account_name", &r->account_name);
+	ndr_print_lsa_String(ndr, "description", &r->description);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DispInfoFullGroups(struct ndr_push *ndr, int ndr_flags, const struct samr_DispInfoFullGroups *r)
+{
+	uint32_t cntr_entries_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->entries));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->entries) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_push_samr_DispEntryFullGroup(ndr, NDR_SCALARS, &r->entries[cntr_entries_1]));
+			}
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_push_samr_DispEntryFullGroup(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1]));
+			}
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DispInfoFullGroups(struct ndr_pull *ndr, int ndr_flags, struct samr_DispInfoFullGroups *r)
+{
+	uint32_t _ptr_entries;
+	uint32_t cntr_entries_1;
+	TALLOC_CTX *_mem_save_entries_0;
+	TALLOC_CTX *_mem_save_entries_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_entries));
+		if (_ptr_entries) {
+			NDR_PULL_ALLOC(ndr, r->entries);
+		} else {
+			r->entries = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->entries) {
+			_mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->entries));
+			NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries));
+			_mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0);
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_pull_samr_DispEntryFullGroup(ndr, NDR_SCALARS, &r->entries[cntr_entries_1]));
+			}
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_pull_samr_DispEntryFullGroup(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1]));
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0);
+		}
+		if (r->entries) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->entries, r->count));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DispInfoFullGroups(struct ndr_print *ndr, const char *name, const struct samr_DispInfoFullGroups *r)
+{
+	uint32_t cntr_entries_1;
+	ndr_print_struct(ndr, name, "samr_DispInfoFullGroups");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "count", r->count);
+	ndr_print_ptr(ndr, "entries", r->entries);
+	ndr->depth++;
+	if (r->entries) {
+		ndr->print(ndr, "%s: ARRAY(%d)", "entries", r->count);
+		ndr->depth++;
+		for (cntr_entries_1=0;cntr_entries_1<r->count;cntr_entries_1++) {
+			char *idx_1=NULL;
+			if (asprintf(&idx_1, "[%d]", cntr_entries_1) != -1) {
+				ndr_print_samr_DispEntryFullGroup(ndr, "entries", &r->entries[cntr_entries_1]);
+				free(idx_1);
+			}
+		}
+		ndr->depth--;
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DispEntryAscii(struct ndr_push *ndr, int ndr_flags, const struct samr_DispEntryAscii *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->idx));
+		NDR_CHECK(ndr_push_lsa_AsciiStringLarge(ndr, NDR_SCALARS, &r->account_name));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_lsa_AsciiStringLarge(ndr, NDR_BUFFERS, &r->account_name));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DispEntryAscii(struct ndr_pull *ndr, int ndr_flags, struct samr_DispEntryAscii *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->idx));
+		NDR_CHECK(ndr_pull_lsa_AsciiStringLarge(ndr, NDR_SCALARS, &r->account_name));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_lsa_AsciiStringLarge(ndr, NDR_BUFFERS, &r->account_name));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DispEntryAscii(struct ndr_print *ndr, const char *name, const struct samr_DispEntryAscii *r)
+{
+	ndr_print_struct(ndr, name, "samr_DispEntryAscii");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "idx", r->idx);
+	ndr_print_lsa_AsciiStringLarge(ndr, "account_name", &r->account_name);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DispInfoAscii(struct ndr_push *ndr, int ndr_flags, const struct samr_DispInfoAscii *r)
+{
+	uint32_t cntr_entries_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->entries));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->entries) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_push_samr_DispEntryAscii(ndr, NDR_SCALARS, &r->entries[cntr_entries_1]));
+			}
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_push_samr_DispEntryAscii(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1]));
+			}
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DispInfoAscii(struct ndr_pull *ndr, int ndr_flags, struct samr_DispInfoAscii *r)
+{
+	uint32_t _ptr_entries;
+	uint32_t cntr_entries_1;
+	TALLOC_CTX *_mem_save_entries_0;
+	TALLOC_CTX *_mem_save_entries_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_entries));
+		if (_ptr_entries) {
+			NDR_PULL_ALLOC(ndr, r->entries);
+		} else {
+			r->entries = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->entries) {
+			_mem_save_entries_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->entries));
+			NDR_PULL_ALLOC_N(ndr, r->entries, ndr_get_array_size(ndr, &r->entries));
+			_mem_save_entries_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->entries, 0);
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_pull_samr_DispEntryAscii(ndr, NDR_SCALARS, &r->entries[cntr_entries_1]));
+			}
+			for (cntr_entries_1 = 0; cntr_entries_1 < r->count; cntr_entries_1++) {
+				NDR_CHECK(ndr_pull_samr_DispEntryAscii(ndr, NDR_BUFFERS, &r->entries[cntr_entries_1]));
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_1, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_entries_0, 0);
+		}
+		if (r->entries) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->entries, r->count));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DispInfoAscii(struct ndr_print *ndr, const char *name, const struct samr_DispInfoAscii *r)
+{
+	uint32_t cntr_entries_1;
+	ndr_print_struct(ndr, name, "samr_DispInfoAscii");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "count", r->count);
+	ndr_print_ptr(ndr, "entries", r->entries);
+	ndr->depth++;
+	if (r->entries) {
+		ndr->print(ndr, "%s: ARRAY(%d)", "entries", r->count);
+		ndr->depth++;
+		for (cntr_entries_1=0;cntr_entries_1<r->count;cntr_entries_1++) {
+			char *idx_1=NULL;
+			if (asprintf(&idx_1, "[%d]", cntr_entries_1) != -1) {
+				ndr_print_samr_DispEntryAscii(ndr, "entries", &r->entries[cntr_entries_1]);
+				free(idx_1);
+			}
+		}
+		ndr->depth--;
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DispInfo(struct ndr_push *ndr, int ndr_flags, const union samr_DispInfo *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, level));
+		switch (level) {
+			case 1: {
+				NDR_CHECK(ndr_push_samr_DispInfoGeneral(ndr, NDR_SCALARS, &r->info1));
+			break; }
+
+			case 2: {
+				NDR_CHECK(ndr_push_samr_DispInfoFull(ndr, NDR_SCALARS, &r->info2));
+			break; }
+
+			case 3: {
+				NDR_CHECK(ndr_push_samr_DispInfoFullGroups(ndr, NDR_SCALARS, &r->info3));
+			break; }
+
+			case 4: {
+				NDR_CHECK(ndr_push_samr_DispInfoAscii(ndr, NDR_SCALARS, &r->info4));
+			break; }
+
+			case 5: {
+				NDR_CHECK(ndr_push_samr_DispInfoAscii(ndr, NDR_SCALARS, &r->info5));
+			break; }
+
+			default:
+				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		switch (level) {
+			case 1:
+				NDR_CHECK(ndr_push_samr_DispInfoGeneral(ndr, NDR_BUFFERS, &r->info1));
+			break;
+
+			case 2:
+				NDR_CHECK(ndr_push_samr_DispInfoFull(ndr, NDR_BUFFERS, &r->info2));
+			break;
+
+			case 3:
+				NDR_CHECK(ndr_push_samr_DispInfoFullGroups(ndr, NDR_BUFFERS, &r->info3));
+			break;
+
+			case 4:
+				NDR_CHECK(ndr_push_samr_DispInfoAscii(ndr, NDR_BUFFERS, &r->info4));
+			break;
+
+			case 5:
+				NDR_CHECK(ndr_push_samr_DispInfoAscii(ndr, NDR_BUFFERS, &r->info5));
+			break;
+
+			default:
+				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DispInfo(struct ndr_pull *ndr, int ndr_flags, union samr_DispInfo *r)
+{
+	int level;
+	uint16_t _level;
+	level = ndr_pull_get_switch_value(ndr, r);
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level));
+		if (_level != level) {
+			return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u for r", _level);
+		}
+		switch (level) {
+			case 1: {
+				NDR_CHECK(ndr_pull_samr_DispInfoGeneral(ndr, NDR_SCALARS, &r->info1));
+			break; }
+
+			case 2: {
+				NDR_CHECK(ndr_pull_samr_DispInfoFull(ndr, NDR_SCALARS, &r->info2));
+			break; }
+
+			case 3: {
+				NDR_CHECK(ndr_pull_samr_DispInfoFullGroups(ndr, NDR_SCALARS, &r->info3));
+			break; }
+
+			case 4: {
+				NDR_CHECK(ndr_pull_samr_DispInfoAscii(ndr, NDR_SCALARS, &r->info4));
+			break; }
+
+			case 5: {
+				NDR_CHECK(ndr_pull_samr_DispInfoAscii(ndr, NDR_SCALARS, &r->info5));
+			break; }
+
+			default:
+				return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		switch (level) {
+			case 1:
+				NDR_CHECK(ndr_pull_samr_DispInfoGeneral(ndr, NDR_BUFFERS, &r->info1));
+			break;
+
+			case 2:
+				NDR_CHECK(ndr_pull_samr_DispInfoFull(ndr, NDR_BUFFERS, &r->info2));
+			break;
+
+			case 3:
+				NDR_CHECK(ndr_pull_samr_DispInfoFullGroups(ndr, NDR_BUFFERS, &r->info3));
+			break;
+
+			case 4:
+				NDR_CHECK(ndr_pull_samr_DispInfoAscii(ndr, NDR_BUFFERS, &r->info4));
+			break;
+
+			case 5:
+				NDR_CHECK(ndr_pull_samr_DispInfoAscii(ndr, NDR_BUFFERS, &r->info5));
+			break;
+
+			default:
+				return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DispInfo(struct ndr_print *ndr, const char *name, const union samr_DispInfo *r)
+{
+	int level;
+	level = ndr_print_get_switch_value(ndr, r);
+	ndr_print_union(ndr, name, level, "samr_DispInfo");
+	switch (level) {
+		case 1:
+			ndr_print_samr_DispInfoGeneral(ndr, "info1", &r->info1);
+		break;
+
+		case 2:
+			ndr_print_samr_DispInfoFull(ndr, "info2", &r->info2);
+		break;
+
+		case 3:
+			ndr_print_samr_DispInfoFullGroups(ndr, "info3", &r->info3);
+		break;
+
+		case 4:
+			ndr_print_samr_DispInfoAscii(ndr, "info4", &r->info4);
+		break;
+
+		case 5:
+			ndr_print_samr_DispInfoAscii(ndr, "info5", &r->info5);
+		break;
+
+		default:
+			ndr_print_bad_level(ndr, name, level);
+	}
+}
+
+static enum ndr_err_code ndr_push_samr_PwInfo(struct ndr_push *ndr, int ndr_flags, const struct samr_PwInfo *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->min_password_length));
+		NDR_CHECK(ndr_push_samr_PasswordProperties(ndr, NDR_SCALARS, r->password_properties));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_PwInfo(struct ndr_pull *ndr, int ndr_flags, struct samr_PwInfo *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->min_password_length));
+		NDR_CHECK(ndr_pull_samr_PasswordProperties(ndr, NDR_SCALARS, &r->password_properties));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_PwInfo(struct ndr_print *ndr, const char *name, const struct samr_PwInfo *r)
+{
+	ndr_print_struct(ndr, name, "samr_PwInfo");
+	ndr->depth++;
+	ndr_print_uint16(ndr, "min_password_length", r->min_password_length);
+	ndr_print_samr_PasswordProperties(ndr, "password_properties", r->password_properties);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_ConnectVersion(struct ndr_push *ndr, int ndr_flags, enum samr_ConnectVersion r)
+{
+	NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_ConnectVersion(struct ndr_pull *ndr, int ndr_flags, enum samr_ConnectVersion *r)
+{
+	uint16_t v;
+	NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_ConnectVersion(struct ndr_print *ndr, const char *name, enum samr_ConnectVersion r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case SAMR_CONNECT_PRE_W2K: val = "SAMR_CONNECT_PRE_W2K"; break;
+		case SAMR_CONNECT_W2K: val = "SAMR_CONNECT_W2K"; break;
+		case SAMR_CONNECT_AFTER_W2K: val = "SAMR_CONNECT_AFTER_W2K"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
+static enum ndr_err_code ndr_push_samr_ChangeReject(struct ndr_push *ndr, int ndr_flags, const struct samr_ChangeReject *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_samr_RejectReason(ndr, NDR_SCALARS, r->reason));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown1));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown2));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_ChangeReject(struct ndr_pull *ndr, int ndr_flags, struct samr_ChangeReject *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_samr_RejectReason(ndr, NDR_SCALARS, &r->reason));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown1));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown2));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_ChangeReject(struct ndr_print *ndr, const char *name, const struct samr_ChangeReject *r)
+{
+	ndr_print_struct(ndr, name, "samr_ChangeReject");
+	ndr->depth++;
+	ndr_print_samr_RejectReason(ndr, "reason", r->reason);
+	ndr_print_uint32(ndr, "unknown1", r->unknown1);
+	ndr_print_uint32(ndr, "unknown2", r->unknown2);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_ConnectInfo1(struct ndr_push *ndr, int ndr_flags, const struct samr_ConnectInfo1 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_samr_ConnectVersion(ndr, NDR_SCALARS, r->client_version));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown2));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_ConnectInfo1(struct ndr_pull *ndr, int ndr_flags, struct samr_ConnectInfo1 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_samr_ConnectVersion(ndr, NDR_SCALARS, &r->client_version));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown2));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_ConnectInfo1(struct ndr_print *ndr, const char *name, const struct samr_ConnectInfo1 *r)
+{
+	ndr_print_struct(ndr, name, "samr_ConnectInfo1");
+	ndr->depth++;
+	ndr_print_samr_ConnectVersion(ndr, "client_version", r->client_version);
+	ndr_print_uint32(ndr, "unknown2", r->unknown2);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_ConnectInfo(struct ndr_push *ndr, int ndr_flags, const union samr_ConnectInfo *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
+		switch (level) {
+			case 1: {
+				NDR_CHECK(ndr_push_samr_ConnectInfo1(ndr, NDR_SCALARS, &r->info1));
+			break; }
+
+			default:
+				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		switch (level) {
+			case 1:
+			break;
+
+			default:
+				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_ConnectInfo(struct ndr_pull *ndr, int ndr_flags, union samr_ConnectInfo *r)
+{
+	int level;
+	uint32_t _level;
+	level = ndr_pull_get_switch_value(ndr, r);
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level));
+		if (_level != level) {
+			return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u for r", _level);
+		}
+		switch (level) {
+			case 1: {
+				NDR_CHECK(ndr_pull_samr_ConnectInfo1(ndr, NDR_SCALARS, &r->info1));
+			break; }
+
+			default:
+				return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		switch (level) {
+			case 1:
+			break;
+
+			default:
+				return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_ConnectInfo(struct ndr_print *ndr, const char *name, const union samr_ConnectInfo *r)
+{
+	int level;
+	level = ndr_print_get_switch_value(ndr, r);
+	ndr_print_union(ndr, name, level, "samr_ConnectInfo");
+	switch (level) {
+		case 1:
+			ndr_print_samr_ConnectInfo1(ndr, "info1", &r->info1);
+		break;
+
+		default:
+			ndr_print_bad_level(ndr, name, level);
+	}
+}
+
+static enum ndr_err_code ndr_push_samr_ValidateFieldsPresent(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_ValidateFieldsPresent(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_ValidateFieldsPresent(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+	ndr_print_uint32(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET", SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME", SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_VALIDATE_FIELD_LOCKOUT_TIME", SAMR_VALIDATE_FIELD_LOCKOUT_TIME, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT", SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH", SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SAMR_VALIDATE_FIELD_PASSWORD_HISTORY", SAMR_VALIDATE_FIELD_PASSWORD_HISTORY, r);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_ValidatePasswordLevel(struct ndr_push *ndr, int ndr_flags, enum samr_ValidatePasswordLevel r)
+{
+	NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_ValidatePasswordLevel(struct ndr_pull *ndr, int ndr_flags, enum samr_ValidatePasswordLevel *r)
+{
+	uint16_t v;
+	NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_ValidatePasswordLevel(struct ndr_print *ndr, const char *name, enum samr_ValidatePasswordLevel r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case NetValidateAuthentication: val = "NetValidateAuthentication"; break;
+		case NetValidatePasswordChange: val = "NetValidatePasswordChange"; break;
+		case NetValidatePasswordReset: val = "NetValidatePasswordReset"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
+static enum ndr_err_code ndr_push_samr_ValidationStatus(struct ndr_push *ndr, int ndr_flags, enum samr_ValidationStatus r)
+{
+	NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_ValidationStatus(struct ndr_pull *ndr, int ndr_flags, enum samr_ValidationStatus *r)
+{
+	uint16_t v;
+	NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_ValidationStatus(struct ndr_print *ndr, const char *name, enum samr_ValidationStatus r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case SAMR_VALIDATION_STATUS_SUCCESS: val = "SAMR_VALIDATION_STATUS_SUCCESS"; break;
+		case SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE: val = "SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE"; break;
+		case SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT: val = "SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT"; break;
+		case SAMR_VALIDATION_STATUS_BAD_PASSWORD: val = "SAMR_VALIDATION_STATUS_BAD_PASSWORD"; break;
+		case SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT: val = "SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT"; break;
+		case SAMR_VALIDATION_STATUS_PWD_TOO_SHORT: val = "SAMR_VALIDATION_STATUS_PWD_TOO_SHORT"; break;
+		case SAMR_VALIDATION_STATUS_PWD_TOO_LONG: val = "SAMR_VALIDATION_STATUS_PWD_TOO_LONG"; break;
+		case SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH: val = "SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH"; break;
+		case SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT: val = "SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
+static enum ndr_err_code ndr_push_samr_ValidationBlob(struct ndr_push *ndr, int ndr_flags, const struct samr_ValidationBlob *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->length));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->data));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->data) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->length));
+			NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->data, r->length));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_ValidationBlob(struct ndr_pull *ndr, int ndr_flags, struct samr_ValidationBlob *r)
+{
+	uint32_t _ptr_data;
+	TALLOC_CTX *_mem_save_data_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->length));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_data));
+		if (_ptr_data) {
+			NDR_PULL_ALLOC(ndr, r->data);
+		} else {
+			r->data = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->data) {
+			_mem_save_data_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->data, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->data));
+			NDR_PULL_ALLOC_N(ndr, r->data, ndr_get_array_size(ndr, &r->data));
+			NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->data, ndr_get_array_size(ndr, &r->data)));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_data_0, 0);
+		}
+		if (r->data) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->data, r->length));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_ValidationBlob(struct ndr_print *ndr, const char *name, const struct samr_ValidationBlob *r)
+{
+	ndr_print_struct(ndr, name, "samr_ValidationBlob");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "length", r->length);
+	ndr_print_ptr(ndr, "data", r->data);
+	ndr->depth++;
+	if (r->data) {
+		ndr_print_array_uint8(ndr, "data", r->data, r->length);
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_ValidatePasswordInfo(struct ndr_push *ndr, int ndr_flags, const struct samr_ValidatePasswordInfo *r)
+{
+	uint32_t cntr_pwd_history_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 8));
+		NDR_CHECK(ndr_push_samr_ValidateFieldsPresent(ndr, NDR_SCALARS, r->fields_present));
+		NDR_CHECK(ndr_push_NTTIME_hyper(ndr, NDR_SCALARS, r->last_password_change));
+		NDR_CHECK(ndr_push_NTTIME_hyper(ndr, NDR_SCALARS, r->bad_password_time));
+		NDR_CHECK(ndr_push_NTTIME_hyper(ndr, NDR_SCALARS, r->lockout_time));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->bad_pwd_count));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->pwd_history_len));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->pwd_history));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->pwd_history) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->pwd_history_len));
+			for (cntr_pwd_history_1 = 0; cntr_pwd_history_1 < r->pwd_history_len; cntr_pwd_history_1++) {
+				NDR_CHECK(ndr_push_samr_ValidationBlob(ndr, NDR_SCALARS, &r->pwd_history[cntr_pwd_history_1]));
+			}
+			for (cntr_pwd_history_1 = 0; cntr_pwd_history_1 < r->pwd_history_len; cntr_pwd_history_1++) {
+				NDR_CHECK(ndr_push_samr_ValidationBlob(ndr, NDR_BUFFERS, &r->pwd_history[cntr_pwd_history_1]));
+			}
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_ValidatePasswordInfo(struct ndr_pull *ndr, int ndr_flags, struct samr_ValidatePasswordInfo *r)
+{
+	uint32_t _ptr_pwd_history;
+	uint32_t cntr_pwd_history_1;
+	TALLOC_CTX *_mem_save_pwd_history_0;
+	TALLOC_CTX *_mem_save_pwd_history_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 8));
+		NDR_CHECK(ndr_pull_samr_ValidateFieldsPresent(ndr, NDR_SCALARS, &r->fields_present));
+		NDR_CHECK(ndr_pull_NTTIME_hyper(ndr, NDR_SCALARS, &r->last_password_change));
+		NDR_CHECK(ndr_pull_NTTIME_hyper(ndr, NDR_SCALARS, &r->bad_password_time));
+		NDR_CHECK(ndr_pull_NTTIME_hyper(ndr, NDR_SCALARS, &r->lockout_time));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->bad_pwd_count));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->pwd_history_len));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_pwd_history));
+		if (_ptr_pwd_history) {
+			NDR_PULL_ALLOC(ndr, r->pwd_history);
+		} else {
+			r->pwd_history = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->pwd_history) {
+			_mem_save_pwd_history_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->pwd_history, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->pwd_history));
+			NDR_PULL_ALLOC_N(ndr, r->pwd_history, ndr_get_array_size(ndr, &r->pwd_history));
+			_mem_save_pwd_history_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->pwd_history, 0);
+			for (cntr_pwd_history_1 = 0; cntr_pwd_history_1 < r->pwd_history_len; cntr_pwd_history_1++) {
+				NDR_CHECK(ndr_pull_samr_ValidationBlob(ndr, NDR_SCALARS, &r->pwd_history[cntr_pwd_history_1]));
+			}
+			for (cntr_pwd_history_1 = 0; cntr_pwd_history_1 < r->pwd_history_len; cntr_pwd_history_1++) {
+				NDR_CHECK(ndr_pull_samr_ValidationBlob(ndr, NDR_BUFFERS, &r->pwd_history[cntr_pwd_history_1]));
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_pwd_history_1, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_pwd_history_0, 0);
+		}
+		if (r->pwd_history) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->pwd_history, r->pwd_history_len));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_ValidatePasswordInfo(struct ndr_print *ndr, const char *name, const struct samr_ValidatePasswordInfo *r)
+{
+	uint32_t cntr_pwd_history_1;
+	ndr_print_struct(ndr, name, "samr_ValidatePasswordInfo");
+	ndr->depth++;
+	ndr_print_samr_ValidateFieldsPresent(ndr, "fields_present", r->fields_present);
+	ndr_print_NTTIME_hyper(ndr, "last_password_change", r->last_password_change);
+	ndr_print_NTTIME_hyper(ndr, "bad_password_time", r->bad_password_time);
+	ndr_print_NTTIME_hyper(ndr, "lockout_time", r->lockout_time);
+	ndr_print_uint32(ndr, "bad_pwd_count", r->bad_pwd_count);
+	ndr_print_uint32(ndr, "pwd_history_len", r->pwd_history_len);
+	ndr_print_ptr(ndr, "pwd_history", r->pwd_history);
+	ndr->depth++;
+	if (r->pwd_history) {
+		ndr->print(ndr, "%s: ARRAY(%d)", "pwd_history", r->pwd_history_len);
+		ndr->depth++;
+		for (cntr_pwd_history_1=0;cntr_pwd_history_1<r->pwd_history_len;cntr_pwd_history_1++) {
+			char *idx_1=NULL;
+			if (asprintf(&idx_1, "[%d]", cntr_pwd_history_1) != -1) {
+				ndr_print_samr_ValidationBlob(ndr, "pwd_history", &r->pwd_history[cntr_pwd_history_1]);
+				free(idx_1);
+			}
+		}
+		ndr->depth--;
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_ValidatePasswordRepCtr(struct ndr_push *ndr, int ndr_flags, const struct samr_ValidatePasswordRepCtr *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 8));
+		NDR_CHECK(ndr_push_samr_ValidatePasswordInfo(ndr, NDR_SCALARS, &r->info));
+		NDR_CHECK(ndr_push_samr_ValidationStatus(ndr, NDR_SCALARS, r->status));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_samr_ValidatePasswordInfo(ndr, NDR_BUFFERS, &r->info));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_ValidatePasswordRepCtr(struct ndr_pull *ndr, int ndr_flags, struct samr_ValidatePasswordRepCtr *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 8));
+		NDR_CHECK(ndr_pull_samr_ValidatePasswordInfo(ndr, NDR_SCALARS, &r->info));
+		NDR_CHECK(ndr_pull_samr_ValidationStatus(ndr, NDR_SCALARS, &r->status));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_samr_ValidatePasswordInfo(ndr, NDR_BUFFERS, &r->info));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_ValidatePasswordRepCtr(struct ndr_print *ndr, const char *name, const struct samr_ValidatePasswordRepCtr *r)
+{
+	ndr_print_struct(ndr, name, "samr_ValidatePasswordRepCtr");
+	ndr->depth++;
+	ndr_print_samr_ValidatePasswordInfo(ndr, "info", &r->info);
+	ndr_print_samr_ValidationStatus(ndr, "status", r->status);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_ValidatePasswordRep(struct ndr_push *ndr, int ndr_flags, const union samr_ValidatePasswordRep *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, level));
+		switch (level) {
+			case 1: {
+				NDR_CHECK(ndr_push_samr_ValidatePasswordRepCtr(ndr, NDR_SCALARS, &r->ctr1));
+			break; }
+
+			case 2: {
+				NDR_CHECK(ndr_push_samr_ValidatePasswordRepCtr(ndr, NDR_SCALARS, &r->ctr2));
+			break; }
+
+			case 3: {
+				NDR_CHECK(ndr_push_samr_ValidatePasswordRepCtr(ndr, NDR_SCALARS, &r->ctr3));
+			break; }
+
+			default:
+				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		switch (level) {
+			case 1:
+				NDR_CHECK(ndr_push_samr_ValidatePasswordRepCtr(ndr, NDR_BUFFERS, &r->ctr1));
+			break;
+
+			case 2:
+				NDR_CHECK(ndr_push_samr_ValidatePasswordRepCtr(ndr, NDR_BUFFERS, &r->ctr2));
+			break;
+
+			case 3:
+				NDR_CHECK(ndr_push_samr_ValidatePasswordRepCtr(ndr, NDR_BUFFERS, &r->ctr3));
+			break;
+
+			default:
+				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_ValidatePasswordRep(struct ndr_pull *ndr, int ndr_flags, union samr_ValidatePasswordRep *r)
+{
+	int level;
+	uint16_t _level;
+	level = ndr_pull_get_switch_value(ndr, r);
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level));
+		if (_level != level) {
+			return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u for r", _level);
+		}
+		switch (level) {
+			case 1: {
+				NDR_CHECK(ndr_pull_samr_ValidatePasswordRepCtr(ndr, NDR_SCALARS, &r->ctr1));
+			break; }
+
+			case 2: {
+				NDR_CHECK(ndr_pull_samr_ValidatePasswordRepCtr(ndr, NDR_SCALARS, &r->ctr2));
+			break; }
+
+			case 3: {
+				NDR_CHECK(ndr_pull_samr_ValidatePasswordRepCtr(ndr, NDR_SCALARS, &r->ctr3));
+			break; }
+
+			default:
+				return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		switch (level) {
+			case 1:
+				NDR_CHECK(ndr_pull_samr_ValidatePasswordRepCtr(ndr, NDR_BUFFERS, &r->ctr1));
+			break;
+
+			case 2:
+				NDR_CHECK(ndr_pull_samr_ValidatePasswordRepCtr(ndr, NDR_BUFFERS, &r->ctr2));
+			break;
+
+			case 3:
+				NDR_CHECK(ndr_pull_samr_ValidatePasswordRepCtr(ndr, NDR_BUFFERS, &r->ctr3));
+			break;
+
+			default:
+				return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_ValidatePasswordRep(struct ndr_print *ndr, const char *name, const union samr_ValidatePasswordRep *r)
+{
+	int level;
+	level = ndr_print_get_switch_value(ndr, r);
+	ndr_print_union(ndr, name, level, "samr_ValidatePasswordRep");
+	switch (level) {
+		case 1:
+			ndr_print_samr_ValidatePasswordRepCtr(ndr, "ctr1", &r->ctr1);
+		break;
+
+		case 2:
+			ndr_print_samr_ValidatePasswordRepCtr(ndr, "ctr2", &r->ctr2);
+		break;
+
+		case 3:
+			ndr_print_samr_ValidatePasswordRepCtr(ndr, "ctr3", &r->ctr3);
+		break;
+
+		default:
+			ndr_print_bad_level(ndr, name, level);
+	}
+}
+
+static enum ndr_err_code ndr_push_samr_ValidatePasswordReq3(struct ndr_push *ndr, int ndr_flags, const struct samr_ValidatePasswordReq3 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 8));
+		NDR_CHECK(ndr_push_samr_ValidatePasswordInfo(ndr, NDR_SCALARS, &r->info));
+		NDR_CHECK(ndr_push_lsa_StringLarge(ndr, NDR_SCALARS, &r->password));
+		NDR_CHECK(ndr_push_lsa_StringLarge(ndr, NDR_SCALARS, &r->account));
+		NDR_CHECK(ndr_push_samr_ValidationBlob(ndr, NDR_SCALARS, &r->hash));
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->pwd_must_change_at_next_logon));
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->clear_lockout));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_samr_ValidatePasswordInfo(ndr, NDR_BUFFERS, &r->info));
+		NDR_CHECK(ndr_push_lsa_StringLarge(ndr, NDR_BUFFERS, &r->password));
+		NDR_CHECK(ndr_push_lsa_StringLarge(ndr, NDR_BUFFERS, &r->account));
+		NDR_CHECK(ndr_push_samr_ValidationBlob(ndr, NDR_BUFFERS, &r->hash));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_ValidatePasswordReq3(struct ndr_pull *ndr, int ndr_flags, struct samr_ValidatePasswordReq3 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 8));
+		NDR_CHECK(ndr_pull_samr_ValidatePasswordInfo(ndr, NDR_SCALARS, &r->info));
+		NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_SCALARS, &r->password));
+		NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_SCALARS, &r->account));
+		NDR_CHECK(ndr_pull_samr_ValidationBlob(ndr, NDR_SCALARS, &r->hash));
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->pwd_must_change_at_next_logon));
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->clear_lockout));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_samr_ValidatePasswordInfo(ndr, NDR_BUFFERS, &r->info));
+		NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_BUFFERS, &r->password));
+		NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_BUFFERS, &r->account));
+		NDR_CHECK(ndr_pull_samr_ValidationBlob(ndr, NDR_BUFFERS, &r->hash));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_ValidatePasswordReq3(struct ndr_print *ndr, const char *name, const struct samr_ValidatePasswordReq3 *r)
+{
+	ndr_print_struct(ndr, name, "samr_ValidatePasswordReq3");
+	ndr->depth++;
+	ndr_print_samr_ValidatePasswordInfo(ndr, "info", &r->info);
+	ndr_print_lsa_StringLarge(ndr, "password", &r->password);
+	ndr_print_lsa_StringLarge(ndr, "account", &r->account);
+	ndr_print_samr_ValidationBlob(ndr, "hash", &r->hash);
+	ndr_print_uint8(ndr, "pwd_must_change_at_next_logon", r->pwd_must_change_at_next_logon);
+	ndr_print_uint8(ndr, "clear_lockout", r->clear_lockout);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_ValidatePasswordReq2(struct ndr_push *ndr, int ndr_flags, const struct samr_ValidatePasswordReq2 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 8));
+		NDR_CHECK(ndr_push_samr_ValidatePasswordInfo(ndr, NDR_SCALARS, &r->info));
+		NDR_CHECK(ndr_push_lsa_StringLarge(ndr, NDR_SCALARS, &r->password));
+		NDR_CHECK(ndr_push_lsa_StringLarge(ndr, NDR_SCALARS, &r->account));
+		NDR_CHECK(ndr_push_samr_ValidationBlob(ndr, NDR_SCALARS, &r->hash));
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->password_matched));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_samr_ValidatePasswordInfo(ndr, NDR_BUFFERS, &r->info));
+		NDR_CHECK(ndr_push_lsa_StringLarge(ndr, NDR_BUFFERS, &r->password));
+		NDR_CHECK(ndr_push_lsa_StringLarge(ndr, NDR_BUFFERS, &r->account));
+		NDR_CHECK(ndr_push_samr_ValidationBlob(ndr, NDR_BUFFERS, &r->hash));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_ValidatePasswordReq2(struct ndr_pull *ndr, int ndr_flags, struct samr_ValidatePasswordReq2 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 8));
+		NDR_CHECK(ndr_pull_samr_ValidatePasswordInfo(ndr, NDR_SCALARS, &r->info));
+		NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_SCALARS, &r->password));
+		NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_SCALARS, &r->account));
+		NDR_CHECK(ndr_pull_samr_ValidationBlob(ndr, NDR_SCALARS, &r->hash));
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->password_matched));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_samr_ValidatePasswordInfo(ndr, NDR_BUFFERS, &r->info));
+		NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_BUFFERS, &r->password));
+		NDR_CHECK(ndr_pull_lsa_StringLarge(ndr, NDR_BUFFERS, &r->account));
+		NDR_CHECK(ndr_pull_samr_ValidationBlob(ndr, NDR_BUFFERS, &r->hash));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_ValidatePasswordReq2(struct ndr_print *ndr, const char *name, const struct samr_ValidatePasswordReq2 *r)
+{
+	ndr_print_struct(ndr, name, "samr_ValidatePasswordReq2");
+	ndr->depth++;
+	ndr_print_samr_ValidatePasswordInfo(ndr, "info", &r->info);
+	ndr_print_lsa_StringLarge(ndr, "password", &r->password);
+	ndr_print_lsa_StringLarge(ndr, "account", &r->account);
+	ndr_print_samr_ValidationBlob(ndr, "hash", &r->hash);
+	ndr_print_uint8(ndr, "password_matched", r->password_matched);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_ValidatePasswordReq1(struct ndr_push *ndr, int ndr_flags, const struct samr_ValidatePasswordReq1 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 8));
+		NDR_CHECK(ndr_push_samr_ValidatePasswordInfo(ndr, NDR_SCALARS, &r->info));
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->password_matched));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_samr_ValidatePasswordInfo(ndr, NDR_BUFFERS, &r->info));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_ValidatePasswordReq1(struct ndr_pull *ndr, int ndr_flags, struct samr_ValidatePasswordReq1 *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 8));
+		NDR_CHECK(ndr_pull_samr_ValidatePasswordInfo(ndr, NDR_SCALARS, &r->info));
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->password_matched));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_samr_ValidatePasswordInfo(ndr, NDR_BUFFERS, &r->info));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_ValidatePasswordReq1(struct ndr_print *ndr, const char *name, const struct samr_ValidatePasswordReq1 *r)
+{
+	ndr_print_struct(ndr, name, "samr_ValidatePasswordReq1");
+	ndr->depth++;
+	ndr_print_samr_ValidatePasswordInfo(ndr, "info", &r->info);
+	ndr_print_uint8(ndr, "password_matched", r->password_matched);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_ValidatePasswordReq(struct ndr_push *ndr, int ndr_flags, const union samr_ValidatePasswordReq *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, level));
+		switch (level) {
+			case 1: {
+				NDR_CHECK(ndr_push_samr_ValidatePasswordReq1(ndr, NDR_SCALARS, &r->req1));
+			break; }
+
+			case 2: {
+				NDR_CHECK(ndr_push_samr_ValidatePasswordReq2(ndr, NDR_SCALARS, &r->req2));
+			break; }
+
+			case 3: {
+				NDR_CHECK(ndr_push_samr_ValidatePasswordReq3(ndr, NDR_SCALARS, &r->req3));
+			break; }
+
+			default:
+				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		switch (level) {
+			case 1:
+				NDR_CHECK(ndr_push_samr_ValidatePasswordReq1(ndr, NDR_BUFFERS, &r->req1));
+			break;
+
+			case 2:
+				NDR_CHECK(ndr_push_samr_ValidatePasswordReq2(ndr, NDR_BUFFERS, &r->req2));
+			break;
+
+			case 3:
+				NDR_CHECK(ndr_push_samr_ValidatePasswordReq3(ndr, NDR_BUFFERS, &r->req3));
+			break;
+
+			default:
+				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_ValidatePasswordReq(struct ndr_pull *ndr, int ndr_flags, union samr_ValidatePasswordReq *r)
+{
+	int level;
+	uint16_t _level;
+	level = ndr_pull_get_switch_value(ndr, r);
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level));
+		if (_level != level) {
+			return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u for r", _level);
+		}
+		switch (level) {
+			case 1: {
+				NDR_CHECK(ndr_pull_samr_ValidatePasswordReq1(ndr, NDR_SCALARS, &r->req1));
+			break; }
+
+			case 2: {
+				NDR_CHECK(ndr_pull_samr_ValidatePasswordReq2(ndr, NDR_SCALARS, &r->req2));
+			break; }
+
+			case 3: {
+				NDR_CHECK(ndr_pull_samr_ValidatePasswordReq3(ndr, NDR_SCALARS, &r->req3));
+			break; }
+
+			default:
+				return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		switch (level) {
+			case 1:
+				NDR_CHECK(ndr_pull_samr_ValidatePasswordReq1(ndr, NDR_BUFFERS, &r->req1));
+			break;
+
+			case 2:
+				NDR_CHECK(ndr_pull_samr_ValidatePasswordReq2(ndr, NDR_BUFFERS, &r->req2));
+			break;
+
+			case 3:
+				NDR_CHECK(ndr_pull_samr_ValidatePasswordReq3(ndr, NDR_BUFFERS, &r->req3));
+			break;
+
+			default:
+				return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_ValidatePasswordReq(struct ndr_print *ndr, const char *name, const union samr_ValidatePasswordReq *r)
+{
+	int level;
+	level = ndr_print_get_switch_value(ndr, r);
+	ndr_print_union(ndr, name, level, "samr_ValidatePasswordReq");
+	switch (level) {
+		case 1:
+			ndr_print_samr_ValidatePasswordReq1(ndr, "req1", &r->req1);
+		break;
+
+		case 2:
+			ndr_print_samr_ValidatePasswordReq2(ndr, "req2", &r->req2);
+		break;
+
+		case 3:
+			ndr_print_samr_ValidatePasswordReq3(ndr, "req3", &r->req3);
+		break;
+
+		default:
+			ndr_print_bad_level(ndr, name, level);
+	}
+}
+
+static enum ndr_err_code ndr_push_samr_Connect(struct ndr_push *ndr, int flags, const struct samr_Connect *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.system_name));
+		if (r->in.system_name) {
+			NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, *r->in.system_name));
+		}
+		NDR_CHECK(ndr_push_samr_ConnectAccessMask(ndr, NDR_SCALARS, r->in.access_mask));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.connect_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->out.connect_handle));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_Connect(struct ndr_pull *ndr, int flags, struct samr_Connect *r)
+{
+	uint32_t _ptr_system_name;
+	TALLOC_CTX *_mem_save_system_name_0;
+	TALLOC_CTX *_mem_save_connect_handle_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_system_name));
+		if (_ptr_system_name) {
+			NDR_PULL_ALLOC(ndr, r->in.system_name);
+		} else {
+			r->in.system_name = NULL;
+		}
+		if (r->in.system_name) {
+			_mem_save_system_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0);
+			NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, r->in.system_name));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0);
+		}
+		NDR_CHECK(ndr_pull_samr_ConnectAccessMask(ndr, NDR_SCALARS, &r->in.access_mask));
+		NDR_PULL_ALLOC(ndr, r->out.connect_handle);
+		ZERO_STRUCTP(r->out.connect_handle);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.connect_handle);
+		}
+		_mem_save_connect_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.connect_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->out.connect_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_connect_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_Connect(struct ndr_print *ndr, const char *name, int flags, const struct samr_Connect *r)
+{
+	ndr_print_struct(ndr, name, "samr_Connect");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_Connect");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "system_name", r->in.system_name);
+		ndr->depth++;
+		if (r->in.system_name) {
+			ndr_print_uint16(ndr, "system_name", *r->in.system_name);
+		}
+		ndr->depth--;
+		ndr_print_samr_ConnectAccessMask(ndr, "access_mask", r->in.access_mask);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_Connect");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "connect_handle", r->out.connect_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "connect_handle", r->out.connect_handle);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_samr_Close(struct ndr_push *ndr, int flags, const struct samr_Close *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.handle));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->out.handle));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_samr_Close(struct ndr_pull *ndr, int flags, struct samr_Close *r)
+{
+	TALLOC_CTX *_mem_save_handle_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.handle);
+		}
+		_mem_save_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.handle);
+		*r->out.handle = *r->in.handle;
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.handle);
+		}
+		_mem_save_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->out.handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_Close(struct ndr_print *ndr, const char *name, int flags, const struct samr_Close *r)
+{
+	ndr_print_struct(ndr, name, "samr_Close");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_Close");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "handle", r->in.handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "handle", r->in.handle);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_Close");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "handle", r->out.handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "handle", r->out.handle);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_SetSecurity(struct ndr_push *ndr, int flags, const struct samr_SetSecurity *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.handle));
+		NDR_CHECK(ndr_push_security_secinfo(ndr, NDR_SCALARS, r->in.sec_info));
+		if (r->in.sdbuf == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_sec_desc_buf(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sdbuf));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_SetSecurity(struct ndr_pull *ndr, int flags, struct samr_SetSecurity *r)
+{
+	TALLOC_CTX *_mem_save_handle_0;
+	TALLOC_CTX *_mem_save_sdbuf_0;
+	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.handle);
+		}
+		_mem_save_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_security_secinfo(ndr, NDR_SCALARS, &r->in.sec_info));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.sdbuf);
+		}
+		_mem_save_sdbuf_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.sdbuf, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_sec_desc_buf(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sdbuf));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sdbuf_0, LIBNDR_FLAG_REF_ALLOC);
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_SetSecurity(struct ndr_print *ndr, const char *name, int flags, const struct samr_SetSecurity *r)
+{
+	ndr_print_struct(ndr, name, "samr_SetSecurity");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_SetSecurity");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "handle", r->in.handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "handle", r->in.handle);
+		ndr->depth--;
+		ndr_print_security_secinfo(ndr, "sec_info", r->in.sec_info);
+		ndr_print_ptr(ndr, "sdbuf", r->in.sdbuf);
+		ndr->depth++;
+		ndr_print_sec_desc_buf(ndr, "sdbuf", r->in.sdbuf);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_SetSecurity");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_QuerySecurity(struct ndr_push *ndr, int flags, const struct samr_QuerySecurity *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.handle));
+		NDR_CHECK(ndr_push_security_secinfo(ndr, NDR_SCALARS, r->in.sec_info));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.sdbuf == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.sdbuf));
+		if (*r->out.sdbuf) {
+			NDR_CHECK(ndr_push_sec_desc_buf(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.sdbuf));
+		}
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_QuerySecurity(struct ndr_pull *ndr, int flags, struct samr_QuerySecurity *r)
+{
+	uint32_t _ptr_sdbuf;
+	TALLOC_CTX *_mem_save_handle_0;
+	TALLOC_CTX *_mem_save_sdbuf_0;
+	TALLOC_CTX *_mem_save_sdbuf_1;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.handle);
+		}
+		_mem_save_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_security_secinfo(ndr, NDR_SCALARS, &r->in.sec_info));
+		NDR_PULL_ALLOC(ndr, r->out.sdbuf);
+		ZERO_STRUCTP(r->out.sdbuf);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.sdbuf);
+		}
+		_mem_save_sdbuf_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.sdbuf, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sdbuf));
+		if (_ptr_sdbuf) {
+			NDR_PULL_ALLOC(ndr, *r->out.sdbuf);
+		} else {
+			*r->out.sdbuf = NULL;
+		}
+		if (*r->out.sdbuf) {
+			_mem_save_sdbuf_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.sdbuf, 0);
+			NDR_CHECK(ndr_pull_sec_desc_buf(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.sdbuf));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sdbuf_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sdbuf_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_QuerySecurity(struct ndr_print *ndr, const char *name, int flags, const struct samr_QuerySecurity *r)
+{
+	ndr_print_struct(ndr, name, "samr_QuerySecurity");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_QuerySecurity");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "handle", r->in.handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "handle", r->in.handle);
+		ndr->depth--;
+		ndr_print_security_secinfo(ndr, "sec_info", r->in.sec_info);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_QuerySecurity");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "sdbuf", r->out.sdbuf);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "sdbuf", *r->out.sdbuf);
+		ndr->depth++;
+		if (*r->out.sdbuf) {
+			ndr_print_sec_desc_buf(ndr, "sdbuf", *r->out.sdbuf);
+		}
+		ndr->depth--;
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_Shutdown(struct ndr_push *ndr, int flags, const struct samr_Shutdown *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.connect_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.connect_handle));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_Shutdown(struct ndr_pull *ndr, int flags, struct samr_Shutdown *r)
+{
+	TALLOC_CTX *_mem_save_connect_handle_0;
+	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.connect_handle);
+		}
+		_mem_save_connect_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.connect_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.connect_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_connect_handle_0, LIBNDR_FLAG_REF_ALLOC);
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_Shutdown(struct ndr_print *ndr, const char *name, int flags, const struct samr_Shutdown *r)
+{
+	ndr_print_struct(ndr, name, "samr_Shutdown");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_Shutdown");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "connect_handle", r->in.connect_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "connect_handle", r->in.connect_handle);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_Shutdown");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_LookupDomain(struct ndr_push *ndr, int flags, const struct samr_LookupDomain *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.connect_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.connect_handle));
+		if (r->in.domain_name == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.domain_name));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.sid == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.sid));
+		if (*r->out.sid) {
+			NDR_CHECK(ndr_push_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.sid));
+		}
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_LookupDomain(struct ndr_pull *ndr, int flags, struct samr_LookupDomain *r)
+{
+	uint32_t _ptr_sid;
+	TALLOC_CTX *_mem_save_connect_handle_0;
+	TALLOC_CTX *_mem_save_domain_name_0;
+	TALLOC_CTX *_mem_save_sid_0;
+	TALLOC_CTX *_mem_save_sid_1;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.connect_handle);
+		}
+		_mem_save_connect_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.connect_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.connect_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_connect_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_name);
+		}
+		_mem_save_domain_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_name, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.domain_name));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.sid);
+		ZERO_STRUCTP(r->out.sid);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.sid);
+		}
+		_mem_save_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.sid, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid));
+		if (_ptr_sid) {
+			NDR_PULL_ALLOC(ndr, *r->out.sid);
+		} else {
+			*r->out.sid = NULL;
+		}
+		if (*r->out.sid) {
+			_mem_save_sid_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.sid, 0);
+			NDR_CHECK(ndr_pull_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.sid));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sid_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sid_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_LookupDomain(struct ndr_print *ndr, const char *name, int flags, const struct samr_LookupDomain *r)
+{
+	ndr_print_struct(ndr, name, "samr_LookupDomain");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_LookupDomain");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "connect_handle", r->in.connect_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "connect_handle", r->in.connect_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "domain_name", r->in.domain_name);
+		ndr->depth++;
+		ndr_print_lsa_String(ndr, "domain_name", r->in.domain_name);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_LookupDomain");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "sid", r->out.sid);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "sid", *r->out.sid);
+		ndr->depth++;
+		if (*r->out.sid) {
+			ndr_print_dom_sid2(ndr, "sid", *r->out.sid);
+		}
+		ndr->depth--;
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_EnumDomains(struct ndr_push *ndr, int flags, const struct samr_EnumDomains *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.connect_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.connect_handle));
+		if (r->in.resume_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.resume_handle));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.resume_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.resume_handle));
+		if (r->out.sam == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.sam));
+		if (*r->out.sam) {
+			NDR_CHECK(ndr_push_samr_SamArray(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.sam));
+		}
+		if (r->out.num_entries == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.num_entries));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_EnumDomains(struct ndr_pull *ndr, int flags, struct samr_EnumDomains *r)
+{
+	uint32_t _ptr_sam;
+	TALLOC_CTX *_mem_save_connect_handle_0;
+	TALLOC_CTX *_mem_save_resume_handle_0;
+	TALLOC_CTX *_mem_save_sam_0;
+	TALLOC_CTX *_mem_save_sam_1;
+	TALLOC_CTX *_mem_save_num_entries_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.connect_handle);
+		}
+		_mem_save_connect_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.connect_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.connect_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_connect_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.resume_handle);
+		}
+		_mem_save_resume_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.resume_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.resume_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size));
+		NDR_PULL_ALLOC(ndr, r->out.resume_handle);
+		*r->out.resume_handle = *r->in.resume_handle;
+		NDR_PULL_ALLOC(ndr, r->out.sam);
+		ZERO_STRUCTP(r->out.sam);
+		NDR_PULL_ALLOC(ndr, r->out.num_entries);
+		ZERO_STRUCTP(r->out.num_entries);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.resume_handle);
+		}
+		_mem_save_resume_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.resume_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.resume_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.sam);
+		}
+		_mem_save_sam_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.sam, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sam));
+		if (_ptr_sam) {
+			NDR_PULL_ALLOC(ndr, *r->out.sam);
+		} else {
+			*r->out.sam = NULL;
+		}
+		if (*r->out.sam) {
+			_mem_save_sam_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.sam, 0);
+			NDR_CHECK(ndr_pull_samr_SamArray(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.sam));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sam_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sam_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.num_entries);
+		}
+		_mem_save_num_entries_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.num_entries, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.num_entries));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_num_entries_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_EnumDomains(struct ndr_print *ndr, const char *name, int flags, const struct samr_EnumDomains *r)
+{
+	ndr_print_struct(ndr, name, "samr_EnumDomains");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_EnumDomains");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "connect_handle", r->in.connect_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "connect_handle", r->in.connect_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "resume_handle", r->in.resume_handle);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "resume_handle", *r->in.resume_handle);
+		ndr->depth--;
+		ndr_print_uint32(ndr, "buf_size", r->in.buf_size);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_EnumDomains");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "resume_handle", r->out.resume_handle);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "resume_handle", *r->out.resume_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "sam", r->out.sam);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "sam", *r->out.sam);
+		ndr->depth++;
+		if (*r->out.sam) {
+			ndr_print_samr_SamArray(ndr, "sam", *r->out.sam);
+		}
+		ndr->depth--;
+		ndr->depth--;
+		ndr_print_ptr(ndr, "num_entries", r->out.num_entries);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "num_entries", *r->out.num_entries);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_samr_OpenDomain(struct ndr_push *ndr, int flags, const struct samr_OpenDomain *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.connect_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.connect_handle));
+		NDR_CHECK(ndr_push_samr_DomainAccessMask(ndr, NDR_SCALARS, r->in.access_mask));
+		if (r->in.sid == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sid));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->out.domain_handle));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_samr_OpenDomain(struct ndr_pull *ndr, int flags, struct samr_OpenDomain *r)
+{
+	TALLOC_CTX *_mem_save_connect_handle_0;
+	TALLOC_CTX *_mem_save_sid_0;
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.connect_handle);
+		}
+		_mem_save_connect_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.connect_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.connect_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_connect_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_DomainAccessMask(ndr, NDR_SCALARS, &r->in.access_mask));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.sid);
+		}
+		_mem_save_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.sid, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sid));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sid_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.domain_handle);
+		ZERO_STRUCTP(r->out.domain_handle);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->out.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_OpenDomain(struct ndr_print *ndr, const char *name, int flags, const struct samr_OpenDomain *r)
+{
+	ndr_print_struct(ndr, name, "samr_OpenDomain");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_OpenDomain");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "connect_handle", r->in.connect_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "connect_handle", r->in.connect_handle);
+		ndr->depth--;
+		ndr_print_samr_DomainAccessMask(ndr, "access_mask", r->in.access_mask);
+		ndr_print_ptr(ndr, "sid", r->in.sid);
+		ndr->depth++;
+		ndr_print_dom_sid2(ndr, "sid", r->in.sid);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_OpenDomain");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->out.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->out.domain_handle);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_QueryDomainInfo(struct ndr_push *ndr, int flags, const struct samr_QueryDomainInfo *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.level));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.info));
+		if (*r->out.info) {
+			NDR_CHECK(ndr_push_set_switch_value(ndr, *r->out.info, r->in.level));
+			NDR_CHECK(ndr_push_samr_DomainInfo(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.info));
+		}
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_QueryDomainInfo(struct ndr_pull *ndr, int flags, struct samr_QueryDomainInfo *r)
+{
+	uint32_t _ptr_info;
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_info_0;
+	TALLOC_CTX *_mem_save_info_1;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.level));
+		NDR_PULL_ALLOC(ndr, r->out.info);
+		ZERO_STRUCTP(r->out.info);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info));
+		if (_ptr_info) {
+			NDR_PULL_ALLOC(ndr, *r->out.info);
+		} else {
+			*r->out.info = NULL;
+		}
+		if (*r->out.info) {
+			_mem_save_info_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.info, 0);
+			NDR_CHECK(ndr_pull_set_switch_value(ndr, *r->out.info, r->in.level));
+			NDR_CHECK(ndr_pull_samr_DomainInfo(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.info));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_QueryDomainInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_QueryDomainInfo *r)
+{
+	ndr_print_struct(ndr, name, "samr_QueryDomainInfo");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_QueryDomainInfo");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_uint16(ndr, "level", r->in.level);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_QueryDomainInfo");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "info", r->out.info);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "info", *r->out.info);
+		ndr->depth++;
+		if (*r->out.info) {
+			ndr_print_set_switch_value(ndr, *r->out.info, r->in.level);
+			ndr_print_samr_DomainInfo(ndr, "info", *r->out.info);
+		}
+		ndr->depth--;
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_SetDomainInfo(struct ndr_push *ndr, int flags, const struct samr_SetDomainInfo *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.level));
+		if (r->in.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_set_switch_value(ndr, r->in.info, r->in.level));
+		NDR_CHECK(ndr_push_samr_DomainInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.info));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_SetDomainInfo(struct ndr_pull *ndr, int flags, struct samr_SetDomainInfo *r)
+{
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_info_0;
+	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.level));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, r->in.info, r->in.level));
+		NDR_CHECK(ndr_pull_samr_DomainInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.info));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_SetDomainInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_SetDomainInfo *r)
+{
+	ndr_print_struct(ndr, name, "samr_SetDomainInfo");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_SetDomainInfo");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_uint16(ndr, "level", r->in.level);
+		ndr_print_ptr(ndr, "info", r->in.info);
+		ndr->depth++;
+		ndr_print_set_switch_value(ndr, r->in.info, r->in.level);
+		ndr_print_samr_DomainInfo(ndr, "info", r->in.info);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_SetDomainInfo");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_CreateDomainGroup(struct ndr_push *ndr, int flags, const struct samr_CreateDomainGroup *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		if (r->in.name == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.name));
+		NDR_CHECK(ndr_push_samr_GroupAccessMask(ndr, NDR_SCALARS, r->in.access_mask));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.group_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->out.group_handle));
+		if (r->out.rid == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.rid));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_CreateDomainGroup(struct ndr_pull *ndr, int flags, struct samr_CreateDomainGroup *r)
+{
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_name_0;
+	TALLOC_CTX *_mem_save_group_handle_0;
+	TALLOC_CTX *_mem_save_rid_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.name);
+		}
+		_mem_save_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.name, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.name));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_GroupAccessMask(ndr, NDR_SCALARS, &r->in.access_mask));
+		NDR_PULL_ALLOC(ndr, r->out.group_handle);
+		ZERO_STRUCTP(r->out.group_handle);
+		NDR_PULL_ALLOC(ndr, r->out.rid);
+		ZERO_STRUCTP(r->out.rid);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.group_handle);
+		}
+		_mem_save_group_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.group_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->out.group_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.rid);
+		}
+		_mem_save_rid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.rid, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.rid));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rid_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_CreateDomainGroup(struct ndr_print *ndr, const char *name, int flags, const struct samr_CreateDomainGroup *r)
+{
+	ndr_print_struct(ndr, name, "samr_CreateDomainGroup");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_CreateDomainGroup");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "name", r->in.name);
+		ndr->depth++;
+		ndr_print_lsa_String(ndr, "name", r->in.name);
+		ndr->depth--;
+		ndr_print_samr_GroupAccessMask(ndr, "access_mask", r->in.access_mask);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_CreateDomainGroup");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "group_handle", r->out.group_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "group_handle", r->out.group_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "rid", r->out.rid);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "rid", *r->out.rid);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_EnumDomainGroups(struct ndr_push *ndr, int flags, const struct samr_EnumDomainGroups *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		if (r->in.resume_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.resume_handle));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.max_size));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.resume_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.resume_handle));
+		if (r->out.sam == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.sam));
+		if (*r->out.sam) {
+			NDR_CHECK(ndr_push_samr_SamArray(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.sam));
+		}
+		if (r->out.num_entries == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.num_entries));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_EnumDomainGroups(struct ndr_pull *ndr, int flags, struct samr_EnumDomainGroups *r)
+{
+	uint32_t _ptr_sam;
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_resume_handle_0;
+	TALLOC_CTX *_mem_save_sam_0;
+	TALLOC_CTX *_mem_save_sam_1;
+	TALLOC_CTX *_mem_save_num_entries_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.resume_handle);
+		}
+		_mem_save_resume_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.resume_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.resume_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.max_size));
+		NDR_PULL_ALLOC(ndr, r->out.resume_handle);
+		*r->out.resume_handle = *r->in.resume_handle;
+		NDR_PULL_ALLOC(ndr, r->out.sam);
+		ZERO_STRUCTP(r->out.sam);
+		NDR_PULL_ALLOC(ndr, r->out.num_entries);
+		ZERO_STRUCTP(r->out.num_entries);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.resume_handle);
+		}
+		_mem_save_resume_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.resume_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.resume_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.sam);
+		}
+		_mem_save_sam_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.sam, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sam));
+		if (_ptr_sam) {
+			NDR_PULL_ALLOC(ndr, *r->out.sam);
+		} else {
+			*r->out.sam = NULL;
+		}
+		if (*r->out.sam) {
+			_mem_save_sam_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.sam, 0);
+			NDR_CHECK(ndr_pull_samr_SamArray(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.sam));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sam_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sam_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.num_entries);
+		}
+		_mem_save_num_entries_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.num_entries, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.num_entries));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_num_entries_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_EnumDomainGroups(struct ndr_print *ndr, const char *name, int flags, const struct samr_EnumDomainGroups *r)
+{
+	ndr_print_struct(ndr, name, "samr_EnumDomainGroups");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_EnumDomainGroups");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "resume_handle", r->in.resume_handle);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "resume_handle", *r->in.resume_handle);
+		ndr->depth--;
+		ndr_print_uint32(ndr, "max_size", r->in.max_size);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_EnumDomainGroups");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "resume_handle", r->out.resume_handle);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "resume_handle", *r->out.resume_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "sam", r->out.sam);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "sam", *r->out.sam);
+		ndr->depth++;
+		if (*r->out.sam) {
+			ndr_print_samr_SamArray(ndr, "sam", *r->out.sam);
+		}
+		ndr->depth--;
+		ndr->depth--;
+		ndr_print_ptr(ndr, "num_entries", r->out.num_entries);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "num_entries", *r->out.num_entries);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_CreateUser(struct ndr_push *ndr, int flags, const struct samr_CreateUser *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		if (r->in.account_name == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.account_name));
+		NDR_CHECK(ndr_push_samr_UserAccessMask(ndr, NDR_SCALARS, r->in.access_mask));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.user_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->out.user_handle));
+		if (r->out.rid == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.rid));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_CreateUser(struct ndr_pull *ndr, int flags, struct samr_CreateUser *r)
+{
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_account_name_0;
+	TALLOC_CTX *_mem_save_user_handle_0;
+	TALLOC_CTX *_mem_save_rid_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.account_name);
+		}
+		_mem_save_account_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.account_name, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.account_name));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_name_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_UserAccessMask(ndr, NDR_SCALARS, &r->in.access_mask));
+		NDR_PULL_ALLOC(ndr, r->out.user_handle);
+		ZERO_STRUCTP(r->out.user_handle);
+		NDR_PULL_ALLOC(ndr, r->out.rid);
+		ZERO_STRUCTP(r->out.rid);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.user_handle);
+		}
+		_mem_save_user_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.user_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->out.user_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.rid);
+		}
+		_mem_save_rid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.rid, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.rid));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rid_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_CreateUser(struct ndr_print *ndr, const char *name, int flags, const struct samr_CreateUser *r)
+{
+	ndr_print_struct(ndr, name, "samr_CreateUser");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_CreateUser");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "account_name", r->in.account_name);
+		ndr->depth++;
+		ndr_print_lsa_String(ndr, "account_name", r->in.account_name);
+		ndr->depth--;
+		ndr_print_samr_UserAccessMask(ndr, "access_mask", r->in.access_mask);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_CreateUser");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "user_handle", r->out.user_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "user_handle", r->out.user_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "rid", r->out.rid);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "rid", *r->out.rid);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_EnumDomainUsers(struct ndr_push *ndr, int flags, const struct samr_EnumDomainUsers *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		if (r->in.resume_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.resume_handle));
+		NDR_CHECK(ndr_push_samr_AcctFlags(ndr, NDR_SCALARS, r->in.acct_flags));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.max_size));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.resume_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.resume_handle));
+		if (r->out.sam == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.sam));
+		if (*r->out.sam) {
+			NDR_CHECK(ndr_push_samr_SamArray(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.sam));
+		}
+		if (r->out.num_entries == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.num_entries));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_EnumDomainUsers(struct ndr_pull *ndr, int flags, struct samr_EnumDomainUsers *r)
+{
+	uint32_t _ptr_sam;
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_resume_handle_0;
+	TALLOC_CTX *_mem_save_sam_0;
+	TALLOC_CTX *_mem_save_sam_1;
+	TALLOC_CTX *_mem_save_num_entries_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.resume_handle);
+		}
+		_mem_save_resume_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.resume_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.resume_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_AcctFlags(ndr, NDR_SCALARS, &r->in.acct_flags));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.max_size));
+		NDR_PULL_ALLOC(ndr, r->out.resume_handle);
+		*r->out.resume_handle = *r->in.resume_handle;
+		NDR_PULL_ALLOC(ndr, r->out.sam);
+		ZERO_STRUCTP(r->out.sam);
+		NDR_PULL_ALLOC(ndr, r->out.num_entries);
+		ZERO_STRUCTP(r->out.num_entries);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.resume_handle);
+		}
+		_mem_save_resume_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.resume_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.resume_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.sam);
+		}
+		_mem_save_sam_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.sam, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sam));
+		if (_ptr_sam) {
+			NDR_PULL_ALLOC(ndr, *r->out.sam);
+		} else {
+			*r->out.sam = NULL;
+		}
+		if (*r->out.sam) {
+			_mem_save_sam_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.sam, 0);
+			NDR_CHECK(ndr_pull_samr_SamArray(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.sam));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sam_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sam_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.num_entries);
+		}
+		_mem_save_num_entries_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.num_entries, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.num_entries));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_num_entries_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_EnumDomainUsers(struct ndr_print *ndr, const char *name, int flags, const struct samr_EnumDomainUsers *r)
+{
+	ndr_print_struct(ndr, name, "samr_EnumDomainUsers");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_EnumDomainUsers");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "resume_handle", r->in.resume_handle);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "resume_handle", *r->in.resume_handle);
+		ndr->depth--;
+		ndr_print_samr_AcctFlags(ndr, "acct_flags", r->in.acct_flags);
+		ndr_print_uint32(ndr, "max_size", r->in.max_size);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_EnumDomainUsers");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "resume_handle", r->out.resume_handle);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "resume_handle", *r->out.resume_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "sam", r->out.sam);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "sam", *r->out.sam);
+		ndr->depth++;
+		if (*r->out.sam) {
+			ndr_print_samr_SamArray(ndr, "sam", *r->out.sam);
+		}
+		ndr->depth--;
+		ndr->depth--;
+		ndr_print_ptr(ndr, "num_entries", r->out.num_entries);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "num_entries", *r->out.num_entries);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_CreateDomAlias(struct ndr_push *ndr, int flags, const struct samr_CreateDomAlias *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		if (r->in.alias_name == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.alias_name));
+		NDR_CHECK(ndr_push_samr_AliasAccessMask(ndr, NDR_SCALARS, r->in.access_mask));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.alias_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->out.alias_handle));
+		if (r->out.rid == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.rid));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_CreateDomAlias(struct ndr_pull *ndr, int flags, struct samr_CreateDomAlias *r)
+{
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_alias_name_0;
+	TALLOC_CTX *_mem_save_alias_handle_0;
+	TALLOC_CTX *_mem_save_rid_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.alias_name);
+		}
+		_mem_save_alias_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.alias_name, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.alias_name));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alias_name_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_AliasAccessMask(ndr, NDR_SCALARS, &r->in.access_mask));
+		NDR_PULL_ALLOC(ndr, r->out.alias_handle);
+		ZERO_STRUCTP(r->out.alias_handle);
+		NDR_PULL_ALLOC(ndr, r->out.rid);
+		ZERO_STRUCTP(r->out.rid);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.alias_handle);
+		}
+		_mem_save_alias_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.alias_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->out.alias_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alias_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.rid);
+		}
+		_mem_save_rid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.rid, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.rid));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rid_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_CreateDomAlias(struct ndr_print *ndr, const char *name, int flags, const struct samr_CreateDomAlias *r)
+{
+	ndr_print_struct(ndr, name, "samr_CreateDomAlias");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_CreateDomAlias");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "alias_name", r->in.alias_name);
+		ndr->depth++;
+		ndr_print_lsa_String(ndr, "alias_name", r->in.alias_name);
+		ndr->depth--;
+		ndr_print_samr_AliasAccessMask(ndr, "access_mask", r->in.access_mask);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_CreateDomAlias");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "alias_handle", r->out.alias_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "alias_handle", r->out.alias_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "rid", r->out.rid);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "rid", *r->out.rid);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_EnumDomainAliases(struct ndr_push *ndr, int flags, const struct samr_EnumDomainAliases *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		if (r->in.resume_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.resume_handle));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.max_size));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.resume_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.resume_handle));
+		if (r->out.sam == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.sam));
+		if (*r->out.sam) {
+			NDR_CHECK(ndr_push_samr_SamArray(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.sam));
+		}
+		if (r->out.num_entries == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.num_entries));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_EnumDomainAliases(struct ndr_pull *ndr, int flags, struct samr_EnumDomainAliases *r)
+{
+	uint32_t _ptr_sam;
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_resume_handle_0;
+	TALLOC_CTX *_mem_save_sam_0;
+	TALLOC_CTX *_mem_save_sam_1;
+	TALLOC_CTX *_mem_save_num_entries_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.resume_handle);
+		}
+		_mem_save_resume_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.resume_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.resume_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.max_size));
+		NDR_PULL_ALLOC(ndr, r->out.resume_handle);
+		*r->out.resume_handle = *r->in.resume_handle;
+		NDR_PULL_ALLOC(ndr, r->out.sam);
+		ZERO_STRUCTP(r->out.sam);
+		NDR_PULL_ALLOC(ndr, r->out.num_entries);
+		ZERO_STRUCTP(r->out.num_entries);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.resume_handle);
+		}
+		_mem_save_resume_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.resume_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.resume_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.sam);
+		}
+		_mem_save_sam_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.sam, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sam));
+		if (_ptr_sam) {
+			NDR_PULL_ALLOC(ndr, *r->out.sam);
+		} else {
+			*r->out.sam = NULL;
+		}
+		if (*r->out.sam) {
+			_mem_save_sam_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.sam, 0);
+			NDR_CHECK(ndr_pull_samr_SamArray(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.sam));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sam_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sam_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.num_entries);
+		}
+		_mem_save_num_entries_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.num_entries, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.num_entries));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_num_entries_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_EnumDomainAliases(struct ndr_print *ndr, const char *name, int flags, const struct samr_EnumDomainAliases *r)
+{
+	ndr_print_struct(ndr, name, "samr_EnumDomainAliases");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_EnumDomainAliases");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "resume_handle", r->in.resume_handle);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "resume_handle", *r->in.resume_handle);
+		ndr->depth--;
+		ndr_print_uint32(ndr, "max_size", r->in.max_size);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_EnumDomainAliases");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "resume_handle", r->out.resume_handle);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "resume_handle", *r->out.resume_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "sam", r->out.sam);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "sam", *r->out.sam);
+		ndr->depth++;
+		if (*r->out.sam) {
+			ndr_print_samr_SamArray(ndr, "sam", *r->out.sam);
+		}
+		ndr->depth--;
+		ndr->depth--;
+		ndr_print_ptr(ndr, "num_entries", r->out.num_entries);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "num_entries", *r->out.num_entries);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_GetAliasMembership(struct ndr_push *ndr, int flags, const struct samr_GetAliasMembership *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		if (r->in.sids == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_lsa_SidArray(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sids));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.rids == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_samr_Ids(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.rids));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_GetAliasMembership(struct ndr_pull *ndr, int flags, struct samr_GetAliasMembership *r)
+{
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_sids_0;
+	TALLOC_CTX *_mem_save_rids_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.sids);
+		}
+		_mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.sids, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_lsa_SidArray(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sids));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.rids);
+		ZERO_STRUCTP(r->out.rids);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.rids);
+		}
+		_mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.rids, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_Ids(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.rids));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_GetAliasMembership(struct ndr_print *ndr, const char *name, int flags, const struct samr_GetAliasMembership *r)
+{
+	ndr_print_struct(ndr, name, "samr_GetAliasMembership");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_GetAliasMembership");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "sids", r->in.sids);
+		ndr->depth++;
+		ndr_print_lsa_SidArray(ndr, "sids", r->in.sids);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_GetAliasMembership");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "rids", r->out.rids);
+		ndr->depth++;
+		ndr_print_samr_Ids(ndr, "rids", r->out.rids);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_samr_LookupNames(struct ndr_push *ndr, int flags, const struct samr_LookupNames *r)
+{
+	uint32_t cntr_names_0;
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.num_names));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 1000));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.num_names));
+		for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) {
+			NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->in.names[cntr_names_0]));
+		}
+		for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) {
+			NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->in.names[cntr_names_0]));
+		}
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.rids == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_samr_Ids(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.rids));
+		if (r->out.types == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_samr_Ids(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.types));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_samr_LookupNames(struct ndr_pull *ndr, int flags, struct samr_LookupNames *r)
+{
+	uint32_t cntr_names_0;
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_names_0;
+	TALLOC_CTX *_mem_save_rids_0;
+	TALLOC_CTX *_mem_save_types_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.num_names));
+		if (r->in.num_names < 0 || r->in.num_names > 1000) {
+			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+		}
+		NDR_CHECK(ndr_pull_array_size(ndr, &r->in.names));
+		NDR_CHECK(ndr_pull_array_length(ndr, &r->in.names));
+		if (ndr_get_array_length(ndr, &r->in.names) > ndr_get_array_size(ndr, &r->in.names)) {
+			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.names), ndr_get_array_length(ndr, &r->in.names));
+		}
+		NDR_PULL_ALLOC_N(ndr, r->in.names, ndr_get_array_size(ndr, &r->in.names));
+		_mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.names, 0);
+		for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) {
+			NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->in.names[cntr_names_0]));
+		}
+		for (cntr_names_0 = 0; cntr_names_0 < r->in.num_names; cntr_names_0++) {
+			NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->in.names[cntr_names_0]));
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_0, 0);
+		NDR_PULL_ALLOC(ndr, r->out.rids);
+		ZERO_STRUCTP(r->out.rids);
+		NDR_PULL_ALLOC(ndr, r->out.types);
+		ZERO_STRUCTP(r->out.types);
+		if (r->in.names) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.names, 1000));
+		}
+		if (r->in.names) {
+			NDR_CHECK(ndr_check_array_length(ndr, (void*)&r->in.names, r->in.num_names));
+		}
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.rids);
+		}
+		_mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.rids, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_Ids(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.rids));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.types);
+		}
+		_mem_save_types_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.types, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_Ids(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.types));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_types_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_LookupNames(struct ndr_print *ndr, const char *name, int flags, const struct samr_LookupNames *r)
+{
+	uint32_t cntr_names_0;
+	ndr_print_struct(ndr, name, "samr_LookupNames");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_LookupNames");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_uint32(ndr, "num_names", r->in.num_names);
+		ndr->print(ndr, "%s: ARRAY(%d)", "names", r->in.num_names);
+		ndr->depth++;
+		for (cntr_names_0=0;cntr_names_0<r->in.num_names;cntr_names_0++) {
+			char *idx_0=NULL;
+			if (asprintf(&idx_0, "[%d]", cntr_names_0) != -1) {
+				ndr_print_lsa_String(ndr, "names", &r->in.names[cntr_names_0]);
+				free(idx_0);
+			}
+		}
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_LookupNames");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "rids", r->out.rids);
+		ndr->depth++;
+		ndr_print_samr_Ids(ndr, "rids", r->out.rids);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "types", r->out.types);
+		ndr->depth++;
+		ndr_print_samr_Ids(ndr, "types", r->out.types);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_LookupRids(struct ndr_push *ndr, int flags, const struct samr_LookupRids *r)
+{
+	uint32_t cntr_rids_0;
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.num_rids));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 1000));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.num_rids));
+		for (cntr_rids_0 = 0; cntr_rids_0 < r->in.num_rids; cntr_rids_0++) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.rids[cntr_rids_0]));
+		}
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.names == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_lsa_Strings(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.names));
+		if (r->out.types == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_samr_Ids(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.types));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_LookupRids(struct ndr_pull *ndr, int flags, struct samr_LookupRids *r)
+{
+	uint32_t cntr_rids_0;
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_rids_0;
+	TALLOC_CTX *_mem_save_names_0;
+	TALLOC_CTX *_mem_save_types_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.num_rids));
+		if (r->in.num_rids < 0 || r->in.num_rids > 1000) {
+			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+		}
+		NDR_CHECK(ndr_pull_array_size(ndr, &r->in.rids));
+		NDR_CHECK(ndr_pull_array_length(ndr, &r->in.rids));
+		if (ndr_get_array_length(ndr, &r->in.rids) > ndr_get_array_size(ndr, &r->in.rids)) {
+			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.rids), ndr_get_array_length(ndr, &r->in.rids));
+		}
+		NDR_PULL_ALLOC_N(ndr, r->in.rids, ndr_get_array_size(ndr, &r->in.rids));
+		_mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.rids, 0);
+		for (cntr_rids_0 = 0; cntr_rids_0 < r->in.num_rids; cntr_rids_0++) {
+			NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.rids[cntr_rids_0]));
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_0, 0);
+		NDR_PULL_ALLOC(ndr, r->out.names);
+		ZERO_STRUCTP(r->out.names);
+		NDR_PULL_ALLOC(ndr, r->out.types);
+		ZERO_STRUCTP(r->out.types);
+		if (r->in.rids) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.rids, 1000));
+		}
+		if (r->in.rids) {
+			NDR_CHECK(ndr_check_array_length(ndr, (void*)&r->in.rids, r->in.num_rids));
+		}
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.names);
+		}
+		_mem_save_names_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.names, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_lsa_Strings(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.names));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_names_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.types);
+		}
+		_mem_save_types_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.types, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_Ids(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.types));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_types_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_LookupRids(struct ndr_print *ndr, const char *name, int flags, const struct samr_LookupRids *r)
+{
+	uint32_t cntr_rids_0;
+	ndr_print_struct(ndr, name, "samr_LookupRids");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_LookupRids");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_uint32(ndr, "num_rids", r->in.num_rids);
+		ndr->print(ndr, "%s: ARRAY(%d)", "rids", r->in.num_rids);
+		ndr->depth++;
+		for (cntr_rids_0=0;cntr_rids_0<r->in.num_rids;cntr_rids_0++) {
+			char *idx_0=NULL;
+			if (asprintf(&idx_0, "[%d]", cntr_rids_0) != -1) {
+				ndr_print_uint32(ndr, "rids", r->in.rids[cntr_rids_0]);
+				free(idx_0);
+			}
+		}
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_LookupRids");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "names", r->out.names);
+		ndr->depth++;
+		ndr_print_lsa_Strings(ndr, "names", r->out.names);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "types", r->out.types);
+		ndr->depth++;
+		ndr_print_samr_Ids(ndr, "types", r->out.types);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_OpenGroup(struct ndr_push *ndr, int flags, const struct samr_OpenGroup *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_CHECK(ndr_push_samr_GroupAccessMask(ndr, NDR_SCALARS, r->in.access_mask));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.rid));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.group_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->out.group_handle));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_OpenGroup(struct ndr_pull *ndr, int flags, struct samr_OpenGroup *r)
+{
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_group_handle_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_GroupAccessMask(ndr, NDR_SCALARS, &r->in.access_mask));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.rid));
+		NDR_PULL_ALLOC(ndr, r->out.group_handle);
+		ZERO_STRUCTP(r->out.group_handle);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.group_handle);
+		}
+		_mem_save_group_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.group_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->out.group_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_OpenGroup(struct ndr_print *ndr, const char *name, int flags, const struct samr_OpenGroup *r)
+{
+	ndr_print_struct(ndr, name, "samr_OpenGroup");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_OpenGroup");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_samr_GroupAccessMask(ndr, "access_mask", r->in.access_mask);
+		ndr_print_uint32(ndr, "rid", r->in.rid);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_OpenGroup");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "group_handle", r->out.group_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "group_handle", r->out.group_handle);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_QueryGroupInfo(struct ndr_push *ndr, int flags, const struct samr_QueryGroupInfo *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.group_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.group_handle));
+		NDR_CHECK(ndr_push_samr_GroupInfoEnum(ndr, NDR_SCALARS, r->in.level));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.info));
+		if (*r->out.info) {
+			NDR_CHECK(ndr_push_set_switch_value(ndr, *r->out.info, r->in.level));
+			NDR_CHECK(ndr_push_samr_GroupInfo(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.info));
+		}
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_QueryGroupInfo(struct ndr_pull *ndr, int flags, struct samr_QueryGroupInfo *r)
+{
+	uint32_t _ptr_info;
+	TALLOC_CTX *_mem_save_group_handle_0;
+	TALLOC_CTX *_mem_save_info_0;
+	TALLOC_CTX *_mem_save_info_1;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.group_handle);
+		}
+		_mem_save_group_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.group_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.group_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_GroupInfoEnum(ndr, NDR_SCALARS, &r->in.level));
+		NDR_PULL_ALLOC(ndr, r->out.info);
+		ZERO_STRUCTP(r->out.info);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info));
+		if (_ptr_info) {
+			NDR_PULL_ALLOC(ndr, *r->out.info);
+		} else {
+			*r->out.info = NULL;
+		}
+		if (*r->out.info) {
+			_mem_save_info_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.info, 0);
+			NDR_CHECK(ndr_pull_set_switch_value(ndr, *r->out.info, r->in.level));
+			NDR_CHECK(ndr_pull_samr_GroupInfo(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.info));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_QueryGroupInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_QueryGroupInfo *r)
+{
+	ndr_print_struct(ndr, name, "samr_QueryGroupInfo");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_QueryGroupInfo");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "group_handle", r->in.group_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "group_handle", r->in.group_handle);
+		ndr->depth--;
+		ndr_print_samr_GroupInfoEnum(ndr, "level", r->in.level);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_QueryGroupInfo");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "info", r->out.info);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "info", *r->out.info);
+		ndr->depth++;
+		if (*r->out.info) {
+			ndr_print_set_switch_value(ndr, *r->out.info, r->in.level);
+			ndr_print_samr_GroupInfo(ndr, "info", *r->out.info);
+		}
+		ndr->depth--;
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_SetGroupInfo(struct ndr_push *ndr, int flags, const struct samr_SetGroupInfo *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.group_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.group_handle));
+		NDR_CHECK(ndr_push_samr_GroupInfoEnum(ndr, NDR_SCALARS, r->in.level));
+		if (r->in.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_set_switch_value(ndr, r->in.info, r->in.level));
+		NDR_CHECK(ndr_push_samr_GroupInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.info));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_SetGroupInfo(struct ndr_pull *ndr, int flags, struct samr_SetGroupInfo *r)
+{
+	TALLOC_CTX *_mem_save_group_handle_0;
+	TALLOC_CTX *_mem_save_info_0;
+	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.group_handle);
+		}
+		_mem_save_group_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.group_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.group_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_GroupInfoEnum(ndr, NDR_SCALARS, &r->in.level));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, r->in.info, r->in.level));
+		NDR_CHECK(ndr_pull_samr_GroupInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.info));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_SetGroupInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_SetGroupInfo *r)
+{
+	ndr_print_struct(ndr, name, "samr_SetGroupInfo");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_SetGroupInfo");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "group_handle", r->in.group_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "group_handle", r->in.group_handle);
+		ndr->depth--;
+		ndr_print_samr_GroupInfoEnum(ndr, "level", r->in.level);
+		ndr_print_ptr(ndr, "info", r->in.info);
+		ndr->depth++;
+		ndr_print_set_switch_value(ndr, r->in.info, r->in.level);
+		ndr_print_samr_GroupInfo(ndr, "info", r->in.info);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_SetGroupInfo");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_AddGroupMember(struct ndr_push *ndr, int flags, const struct samr_AddGroupMember *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.group_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.group_handle));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.rid));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.flags));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_AddGroupMember(struct ndr_pull *ndr, int flags, struct samr_AddGroupMember *r)
+{
+	TALLOC_CTX *_mem_save_group_handle_0;
+	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.group_handle);
+		}
+		_mem_save_group_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.group_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.group_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.rid));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_AddGroupMember(struct ndr_print *ndr, const char *name, int flags, const struct samr_AddGroupMember *r)
+{
+	ndr_print_struct(ndr, name, "samr_AddGroupMember");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_AddGroupMember");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "group_handle", r->in.group_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "group_handle", r->in.group_handle);
+		ndr->depth--;
+		ndr_print_uint32(ndr, "rid", r->in.rid);
+		ndr_print_uint32(ndr, "flags", r->in.flags);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_AddGroupMember");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DeleteDomainGroup(struct ndr_push *ndr, int flags, const struct samr_DeleteDomainGroup *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.group_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.group_handle));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.group_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->out.group_handle));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DeleteDomainGroup(struct ndr_pull *ndr, int flags, struct samr_DeleteDomainGroup *r)
+{
+	TALLOC_CTX *_mem_save_group_handle_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.group_handle);
+		}
+		_mem_save_group_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.group_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.group_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.group_handle);
+		*r->out.group_handle = *r->in.group_handle;
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.group_handle);
+		}
+		_mem_save_group_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.group_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->out.group_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DeleteDomainGroup(struct ndr_print *ndr, const char *name, int flags, const struct samr_DeleteDomainGroup *r)
+{
+	ndr_print_struct(ndr, name, "samr_DeleteDomainGroup");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_DeleteDomainGroup");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "group_handle", r->in.group_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "group_handle", r->in.group_handle);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_DeleteDomainGroup");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "group_handle", r->out.group_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "group_handle", r->out.group_handle);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DeleteGroupMember(struct ndr_push *ndr, int flags, const struct samr_DeleteGroupMember *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.group_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.group_handle));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.rid));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DeleteGroupMember(struct ndr_pull *ndr, int flags, struct samr_DeleteGroupMember *r)
+{
+	TALLOC_CTX *_mem_save_group_handle_0;
+	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.group_handle);
+		}
+		_mem_save_group_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.group_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.group_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.rid));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DeleteGroupMember(struct ndr_print *ndr, const char *name, int flags, const struct samr_DeleteGroupMember *r)
+{
+	ndr_print_struct(ndr, name, "samr_DeleteGroupMember");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_DeleteGroupMember");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "group_handle", r->in.group_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "group_handle", r->in.group_handle);
+		ndr->depth--;
+		ndr_print_uint32(ndr, "rid", r->in.rid);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_DeleteGroupMember");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_QueryGroupMember(struct ndr_push *ndr, int flags, const struct samr_QueryGroupMember *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.group_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.group_handle));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.rids == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.rids));
+		if (*r->out.rids) {
+			NDR_CHECK(ndr_push_samr_RidTypeArray(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.rids));
+		}
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_QueryGroupMember(struct ndr_pull *ndr, int flags, struct samr_QueryGroupMember *r)
+{
+	uint32_t _ptr_rids;
+	TALLOC_CTX *_mem_save_group_handle_0;
+	TALLOC_CTX *_mem_save_rids_0;
+	TALLOC_CTX *_mem_save_rids_1;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.group_handle);
+		}
+		_mem_save_group_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.group_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.group_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.rids);
+		ZERO_STRUCTP(r->out.rids);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.rids);
+		}
+		_mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.rids, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_rids));
+		if (_ptr_rids) {
+			NDR_PULL_ALLOC(ndr, *r->out.rids);
+		} else {
+			*r->out.rids = NULL;
+		}
+		if (*r->out.rids) {
+			_mem_save_rids_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.rids, 0);
+			NDR_CHECK(ndr_pull_samr_RidTypeArray(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.rids));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_QueryGroupMember(struct ndr_print *ndr, const char *name, int flags, const struct samr_QueryGroupMember *r)
+{
+	ndr_print_struct(ndr, name, "samr_QueryGroupMember");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_QueryGroupMember");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "group_handle", r->in.group_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "group_handle", r->in.group_handle);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_QueryGroupMember");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "rids", r->out.rids);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "rids", *r->out.rids);
+		ndr->depth++;
+		if (*r->out.rids) {
+			ndr_print_samr_RidTypeArray(ndr, "rids", *r->out.rids);
+		}
+		ndr->depth--;
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_SetMemberAttributesOfGroup(struct ndr_push *ndr, int flags, const struct samr_SetMemberAttributesOfGroup *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.group_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.group_handle));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown1));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown2));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_SetMemberAttributesOfGroup(struct ndr_pull *ndr, int flags, struct samr_SetMemberAttributesOfGroup *r)
+{
+	TALLOC_CTX *_mem_save_group_handle_0;
+	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.group_handle);
+		}
+		_mem_save_group_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.group_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.group_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown1));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown2));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_SetMemberAttributesOfGroup(struct ndr_print *ndr, const char *name, int flags, const struct samr_SetMemberAttributesOfGroup *r)
+{
+	ndr_print_struct(ndr, name, "samr_SetMemberAttributesOfGroup");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_SetMemberAttributesOfGroup");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "group_handle", r->in.group_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "group_handle", r->in.group_handle);
+		ndr->depth--;
+		ndr_print_uint32(ndr, "unknown1", r->in.unknown1);
+		ndr_print_uint32(ndr, "unknown2", r->in.unknown2);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_SetMemberAttributesOfGroup");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_OpenAlias(struct ndr_push *ndr, int flags, const struct samr_OpenAlias *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_CHECK(ndr_push_samr_AliasAccessMask(ndr, NDR_SCALARS, r->in.access_mask));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.rid));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.alias_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->out.alias_handle));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_OpenAlias(struct ndr_pull *ndr, int flags, struct samr_OpenAlias *r)
+{
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_alias_handle_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_AliasAccessMask(ndr, NDR_SCALARS, &r->in.access_mask));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.rid));
+		NDR_PULL_ALLOC(ndr, r->out.alias_handle);
+		ZERO_STRUCTP(r->out.alias_handle);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.alias_handle);
+		}
+		_mem_save_alias_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.alias_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->out.alias_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alias_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_OpenAlias(struct ndr_print *ndr, const char *name, int flags, const struct samr_OpenAlias *r)
+{
+	ndr_print_struct(ndr, name, "samr_OpenAlias");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_OpenAlias");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_samr_AliasAccessMask(ndr, "access_mask", r->in.access_mask);
+		ndr_print_uint32(ndr, "rid", r->in.rid);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_OpenAlias");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "alias_handle", r->out.alias_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "alias_handle", r->out.alias_handle);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_QueryAliasInfo(struct ndr_push *ndr, int flags, const struct samr_QueryAliasInfo *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.alias_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.alias_handle));
+		NDR_CHECK(ndr_push_samr_AliasInfoEnum(ndr, NDR_SCALARS, r->in.level));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.info));
+		if (*r->out.info) {
+			NDR_CHECK(ndr_push_set_switch_value(ndr, *r->out.info, r->in.level));
+			NDR_CHECK(ndr_push_samr_AliasInfo(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.info));
+		}
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_QueryAliasInfo(struct ndr_pull *ndr, int flags, struct samr_QueryAliasInfo *r)
+{
+	uint32_t _ptr_info;
+	TALLOC_CTX *_mem_save_alias_handle_0;
+	TALLOC_CTX *_mem_save_info_0;
+	TALLOC_CTX *_mem_save_info_1;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.alias_handle);
+		}
+		_mem_save_alias_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.alias_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.alias_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alias_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_AliasInfoEnum(ndr, NDR_SCALARS, &r->in.level));
+		NDR_PULL_ALLOC(ndr, r->out.info);
+		ZERO_STRUCTP(r->out.info);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info));
+		if (_ptr_info) {
+			NDR_PULL_ALLOC(ndr, *r->out.info);
+		} else {
+			*r->out.info = NULL;
+		}
+		if (*r->out.info) {
+			_mem_save_info_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.info, 0);
+			NDR_CHECK(ndr_pull_set_switch_value(ndr, *r->out.info, r->in.level));
+			NDR_CHECK(ndr_pull_samr_AliasInfo(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.info));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_QueryAliasInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_QueryAliasInfo *r)
+{
+	ndr_print_struct(ndr, name, "samr_QueryAliasInfo");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_QueryAliasInfo");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "alias_handle", r->in.alias_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "alias_handle", r->in.alias_handle);
+		ndr->depth--;
+		ndr_print_samr_AliasInfoEnum(ndr, "level", r->in.level);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_QueryAliasInfo");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "info", r->out.info);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "info", *r->out.info);
+		ndr->depth++;
+		if (*r->out.info) {
+			ndr_print_set_switch_value(ndr, *r->out.info, r->in.level);
+			ndr_print_samr_AliasInfo(ndr, "info", *r->out.info);
+		}
+		ndr->depth--;
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_SetAliasInfo(struct ndr_push *ndr, int flags, const struct samr_SetAliasInfo *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.alias_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.alias_handle));
+		NDR_CHECK(ndr_push_samr_AliasInfoEnum(ndr, NDR_SCALARS, r->in.level));
+		if (r->in.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_set_switch_value(ndr, r->in.info, r->in.level));
+		NDR_CHECK(ndr_push_samr_AliasInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.info));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_SetAliasInfo(struct ndr_pull *ndr, int flags, struct samr_SetAliasInfo *r)
+{
+	TALLOC_CTX *_mem_save_alias_handle_0;
+	TALLOC_CTX *_mem_save_info_0;
+	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.alias_handle);
+		}
+		_mem_save_alias_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.alias_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.alias_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alias_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_AliasInfoEnum(ndr, NDR_SCALARS, &r->in.level));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, r->in.info, r->in.level));
+		NDR_CHECK(ndr_pull_samr_AliasInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.info));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_SetAliasInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_SetAliasInfo *r)
+{
+	ndr_print_struct(ndr, name, "samr_SetAliasInfo");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_SetAliasInfo");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "alias_handle", r->in.alias_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "alias_handle", r->in.alias_handle);
+		ndr->depth--;
+		ndr_print_samr_AliasInfoEnum(ndr, "level", r->in.level);
+		ndr_print_ptr(ndr, "info", r->in.info);
+		ndr->depth++;
+		ndr_print_set_switch_value(ndr, r->in.info, r->in.level);
+		ndr_print_samr_AliasInfo(ndr, "info", r->in.info);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_SetAliasInfo");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DeleteDomAlias(struct ndr_push *ndr, int flags, const struct samr_DeleteDomAlias *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.alias_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.alias_handle));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.alias_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->out.alias_handle));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DeleteDomAlias(struct ndr_pull *ndr, int flags, struct samr_DeleteDomAlias *r)
+{
+	TALLOC_CTX *_mem_save_alias_handle_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.alias_handle);
+		}
+		_mem_save_alias_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.alias_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.alias_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alias_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.alias_handle);
+		*r->out.alias_handle = *r->in.alias_handle;
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.alias_handle);
+		}
+		_mem_save_alias_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.alias_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->out.alias_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alias_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DeleteDomAlias(struct ndr_print *ndr, const char *name, int flags, const struct samr_DeleteDomAlias *r)
+{
+	ndr_print_struct(ndr, name, "samr_DeleteDomAlias");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_DeleteDomAlias");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "alias_handle", r->in.alias_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "alias_handle", r->in.alias_handle);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_DeleteDomAlias");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "alias_handle", r->out.alias_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "alias_handle", r->out.alias_handle);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_AddAliasMember(struct ndr_push *ndr, int flags, const struct samr_AddAliasMember *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.alias_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.alias_handle));
+		if (r->in.sid == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sid));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_AddAliasMember(struct ndr_pull *ndr, int flags, struct samr_AddAliasMember *r)
+{
+	TALLOC_CTX *_mem_save_alias_handle_0;
+	TALLOC_CTX *_mem_save_sid_0;
+	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.alias_handle);
+		}
+		_mem_save_alias_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.alias_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.alias_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alias_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.sid);
+		}
+		_mem_save_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.sid, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sid));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sid_0, LIBNDR_FLAG_REF_ALLOC);
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_AddAliasMember(struct ndr_print *ndr, const char *name, int flags, const struct samr_AddAliasMember *r)
+{
+	ndr_print_struct(ndr, name, "samr_AddAliasMember");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_AddAliasMember");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "alias_handle", r->in.alias_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "alias_handle", r->in.alias_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "sid", r->in.sid);
+		ndr->depth++;
+		ndr_print_dom_sid2(ndr, "sid", r->in.sid);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_AddAliasMember");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DeleteAliasMember(struct ndr_push *ndr, int flags, const struct samr_DeleteAliasMember *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.alias_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.alias_handle));
+		if (r->in.sid == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sid));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DeleteAliasMember(struct ndr_pull *ndr, int flags, struct samr_DeleteAliasMember *r)
+{
+	TALLOC_CTX *_mem_save_alias_handle_0;
+	TALLOC_CTX *_mem_save_sid_0;
+	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.alias_handle);
+		}
+		_mem_save_alias_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.alias_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.alias_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alias_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.sid);
+		}
+		_mem_save_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.sid, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sid));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sid_0, LIBNDR_FLAG_REF_ALLOC);
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DeleteAliasMember(struct ndr_print *ndr, const char *name, int flags, const struct samr_DeleteAliasMember *r)
+{
+	ndr_print_struct(ndr, name, "samr_DeleteAliasMember");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_DeleteAliasMember");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "alias_handle", r->in.alias_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "alias_handle", r->in.alias_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "sid", r->in.sid);
+		ndr->depth++;
+		ndr_print_dom_sid2(ndr, "sid", r->in.sid);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_DeleteAliasMember");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_GetMembersInAlias(struct ndr_push *ndr, int flags, const struct samr_GetMembersInAlias *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.alias_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.alias_handle));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.sids == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_lsa_SidArray(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.sids));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_GetMembersInAlias(struct ndr_pull *ndr, int flags, struct samr_GetMembersInAlias *r)
+{
+	TALLOC_CTX *_mem_save_alias_handle_0;
+	TALLOC_CTX *_mem_save_sids_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.alias_handle);
+		}
+		_mem_save_alias_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.alias_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.alias_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alias_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.sids);
+		ZERO_STRUCTP(r->out.sids);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.sids);
+		}
+		_mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.sids, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_lsa_SidArray(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.sids));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_GetMembersInAlias(struct ndr_print *ndr, const char *name, int flags, const struct samr_GetMembersInAlias *r)
+{
+	ndr_print_struct(ndr, name, "samr_GetMembersInAlias");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_GetMembersInAlias");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "alias_handle", r->in.alias_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "alias_handle", r->in.alias_handle);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_GetMembersInAlias");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "sids", r->out.sids);
+		ndr->depth++;
+		ndr_print_lsa_SidArray(ndr, "sids", r->out.sids);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_samr_OpenUser(struct ndr_push *ndr, int flags, const struct samr_OpenUser *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_CHECK(ndr_push_samr_UserAccessMask(ndr, NDR_SCALARS, r->in.access_mask));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.rid));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.user_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->out.user_handle));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_samr_OpenUser(struct ndr_pull *ndr, int flags, struct samr_OpenUser *r)
+{
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_user_handle_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_UserAccessMask(ndr, NDR_SCALARS, &r->in.access_mask));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.rid));
+		NDR_PULL_ALLOC(ndr, r->out.user_handle);
+		ZERO_STRUCTP(r->out.user_handle);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.user_handle);
+		}
+		_mem_save_user_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.user_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->out.user_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_OpenUser(struct ndr_print *ndr, const char *name, int flags, const struct samr_OpenUser *r)
+{
+	ndr_print_struct(ndr, name, "samr_OpenUser");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_OpenUser");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_samr_UserAccessMask(ndr, "access_mask", r->in.access_mask);
+		ndr_print_uint32(ndr, "rid", r->in.rid);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_OpenUser");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "user_handle", r->out.user_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "user_handle", r->out.user_handle);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_DeleteUser(struct ndr_push *ndr, int flags, const struct samr_DeleteUser *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.user_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.user_handle));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.user_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->out.user_handle));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_DeleteUser(struct ndr_pull *ndr, int flags, struct samr_DeleteUser *r)
+{
+	TALLOC_CTX *_mem_save_user_handle_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.user_handle);
+		}
+		_mem_save_user_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.user_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.user_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.user_handle);
+		*r->out.user_handle = *r->in.user_handle;
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.user_handle);
+		}
+		_mem_save_user_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.user_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->out.user_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_DeleteUser(struct ndr_print *ndr, const char *name, int flags, const struct samr_DeleteUser *r)
+{
+	ndr_print_struct(ndr, name, "samr_DeleteUser");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_DeleteUser");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "user_handle", r->in.user_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "user_handle", r->in.user_handle);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_DeleteUser");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "user_handle", r->out.user_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "user_handle", r->out.user_handle);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_samr_QueryUserInfo(struct ndr_push *ndr, int flags, const struct samr_QueryUserInfo *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.user_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.user_handle));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.level));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.info));
+		if (*r->out.info) {
+			NDR_CHECK(ndr_push_set_switch_value(ndr, *r->out.info, r->in.level));
+			NDR_CHECK(ndr_push_samr_UserInfo(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.info));
+		}
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_samr_QueryUserInfo(struct ndr_pull *ndr, int flags, struct samr_QueryUserInfo *r)
+{
+	uint32_t _ptr_info;
+	TALLOC_CTX *_mem_save_user_handle_0;
+	TALLOC_CTX *_mem_save_info_0;
+	TALLOC_CTX *_mem_save_info_1;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.user_handle);
+		}
+		_mem_save_user_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.user_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.user_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.level));
+		NDR_PULL_ALLOC(ndr, r->out.info);
+		ZERO_STRUCTP(r->out.info);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info));
+		if (_ptr_info) {
+			NDR_PULL_ALLOC(ndr, *r->out.info);
+		} else {
+			*r->out.info = NULL;
+		}
+		if (*r->out.info) {
+			_mem_save_info_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.info, 0);
+			NDR_CHECK(ndr_pull_set_switch_value(ndr, *r->out.info, r->in.level));
+			NDR_CHECK(ndr_pull_samr_UserInfo(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.info));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_QueryUserInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_QueryUserInfo *r)
+{
+	ndr_print_struct(ndr, name, "samr_QueryUserInfo");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_QueryUserInfo");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "user_handle", r->in.user_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "user_handle", r->in.user_handle);
+		ndr->depth--;
+		ndr_print_uint16(ndr, "level", r->in.level);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_QueryUserInfo");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "info", r->out.info);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "info", *r->out.info);
+		ndr->depth++;
+		if (*r->out.info) {
+			ndr_print_set_switch_value(ndr, *r->out.info, r->in.level);
+			ndr_print_samr_UserInfo(ndr, "info", *r->out.info);
+		}
+		ndr->depth--;
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_samr_SetUserInfo(struct ndr_push *ndr, int flags, const struct samr_SetUserInfo *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.user_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.user_handle));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.level));
+		if (r->in.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_set_switch_value(ndr, r->in.info, r->in.level));
+		NDR_CHECK(ndr_push_samr_UserInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.info));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_samr_SetUserInfo(struct ndr_pull *ndr, int flags, struct samr_SetUserInfo *r)
+{
+	TALLOC_CTX *_mem_save_user_handle_0;
+	TALLOC_CTX *_mem_save_info_0;
+	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.user_handle);
+		}
+		_mem_save_user_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.user_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.user_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.level));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, r->in.info, r->in.level));
+		NDR_CHECK(ndr_pull_samr_UserInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.info));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_SetUserInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_SetUserInfo *r)
+{
+	ndr_print_struct(ndr, name, "samr_SetUserInfo");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_SetUserInfo");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "user_handle", r->in.user_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "user_handle", r->in.user_handle);
+		ndr->depth--;
+		ndr_print_uint16(ndr, "level", r->in.level);
+		ndr_print_ptr(ndr, "info", r->in.info);
+		ndr->depth++;
+		ndr_print_set_switch_value(ndr, r->in.info, r->in.level);
+		ndr_print_samr_UserInfo(ndr, "info", r->in.info);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_SetUserInfo");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_ChangePasswordUser(struct ndr_push *ndr, int flags, const struct samr_ChangePasswordUser *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.user_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.user_handle));
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->in.lm_present));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.old_lm_crypted));
+		if (r->in.old_lm_crypted) {
+			NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->in.old_lm_crypted));
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.new_lm_crypted));
+		if (r->in.new_lm_crypted) {
+			NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->in.new_lm_crypted));
+		}
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->in.nt_present));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.old_nt_crypted));
+		if (r->in.old_nt_crypted) {
+			NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->in.old_nt_crypted));
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.new_nt_crypted));
+		if (r->in.new_nt_crypted) {
+			NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->in.new_nt_crypted));
+		}
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->in.cross1_present));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.nt_cross));
+		if (r->in.nt_cross) {
+			NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->in.nt_cross));
+		}
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->in.cross2_present));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.lm_cross));
+		if (r->in.lm_cross) {
+			NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->in.lm_cross));
+		}
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_ChangePasswordUser(struct ndr_pull *ndr, int flags, struct samr_ChangePasswordUser *r)
+{
+	uint32_t _ptr_old_lm_crypted;
+	uint32_t _ptr_new_lm_crypted;
+	uint32_t _ptr_old_nt_crypted;
+	uint32_t _ptr_new_nt_crypted;
+	uint32_t _ptr_nt_cross;
+	uint32_t _ptr_lm_cross;
+	TALLOC_CTX *_mem_save_user_handle_0;
+	TALLOC_CTX *_mem_save_old_lm_crypted_0;
+	TALLOC_CTX *_mem_save_new_lm_crypted_0;
+	TALLOC_CTX *_mem_save_old_nt_crypted_0;
+	TALLOC_CTX *_mem_save_new_nt_crypted_0;
+	TALLOC_CTX *_mem_save_nt_cross_0;
+	TALLOC_CTX *_mem_save_lm_cross_0;
+	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.user_handle);
+		}
+		_mem_save_user_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.user_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.user_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->in.lm_present));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_old_lm_crypted));
+		if (_ptr_old_lm_crypted) {
+			NDR_PULL_ALLOC(ndr, r->in.old_lm_crypted);
+		} else {
+			r->in.old_lm_crypted = NULL;
+		}
+		if (r->in.old_lm_crypted) {
+			_mem_save_old_lm_crypted_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.old_lm_crypted, 0);
+			NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->in.old_lm_crypted));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_old_lm_crypted_0, 0);
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_new_lm_crypted));
+		if (_ptr_new_lm_crypted) {
+			NDR_PULL_ALLOC(ndr, r->in.new_lm_crypted);
+		} else {
+			r->in.new_lm_crypted = NULL;
+		}
+		if (r->in.new_lm_crypted) {
+			_mem_save_new_lm_crypted_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.new_lm_crypted, 0);
+			NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->in.new_lm_crypted));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_new_lm_crypted_0, 0);
+		}
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->in.nt_present));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_old_nt_crypted));
+		if (_ptr_old_nt_crypted) {
+			NDR_PULL_ALLOC(ndr, r->in.old_nt_crypted);
+		} else {
+			r->in.old_nt_crypted = NULL;
+		}
+		if (r->in.old_nt_crypted) {
+			_mem_save_old_nt_crypted_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.old_nt_crypted, 0);
+			NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->in.old_nt_crypted));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_old_nt_crypted_0, 0);
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_new_nt_crypted));
+		if (_ptr_new_nt_crypted) {
+			NDR_PULL_ALLOC(ndr, r->in.new_nt_crypted);
+		} else {
+			r->in.new_nt_crypted = NULL;
+		}
+		if (r->in.new_nt_crypted) {
+			_mem_save_new_nt_crypted_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.new_nt_crypted, 0);
+			NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->in.new_nt_crypted));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_new_nt_crypted_0, 0);
+		}
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->in.cross1_present));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_nt_cross));
+		if (_ptr_nt_cross) {
+			NDR_PULL_ALLOC(ndr, r->in.nt_cross);
+		} else {
+			r->in.nt_cross = NULL;
+		}
+		if (r->in.nt_cross) {
+			_mem_save_nt_cross_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.nt_cross, 0);
+			NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->in.nt_cross));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_nt_cross_0, 0);
+		}
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->in.cross2_present));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_lm_cross));
+		if (_ptr_lm_cross) {
+			NDR_PULL_ALLOC(ndr, r->in.lm_cross);
+		} else {
+			r->in.lm_cross = NULL;
+		}
+		if (r->in.lm_cross) {
+			_mem_save_lm_cross_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.lm_cross, 0);
+			NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->in.lm_cross));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_lm_cross_0, 0);
+		}
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_ChangePasswordUser(struct ndr_print *ndr, const char *name, int flags, const struct samr_ChangePasswordUser *r)
+{
+	ndr_print_struct(ndr, name, "samr_ChangePasswordUser");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_ChangePasswordUser");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "user_handle", r->in.user_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "user_handle", r->in.user_handle);
+		ndr->depth--;
+		ndr_print_uint8(ndr, "lm_present", r->in.lm_present);
+		ndr_print_ptr(ndr, "old_lm_crypted", r->in.old_lm_crypted);
+		ndr->depth++;
+		if (r->in.old_lm_crypted) {
+			ndr_print_samr_Password(ndr, "old_lm_crypted", r->in.old_lm_crypted);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "new_lm_crypted", r->in.new_lm_crypted);
+		ndr->depth++;
+		if (r->in.new_lm_crypted) {
+			ndr_print_samr_Password(ndr, "new_lm_crypted", r->in.new_lm_crypted);
+		}
+		ndr->depth--;
+		ndr_print_uint8(ndr, "nt_present", r->in.nt_present);
+		ndr_print_ptr(ndr, "old_nt_crypted", r->in.old_nt_crypted);
+		ndr->depth++;
+		if (r->in.old_nt_crypted) {
+			ndr_print_samr_Password(ndr, "old_nt_crypted", r->in.old_nt_crypted);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "new_nt_crypted", r->in.new_nt_crypted);
+		ndr->depth++;
+		if (r->in.new_nt_crypted) {
+			ndr_print_samr_Password(ndr, "new_nt_crypted", r->in.new_nt_crypted);
+		}
+		ndr->depth--;
+		ndr_print_uint8(ndr, "cross1_present", r->in.cross1_present);
+		ndr_print_ptr(ndr, "nt_cross", r->in.nt_cross);
+		ndr->depth++;
+		if (r->in.nt_cross) {
+			ndr_print_samr_Password(ndr, "nt_cross", r->in.nt_cross);
+		}
+		ndr->depth--;
+		ndr_print_uint8(ndr, "cross2_present", r->in.cross2_present);
+		ndr_print_ptr(ndr, "lm_cross", r->in.lm_cross);
+		ndr->depth++;
+		if (r->in.lm_cross) {
+			ndr_print_samr_Password(ndr, "lm_cross", r->in.lm_cross);
+		}
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_ChangePasswordUser");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_GetGroupsForUser(struct ndr_push *ndr, int flags, const struct samr_GetGroupsForUser *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.user_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.user_handle));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.rids == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.rids));
+		if (*r->out.rids) {
+			NDR_CHECK(ndr_push_samr_RidWithAttributeArray(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.rids));
+		}
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_GetGroupsForUser(struct ndr_pull *ndr, int flags, struct samr_GetGroupsForUser *r)
+{
+	uint32_t _ptr_rids;
+	TALLOC_CTX *_mem_save_user_handle_0;
+	TALLOC_CTX *_mem_save_rids_0;
+	TALLOC_CTX *_mem_save_rids_1;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.user_handle);
+		}
+		_mem_save_user_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.user_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.user_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.rids);
+		ZERO_STRUCTP(r->out.rids);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.rids);
+		}
+		_mem_save_rids_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.rids, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_rids));
+		if (_ptr_rids) {
+			NDR_PULL_ALLOC(ndr, *r->out.rids);
+		} else {
+			*r->out.rids = NULL;
+		}
+		if (*r->out.rids) {
+			_mem_save_rids_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.rids, 0);
+			NDR_CHECK(ndr_pull_samr_RidWithAttributeArray(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.rids));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rids_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_GetGroupsForUser(struct ndr_print *ndr, const char *name, int flags, const struct samr_GetGroupsForUser *r)
+{
+	ndr_print_struct(ndr, name, "samr_GetGroupsForUser");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_GetGroupsForUser");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "user_handle", r->in.user_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "user_handle", r->in.user_handle);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_GetGroupsForUser");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "rids", r->out.rids);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "rids", *r->out.rids);
+		ndr->depth++;
+		if (*r->out.rids) {
+			ndr_print_samr_RidWithAttributeArray(ndr, "rids", *r->out.rids);
+		}
+		ndr->depth--;
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_QueryDisplayInfo(struct ndr_push *ndr, int flags, const struct samr_QueryDisplayInfo *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.level));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.start_idx));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.max_entries));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.total_size == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.total_size));
+		if (r->out.returned_size == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.returned_size));
+		if (r->out.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_set_switch_value(ndr, r->out.info, r->in.level));
+		NDR_CHECK(ndr_push_samr_DispInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_QueryDisplayInfo(struct ndr_pull *ndr, int flags, struct samr_QueryDisplayInfo *r)
+{
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_total_size_0;
+	TALLOC_CTX *_mem_save_returned_size_0;
+	TALLOC_CTX *_mem_save_info_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.level));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.start_idx));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.max_entries));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size));
+		NDR_PULL_ALLOC(ndr, r->out.total_size);
+		ZERO_STRUCTP(r->out.total_size);
+		NDR_PULL_ALLOC(ndr, r->out.returned_size);
+		ZERO_STRUCTP(r->out.returned_size);
+		NDR_PULL_ALLOC(ndr, r->out.info);
+		ZERO_STRUCTP(r->out.info);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.total_size);
+		}
+		_mem_save_total_size_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.total_size, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.total_size));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_total_size_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.returned_size);
+		}
+		_mem_save_returned_size_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.returned_size, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.returned_size));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_returned_size_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, r->out.info, r->in.level));
+		NDR_CHECK(ndr_pull_samr_DispInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_QueryDisplayInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_QueryDisplayInfo *r)
+{
+	ndr_print_struct(ndr, name, "samr_QueryDisplayInfo");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_QueryDisplayInfo");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_uint16(ndr, "level", r->in.level);
+		ndr_print_uint32(ndr, "start_idx", r->in.start_idx);
+		ndr_print_uint32(ndr, "max_entries", r->in.max_entries);
+		ndr_print_uint32(ndr, "buf_size", r->in.buf_size);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_QueryDisplayInfo");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "total_size", r->out.total_size);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "total_size", *r->out.total_size);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "returned_size", r->out.returned_size);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "returned_size", *r->out.returned_size);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "info", r->out.info);
+		ndr->depth++;
+		ndr_print_set_switch_value(ndr, r->out.info, r->in.level);
+		ndr_print_samr_DispInfo(ndr, "info", r->out.info);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_GetDisplayEnumerationIndex(struct ndr_push *ndr, int flags, const struct samr_GetDisplayEnumerationIndex *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.level));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.name));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.idx == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.idx));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_GetDisplayEnumerationIndex(struct ndr_pull *ndr, int flags, struct samr_GetDisplayEnumerationIndex *r)
+{
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_idx_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.level));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.name));
+		NDR_PULL_ALLOC(ndr, r->out.idx);
+		ZERO_STRUCTP(r->out.idx);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.idx);
+		}
+		_mem_save_idx_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.idx, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.idx));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_idx_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_GetDisplayEnumerationIndex(struct ndr_print *ndr, const char *name, int flags, const struct samr_GetDisplayEnumerationIndex *r)
+{
+	ndr_print_struct(ndr, name, "samr_GetDisplayEnumerationIndex");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_GetDisplayEnumerationIndex");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_uint16(ndr, "level", r->in.level);
+		ndr_print_lsa_String(ndr, "name", &r->in.name);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_GetDisplayEnumerationIndex");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "idx", r->out.idx);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "idx", *r->out.idx);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_TestPrivateFunctionsDomain(struct ndr_push *ndr, int flags, const struct samr_TestPrivateFunctionsDomain *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_TestPrivateFunctionsDomain(struct ndr_pull *ndr, int flags, struct samr_TestPrivateFunctionsDomain *r)
+{
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_TestPrivateFunctionsDomain(struct ndr_print *ndr, const char *name, int flags, const struct samr_TestPrivateFunctionsDomain *r)
+{
+	ndr_print_struct(ndr, name, "samr_TestPrivateFunctionsDomain");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_TestPrivateFunctionsDomain");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_TestPrivateFunctionsDomain");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_TestPrivateFunctionsUser(struct ndr_push *ndr, int flags, const struct samr_TestPrivateFunctionsUser *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.user_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.user_handle));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_TestPrivateFunctionsUser(struct ndr_pull *ndr, int flags, struct samr_TestPrivateFunctionsUser *r)
+{
+	TALLOC_CTX *_mem_save_user_handle_0;
+	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.user_handle);
+		}
+		_mem_save_user_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.user_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.user_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_handle_0, LIBNDR_FLAG_REF_ALLOC);
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_TestPrivateFunctionsUser(struct ndr_print *ndr, const char *name, int flags, const struct samr_TestPrivateFunctionsUser *r)
+{
+	ndr_print_struct(ndr, name, "samr_TestPrivateFunctionsUser");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_TestPrivateFunctionsUser");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "user_handle", r->in.user_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "user_handle", r->in.user_handle);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_TestPrivateFunctionsUser");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_samr_GetUserPwInfo(struct ndr_push *ndr, int flags, const struct samr_GetUserPwInfo *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.user_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.user_handle));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_samr_PwInfo(ndr, NDR_SCALARS, r->out.info));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_samr_GetUserPwInfo(struct ndr_pull *ndr, int flags, struct samr_GetUserPwInfo *r)
+{
+	TALLOC_CTX *_mem_save_user_handle_0;
+	TALLOC_CTX *_mem_save_info_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.user_handle);
+		}
+		_mem_save_user_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.user_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.user_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.info);
+		ZERO_STRUCTP(r->out.info);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_PwInfo(ndr, NDR_SCALARS, r->out.info));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_GetUserPwInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_GetUserPwInfo *r)
+{
+	ndr_print_struct(ndr, name, "samr_GetUserPwInfo");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_GetUserPwInfo");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "user_handle", r->in.user_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "user_handle", r->in.user_handle);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_GetUserPwInfo");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "info", r->out.info);
+		ndr->depth++;
+		ndr_print_samr_PwInfo(ndr, "info", r->out.info);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_RemoveMemberFromForeignDomain(struct ndr_push *ndr, int flags, const struct samr_RemoveMemberFromForeignDomain *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		if (r->in.sid == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sid));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_RemoveMemberFromForeignDomain(struct ndr_pull *ndr, int flags, struct samr_RemoveMemberFromForeignDomain *r)
+{
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_sid_0;
+	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.sid);
+		}
+		_mem_save_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.sid, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sid));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sid_0, LIBNDR_FLAG_REF_ALLOC);
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_RemoveMemberFromForeignDomain(struct ndr_print *ndr, const char *name, int flags, const struct samr_RemoveMemberFromForeignDomain *r)
+{
+	ndr_print_struct(ndr, name, "samr_RemoveMemberFromForeignDomain");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_RemoveMemberFromForeignDomain");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "sid", r->in.sid);
+		ndr->depth++;
+		ndr_print_dom_sid2(ndr, "sid", r->in.sid);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_RemoveMemberFromForeignDomain");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_QueryDomainInfo2(struct ndr_push *ndr, int flags, const struct samr_QueryDomainInfo2 *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.level));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.info));
+		if (*r->out.info) {
+			NDR_CHECK(ndr_push_set_switch_value(ndr, *r->out.info, r->in.level));
+			NDR_CHECK(ndr_push_samr_DomainInfo(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.info));
+		}
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_QueryDomainInfo2(struct ndr_pull *ndr, int flags, struct samr_QueryDomainInfo2 *r)
+{
+	uint32_t _ptr_info;
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_info_0;
+	TALLOC_CTX *_mem_save_info_1;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.level));
+		NDR_PULL_ALLOC(ndr, r->out.info);
+		ZERO_STRUCTP(r->out.info);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info));
+		if (_ptr_info) {
+			NDR_PULL_ALLOC(ndr, *r->out.info);
+		} else {
+			*r->out.info = NULL;
+		}
+		if (*r->out.info) {
+			_mem_save_info_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.info, 0);
+			NDR_CHECK(ndr_pull_set_switch_value(ndr, *r->out.info, r->in.level));
+			NDR_CHECK(ndr_pull_samr_DomainInfo(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.info));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_QueryDomainInfo2(struct ndr_print *ndr, const char *name, int flags, const struct samr_QueryDomainInfo2 *r)
+{
+	ndr_print_struct(ndr, name, "samr_QueryDomainInfo2");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_QueryDomainInfo2");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_uint16(ndr, "level", r->in.level);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_QueryDomainInfo2");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "info", r->out.info);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "info", *r->out.info);
+		ndr->depth++;
+		if (*r->out.info) {
+			ndr_print_set_switch_value(ndr, *r->out.info, r->in.level);
+			ndr_print_samr_DomainInfo(ndr, "info", *r->out.info);
+		}
+		ndr->depth--;
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_QueryUserInfo2(struct ndr_push *ndr, int flags, const struct samr_QueryUserInfo2 *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.user_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.user_handle));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.level));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_set_switch_value(ndr, r->out.info, r->in.level));
+		NDR_CHECK(ndr_push_samr_UserInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_QueryUserInfo2(struct ndr_pull *ndr, int flags, struct samr_QueryUserInfo2 *r)
+{
+	TALLOC_CTX *_mem_save_user_handle_0;
+	TALLOC_CTX *_mem_save_info_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.user_handle);
+		}
+		_mem_save_user_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.user_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.user_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.level));
+		NDR_PULL_ALLOC(ndr, r->out.info);
+		ZERO_STRUCTP(r->out.info);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, r->out.info, r->in.level));
+		NDR_CHECK(ndr_pull_samr_UserInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_QueryUserInfo2(struct ndr_print *ndr, const char *name, int flags, const struct samr_QueryUserInfo2 *r)
+{
+	ndr_print_struct(ndr, name, "samr_QueryUserInfo2");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_QueryUserInfo2");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "user_handle", r->in.user_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "user_handle", r->in.user_handle);
+		ndr->depth--;
+		ndr_print_uint16(ndr, "level", r->in.level);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_QueryUserInfo2");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "info", r->out.info);
+		ndr->depth++;
+		ndr_print_set_switch_value(ndr, r->out.info, r->in.level);
+		ndr_print_samr_UserInfo(ndr, "info", r->out.info);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_QueryDisplayInfo2(struct ndr_push *ndr, int flags, const struct samr_QueryDisplayInfo2 *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.level));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.start_idx));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.max_entries));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.total_size == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.total_size));
+		if (r->out.returned_size == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.returned_size));
+		if (r->out.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_set_switch_value(ndr, r->out.info, r->in.level));
+		NDR_CHECK(ndr_push_samr_DispInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_QueryDisplayInfo2(struct ndr_pull *ndr, int flags, struct samr_QueryDisplayInfo2 *r)
+{
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_total_size_0;
+	TALLOC_CTX *_mem_save_returned_size_0;
+	TALLOC_CTX *_mem_save_info_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.level));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.start_idx));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.max_entries));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size));
+		NDR_PULL_ALLOC(ndr, r->out.total_size);
+		ZERO_STRUCTP(r->out.total_size);
+		NDR_PULL_ALLOC(ndr, r->out.returned_size);
+		ZERO_STRUCTP(r->out.returned_size);
+		NDR_PULL_ALLOC(ndr, r->out.info);
+		ZERO_STRUCTP(r->out.info);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.total_size);
+		}
+		_mem_save_total_size_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.total_size, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.total_size));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_total_size_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.returned_size);
+		}
+		_mem_save_returned_size_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.returned_size, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.returned_size));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_returned_size_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, r->out.info, r->in.level));
+		NDR_CHECK(ndr_pull_samr_DispInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_QueryDisplayInfo2(struct ndr_print *ndr, const char *name, int flags, const struct samr_QueryDisplayInfo2 *r)
+{
+	ndr_print_struct(ndr, name, "samr_QueryDisplayInfo2");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_QueryDisplayInfo2");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_uint16(ndr, "level", r->in.level);
+		ndr_print_uint32(ndr, "start_idx", r->in.start_idx);
+		ndr_print_uint32(ndr, "max_entries", r->in.max_entries);
+		ndr_print_uint32(ndr, "buf_size", r->in.buf_size);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_QueryDisplayInfo2");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "total_size", r->out.total_size);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "total_size", *r->out.total_size);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "returned_size", r->out.returned_size);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "returned_size", *r->out.returned_size);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "info", r->out.info);
+		ndr->depth++;
+		ndr_print_set_switch_value(ndr, r->out.info, r->in.level);
+		ndr_print_samr_DispInfo(ndr, "info", r->out.info);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_GetDisplayEnumerationIndex2(struct ndr_push *ndr, int flags, const struct samr_GetDisplayEnumerationIndex2 *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.level));
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.name));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.idx == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.idx));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_GetDisplayEnumerationIndex2(struct ndr_pull *ndr, int flags, struct samr_GetDisplayEnumerationIndex2 *r)
+{
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_idx_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.level));
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.name));
+		NDR_PULL_ALLOC(ndr, r->out.idx);
+		ZERO_STRUCTP(r->out.idx);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.idx);
+		}
+		_mem_save_idx_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.idx, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.idx));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_idx_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_GetDisplayEnumerationIndex2(struct ndr_print *ndr, const char *name, int flags, const struct samr_GetDisplayEnumerationIndex2 *r)
+{
+	ndr_print_struct(ndr, name, "samr_GetDisplayEnumerationIndex2");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_GetDisplayEnumerationIndex2");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_uint16(ndr, "level", r->in.level);
+		ndr_print_lsa_String(ndr, "name", &r->in.name);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_GetDisplayEnumerationIndex2");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "idx", r->out.idx);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "idx", *r->out.idx);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_CreateUser2(struct ndr_push *ndr, int flags, const struct samr_CreateUser2 *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		if (r->in.account_name == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.account_name));
+		NDR_CHECK(ndr_push_samr_AcctFlags(ndr, NDR_SCALARS, r->in.acct_flags));
+		NDR_CHECK(ndr_push_samr_UserAccessMask(ndr, NDR_SCALARS, r->in.access_mask));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.user_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->out.user_handle));
+		if (r->out.access_granted == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.access_granted));
+		if (r->out.rid == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.rid));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_CreateUser2(struct ndr_pull *ndr, int flags, struct samr_CreateUser2 *r)
+{
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_account_name_0;
+	TALLOC_CTX *_mem_save_user_handle_0;
+	TALLOC_CTX *_mem_save_access_granted_0;
+	TALLOC_CTX *_mem_save_rid_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.account_name);
+		}
+		_mem_save_account_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.account_name, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.account_name));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_name_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_AcctFlags(ndr, NDR_SCALARS, &r->in.acct_flags));
+		NDR_CHECK(ndr_pull_samr_UserAccessMask(ndr, NDR_SCALARS, &r->in.access_mask));
+		NDR_PULL_ALLOC(ndr, r->out.user_handle);
+		ZERO_STRUCTP(r->out.user_handle);
+		NDR_PULL_ALLOC(ndr, r->out.access_granted);
+		ZERO_STRUCTP(r->out.access_granted);
+		NDR_PULL_ALLOC(ndr, r->out.rid);
+		ZERO_STRUCTP(r->out.rid);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.user_handle);
+		}
+		_mem_save_user_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.user_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->out.user_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.access_granted);
+		}
+		_mem_save_access_granted_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.access_granted, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.access_granted));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_access_granted_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.rid);
+		}
+		_mem_save_rid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.rid, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.rid));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rid_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_CreateUser2(struct ndr_print *ndr, const char *name, int flags, const struct samr_CreateUser2 *r)
+{
+	ndr_print_struct(ndr, name, "samr_CreateUser2");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_CreateUser2");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "account_name", r->in.account_name);
+		ndr->depth++;
+		ndr_print_lsa_String(ndr, "account_name", r->in.account_name);
+		ndr->depth--;
+		ndr_print_samr_AcctFlags(ndr, "acct_flags", r->in.acct_flags);
+		ndr_print_samr_UserAccessMask(ndr, "access_mask", r->in.access_mask);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_CreateUser2");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "user_handle", r->out.user_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "user_handle", r->out.user_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "access_granted", r->out.access_granted);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "access_granted", *r->out.access_granted);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "rid", r->out.rid);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "rid", *r->out.rid);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_QueryDisplayInfo3(struct ndr_push *ndr, int flags, const struct samr_QueryDisplayInfo3 *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.level));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.start_idx));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.max_entries));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.total_size == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.total_size));
+		if (r->out.returned_size == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.returned_size));
+		if (r->out.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_set_switch_value(ndr, r->out.info, r->in.level));
+		NDR_CHECK(ndr_push_samr_DispInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_QueryDisplayInfo3(struct ndr_pull *ndr, int flags, struct samr_QueryDisplayInfo3 *r)
+{
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_total_size_0;
+	TALLOC_CTX *_mem_save_returned_size_0;
+	TALLOC_CTX *_mem_save_info_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.level));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.start_idx));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.max_entries));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size));
+		NDR_PULL_ALLOC(ndr, r->out.total_size);
+		ZERO_STRUCTP(r->out.total_size);
+		NDR_PULL_ALLOC(ndr, r->out.returned_size);
+		ZERO_STRUCTP(r->out.returned_size);
+		NDR_PULL_ALLOC(ndr, r->out.info);
+		ZERO_STRUCTP(r->out.info);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.total_size);
+		}
+		_mem_save_total_size_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.total_size, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.total_size));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_total_size_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.returned_size);
+		}
+		_mem_save_returned_size_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.returned_size, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.returned_size));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_returned_size_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, r->out.info, r->in.level));
+		NDR_CHECK(ndr_pull_samr_DispInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.info));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_QueryDisplayInfo3(struct ndr_print *ndr, const char *name, int flags, const struct samr_QueryDisplayInfo3 *r)
+{
+	ndr_print_struct(ndr, name, "samr_QueryDisplayInfo3");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_QueryDisplayInfo3");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_uint16(ndr, "level", r->in.level);
+		ndr_print_uint32(ndr, "start_idx", r->in.start_idx);
+		ndr_print_uint32(ndr, "max_entries", r->in.max_entries);
+		ndr_print_uint32(ndr, "buf_size", r->in.buf_size);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_QueryDisplayInfo3");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "total_size", r->out.total_size);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "total_size", *r->out.total_size);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "returned_size", r->out.returned_size);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "returned_size", *r->out.returned_size);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "info", r->out.info);
+		ndr->depth++;
+		ndr_print_set_switch_value(ndr, r->out.info, r->in.level);
+		ndr_print_samr_DispInfo(ndr, "info", r->out.info);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_AddMultipleMembersToAlias(struct ndr_push *ndr, int flags, const struct samr_AddMultipleMembersToAlias *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.alias_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.alias_handle));
+		if (r->in.sids == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_lsa_SidArray(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sids));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_AddMultipleMembersToAlias(struct ndr_pull *ndr, int flags, struct samr_AddMultipleMembersToAlias *r)
+{
+	TALLOC_CTX *_mem_save_alias_handle_0;
+	TALLOC_CTX *_mem_save_sids_0;
+	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.alias_handle);
+		}
+		_mem_save_alias_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.alias_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.alias_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alias_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.sids);
+		}
+		_mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.sids, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_lsa_SidArray(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sids));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_0, LIBNDR_FLAG_REF_ALLOC);
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_AddMultipleMembersToAlias(struct ndr_print *ndr, const char *name, int flags, const struct samr_AddMultipleMembersToAlias *r)
+{
+	ndr_print_struct(ndr, name, "samr_AddMultipleMembersToAlias");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_AddMultipleMembersToAlias");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "alias_handle", r->in.alias_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "alias_handle", r->in.alias_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "sids", r->in.sids);
+		ndr->depth++;
+		ndr_print_lsa_SidArray(ndr, "sids", r->in.sids);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_AddMultipleMembersToAlias");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_RemoveMultipleMembersFromAlias(struct ndr_push *ndr, int flags, const struct samr_RemoveMultipleMembersFromAlias *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.alias_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.alias_handle));
+		if (r->in.sids == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_lsa_SidArray(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sids));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_RemoveMultipleMembersFromAlias(struct ndr_pull *ndr, int flags, struct samr_RemoveMultipleMembersFromAlias *r)
+{
+	TALLOC_CTX *_mem_save_alias_handle_0;
+	TALLOC_CTX *_mem_save_sids_0;
+	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.alias_handle);
+		}
+		_mem_save_alias_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.alias_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.alias_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_alias_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.sids);
+		}
+		_mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.sids, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_lsa_SidArray(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.sids));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_0, LIBNDR_FLAG_REF_ALLOC);
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_RemoveMultipleMembersFromAlias(struct ndr_print *ndr, const char *name, int flags, const struct samr_RemoveMultipleMembersFromAlias *r)
+{
+	ndr_print_struct(ndr, name, "samr_RemoveMultipleMembersFromAlias");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_RemoveMultipleMembersFromAlias");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "alias_handle", r->in.alias_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "alias_handle", r->in.alias_handle);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "sids", r->in.sids);
+		ndr->depth++;
+		ndr_print_lsa_SidArray(ndr, "sids", r->in.sids);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_RemoveMultipleMembersFromAlias");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_OemChangePasswordUser2(struct ndr_push *ndr, int flags, const struct samr_OemChangePasswordUser2 *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.server));
+		if (r->in.server) {
+			NDR_CHECK(ndr_push_lsa_AsciiString(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.server));
+		}
+		if (r->in.account == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_lsa_AsciiString(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.account));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.password));
+		if (r->in.password) {
+			NDR_CHECK(ndr_push_samr_CryptPassword(ndr, NDR_SCALARS, r->in.password));
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.hash));
+		if (r->in.hash) {
+			NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->in.hash));
+		}
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_OemChangePasswordUser2(struct ndr_pull *ndr, int flags, struct samr_OemChangePasswordUser2 *r)
+{
+	uint32_t _ptr_server;
+	uint32_t _ptr_password;
+	uint32_t _ptr_hash;
+	TALLOC_CTX *_mem_save_server_0;
+	TALLOC_CTX *_mem_save_account_0;
+	TALLOC_CTX *_mem_save_password_0;
+	TALLOC_CTX *_mem_save_hash_0;
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server));
+		if (_ptr_server) {
+			NDR_PULL_ALLOC(ndr, r->in.server);
+		} else {
+			r->in.server = NULL;
+		}
+		if (r->in.server) {
+			_mem_save_server_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.server, 0);
+			NDR_CHECK(ndr_pull_lsa_AsciiString(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.server));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0);
+		}
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.account);
+		}
+		_mem_save_account_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.account, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_lsa_AsciiString(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.account));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password));
+		if (_ptr_password) {
+			NDR_PULL_ALLOC(ndr, r->in.password);
+		} else {
+			r->in.password = NULL;
+		}
+		if (r->in.password) {
+			_mem_save_password_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.password, 0);
+			NDR_CHECK(ndr_pull_samr_CryptPassword(ndr, NDR_SCALARS, r->in.password));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, 0);
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_hash));
+		if (_ptr_hash) {
+			NDR_PULL_ALLOC(ndr, r->in.hash);
+		} else {
+			r->in.hash = NULL;
+		}
+		if (r->in.hash) {
+			_mem_save_hash_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.hash, 0);
+			NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->in.hash));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_hash_0, 0);
+		}
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_OemChangePasswordUser2(struct ndr_print *ndr, const char *name, int flags, const struct samr_OemChangePasswordUser2 *r)
+{
+	ndr_print_struct(ndr, name, "samr_OemChangePasswordUser2");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_OemChangePasswordUser2");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "server", r->in.server);
+		ndr->depth++;
+		if (r->in.server) {
+			ndr_print_lsa_AsciiString(ndr, "server", r->in.server);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "account", r->in.account);
+		ndr->depth++;
+		ndr_print_lsa_AsciiString(ndr, "account", r->in.account);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "password", r->in.password);
+		ndr->depth++;
+		if (r->in.password) {
+			ndr_print_samr_CryptPassword(ndr, "password", r->in.password);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "hash", r->in.hash);
+		ndr->depth++;
+		if (r->in.hash) {
+			ndr_print_samr_Password(ndr, "hash", r->in.hash);
+		}
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_OemChangePasswordUser2");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_ChangePasswordUser2(struct ndr_push *ndr, int flags, const struct samr_ChangePasswordUser2 *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.server));
+		if (r->in.server) {
+			NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.server));
+		}
+		if (r->in.account == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.account));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.nt_password));
+		if (r->in.nt_password) {
+			NDR_CHECK(ndr_push_samr_CryptPassword(ndr, NDR_SCALARS, r->in.nt_password));
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.nt_verifier));
+		if (r->in.nt_verifier) {
+			NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->in.nt_verifier));
+		}
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->in.lm_change));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.lm_password));
+		if (r->in.lm_password) {
+			NDR_CHECK(ndr_push_samr_CryptPassword(ndr, NDR_SCALARS, r->in.lm_password));
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.lm_verifier));
+		if (r->in.lm_verifier) {
+			NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->in.lm_verifier));
+		}
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_ChangePasswordUser2(struct ndr_pull *ndr, int flags, struct samr_ChangePasswordUser2 *r)
+{
+	uint32_t _ptr_server;
+	uint32_t _ptr_nt_password;
+	uint32_t _ptr_nt_verifier;
+	uint32_t _ptr_lm_password;
+	uint32_t _ptr_lm_verifier;
+	TALLOC_CTX *_mem_save_server_0;
+	TALLOC_CTX *_mem_save_account_0;
+	TALLOC_CTX *_mem_save_nt_password_0;
+	TALLOC_CTX *_mem_save_nt_verifier_0;
+	TALLOC_CTX *_mem_save_lm_password_0;
+	TALLOC_CTX *_mem_save_lm_verifier_0;
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server));
+		if (_ptr_server) {
+			NDR_PULL_ALLOC(ndr, r->in.server);
+		} else {
+			r->in.server = NULL;
+		}
+		if (r->in.server) {
+			_mem_save_server_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.server, 0);
+			NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.server));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0);
+		}
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.account);
+		}
+		_mem_save_account_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.account, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.account));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_nt_password));
+		if (_ptr_nt_password) {
+			NDR_PULL_ALLOC(ndr, r->in.nt_password);
+		} else {
+			r->in.nt_password = NULL;
+		}
+		if (r->in.nt_password) {
+			_mem_save_nt_password_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.nt_password, 0);
+			NDR_CHECK(ndr_pull_samr_CryptPassword(ndr, NDR_SCALARS, r->in.nt_password));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_nt_password_0, 0);
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_nt_verifier));
+		if (_ptr_nt_verifier) {
+			NDR_PULL_ALLOC(ndr, r->in.nt_verifier);
+		} else {
+			r->in.nt_verifier = NULL;
+		}
+		if (r->in.nt_verifier) {
+			_mem_save_nt_verifier_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.nt_verifier, 0);
+			NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->in.nt_verifier));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_nt_verifier_0, 0);
+		}
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->in.lm_change));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_lm_password));
+		if (_ptr_lm_password) {
+			NDR_PULL_ALLOC(ndr, r->in.lm_password);
+		} else {
+			r->in.lm_password = NULL;
+		}
+		if (r->in.lm_password) {
+			_mem_save_lm_password_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.lm_password, 0);
+			NDR_CHECK(ndr_pull_samr_CryptPassword(ndr, NDR_SCALARS, r->in.lm_password));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_lm_password_0, 0);
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_lm_verifier));
+		if (_ptr_lm_verifier) {
+			NDR_PULL_ALLOC(ndr, r->in.lm_verifier);
+		} else {
+			r->in.lm_verifier = NULL;
+		}
+		if (r->in.lm_verifier) {
+			_mem_save_lm_verifier_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.lm_verifier, 0);
+			NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->in.lm_verifier));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_lm_verifier_0, 0);
+		}
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_ChangePasswordUser2(struct ndr_print *ndr, const char *name, int flags, const struct samr_ChangePasswordUser2 *r)
+{
+	ndr_print_struct(ndr, name, "samr_ChangePasswordUser2");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_ChangePasswordUser2");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "server", r->in.server);
+		ndr->depth++;
+		if (r->in.server) {
+			ndr_print_lsa_String(ndr, "server", r->in.server);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "account", r->in.account);
+		ndr->depth++;
+		ndr_print_lsa_String(ndr, "account", r->in.account);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "nt_password", r->in.nt_password);
+		ndr->depth++;
+		if (r->in.nt_password) {
+			ndr_print_samr_CryptPassword(ndr, "nt_password", r->in.nt_password);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "nt_verifier", r->in.nt_verifier);
+		ndr->depth++;
+		if (r->in.nt_verifier) {
+			ndr_print_samr_Password(ndr, "nt_verifier", r->in.nt_verifier);
+		}
+		ndr->depth--;
+		ndr_print_uint8(ndr, "lm_change", r->in.lm_change);
+		ndr_print_ptr(ndr, "lm_password", r->in.lm_password);
+		ndr->depth++;
+		if (r->in.lm_password) {
+			ndr_print_samr_CryptPassword(ndr, "lm_password", r->in.lm_password);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "lm_verifier", r->in.lm_verifier);
+		ndr->depth++;
+		if (r->in.lm_verifier) {
+			ndr_print_samr_Password(ndr, "lm_verifier", r->in.lm_verifier);
+		}
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_ChangePasswordUser2");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_GetDomPwInfo(struct ndr_push *ndr, int flags, const struct samr_GetDomPwInfo *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.domain_name));
+		if (r->in.domain_name) {
+			NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.domain_name));
+		}
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_samr_PwInfo(ndr, NDR_SCALARS, r->out.info));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_GetDomPwInfo(struct ndr_pull *ndr, int flags, struct samr_GetDomPwInfo *r)
+{
+	uint32_t _ptr_domain_name;
+	TALLOC_CTX *_mem_save_domain_name_0;
+	TALLOC_CTX *_mem_save_info_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_domain_name));
+		if (_ptr_domain_name) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_name);
+		} else {
+			r->in.domain_name = NULL;
+		}
+		if (r->in.domain_name) {
+			_mem_save_domain_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_name, 0);
+			NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.domain_name));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_name_0, 0);
+		}
+		NDR_PULL_ALLOC(ndr, r->out.info);
+		ZERO_STRUCTP(r->out.info);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_samr_PwInfo(ndr, NDR_SCALARS, r->out.info));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_GetDomPwInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_GetDomPwInfo *r)
+{
+	ndr_print_struct(ndr, name, "samr_GetDomPwInfo");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_GetDomPwInfo");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_name", r->in.domain_name);
+		ndr->depth++;
+		if (r->in.domain_name) {
+			ndr_print_lsa_String(ndr, "domain_name", r->in.domain_name);
+		}
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_GetDomPwInfo");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "info", r->out.info);
+		ndr->depth++;
+		ndr_print_samr_PwInfo(ndr, "info", r->out.info);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_Connect2(struct ndr_push *ndr, int flags, const struct samr_Connect2 *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.system_name));
+		if (r->in.system_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.system_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.system_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.system_name, ndr_charset_length(r->in.system_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		NDR_CHECK(ndr_push_samr_ConnectAccessMask(ndr, NDR_SCALARS, r->in.access_mask));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.connect_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->out.connect_handle));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_Connect2(struct ndr_pull *ndr, int flags, struct samr_Connect2 *r)
+{
+	uint32_t _ptr_system_name;
+	TALLOC_CTX *_mem_save_system_name_0;
+	TALLOC_CTX *_mem_save_connect_handle_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_system_name));
+		if (_ptr_system_name) {
+			NDR_PULL_ALLOC(ndr, r->in.system_name);
+		} else {
+			r->in.system_name = NULL;
+		}
+		if (r->in.system_name) {
+			_mem_save_system_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name));
+			if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0);
+		}
+		NDR_CHECK(ndr_pull_samr_ConnectAccessMask(ndr, NDR_SCALARS, &r->in.access_mask));
+		NDR_PULL_ALLOC(ndr, r->out.connect_handle);
+		ZERO_STRUCTP(r->out.connect_handle);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.connect_handle);
+		}
+		_mem_save_connect_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.connect_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->out.connect_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_connect_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_Connect2(struct ndr_print *ndr, const char *name, int flags, const struct samr_Connect2 *r)
+{
+	ndr_print_struct(ndr, name, "samr_Connect2");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_Connect2");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "system_name", r->in.system_name);
+		ndr->depth++;
+		if (r->in.system_name) {
+			ndr_print_string(ndr, "system_name", r->in.system_name);
+		}
+		ndr->depth--;
+		ndr_print_samr_ConnectAccessMask(ndr, "access_mask", r->in.access_mask);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_Connect2");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "connect_handle", r->out.connect_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "connect_handle", r->out.connect_handle);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_samr_SetUserInfo2(struct ndr_push *ndr, int flags, const struct samr_SetUserInfo2 *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.user_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.user_handle));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->in.level));
+		if (r->in.info == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_set_switch_value(ndr, r->in.info, r->in.level));
+		NDR_CHECK(ndr_push_samr_UserInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.info));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_samr_SetUserInfo2(struct ndr_pull *ndr, int flags, struct samr_SetUserInfo2 *r)
+{
+	TALLOC_CTX *_mem_save_user_handle_0;
+	TALLOC_CTX *_mem_save_info_0;
+	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.user_handle);
+		}
+		_mem_save_user_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.user_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.user_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->in.level));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.info);
+		}
+		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.info, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, r->in.info, r->in.level));
+		NDR_CHECK(ndr_pull_samr_UserInfo(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.info));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_SetUserInfo2(struct ndr_print *ndr, const char *name, int flags, const struct samr_SetUserInfo2 *r)
+{
+	ndr_print_struct(ndr, name, "samr_SetUserInfo2");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_SetUserInfo2");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "user_handle", r->in.user_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "user_handle", r->in.user_handle);
+		ndr->depth--;
+		ndr_print_uint16(ndr, "level", r->in.level);
+		ndr_print_ptr(ndr, "info", r->in.info);
+		ndr->depth++;
+		ndr_print_set_switch_value(ndr, r->in.info, r->in.level);
+		ndr_print_samr_UserInfo(ndr, "info", r->in.info);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_SetUserInfo2");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_SetBootKeyInformation(struct ndr_push *ndr, int flags, const struct samr_SetBootKeyInformation *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.connect_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.connect_handle));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown1));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown2));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown3));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_SetBootKeyInformation(struct ndr_pull *ndr, int flags, struct samr_SetBootKeyInformation *r)
+{
+	TALLOC_CTX *_mem_save_connect_handle_0;
+	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.connect_handle);
+		}
+		_mem_save_connect_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.connect_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.connect_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_connect_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown1));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown2));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown3));
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_SetBootKeyInformation(struct ndr_print *ndr, const char *name, int flags, const struct samr_SetBootKeyInformation *r)
+{
+	ndr_print_struct(ndr, name, "samr_SetBootKeyInformation");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_SetBootKeyInformation");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "connect_handle", r->in.connect_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "connect_handle", r->in.connect_handle);
+		ndr->depth--;
+		ndr_print_uint32(ndr, "unknown1", r->in.unknown1);
+		ndr_print_uint32(ndr, "unknown2", r->in.unknown2);
+		ndr_print_uint32(ndr, "unknown3", r->in.unknown3);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_SetBootKeyInformation");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_GetBootKeyInformation(struct ndr_push *ndr, int flags, const struct samr_GetBootKeyInformation *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.unknown == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.unknown));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_GetBootKeyInformation(struct ndr_pull *ndr, int flags, struct samr_GetBootKeyInformation *r)
+{
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_unknown_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.unknown);
+		ZERO_STRUCTP(r->out.unknown);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.unknown);
+		}
+		_mem_save_unknown_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.unknown, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.unknown));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_GetBootKeyInformation(struct ndr_print *ndr, const char *name, int flags, const struct samr_GetBootKeyInformation *r)
+{
+	ndr_print_struct(ndr, name, "samr_GetBootKeyInformation");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_GetBootKeyInformation");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_GetBootKeyInformation");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "unknown", r->out.unknown);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "unknown", *r->out.unknown);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_Connect3(struct ndr_push *ndr, int flags, const struct samr_Connect3 *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.system_name));
+		if (r->in.system_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.system_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.system_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.system_name, ndr_charset_length(r->in.system_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown));
+		NDR_CHECK(ndr_push_samr_ConnectAccessMask(ndr, NDR_SCALARS, r->in.access_mask));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.connect_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->out.connect_handle));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_Connect3(struct ndr_pull *ndr, int flags, struct samr_Connect3 *r)
+{
+	uint32_t _ptr_system_name;
+	TALLOC_CTX *_mem_save_system_name_0;
+	TALLOC_CTX *_mem_save_connect_handle_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_system_name));
+		if (_ptr_system_name) {
+			NDR_PULL_ALLOC(ndr, r->in.system_name);
+		} else {
+			r->in.system_name = NULL;
+		}
+		if (r->in.system_name) {
+			_mem_save_system_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name));
+			if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0);
+		}
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown));
+		NDR_CHECK(ndr_pull_samr_ConnectAccessMask(ndr, NDR_SCALARS, &r->in.access_mask));
+		NDR_PULL_ALLOC(ndr, r->out.connect_handle);
+		ZERO_STRUCTP(r->out.connect_handle);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.connect_handle);
+		}
+		_mem_save_connect_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.connect_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->out.connect_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_connect_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_Connect3(struct ndr_print *ndr, const char *name, int flags, const struct samr_Connect3 *r)
+{
+	ndr_print_struct(ndr, name, "samr_Connect3");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_Connect3");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "system_name", r->in.system_name);
+		ndr->depth++;
+		if (r->in.system_name) {
+			ndr_print_string(ndr, "system_name", r->in.system_name);
+		}
+		ndr->depth--;
+		ndr_print_uint32(ndr, "unknown", r->in.unknown);
+		ndr_print_samr_ConnectAccessMask(ndr, "access_mask", r->in.access_mask);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_Connect3");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "connect_handle", r->out.connect_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "connect_handle", r->out.connect_handle);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_Connect4(struct ndr_push *ndr, int flags, const struct samr_Connect4 *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.system_name));
+		if (r->in.system_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.system_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.system_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.system_name, ndr_charset_length(r->in.system_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		NDR_CHECK(ndr_push_samr_ConnectVersion(ndr, NDR_SCALARS, r->in.client_version));
+		NDR_CHECK(ndr_push_samr_ConnectAccessMask(ndr, NDR_SCALARS, r->in.access_mask));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.connect_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->out.connect_handle));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_Connect4(struct ndr_pull *ndr, int flags, struct samr_Connect4 *r)
+{
+	uint32_t _ptr_system_name;
+	TALLOC_CTX *_mem_save_system_name_0;
+	TALLOC_CTX *_mem_save_connect_handle_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_system_name));
+		if (_ptr_system_name) {
+			NDR_PULL_ALLOC(ndr, r->in.system_name);
+		} else {
+			r->in.system_name = NULL;
+		}
+		if (r->in.system_name) {
+			_mem_save_system_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name));
+			if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0);
+		}
+		NDR_CHECK(ndr_pull_samr_ConnectVersion(ndr, NDR_SCALARS, &r->in.client_version));
+		NDR_CHECK(ndr_pull_samr_ConnectAccessMask(ndr, NDR_SCALARS, &r->in.access_mask));
+		NDR_PULL_ALLOC(ndr, r->out.connect_handle);
+		ZERO_STRUCTP(r->out.connect_handle);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.connect_handle);
+		}
+		_mem_save_connect_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.connect_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->out.connect_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_connect_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_Connect4(struct ndr_print *ndr, const char *name, int flags, const struct samr_Connect4 *r)
+{
+	ndr_print_struct(ndr, name, "samr_Connect4");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_Connect4");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "system_name", r->in.system_name);
+		ndr->depth++;
+		if (r->in.system_name) {
+			ndr_print_string(ndr, "system_name", r->in.system_name);
+		}
+		ndr->depth--;
+		ndr_print_samr_ConnectVersion(ndr, "client_version", r->in.client_version);
+		ndr_print_samr_ConnectAccessMask(ndr, "access_mask", r->in.access_mask);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_Connect4");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "connect_handle", r->out.connect_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "connect_handle", r->out.connect_handle);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_ChangePasswordUser3(struct ndr_push *ndr, int flags, const struct samr_ChangePasswordUser3 *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.server));
+		if (r->in.server) {
+			NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.server));
+		}
+		if (r->in.account == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.account));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.nt_password));
+		if (r->in.nt_password) {
+			NDR_CHECK(ndr_push_samr_CryptPassword(ndr, NDR_SCALARS, r->in.nt_password));
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.nt_verifier));
+		if (r->in.nt_verifier) {
+			NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->in.nt_verifier));
+		}
+		NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->in.lm_change));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.lm_password));
+		if (r->in.lm_password) {
+			NDR_CHECK(ndr_push_samr_CryptPassword(ndr, NDR_SCALARS, r->in.lm_password));
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.lm_verifier));
+		if (r->in.lm_verifier) {
+			NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->in.lm_verifier));
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.password3));
+		if (r->in.password3) {
+			NDR_CHECK(ndr_push_samr_CryptPassword(ndr, NDR_SCALARS, r->in.password3));
+		}
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.dominfo == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.dominfo));
+		if (*r->out.dominfo) {
+			NDR_CHECK(ndr_push_samr_DomInfo1(ndr, NDR_SCALARS, *r->out.dominfo));
+		}
+		if (r->out.reject == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.reject));
+		if (*r->out.reject) {
+			NDR_CHECK(ndr_push_samr_ChangeReject(ndr, NDR_SCALARS, *r->out.reject));
+		}
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_ChangePasswordUser3(struct ndr_pull *ndr, int flags, struct samr_ChangePasswordUser3 *r)
+{
+	uint32_t _ptr_server;
+	uint32_t _ptr_nt_password;
+	uint32_t _ptr_nt_verifier;
+	uint32_t _ptr_lm_password;
+	uint32_t _ptr_lm_verifier;
+	uint32_t _ptr_password3;
+	uint32_t _ptr_dominfo;
+	uint32_t _ptr_reject;
+	TALLOC_CTX *_mem_save_server_0;
+	TALLOC_CTX *_mem_save_account_0;
+	TALLOC_CTX *_mem_save_nt_password_0;
+	TALLOC_CTX *_mem_save_nt_verifier_0;
+	TALLOC_CTX *_mem_save_lm_password_0;
+	TALLOC_CTX *_mem_save_lm_verifier_0;
+	TALLOC_CTX *_mem_save_password3_0;
+	TALLOC_CTX *_mem_save_dominfo_0;
+	TALLOC_CTX *_mem_save_dominfo_1;
+	TALLOC_CTX *_mem_save_reject_0;
+	TALLOC_CTX *_mem_save_reject_1;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_server));
+		if (_ptr_server) {
+			NDR_PULL_ALLOC(ndr, r->in.server);
+		} else {
+			r->in.server = NULL;
+		}
+		if (r->in.server) {
+			_mem_save_server_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.server, 0);
+			NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.server));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_server_0, 0);
+		}
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.account);
+		}
+		_mem_save_account_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.account, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.account));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_account_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_nt_password));
+		if (_ptr_nt_password) {
+			NDR_PULL_ALLOC(ndr, r->in.nt_password);
+		} else {
+			r->in.nt_password = NULL;
+		}
+		if (r->in.nt_password) {
+			_mem_save_nt_password_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.nt_password, 0);
+			NDR_CHECK(ndr_pull_samr_CryptPassword(ndr, NDR_SCALARS, r->in.nt_password));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_nt_password_0, 0);
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_nt_verifier));
+		if (_ptr_nt_verifier) {
+			NDR_PULL_ALLOC(ndr, r->in.nt_verifier);
+		} else {
+			r->in.nt_verifier = NULL;
+		}
+		if (r->in.nt_verifier) {
+			_mem_save_nt_verifier_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.nt_verifier, 0);
+			NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->in.nt_verifier));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_nt_verifier_0, 0);
+		}
+		NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->in.lm_change));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_lm_password));
+		if (_ptr_lm_password) {
+			NDR_PULL_ALLOC(ndr, r->in.lm_password);
+		} else {
+			r->in.lm_password = NULL;
+		}
+		if (r->in.lm_password) {
+			_mem_save_lm_password_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.lm_password, 0);
+			NDR_CHECK(ndr_pull_samr_CryptPassword(ndr, NDR_SCALARS, r->in.lm_password));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_lm_password_0, 0);
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_lm_verifier));
+		if (_ptr_lm_verifier) {
+			NDR_PULL_ALLOC(ndr, r->in.lm_verifier);
+		} else {
+			r->in.lm_verifier = NULL;
+		}
+		if (r->in.lm_verifier) {
+			_mem_save_lm_verifier_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.lm_verifier, 0);
+			NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->in.lm_verifier));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_lm_verifier_0, 0);
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_password3));
+		if (_ptr_password3) {
+			NDR_PULL_ALLOC(ndr, r->in.password3);
+		} else {
+			r->in.password3 = NULL;
+		}
+		if (r->in.password3) {
+			_mem_save_password3_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.password3, 0);
+			NDR_CHECK(ndr_pull_samr_CryptPassword(ndr, NDR_SCALARS, r->in.password3));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password3_0, 0);
+		}
+		NDR_PULL_ALLOC(ndr, r->out.dominfo);
+		ZERO_STRUCTP(r->out.dominfo);
+		NDR_PULL_ALLOC(ndr, r->out.reject);
+		ZERO_STRUCTP(r->out.reject);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.dominfo);
+		}
+		_mem_save_dominfo_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.dominfo, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dominfo));
+		if (_ptr_dominfo) {
+			NDR_PULL_ALLOC(ndr, *r->out.dominfo);
+		} else {
+			*r->out.dominfo = NULL;
+		}
+		if (*r->out.dominfo) {
+			_mem_save_dominfo_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.dominfo, 0);
+			NDR_CHECK(ndr_pull_samr_DomInfo1(ndr, NDR_SCALARS, *r->out.dominfo));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dominfo_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dominfo_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.reject);
+		}
+		_mem_save_reject_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.reject, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_reject));
+		if (_ptr_reject) {
+			NDR_PULL_ALLOC(ndr, *r->out.reject);
+		} else {
+			*r->out.reject = NULL;
+		}
+		if (*r->out.reject) {
+			_mem_save_reject_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.reject, 0);
+			NDR_CHECK(ndr_pull_samr_ChangeReject(ndr, NDR_SCALARS, *r->out.reject));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_reject_1, 0);
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_reject_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_ChangePasswordUser3(struct ndr_print *ndr, const char *name, int flags, const struct samr_ChangePasswordUser3 *r)
+{
+	ndr_print_struct(ndr, name, "samr_ChangePasswordUser3");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_ChangePasswordUser3");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "server", r->in.server);
+		ndr->depth++;
+		if (r->in.server) {
+			ndr_print_lsa_String(ndr, "server", r->in.server);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "account", r->in.account);
+		ndr->depth++;
+		ndr_print_lsa_String(ndr, "account", r->in.account);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "nt_password", r->in.nt_password);
+		ndr->depth++;
+		if (r->in.nt_password) {
+			ndr_print_samr_CryptPassword(ndr, "nt_password", r->in.nt_password);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "nt_verifier", r->in.nt_verifier);
+		ndr->depth++;
+		if (r->in.nt_verifier) {
+			ndr_print_samr_Password(ndr, "nt_verifier", r->in.nt_verifier);
+		}
+		ndr->depth--;
+		ndr_print_uint8(ndr, "lm_change", r->in.lm_change);
+		ndr_print_ptr(ndr, "lm_password", r->in.lm_password);
+		ndr->depth++;
+		if (r->in.lm_password) {
+			ndr_print_samr_CryptPassword(ndr, "lm_password", r->in.lm_password);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "lm_verifier", r->in.lm_verifier);
+		ndr->depth++;
+		if (r->in.lm_verifier) {
+			ndr_print_samr_Password(ndr, "lm_verifier", r->in.lm_verifier);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "password3", r->in.password3);
+		ndr->depth++;
+		if (r->in.password3) {
+			ndr_print_samr_CryptPassword(ndr, "password3", r->in.password3);
+		}
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_ChangePasswordUser3");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "dominfo", r->out.dominfo);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "dominfo", *r->out.dominfo);
+		ndr->depth++;
+		if (*r->out.dominfo) {
+			ndr_print_samr_DomInfo1(ndr, "dominfo", *r->out.dominfo);
+		}
+		ndr->depth--;
+		ndr->depth--;
+		ndr_print_ptr(ndr, "reject", r->out.reject);
+		ndr->depth++;
+		ndr_print_ptr(ndr, "reject", *r->out.reject);
+		ndr->depth++;
+		if (*r->out.reject) {
+			ndr_print_samr_ChangeReject(ndr, "reject", *r->out.reject);
+		}
+		ndr->depth--;
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_samr_Connect5(struct ndr_push *ndr, int flags, const struct samr_Connect5 *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.system_name));
+		if (r->in.system_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.system_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.system_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.system_name, ndr_charset_length(r->in.system_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+		}
+		NDR_CHECK(ndr_push_samr_ConnectAccessMask(ndr, NDR_SCALARS, r->in.access_mask));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.level_in));
+		if (r->in.info_in == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_set_switch_value(ndr, r->in.info_in, r->in.level_in));
+		NDR_CHECK(ndr_push_samr_ConnectInfo(ndr, NDR_SCALARS, r->in.info_in));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.level_out == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.level_out));
+		if (r->out.info_out == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_set_switch_value(ndr, r->out.info_out, *r->out.level_out));
+		NDR_CHECK(ndr_push_samr_ConnectInfo(ndr, NDR_SCALARS, r->out.info_out));
+		if (r->out.connect_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->out.connect_handle));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_samr_Connect5(struct ndr_pull *ndr, int flags, struct samr_Connect5 *r)
+{
+	uint32_t _ptr_system_name;
+	TALLOC_CTX *_mem_save_system_name_0;
+	TALLOC_CTX *_mem_save_info_in_0;
+	TALLOC_CTX *_mem_save_level_out_0;
+	TALLOC_CTX *_mem_save_info_out_0;
+	TALLOC_CTX *_mem_save_connect_handle_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_system_name));
+		if (_ptr_system_name) {
+			NDR_PULL_ALLOC(ndr, r->in.system_name);
+		} else {
+			r->in.system_name = NULL;
+		}
+		if (r->in.system_name) {
+			_mem_save_system_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.system_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, &r->in.system_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, &r->in.system_name));
+			if (ndr_get_array_length(ndr, &r->in.system_name) > ndr_get_array_size(ndr, &r->in.system_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.system_name), ndr_get_array_length(ndr, &r->in.system_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.system_name, ndr_get_array_length(ndr, &r->in.system_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_system_name_0, 0);
+		}
+		NDR_CHECK(ndr_pull_samr_ConnectAccessMask(ndr, NDR_SCALARS, &r->in.access_mask));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.level_in));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.info_in);
+		}
+		_mem_save_info_in_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.info_in, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, r->in.info_in, r->in.level_in));
+		NDR_CHECK(ndr_pull_samr_ConnectInfo(ndr, NDR_SCALARS, r->in.info_in));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_in_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_PULL_ALLOC(ndr, r->out.level_out);
+		ZERO_STRUCTP(r->out.level_out);
+		NDR_PULL_ALLOC(ndr, r->out.info_out);
+		ZERO_STRUCTP(r->out.info_out);
+		NDR_PULL_ALLOC(ndr, r->out.connect_handle);
+		ZERO_STRUCTP(r->out.connect_handle);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.level_out);
+		}
+		_mem_save_level_out_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.level_out, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.level_out));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_level_out_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.info_out);
+		}
+		_mem_save_info_out_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.info_out, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, r->out.info_out, *r->out.level_out));
+		NDR_CHECK(ndr_pull_samr_ConnectInfo(ndr, NDR_SCALARS, r->out.info_out));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_out_0, LIBNDR_FLAG_REF_ALLOC);
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.connect_handle);
+		}
+		_mem_save_connect_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.connect_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->out.connect_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_connect_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_Connect5(struct ndr_print *ndr, const char *name, int flags, const struct samr_Connect5 *r)
+{
+	ndr_print_struct(ndr, name, "samr_Connect5");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_Connect5");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "system_name", r->in.system_name);
+		ndr->depth++;
+		if (r->in.system_name) {
+			ndr_print_string(ndr, "system_name", r->in.system_name);
+		}
+		ndr->depth--;
+		ndr_print_samr_ConnectAccessMask(ndr, "access_mask", r->in.access_mask);
+		ndr_print_uint32(ndr, "level_in", r->in.level_in);
+		ndr_print_ptr(ndr, "info_in", r->in.info_in);
+		ndr->depth++;
+		ndr_print_set_switch_value(ndr, r->in.info_in, r->in.level_in);
+		ndr_print_samr_ConnectInfo(ndr, "info_in", r->in.info_in);
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_Connect5");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "level_out", r->out.level_out);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "level_out", *r->out.level_out);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "info_out", r->out.info_out);
+		ndr->depth++;
+		ndr_print_set_switch_value(ndr, r->out.info_out, *r->out.level_out);
+		ndr_print_samr_ConnectInfo(ndr, "info_out", r->out.info_out);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "connect_handle", r->out.connect_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "connect_handle", r->out.connect_handle);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_RidToSid(struct ndr_push *ndr, int flags, const struct samr_RidToSid *r)
+{
+	if (flags & NDR_IN) {
+		if (r->in.domain_handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.rid));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.sid == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.sid));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_RidToSid(struct ndr_pull *ndr, int flags, struct samr_RidToSid *r)
+{
+	TALLOC_CTX *_mem_save_domain_handle_0;
+	TALLOC_CTX *_mem_save_sid_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.domain_handle);
+		}
+		_mem_save_domain_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.domain_handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.domain_handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_domain_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.rid));
+		NDR_PULL_ALLOC(ndr, r->out.sid);
+		ZERO_STRUCTP(r->out.sid);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.sid);
+		}
+		_mem_save_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.sid, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.sid));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sid_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_RidToSid(struct ndr_print *ndr, const char *name, int flags, const struct samr_RidToSid *r)
+{
+	ndr_print_struct(ndr, name, "samr_RidToSid");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_RidToSid");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "domain_handle", r->in.domain_handle);
+		ndr->depth--;
+		ndr_print_uint32(ndr, "rid", r->in.rid);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_RidToSid");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "sid", r->out.sid);
+		ndr->depth++;
+		ndr_print_dom_sid2(ndr, "sid", r->out.sid);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_SetDsrmPassword(struct ndr_push *ndr, int flags, const struct samr_SetDsrmPassword *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.name));
+		if (r->in.name) {
+			NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.name));
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.hash));
+		if (r->in.hash) {
+			NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->in.hash));
+		}
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_SetDsrmPassword(struct ndr_pull *ndr, int flags, struct samr_SetDsrmPassword *r)
+{
+	uint32_t _ptr_name;
+	uint32_t _ptr_hash;
+	TALLOC_CTX *_mem_save_name_0;
+	TALLOC_CTX *_mem_save_hash_0;
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_name));
+		if (_ptr_name) {
+			NDR_PULL_ALLOC(ndr, r->in.name);
+		} else {
+			r->in.name = NULL;
+		}
+		if (r->in.name) {
+			_mem_save_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.name, 0);
+			NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.name));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0);
+		}
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_hash));
+		if (_ptr_hash) {
+			NDR_PULL_ALLOC(ndr, r->in.hash);
+		} else {
+			r->in.hash = NULL;
+		}
+		if (r->in.hash) {
+			_mem_save_hash_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->in.hash, 0);
+			NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->in.hash));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_hash_0, 0);
+		}
+	}
+	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_SetDsrmPassword(struct ndr_print *ndr, const char *name, int flags, const struct samr_SetDsrmPassword *r)
+{
+	ndr_print_struct(ndr, name, "samr_SetDsrmPassword");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_SetDsrmPassword");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "name", r->in.name);
+		ndr->depth++;
+		if (r->in.name) {
+			ndr_print_lsa_String(ndr, "name", r->in.name);
+		}
+		ndr->depth--;
+		ndr_print_uint32(ndr, "unknown", r->in.unknown);
+		ndr_print_ptr(ndr, "hash", r->in.hash);
+		ndr->depth++;
+		if (r->in.hash) {
+			ndr_print_samr_Password(ndr, "hash", r->in.hash);
+		}
+		ndr->depth--;
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_SetDsrmPassword");
+		ndr->depth++;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_samr_ValidatePassword(struct ndr_push *ndr, int flags, const struct samr_ValidatePassword *r)
+{
+	if (flags & NDR_IN) {
+		NDR_CHECK(ndr_push_samr_ValidatePasswordLevel(ndr, NDR_SCALARS, r->in.level));
+		NDR_CHECK(ndr_push_set_switch_value(ndr, &r->in.req, r->in.level));
+		NDR_CHECK(ndr_push_samr_ValidatePasswordReq(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.req));
+	}
+	if (flags & NDR_OUT) {
+		if (r->out.rep == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_set_switch_value(ndr, r->out.rep, r->in.level));
+		NDR_CHECK(ndr_push_samr_ValidatePasswordRep(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.rep));
+		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_samr_ValidatePassword(struct ndr_pull *ndr, int flags, struct samr_ValidatePassword *r)
+{
+	TALLOC_CTX *_mem_save_rep_0;
+	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		NDR_CHECK(ndr_pull_samr_ValidatePasswordLevel(ndr, NDR_SCALARS, &r->in.level));
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->in.req, r->in.level));
+		NDR_CHECK(ndr_pull_samr_ValidatePasswordReq(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.req));
+		NDR_PULL_ALLOC(ndr, r->out.rep);
+		ZERO_STRUCTP(r->out.rep);
+	}
+	if (flags & NDR_OUT) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.rep);
+		}
+		_mem_save_rep_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.rep, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, r->out.rep, r->in.level));
+		NDR_CHECK(ndr_pull_samr_ValidatePasswordRep(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.rep));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_rep_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_samr_ValidatePassword(struct ndr_print *ndr, const char *name, int flags, const struct samr_ValidatePassword *r)
+{
+	ndr_print_struct(ndr, name, "samr_ValidatePassword");
+	ndr->depth++;
+	if (flags & NDR_SET_VALUES) {
+		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
+	}
+	if (flags & NDR_IN) {
+		ndr_print_struct(ndr, "in", "samr_ValidatePassword");
+		ndr->depth++;
+		ndr_print_samr_ValidatePasswordLevel(ndr, "level", r->in.level);
+		ndr_print_set_switch_value(ndr, &r->in.req, r->in.level);
+		ndr_print_samr_ValidatePasswordReq(ndr, "req", &r->in.req);
+		ndr->depth--;
+	}
+	if (flags & NDR_OUT) {
+		ndr_print_struct(ndr, "out", "samr_ValidatePassword");
+		ndr->depth++;
+		ndr_print_ptr(ndr, "rep", r->out.rep);
+		ndr->depth++;
+		ndr_print_set_switch_value(ndr, r->out.rep, r->in.level);
+		ndr_print_samr_ValidatePasswordRep(ndr, "rep", r->out.rep);
+		ndr->depth--;
+		ndr_print_NTSTATUS(ndr, "result", r->out.result);
+		ndr->depth--;
+	}
+	ndr->depth--;
+}
+
+static const struct ndr_interface_call samr_calls[] = {
+	{
+		"samr_Connect",
+		sizeof(struct samr_Connect),
+		(ndr_push_flags_fn_t) ndr_push_samr_Connect,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_Connect,
+		(ndr_print_function_t) ndr_print_samr_Connect,
+		false,
+	},
+	{
+		"samr_Close",
+		sizeof(struct samr_Close),
+		(ndr_push_flags_fn_t) ndr_push_samr_Close,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_Close,
+		(ndr_print_function_t) ndr_print_samr_Close,
+		false,
+	},
+	{
+		"samr_SetSecurity",
+		sizeof(struct samr_SetSecurity),
+		(ndr_push_flags_fn_t) ndr_push_samr_SetSecurity,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_SetSecurity,
+		(ndr_print_function_t) ndr_print_samr_SetSecurity,
+		false,
+	},
+	{
+		"samr_QuerySecurity",
+		sizeof(struct samr_QuerySecurity),
+		(ndr_push_flags_fn_t) ndr_push_samr_QuerySecurity,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_QuerySecurity,
+		(ndr_print_function_t) ndr_print_samr_QuerySecurity,
+		false,
+	},
+	{
+		"samr_Shutdown",
+		sizeof(struct samr_Shutdown),
+		(ndr_push_flags_fn_t) ndr_push_samr_Shutdown,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_Shutdown,
+		(ndr_print_function_t) ndr_print_samr_Shutdown,
+		false,
+	},
+	{
+		"samr_LookupDomain",
+		sizeof(struct samr_LookupDomain),
+		(ndr_push_flags_fn_t) ndr_push_samr_LookupDomain,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_LookupDomain,
+		(ndr_print_function_t) ndr_print_samr_LookupDomain,
+		false,
+	},
+	{
+		"samr_EnumDomains",
+		sizeof(struct samr_EnumDomains),
+		(ndr_push_flags_fn_t) ndr_push_samr_EnumDomains,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_EnumDomains,
+		(ndr_print_function_t) ndr_print_samr_EnumDomains,
+		false,
+	},
+	{
+		"samr_OpenDomain",
+		sizeof(struct samr_OpenDomain),
+		(ndr_push_flags_fn_t) ndr_push_samr_OpenDomain,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_OpenDomain,
+		(ndr_print_function_t) ndr_print_samr_OpenDomain,
+		false,
+	},
+	{
+		"samr_QueryDomainInfo",
+		sizeof(struct samr_QueryDomainInfo),
+		(ndr_push_flags_fn_t) ndr_push_samr_QueryDomainInfo,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_QueryDomainInfo,
+		(ndr_print_function_t) ndr_print_samr_QueryDomainInfo,
+		false,
+	},
+	{
+		"samr_SetDomainInfo",
+		sizeof(struct samr_SetDomainInfo),
+		(ndr_push_flags_fn_t) ndr_push_samr_SetDomainInfo,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_SetDomainInfo,
+		(ndr_print_function_t) ndr_print_samr_SetDomainInfo,
+		false,
+	},
+	{
+		"samr_CreateDomainGroup",
+		sizeof(struct samr_CreateDomainGroup),
+		(ndr_push_flags_fn_t) ndr_push_samr_CreateDomainGroup,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_CreateDomainGroup,
+		(ndr_print_function_t) ndr_print_samr_CreateDomainGroup,
+		false,
+	},
+	{
+		"samr_EnumDomainGroups",
+		sizeof(struct samr_EnumDomainGroups),
+		(ndr_push_flags_fn_t) ndr_push_samr_EnumDomainGroups,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_EnumDomainGroups,
+		(ndr_print_function_t) ndr_print_samr_EnumDomainGroups,
+		false,
+	},
+	{
+		"samr_CreateUser",
+		sizeof(struct samr_CreateUser),
+		(ndr_push_flags_fn_t) ndr_push_samr_CreateUser,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_CreateUser,
+		(ndr_print_function_t) ndr_print_samr_CreateUser,
+		false,
+	},
+	{
+		"samr_EnumDomainUsers",
+		sizeof(struct samr_EnumDomainUsers),
+		(ndr_push_flags_fn_t) ndr_push_samr_EnumDomainUsers,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_EnumDomainUsers,
+		(ndr_print_function_t) ndr_print_samr_EnumDomainUsers,
+		false,
+	},
+	{
+		"samr_CreateDomAlias",
+		sizeof(struct samr_CreateDomAlias),
+		(ndr_push_flags_fn_t) ndr_push_samr_CreateDomAlias,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_CreateDomAlias,
+		(ndr_print_function_t) ndr_print_samr_CreateDomAlias,
+		false,
+	},
+	{
+		"samr_EnumDomainAliases",
+		sizeof(struct samr_EnumDomainAliases),
+		(ndr_push_flags_fn_t) ndr_push_samr_EnumDomainAliases,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_EnumDomainAliases,
+		(ndr_print_function_t) ndr_print_samr_EnumDomainAliases,
+		false,
+	},
+	{
+		"samr_GetAliasMembership",
+		sizeof(struct samr_GetAliasMembership),
+		(ndr_push_flags_fn_t) ndr_push_samr_GetAliasMembership,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_GetAliasMembership,
+		(ndr_print_function_t) ndr_print_samr_GetAliasMembership,
+		false,
+	},
+	{
+		"samr_LookupNames",
+		sizeof(struct samr_LookupNames),
+		(ndr_push_flags_fn_t) ndr_push_samr_LookupNames,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_LookupNames,
+		(ndr_print_function_t) ndr_print_samr_LookupNames,
+		false,
+	},
+	{
+		"samr_LookupRids",
+		sizeof(struct samr_LookupRids),
+		(ndr_push_flags_fn_t) ndr_push_samr_LookupRids,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_LookupRids,
+		(ndr_print_function_t) ndr_print_samr_LookupRids,
+		false,
+	},
+	{
+		"samr_OpenGroup",
+		sizeof(struct samr_OpenGroup),
+		(ndr_push_flags_fn_t) ndr_push_samr_OpenGroup,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_OpenGroup,
+		(ndr_print_function_t) ndr_print_samr_OpenGroup,
+		false,
+	},
+	{
+		"samr_QueryGroupInfo",
+		sizeof(struct samr_QueryGroupInfo),
+		(ndr_push_flags_fn_t) ndr_push_samr_QueryGroupInfo,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_QueryGroupInfo,
+		(ndr_print_function_t) ndr_print_samr_QueryGroupInfo,
+		false,
+	},
+	{
+		"samr_SetGroupInfo",
+		sizeof(struct samr_SetGroupInfo),
+		(ndr_push_flags_fn_t) ndr_push_samr_SetGroupInfo,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_SetGroupInfo,
+		(ndr_print_function_t) ndr_print_samr_SetGroupInfo,
+		false,
+	},
+	{
+		"samr_AddGroupMember",
+		sizeof(struct samr_AddGroupMember),
+		(ndr_push_flags_fn_t) ndr_push_samr_AddGroupMember,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_AddGroupMember,
+		(ndr_print_function_t) ndr_print_samr_AddGroupMember,
+		false,
+	},
+	{
+		"samr_DeleteDomainGroup",
+		sizeof(struct samr_DeleteDomainGroup),
+		(ndr_push_flags_fn_t) ndr_push_samr_DeleteDomainGroup,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_DeleteDomainGroup,
+		(ndr_print_function_t) ndr_print_samr_DeleteDomainGroup,
+		false,
+	},
+	{
+		"samr_DeleteGroupMember",
+		sizeof(struct samr_DeleteGroupMember),
+		(ndr_push_flags_fn_t) ndr_push_samr_DeleteGroupMember,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_DeleteGroupMember,
+		(ndr_print_function_t) ndr_print_samr_DeleteGroupMember,
+		false,
+	},
+	{
+		"samr_QueryGroupMember",
+		sizeof(struct samr_QueryGroupMember),
+		(ndr_push_flags_fn_t) ndr_push_samr_QueryGroupMember,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_QueryGroupMember,
+		(ndr_print_function_t) ndr_print_samr_QueryGroupMember,
+		false,
+	},
+	{
+		"samr_SetMemberAttributesOfGroup",
+		sizeof(struct samr_SetMemberAttributesOfGroup),
+		(ndr_push_flags_fn_t) ndr_push_samr_SetMemberAttributesOfGroup,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_SetMemberAttributesOfGroup,
+		(ndr_print_function_t) ndr_print_samr_SetMemberAttributesOfGroup,
+		false,
+	},
+	{
+		"samr_OpenAlias",
+		sizeof(struct samr_OpenAlias),
+		(ndr_push_flags_fn_t) ndr_push_samr_OpenAlias,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_OpenAlias,
+		(ndr_print_function_t) ndr_print_samr_OpenAlias,
+		false,
+	},
+	{
+		"samr_QueryAliasInfo",
+		sizeof(struct samr_QueryAliasInfo),
+		(ndr_push_flags_fn_t) ndr_push_samr_QueryAliasInfo,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_QueryAliasInfo,
+		(ndr_print_function_t) ndr_print_samr_QueryAliasInfo,
+		false,
+	},
+	{
+		"samr_SetAliasInfo",
+		sizeof(struct samr_SetAliasInfo),
+		(ndr_push_flags_fn_t) ndr_push_samr_SetAliasInfo,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_SetAliasInfo,
+		(ndr_print_function_t) ndr_print_samr_SetAliasInfo,
+		false,
+	},
+	{
+		"samr_DeleteDomAlias",
+		sizeof(struct samr_DeleteDomAlias),
+		(ndr_push_flags_fn_t) ndr_push_samr_DeleteDomAlias,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_DeleteDomAlias,
+		(ndr_print_function_t) ndr_print_samr_DeleteDomAlias,
+		false,
+	},
+	{
+		"samr_AddAliasMember",
+		sizeof(struct samr_AddAliasMember),
+		(ndr_push_flags_fn_t) ndr_push_samr_AddAliasMember,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_AddAliasMember,
+		(ndr_print_function_t) ndr_print_samr_AddAliasMember,
+		false,
+	},
+	{
+		"samr_DeleteAliasMember",
+		sizeof(struct samr_DeleteAliasMember),
+		(ndr_push_flags_fn_t) ndr_push_samr_DeleteAliasMember,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_DeleteAliasMember,
+		(ndr_print_function_t) ndr_print_samr_DeleteAliasMember,
+		false,
+	},
+	{
+		"samr_GetMembersInAlias",
+		sizeof(struct samr_GetMembersInAlias),
+		(ndr_push_flags_fn_t) ndr_push_samr_GetMembersInAlias,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_GetMembersInAlias,
+		(ndr_print_function_t) ndr_print_samr_GetMembersInAlias,
+		false,
+	},
+	{
+		"samr_OpenUser",
+		sizeof(struct samr_OpenUser),
+		(ndr_push_flags_fn_t) ndr_push_samr_OpenUser,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_OpenUser,
+		(ndr_print_function_t) ndr_print_samr_OpenUser,
+		false,
+	},
+	{
+		"samr_DeleteUser",
+		sizeof(struct samr_DeleteUser),
+		(ndr_push_flags_fn_t) ndr_push_samr_DeleteUser,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_DeleteUser,
+		(ndr_print_function_t) ndr_print_samr_DeleteUser,
+		false,
+	},
+	{
+		"samr_QueryUserInfo",
+		sizeof(struct samr_QueryUserInfo),
+		(ndr_push_flags_fn_t) ndr_push_samr_QueryUserInfo,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_QueryUserInfo,
+		(ndr_print_function_t) ndr_print_samr_QueryUserInfo,
+		false,
+	},
+	{
+		"samr_SetUserInfo",
+		sizeof(struct samr_SetUserInfo),
+		(ndr_push_flags_fn_t) ndr_push_samr_SetUserInfo,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_SetUserInfo,
+		(ndr_print_function_t) ndr_print_samr_SetUserInfo,
+		false,
+	},
+	{
+		"samr_ChangePasswordUser",
+		sizeof(struct samr_ChangePasswordUser),
+		(ndr_push_flags_fn_t) ndr_push_samr_ChangePasswordUser,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_ChangePasswordUser,
+		(ndr_print_function_t) ndr_print_samr_ChangePasswordUser,
+		false,
+	},
+	{
+		"samr_GetGroupsForUser",
+		sizeof(struct samr_GetGroupsForUser),
+		(ndr_push_flags_fn_t) ndr_push_samr_GetGroupsForUser,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_GetGroupsForUser,
+		(ndr_print_function_t) ndr_print_samr_GetGroupsForUser,
+		false,
+	},
+	{
+		"samr_QueryDisplayInfo",
+		sizeof(struct samr_QueryDisplayInfo),
+		(ndr_push_flags_fn_t) ndr_push_samr_QueryDisplayInfo,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_QueryDisplayInfo,
+		(ndr_print_function_t) ndr_print_samr_QueryDisplayInfo,
+		false,
+	},
+	{
+		"samr_GetDisplayEnumerationIndex",
+		sizeof(struct samr_GetDisplayEnumerationIndex),
+		(ndr_push_flags_fn_t) ndr_push_samr_GetDisplayEnumerationIndex,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_GetDisplayEnumerationIndex,
+		(ndr_print_function_t) ndr_print_samr_GetDisplayEnumerationIndex,
+		false,
+	},
+	{
+		"samr_TestPrivateFunctionsDomain",
+		sizeof(struct samr_TestPrivateFunctionsDomain),
+		(ndr_push_flags_fn_t) ndr_push_samr_TestPrivateFunctionsDomain,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_TestPrivateFunctionsDomain,
+		(ndr_print_function_t) ndr_print_samr_TestPrivateFunctionsDomain,
+		false,
+	},
+	{
+		"samr_TestPrivateFunctionsUser",
+		sizeof(struct samr_TestPrivateFunctionsUser),
+		(ndr_push_flags_fn_t) ndr_push_samr_TestPrivateFunctionsUser,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_TestPrivateFunctionsUser,
+		(ndr_print_function_t) ndr_print_samr_TestPrivateFunctionsUser,
+		false,
+	},
+	{
+		"samr_GetUserPwInfo",
+		sizeof(struct samr_GetUserPwInfo),
+		(ndr_push_flags_fn_t) ndr_push_samr_GetUserPwInfo,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_GetUserPwInfo,
+		(ndr_print_function_t) ndr_print_samr_GetUserPwInfo,
+		false,
+	},
+	{
+		"samr_RemoveMemberFromForeignDomain",
+		sizeof(struct samr_RemoveMemberFromForeignDomain),
+		(ndr_push_flags_fn_t) ndr_push_samr_RemoveMemberFromForeignDomain,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_RemoveMemberFromForeignDomain,
+		(ndr_print_function_t) ndr_print_samr_RemoveMemberFromForeignDomain,
+		false,
+	},
+	{
+		"samr_QueryDomainInfo2",
+		sizeof(struct samr_QueryDomainInfo2),
+		(ndr_push_flags_fn_t) ndr_push_samr_QueryDomainInfo2,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_QueryDomainInfo2,
+		(ndr_print_function_t) ndr_print_samr_QueryDomainInfo2,
+		false,
+	},
+	{
+		"samr_QueryUserInfo2",
+		sizeof(struct samr_QueryUserInfo2),
+		(ndr_push_flags_fn_t) ndr_push_samr_QueryUserInfo2,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_QueryUserInfo2,
+		(ndr_print_function_t) ndr_print_samr_QueryUserInfo2,
+		false,
+	},
+	{
+		"samr_QueryDisplayInfo2",
+		sizeof(struct samr_QueryDisplayInfo2),
+		(ndr_push_flags_fn_t) ndr_push_samr_QueryDisplayInfo2,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_QueryDisplayInfo2,
+		(ndr_print_function_t) ndr_print_samr_QueryDisplayInfo2,
+		false,
+	},
+	{
+		"samr_GetDisplayEnumerationIndex2",
+		sizeof(struct samr_GetDisplayEnumerationIndex2),
+		(ndr_push_flags_fn_t) ndr_push_samr_GetDisplayEnumerationIndex2,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_GetDisplayEnumerationIndex2,
+		(ndr_print_function_t) ndr_print_samr_GetDisplayEnumerationIndex2,
+		false,
+	},
+	{
+		"samr_CreateUser2",
+		sizeof(struct samr_CreateUser2),
+		(ndr_push_flags_fn_t) ndr_push_samr_CreateUser2,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_CreateUser2,
+		(ndr_print_function_t) ndr_print_samr_CreateUser2,
+		false,
+	},
+	{
+		"samr_QueryDisplayInfo3",
+		sizeof(struct samr_QueryDisplayInfo3),
+		(ndr_push_flags_fn_t) ndr_push_samr_QueryDisplayInfo3,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_QueryDisplayInfo3,
+		(ndr_print_function_t) ndr_print_samr_QueryDisplayInfo3,
+		false,
+	},
+	{
+		"samr_AddMultipleMembersToAlias",
+		sizeof(struct samr_AddMultipleMembersToAlias),
+		(ndr_push_flags_fn_t) ndr_push_samr_AddMultipleMembersToAlias,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_AddMultipleMembersToAlias,
+		(ndr_print_function_t) ndr_print_samr_AddMultipleMembersToAlias,
+		false,
+	},
+	{
+		"samr_RemoveMultipleMembersFromAlias",
+		sizeof(struct samr_RemoveMultipleMembersFromAlias),
+		(ndr_push_flags_fn_t) ndr_push_samr_RemoveMultipleMembersFromAlias,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_RemoveMultipleMembersFromAlias,
+		(ndr_print_function_t) ndr_print_samr_RemoveMultipleMembersFromAlias,
+		false,
+	},
+	{
+		"samr_OemChangePasswordUser2",
+		sizeof(struct samr_OemChangePasswordUser2),
+		(ndr_push_flags_fn_t) ndr_push_samr_OemChangePasswordUser2,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_OemChangePasswordUser2,
+		(ndr_print_function_t) ndr_print_samr_OemChangePasswordUser2,
+		false,
+	},
+	{
+		"samr_ChangePasswordUser2",
+		sizeof(struct samr_ChangePasswordUser2),
+		(ndr_push_flags_fn_t) ndr_push_samr_ChangePasswordUser2,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_ChangePasswordUser2,
+		(ndr_print_function_t) ndr_print_samr_ChangePasswordUser2,
+		false,
+	},
+	{
+		"samr_GetDomPwInfo",
+		sizeof(struct samr_GetDomPwInfo),
+		(ndr_push_flags_fn_t) ndr_push_samr_GetDomPwInfo,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_GetDomPwInfo,
+		(ndr_print_function_t) ndr_print_samr_GetDomPwInfo,
+		false,
+	},
+	{
+		"samr_Connect2",
+		sizeof(struct samr_Connect2),
+		(ndr_push_flags_fn_t) ndr_push_samr_Connect2,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_Connect2,
+		(ndr_print_function_t) ndr_print_samr_Connect2,
+		false,
+	},
+	{
+		"samr_SetUserInfo2",
+		sizeof(struct samr_SetUserInfo2),
+		(ndr_push_flags_fn_t) ndr_push_samr_SetUserInfo2,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_SetUserInfo2,
+		(ndr_print_function_t) ndr_print_samr_SetUserInfo2,
+		false,
+	},
+	{
+		"samr_SetBootKeyInformation",
+		sizeof(struct samr_SetBootKeyInformation),
+		(ndr_push_flags_fn_t) ndr_push_samr_SetBootKeyInformation,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_SetBootKeyInformation,
+		(ndr_print_function_t) ndr_print_samr_SetBootKeyInformation,
+		false,
+	},
+	{
+		"samr_GetBootKeyInformation",
+		sizeof(struct samr_GetBootKeyInformation),
+		(ndr_push_flags_fn_t) ndr_push_samr_GetBootKeyInformation,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_GetBootKeyInformation,
+		(ndr_print_function_t) ndr_print_samr_GetBootKeyInformation,
+		false,
+	},
+	{
+		"samr_Connect3",
+		sizeof(struct samr_Connect3),
+		(ndr_push_flags_fn_t) ndr_push_samr_Connect3,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_Connect3,
+		(ndr_print_function_t) ndr_print_samr_Connect3,
+		false,
+	},
+	{
+		"samr_Connect4",
+		sizeof(struct samr_Connect4),
+		(ndr_push_flags_fn_t) ndr_push_samr_Connect4,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_Connect4,
+		(ndr_print_function_t) ndr_print_samr_Connect4,
+		false,
+	},
+	{
+		"samr_ChangePasswordUser3",
+		sizeof(struct samr_ChangePasswordUser3),
+		(ndr_push_flags_fn_t) ndr_push_samr_ChangePasswordUser3,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_ChangePasswordUser3,
+		(ndr_print_function_t) ndr_print_samr_ChangePasswordUser3,
+		false,
+	},
+	{
+		"samr_Connect5",
+		sizeof(struct samr_Connect5),
+		(ndr_push_flags_fn_t) ndr_push_samr_Connect5,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_Connect5,
+		(ndr_print_function_t) ndr_print_samr_Connect5,
+		false,
+	},
+	{
+		"samr_RidToSid",
+		sizeof(struct samr_RidToSid),
+		(ndr_push_flags_fn_t) ndr_push_samr_RidToSid,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_RidToSid,
+		(ndr_print_function_t) ndr_print_samr_RidToSid,
+		false,
+	},
+	{
+		"samr_SetDsrmPassword",
+		sizeof(struct samr_SetDsrmPassword),
+		(ndr_push_flags_fn_t) ndr_push_samr_SetDsrmPassword,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_SetDsrmPassword,
+		(ndr_print_function_t) ndr_print_samr_SetDsrmPassword,
+		false,
+	},
+	{
+		"samr_ValidatePassword",
+		sizeof(struct samr_ValidatePassword),
+		(ndr_push_flags_fn_t) ndr_push_samr_ValidatePassword,
+		(ndr_pull_flags_fn_t) ndr_pull_samr_ValidatePassword,
+		(ndr_print_function_t) ndr_print_samr_ValidatePassword,
+		false,
+	},
+	{ NULL, 0, NULL, NULL, NULL, false }
+};
+
+static const char * const samr_endpoint_strings[] = {
+	"ncacn_np:[\\pipe\\samr]", 
+	"ncacn_ip_tcp:", 
+	"ncalrpc:", 
+};
+
+static const struct ndr_interface_string_array samr_endpoints = {
+	.count	= 3,
+	.names	= samr_endpoint_strings
+};
+
+static const char * const samr_authservice_strings[] = {
+	"host", 
+};
+
+static const struct ndr_interface_string_array samr_authservices = {
+	.count	= 3,
+	.names	= samr_authservice_strings
+};
+
+
+const struct ndr_interface_table ndr_table_samr = {
+	.name		= "samr",
+	.syntax_id	= {
+		{0x12345778,0x1234,0xabcd,{0xef,0x00},{0x01,0x23,0x45,0x67,0x89,0xac}},
+		NDR_SAMR_VERSION
+	},
+	.helpstring	= NDR_SAMR_HELPSTRING,
+	.num_calls	= 68,
+	.calls		= samr_calls,
+	.endpoints	= &samr_endpoints,
+	.authservices	= &samr_authservices
+};
+
diff --git a/source3/librpc/gen_ndr/ndr_samr.h b/source3/librpc/gen_ndr/ndr_samr.h
new file mode 100644
index 0000000000..c21b5455fb
--- /dev/null
+++ b/source3/librpc/gen_ndr/ndr_samr.h
@@ -0,0 +1,342 @@
+/* header auto-generated by pidl */
+
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/samr.h"
+
+#ifndef _HEADER_NDR_samr
+#define _HEADER_NDR_samr
+
+#define NDR_SAMR_UUID "12345778-1234-abcd-ef00-0123456789ac"
+#define NDR_SAMR_VERSION 1.0
+#define NDR_SAMR_NAME "samr"
+#define NDR_SAMR_HELPSTRING NULL
+extern const struct ndr_interface_table ndr_table_samr;
+#define NDR_SAMR_CONNECT (0x00)
+
+#define NDR_SAMR_CLOSE (0x01)
+
+#define NDR_SAMR_SETSECURITY (0x02)
+
+#define NDR_SAMR_QUERYSECURITY (0x03)
+
+#define NDR_SAMR_SHUTDOWN (0x04)
+
+#define NDR_SAMR_LOOKUPDOMAIN (0x05)
+
+#define NDR_SAMR_ENUMDOMAINS (0x06)
+
+#define NDR_SAMR_OPENDOMAIN (0x07)
+
+#define NDR_SAMR_QUERYDOMAININFO (0x08)
+
+#define NDR_SAMR_SETDOMAININFO (0x09)
+
+#define NDR_SAMR_CREATEDOMAINGROUP (0x0a)
+
+#define NDR_SAMR_ENUMDOMAINGROUPS (0x0b)
+
+#define NDR_SAMR_CREATEUSER (0x0c)
+
+#define NDR_SAMR_ENUMDOMAINUSERS (0x0d)
+
+#define NDR_SAMR_CREATEDOMALIAS (0x0e)
+
+#define NDR_SAMR_ENUMDOMAINALIASES (0x0f)
+
+#define NDR_SAMR_GETALIASMEMBERSHIP (0x10)
+
+#define NDR_SAMR_LOOKUPNAMES (0x11)
+
+#define NDR_SAMR_LOOKUPRIDS (0x12)
+
+#define NDR_SAMR_OPENGROUP (0x13)
+
+#define NDR_SAMR_QUERYGROUPINFO (0x14)
+
+#define NDR_SAMR_SETGROUPINFO (0x15)
+
+#define NDR_SAMR_ADDGROUPMEMBER (0x16)
+
+#define NDR_SAMR_DELETEDOMAINGROUP (0x17)
+
+#define NDR_SAMR_DELETEGROUPMEMBER (0x18)
+
+#define NDR_SAMR_QUERYGROUPMEMBER (0x19)
+
+#define NDR_SAMR_SETMEMBERATTRIBUTESOFGROUP (0x1a)
+
+#define NDR_SAMR_OPENALIAS (0x1b)
+
+#define NDR_SAMR_QUERYALIASINFO (0x1c)
+
+#define NDR_SAMR_SETALIASINFO (0x1d)
+
+#define NDR_SAMR_DELETEDOMALIAS (0x1e)
+
+#define NDR_SAMR_ADDALIASMEMBER (0x1f)
+
+#define NDR_SAMR_DELETEALIASMEMBER (0x20)
+
+#define NDR_SAMR_GETMEMBERSINALIAS (0x21)
+
+#define NDR_SAMR_OPENUSER (0x22)
+
+#define NDR_SAMR_DELETEUSER (0x23)
+
+#define NDR_SAMR_QUERYUSERINFO (0x24)
+
+#define NDR_SAMR_SETUSERINFO (0x25)
+
+#define NDR_SAMR_CHANGEPASSWORDUSER (0x26)
+
+#define NDR_SAMR_GETGROUPSFORUSER (0x27)
+
+#define NDR_SAMR_QUERYDISPLAYINFO (0x28)
+
+#define NDR_SAMR_GETDISPLAYENUMERATIONINDEX (0x29)
+
+#define NDR_SAMR_TESTPRIVATEFUNCTIONSDOMAIN (0x2a)
+
+#define NDR_SAMR_TESTPRIVATEFUNCTIONSUSER (0x2b)
+
+#define NDR_SAMR_GETUSERPWINFO (0x2c)
+
+#define NDR_SAMR_REMOVEMEMBERFROMFOREIGNDOMAIN (0x2d)
+
+#define NDR_SAMR_QUERYDOMAININFO2 (0x2e)
+
+#define NDR_SAMR_QUERYUSERINFO2 (0x2f)
+
+#define NDR_SAMR_QUERYDISPLAYINFO2 (0x30)
+
+#define NDR_SAMR_GETDISPLAYENUMERATIONINDEX2 (0x31)
+
+#define NDR_SAMR_CREATEUSER2 (0x32)
+
+#define NDR_SAMR_QUERYDISPLAYINFO3 (0x33)
+
+#define NDR_SAMR_ADDMULTIPLEMEMBERSTOALIAS (0x34)
+
+#define NDR_SAMR_REMOVEMULTIPLEMEMBERSFROMALIAS (0x35)
+
+#define NDR_SAMR_OEMCHANGEPASSWORDUSER2 (0x36)
+
+#define NDR_SAMR_CHANGEPASSWORDUSER2 (0x37)
+
+#define NDR_SAMR_GETDOMPWINFO (0x38)
+
+#define NDR_SAMR_CONNECT2 (0x39)
+
+#define NDR_SAMR_SETUSERINFO2 (0x3a)
+
+#define NDR_SAMR_SETBOOTKEYINFORMATION (0x3b)
+
+#define NDR_SAMR_GETBOOTKEYINFORMATION (0x3c)
+
+#define NDR_SAMR_CONNECT3 (0x3d)
+
+#define NDR_SAMR_CONNECT4 (0x3e)
+
+#define NDR_SAMR_CHANGEPASSWORDUSER3 (0x3f)
+
+#define NDR_SAMR_CONNECT5 (0x40)
+
+#define NDR_SAMR_RIDTOSID (0x41)
+
+#define NDR_SAMR_SETDSRMPASSWORD (0x42)
+
+#define NDR_SAMR_VALIDATEPASSWORD (0x43)
+
+#define NDR_SAMR_CALL_COUNT (68)
+enum ndr_err_code ndr_push_samr_AcctFlags(struct ndr_push *ndr, int ndr_flags, uint32_t r);
+enum ndr_err_code ndr_pull_samr_AcctFlags(struct ndr_pull *ndr, int ndr_flags, uint32_t *r);
+void ndr_print_samr_AcctFlags(struct ndr_print *ndr, const char *name, uint32_t r);
+void ndr_print_samr_ConnectAccessMask(struct ndr_print *ndr, const char *name, uint32_t r);
+void ndr_print_samr_UserAccessMask(struct ndr_print *ndr, const char *name, uint32_t r);
+void ndr_print_samr_DomainAccessMask(struct ndr_print *ndr, const char *name, uint32_t r);
+void ndr_print_samr_GroupAccessMask(struct ndr_print *ndr, const char *name, uint32_t r);
+void ndr_print_samr_AliasAccessMask(struct ndr_print *ndr, const char *name, uint32_t r);
+void ndr_print_samr_SamEntry(struct ndr_print *ndr, const char *name, const struct samr_SamEntry *r);
+void ndr_print_samr_SamArray(struct ndr_print *ndr, const char *name, const struct samr_SamArray *r);
+void ndr_print_samr_Role(struct ndr_print *ndr, const char *name, enum samr_Role r);
+enum ndr_err_code ndr_push_samr_PasswordProperties(struct ndr_push *ndr, int ndr_flags, uint32_t r);
+enum ndr_err_code ndr_pull_samr_PasswordProperties(struct ndr_pull *ndr, int ndr_flags, uint32_t *r);
+void ndr_print_samr_PasswordProperties(struct ndr_print *ndr, const char *name, uint32_t r);
+void ndr_print_samr_DomInfo1(struct ndr_print *ndr, const char *name, const struct samr_DomInfo1 *r);
+void ndr_print_samr_DomInfo2(struct ndr_print *ndr, const char *name, const struct samr_DomInfo2 *r);
+void ndr_print_samr_DomInfo3(struct ndr_print *ndr, const char *name, const struct samr_DomInfo3 *r);
+void ndr_print_samr_DomInfo4(struct ndr_print *ndr, const char *name, const struct samr_DomInfo4 *r);
+void ndr_print_samr_DomInfo5(struct ndr_print *ndr, const char *name, const struct samr_DomInfo5 *r);
+void ndr_print_samr_DomInfo6(struct ndr_print *ndr, const char *name, const struct samr_DomInfo6 *r);
+void ndr_print_samr_DomInfo7(struct ndr_print *ndr, const char *name, const struct samr_DomInfo7 *r);
+void ndr_print_samr_DomInfo8(struct ndr_print *ndr, const char *name, const struct samr_DomInfo8 *r);
+void ndr_print_samr_DomInfo9(struct ndr_print *ndr, const char *name, const struct samr_DomInfo9 *r);
+void ndr_print_samr_DomInfo11(struct ndr_print *ndr, const char *name, const struct samr_DomInfo11 *r);
+void ndr_print_samr_DomInfo12(struct ndr_print *ndr, const char *name, const struct samr_DomInfo12 *r);
+void ndr_print_samr_DomInfo13(struct ndr_print *ndr, const char *name, const struct samr_DomInfo13 *r);
+void ndr_print_samr_DomainInfo(struct ndr_print *ndr, const char *name, const union samr_DomainInfo *r);
+void ndr_print_samr_Ids(struct ndr_print *ndr, const char *name, const struct samr_Ids *r);
+enum ndr_err_code ndr_push_samr_GroupAttrs(struct ndr_push *ndr, int ndr_flags, uint32_t r);
+enum ndr_err_code ndr_pull_samr_GroupAttrs(struct ndr_pull *ndr, int ndr_flags, uint32_t *r);
+void ndr_print_samr_GroupAttrs(struct ndr_print *ndr, const char *name, uint32_t r);
+void ndr_print_samr_GroupInfoAll(struct ndr_print *ndr, const char *name, const struct samr_GroupInfoAll *r);
+void ndr_print_samr_GroupInfoAttributes(struct ndr_print *ndr, const char *name, const struct samr_GroupInfoAttributes *r);
+void ndr_print_samr_GroupInfoEnum(struct ndr_print *ndr, const char *name, enum samr_GroupInfoEnum r);
+void ndr_print_samr_GroupInfo(struct ndr_print *ndr, const char *name, const union samr_GroupInfo *r);
+void ndr_print_samr_RidTypeArray(struct ndr_print *ndr, const char *name, const struct samr_RidTypeArray *r);
+void ndr_print_samr_AliasInfoAll(struct ndr_print *ndr, const char *name, const struct samr_AliasInfoAll *r);
+void ndr_print_samr_AliasInfoEnum(struct ndr_print *ndr, const char *name, enum samr_AliasInfoEnum r);
+void ndr_print_samr_AliasInfo(struct ndr_print *ndr, const char *name, const union samr_AliasInfo *r);
+void ndr_print_samr_UserInfo1(struct ndr_print *ndr, const char *name, const struct samr_UserInfo1 *r);
+void ndr_print_samr_UserInfo2(struct ndr_print *ndr, const char *name, const struct samr_UserInfo2 *r);
+enum ndr_err_code ndr_push_samr_LogonHours(struct ndr_push *ndr, int ndr_flags, const struct samr_LogonHours *r);
+enum ndr_err_code ndr_pull_samr_LogonHours(struct ndr_pull *ndr, int ndr_flags, struct samr_LogonHours *r);
+void ndr_print_samr_LogonHours(struct ndr_print *ndr, const char *name, const struct samr_LogonHours *r);
+void ndr_print_samr_UserInfo3(struct ndr_print *ndr, const char *name, const struct samr_UserInfo3 *r);
+void ndr_print_samr_UserInfo4(struct ndr_print *ndr, const char *name, const struct samr_UserInfo4 *r);
+void ndr_print_samr_UserInfo5(struct ndr_print *ndr, const char *name, const struct samr_UserInfo5 *r);
+void ndr_print_samr_UserInfo6(struct ndr_print *ndr, const char *name, const struct samr_UserInfo6 *r);
+void ndr_print_samr_UserInfo7(struct ndr_print *ndr, const char *name, const struct samr_UserInfo7 *r);
+void ndr_print_samr_UserInfo8(struct ndr_print *ndr, const char *name, const struct samr_UserInfo8 *r);
+void ndr_print_samr_UserInfo9(struct ndr_print *ndr, const char *name, const struct samr_UserInfo9 *r);
+void ndr_print_samr_UserInfo10(struct ndr_print *ndr, const char *name, const struct samr_UserInfo10 *r);
+void ndr_print_samr_UserInfo11(struct ndr_print *ndr, const char *name, const struct samr_UserInfo11 *r);
+void ndr_print_samr_UserInfo12(struct ndr_print *ndr, const char *name, const struct samr_UserInfo12 *r);
+void ndr_print_samr_UserInfo13(struct ndr_print *ndr, const char *name, const struct samr_UserInfo13 *r);
+void ndr_print_samr_UserInfo14(struct ndr_print *ndr, const char *name, const struct samr_UserInfo14 *r);
+void ndr_print_samr_UserInfo16(struct ndr_print *ndr, const char *name, const struct samr_UserInfo16 *r);
+void ndr_print_samr_UserInfo17(struct ndr_print *ndr, const char *name, const struct samr_UserInfo17 *r);
+enum ndr_err_code ndr_push_samr_Password(struct ndr_push *ndr, int ndr_flags, const struct samr_Password *r);
+enum ndr_err_code ndr_pull_samr_Password(struct ndr_pull *ndr, int ndr_flags, struct samr_Password *r);
+void ndr_print_samr_Password(struct ndr_print *ndr, const char *name, const struct samr_Password *r);
+void ndr_print_samr_UserInfo18(struct ndr_print *ndr, const char *name, const struct samr_UserInfo18 *r);
+void ndr_print_samr_UserInfo20(struct ndr_print *ndr, const char *name, const struct samr_UserInfo20 *r);
+void ndr_print_samr_FieldsPresent(struct ndr_print *ndr, const char *name, uint32_t r);
+void ndr_print_samr_UserInfo21(struct ndr_print *ndr, const char *name, const struct samr_UserInfo21 *r);
+enum ndr_err_code ndr_push_samr_CryptPassword(struct ndr_push *ndr, int ndr_flags, const struct samr_CryptPassword *r);
+enum ndr_err_code ndr_pull_samr_CryptPassword(struct ndr_pull *ndr, int ndr_flags, struct samr_CryptPassword *r);
+void ndr_print_samr_CryptPassword(struct ndr_print *ndr, const char *name, const struct samr_CryptPassword *r);
+void ndr_print_samr_UserInfo23(struct ndr_print *ndr, const char *name, const struct samr_UserInfo23 *r);
+void ndr_print_samr_UserInfo24(struct ndr_print *ndr, const char *name, const struct samr_UserInfo24 *r);
+void ndr_print_samr_CryptPasswordEx(struct ndr_print *ndr, const char *name, const struct samr_CryptPasswordEx *r);
+void ndr_print_samr_UserInfo25(struct ndr_print *ndr, const char *name, const struct samr_UserInfo25 *r);
+void ndr_print_samr_UserInfo26(struct ndr_print *ndr, const char *name, const struct samr_UserInfo26 *r);
+void ndr_print_samr_UserInfo(struct ndr_print *ndr, const char *name, const union samr_UserInfo *r);
+enum ndr_err_code ndr_push_samr_RidWithAttribute(struct ndr_push *ndr, int ndr_flags, const struct samr_RidWithAttribute *r);
+enum ndr_err_code ndr_pull_samr_RidWithAttribute(struct ndr_pull *ndr, int ndr_flags, struct samr_RidWithAttribute *r);
+void ndr_print_samr_RidWithAttribute(struct ndr_print *ndr, const char *name, const struct samr_RidWithAttribute *r);
+enum ndr_err_code ndr_push_samr_RidWithAttributeArray(struct ndr_push *ndr, int ndr_flags, const struct samr_RidWithAttributeArray *r);
+enum ndr_err_code ndr_pull_samr_RidWithAttributeArray(struct ndr_pull *ndr, int ndr_flags, struct samr_RidWithAttributeArray *r);
+void ndr_print_samr_RidWithAttributeArray(struct ndr_print *ndr, const char *name, const struct samr_RidWithAttributeArray *r);
+void ndr_print_samr_DispEntryGeneral(struct ndr_print *ndr, const char *name, const struct samr_DispEntryGeneral *r);
+void ndr_print_samr_DispInfoGeneral(struct ndr_print *ndr, const char *name, const struct samr_DispInfoGeneral *r);
+void ndr_print_samr_DispEntryFull(struct ndr_print *ndr, const char *name, const struct samr_DispEntryFull *r);
+void ndr_print_samr_DispInfoFull(struct ndr_print *ndr, const char *name, const struct samr_DispInfoFull *r);
+void ndr_print_samr_DispEntryFullGroup(struct ndr_print *ndr, const char *name, const struct samr_DispEntryFullGroup *r);
+void ndr_print_samr_DispInfoFullGroups(struct ndr_print *ndr, const char *name, const struct samr_DispInfoFullGroups *r);
+void ndr_print_samr_DispEntryAscii(struct ndr_print *ndr, const char *name, const struct samr_DispEntryAscii *r);
+void ndr_print_samr_DispInfoAscii(struct ndr_print *ndr, const char *name, const struct samr_DispInfoAscii *r);
+void ndr_print_samr_DispInfo(struct ndr_print *ndr, const char *name, const union samr_DispInfo *r);
+void ndr_print_samr_PwInfo(struct ndr_print *ndr, const char *name, const struct samr_PwInfo *r);
+void ndr_print_samr_ConnectVersion(struct ndr_print *ndr, const char *name, enum samr_ConnectVersion r);
+void ndr_print_samr_ChangeReject(struct ndr_print *ndr, const char *name, const struct samr_ChangeReject *r);
+void ndr_print_samr_ConnectInfo1(struct ndr_print *ndr, const char *name, const struct samr_ConnectInfo1 *r);
+void ndr_print_samr_ConnectInfo(struct ndr_print *ndr, const char *name, const union samr_ConnectInfo *r);
+void ndr_print_samr_ValidateFieldsPresent(struct ndr_print *ndr, const char *name, uint32_t r);
+void ndr_print_samr_ValidatePasswordLevel(struct ndr_print *ndr, const char *name, enum samr_ValidatePasswordLevel r);
+void ndr_print_samr_ValidationStatus(struct ndr_print *ndr, const char *name, enum samr_ValidationStatus r);
+void ndr_print_samr_ValidationBlob(struct ndr_print *ndr, const char *name, const struct samr_ValidationBlob *r);
+void ndr_print_samr_ValidatePasswordInfo(struct ndr_print *ndr, const char *name, const struct samr_ValidatePasswordInfo *r);
+void ndr_print_samr_ValidatePasswordRepCtr(struct ndr_print *ndr, const char *name, const struct samr_ValidatePasswordRepCtr *r);
+void ndr_print_samr_ValidatePasswordRep(struct ndr_print *ndr, const char *name, const union samr_ValidatePasswordRep *r);
+void ndr_print_samr_ValidatePasswordReq3(struct ndr_print *ndr, const char *name, const struct samr_ValidatePasswordReq3 *r);
+void ndr_print_samr_ValidatePasswordReq2(struct ndr_print *ndr, const char *name, const struct samr_ValidatePasswordReq2 *r);
+void ndr_print_samr_ValidatePasswordReq1(struct ndr_print *ndr, const char *name, const struct samr_ValidatePasswordReq1 *r);
+void ndr_print_samr_ValidatePasswordReq(struct ndr_print *ndr, const char *name, const union samr_ValidatePasswordReq *r);
+void ndr_print_samr_Connect(struct ndr_print *ndr, const char *name, int flags, const struct samr_Connect *r);
+enum ndr_err_code ndr_push_samr_Close(struct ndr_push *ndr, int flags, const struct samr_Close *r);
+enum ndr_err_code ndr_pull_samr_Close(struct ndr_pull *ndr, int flags, struct samr_Close *r);
+void ndr_print_samr_Close(struct ndr_print *ndr, const char *name, int flags, const struct samr_Close *r);
+void ndr_print_samr_SetSecurity(struct ndr_print *ndr, const char *name, int flags, const struct samr_SetSecurity *r);
+void ndr_print_samr_QuerySecurity(struct ndr_print *ndr, const char *name, int flags, const struct samr_QuerySecurity *r);
+void ndr_print_samr_Shutdown(struct ndr_print *ndr, const char *name, int flags, const struct samr_Shutdown *r);
+void ndr_print_samr_LookupDomain(struct ndr_print *ndr, const char *name, int flags, const struct samr_LookupDomain *r);
+void ndr_print_samr_EnumDomains(struct ndr_print *ndr, const char *name, int flags, const struct samr_EnumDomains *r);
+enum ndr_err_code ndr_push_samr_OpenDomain(struct ndr_push *ndr, int flags, const struct samr_OpenDomain *r);
+enum ndr_err_code ndr_pull_samr_OpenDomain(struct ndr_pull *ndr, int flags, struct samr_OpenDomain *r);
+void ndr_print_samr_OpenDomain(struct ndr_print *ndr, const char *name, int flags, const struct samr_OpenDomain *r);
+void ndr_print_samr_QueryDomainInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_QueryDomainInfo *r);
+void ndr_print_samr_SetDomainInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_SetDomainInfo *r);
+void ndr_print_samr_CreateDomainGroup(struct ndr_print *ndr, const char *name, int flags, const struct samr_CreateDomainGroup *r);
+void ndr_print_samr_EnumDomainGroups(struct ndr_print *ndr, const char *name, int flags, const struct samr_EnumDomainGroups *r);
+void ndr_print_samr_CreateUser(struct ndr_print *ndr, const char *name, int flags, const struct samr_CreateUser *r);
+void ndr_print_samr_EnumDomainUsers(struct ndr_print *ndr, const char *name, int flags, const struct samr_EnumDomainUsers *r);
+void ndr_print_samr_CreateDomAlias(struct ndr_print *ndr, const char *name, int flags, const struct samr_CreateDomAlias *r);
+void ndr_print_samr_EnumDomainAliases(struct ndr_print *ndr, const char *name, int flags, const struct samr_EnumDomainAliases *r);
+void ndr_print_samr_GetAliasMembership(struct ndr_print *ndr, const char *name, int flags, const struct samr_GetAliasMembership *r);
+enum ndr_err_code ndr_push_samr_LookupNames(struct ndr_push *ndr, int flags, const struct samr_LookupNames *r);
+enum ndr_err_code ndr_pull_samr_LookupNames(struct ndr_pull *ndr, int flags, struct samr_LookupNames *r);
+void ndr_print_samr_LookupNames(struct ndr_print *ndr, const char *name, int flags, const struct samr_LookupNames *r);
+void ndr_print_samr_LookupRids(struct ndr_print *ndr, const char *name, int flags, const struct samr_LookupRids *r);
+void ndr_print_samr_OpenGroup(struct ndr_print *ndr, const char *name, int flags, const struct samr_OpenGroup *r);
+void ndr_print_samr_QueryGroupInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_QueryGroupInfo *r);
+void ndr_print_samr_SetGroupInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_SetGroupInfo *r);
+void ndr_print_samr_AddGroupMember(struct ndr_print *ndr, const char *name, int flags, const struct samr_AddGroupMember *r);
+void ndr_print_samr_DeleteDomainGroup(struct ndr_print *ndr, const char *name, int flags, const struct samr_DeleteDomainGroup *r);
+void ndr_print_samr_DeleteGroupMember(struct ndr_print *ndr, const char *name, int flags, const struct samr_DeleteGroupMember *r);
+void ndr_print_samr_QueryGroupMember(struct ndr_print *ndr, const char *name, int flags, const struct samr_QueryGroupMember *r);
+void ndr_print_samr_SetMemberAttributesOfGroup(struct ndr_print *ndr, const char *name, int flags, const struct samr_SetMemberAttributesOfGroup *r);
+void ndr_print_samr_OpenAlias(struct ndr_print *ndr, const char *name, int flags, const struct samr_OpenAlias *r);
+void ndr_print_samr_QueryAliasInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_QueryAliasInfo *r);
+void ndr_print_samr_SetAliasInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_SetAliasInfo *r);
+void ndr_print_samr_DeleteDomAlias(struct ndr_print *ndr, const char *name, int flags, const struct samr_DeleteDomAlias *r);
+void ndr_print_samr_AddAliasMember(struct ndr_print *ndr, const char *name, int flags, const struct samr_AddAliasMember *r);
+void ndr_print_samr_DeleteAliasMember(struct ndr_print *ndr, const char *name, int flags, const struct samr_DeleteAliasMember *r);
+void ndr_print_samr_GetMembersInAlias(struct ndr_print *ndr, const char *name, int flags, const struct samr_GetMembersInAlias *r);
+enum ndr_err_code ndr_push_samr_OpenUser(struct ndr_push *ndr, int flags, const struct samr_OpenUser *r);
+enum ndr_err_code ndr_pull_samr_OpenUser(struct ndr_pull *ndr, int flags, struct samr_OpenUser *r);
+void ndr_print_samr_OpenUser(struct ndr_print *ndr, const char *name, int flags, const struct samr_OpenUser *r);
+void ndr_print_samr_DeleteUser(struct ndr_print *ndr, const char *name, int flags, const struct samr_DeleteUser *r);
+enum ndr_err_code ndr_push_samr_QueryUserInfo(struct ndr_push *ndr, int flags, const struct samr_QueryUserInfo *r);
+enum ndr_err_code ndr_pull_samr_QueryUserInfo(struct ndr_pull *ndr, int flags, struct samr_QueryUserInfo *r);
+void ndr_print_samr_QueryUserInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_QueryUserInfo *r);
+enum ndr_err_code ndr_push_samr_SetUserInfo(struct ndr_push *ndr, int flags, const struct samr_SetUserInfo *r);
+enum ndr_err_code ndr_pull_samr_SetUserInfo(struct ndr_pull *ndr, int flags, struct samr_SetUserInfo *r);
+void ndr_print_samr_SetUserInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_SetUserInfo *r);
+void ndr_print_samr_ChangePasswordUser(struct ndr_print *ndr, const char *name, int flags, const struct samr_ChangePasswordUser *r);
+void ndr_print_samr_GetGroupsForUser(struct ndr_print *ndr, const char *name, int flags, const struct samr_GetGroupsForUser *r);
+void ndr_print_samr_QueryDisplayInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_QueryDisplayInfo *r);
+void ndr_print_samr_GetDisplayEnumerationIndex(struct ndr_print *ndr, const char *name, int flags, const struct samr_GetDisplayEnumerationIndex *r);
+void ndr_print_samr_TestPrivateFunctionsDomain(struct ndr_print *ndr, const char *name, int flags, const struct samr_TestPrivateFunctionsDomain *r);
+void ndr_print_samr_TestPrivateFunctionsUser(struct ndr_print *ndr, const char *name, int flags, const struct samr_TestPrivateFunctionsUser *r);
+enum ndr_err_code ndr_push_samr_GetUserPwInfo(struct ndr_push *ndr, int flags, const struct samr_GetUserPwInfo *r);
+enum ndr_err_code ndr_pull_samr_GetUserPwInfo(struct ndr_pull *ndr, int flags, struct samr_GetUserPwInfo *r);
+void ndr_print_samr_GetUserPwInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_GetUserPwInfo *r);
+void ndr_print_samr_RemoveMemberFromForeignDomain(struct ndr_print *ndr, const char *name, int flags, const struct samr_RemoveMemberFromForeignDomain *r);
+void ndr_print_samr_QueryDomainInfo2(struct ndr_print *ndr, const char *name, int flags, const struct samr_QueryDomainInfo2 *r);
+void ndr_print_samr_QueryUserInfo2(struct ndr_print *ndr, const char *name, int flags, const struct samr_QueryUserInfo2 *r);
+void ndr_print_samr_QueryDisplayInfo2(struct ndr_print *ndr, const char *name, int flags, const struct samr_QueryDisplayInfo2 *r);
+void ndr_print_samr_GetDisplayEnumerationIndex2(struct ndr_print *ndr, const char *name, int flags, const struct samr_GetDisplayEnumerationIndex2 *r);
+void ndr_print_samr_CreateUser2(struct ndr_print *ndr, const char *name, int flags, const struct samr_CreateUser2 *r);
+void ndr_print_samr_QueryDisplayInfo3(struct ndr_print *ndr, const char *name, int flags, const struct samr_QueryDisplayInfo3 *r);
+void ndr_print_samr_AddMultipleMembersToAlias(struct ndr_print *ndr, const char *name, int flags, const struct samr_AddMultipleMembersToAlias *r);
+void ndr_print_samr_RemoveMultipleMembersFromAlias(struct ndr_print *ndr, const char *name, int flags, const struct samr_RemoveMultipleMembersFromAlias *r);
+void ndr_print_samr_OemChangePasswordUser2(struct ndr_print *ndr, const char *name, int flags, const struct samr_OemChangePasswordUser2 *r);
+void ndr_print_samr_ChangePasswordUser2(struct ndr_print *ndr, const char *name, int flags, const struct samr_ChangePasswordUser2 *r);
+void ndr_print_samr_GetDomPwInfo(struct ndr_print *ndr, const char *name, int flags, const struct samr_GetDomPwInfo *r);
+void ndr_print_samr_Connect2(struct ndr_print *ndr, const char *name, int flags, const struct samr_Connect2 *r);
+enum ndr_err_code ndr_push_samr_SetUserInfo2(struct ndr_push *ndr, int flags, const struct samr_SetUserInfo2 *r);
+enum ndr_err_code ndr_pull_samr_SetUserInfo2(struct ndr_pull *ndr, int flags, struct samr_SetUserInfo2 *r);
+void ndr_print_samr_SetUserInfo2(struct ndr_print *ndr, const char *name, int flags, const struct samr_SetUserInfo2 *r);
+void ndr_print_samr_SetBootKeyInformation(struct ndr_print *ndr, const char *name, int flags, const struct samr_SetBootKeyInformation *r);
+void ndr_print_samr_GetBootKeyInformation(struct ndr_print *ndr, const char *name, int flags, const struct samr_GetBootKeyInformation *r);
+void ndr_print_samr_Connect3(struct ndr_print *ndr, const char *name, int flags, const struct samr_Connect3 *r);
+void ndr_print_samr_Connect4(struct ndr_print *ndr, const char *name, int flags, const struct samr_Connect4 *r);
+void ndr_print_samr_ChangePasswordUser3(struct ndr_print *ndr, const char *name, int flags, const struct samr_ChangePasswordUser3 *r);
+enum ndr_err_code ndr_push_samr_Connect5(struct ndr_push *ndr, int flags, const struct samr_Connect5 *r);
+enum ndr_err_code ndr_pull_samr_Connect5(struct ndr_pull *ndr, int flags, struct samr_Connect5 *r);
+void ndr_print_samr_Connect5(struct ndr_print *ndr, const char *name, int flags, const struct samr_Connect5 *r);
+void ndr_print_samr_RidToSid(struct ndr_print *ndr, const char *name, int flags, const struct samr_RidToSid *r);
+void ndr_print_samr_SetDsrmPassword(struct ndr_print *ndr, const char *name, int flags, const struct samr_SetDsrmPassword *r);
+void ndr_print_samr_ValidatePassword(struct ndr_print *ndr, const char *name, int flags, const struct samr_ValidatePassword *r);
+#endif /* _HEADER_NDR_samr */
diff --git a/source3/librpc/gen_ndr/ndr_security.c b/source3/librpc/gen_ndr/ndr_security.c
new file mode 100644
index 0000000000..cbeabf48e5
--- /dev/null
+++ b/source3/librpc/gen_ndr/ndr_security.c
@@ -0,0 +1,1026 @@
+/* parser auto-generated by pidl */
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+#include "librpc/gen_ndr/ndr_misc.h"
+static enum ndr_err_code ndr_push_security_ace_flags(struct ndr_push *ndr, int ndr_flags, uint8_t r)
+{
+	NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_security_ace_flags(struct ndr_pull *ndr, int ndr_flags, uint8_t *r)
+{
+	uint8_t v;
+	NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_security_ace_flags(struct ndr_print *ndr, const char *name, uint8_t r)
+{
+	ndr_print_uint8(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_OBJECT_INHERIT", SEC_ACE_FLAG_OBJECT_INHERIT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_CONTAINER_INHERIT", SEC_ACE_FLAG_CONTAINER_INHERIT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_NO_PROPAGATE_INHERIT", SEC_ACE_FLAG_NO_PROPAGATE_INHERIT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_INHERIT_ONLY", SEC_ACE_FLAG_INHERIT_ONLY, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_INHERITED_ACE", SEC_ACE_FLAG_INHERITED_ACE, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_VALID_INHERIT", SEC_ACE_FLAG_VALID_INHERIT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_SUCCESSFUL_ACCESS", SEC_ACE_FLAG_SUCCESSFUL_ACCESS, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_FAILED_ACCESS", SEC_ACE_FLAG_FAILED_ACCESS, r);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_security_ace_type(struct ndr_push *ndr, int ndr_flags, enum security_ace_type r)
+{
+	NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_security_ace_type(struct ndr_pull *ndr, int ndr_flags, enum security_ace_type *r)
+{
+	uint8_t v;
+	NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_security_ace_type(struct ndr_print *ndr, const char *name, enum security_ace_type r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case SEC_ACE_TYPE_ACCESS_ALLOWED: val = "SEC_ACE_TYPE_ACCESS_ALLOWED"; break;
+		case SEC_ACE_TYPE_ACCESS_DENIED: val = "SEC_ACE_TYPE_ACCESS_DENIED"; break;
+		case SEC_ACE_TYPE_SYSTEM_AUDIT: val = "SEC_ACE_TYPE_SYSTEM_AUDIT"; break;
+		case SEC_ACE_TYPE_SYSTEM_ALARM: val = "SEC_ACE_TYPE_SYSTEM_ALARM"; break;
+		case SEC_ACE_TYPE_ALLOWED_COMPOUND: val = "SEC_ACE_TYPE_ALLOWED_COMPOUND"; break;
+		case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: val = "SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT"; break;
+		case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: val = "SEC_ACE_TYPE_ACCESS_DENIED_OBJECT"; break;
+		case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT: val = "SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT"; break;
+		case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT: val = "SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
+static enum ndr_err_code ndr_push_security_ace_object_flags(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_security_ace_object_flags(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_security_ace_object_flags(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+	ndr_print_uint32(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SEC_ACE_OBJECT_TYPE_PRESENT", SEC_ACE_OBJECT_TYPE_PRESENT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT", SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT, r);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_security_ace_object_type(struct ndr_push *ndr, int ndr_flags, const union security_ace_object_type *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		switch (level) {
+			case SEC_ACE_OBJECT_TYPE_PRESENT: {
+				NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS, &r->type));
+			break; }
+
+			default: {
+			break; }
+
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		switch (level) {
+			case SEC_ACE_OBJECT_TYPE_PRESENT:
+			break;
+
+			default:
+			break;
+
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_security_ace_object_type(struct ndr_pull *ndr, int ndr_flags, union security_ace_object_type *r)
+{
+	int level;
+	level = ndr_pull_get_switch_value(ndr, r);
+	if (ndr_flags & NDR_SCALARS) {
+		switch (level) {
+			case SEC_ACE_OBJECT_TYPE_PRESENT: {
+				NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->type));
+			break; }
+
+			default: {
+			break; }
+
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		switch (level) {
+			case SEC_ACE_OBJECT_TYPE_PRESENT:
+			break;
+
+			default:
+			break;
+
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_security_ace_object_type(struct ndr_print *ndr, const char *name, const union security_ace_object_type *r)
+{
+	int level;
+	level = ndr_print_get_switch_value(ndr, r);
+	ndr_print_union(ndr, name, level, "security_ace_object_type");
+	switch (level) {
+		case SEC_ACE_OBJECT_TYPE_PRESENT:
+			ndr_print_GUID(ndr, "type", &r->type);
+		break;
+
+		default:
+		break;
+
+	}
+}
+
+static enum ndr_err_code ndr_push_security_ace_object_inherited_type(struct ndr_push *ndr, int ndr_flags, const union security_ace_object_inherited_type *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		switch (level) {
+			case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT: {
+				NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS, &r->inherited_type));
+			break; }
+
+			default: {
+			break; }
+
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		switch (level) {
+			case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
+			break;
+
+			default:
+			break;
+
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr, int ndr_flags, union security_ace_object_inherited_type *r)
+{
+	int level;
+	level = ndr_pull_get_switch_value(ndr, r);
+	if (ndr_flags & NDR_SCALARS) {
+		switch (level) {
+			case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT: {
+				NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->inherited_type));
+			break; }
+
+			default: {
+			break; }
+
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		switch (level) {
+			case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
+			break;
+
+			default:
+			break;
+
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_security_ace_object_inherited_type(struct ndr_print *ndr, const char *name, const union security_ace_object_inherited_type *r)
+{
+	int level;
+	level = ndr_print_get_switch_value(ndr, r);
+	ndr_print_union(ndr, name, level, "security_ace_object_inherited_type");
+	switch (level) {
+		case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
+			ndr_print_GUID(ndr, "inherited_type", &r->inherited_type);
+		break;
+
+		default:
+		break;
+
+	}
+}
+
+static enum ndr_err_code ndr_push_security_ace_object(struct ndr_push *ndr, int ndr_flags, const struct security_ace_object *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_security_ace_object_flags(ndr, NDR_SCALARS, r->flags));
+		NDR_CHECK(ndr_push_set_switch_value(ndr, &r->type, r->flags & SEC_ACE_OBJECT_TYPE_PRESENT));
+		NDR_CHECK(ndr_push_security_ace_object_type(ndr, NDR_SCALARS, &r->type));
+		NDR_CHECK(ndr_push_set_switch_value(ndr, &r->inherited_type, r->flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT));
+		NDR_CHECK(ndr_push_security_ace_object_inherited_type(ndr, NDR_SCALARS, &r->inherited_type));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_security_ace_object_type(ndr, NDR_BUFFERS, &r->type));
+		NDR_CHECK(ndr_push_security_ace_object_inherited_type(ndr, NDR_BUFFERS, &r->inherited_type));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_security_ace_object(struct ndr_pull *ndr, int ndr_flags, struct security_ace_object *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_security_ace_object_flags(ndr, NDR_SCALARS, &r->flags));
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->type, r->flags & SEC_ACE_OBJECT_TYPE_PRESENT));
+		NDR_CHECK(ndr_pull_security_ace_object_type(ndr, NDR_SCALARS, &r->type));
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->inherited_type, r->flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT));
+		NDR_CHECK(ndr_pull_security_ace_object_inherited_type(ndr, NDR_SCALARS, &r->inherited_type));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_security_ace_object_type(ndr, NDR_BUFFERS, &r->type));
+		NDR_CHECK(ndr_pull_security_ace_object_inherited_type(ndr, NDR_BUFFERS, &r->inherited_type));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_security_ace_object(struct ndr_print *ndr, const char *name, const struct security_ace_object *r)
+{
+	ndr_print_struct(ndr, name, "security_ace_object");
+	ndr->depth++;
+	ndr_print_security_ace_object_flags(ndr, "flags", r->flags);
+	ndr_print_set_switch_value(ndr, &r->type, r->flags & SEC_ACE_OBJECT_TYPE_PRESENT);
+	ndr_print_security_ace_object_type(ndr, "type", &r->type);
+	ndr_print_set_switch_value(ndr, &r->inherited_type, r->flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT);
+	ndr_print_security_ace_object_inherited_type(ndr, "inherited_type", &r->inherited_type);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_security_ace_object_ctr(struct ndr_push *ndr, int ndr_flags, const union security_ace_object_ctr *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		switch (level) {
+			case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: {
+				NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_SCALARS, &r->object));
+			break; }
+
+			case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: {
+				NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_SCALARS, &r->object));
+			break; }
+
+			case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT: {
+				NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_SCALARS, &r->object));
+			break; }
+
+			case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT: {
+				NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_SCALARS, &r->object));
+			break; }
+
+			default: {
+			break; }
+
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		int level = ndr_push_get_switch_value(ndr, r);
+		switch (level) {
+			case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
+				NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_BUFFERS, &r->object));
+			break;
+
+			case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
+				NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_BUFFERS, &r->object));
+			break;
+
+			case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
+				NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_BUFFERS, &r->object));
+			break;
+
+			case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
+				NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_BUFFERS, &r->object));
+			break;
+
+			default:
+			break;
+
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr, int ndr_flags, union security_ace_object_ctr *r)
+{
+	int level;
+	level = ndr_pull_get_switch_value(ndr, r);
+	if (ndr_flags & NDR_SCALARS) {
+		switch (level) {
+			case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: {
+				NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_SCALARS, &r->object));
+			break; }
+
+			case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: {
+				NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_SCALARS, &r->object));
+			break; }
+
+			case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT: {
+				NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_SCALARS, &r->object));
+			break; }
+
+			case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT: {
+				NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_SCALARS, &r->object));
+			break; }
+
+			default: {
+			break; }
+
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		switch (level) {
+			case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
+				NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_BUFFERS, &r->object));
+			break;
+
+			case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
+				NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_BUFFERS, &r->object));
+			break;
+
+			case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
+				NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_BUFFERS, &r->object));
+			break;
+
+			case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
+				NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_BUFFERS, &r->object));
+			break;
+
+			default:
+			break;
+
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_security_ace_object_ctr(struct ndr_print *ndr, const char *name, const union security_ace_object_ctr *r)
+{
+	int level;
+	level = ndr_print_get_switch_value(ndr, r);
+	ndr_print_union(ndr, name, level, "security_ace_object_ctr");
+	switch (level) {
+		case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
+			ndr_print_security_ace_object(ndr, "object", &r->object);
+		break;
+
+		case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
+			ndr_print_security_ace_object(ndr, "object", &r->object);
+		break;
+
+		case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
+			ndr_print_security_ace_object(ndr, "object", &r->object);
+		break;
+
+		case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
+			ndr_print_security_ace_object(ndr, "object", &r->object);
+		break;
+
+		default:
+		break;
+
+	}
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_security_ace(struct ndr_push *ndr, int ndr_flags, const struct security_ace *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_security_ace_type(ndr, NDR_SCALARS, r->type));
+		NDR_CHECK(ndr_push_security_ace_flags(ndr, NDR_SCALARS, r->flags));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, ndr_size_security_ace(r, ndr->flags)));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->access_mask));
+		NDR_CHECK(ndr_push_set_switch_value(ndr, &r->object, r->type));
+		NDR_CHECK(ndr_push_security_ace_object_ctr(ndr, NDR_SCALARS, &r->object));
+		NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, &r->trustee));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_push_security_ace_object_ctr(ndr, NDR_BUFFERS, &r->object));
+		NDR_CHECK(ndr_push_dom_sid(ndr, NDR_BUFFERS, &r->trustee));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_security_ace(struct ndr_pull *ndr, int ndr_flags, struct security_ace *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_security_ace_type(ndr, NDR_SCALARS, &r->type));
+		NDR_CHECK(ndr_pull_security_ace_flags(ndr, NDR_SCALARS, &r->flags));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->access_mask));
+		NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object, r->type));
+		NDR_CHECK(ndr_pull_security_ace_object_ctr(ndr, NDR_SCALARS, &r->object));
+		NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->trustee));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		NDR_CHECK(ndr_pull_security_ace_object_ctr(ndr, NDR_BUFFERS, &r->object));
+		NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_BUFFERS, &r->trustee));
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_security_ace(struct ndr_print *ndr, const char *name, const struct security_ace *r)
+{
+	ndr_print_struct(ndr, name, "security_ace");
+	ndr->depth++;
+	ndr_print_security_ace_type(ndr, "type", r->type);
+	ndr_print_security_ace_flags(ndr, "flags", r->flags);
+	ndr_print_uint16(ndr, "size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?ndr_size_security_ace(r, ndr->flags):r->size);
+	ndr_print_uint32(ndr, "access_mask", r->access_mask);
+	ndr_print_set_switch_value(ndr, &r->object, r->type);
+	ndr_print_security_ace_object_ctr(ndr, "object", &r->object);
+	ndr_print_dom_sid(ndr, "trustee", &r->trustee);
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_security_acl_revision(struct ndr_push *ndr, int ndr_flags, enum security_acl_revision r)
+{
+	NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_security_acl_revision(struct ndr_pull *ndr, int ndr_flags, enum security_acl_revision *r)
+{
+	uint16_t v;
+	NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_security_acl_revision(struct ndr_print *ndr, const char *name, enum security_acl_revision r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case SECURITY_ACL_REVISION_NT4: val = "SECURITY_ACL_REVISION_NT4"; break;
+		case SECURITY_ACL_REVISION_ADS: val = "SECURITY_ACL_REVISION_ADS"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_security_acl(struct ndr_push *ndr, int ndr_flags, const struct security_acl *r)
+{
+	uint32_t cntr_aces_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_security_acl_revision(ndr, NDR_SCALARS, r->revision));
+		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, ndr_size_security_acl(r, ndr->flags)));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->num_aces));
+		for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) {
+			NDR_CHECK(ndr_push_security_ace(ndr, NDR_SCALARS, &r->aces[cntr_aces_0]));
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) {
+			NDR_CHECK(ndr_push_security_ace(ndr, NDR_BUFFERS, &r->aces[cntr_aces_0]));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_security_acl(struct ndr_pull *ndr, int ndr_flags, struct security_acl *r)
+{
+	uint32_t cntr_aces_0;
+	TALLOC_CTX *_mem_save_aces_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_security_acl_revision(ndr, NDR_SCALARS, &r->revision));
+		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_aces));
+		if (r->num_aces < 0 || r->num_aces > 1000) {
+			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+		}
+		NDR_PULL_ALLOC_N(ndr, r->aces, r->num_aces);
+		_mem_save_aces_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->aces, 0);
+		for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) {
+			NDR_CHECK(ndr_pull_security_ace(ndr, NDR_SCALARS, &r->aces[cntr_aces_0]));
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_aces_0, 0);
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		_mem_save_aces_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->aces, 0);
+		for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) {
+			NDR_CHECK(ndr_pull_security_ace(ndr, NDR_BUFFERS, &r->aces[cntr_aces_0]));
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_aces_0, 0);
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_security_acl(struct ndr_print *ndr, const char *name, const struct security_acl *r)
+{
+	uint32_t cntr_aces_0;
+	ndr_print_struct(ndr, name, "security_acl");
+	ndr->depth++;
+	ndr_print_security_acl_revision(ndr, "revision", r->revision);
+	ndr_print_uint16(ndr, "size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?ndr_size_security_acl(r, ndr->flags):r->size);
+	ndr_print_uint32(ndr, "num_aces", r->num_aces);
+	ndr->print(ndr, "%s: ARRAY(%d)", "aces", r->num_aces);
+	ndr->depth++;
+	for (cntr_aces_0=0;cntr_aces_0<r->num_aces;cntr_aces_0++) {
+		char *idx_0=NULL;
+		if (asprintf(&idx_0, "[%d]", cntr_aces_0) != -1) {
+			ndr_print_security_ace(ndr, "aces", &r->aces[cntr_aces_0]);
+			free(idx_0);
+		}
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+static enum ndr_err_code ndr_push_security_descriptor_revision(struct ndr_push *ndr, int ndr_flags, enum security_descriptor_revision r)
+{
+	NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_security_descriptor_revision(struct ndr_pull *ndr, int ndr_flags, enum security_descriptor_revision *r)
+{
+	uint8_t v;
+	NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_security_descriptor_revision(struct ndr_print *ndr, const char *name, enum security_descriptor_revision r)
+{
+	const char *val = NULL;
+
+	switch (r) {
+		case SECURITY_DESCRIPTOR_REVISION_1: val = "SECURITY_DESCRIPTOR_REVISION_1"; break;
+	}
+	ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
+static enum ndr_err_code ndr_push_security_descriptor_type(struct ndr_push *ndr, int ndr_flags, uint16_t r)
+{
+	NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_security_descriptor_type(struct ndr_pull *ndr, int ndr_flags, uint16_t *r)
+{
+	uint16_t v;
+	NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_security_descriptor_type(struct ndr_print *ndr, const char *name, uint16_t r)
+{
+	ndr_print_uint16(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_OWNER_DEFAULTED", SEC_DESC_OWNER_DEFAULTED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_GROUP_DEFAULTED", SEC_DESC_GROUP_DEFAULTED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_PRESENT", SEC_DESC_DACL_PRESENT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_DEFAULTED", SEC_DESC_DACL_DEFAULTED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SACL_PRESENT", SEC_DESC_SACL_PRESENT, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SACL_DEFAULTED", SEC_DESC_SACL_DEFAULTED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_TRUSTED", SEC_DESC_DACL_TRUSTED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SERVER_SECURITY", SEC_DESC_SERVER_SECURITY, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_AUTO_INHERIT_REQ", SEC_DESC_DACL_AUTO_INHERIT_REQ, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SACL_AUTO_INHERIT_REQ", SEC_DESC_SACL_AUTO_INHERIT_REQ, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_AUTO_INHERITED", SEC_DESC_DACL_AUTO_INHERITED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SACL_AUTO_INHERITED", SEC_DESC_SACL_AUTO_INHERITED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_PROTECTED", SEC_DESC_DACL_PROTECTED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SACL_PROTECTED", SEC_DESC_SACL_PROTECTED, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_RM_CONTROL_VALID", SEC_DESC_RM_CONTROL_VALID, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SELF_RELATIVE", SEC_DESC_SELF_RELATIVE, r);
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_security_descriptor(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor *r)
+{
+	{
+		uint32_t _flags_save_STRUCT = ndr->flags;
+		ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
+		if (ndr_flags & NDR_SCALARS) {
+			NDR_CHECK(ndr_push_align(ndr, 4));
+			NDR_CHECK(ndr_push_security_descriptor_revision(ndr, NDR_SCALARS, r->revision));
+			NDR_CHECK(ndr_push_security_descriptor_type(ndr, NDR_SCALARS, r->type));
+			NDR_CHECK(ndr_push_relative_ptr1(ndr, r->owner_sid));
+			NDR_CHECK(ndr_push_relative_ptr1(ndr, r->group_sid));
+			NDR_CHECK(ndr_push_relative_ptr1(ndr, r->sacl));
+			NDR_CHECK(ndr_push_relative_ptr1(ndr, r->dacl));
+		}
+		if (ndr_flags & NDR_BUFFERS) {
+			if (r->owner_sid) {
+				NDR_CHECK(ndr_push_relative_ptr2(ndr, r->owner_sid));
+				NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->owner_sid));
+			}
+			if (r->group_sid) {
+				NDR_CHECK(ndr_push_relative_ptr2(ndr, r->group_sid));
+				NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid));
+			}
+			if (r->sacl) {
+				NDR_CHECK(ndr_push_relative_ptr2(ndr, r->sacl));
+				NDR_CHECK(ndr_push_security_acl(ndr, NDR_SCALARS|NDR_BUFFERS, r->sacl));
+			}
+			if (r->dacl) {
+				NDR_CHECK(ndr_push_relative_ptr2(ndr, r->dacl));
+				NDR_CHECK(ndr_push_security_acl(ndr, NDR_SCALARS|NDR_BUFFERS, r->dacl));
+			}
+		}
+		ndr->flags = _flags_save_STRUCT;
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor *r)
+{
+	uint32_t _ptr_owner_sid;
+	TALLOC_CTX *_mem_save_owner_sid_0;
+	uint32_t _ptr_group_sid;
+	TALLOC_CTX *_mem_save_group_sid_0;
+	uint32_t _ptr_sacl;
+	TALLOC_CTX *_mem_save_sacl_0;
+	uint32_t _ptr_dacl;
+	TALLOC_CTX *_mem_save_dacl_0;
+	{
+		uint32_t _flags_save_STRUCT = ndr->flags;
+		ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
+		if (ndr_flags & NDR_SCALARS) {
+			NDR_CHECK(ndr_pull_align(ndr, 4));
+			NDR_CHECK(ndr_pull_security_descriptor_revision(ndr, NDR_SCALARS, &r->revision));
+			NDR_CHECK(ndr_pull_security_descriptor_type(ndr, NDR_SCALARS, &r->type));
+			NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_owner_sid));
+			if (_ptr_owner_sid) {
+				NDR_PULL_ALLOC(ndr, r->owner_sid);
+				NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->owner_sid, _ptr_owner_sid));
+			} else {
+				r->owner_sid = NULL;
+			}
+			NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_sid));
+			if (_ptr_group_sid) {
+				NDR_PULL_ALLOC(ndr, r->group_sid);
+				NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->group_sid, _ptr_group_sid));
+			} else {
+				r->group_sid = NULL;
+			}
+			NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sacl));
+			if (_ptr_sacl) {
+				NDR_PULL_ALLOC(ndr, r->sacl);
+				NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->sacl, _ptr_sacl));
+			} else {
+				r->sacl = NULL;
+			}
+			NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dacl));
+			if (_ptr_dacl) {
+				NDR_PULL_ALLOC(ndr, r->dacl);
+				NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->dacl, _ptr_dacl));
+			} else {
+				r->dacl = NULL;
+			}
+		}
+		if (ndr_flags & NDR_BUFFERS) {
+			if (r->owner_sid) {
+				uint32_t _relative_save_offset;
+				_relative_save_offset = ndr->offset;
+				NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid));
+				_mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+				NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0);
+				NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->owner_sid));
+				NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0);
+				ndr->offset = _relative_save_offset;
+			}
+			if (r->group_sid) {
+				uint32_t _relative_save_offset;
+				_relative_save_offset = ndr->offset;
+				NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid));
+				_mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+				NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0);
+				NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid));
+				NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0);
+				ndr->offset = _relative_save_offset;
+			}
+			if (r->sacl) {
+				uint32_t _relative_save_offset;
+				_relative_save_offset = ndr->offset;
+				NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->sacl));
+				_mem_save_sacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
+				NDR_PULL_SET_MEM_CTX(ndr, r->sacl, 0);
+				NDR_CHECK(ndr_pull_security_acl(ndr, NDR_SCALARS|NDR_BUFFERS, r->sacl));
+				NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sacl_0, 0);
+				ndr->offset = _relative_save_offset;
+			}
+			if (r->dacl) {
+				uint32_t _relative_save_offset;
+				_relative_save_offset = ndr->offset;
+				NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->dacl));
+				_mem_save_dacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
+				NDR_PULL_SET_MEM_CTX(ndr, r->dacl, 0);
+				NDR_CHECK(ndr_pull_security_acl(ndr, NDR_SCALARS|NDR_BUFFERS, r->dacl));
+				NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dacl_0, 0);
+				ndr->offset = _relative_save_offset;
+			}
+		}
+		ndr->flags = _flags_save_STRUCT;
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_security_descriptor(struct ndr_print *ndr, const char *name, const struct security_descriptor *r)
+{
+	ndr_print_struct(ndr, name, "security_descriptor");
+	{
+		uint32_t _flags_save_STRUCT = ndr->flags;
+		ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
+		ndr->depth++;
+		ndr_print_security_descriptor_revision(ndr, "revision", r->revision);
+		ndr_print_security_descriptor_type(ndr, "type", r->type);
+		ndr_print_ptr(ndr, "owner_sid", r->owner_sid);
+		ndr->depth++;
+		if (r->owner_sid) {
+			ndr_print_dom_sid(ndr, "owner_sid", r->owner_sid);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "group_sid", r->group_sid);
+		ndr->depth++;
+		if (r->group_sid) {
+			ndr_print_dom_sid(ndr, "group_sid", r->group_sid);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "sacl", r->sacl);
+		ndr->depth++;
+		if (r->sacl) {
+			ndr_print_security_acl(ndr, "sacl", r->sacl);
+		}
+		ndr->depth--;
+		ndr_print_ptr(ndr, "dacl", r->dacl);
+		ndr->depth++;
+		if (r->dacl) {
+			ndr_print_security_acl(ndr, "dacl", r->dacl);
+		}
+		ndr->depth--;
+		ndr->depth--;
+		ndr->flags = _flags_save_STRUCT;
+	}
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_sec_desc_buf(struct ndr_push *ndr, int ndr_flags, const struct sec_desc_buf *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_size_security_descriptor(r->sd, ndr->flags)));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->sd));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->sd) {
+			{
+				struct ndr_push *_ndr_sd;
+				NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_sd, 4, -1));
+				NDR_CHECK(ndr_push_security_descriptor(_ndr_sd, NDR_SCALARS|NDR_BUFFERS, r->sd));
+				NDR_CHECK(ndr_push_subcontext_end(ndr, _ndr_sd, 4, -1));
+			}
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_sec_desc_buf(struct ndr_pull *ndr, int ndr_flags, struct sec_desc_buf *r)
+{
+	uint32_t _ptr_sd;
+	TALLOC_CTX *_mem_save_sd_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sd_size));
+		if (r->sd_size < 0 || r->sd_size > 0x40000) {
+			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sd));
+		if (_ptr_sd) {
+			NDR_PULL_ALLOC(ndr, r->sd);
+		} else {
+			r->sd = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->sd) {
+			_mem_save_sd_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->sd, 0);
+			{
+				struct ndr_pull *_ndr_sd;
+				NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_sd, 4, -1));
+				NDR_CHECK(ndr_pull_security_descriptor(_ndr_sd, NDR_SCALARS|NDR_BUFFERS, r->sd));
+				NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_sd, 4, -1));
+			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sd_0, 0);
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_sec_desc_buf(struct ndr_print *ndr, const char *name, const struct sec_desc_buf *r)
+{
+	ndr_print_struct(ndr, name, "sec_desc_buf");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "sd_size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?ndr_size_security_descriptor(r->sd, ndr->flags):r->sd_size);
+	ndr_print_ptr(ndr, "sd", r->sd);
+	ndr->depth++;
+	if (r->sd) {
+		ndr_print_security_descriptor(ndr, "sd", r->sd);
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_security_token(struct ndr_push *ndr, int ndr_flags, const struct security_token *r)
+{
+	uint32_t cntr_sids_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->user_sid));
+		NDR_CHECK(ndr_push_unique_ptr(ndr, r->group_sid));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->num_sids));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->num_sids));
+		for (cntr_sids_0 = 0; cntr_sids_0 < r->num_sids; cntr_sids_0++) {
+			NDR_CHECK(ndr_push_unique_ptr(ndr, r->sids[cntr_sids_0]));
+		}
+		NDR_CHECK(ndr_push_udlong(ndr, NDR_SCALARS, r->privilege_mask));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->user_sid) {
+			NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->user_sid));
+		}
+		if (r->group_sid) {
+			NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid));
+		}
+		for (cntr_sids_0 = 0; cntr_sids_0 < r->num_sids; cntr_sids_0++) {
+			if (r->sids[cntr_sids_0]) {
+				NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->sids[cntr_sids_0]));
+			}
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr_flags, struct security_token *r)
+{
+	uint32_t _ptr_user_sid;
+	TALLOC_CTX *_mem_save_user_sid_0;
+	uint32_t _ptr_group_sid;
+	TALLOC_CTX *_mem_save_group_sid_0;
+	uint32_t _ptr_sids;
+	uint32_t cntr_sids_0;
+	TALLOC_CTX *_mem_save_sids_0;
+	TALLOC_CTX *_mem_save_sids_1;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_user_sid));
+		if (_ptr_user_sid) {
+			NDR_PULL_ALLOC(ndr, r->user_sid);
+		} else {
+			r->user_sid = NULL;
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_sid));
+		if (_ptr_group_sid) {
+			NDR_PULL_ALLOC(ndr, r->group_sid);
+		} else {
+			r->group_sid = NULL;
+		}
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_sids));
+		NDR_CHECK(ndr_pull_array_size(ndr, &r->sids));
+		NDR_PULL_ALLOC_N(ndr, r->sids, ndr_get_array_size(ndr, &r->sids));
+		_mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0);
+		for (cntr_sids_0 = 0; cntr_sids_0 < r->num_sids; cntr_sids_0++) {
+			NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sids));
+			if (_ptr_sids) {
+				NDR_PULL_ALLOC(ndr, r->sids[cntr_sids_0]);
+			} else {
+				r->sids[cntr_sids_0] = NULL;
+			}
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_0, 0);
+		NDR_CHECK(ndr_pull_udlong(ndr, NDR_SCALARS, &r->privilege_mask));
+		if (r->sids) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->sids, r->num_sids));
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->user_sid) {
+			_mem_save_user_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->user_sid, 0);
+			NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->user_sid));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_user_sid_0, 0);
+		}
+		if (r->group_sid) {
+			_mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0);
+			NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->group_sid));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0);
+		}
+		_mem_save_sids_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->sids, 0);
+		for (cntr_sids_0 = 0; cntr_sids_0 < r->num_sids; cntr_sids_0++) {
+			if (r->sids[cntr_sids_0]) {
+				_mem_save_sids_1 = NDR_PULL_GET_MEM_CTX(ndr);
+				NDR_PULL_SET_MEM_CTX(ndr, r->sids[cntr_sids_0], 0);
+				NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->sids[cntr_sids_0]));
+				NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_1, 0);
+			}
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sids_0, 0);
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_security_token(struct ndr_print *ndr, const char *name, const struct security_token *r)
+{
+	uint32_t cntr_sids_0;
+	ndr_print_struct(ndr, name, "security_token");
+	ndr->depth++;
+	ndr_print_ptr(ndr, "user_sid", r->user_sid);
+	ndr->depth++;
+	if (r->user_sid) {
+		ndr_print_dom_sid(ndr, "user_sid", r->user_sid);
+	}
+	ndr->depth--;
+	ndr_print_ptr(ndr, "group_sid", r->group_sid);
+	ndr->depth++;
+	if (r->group_sid) {
+		ndr_print_dom_sid(ndr, "group_sid", r->group_sid);
+	}
+	ndr->depth--;
+	ndr_print_uint32(ndr, "num_sids", r->num_sids);
+	ndr->print(ndr, "%s: ARRAY(%d)", "sids", r->num_sids);
+	ndr->depth++;
+	for (cntr_sids_0=0;cntr_sids_0<r->num_sids;cntr_sids_0++) {
+		char *idx_0=NULL;
+		if (asprintf(&idx_0, "[%d]", cntr_sids_0) != -1) {
+			ndr_print_ptr(ndr, "sids", r->sids[cntr_sids_0]);
+			ndr->depth++;
+			if (r->sids[cntr_sids_0]) {
+				ndr_print_dom_sid(ndr, "sids", r->sids[cntr_sids_0]);
+			}
+			ndr->depth--;
+			free(idx_0);
+		}
+	}
+	ndr->depth--;
+	ndr_print_udlong(ndr, "privilege_mask", r->privilege_mask);
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_security_secinfo(struct ndr_push *ndr, int ndr_flags, uint32_t r)
+{
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_security_secinfo(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
+{
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+	*r = v;
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_security_secinfo(struct ndr_print *ndr, const char *name, uint32_t r)
+{
+	ndr_print_uint32(ndr, name, r);
+	ndr->depth++;
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_OWNER", SECINFO_OWNER, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_GROUP", SECINFO_GROUP, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_DACL", SECINFO_DACL, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_SACL", SECINFO_SACL, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_UNPROTECTED_SACL", SECINFO_UNPROTECTED_SACL, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_UNPROTECTED_DACL", SECINFO_UNPROTECTED_DACL, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_PROTECTED_SACL", SECINFO_PROTECTED_SACL, r);
+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_PROTECTED_DACL", SECINFO_PROTECTED_DACL, r);
+	ndr->depth--;
+}
+
diff --git a/source3/librpc/gen_ndr/ndr_security.h b/source3/librpc/gen_ndr/ndr_security.h
index 292e9011c6..79bfd78f51 100644
--- a/source3/librpc/gen_ndr/ndr_security.h
+++ b/source3/librpc/gen_ndr/ndr_security.h
@@ -1,2 +1,41 @@
-/* empty header to deal with pidl */
+/* header auto-generated by pidl */
 
+#include "librpc/ndr/libndr.h"
+#include "librpc/gen_ndr/security.h"
+
+#ifndef _HEADER_NDR_security
+#define _HEADER_NDR_security
+
+#define NDR_SECURITY_CALL_COUNT (0)
+void ndr_print_security_ace_flags(struct ndr_print *ndr, const char *name, uint8_t r);
+void ndr_print_security_ace_type(struct ndr_print *ndr, const char *name, enum security_ace_type r);
+void ndr_print_security_ace_object_flags(struct ndr_print *ndr, const char *name, uint32_t r);
+void ndr_print_security_ace_object_type(struct ndr_print *ndr, const char *name, const union security_ace_object_type *r);
+void ndr_print_security_ace_object_inherited_type(struct ndr_print *ndr, const char *name, const union security_ace_object_inherited_type *r);
+void ndr_print_security_ace_object(struct ndr_print *ndr, const char *name, const struct security_ace_object *r);
+void ndr_print_security_ace_object_ctr(struct ndr_print *ndr, const char *name, const union security_ace_object_ctr *r);
+enum ndr_err_code ndr_push_security_ace(struct ndr_push *ndr, int ndr_flags, const struct security_ace *r);
+enum ndr_err_code ndr_pull_security_ace(struct ndr_pull *ndr, int ndr_flags, struct security_ace *r);
+void ndr_print_security_ace(struct ndr_print *ndr, const char *name, const struct security_ace *r);
+size_t ndr_size_security_ace(const struct security_ace *r, int flags);
+void ndr_print_security_acl_revision(struct ndr_print *ndr, const char *name, enum security_acl_revision r);
+enum ndr_err_code ndr_push_security_acl(struct ndr_push *ndr, int ndr_flags, const struct security_acl *r);
+enum ndr_err_code ndr_pull_security_acl(struct ndr_pull *ndr, int ndr_flags, struct security_acl *r);
+void ndr_print_security_acl(struct ndr_print *ndr, const char *name, const struct security_acl *r);
+size_t ndr_size_security_acl(const struct security_acl *r, int flags);
+void ndr_print_security_descriptor_revision(struct ndr_print *ndr, const char *name, enum security_descriptor_revision r);
+void ndr_print_security_descriptor_type(struct ndr_print *ndr, const char *name, uint16_t r);
+enum ndr_err_code ndr_push_security_descriptor(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor *r);
+enum ndr_err_code ndr_pull_security_descriptor(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor *r);
+void ndr_print_security_descriptor(struct ndr_print *ndr, const char *name, const struct security_descriptor *r);
+size_t ndr_size_security_descriptor(const struct security_descriptor *r, int flags);
+enum ndr_err_code ndr_push_sec_desc_buf(struct ndr_push *ndr, int ndr_flags, const struct sec_desc_buf *r);
+enum ndr_err_code ndr_pull_sec_desc_buf(struct ndr_pull *ndr, int ndr_flags, struct sec_desc_buf *r);
+void ndr_print_sec_desc_buf(struct ndr_print *ndr, const char *name, const struct sec_desc_buf *r);
+enum ndr_err_code ndr_push_security_token(struct ndr_push *ndr, int ndr_flags, const struct security_token *r);
+enum ndr_err_code ndr_pull_security_token(struct ndr_pull *ndr, int ndr_flags, struct security_token *r);
+void ndr_print_security_token(struct ndr_print *ndr, const char *name, const struct security_token *r);
+enum ndr_err_code ndr_push_security_secinfo(struct ndr_push *ndr, int ndr_flags, uint32_t r);
+enum ndr_err_code ndr_pull_security_secinfo(struct ndr_pull *ndr, int ndr_flags, uint32_t *r);
+void ndr_print_security_secinfo(struct ndr_print *ndr, const char *name, uint32_t r);
+#endif /* _HEADER_NDR_security */
diff --git a/source3/librpc/gen_ndr/ndr_srvsvc.c b/source3/librpc/gen_ndr/ndr_srvsvc.c
index 2675ac2206..9b08ade4af 100644
--- a/source3/librpc/gen_ndr/ndr_srvsvc.c
+++ b/source3/librpc/gen_ndr/ndr_srvsvc.c
@@ -140,8 +140,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetCharDevCtr0(struct ndr_print *ndr, const char
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetCharDevInfo0(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -326,8 +325,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetCharDevCtr1(struct ndr_print *ndr, const char
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetCharDevInfo1(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -344,16 +342,16 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevInfo(struct ndr_push *ndr, in
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 0:
+			case 0: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info0));
-			break;
+			break; }
 
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1));
-			break;
+			break; }
 
-			default:
-			break;
+			default: {
+			break; }
 
 		}
 	}
@@ -482,16 +480,16 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevCtr(struct ndr_push *ndr, int
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 0:
+			case 0: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr0));
-			break;
+			break; }
 
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr1));
-			break;
+			break; }
 
-			default:
-			break;
+			default: {
+			break; }
 
 		}
 	}
@@ -749,8 +747,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetCharDevQCtr0(struct ndr_print *ndr, const char
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetCharDevQInfo0(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -938,8 +935,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetCharDevQCtr1(struct ndr_print *ndr, const char
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetCharDevQInfo1(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -956,16 +952,16 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQInfo(struct ndr_push *ndr, i
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 0:
+			case 0: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info0));
-			break;
+			break; }
 
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1));
-			break;
+			break; }
 
-			default:
-			break;
+			default: {
+			break; }
 
 		}
 	}
@@ -1094,16 +1090,16 @@ static enum ndr_err_code ndr_push_srvsvc_NetCharDevQCtr(struct ndr_push *ndr, in
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 0:
+			case 0: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr0));
-			break;
+			break; }
 
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr1));
-			break;
+			break; }
 
-			default:
-			break;
+			default: {
+			break; }
 
 		}
 	}
@@ -1325,8 +1321,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetConnCtr0(struct ndr_print *ndr, const char *na
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetConnInfo0(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -1520,8 +1515,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetConnCtr1(struct ndr_print *ndr, const char *na
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetConnInfo1(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -1538,16 +1532,16 @@ static enum ndr_err_code ndr_push_srvsvc_NetConnCtr(struct ndr_push *ndr, int nd
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 0:
+			case 0: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr0));
-			break;
+			break; }
 
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr1));
-			break;
+			break; }
 
-			default:
-			break;
+			default: {
+			break; }
 
 		}
 	}
@@ -1769,8 +1763,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetFileCtr2(struct ndr_print *ndr, const char *na
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetFileInfo2(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -1958,8 +1951,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetFileCtr3(struct ndr_print *ndr, const char *na
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetFileInfo3(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -1976,16 +1968,16 @@ static enum ndr_err_code ndr_push_srvsvc_NetFileInfo(struct ndr_push *ndr, int n
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 2:
+			case 2: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info2));
-			break;
+			break; }
 
-			case 3:
+			case 3: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info3));
-			break;
+			break; }
 
-			default:
-			break;
+			default: {
+			break; }
 
 		}
 	}
@@ -2114,16 +2106,16 @@ static enum ndr_err_code ndr_push_srvsvc_NetFileCtr(struct ndr_push *ndr, int nd
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 2:
+			case 2: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr2));
-			break;
+			break; }
 
-			case 3:
+			case 3: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr3));
-			break;
+			break; }
 
-			default:
-			break;
+			default: {
+			break; }
 
 		}
 	}
@@ -2381,8 +2373,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetSessCtr0(struct ndr_print *ndr, const char *na
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetSessInfo0(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -2573,8 +2564,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetSessCtr1(struct ndr_print *ndr, const char *na
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetSessInfo1(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -2798,8 +2788,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetSessCtr2(struct ndr_print *ndr, const char *na
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetSessInfo2(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -2984,8 +2973,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetSessCtr10(struct ndr_print *ndr, const char *n
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetSessInfo10(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -3242,8 +3230,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetSessCtr502(struct ndr_print *ndr, const char *
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetSessInfo502(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -3260,28 +3247,28 @@ static enum ndr_err_code ndr_push_srvsvc_NetSessCtr(struct ndr_push *ndr, int nd
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 0:
+			case 0: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr0));
-			break;
+			break; }
 
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr1));
-			break;
+			break; }
 
-			case 2:
+			case 2: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr2));
-			break;
+			break; }
 
-			case 10:
+			case 10: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr10));
-			break;
+			break; }
 
-			case 502:
+			case 502: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr502));
-			break;
+			break; }
 
-			default:
-			break;
+			default: {
+			break; }
 
 		}
 	}
@@ -3694,8 +3681,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetShareCtr0(struct ndr_print *ndr, const char *n
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetShareInfo0(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -3877,8 +3863,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetShareCtr1(struct ndr_print *ndr, const char *n
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetShareInfo1(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -4135,8 +4120,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetShareCtr2(struct ndr_print *ndr, const char *n
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetShareInfo2(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -4321,8 +4305,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetShareCtr501(struct ndr_print *ndr, const char
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetShareInfo501(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -4616,8 +4599,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetShareCtr502(struct ndr_print *ndr, const char
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetShareInfo502(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -4763,8 +4745,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetShareCtr1004(struct ndr_print *ndr, const char
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetShareInfo1004(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -4897,8 +4878,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetShareCtr1005(struct ndr_print *ndr, const char
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetShareInfo1005(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -5008,8 +4988,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetShareCtr1006(struct ndr_print *ndr, const char
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetShareInfo1006(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -5158,8 +5137,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetShareCtr1007(struct ndr_print *ndr, const char
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetShareInfo1007(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -5245,8 +5223,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetShareCtr1501(struct ndr_print *ndr, const char
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_sec_desc_buf(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -5263,48 +5240,48 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareInfo(struct ndr_push *ndr, int
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 0:
+			case 0: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info0));
-			break;
+			break; }
 
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1));
-			break;
+			break; }
 
-			case 2:
+			case 2: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info2));
-			break;
+			break; }
 
-			case 501:
+			case 501: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info501));
-			break;
+			break; }
 
-			case 502:
+			case 502: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info502));
-			break;
+			break; }
 
-			case 1004:
+			case 1004: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1004));
-			break;
+			break; }
 
-			case 1005:
+			case 1005: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1005));
-			break;
+			break; }
 
-			case 1006:
+			case 1006: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1006));
-			break;
+			break; }
 
-			case 1007:
+			case 1007: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1007));
-			break;
+			break; }
 
-			case 1501:
+			case 1501: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1501));
-			break;
+			break; }
 
-			default:
-			break;
+			default: {
+			break; }
 
 		}
 	}
@@ -5713,48 +5690,48 @@ static enum ndr_err_code ndr_push_srvsvc_NetShareCtr(struct ndr_push *ndr, int n
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 0:
+			case 0: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr0));
-			break;
+			break; }
 
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr1));
-			break;
+			break; }
 
-			case 2:
+			case 2: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr2));
-			break;
+			break; }
 
-			case 501:
+			case 501: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr501));
-			break;
+			break; }
 
-			case 502:
+			case 502: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr502));
-			break;
+			break; }
 
-			case 1004:
+			case 1004: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr1004));
-			break;
+			break; }
 
-			case 1005:
+			case 1005: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr1005));
-			break;
+			break; }
 
-			case 1006:
+			case 1006: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr1006));
-			break;
+			break; }
 
-			case 1007:
+			case 1007: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr1007));
-			break;
+			break; }
 
-			case 1501:
+			case 1501: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr1501));
-			break;
+			break; }
 
-			default:
-			break;
+			default: {
+			break; }
 
 		}
 	}
@@ -9014,244 +8991,244 @@ static enum ndr_err_code ndr_push_srvsvc_NetSrvInfo(struct ndr_push *ndr, int nd
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 100:
+			case 100: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info100));
-			break;
+			break; }
 
-			case 101:
+			case 101: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info101));
-			break;
+			break; }
 
-			case 102:
+			case 102: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info102));
-			break;
+			break; }
 
-			case 402:
+			case 402: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info402));
-			break;
+			break; }
 
-			case 403:
+			case 403: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info403));
-			break;
+			break; }
 
-			case 502:
+			case 502: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info502));
-			break;
+			break; }
 
-			case 503:
+			case 503: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info503));
-			break;
+			break; }
 
-			case 599:
+			case 599: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info599));
-			break;
+			break; }
 
-			case 1005:
+			case 1005: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1005));
-			break;
+			break; }
 
-			case 1010:
+			case 1010: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1010));
-			break;
+			break; }
 
-			case 1016:
+			case 1016: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1016));
-			break;
+			break; }
 
-			case 1017:
+			case 1017: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1017));
-			break;
+			break; }
 
-			case 1018:
+			case 1018: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1018));
-			break;
+			break; }
 
-			case 1107:
+			case 1107: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1107));
-			break;
+			break; }
 
-			case 1501:
+			case 1501: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1501));
-			break;
+			break; }
 
-			case 1502:
+			case 1502: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1502));
-			break;
+			break; }
 
-			case 1503:
+			case 1503: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1503));
-			break;
+			break; }
 
-			case 1506:
+			case 1506: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1506));
-			break;
+			break; }
 
-			case 1509:
+			case 1509: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1509));
-			break;
+			break; }
 
-			case 1510:
+			case 1510: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1510));
-			break;
+			break; }
 
-			case 1511:
+			case 1511: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1511));
-			break;
+			break; }
 
-			case 1512:
+			case 1512: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1512));
-			break;
+			break; }
 
-			case 1513:
+			case 1513: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1513));
-			break;
+			break; }
 
-			case 1514:
+			case 1514: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1514));
-			break;
+			break; }
 
-			case 1515:
+			case 1515: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1515));
-			break;
+			break; }
 
-			case 1516:
+			case 1516: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1516));
-			break;
+			break; }
 
-			case 1518:
+			case 1518: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1518));
-			break;
+			break; }
 
-			case 1520:
+			case 1520: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1520));
-			break;
+			break; }
 
-			case 1521:
+			case 1521: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1521));
-			break;
+			break; }
 
-			case 1522:
+			case 1522: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1522));
-			break;
+			break; }
 
-			case 1523:
+			case 1523: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1523));
-			break;
+			break; }
 
-			case 1524:
+			case 1524: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1524));
-			break;
+			break; }
 
-			case 1525:
+			case 1525: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1525));
-			break;
+			break; }
 
-			case 1528:
+			case 1528: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1528));
-			break;
+			break; }
 
-			case 1529:
+			case 1529: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1529));
-			break;
+			break; }
 
-			case 1530:
+			case 1530: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1530));
-			break;
+			break; }
 
-			case 1533:
+			case 1533: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1533));
-			break;
+			break; }
 
-			case 1534:
+			case 1534: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1534));
-			break;
+			break; }
 
-			case 1535:
+			case 1535: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1535));
-			break;
+			break; }
 
-			case 1536:
+			case 1536: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1536));
-			break;
+			break; }
 
-			case 1537:
+			case 1537: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1537));
-			break;
+			break; }
 
-			case 1538:
+			case 1538: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1538));
-			break;
+			break; }
 
-			case 1539:
+			case 1539: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1539));
-			break;
+			break; }
 
-			case 1540:
+			case 1540: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1540));
-			break;
+			break; }
 
-			case 1541:
+			case 1541: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1541));
-			break;
+			break; }
 
-			case 1542:
+			case 1542: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1542));
-			break;
+			break; }
 
-			case 1543:
+			case 1543: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1543));
-			break;
+			break; }
 
-			case 1544:
+			case 1544: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1544));
-			break;
+			break; }
 
-			case 1545:
+			case 1545: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1545));
-			break;
+			break; }
 
-			case 1546:
+			case 1546: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1546));
-			break;
+			break; }
 
-			case 1547:
+			case 1547: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1547));
-			break;
+			break; }
 
-			case 1548:
+			case 1548: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1548));
-			break;
+			break; }
 
-			case 1549:
+			case 1549: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1549));
-			break;
+			break; }
 
-			case 1550:
+			case 1550: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1550));
-			break;
+			break; }
 
-			case 1552:
+			case 1552: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1552));
-			break;
+			break; }
 
-			case 1553:
+			case 1553: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1553));
-			break;
+			break; }
 
-			case 1554:
+			case 1554: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1554));
-			break;
+			break; }
 
-			case 1555:
+			case 1555: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1555));
-			break;
+			break; }
 
-			case 1556:
+			case 1556: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1556));
-			break;
+			break; }
 
-			default:
-			break;
+			default: {
+			break; }
 
 		}
 	}
@@ -11487,8 +11464,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetDiskInfo(struct ndr_print *ndr, const char *na
 		ndr->depth++;
 		for (cntr_disks_1=0;cntr_disks_1<r->count;cntr_disks_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_disks_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_disks_1) != -1) {
 				ndr_print_srvsvc_NetDiskInfo0(ndr, "disks", &r->disks[cntr_disks_1]);
 				free(idx_1);
 			}
@@ -11781,8 +11757,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetTransportCtr0(struct ndr_print *ndr, const cha
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetTransportInfo0(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -12030,8 +12005,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetTransportCtr1(struct ndr_print *ndr, const cha
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetTransportInfo1(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -12282,8 +12256,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetTransportCtr2(struct ndr_print *ndr, const cha
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetTransportInfo2(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -12540,8 +12513,7 @@ _PUBLIC_ void ndr_print_srvsvc_NetTransportCtr3(struct ndr_print *ndr, const cha
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_srvsvc_NetTransportInfo3(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -12558,24 +12530,24 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportCtr(struct ndr_push *ndr, i
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 0:
+			case 0: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr0));
-			break;
+			break; }
 
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr1));
-			break;
+			break; }
 
-			case 2:
+			case 2: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr2));
-			break;
+			break; }
 
-			case 3:
+			case 3: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr3));
-			break;
+			break; }
 
-			default:
-			break;
+			default: {
+			break; }
 
 		}
 	}
@@ -12837,21 +12809,21 @@ static enum ndr_err_code ndr_push_srvsvc_NetTransportInfo(struct ndr_push *ndr,
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 0:
+			case 0: {
 				NDR_CHECK(ndr_push_srvsvc_NetTransportInfo0(ndr, NDR_SCALARS, &r->info0));
-			break;
+			break; }
 
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_srvsvc_NetTransportInfo1(ndr, NDR_SCALARS, &r->info1));
-			break;
+			break; }
 
-			case 2:
+			case 2: {
 				NDR_CHECK(ndr_push_srvsvc_NetTransportInfo2(ndr, NDR_SCALARS, &r->info2));
-			break;
+			break; }
 
-			case 3:
+			case 3: {
 				NDR_CHECK(ndr_push_srvsvc_NetTransportInfo3(ndr, NDR_SCALARS, &r->info3));
-			break;
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
diff --git a/source3/librpc/gen_ndr/ndr_svcctl.c b/source3/librpc/gen_ndr/ndr_svcctl.c
index b8d5dc186d..16e0416288 100644
--- a/source3/librpc/gen_ndr/ndr_svcctl.c
+++ b/source3/librpc/gen_ndr/ndr_svcctl.c
@@ -588,8 +588,23 @@ _PUBLIC_ void ndr_print_svcctl_LockServiceDatabase(struct ndr_print *ndr, const
 static enum ndr_err_code ndr_push_svcctl_QueryServiceObjectSecurity(struct ndr_push *ndr, int flags, const struct svcctl_QueryServiceObjectSecurity *r)
 {
 	if (flags & NDR_IN) {
+		if (r->in.handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.security_flags));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buffer_size));
 	}
 	if (flags & NDR_OUT) {
+		if (r->out.buffer == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buffer_size));
+		NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->out.buffer, r->in.buffer_size));
+		if (r->out.needed == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.needed));
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -597,10 +612,48 @@ static enum ndr_err_code ndr_push_svcctl_QueryServiceObjectSecurity(struct ndr_p
 
 static enum ndr_err_code ndr_pull_svcctl_QueryServiceObjectSecurity(struct ndr_pull *ndr, int flags, struct svcctl_QueryServiceObjectSecurity *r)
 {
+	TALLOC_CTX *_mem_save_handle_0;
+	TALLOC_CTX *_mem_save_needed_0;
 	if (flags & NDR_IN) {
+		ZERO_STRUCT(r->out);
+
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.handle);
+		}
+		_mem_save_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.security_flags));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buffer_size));
+		if (r->in.buffer_size < 0 || r->in.buffer_size > 0x40000) {
+			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+		}
+		NDR_PULL_ALLOC_N(ndr, r->out.buffer, r->in.buffer_size);
+		memset(r->out.buffer, 0, (r->in.buffer_size) * sizeof(*r->out.buffer));
+		NDR_PULL_ALLOC(ndr, r->out.needed);
+		ZERO_STRUCTP(r->out.needed);
 	}
 	if (flags & NDR_OUT) {
+		NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer));
+		}
+		NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->out.needed);
+		}
+		_mem_save_needed_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.needed, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.needed));
+		if (*r->out.needed < 0 || *r->out.needed > 0x40000) {
+			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_needed_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+		if (r->out.buffer) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.buffer, r->in.buffer_size));
+		}
 	}
 	return NDR_ERR_SUCCESS;
 }
@@ -615,11 +668,25 @@ _PUBLIC_ void ndr_print_svcctl_QueryServiceObjectSecurity(struct ndr_print *ndr,
 	if (flags & NDR_IN) {
 		ndr_print_struct(ndr, "in", "svcctl_QueryServiceObjectSecurity");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "handle", r->in.handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "handle", r->in.handle);
+		ndr->depth--;
+		ndr_print_uint32(ndr, "security_flags", r->in.security_flags);
+		ndr_print_uint32(ndr, "buffer_size", r->in.buffer_size);
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
 		ndr_print_struct(ndr, "out", "svcctl_QueryServiceObjectSecurity");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "buffer", r->out.buffer);
+		ndr->depth++;
+		ndr_print_array_uint8(ndr, "buffer", r->out.buffer, r->in.buffer_size);
+		ndr->depth--;
+		ndr_print_ptr(ndr, "needed", r->out.needed);
+		ndr->depth++;
+		ndr_print_uint32(ndr, "needed", *r->out.needed);
+		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
 		ndr->depth--;
 	}
@@ -629,6 +696,17 @@ _PUBLIC_ void ndr_print_svcctl_QueryServiceObjectSecurity(struct ndr_print *ndr,
 static enum ndr_err_code ndr_push_svcctl_SetServiceObjectSecurity(struct ndr_push *ndr, int flags, const struct svcctl_SetServiceObjectSecurity *r)
 {
 	if (flags & NDR_IN) {
+		if (r->in.handle == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.security_flags));
+		if (r->in.buffer == NULL) {
+			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buffer_size));
+		NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->in.buffer, r->in.buffer_size));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buffer_size));
 	}
 	if (flags & NDR_OUT) {
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
@@ -638,7 +716,25 @@ static enum ndr_err_code ndr_push_svcctl_SetServiceObjectSecurity(struct ndr_pus
 
 static enum ndr_err_code ndr_pull_svcctl_SetServiceObjectSecurity(struct ndr_pull *ndr, int flags, struct svcctl_SetServiceObjectSecurity *r)
 {
+	TALLOC_CTX *_mem_save_handle_0;
 	if (flags & NDR_IN) {
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC(ndr, r->in.handle);
+		}
+		_mem_save_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.handle));
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.security_flags));
+		NDR_CHECK(ndr_pull_array_size(ndr, &r->in.buffer));
+		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+			NDR_PULL_ALLOC_N(ndr, r->in.buffer, ndr_get_array_size(ndr, &r->in.buffer));
+		}
+		NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.buffer, ndr_get_array_size(ndr, &r->in.buffer)));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buffer_size));
+		if (r->in.buffer) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.buffer, r->in.buffer_size));
+		}
 	}
 	if (flags & NDR_OUT) {
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
@@ -656,6 +752,16 @@ _PUBLIC_ void ndr_print_svcctl_SetServiceObjectSecurity(struct ndr_print *ndr, c
 	if (flags & NDR_IN) {
 		ndr_print_struct(ndr, "in", "svcctl_SetServiceObjectSecurity");
 		ndr->depth++;
+		ndr_print_ptr(ndr, "handle", r->in.handle);
+		ndr->depth++;
+		ndr_print_policy_handle(ndr, "handle", r->in.handle);
+		ndr->depth--;
+		ndr_print_uint32(ndr, "security_flags", r->in.security_flags);
+		ndr_print_ptr(ndr, "buffer", r->in.buffer);
+		ndr->depth++;
+		ndr_print_array_uint8(ndr, "buffer", r->in.buffer, r->in.buffer_size);
+		ndr->depth--;
+		ndr_print_uint32(ndr, "buffer_size", r->in.buffer_size);
 		ndr->depth--;
 	}
 	if (flags & NDR_OUT) {
@@ -2380,14 +2486,13 @@ static enum ndr_err_code ndr_push_svcctl_GetServiceDisplayNameW(struct ndr_push
 		if (r->out.display_name == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		if (*r->out.display_name == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.display_name));
+		if (*r->out.display_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.display_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.display_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.display_name, ndr_charset_length(*r->out.display_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		}
-		NDR_CHECK(ndr_push_ref_ptr(ndr));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.display_name, CH_UTF16)));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.display_name, CH_UTF16)));
-		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.display_name, ndr_charset_length(*r->out.display_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.display_name_length));
 		if (r->out.display_name_length) {
 			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.display_name_length));
@@ -2405,6 +2510,7 @@ static enum ndr_err_code ndr_pull_svcctl_GetServiceDisplayNameW(struct ndr_pull
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_service_name_0;
 	TALLOC_CTX *_mem_save_display_name_0;
+	TALLOC_CTX *_mem_save_display_name_1;
 	TALLOC_CTX *_mem_save_display_name_length_0;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
@@ -2455,14 +2561,24 @@ static enum ndr_err_code ndr_pull_svcctl_GetServiceDisplayNameW(struct ndr_pull
 		}
 		_mem_save_display_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.display_name, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_display_name));
-		NDR_CHECK(ndr_pull_array_size(ndr, r->out.display_name));
-		NDR_CHECK(ndr_pull_array_length(ndr, r->out.display_name));
-		if (ndr_get_array_length(ndr, r->out.display_name) > ndr_get_array_size(ndr, r->out.display_name)) {
-			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.display_name), ndr_get_array_length(ndr, r->out.display_name));
-		}
-		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.display_name), sizeof(uint16_t)));
-		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.display_name, ndr_get_array_length(ndr, r->out.display_name), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_display_name));
+		if (_ptr_display_name) {
+			NDR_PULL_ALLOC(ndr, *r->out.display_name);
+		} else {
+			*r->out.display_name = NULL;
+		}
+		if (*r->out.display_name) {
+			_mem_save_display_name_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.display_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, r->out.display_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, r->out.display_name));
+			if (ndr_get_array_length(ndr, r->out.display_name) > ndr_get_array_size(ndr, r->out.display_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.display_name), ndr_get_array_length(ndr, r->out.display_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.display_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.display_name, ndr_get_array_length(ndr, r->out.display_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_display_name_1, 0);
+		}
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_display_name_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_display_name_length));
 		if (_ptr_display_name_length) {
@@ -2516,7 +2632,9 @@ _PUBLIC_ void ndr_print_svcctl_GetServiceDisplayNameW(struct ndr_print *ndr, con
 		ndr->depth++;
 		ndr_print_ptr(ndr, "display_name", *r->out.display_name);
 		ndr->depth++;
-		ndr_print_string(ndr, "display_name", *r->out.display_name);
+		if (*r->out.display_name) {
+			ndr_print_string(ndr, "display_name", *r->out.display_name);
+		}
 		ndr->depth--;
 		ndr->depth--;
 		ndr_print_ptr(ndr, "display_name_length", r->out.display_name_length);
@@ -2554,14 +2672,13 @@ static enum ndr_err_code ndr_push_svcctl_GetServiceKeyNameW(struct ndr_push *ndr
 		if (r->out.key_name == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		if (*r->out.key_name == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.key_name));
+		if (*r->out.key_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.key_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.key_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.key_name, ndr_charset_length(*r->out.key_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		}
-		NDR_CHECK(ndr_push_ref_ptr(ndr));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.key_name, CH_UTF16)));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.key_name, CH_UTF16)));
-		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.key_name, ndr_charset_length(*r->out.key_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.display_name_length));
 		if (r->out.display_name_length) {
 			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.display_name_length));
@@ -2579,6 +2696,7 @@ static enum ndr_err_code ndr_pull_svcctl_GetServiceKeyNameW(struct ndr_pull *ndr
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_service_name_0;
 	TALLOC_CTX *_mem_save_key_name_0;
+	TALLOC_CTX *_mem_save_key_name_1;
 	TALLOC_CTX *_mem_save_display_name_length_0;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
@@ -2629,14 +2747,24 @@ static enum ndr_err_code ndr_pull_svcctl_GetServiceKeyNameW(struct ndr_pull *ndr
 		}
 		_mem_save_key_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.key_name, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_key_name));
-		NDR_CHECK(ndr_pull_array_size(ndr, r->out.key_name));
-		NDR_CHECK(ndr_pull_array_length(ndr, r->out.key_name));
-		if (ndr_get_array_length(ndr, r->out.key_name) > ndr_get_array_size(ndr, r->out.key_name)) {
-			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.key_name), ndr_get_array_length(ndr, r->out.key_name));
-		}
-		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.key_name), sizeof(uint16_t)));
-		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.key_name, ndr_get_array_length(ndr, r->out.key_name), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_key_name));
+		if (_ptr_key_name) {
+			NDR_PULL_ALLOC(ndr, *r->out.key_name);
+		} else {
+			*r->out.key_name = NULL;
+		}
+		if (*r->out.key_name) {
+			_mem_save_key_name_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.key_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, r->out.key_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, r->out.key_name));
+			if (ndr_get_array_length(ndr, r->out.key_name) > ndr_get_array_size(ndr, r->out.key_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.key_name), ndr_get_array_length(ndr, r->out.key_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.key_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.key_name, ndr_get_array_length(ndr, r->out.key_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_key_name_1, 0);
+		}
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_key_name_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_display_name_length));
 		if (_ptr_display_name_length) {
@@ -2690,7 +2818,9 @@ _PUBLIC_ void ndr_print_svcctl_GetServiceKeyNameW(struct ndr_print *ndr, const c
 		ndr->depth++;
 		ndr_print_ptr(ndr, "key_name", *r->out.key_name);
 		ndr->depth++;
-		ndr_print_string(ndr, "key_name", *r->out.key_name);
+		if (*r->out.key_name) {
+			ndr_print_string(ndr, "key_name", *r->out.key_name);
+		}
 		ndr->depth--;
 		ndr->depth--;
 		ndr_print_ptr(ndr, "display_name_length", r->out.display_name_length);
@@ -4186,14 +4316,13 @@ static enum ndr_err_code ndr_push_svcctl_GetServiceDisplayNameA(struct ndr_push
 		if (r->out.display_name == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		if (*r->out.display_name == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.display_name));
+		if (*r->out.display_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.display_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.display_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.display_name, ndr_charset_length(*r->out.display_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		}
-		NDR_CHECK(ndr_push_ref_ptr(ndr));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.display_name, CH_UTF16)));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.display_name, CH_UTF16)));
-		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.display_name, ndr_charset_length(*r->out.display_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.display_name_length));
 		if (r->out.display_name_length) {
 			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.display_name_length));
@@ -4211,6 +4340,7 @@ static enum ndr_err_code ndr_pull_svcctl_GetServiceDisplayNameA(struct ndr_pull
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_service_name_0;
 	TALLOC_CTX *_mem_save_display_name_0;
+	TALLOC_CTX *_mem_save_display_name_1;
 	TALLOC_CTX *_mem_save_display_name_length_0;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
@@ -4261,14 +4391,24 @@ static enum ndr_err_code ndr_pull_svcctl_GetServiceDisplayNameA(struct ndr_pull
 		}
 		_mem_save_display_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.display_name, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_display_name));
-		NDR_CHECK(ndr_pull_array_size(ndr, r->out.display_name));
-		NDR_CHECK(ndr_pull_array_length(ndr, r->out.display_name));
-		if (ndr_get_array_length(ndr, r->out.display_name) > ndr_get_array_size(ndr, r->out.display_name)) {
-			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.display_name), ndr_get_array_length(ndr, r->out.display_name));
-		}
-		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.display_name), sizeof(uint16_t)));
-		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.display_name, ndr_get_array_length(ndr, r->out.display_name), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_display_name));
+		if (_ptr_display_name) {
+			NDR_PULL_ALLOC(ndr, *r->out.display_name);
+		} else {
+			*r->out.display_name = NULL;
+		}
+		if (*r->out.display_name) {
+			_mem_save_display_name_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.display_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, r->out.display_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, r->out.display_name));
+			if (ndr_get_array_length(ndr, r->out.display_name) > ndr_get_array_size(ndr, r->out.display_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.display_name), ndr_get_array_length(ndr, r->out.display_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.display_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.display_name, ndr_get_array_length(ndr, r->out.display_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_display_name_1, 0);
+		}
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_display_name_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_display_name_length));
 		if (_ptr_display_name_length) {
@@ -4322,7 +4462,9 @@ _PUBLIC_ void ndr_print_svcctl_GetServiceDisplayNameA(struct ndr_print *ndr, con
 		ndr->depth++;
 		ndr_print_ptr(ndr, "display_name", *r->out.display_name);
 		ndr->depth++;
-		ndr_print_string(ndr, "display_name", *r->out.display_name);
+		if (*r->out.display_name) {
+			ndr_print_string(ndr, "display_name", *r->out.display_name);
+		}
 		ndr->depth--;
 		ndr->depth--;
 		ndr_print_ptr(ndr, "display_name_length", r->out.display_name_length);
@@ -4360,14 +4502,13 @@ static enum ndr_err_code ndr_push_svcctl_GetServiceKeyNameA(struct ndr_push *ndr
 		if (r->out.key_name == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		if (*r->out.key_name == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.key_name));
+		if (*r->out.key_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.key_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.key_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.key_name, ndr_charset_length(*r->out.key_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		}
-		NDR_CHECK(ndr_push_ref_ptr(ndr));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.key_name, CH_UTF16)));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.key_name, CH_UTF16)));
-		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.key_name, ndr_charset_length(*r->out.key_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.display_name_length));
 		if (r->out.display_name_length) {
 			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.display_name_length));
@@ -4385,6 +4526,7 @@ static enum ndr_err_code ndr_pull_svcctl_GetServiceKeyNameA(struct ndr_pull *ndr
 	TALLOC_CTX *_mem_save_handle_0;
 	TALLOC_CTX *_mem_save_service_name_0;
 	TALLOC_CTX *_mem_save_key_name_0;
+	TALLOC_CTX *_mem_save_key_name_1;
 	TALLOC_CTX *_mem_save_display_name_length_0;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
@@ -4435,14 +4577,24 @@ static enum ndr_err_code ndr_pull_svcctl_GetServiceKeyNameA(struct ndr_pull *ndr
 		}
 		_mem_save_key_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.key_name, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_key_name));
-		NDR_CHECK(ndr_pull_array_size(ndr, r->out.key_name));
-		NDR_CHECK(ndr_pull_array_length(ndr, r->out.key_name));
-		if (ndr_get_array_length(ndr, r->out.key_name) > ndr_get_array_size(ndr, r->out.key_name)) {
-			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.key_name), ndr_get_array_length(ndr, r->out.key_name));
-		}
-		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.key_name), sizeof(uint16_t)));
-		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.key_name, ndr_get_array_length(ndr, r->out.key_name), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_key_name));
+		if (_ptr_key_name) {
+			NDR_PULL_ALLOC(ndr, *r->out.key_name);
+		} else {
+			*r->out.key_name = NULL;
+		}
+		if (*r->out.key_name) {
+			_mem_save_key_name_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.key_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, r->out.key_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, r->out.key_name));
+			if (ndr_get_array_length(ndr, r->out.key_name) > ndr_get_array_size(ndr, r->out.key_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.key_name), ndr_get_array_length(ndr, r->out.key_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.key_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.key_name, ndr_get_array_length(ndr, r->out.key_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_key_name_1, 0);
+		}
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_key_name_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_display_name_length));
 		if (_ptr_display_name_length) {
@@ -4496,7 +4648,9 @@ _PUBLIC_ void ndr_print_svcctl_GetServiceKeyNameA(struct ndr_print *ndr, const c
 		ndr->depth++;
 		ndr_print_ptr(ndr, "key_name", *r->out.key_name);
 		ndr->depth++;
-		ndr_print_string(ndr, "key_name", *r->out.key_name);
+		if (*r->out.key_name) {
+			ndr_print_string(ndr, "key_name", *r->out.key_name);
+		}
 		ndr->depth--;
 		ndr->depth--;
 		ndr_print_ptr(ndr, "display_name_length", r->out.display_name_length);
@@ -5055,14 +5209,13 @@ static enum ndr_err_code ndr_push_EnumServicesStatusExA(struct ndr_push *ndr, in
 		if (r->out.group_name == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		if (*r->out.group_name == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.group_name));
+		if (*r->out.group_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.group_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.group_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.group_name, ndr_charset_length(*r->out.group_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		}
-		NDR_CHECK(ndr_push_ref_ptr(ndr));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.group_name, CH_UTF16)));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.group_name, CH_UTF16)));
-		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.group_name, ndr_charset_length(*r->out.group_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -5077,6 +5230,7 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExA(struct ndr_pull *ndr, in
 	TALLOC_CTX *_mem_save_service_returned_0;
 	TALLOC_CTX *_mem_save_resume_handle_0;
 	TALLOC_CTX *_mem_save_group_name_0;
+	TALLOC_CTX *_mem_save_group_name_1;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -5144,14 +5298,24 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExA(struct ndr_pull *ndr, in
 		}
 		_mem_save_group_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.group_name, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_group_name));
-		NDR_CHECK(ndr_pull_array_size(ndr, r->out.group_name));
-		NDR_CHECK(ndr_pull_array_length(ndr, r->out.group_name));
-		if (ndr_get_array_length(ndr, r->out.group_name) > ndr_get_array_size(ndr, r->out.group_name)) {
-			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.group_name), ndr_get_array_length(ndr, r->out.group_name));
-		}
-		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.group_name), sizeof(uint16_t)));
-		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.group_name, ndr_get_array_length(ndr, r->out.group_name), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_name));
+		if (_ptr_group_name) {
+			NDR_PULL_ALLOC(ndr, *r->out.group_name);
+		} else {
+			*r->out.group_name = NULL;
+		}
+		if (*r->out.group_name) {
+			_mem_save_group_name_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.group_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, r->out.group_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, r->out.group_name));
+			if (ndr_get_array_length(ndr, r->out.group_name) > ndr_get_array_size(ndr, r->out.group_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.group_name), ndr_get_array_length(ndr, r->out.group_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.group_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.group_name, ndr_get_array_length(ndr, r->out.group_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_name_1, 0);
+		}
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_name_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
@@ -5206,7 +5370,9 @@ _PUBLIC_ void ndr_print_EnumServicesStatusExA(struct ndr_print *ndr, const char
 		ndr->depth++;
 		ndr_print_ptr(ndr, "group_name", *r->out.group_name);
 		ndr->depth++;
-		ndr_print_string(ndr, "group_name", *r->out.group_name);
+		if (*r->out.group_name) {
+			ndr_print_string(ndr, "group_name", *r->out.group_name);
+		}
 		ndr->depth--;
 		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
@@ -5248,14 +5414,13 @@ static enum ndr_err_code ndr_push_EnumServicesStatusExW(struct ndr_push *ndr, in
 		if (r->out.group_name == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		if (*r->out.group_name == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.group_name));
+		if (*r->out.group_name) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.group_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.group_name, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.group_name, ndr_charset_length(*r->out.group_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		}
-		NDR_CHECK(ndr_push_ref_ptr(ndr));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.group_name, CH_UTF16)));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.group_name, CH_UTF16)));
-		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.group_name, ndr_charset_length(*r->out.group_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -5270,6 +5435,7 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExW(struct ndr_pull *ndr, in
 	TALLOC_CTX *_mem_save_service_returned_0;
 	TALLOC_CTX *_mem_save_resume_handle_0;
 	TALLOC_CTX *_mem_save_group_name_0;
+	TALLOC_CTX *_mem_save_group_name_1;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -5337,14 +5503,24 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExW(struct ndr_pull *ndr, in
 		}
 		_mem_save_group_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.group_name, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_group_name));
-		NDR_CHECK(ndr_pull_array_size(ndr, r->out.group_name));
-		NDR_CHECK(ndr_pull_array_length(ndr, r->out.group_name));
-		if (ndr_get_array_length(ndr, r->out.group_name) > ndr_get_array_size(ndr, r->out.group_name)) {
-			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.group_name), ndr_get_array_length(ndr, r->out.group_name));
-		}
-		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.group_name), sizeof(uint16_t)));
-		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.group_name, ndr_get_array_length(ndr, r->out.group_name), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_name));
+		if (_ptr_group_name) {
+			NDR_PULL_ALLOC(ndr, *r->out.group_name);
+		} else {
+			*r->out.group_name = NULL;
+		}
+		if (*r->out.group_name) {
+			_mem_save_group_name_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.group_name, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, r->out.group_name));
+			NDR_CHECK(ndr_pull_array_length(ndr, r->out.group_name));
+			if (ndr_get_array_length(ndr, r->out.group_name) > ndr_get_array_size(ndr, r->out.group_name)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.group_name), ndr_get_array_length(ndr, r->out.group_name));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.group_name), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.group_name, ndr_get_array_length(ndr, r->out.group_name), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_name_1, 0);
+		}
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_name_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
@@ -5399,7 +5575,9 @@ _PUBLIC_ void ndr_print_EnumServicesStatusExW(struct ndr_print *ndr, const char
 		ndr->depth++;
 		ndr_print_ptr(ndr, "group_name", *r->out.group_name);
 		ndr->depth++;
-		ndr_print_string(ndr, "group_name", *r->out.group_name);
+		if (*r->out.group_name) {
+			ndr_print_string(ndr, "group_name", *r->out.group_name);
+		}
 		ndr->depth--;
 		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
diff --git a/source3/librpc/gen_ndr/ndr_unixinfo.c b/source3/librpc/gen_ndr/ndr_unixinfo.c
deleted file mode 100644
index 03a8d30f03..0000000000
--- a/source3/librpc/gen_ndr/ndr_unixinfo.c
+++ /dev/null
@@ -1,538 +0,0 @@
-/* parser auto-generated by pidl */
-
-#include "includes.h"
-#include "librpc/gen_ndr/ndr_unixinfo.h"
-
-#include "librpc/gen_ndr/ndr_security.h"
-static enum ndr_err_code ndr_push_unixinfo_GetPWUidInfo(struct ndr_push *ndr, int ndr_flags, const struct unixinfo_GetPWUidInfo *r)
-{
-	if (ndr_flags & NDR_SCALARS) {
-		NDR_CHECK(ndr_push_align(ndr, 4));
-		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->status));
-		{
-			uint32_t _flags_save_string = ndr->flags;
-			ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_UTF8|LIBNDR_FLAG_STR_NULLTERM);
-			NDR_CHECK(ndr_push_string(ndr, NDR_SCALARS, r->homedir));
-			ndr->flags = _flags_save_string;
-		}
-		{
-			uint32_t _flags_save_string = ndr->flags;
-			ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_UTF8|LIBNDR_FLAG_STR_NULLTERM);
-			NDR_CHECK(ndr_push_string(ndr, NDR_SCALARS, r->shell));
-			ndr->flags = _flags_save_string;
-		}
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_unixinfo_GetPWUidInfo(struct ndr_pull *ndr, int ndr_flags, struct unixinfo_GetPWUidInfo *r)
-{
-	if (ndr_flags & NDR_SCALARS) {
-		NDR_CHECK(ndr_pull_align(ndr, 4));
-		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->status));
-		{
-			uint32_t _flags_save_string = ndr->flags;
-			ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_UTF8|LIBNDR_FLAG_STR_NULLTERM);
-			NDR_CHECK(ndr_pull_string(ndr, NDR_SCALARS, &r->homedir));
-			ndr->flags = _flags_save_string;
-		}
-		{
-			uint32_t _flags_save_string = ndr->flags;
-			ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_UTF8|LIBNDR_FLAG_STR_NULLTERM);
-			NDR_CHECK(ndr_pull_string(ndr, NDR_SCALARS, &r->shell));
-			ndr->flags = _flags_save_string;
-		}
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-_PUBLIC_ void ndr_print_unixinfo_GetPWUidInfo(struct ndr_print *ndr, const char *name, const struct unixinfo_GetPWUidInfo *r)
-{
-	ndr_print_struct(ndr, name, "unixinfo_GetPWUidInfo");
-	ndr->depth++;
-	ndr_print_NTSTATUS(ndr, "status", r->status);
-	ndr_print_string(ndr, "homedir", r->homedir);
-	ndr_print_string(ndr, "shell", r->shell);
-	ndr->depth--;
-}
-
-static enum ndr_err_code ndr_push_unixinfo_SidToUid(struct ndr_push *ndr, int flags, const struct unixinfo_SidToUid *r)
-{
-	if (flags & NDR_IN) {
-		NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.sid));
-	}
-	if (flags & NDR_OUT) {
-		if (r->out.uid == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
-		}
-		NDR_CHECK(ndr_push_hyper(ndr, NDR_SCALARS, *r->out.uid));
-		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_unixinfo_SidToUid(struct ndr_pull *ndr, int flags, struct unixinfo_SidToUid *r)
-{
-	TALLOC_CTX *_mem_save_uid_0;
-	if (flags & NDR_IN) {
-		ZERO_STRUCT(r->out);
-
-		NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.sid));
-		NDR_PULL_ALLOC(ndr, r->out.uid);
-		ZERO_STRUCTP(r->out.uid);
-	}
-	if (flags & NDR_OUT) {
-		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
-			NDR_PULL_ALLOC(ndr, r->out.uid);
-		}
-		_mem_save_uid_0 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, r->out.uid, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, r->out.uid));
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_uid_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-_PUBLIC_ void ndr_print_unixinfo_SidToUid(struct ndr_print *ndr, const char *name, int flags, const struct unixinfo_SidToUid *r)
-{
-	ndr_print_struct(ndr, name, "unixinfo_SidToUid");
-	ndr->depth++;
-	if (flags & NDR_SET_VALUES) {
-		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
-	}
-	if (flags & NDR_IN) {
-		ndr_print_struct(ndr, "in", "unixinfo_SidToUid");
-		ndr->depth++;
-		ndr_print_dom_sid(ndr, "sid", &r->in.sid);
-		ndr->depth--;
-	}
-	if (flags & NDR_OUT) {
-		ndr_print_struct(ndr, "out", "unixinfo_SidToUid");
-		ndr->depth++;
-		ndr_print_ptr(ndr, "uid", r->out.uid);
-		ndr->depth++;
-		ndr_print_hyper(ndr, "uid", *r->out.uid);
-		ndr->depth--;
-		ndr_print_NTSTATUS(ndr, "result", r->out.result);
-		ndr->depth--;
-	}
-	ndr->depth--;
-}
-
-static enum ndr_err_code ndr_push_unixinfo_UidToSid(struct ndr_push *ndr, int flags, const struct unixinfo_UidToSid *r)
-{
-	if (flags & NDR_IN) {
-		NDR_CHECK(ndr_push_hyper(ndr, NDR_SCALARS, r->in.uid));
-	}
-	if (flags & NDR_OUT) {
-		if (r->out.sid == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
-		}
-		NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.sid));
-		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_unixinfo_UidToSid(struct ndr_pull *ndr, int flags, struct unixinfo_UidToSid *r)
-{
-	TALLOC_CTX *_mem_save_sid_0;
-	if (flags & NDR_IN) {
-		ZERO_STRUCT(r->out);
-
-		NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, &r->in.uid));
-		NDR_PULL_ALLOC(ndr, r->out.sid);
-		ZERO_STRUCTP(r->out.sid);
-	}
-	if (flags & NDR_OUT) {
-		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
-			NDR_PULL_ALLOC(ndr, r->out.sid);
-		}
-		_mem_save_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, r->out.sid, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.sid));
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sid_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-_PUBLIC_ void ndr_print_unixinfo_UidToSid(struct ndr_print *ndr, const char *name, int flags, const struct unixinfo_UidToSid *r)
-{
-	ndr_print_struct(ndr, name, "unixinfo_UidToSid");
-	ndr->depth++;
-	if (flags & NDR_SET_VALUES) {
-		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
-	}
-	if (flags & NDR_IN) {
-		ndr_print_struct(ndr, "in", "unixinfo_UidToSid");
-		ndr->depth++;
-		ndr_print_hyper(ndr, "uid", r->in.uid);
-		ndr->depth--;
-	}
-	if (flags & NDR_OUT) {
-		ndr_print_struct(ndr, "out", "unixinfo_UidToSid");
-		ndr->depth++;
-		ndr_print_ptr(ndr, "sid", r->out.sid);
-		ndr->depth++;
-		ndr_print_dom_sid(ndr, "sid", r->out.sid);
-		ndr->depth--;
-		ndr_print_NTSTATUS(ndr, "result", r->out.result);
-		ndr->depth--;
-	}
-	ndr->depth--;
-}
-
-static enum ndr_err_code ndr_push_unixinfo_SidToGid(struct ndr_push *ndr, int flags, const struct unixinfo_SidToGid *r)
-{
-	if (flags & NDR_IN) {
-		NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.sid));
-	}
-	if (flags & NDR_OUT) {
-		if (r->out.gid == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
-		}
-		NDR_CHECK(ndr_push_hyper(ndr, NDR_SCALARS, *r->out.gid));
-		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_unixinfo_SidToGid(struct ndr_pull *ndr, int flags, struct unixinfo_SidToGid *r)
-{
-	TALLOC_CTX *_mem_save_gid_0;
-	if (flags & NDR_IN) {
-		ZERO_STRUCT(r->out);
-
-		NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, &r->in.sid));
-		NDR_PULL_ALLOC(ndr, r->out.gid);
-		ZERO_STRUCTP(r->out.gid);
-	}
-	if (flags & NDR_OUT) {
-		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
-			NDR_PULL_ALLOC(ndr, r->out.gid);
-		}
-		_mem_save_gid_0 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, r->out.gid, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, r->out.gid));
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_gid_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-_PUBLIC_ void ndr_print_unixinfo_SidToGid(struct ndr_print *ndr, const char *name, int flags, const struct unixinfo_SidToGid *r)
-{
-	ndr_print_struct(ndr, name, "unixinfo_SidToGid");
-	ndr->depth++;
-	if (flags & NDR_SET_VALUES) {
-		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
-	}
-	if (flags & NDR_IN) {
-		ndr_print_struct(ndr, "in", "unixinfo_SidToGid");
-		ndr->depth++;
-		ndr_print_dom_sid(ndr, "sid", &r->in.sid);
-		ndr->depth--;
-	}
-	if (flags & NDR_OUT) {
-		ndr_print_struct(ndr, "out", "unixinfo_SidToGid");
-		ndr->depth++;
-		ndr_print_ptr(ndr, "gid", r->out.gid);
-		ndr->depth++;
-		ndr_print_hyper(ndr, "gid", *r->out.gid);
-		ndr->depth--;
-		ndr_print_NTSTATUS(ndr, "result", r->out.result);
-		ndr->depth--;
-	}
-	ndr->depth--;
-}
-
-static enum ndr_err_code ndr_push_unixinfo_GidToSid(struct ndr_push *ndr, int flags, const struct unixinfo_GidToSid *r)
-{
-	if (flags & NDR_IN) {
-		NDR_CHECK(ndr_push_hyper(ndr, NDR_SCALARS, r->in.gid));
-	}
-	if (flags & NDR_OUT) {
-		if (r->out.sid == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
-		}
-		NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.sid));
-		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_unixinfo_GidToSid(struct ndr_pull *ndr, int flags, struct unixinfo_GidToSid *r)
-{
-	TALLOC_CTX *_mem_save_sid_0;
-	if (flags & NDR_IN) {
-		ZERO_STRUCT(r->out);
-
-		NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, &r->in.gid));
-		NDR_PULL_ALLOC(ndr, r->out.sid);
-		ZERO_STRUCTP(r->out.sid);
-	}
-	if (flags & NDR_OUT) {
-		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
-			NDR_PULL_ALLOC(ndr, r->out.sid);
-		}
-		_mem_save_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, r->out.sid, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.sid));
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sid_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-_PUBLIC_ void ndr_print_unixinfo_GidToSid(struct ndr_print *ndr, const char *name, int flags, const struct unixinfo_GidToSid *r)
-{
-	ndr_print_struct(ndr, name, "unixinfo_GidToSid");
-	ndr->depth++;
-	if (flags & NDR_SET_VALUES) {
-		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
-	}
-	if (flags & NDR_IN) {
-		ndr_print_struct(ndr, "in", "unixinfo_GidToSid");
-		ndr->depth++;
-		ndr_print_hyper(ndr, "gid", r->in.gid);
-		ndr->depth--;
-	}
-	if (flags & NDR_OUT) {
-		ndr_print_struct(ndr, "out", "unixinfo_GidToSid");
-		ndr->depth++;
-		ndr_print_ptr(ndr, "sid", r->out.sid);
-		ndr->depth++;
-		ndr_print_dom_sid(ndr, "sid", r->out.sid);
-		ndr->depth--;
-		ndr_print_NTSTATUS(ndr, "result", r->out.result);
-		ndr->depth--;
-	}
-	ndr->depth--;
-}
-
-static enum ndr_err_code ndr_push_unixinfo_GetPWUid(struct ndr_push *ndr, int flags, const struct unixinfo_GetPWUid *r)
-{
-	uint32_t cntr_uids_0;
-	uint32_t cntr_infos_0;
-	if (flags & NDR_IN) {
-		if (r->in.count == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
-		}
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.count));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.count));
-		for (cntr_uids_0 = 0; cntr_uids_0 < *r->in.count; cntr_uids_0++) {
-			NDR_CHECK(ndr_push_hyper(ndr, NDR_SCALARS, r->in.uids[cntr_uids_0]));
-		}
-	}
-	if (flags & NDR_OUT) {
-		if (r->out.count == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
-		}
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.count));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.count));
-		for (cntr_infos_0 = 0; cntr_infos_0 < *r->out.count; cntr_infos_0++) {
-			NDR_CHECK(ndr_push_unixinfo_GetPWUidInfo(ndr, NDR_SCALARS, &r->out.infos[cntr_infos_0]));
-		}
-		NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result));
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_unixinfo_GetPWUid(struct ndr_pull *ndr, int flags, struct unixinfo_GetPWUid *r)
-{
-	uint32_t cntr_uids_0;
-	uint32_t cntr_infos_0;
-	TALLOC_CTX *_mem_save_count_0;
-	TALLOC_CTX *_mem_save_uids_0;
-	TALLOC_CTX *_mem_save_infos_0;
-	if (flags & NDR_IN) {
-		ZERO_STRUCT(r->out);
-
-		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
-			NDR_PULL_ALLOC(ndr, r->in.count);
-		}
-		_mem_save_count_0 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, r->in.count, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.count));
-		if (*r->in.count < 0 || *r->in.count > 1023) {
-			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
-		}
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_count_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_array_size(ndr, &r->in.uids));
-		NDR_PULL_ALLOC_N(ndr, r->in.uids, ndr_get_array_size(ndr, &r->in.uids));
-		_mem_save_uids_0 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, r->in.uids, 0);
-		for (cntr_uids_0 = 0; cntr_uids_0 < *r->in.count; cntr_uids_0++) {
-			NDR_CHECK(ndr_pull_hyper(ndr, NDR_SCALARS, &r->in.uids[cntr_uids_0]));
-		}
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_uids_0, 0);
-		NDR_PULL_ALLOC(ndr, r->out.count);
-		*r->out.count = *r->in.count;
-		if (r->in.uids) {
-			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.uids, *r->in.count));
-		}
-	}
-	if (flags & NDR_OUT) {
-		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
-			NDR_PULL_ALLOC(ndr, r->out.count);
-		}
-		_mem_save_count_0 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, r->out.count, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.count));
-		if (*r->out.count < 0 || *r->out.count > 1023) {
-			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
-		}
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_count_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_array_size(ndr, &r->out.infos));
-		NDR_PULL_ALLOC_N(ndr, r->out.infos, ndr_get_array_size(ndr, &r->out.infos));
-		_mem_save_infos_0 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, r->out.infos, 0);
-		for (cntr_infos_0 = 0; cntr_infos_0 < *r->out.count; cntr_infos_0++) {
-			NDR_CHECK(ndr_pull_unixinfo_GetPWUidInfo(ndr, NDR_SCALARS, &r->out.infos[cntr_infos_0]));
-		}
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_infos_0, 0);
-		NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result));
-		if (r->out.infos) {
-			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.infos, *r->out.count));
-		}
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-_PUBLIC_ void ndr_print_unixinfo_GetPWUid(struct ndr_print *ndr, const char *name, int flags, const struct unixinfo_GetPWUid *r)
-{
-	uint32_t cntr_uids_0;
-	uint32_t cntr_infos_0;
-	ndr_print_struct(ndr, name, "unixinfo_GetPWUid");
-	ndr->depth++;
-	if (flags & NDR_SET_VALUES) {
-		ndr->flags |= LIBNDR_PRINT_SET_VALUES;
-	}
-	if (flags & NDR_IN) {
-		ndr_print_struct(ndr, "in", "unixinfo_GetPWUid");
-		ndr->depth++;
-		ndr_print_ptr(ndr, "count", r->in.count);
-		ndr->depth++;
-		ndr_print_uint32(ndr, "count", *r->in.count);
-		ndr->depth--;
-		ndr->print(ndr, "%s: ARRAY(%d)", "uids", *r->in.count);
-		ndr->depth++;
-		for (cntr_uids_0=0;cntr_uids_0<*r->in.count;cntr_uids_0++) {
-			char *idx_0=NULL;
-			asprintf(&idx_0, "[%d]", cntr_uids_0);
-			if (idx_0) {
-				ndr_print_hyper(ndr, "uids", r->in.uids[cntr_uids_0]);
-				free(idx_0);
-			}
-		}
-		ndr->depth--;
-		ndr->depth--;
-	}
-	if (flags & NDR_OUT) {
-		ndr_print_struct(ndr, "out", "unixinfo_GetPWUid");
-		ndr->depth++;
-		ndr_print_ptr(ndr, "count", r->out.count);
-		ndr->depth++;
-		ndr_print_uint32(ndr, "count", *r->out.count);
-		ndr->depth--;
-		ndr->print(ndr, "%s: ARRAY(%d)", "infos", *r->out.count);
-		ndr->depth++;
-		for (cntr_infos_0=0;cntr_infos_0<*r->out.count;cntr_infos_0++) {
-			char *idx_0=NULL;
-			asprintf(&idx_0, "[%d]", cntr_infos_0);
-			if (idx_0) {
-				ndr_print_unixinfo_GetPWUidInfo(ndr, "infos", &r->out.infos[cntr_infos_0]);
-				free(idx_0);
-			}
-		}
-		ndr->depth--;
-		ndr_print_NTSTATUS(ndr, "result", r->out.result);
-		ndr->depth--;
-	}
-	ndr->depth--;
-}
-
-static const struct ndr_interface_call unixinfo_calls[] = {
-	{
-		"unixinfo_SidToUid",
-		sizeof(struct unixinfo_SidToUid),
-		(ndr_push_flags_fn_t) ndr_push_unixinfo_SidToUid,
-		(ndr_pull_flags_fn_t) ndr_pull_unixinfo_SidToUid,
-		(ndr_print_function_t) ndr_print_unixinfo_SidToUid,
-		false,
-	},
-	{
-		"unixinfo_UidToSid",
-		sizeof(struct unixinfo_UidToSid),
-		(ndr_push_flags_fn_t) ndr_push_unixinfo_UidToSid,
-		(ndr_pull_flags_fn_t) ndr_pull_unixinfo_UidToSid,
-		(ndr_print_function_t) ndr_print_unixinfo_UidToSid,
-		false,
-	},
-	{
-		"unixinfo_SidToGid",
-		sizeof(struct unixinfo_SidToGid),
-		(ndr_push_flags_fn_t) ndr_push_unixinfo_SidToGid,
-		(ndr_pull_flags_fn_t) ndr_pull_unixinfo_SidToGid,
-		(ndr_print_function_t) ndr_print_unixinfo_SidToGid,
-		false,
-	},
-	{
-		"unixinfo_GidToSid",
-		sizeof(struct unixinfo_GidToSid),
-		(ndr_push_flags_fn_t) ndr_push_unixinfo_GidToSid,
-		(ndr_pull_flags_fn_t) ndr_pull_unixinfo_GidToSid,
-		(ndr_print_function_t) ndr_print_unixinfo_GidToSid,
-		false,
-	},
-	{
-		"unixinfo_GetPWUid",
-		sizeof(struct unixinfo_GetPWUid),
-		(ndr_push_flags_fn_t) ndr_push_unixinfo_GetPWUid,
-		(ndr_pull_flags_fn_t) ndr_pull_unixinfo_GetPWUid,
-		(ndr_print_function_t) ndr_print_unixinfo_GetPWUid,
-		false,
-	},
-	{ NULL, 0, NULL, NULL, NULL, false }
-};
-
-static const char * const unixinfo_endpoint_strings[] = {
-	"ncacn_np:[\\pipe\\unixinfo]", 
-	"ncacn_ip_tcp:", 
-	"ncalrpc:", 
-};
-
-static const struct ndr_interface_string_array unixinfo_endpoints = {
-	.count	= 3,
-	.names	= unixinfo_endpoint_strings
-};
-
-static const char * const unixinfo_authservice_strings[] = {
-	"host", 
-};
-
-static const struct ndr_interface_string_array unixinfo_authservices = {
-	.count	= 3,
-	.names	= unixinfo_authservice_strings
-};
-
-
-const struct ndr_interface_table ndr_table_unixinfo = {
-	.name		= "unixinfo",
-	.syntax_id	= {
-		{0x9c54e310,0xa955,0x4885,{0xbd,0x31},{0x78,0x78,0x71,0x47,0xdf,0xa6}},
-		NDR_UNIXINFO_VERSION
-	},
-	.helpstring	= NDR_UNIXINFO_HELPSTRING,
-	.num_calls	= 5,
-	.calls		= unixinfo_calls,
-	.endpoints	= &unixinfo_endpoints,
-	.authservices	= &unixinfo_authservices
-};
-
diff --git a/source3/librpc/gen_ndr/ndr_unixinfo.h b/source3/librpc/gen_ndr/ndr_unixinfo.h
deleted file mode 100644
index 17f8b811db..0000000000
--- a/source3/librpc/gen_ndr/ndr_unixinfo.h
+++ /dev/null
@@ -1,31 +0,0 @@
-/* header auto-generated by pidl */
-
-#include "librpc/ndr/libndr.h"
-#include "librpc/gen_ndr/unixinfo.h"
-
-#ifndef _HEADER_NDR_unixinfo
-#define _HEADER_NDR_unixinfo
-
-#define NDR_UNIXINFO_UUID "9c54e310-a955-4885-bd31-78787147dfa6"
-#define NDR_UNIXINFO_VERSION 0.0
-#define NDR_UNIXINFO_NAME "unixinfo"
-#define NDR_UNIXINFO_HELPSTRING "Unixinfo specific stuff"
-extern const struct ndr_interface_table ndr_table_unixinfo;
-#define NDR_UNIXINFO_SIDTOUID (0x00)
-
-#define NDR_UNIXINFO_UIDTOSID (0x01)
-
-#define NDR_UNIXINFO_SIDTOGID (0x02)
-
-#define NDR_UNIXINFO_GIDTOSID (0x03)
-
-#define NDR_UNIXINFO_GETPWUID (0x04)
-
-#define NDR_UNIXINFO_CALL_COUNT (5)
-void ndr_print_unixinfo_GetPWUidInfo(struct ndr_print *ndr, const char *name, const struct unixinfo_GetPWUidInfo *r);
-void ndr_print_unixinfo_SidToUid(struct ndr_print *ndr, const char *name, int flags, const struct unixinfo_SidToUid *r);
-void ndr_print_unixinfo_UidToSid(struct ndr_print *ndr, const char *name, int flags, const struct unixinfo_UidToSid *r);
-void ndr_print_unixinfo_SidToGid(struct ndr_print *ndr, const char *name, int flags, const struct unixinfo_SidToGid *r);
-void ndr_print_unixinfo_GidToSid(struct ndr_print *ndr, const char *name, int flags, const struct unixinfo_GidToSid *r);
-void ndr_print_unixinfo_GetPWUid(struct ndr_print *ndr, const char *name, int flags, const struct unixinfo_GetPWUid *r);
-#endif /* _HEADER_NDR_unixinfo */
diff --git a/source3/librpc/gen_ndr/ndr_winreg.c b/source3/librpc/gen_ndr/ndr_winreg.c
index b63d410587..cd16a141b0 100644
--- a/source3/librpc/gen_ndr/ndr_winreg.c
+++ b/source3/librpc/gen_ndr/ndr_winreg.c
@@ -3700,7 +3700,7 @@ static enum ndr_err_code ndr_pull_winreg_QueryMultipleValues(struct ndr_pull *nd
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.buffer_size));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_buffer_size_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_PULL_ALLOC_N(ndr, r->out.values, r->in.num_values);
-		memcpy(r->out.values, r->in.values, r->in.num_values * sizeof(*r->in.values));
+		memcpy(r->out.values, r->in.values, (r->in.num_values) * sizeof(*r->in.values));
 		NDR_PULL_ALLOC(ndr, r->out.buffer_size);
 		*r->out.buffer_size = *r->in.buffer_size;
 		if (r->in.values) {
@@ -3798,8 +3798,7 @@ _PUBLIC_ void ndr_print_winreg_QueryMultipleValues(struct ndr_print *ndr, const
 		ndr->depth++;
 		for (cntr_values_1=0;cntr_values_1<r->in.num_values;cntr_values_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_values_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_values_1) != -1) {
 				ndr_print_QueryMultipleValue(ndr, "values", &r->in.values[cntr_values_1]);
 				free(idx_1);
 			}
@@ -3828,8 +3827,7 @@ _PUBLIC_ void ndr_print_winreg_QueryMultipleValues(struct ndr_print *ndr, const
 		ndr->depth++;
 		for (cntr_values_1=0;cntr_values_1<r->in.num_values;cntr_values_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_values_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_values_1) != -1) {
 				ndr_print_QueryMultipleValue(ndr, "values", &r->out.values[cntr_values_1]);
 				free(idx_1);
 			}
diff --git a/source3/librpc/gen_ndr/ndr_wkssvc.c b/source3/librpc/gen_ndr/ndr_wkssvc.c
index c3a1f706cd..80ea67526e 100644
--- a/source3/librpc/gen_ndr/ndr_wkssvc.c
+++ b/source3/librpc/gen_ndr/ndr_wkssvc.c
@@ -1478,152 +1478,152 @@ static enum ndr_err_code ndr_push_wkssvc_NetWkstaInfo(struct ndr_push *ndr, int
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 100:
+			case 100: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info100));
-			break;
+			break; }
 
-			case 101:
+			case 101: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info101));
-			break;
+			break; }
 
-			case 102:
+			case 102: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info102));
-			break;
+			break; }
 
-			case 502:
+			case 502: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info502));
-			break;
+			break; }
 
-			case 1010:
+			case 1010: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1010));
-			break;
+			break; }
 
-			case 1011:
+			case 1011: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1011));
-			break;
+			break; }
 
-			case 1012:
+			case 1012: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1012));
-			break;
+			break; }
 
-			case 1013:
+			case 1013: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1013));
-			break;
+			break; }
 
-			case 1018:
+			case 1018: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1018));
-			break;
+			break; }
 
-			case 1023:
+			case 1023: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1023));
-			break;
+			break; }
 
-			case 1027:
+			case 1027: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1027));
-			break;
+			break; }
 
-			case 1028:
+			case 1028: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1028));
-			break;
+			break; }
 
-			case 1032:
+			case 1032: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1032));
-			break;
+			break; }
 
-			case 1033:
+			case 1033: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1033));
-			break;
+			break; }
 
-			case 1041:
+			case 1041: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1041));
-			break;
+			break; }
 
-			case 1042:
+			case 1042: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1042));
-			break;
+			break; }
 
-			case 1043:
+			case 1043: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1043));
-			break;
+			break; }
 
-			case 1044:
+			case 1044: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1044));
-			break;
+			break; }
 
-			case 1045:
+			case 1045: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1045));
-			break;
+			break; }
 
-			case 1046:
+			case 1046: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1046));
-			break;
+			break; }
 
-			case 1047:
+			case 1047: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1047));
-			break;
+			break; }
 
-			case 1048:
+			case 1048: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1048));
-			break;
+			break; }
 
-			case 1049:
+			case 1049: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1049));
-			break;
+			break; }
 
-			case 1050:
+			case 1050: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1050));
-			break;
+			break; }
 
-			case 1051:
+			case 1051: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1051));
-			break;
+			break; }
 
-			case 1052:
+			case 1052: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1052));
-			break;
+			break; }
 
-			case 1053:
+			case 1053: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1053));
-			break;
+			break; }
 
-			case 1054:
+			case 1054: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1054));
-			break;
+			break; }
 
-			case 1055:
+			case 1055: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1055));
-			break;
+			break; }
 
-			case 1056:
+			case 1056: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1056));
-			break;
+			break; }
 
-			case 1057:
+			case 1057: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1057));
-			break;
+			break; }
 
-			case 1058:
+			case 1058: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1058));
-			break;
+			break; }
 
-			case 1059:
+			case 1059: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1059));
-			break;
+			break; }
 
-			case 1060:
+			case 1060: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1060));
-			break;
+			break; }
 
-			case 1061:
+			case 1061: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1061));
-			break;
+			break; }
 
-			case 1062:
+			case 1062: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1062));
-			break;
+			break; }
 
-			default:
-			break;
+			default: {
+			break; }
 
 		}
 	}
@@ -3071,8 +3071,7 @@ _PUBLIC_ void ndr_print_wkssvc_NetWkstaEnumUsersCtr0(struct ndr_print *ndr, cons
 		ndr->depth++;
 		for (cntr_user0_1=0;cntr_user0_1<r->entries_read;cntr_user0_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_user0_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_user0_1) != -1) {
 				ndr_print_wkssvc_NetrWkstaUserInfo0(ndr, "user0", &r->user0[cntr_user0_1]);
 				free(idx_1);
 			}
@@ -3317,8 +3316,7 @@ _PUBLIC_ void ndr_print_wkssvc_NetWkstaEnumUsersCtr1(struct ndr_print *ndr, cons
 		ndr->depth++;
 		for (cntr_user1_1=0;cntr_user1_1<r->entries_read;cntr_user1_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_user1_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_user1_1) != -1) {
 				ndr_print_wkssvc_NetrWkstaUserInfo1(ndr, "user1", &r->user1[cntr_user1_1]);
 				free(idx_1);
 			}
@@ -3335,13 +3333,13 @@ static enum ndr_err_code ndr_push_wkssvc_NetWkstaEnumUsersCtr(struct ndr_push *n
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 0:
+			case 0: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->user0));
-			break;
+			break; }
 
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->user1));
-			break;
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
@@ -3566,17 +3564,17 @@ static enum ndr_err_code ndr_push_wkssvc_NetrWkstaUserInfo(struct ndr_push *ndr,
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 0:
+			case 0: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info0));
-			break;
+			break; }
 
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1));
-			break;
+			break; }
 
-			case 1101:
+			case 1101: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1101));
-			break;
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
@@ -3909,8 +3907,7 @@ _PUBLIC_ void ndr_print_wkssvc_NetWkstaTransportCtr0(struct ndr_print *ndr, cons
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_wkssvc_NetWkstaTransportInfo0(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -3927,9 +3924,9 @@ static enum ndr_err_code ndr_push_wkssvc_NetWkstaTransportCtr(struct ndr_push *n
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 0:
+			case 0: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr0));
-			break;
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
@@ -4587,21 +4584,21 @@ static enum ndr_err_code ndr_push_wkssvc_NetrUseGetInfoCtr(struct ndr_push *ndr,
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 0:
+			case 0: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info0));
-			break;
+			break; }
 
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info1));
-			break;
+			break; }
 
-			case 2:
+			case 2: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info2));
-			break;
+			break; }
 
-			case 3:
+			case 3: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->info3));
-			break;
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
@@ -4867,8 +4864,7 @@ _PUBLIC_ void ndr_print_wkssvc_NetrUseEnumCtr2(struct ndr_print *ndr, const char
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_wkssvc_NetrUseInfo2(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -4954,8 +4950,7 @@ _PUBLIC_ void ndr_print_wkssvc_NetrUseEnumCtr1(struct ndr_print *ndr, const char
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_wkssvc_NetrUseInfo1(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -5041,8 +5036,7 @@ _PUBLIC_ void ndr_print_wkssvc_NetrUseEnumCtr0(struct ndr_print *ndr, const char
 		ndr->depth++;
 		for (cntr_array_1=0;cntr_array_1<r->count;cntr_array_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_array_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_array_1) != -1) {
 				ndr_print_wkssvc_NetrUseInfo0(ndr, "array", &r->array[cntr_array_1]);
 				free(idx_1);
 			}
@@ -5059,17 +5053,17 @@ static enum ndr_err_code ndr_push_wkssvc_NetrUseEnumCtr(struct ndr_push *ndr, in
 		int level = ndr_push_get_switch_value(ndr, r);
 		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level));
 		switch (level) {
-			case 0:
+			case 0: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr0));
-			break;
+			break; }
 
-			case 1:
+			case 1: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr1));
-			break;
+			break; }
 
-			case 2:
+			case 2: {
 				NDR_CHECK(ndr_push_unique_ptr(ndr, r->ctr2));
-			break;
+			break; }
 
 			default:
 				return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level);
@@ -5666,8 +5660,7 @@ _PUBLIC_ void ndr_print_wkssvc_ComputerNamesCtr(struct ndr_print *ndr, const cha
 		ndr->depth++;
 		for (cntr_computer_name_1=0;cntr_computer_name_1<r->count;cntr_computer_name_1++) {
 			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_computer_name_1);
-			if (idx_1) {
+			if (asprintf(&idx_1, "[%d]", cntr_computer_name_1) != -1) {
 				ndr_print_lsa_String(ndr, "computer_name", &r->computer_name[cntr_computer_name_1]);
 				free(idx_1);
 			}
@@ -7458,11 +7451,10 @@ static enum ndr_err_code ndr_push_wkssvc_NetrWorkstationStatisticsGet(struct ndr
 		if (r->out.info == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		if (*r->out.info == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.info));
+		if (*r->out.info) {
+			NDR_CHECK(ndr_push_wkssvc_NetrWorkstationStatistics(ndr, NDR_SCALARS, *r->out.info));
 		}
-		NDR_CHECK(ndr_push_ref_ptr(ndr));
-		NDR_CHECK(ndr_push_wkssvc_NetrWorkstationStatistics(ndr, NDR_SCALARS, *r->out.info));
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -7527,14 +7519,18 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrWorkstationStatisticsGet(struct ndr
 		}
 		_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.info, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_info));
-		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info));
+		if (_ptr_info) {
 			NDR_PULL_ALLOC(ndr, *r->out.info);
+		} else {
+			*r->out.info = NULL;
+		}
+		if (*r->out.info) {
+			_mem_save_info_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.info, 0);
+			NDR_CHECK(ndr_pull_wkssvc_NetrWorkstationStatistics(ndr, NDR_SCALARS, *r->out.info));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_1, 0);
 		}
-		_mem_save_info_1 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, *r->out.info, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_wkssvc_NetrWorkstationStatistics(ndr, NDR_SCALARS, *r->out.info));
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_1, LIBNDR_FLAG_REF_ALLOC);
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
@@ -7574,7 +7570,9 @@ _PUBLIC_ void ndr_print_wkssvc_NetrWorkstationStatisticsGet(struct ndr_print *nd
 		ndr->depth++;
 		ndr_print_ptr(ndr, "info", *r->out.info);
 		ndr->depth++;
-		ndr_print_wkssvc_NetrWorkstationStatistics(ndr, "info", *r->out.info);
+		if (*r->out.info) {
+			ndr_print_wkssvc_NetrWorkstationStatistics(ndr, "info", *r->out.info);
+		}
 		ndr->depth--;
 		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
@@ -8388,27 +8386,25 @@ static enum ndr_err_code ndr_push_wkssvc_NetrGetJoinInformation(struct ndr_push
 		if (r->in.name_buffer == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		if (*r->in.name_buffer == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->in.name_buffer));
+		if (*r->in.name_buffer) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->in.name_buffer, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->in.name_buffer, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->in.name_buffer, ndr_charset_length(*r->in.name_buffer, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		}
-		NDR_CHECK(ndr_push_ref_ptr(ndr));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->in.name_buffer, CH_UTF16)));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->in.name_buffer, CH_UTF16)));
-		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->in.name_buffer, ndr_charset_length(*r->in.name_buffer, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 	}
 	if (flags & NDR_OUT) {
 		if (r->out.name_buffer == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		if (*r->out.name_buffer == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.name_buffer));
+		if (*r->out.name_buffer) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.name_buffer, CH_UTF16)));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.name_buffer, CH_UTF16)));
+			NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.name_buffer, ndr_charset_length(*r->out.name_buffer, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		}
-		NDR_CHECK(ndr_push_ref_ptr(ndr));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.name_buffer, CH_UTF16)));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.name_buffer, CH_UTF16)));
-		NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.name_buffer, ndr_charset_length(*r->out.name_buffer, CH_UTF16), sizeof(uint16_t), CH_UTF16));
 		if (r->out.name_type == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
@@ -8424,6 +8420,7 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinInformation(struct ndr_pull
 	uint32_t _ptr_name_buffer;
 	TALLOC_CTX *_mem_save_server_name_0;
 	TALLOC_CTX *_mem_save_name_buffer_0;
+	TALLOC_CTX *_mem_save_name_buffer_1;
 	TALLOC_CTX *_mem_save_name_type_0;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
@@ -8451,14 +8448,24 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinInformation(struct ndr_pull
 		}
 		_mem_save_name_buffer_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->in.name_buffer, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_name_buffer));
-		NDR_CHECK(ndr_pull_array_size(ndr, r->in.name_buffer));
-		NDR_CHECK(ndr_pull_array_length(ndr, r->in.name_buffer));
-		if (ndr_get_array_length(ndr, r->in.name_buffer) > ndr_get_array_size(ndr, r->in.name_buffer)) {
-			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->in.name_buffer), ndr_get_array_length(ndr, r->in.name_buffer));
-		}
-		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->in.name_buffer), sizeof(uint16_t)));
-		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->in.name_buffer, ndr_get_array_length(ndr, r->in.name_buffer), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_name_buffer));
+		if (_ptr_name_buffer) {
+			NDR_PULL_ALLOC(ndr, *r->in.name_buffer);
+		} else {
+			*r->in.name_buffer = NULL;
+		}
+		if (*r->in.name_buffer) {
+			_mem_save_name_buffer_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->in.name_buffer, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, r->in.name_buffer));
+			NDR_CHECK(ndr_pull_array_length(ndr, r->in.name_buffer));
+			if (ndr_get_array_length(ndr, r->in.name_buffer) > ndr_get_array_size(ndr, r->in.name_buffer)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->in.name_buffer), ndr_get_array_length(ndr, r->in.name_buffer));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->in.name_buffer), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->in.name_buffer, ndr_get_array_length(ndr, r->in.name_buffer), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_buffer_1, 0);
+		}
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_buffer_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_PULL_ALLOC(ndr, r->out.name_buffer);
 		*r->out.name_buffer = *r->in.name_buffer;
@@ -8471,14 +8478,24 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinInformation(struct ndr_pull
 		}
 		_mem_save_name_buffer_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.name_buffer, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_name_buffer));
-		NDR_CHECK(ndr_pull_array_size(ndr, r->out.name_buffer));
-		NDR_CHECK(ndr_pull_array_length(ndr, r->out.name_buffer));
-		if (ndr_get_array_length(ndr, r->out.name_buffer) > ndr_get_array_size(ndr, r->out.name_buffer)) {
-			return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.name_buffer), ndr_get_array_length(ndr, r->out.name_buffer));
-		}
-		NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.name_buffer), sizeof(uint16_t)));
-		NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.name_buffer, ndr_get_array_length(ndr, r->out.name_buffer), sizeof(uint16_t), CH_UTF16));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_name_buffer));
+		if (_ptr_name_buffer) {
+			NDR_PULL_ALLOC(ndr, *r->out.name_buffer);
+		} else {
+			*r->out.name_buffer = NULL;
+		}
+		if (*r->out.name_buffer) {
+			_mem_save_name_buffer_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.name_buffer, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, r->out.name_buffer));
+			NDR_CHECK(ndr_pull_array_length(ndr, r->out.name_buffer));
+			if (ndr_get_array_length(ndr, r->out.name_buffer) > ndr_get_array_size(ndr, r->out.name_buffer)) {
+				return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.name_buffer), ndr_get_array_length(ndr, r->out.name_buffer));
+			}
+			NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.name_buffer), sizeof(uint16_t)));
+			NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.name_buffer, ndr_get_array_length(ndr, r->out.name_buffer), sizeof(uint16_t), CH_UTF16));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_buffer_1, 0);
+		}
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_buffer_0, LIBNDR_FLAG_REF_ALLOC);
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
 			NDR_PULL_ALLOC(ndr, r->out.name_type);
@@ -8512,7 +8529,9 @@ _PUBLIC_ void ndr_print_wkssvc_NetrGetJoinInformation(struct ndr_print *ndr, con
 		ndr->depth++;
 		ndr_print_ptr(ndr, "name_buffer", *r->in.name_buffer);
 		ndr->depth++;
-		ndr_print_string(ndr, "name_buffer", *r->in.name_buffer);
+		if (*r->in.name_buffer) {
+			ndr_print_string(ndr, "name_buffer", *r->in.name_buffer);
+		}
 		ndr->depth--;
 		ndr->depth--;
 		ndr->depth--;
@@ -8524,7 +8543,9 @@ _PUBLIC_ void ndr_print_wkssvc_NetrGetJoinInformation(struct ndr_print *ndr, con
 		ndr->depth++;
 		ndr_print_ptr(ndr, "name_buffer", *r->out.name_buffer);
 		ndr->depth++;
-		ndr_print_string(ndr, "name_buffer", *r->out.name_buffer);
+		if (*r->out.name_buffer) {
+			ndr_print_string(ndr, "name_buffer", *r->out.name_buffer);
+		}
 		ndr->depth--;
 		ndr->depth--;
 		ndr_print_ptr(ndr, "name_type", r->out.name_type);
@@ -8539,7 +8560,7 @@ _PUBLIC_ void ndr_print_wkssvc_NetrGetJoinInformation(struct ndr_print *ndr, con
 
 static enum ndr_err_code ndr_push_wkssvc_NetrGetJoinableOus(struct ndr_push *ndr, int flags, const struct wkssvc_NetrGetJoinableOus *r)
 {
-	uint32_t cntr_ous_1;
+	uint32_t cntr_ous_2;
 	if (flags & NDR_IN) {
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.server_name));
 		if (r->in.server_name) {
@@ -8582,12 +8603,20 @@ static enum ndr_err_code ndr_push_wkssvc_NetrGetJoinableOus(struct ndr_push *ndr
 		if (r->out.ous == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.num_ous));
-		for (cntr_ous_1 = 0; cntr_ous_1 < *r->out.num_ous; cntr_ous_1++) {
-			if (r->out.ous[cntr_ous_1] == NULL) {
-				return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.ous));
+		if (*r->out.ous) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.num_ous));
+			for (cntr_ous_2 = 0; cntr_ous_2 < *r->out.num_ous; cntr_ous_2++) {
+				NDR_CHECK(ndr_push_unique_ptr(ndr, (*r->out.ous)[cntr_ous_2]));
+			}
+			for (cntr_ous_2 = 0; cntr_ous_2 < *r->out.num_ous; cntr_ous_2++) {
+				if ((*r->out.ous)[cntr_ous_2]) {
+					NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length((*r->out.ous)[cntr_ous_2], CH_UTF16)));
+					NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+					NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length((*r->out.ous)[cntr_ous_2], CH_UTF16)));
+					NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, (*r->out.ous)[cntr_ous_2], ndr_charset_length((*r->out.ous)[cntr_ous_2], CH_UTF16), sizeof(uint16_t), CH_UTF16));
+				}
 			}
-			NDR_CHECK(ndr_push_ref_ptr(ndr));
 		}
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
@@ -8600,13 +8629,15 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinableOus(struct ndr_pull *ndr
 	uint32_t _ptr_Account;
 	uint32_t _ptr_unknown;
 	uint32_t _ptr_ous;
-	uint32_t cntr_ous_1;
+	uint32_t cntr_ous_2;
 	TALLOC_CTX *_mem_save_server_name_0;
 	TALLOC_CTX *_mem_save_Account_0;
 	TALLOC_CTX *_mem_save_unknown_0;
 	TALLOC_CTX *_mem_save_num_ous_0;
+	TALLOC_CTX *_mem_save_ous_0;
 	TALLOC_CTX *_mem_save_ous_1;
 	TALLOC_CTX *_mem_save_ous_2;
+	TALLOC_CTX *_mem_save_ous_3;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -8680,8 +8711,8 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinableOus(struct ndr_pull *ndr
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_num_ous_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_PULL_ALLOC(ndr, r->out.num_ous);
 		*r->out.num_ous = *r->in.num_ous;
-		NDR_PULL_ALLOC_N(ndr, r->out.ous, *r->in.num_ous);
-		memset(r->out.ous, 0, *r->in.num_ous * sizeof(*r->out.ous));
+		NDR_PULL_ALLOC(ndr, r->out.ous);
+		ZERO_STRUCTP(r->out.ous);
 	}
 	if (flags & NDR_OUT) {
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
@@ -8691,22 +8722,53 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinableOus(struct ndr_pull *ndr
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.num_ous, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.num_ous));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_num_ous_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_array_size(ndr, &r->out.ous));
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
-			NDR_PULL_ALLOC_N(ndr, r->out.ous, ndr_get_array_size(ndr, &r->out.ous));
+			NDR_PULL_ALLOC(ndr, r->out.ous);
 		}
-		_mem_save_ous_1 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, r->out.ous, 0);
-		for (cntr_ous_1 = 0; cntr_ous_1 < *r->out.num_ous; cntr_ous_1++) {
-			NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_ous));
-			if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
-				NDR_PULL_ALLOC(ndr, r->out.ous[cntr_ous_1]);
+		_mem_save_ous_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.ous, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ous));
+		if (_ptr_ous) {
+			NDR_PULL_ALLOC(ndr, *r->out.ous);
+		} else {
+			*r->out.ous = NULL;
+		}
+		if (*r->out.ous) {
+			_mem_save_ous_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.ous, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, r->out.ous));
+			NDR_PULL_ALLOC_N(ndr, *r->out.ous, ndr_get_array_size(ndr, r->out.ous));
+			_mem_save_ous_2 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.ous, 0);
+			for (cntr_ous_2 = 0; cntr_ous_2 < *r->out.num_ous; cntr_ous_2++) {
+				NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ous));
+				if (_ptr_ous) {
+					NDR_PULL_ALLOC(ndr, (*r->out.ous)[cntr_ous_2]);
+				} else {
+					(*r->out.ous)[cntr_ous_2] = NULL;
+				}
+			}
+			for (cntr_ous_2 = 0; cntr_ous_2 < *r->out.num_ous; cntr_ous_2++) {
+				if ((*r->out.ous)[cntr_ous_2]) {
+					_mem_save_ous_3 = NDR_PULL_GET_MEM_CTX(ndr);
+					NDR_PULL_SET_MEM_CTX(ndr, (*r->out.ous)[cntr_ous_2], 0);
+					NDR_CHECK(ndr_pull_array_size(ndr, &(*r->out.ous)[cntr_ous_2]));
+					NDR_CHECK(ndr_pull_array_length(ndr, &(*r->out.ous)[cntr_ous_2]));
+					if (ndr_get_array_length(ndr, &(*r->out.ous)[cntr_ous_2]) > ndr_get_array_size(ndr, &(*r->out.ous)[cntr_ous_2])) {
+						return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &(*r->out.ous)[cntr_ous_2]), ndr_get_array_length(ndr, &(*r->out.ous)[cntr_ous_2]));
+					}
+					NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &(*r->out.ous)[cntr_ous_2]), sizeof(uint16_t)));
+					NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &(*r->out.ous)[cntr_ous_2], ndr_get_array_length(ndr, &(*r->out.ous)[cntr_ous_2]), sizeof(uint16_t), CH_UTF16));
+					NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ous_3, 0);
+				}
 			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ous_2, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ous_1, 0);
 		}
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ous_1, 0);
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ous_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
-		if (r->out.ous) {
-			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.ous, *r->out.num_ous));
+		if (*r->out.ous) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)r->out.ous, *r->out.num_ous));
 		}
 	}
 	return NDR_ERR_SUCCESS;
@@ -8714,7 +8776,7 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinableOus(struct ndr_pull *ndr
 
 _PUBLIC_ void ndr_print_wkssvc_NetrGetJoinableOus(struct ndr_print *ndr, const char *name, int flags, const struct wkssvc_NetrGetJoinableOus *r)
 {
-	uint32_t cntr_ous_1;
+	uint32_t cntr_ous_2;
 	ndr_print_struct(ndr, name, "wkssvc_NetrGetJoinableOus");
 	ndr->depth++;
 	if (flags & NDR_SET_VALUES) {
@@ -8760,21 +8822,24 @@ _PUBLIC_ void ndr_print_wkssvc_NetrGetJoinableOus(struct ndr_print *ndr, const c
 		ndr->depth--;
 		ndr_print_ptr(ndr, "ous", r->out.ous);
 		ndr->depth++;
-		ndr->print(ndr, "%s: ARRAY(%d)", "ous", *r->out.num_ous);
+		ndr_print_ptr(ndr, "ous", *r->out.ous);
 		ndr->depth++;
-		for (cntr_ous_1=0;cntr_ous_1<*r->out.num_ous;cntr_ous_1++) {
-			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_ous_1);
-			if (idx_1) {
-				ndr_print_ptr(ndr, "ous", r->out.ous[cntr_ous_1]);
-				ndr->depth++;
-				ndr_print_ptr(ndr, "ous", *r->out.ous[cntr_ous_1]);
-				ndr->depth++;
-				ndr_print_string(ndr, "ous", *r->out.ous[cntr_ous_1]);
-				ndr->depth--;
-				ndr->depth--;
-				free(idx_1);
+		if (*r->out.ous) {
+			ndr->print(ndr, "%s: ARRAY(%d)", "ous", *r->out.num_ous);
+			ndr->depth++;
+			for (cntr_ous_2=0;cntr_ous_2<*r->out.num_ous;cntr_ous_2++) {
+				char *idx_2=NULL;
+				if (asprintf(&idx_2, "[%d]", cntr_ous_2) != -1) {
+					ndr_print_ptr(ndr, "ous", (*r->out.ous)[cntr_ous_2]);
+					ndr->depth++;
+					if ((*r->out.ous)[cntr_ous_2]) {
+						ndr_print_string(ndr, "ous", (*r->out.ous)[cntr_ous_2]);
+					}
+					ndr->depth--;
+					free(idx_2);
+				}
 			}
+			ndr->depth--;
 		}
 		ndr->depth--;
 		ndr->depth--;
@@ -9424,7 +9489,7 @@ _PUBLIC_ void ndr_print_wkssvc_NetrValidateName2(struct ndr_print *ndr, const ch
 
 static enum ndr_err_code ndr_push_wkssvc_NetrGetJoinableOus2(struct ndr_push *ndr, int flags, const struct wkssvc_NetrGetJoinableOus2 *r)
 {
-	uint32_t cntr_ous_1;
+	uint32_t cntr_ous_2;
 	if (flags & NDR_IN) {
 		NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.server_name));
 		if (r->in.server_name) {
@@ -9464,12 +9529,20 @@ static enum ndr_err_code ndr_push_wkssvc_NetrGetJoinableOus2(struct ndr_push *nd
 		if (r->out.ous == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.num_ous));
-		for (cntr_ous_1 = 0; cntr_ous_1 < *r->out.num_ous; cntr_ous_1++) {
-			if (r->out.ous[cntr_ous_1] == NULL) {
-				return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.ous));
+		if (*r->out.ous) {
+			NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.num_ous));
+			for (cntr_ous_2 = 0; cntr_ous_2 < *r->out.num_ous; cntr_ous_2++) {
+				NDR_CHECK(ndr_push_unique_ptr(ndr, (*r->out.ous)[cntr_ous_2]));
+			}
+			for (cntr_ous_2 = 0; cntr_ous_2 < *r->out.num_ous; cntr_ous_2++) {
+				if ((*r->out.ous)[cntr_ous_2]) {
+					NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length((*r->out.ous)[cntr_ous_2], CH_UTF16)));
+					NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+					NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length((*r->out.ous)[cntr_ous_2], CH_UTF16)));
+					NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, (*r->out.ous)[cntr_ous_2], ndr_charset_length((*r->out.ous)[cntr_ous_2], CH_UTF16), sizeof(uint16_t), CH_UTF16));
+				}
 			}
-			NDR_CHECK(ndr_push_ref_ptr(ndr));
 		}
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
@@ -9482,13 +9555,15 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinableOus2(struct ndr_pull *nd
 	uint32_t _ptr_Account;
 	uint32_t _ptr_EncryptedPassword;
 	uint32_t _ptr_ous;
-	uint32_t cntr_ous_1;
+	uint32_t cntr_ous_2;
 	TALLOC_CTX *_mem_save_server_name_0;
 	TALLOC_CTX *_mem_save_Account_0;
 	TALLOC_CTX *_mem_save_EncryptedPassword_0;
 	TALLOC_CTX *_mem_save_num_ous_0;
+	TALLOC_CTX *_mem_save_ous_0;
 	TALLOC_CTX *_mem_save_ous_1;
 	TALLOC_CTX *_mem_save_ous_2;
+	TALLOC_CTX *_mem_save_ous_3;
 	if (flags & NDR_IN) {
 		ZERO_STRUCT(r->out);
 
@@ -9556,8 +9631,8 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinableOus2(struct ndr_pull *nd
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_num_ous_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_PULL_ALLOC(ndr, r->out.num_ous);
 		*r->out.num_ous = *r->in.num_ous;
-		NDR_PULL_ALLOC_N(ndr, r->out.ous, *r->in.num_ous);
-		memset(r->out.ous, 0, *r->in.num_ous * sizeof(*r->out.ous));
+		NDR_PULL_ALLOC(ndr, r->out.ous);
+		ZERO_STRUCTP(r->out.ous);
 	}
 	if (flags & NDR_OUT) {
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
@@ -9567,22 +9642,53 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinableOus2(struct ndr_pull *nd
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.num_ous, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.num_ous));
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_num_ous_0, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_array_size(ndr, &r->out.ous));
 		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
-			NDR_PULL_ALLOC_N(ndr, r->out.ous, ndr_get_array_size(ndr, &r->out.ous));
+			NDR_PULL_ALLOC(ndr, r->out.ous);
 		}
-		_mem_save_ous_1 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, r->out.ous, 0);
-		for (cntr_ous_1 = 0; cntr_ous_1 < *r->out.num_ous; cntr_ous_1++) {
-			NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_ous));
-			if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
-				NDR_PULL_ALLOC(ndr, r->out.ous[cntr_ous_1]);
+		_mem_save_ous_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->out.ous, LIBNDR_FLAG_REF_ALLOC);
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ous));
+		if (_ptr_ous) {
+			NDR_PULL_ALLOC(ndr, *r->out.ous);
+		} else {
+			*r->out.ous = NULL;
+		}
+		if (*r->out.ous) {
+			_mem_save_ous_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.ous, 0);
+			NDR_CHECK(ndr_pull_array_size(ndr, r->out.ous));
+			NDR_PULL_ALLOC_N(ndr, *r->out.ous, ndr_get_array_size(ndr, r->out.ous));
+			_mem_save_ous_2 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.ous, 0);
+			for (cntr_ous_2 = 0; cntr_ous_2 < *r->out.num_ous; cntr_ous_2++) {
+				NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ous));
+				if (_ptr_ous) {
+					NDR_PULL_ALLOC(ndr, (*r->out.ous)[cntr_ous_2]);
+				} else {
+					(*r->out.ous)[cntr_ous_2] = NULL;
+				}
+			}
+			for (cntr_ous_2 = 0; cntr_ous_2 < *r->out.num_ous; cntr_ous_2++) {
+				if ((*r->out.ous)[cntr_ous_2]) {
+					_mem_save_ous_3 = NDR_PULL_GET_MEM_CTX(ndr);
+					NDR_PULL_SET_MEM_CTX(ndr, (*r->out.ous)[cntr_ous_2], 0);
+					NDR_CHECK(ndr_pull_array_size(ndr, &(*r->out.ous)[cntr_ous_2]));
+					NDR_CHECK(ndr_pull_array_length(ndr, &(*r->out.ous)[cntr_ous_2]));
+					if (ndr_get_array_length(ndr, &(*r->out.ous)[cntr_ous_2]) > ndr_get_array_size(ndr, &(*r->out.ous)[cntr_ous_2])) {
+						return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &(*r->out.ous)[cntr_ous_2]), ndr_get_array_length(ndr, &(*r->out.ous)[cntr_ous_2]));
+					}
+					NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &(*r->out.ous)[cntr_ous_2]), sizeof(uint16_t)));
+					NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &(*r->out.ous)[cntr_ous_2], ndr_get_array_length(ndr, &(*r->out.ous)[cntr_ous_2]), sizeof(uint16_t), CH_UTF16));
+					NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ous_3, 0);
+				}
 			}
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ous_2, 0);
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ous_1, 0);
 		}
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ous_1, 0);
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ous_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
-		if (r->out.ous) {
-			NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.ous, *r->out.num_ous));
+		if (*r->out.ous) {
+			NDR_CHECK(ndr_check_array_size(ndr, (void*)r->out.ous, *r->out.num_ous));
 		}
 	}
 	return NDR_ERR_SUCCESS;
@@ -9590,7 +9696,7 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrGetJoinableOus2(struct ndr_pull *nd
 
 _PUBLIC_ void ndr_print_wkssvc_NetrGetJoinableOus2(struct ndr_print *ndr, const char *name, int flags, const struct wkssvc_NetrGetJoinableOus2 *r)
 {
-	uint32_t cntr_ous_1;
+	uint32_t cntr_ous_2;
 	ndr_print_struct(ndr, name, "wkssvc_NetrGetJoinableOus2");
 	ndr->depth++;
 	if (flags & NDR_SET_VALUES) {
@@ -9636,21 +9742,24 @@ _PUBLIC_ void ndr_print_wkssvc_NetrGetJoinableOus2(struct ndr_print *ndr, const
 		ndr->depth--;
 		ndr_print_ptr(ndr, "ous", r->out.ous);
 		ndr->depth++;
-		ndr->print(ndr, "%s: ARRAY(%d)", "ous", *r->out.num_ous);
+		ndr_print_ptr(ndr, "ous", *r->out.ous);
 		ndr->depth++;
-		for (cntr_ous_1=0;cntr_ous_1<*r->out.num_ous;cntr_ous_1++) {
-			char *idx_1=NULL;
-			asprintf(&idx_1, "[%d]", cntr_ous_1);
-			if (idx_1) {
-				ndr_print_ptr(ndr, "ous", r->out.ous[cntr_ous_1]);
-				ndr->depth++;
-				ndr_print_ptr(ndr, "ous", *r->out.ous[cntr_ous_1]);
-				ndr->depth++;
-				ndr_print_string(ndr, "ous", *r->out.ous[cntr_ous_1]);
-				ndr->depth--;
-				ndr->depth--;
-				free(idx_1);
+		if (*r->out.ous) {
+			ndr->print(ndr, "%s: ARRAY(%d)", "ous", *r->out.num_ous);
+			ndr->depth++;
+			for (cntr_ous_2=0;cntr_ous_2<*r->out.num_ous;cntr_ous_2++) {
+				char *idx_2=NULL;
+				if (asprintf(&idx_2, "[%d]", cntr_ous_2) != -1) {
+					ndr_print_ptr(ndr, "ous", (*r->out.ous)[cntr_ous_2]);
+					ndr->depth++;
+					if ((*r->out.ous)[cntr_ous_2]) {
+						ndr_print_string(ndr, "ous", (*r->out.ous)[cntr_ous_2]);
+					}
+					ndr->depth--;
+					free(idx_2);
+				}
 			}
+			ndr->depth--;
 		}
 		ndr->depth--;
 		ndr->depth--;
@@ -10178,11 +10287,10 @@ static enum ndr_err_code ndr_push_wkssvc_NetrEnumerateComputerNames(struct ndr_p
 		if (r->out.ctr == NULL) {
 			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
 		}
-		if (*r->out.ctr == NULL) {
-			return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+		NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.ctr));
+		if (*r->out.ctr) {
+			NDR_CHECK(ndr_push_wkssvc_ComputerNamesCtr(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.ctr));
 		}
-		NDR_CHECK(ndr_push_ref_ptr(ndr));
-		NDR_CHECK(ndr_push_wkssvc_ComputerNamesCtr(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.ctr));
 		NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
 	}
 	return NDR_ERR_SUCCESS;
@@ -10227,14 +10335,18 @@ static enum ndr_err_code ndr_pull_wkssvc_NetrEnumerateComputerNames(struct ndr_p
 		}
 		_mem_save_ctr_0 = NDR_PULL_GET_MEM_CTX(ndr);
 		NDR_PULL_SET_MEM_CTX(ndr, r->out.ctr, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_ref_ptr(ndr, &_ptr_ctr));
-		if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_ctr));
+		if (_ptr_ctr) {
 			NDR_PULL_ALLOC(ndr, *r->out.ctr);
+		} else {
+			*r->out.ctr = NULL;
+		}
+		if (*r->out.ctr) {
+			_mem_save_ctr_1 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, *r->out.ctr, 0);
+			NDR_CHECK(ndr_pull_wkssvc_ComputerNamesCtr(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.ctr));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ctr_1, 0);
 		}
-		_mem_save_ctr_1 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, *r->out.ctr, LIBNDR_FLAG_REF_ALLOC);
-		NDR_CHECK(ndr_pull_wkssvc_ComputerNamesCtr(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.ctr));
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ctr_1, LIBNDR_FLAG_REF_ALLOC);
 		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_ctr_0, LIBNDR_FLAG_REF_ALLOC);
 		NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
 	}
@@ -10268,7 +10380,9 @@ _PUBLIC_ void ndr_print_wkssvc_NetrEnumerateComputerNames(struct ndr_print *ndr,
 		ndr->depth++;
 		ndr_print_ptr(ndr, "ctr", *r->out.ctr);
 		ndr->depth++;
-		ndr_print_wkssvc_ComputerNamesCtr(ndr, "ctr", *r->out.ctr);
+		if (*r->out.ctr) {
+			ndr_print_wkssvc_ComputerNamesCtr(ndr, "ctr", *r->out.ctr);
+		}
 		ndr->depth--;
 		ndr->depth--;
 		ndr_print_WERROR(ndr, "result", r->out.result);
diff --git a/source3/librpc/gen_ndr/ndr_xattr.c b/source3/librpc/gen_ndr/ndr_xattr.c
index 29a31a12b2..46c4249d21 100644
--- a/source3/librpc/gen_ndr/ndr_xattr.c
+++ b/source3/librpc/gen_ndr/ndr_xattr.c
@@ -91,8 +91,7 @@ _PUBLIC_ void ndr_print_tdb_xattrs(struct ndr_print *ndr, const char *name, cons
 	ndr->depth++;
 	for (cntr_xattrs_0=0;cntr_xattrs_0<r->num_xattrs;cntr_xattrs_0++) {
 		char *idx_0=NULL;
-		asprintf(&idx_0, "[%d]", cntr_xattrs_0);
-		if (idx_0) {
+		if (asprintf(&idx_0, "[%d]", cntr_xattrs_0) != -1) {
 			ndr_print_tdb_xattr(ndr, "xattrs", &r->xattrs[cntr_xattrs_0]);
 			free(idx_0);
 		}
@@ -100,3 +99,4 @@ _PUBLIC_ void ndr_print_tdb_xattrs(struct ndr_print *ndr, const char *name, cons
 	ndr->depth--;
 	ndr->depth--;
 }
+
diff --git a/source3/librpc/gen_ndr/netlogon.h b/source3/librpc/gen_ndr/netlogon.h
index e33818257d..058e5e7fb0 100644
--- a/source3/librpc/gen_ndr/netlogon.h
+++ b/source3/librpc/gen_ndr/netlogon.h
@@ -8,14 +8,10 @@
 #ifndef _HEADER_netlogon
 #define _HEADER_netlogon
 
-#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED	( 0x002 )
-#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT	( 0x020 )
-#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT	( 0x800 )
 #define NETLOGON_NEG_ARCFOUR	( 0x00000004 )
 #define NETLOGON_NEG_128BIT	( 0x00004000 )
 #define NETLOGON_NEG_SCHANNEL	( 0x40000000 )
-;
-
+#define DS_GFTI_UPDATE_TDO	( 0x1 )
 struct netr_UasInfo {
 	const char *account_name;/* [unique,charset(UTF16)] */
 	uint32_t priv;
@@ -46,6 +42,14 @@ struct netr_AcctLockStr {
 	uint16_t *bindata;/* [unique,length_is(length/2),size_is(size/2)] */
 };
 
+/* bitmap netr_LogonParameterControl */
+#define MSV1_0_CLEARTEXT_PASSWORD_ALLOWED ( 0x00000002 )
+#define MSV1_0_UPDATE_LOGON_STATISTICS ( 0x00000004 )
+#define MSV1_0_RETURN_USER_PARAMETERS ( 0x00000008 )
+#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT ( 0x00000020 )
+#define MSV1_0_RETURN_PROFILE_PATH ( 0x00000200 )
+#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT ( 0x00000800 )
+
 struct netr_IdentityInfo {
 	struct lsa_String domain_name;
 	uint32_t parameter_control;
@@ -79,11 +83,6 @@ union netr_LogonLevel {
 	struct netr_NetworkInfo *network;/* [unique,case(2)] */
 }/* [public,switch_type(uint16)] */;
 
-struct netr_GroupMembership {
-	uint32_t rid;
-	uint32_t attributes;
-}/* [public] */;
-
 struct netr_UserSessionKey {
 	uint8_t key[16];
 }/* [public,flag(LIBNDR_PRINT_ARRAY_HEX)] */;
@@ -93,18 +92,17 @@ struct netr_LMSessionKey {
 }/* [public,flag(LIBNDR_PRINT_ARRAY_HEX)] */;
 
 /* bitmap netr_UserFlags */
-#define NETLOGON_GUEST ( 0x0001 )
-#define NETLOGON_NOENCRYPTION ( 0x0002 )
-#define NETLOGON_CACHED_ACCOUNT ( 0x0004 )
-#define NETLOGON_USED_LM_PASSWORD ( 0x0008 )
-#define NETLOGON_EXTRA_SIDS ( 0x0020 )
-#define NETLOGON_SUBAUTH_SESSION_KEY ( 0x0040 )
-#define NETLOGON_SERVER_TRUST_ACCOUNT ( 0x0080 )
-#define NETLOGON_NTLMV2_ENABLED ( 0x0100 )
-#define NETLOGON_RESOURCE_GROUPS ( 0x0200 )
-#define NETLOGON_PROFILE_PATH_RETURNED ( 0x0400 )
-
-;
+#define NETLOGON_GUEST ( 0x00000001 )
+#define NETLOGON_NOENCRYPTION ( 0x00000002 )
+#define NETLOGON_CACHED_ACCOUNT ( 0x00000004 )
+#define NETLOGON_USED_LM_PASSWORD ( 0x00000008 )
+#define NETLOGON_EXTRA_SIDS ( 0x00000020 )
+#define NETLOGON_SUBAUTH_SESSION_KEY ( 0x00000040 )
+#define NETLOGON_SERVER_TRUST_ACCOUNT ( 0x00000080 )
+#define NETLOGON_NTLMV2_ENABLED ( 0x00000100 )
+#define NETLOGON_RESOURCE_GROUPS ( 0x00000200 )
+#define NETLOGON_PROFILE_PATH_RETURNED ( 0x00000400 )
+#define NETLOGON_GRACE_LOGON ( 0x01000000 )
 
 struct netr_SamBaseInfo {
 	NTTIME last_logon;
@@ -140,7 +138,7 @@ struct netr_SamInfo2 {
 
 struct netr_SidAttr {
 	struct dom_sid2 *sid;/* [unique] */
-	uint32_t attribute;
+	uint32_t attributes;
 };
 
 struct netr_SamInfo3 {
@@ -215,10 +213,10 @@ struct netr_USER_KEY16 {
 
 struct netr_PasswordHistory {
 	uint16_t nt_length;
-	uint16_t nt_size;
+	uint16_t nt_size;/* [value(nt_length)] */
 	uint32_t nt_flags;
 	uint16_t lm_length;
-	uint16_t lm_size;
+	uint16_t lm_size;/* [value(lm_length)] */
 	uint32_t lm_flags;
 	uint8_t *nt_history;
 	uint8_t *lm_history;
@@ -227,7 +225,7 @@ struct netr_PasswordHistory {
 struct netr_USER_KEYS2 {
 	struct netr_USER_KEY16 lmpassword;
 	struct netr_USER_KEY16 ntpassword;
-	struct netr_PasswordHistory lmhistory;
+	struct netr_PasswordHistory history;
 };
 
 struct netr_USER_KEY_UNION {
@@ -605,6 +603,7 @@ union netr_CONTROL_QUERY_INFORMATION {
 enum netr_LogonControlCode
 #ifndef USE_UINT_ENUMS
  {
+	NETLOGON_CONTROL_SYNC=2,
 	NETLOGON_CONTROL_REDISCOVER=5,
 	NETLOGON_CONTROL_TC_QUERY=6,
 	NETLOGON_CONTROL_TRANSPORT_NOTIFY=7,
@@ -612,6 +611,7 @@ enum netr_LogonControlCode
 }
 #else
  { __donnot_use_enum_netr_LogonControlCode=0x7FFFFFFF}
+#define NETLOGON_CONTROL_SYNC ( 2 )
 #define NETLOGON_CONTROL_REDISCOVER ( 5 )
 #define NETLOGON_CONTROL_TC_QUERY ( 6 )
 #define NETLOGON_CONTROL_TRANSPORT_NOTIFY ( 7 )
@@ -624,10 +624,66 @@ union netr_CONTROL_DATA_INFORMATION {
 	uint32_t debug_level;/* [case(NETLOGON_CONTROL_SET_DBFLAG)] */
 };
 
+struct netr_Blob {
+	uint32_t length;
+	uint8_t *data;/* [unique,size_is(length)] */
+};
+
+/* bitmap netr_DsRGetDCName_flags */
+#define DS_FORCE_REDISCOVERY ( 0x00000001 )
+#define DS_DIRECTORY_SERVICE_REQUIRED ( 0x00000010 )
+#define DS_DIRECTORY_SERVICE_PREFERRED ( 0x00000020 )
+#define DS_GC_SERVER_REQUIRED ( 0x00000040 )
+#define DS_PDC_REQUIRED ( 0x00000080 )
+#define DS_BACKGROUND_ONLY ( 0x00000100 )
+#define DS_IP_REQUIRED ( 0x00000200 )
+#define DS_KDC_REQUIRED ( 0x00000400 )
+#define DS_TIMESERV_REQUIRED ( 0x00000800 )
+#define DS_WRITABLE_REQUIRED ( 0x00001000 )
+#define DS_GOOD_TIMESERV_PREFERRED ( 0x00002000 )
+#define DS_AVOID_SELF ( 0x00004000 )
+#define DS_ONLY_LDAP_NEEDED ( 0x00008000 )
+#define DS_IS_FLAT_NAME ( 0x00010000 )
+#define DS_IS_DNS_NAME ( 0x00020000 )
+#define DS_TRY_NEXTCLOSEST_SITE ( 0x00040000 )
+#define DS_DIRECTORY_SERVICE_6_REQUIRED ( 0x00080000 )
+#define DS_RETURN_DNS_NAME ( 0x40000000 )
+#define DS_RETURN_FLAT_NAME ( 0x80000000 )
+
+enum netr_DsRGetDCNameInfo_AddressType
+#ifndef USE_UINT_ENUMS
+ {
+	DS_ADDRESS_TYPE_INET=1,
+	DS_ADDRESS_TYPE_NETBIOS=2
+}
+#else
+ { __donnot_use_enum_netr_DsRGetDCNameInfo_AddressType=0x7FFFFFFF}
+#define DS_ADDRESS_TYPE_INET ( 1 )
+#define DS_ADDRESS_TYPE_NETBIOS ( 2 )
+#endif
+;
+
+/* bitmap netr_DsR_DcFlags */
+#define DS_SERVER_PDC ( 0x00000001 )
+#define DS_SERVER_GC ( 0x00000004 )
+#define DS_SERVER_LDAP ( 0x00000008 )
+#define DS_SERVER_DS ( 0x00000010 )
+#define DS_SERVER_KDC ( 0x00000020 )
+#define DS_SERVER_TIMESERV ( 0x00000040 )
+#define DS_SERVER_CLOSEST ( 0x00000080 )
+#define DS_SERVER_WRITABLE ( 0x00000100 )
+#define DS_SERVER_GOOD_TIMESERV ( 0x00000200 )
+#define DS_SERVER_NDNC ( 0x00000400 )
+#define DS_SERVER_SELECT_SECRET_DOMAIN_6 ( 0x00000800 )
+#define DS_SERVER_FULL_SECRET_DOMAIN_6 ( 0x00001000 )
+#define DS_DNS_CONTROLLER ( 0x20000000 )
+#define DS_DNS_DOMAIN ( 0x40000000 )
+#define DS_DNS_FOREST ( 0x80000000 )
+
 struct netr_DsRGetDCNameInfo {
 	const char *dc_unc;/* [unique,charset(UTF16)] */
 	const char *dc_address;/* [unique,charset(UTF16)] */
-	int32_t dc_address_type;
+	enum netr_DsRGetDCNameInfo_AddressType dc_address_type;
 	struct GUID domain_guid;
 	const char *domain_name;/* [unique,charset(UTF16)] */
 	const char *forest_name;/* [unique,charset(UTF16)] */
@@ -636,11 +692,6 @@ struct netr_DsRGetDCNameInfo {
 	const char *client_site_name;/* [unique,charset(UTF16)] */
 };
 
-struct netr_Blob {
-	uint32_t length;
-	uint8_t *data;/* [unique,size_is(length)] */
-};
-
 struct netr_BinaryString {
 	uint16_t length;
 	uint16_t size;
@@ -692,6 +743,16 @@ struct netr_CryptPassword {
 	uint32_t length;
 }/* [flag(LIBNDR_PRINT_ARRAY_HEX)] */;
 
+struct netr_DsRAddressToSitenamesWCtr {
+	uint32_t count;
+	struct lsa_String *sitename;/* [unique,size_is(count)] */
+};
+
+struct netr_DsRAddress {
+	uint8_t *buffer;/* [unique,size_is(size)] */
+	uint32_t size;
+};
+
 /* bitmap netr_TrustFlags */
 #define NETR_TRUST_FLAG_IN_FOREST ( 0x00000001 )
 #define NETR_TRUST_FLAG_OUTBOUND ( 0x00000002 )
@@ -700,8 +761,6 @@ struct netr_CryptPassword {
 #define NETR_TRUST_FLAG_NATIVE ( 0x00000010 )
 #define NETR_TRUST_FLAG_INBOUND ( 0x00000020 )
 
-;
-
 enum netr_TrustType
 #ifndef USE_UINT_ENUMS
  {
@@ -728,8 +787,6 @@ enum netr_TrustType
 #define NETR_TRUST_ATTRIBUTE_WITHIN_FOREST ( 0x00000020 )
 #define NETR_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL ( 0x00000040 )
 
-;
-
 struct netr_DomainTrust {
 	const char *netbios_name;/* [unique,charset(UTF16)] */
 	const char *dns_name;/* [unique,charset(UTF16)] */
@@ -741,6 +798,22 @@ struct netr_DomainTrust {
 	struct GUID guid;
 };
 
+struct netr_DomainTrustList {
+	uint32_t count;
+	struct netr_DomainTrust *array;/* [unique,size_is(count)] */
+};
+
+struct netr_DsRAddressToSitenamesExWCtr {
+	uint32_t count;
+	struct lsa_String *sitename;/* [unique,size_is(count)] */
+	struct lsa_String *subnetname;/* [unique,size_is(count)] */
+};
+
+struct DcSitesCtr {
+	uint32_t num_sites;
+	struct lsa_String *sites;/* [unique,size_is(num_sites)] */
+};
+
 
 struct netr_LogonUasLogon {
 	struct {
@@ -750,7 +823,7 @@ struct netr_LogonUasLogon {
 	} in;
 
 	struct {
-		struct netr_UasInfo *info;/* [unique] */
+		struct netr_UasInfo *info;/* [ref] */
 		WERROR result;
 	} out;
 
@@ -778,7 +851,7 @@ struct netr_LogonSamLogon {
 		const char *computer_name;/* [unique,charset(UTF16)] */
 		struct netr_Authenticator *credential;/* [unique] */
 		uint16_t logon_level;
-		union netr_LogonLevel logon;/* [switch_is(logon_level)] */
+		union netr_LogonLevel *logon;/* [ref,switch_is(logon_level)] */
 		uint16_t validation_level;
 		struct netr_Authenticator *return_authenticator;/* [unique] */
 	} in;
@@ -819,7 +892,7 @@ struct netr_ServerReqChallenge {
 	} in;
 
 	struct {
-		struct netr_Credential *credentials;/* [ref] */
+		struct netr_Credential *return_credentials;/* [ref] */
 		NTSTATUS result;
 	} out;
 
@@ -836,7 +909,7 @@ struct netr_ServerAuthenticate {
 	} in;
 
 	struct {
-		struct netr_Credential *credentials;/* [ref] */
+		struct netr_Credential *return_credentials;/* [ref] */
 		NTSTATUS result;
 	} out;
 
@@ -849,8 +922,8 @@ struct netr_ServerPasswordSet {
 		const char *account_name;/* [charset(UTF16)] */
 		enum netr_SchannelType secure_channel_type;
 		const char *computer_name;/* [charset(UTF16)] */
-		struct netr_Authenticator credential;
-		struct samr_Password new_password;
+		struct netr_Authenticator *credential;/* [ref] */
+		struct samr_Password *new_password;/* [ref] */
 	} in;
 
 	struct {
@@ -865,7 +938,7 @@ struct netr_DatabaseDeltas {
 	struct {
 		const char *logon_server;/* [charset(UTF16)] */
 		const char *computername;/* [charset(UTF16)] */
-		struct netr_Authenticator credential;
+		struct netr_Authenticator *credential;/* [ref] */
 		enum netr_SamDatabaseID database_id;
 		uint32_t preferredmaximumlength;
 		struct netr_Authenticator *return_authenticator;/* [ref] */
@@ -873,7 +946,7 @@ struct netr_DatabaseDeltas {
 	} in;
 
 	struct {
-		struct netr_DELTA_ENUM_ARRAY *delta_enum_array;/* [unique] */
+		struct netr_DELTA_ENUM_ARRAY **delta_enum_array;/* [ref] */
 		struct netr_Authenticator *return_authenticator;/* [ref] */
 		uint64_t *sequence_num;/* [ref] */
 		NTSTATUS result;
@@ -894,7 +967,7 @@ struct netr_DatabaseSync {
 	} in;
 
 	struct {
-		struct netr_DELTA_ENUM_ARRAY *delta_enum_array;/* [unique] */
+		struct netr_DELTA_ENUM_ARRAY *delta_enum_array;/* [ref] */
 		struct netr_Authenticator *return_authenticator;/* [ref] */
 		uint32_t *sync_context;/* [ref] */
 		NTSTATUS result;
@@ -960,7 +1033,7 @@ struct netr_GetDcName {
 
 	struct {
 		const char **dcname;/* [ref,charset(UTF16)] */
-		NTSTATUS result;
+		WERROR result;
 	} out;
 
 };
@@ -1000,7 +1073,7 @@ struct netr_LogonControl2 {
 		const char *logon_server;/* [unique,charset(UTF16)] */
 		uint32_t function_code;
 		uint32_t level;
-		union netr_CONTROL_DATA_INFORMATION data;/* [switch_is(function_code)] */
+		union netr_CONTROL_DATA_INFORMATION *data;/* [ref,switch_is(function_code)] */
 	} in;
 
 	struct {
@@ -1022,7 +1095,7 @@ struct netr_ServerAuthenticate2 {
 	} in;
 
 	struct {
-		struct netr_Credential *credentials;/* [ref] */
+		struct netr_Credential *return_credentials;/* [ref] */
 		uint32_t *negotiate_flags;/* [ref] */
 		NTSTATUS result;
 	} out;
@@ -1034,7 +1107,7 @@ struct netr_DatabaseSync2 {
 	struct {
 		const char *logon_server;/* [charset(UTF16)] */
 		const char *computername;/* [charset(UTF16)] */
-		struct netr_Authenticator credential;
+		struct netr_Authenticator *credential;/* [ref] */
 		enum netr_SamDatabaseID database_id;
 		uint16_t restart_state;
 		uint32_t preferredmaximumlength;
@@ -1043,7 +1116,7 @@ struct netr_DatabaseSync2 {
 	} in;
 
 	struct {
-		struct netr_DELTA_ENUM_ARRAY *delta_enum_array;/* [unique] */
+		struct netr_DELTA_ENUM_ARRAY **delta_enum_array;/* [ref] */
 		struct netr_Authenticator *return_authenticator;/* [ref] */
 		uint32_t *sync_context;/* [ref] */
 		NTSTATUS result;
@@ -1063,7 +1136,7 @@ struct netr_DatabaseRedo {
 	} in;
 
 	struct {
-		struct netr_DELTA_ENUM_ARRAY *delta_enum_array;/* [unique] */
+		struct netr_DELTA_ENUM_ARRAY *delta_enum_array;/* [ref] */
 		struct netr_Authenticator *return_authenticator;/* [ref] */
 		NTSTATUS result;
 	} out;
@@ -1087,8 +1160,13 @@ struct netr_LogonControl2Ex {
 };
 
 
-struct netr_NETRENUMERATETRUSTEDDOMAINS {
+struct netr_NetrEnumerateTrustedDomains {
 	struct {
+		const char *server_name;/* [unique,charset(UTF16)] */
+	} in;
+
+	struct {
+		struct netr_Blob *trusted_domains_blob;/* [ref] */
 		WERROR result;
 	} out;
 
@@ -1105,7 +1183,7 @@ struct netr_DsRGetDCName {
 	} in;
 
 	struct {
-		struct netr_DsRGetDCNameInfo *info;/* [unique] */
+		struct netr_DsRGetDCNameInfo **info;/* [ref] */
 		WERROR result;
 	} out;
 
@@ -1128,8 +1206,14 @@ struct netr_NETRLOGONSETSERVICEBITS {
 };
 
 
-struct netr_NETRLOGONGETTRUSTRID {
+struct netr_LogonGetTrustRid {
 	struct {
+		const char *server_name;/* [unique,charset(UTF16)] */
+		const char *domain_name;/* [unique,charset(UTF16)] */
+	} in;
+
+	struct {
+		uint32_t *rid;/* [ref] */
 		WERROR result;
 	} out;
 
@@ -1182,7 +1266,7 @@ struct netr_DsRGetDCNameEx {
 	} in;
 
 	struct {
-		struct netr_DsRGetDCNameInfo *info;/* [unique] */
+		struct netr_DsRGetDCNameInfo **info;/* [ref] */
 		WERROR result;
 	} out;
 
@@ -1239,8 +1323,18 @@ struct netr_ServerPasswordSet2 {
 };
 
 
-struct netr_NETRSERVERPASSWORDGET {
+struct netr_ServerPasswordGet {
 	struct {
+		const char *server_name;/* [unique,charset(UTF16)] */
+		const char *account_name;/* [charset(UTF16)] */
+		enum netr_SchannelType secure_channel_type;
+		const char *computer_name;/* [charset(UTF16)] */
+		struct netr_Authenticator *credential;/* [ref] */
+	} in;
+
+	struct {
+		struct netr_Authenticator *return_authenticator;/* [ref] */
+		struct samr_Password *password;/* [ref] */
 		WERROR result;
 	} out;
 
@@ -1255,8 +1349,15 @@ struct netr_NETRLOGONSENDTOSAM {
 };
 
 
-struct netr_DSRADDRESSTOSITENAMESW {
+struct netr_DsRAddressToSitenamesW {
+	struct {
+		const char *server_name;/* [unique,charset(UTF16)] */
+		uint32_t count;/* [range(0,32000)] */
+		struct netr_DsRAddress *addresses;/* [ref,size_is(count)] */
+	} in;
+
 	struct {
+		struct netr_DsRAddressToSitenamesWCtr **ctr;/* [ref] */
 		WERROR result;
 	} out;
 
@@ -1275,7 +1376,7 @@ struct netr_DsRGetDCNameEx2 {
 	} in;
 
 	struct {
-		struct netr_DsRGetDCNameInfo *info;/* [unique] */
+		struct netr_DsRGetDCNameInfo **info;/* [ref] */
 		WERROR result;
 	} out;
 
@@ -1290,24 +1391,41 @@ struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN {
 };
 
 
-struct netr_NETRENUMERATETRUSTEDDOMAINSEX {
+struct netr_NetrEnumerateTrustedDomainsEx {
+	struct {
+		const char *server_name;/* [unique,charset(UTF16)] */
+	} in;
+
 	struct {
+		struct netr_DomainTrustList *dom_trust_list;/* [ref] */
 		WERROR result;
 	} out;
 
 };
 
 
-struct netr_DSRADDRESSTOSITENAMESEXW {
+struct netr_DsRAddressToSitenamesExW {
 	struct {
+		const char *server_name;/* [unique,charset(UTF16)] */
+		uint32_t count;/* [range(0,32000)] */
+		struct netr_DsRAddress *addresses;/* [ref,size_is(count)] */
+	} in;
+
+	struct {
+		struct netr_DsRAddressToSitenamesExWCtr **ctr;/* [ref] */
 		WERROR result;
 	} out;
 
 };
 
 
-struct netr_DSRGETDCSITECOVERAGEW {
+struct netr_DsrGetDcSiteCoverageW {
+	struct {
+		const char *server_name;/* [unique,charset(UTF16)] */
+	} in;
+
 	struct {
+		struct DcSitesCtr *ctr;/* [ref] */
 		WERROR result;
 	} out;
 
@@ -1319,7 +1437,7 @@ struct netr_LogonSamLogonEx {
 		const char *server_name;/* [unique,charset(UTF16)] */
 		const char *computer_name;/* [unique,charset(UTF16)] */
 		uint16_t logon_level;
-		union netr_LogonLevel logon;/* [switch_is(logon_level)] */
+		union netr_LogonLevel *logon;/* [ref,switch_is(logon_level)] */
 		uint16_t validation_level;
 		uint32_t *flags;/* [ref] */
 	} in;
@@ -1341,15 +1459,22 @@ struct netr_DsrEnumerateDomainTrusts {
 	} in;
 
 	struct {
-		uint32_t *count;/* [ref] */
-		struct netr_DomainTrust **trusts;/* [ref,size_is(count)] */
+		struct netr_DomainTrustList *trusts;/* [ref] */
 		WERROR result;
 	} out;
 
 };
 
 
-struct netr_DSRDEREGISTERDNSHOSTRECORDS {
+struct netr_DsrDeregisterDNSHostRecords {
+	struct {
+		const char *server_name;/* [unique,charset(UTF16)] */
+		const char *domain;/* [unique,charset(UTF16)] */
+		struct GUID *domain_guid;/* [unique] */
+		struct GUID *dsa_guid;/* [unique] */
+		const char *dns_host;/* [ref,charset(UTF16)] */
+	} in;
+
 	struct {
 		WERROR result;
 	} out;
@@ -1357,24 +1482,51 @@ struct netr_DSRDEREGISTERDNSHOSTRECORDS {
 };
 
 
-struct netr_NETRSERVERTRUSTPASSWORDSGET {
+struct netr_ServerTrustPasswordsGet {
 	struct {
-		WERROR result;
+		const char *server_name;/* [unique,charset(UTF16)] */
+		const char *account_name;/* [charset(UTF16)] */
+		enum netr_SchannelType secure_channel_type;
+		const char *computer_name;/* [charset(UTF16)] */
+		struct netr_Authenticator *credential;/* [ref] */
+	} in;
+
+	struct {
+		struct netr_Authenticator *return_authenticator;/* [ref] */
+		struct samr_Password *password;/* [ref] */
+		struct samr_Password *password2;/* [ref] */
+		NTSTATUS result;
 	} out;
 
 };
 
 
-struct netr_DSRGETFORESTTRUSTINFORMATION {
+struct netr_DsRGetForestTrustInformation {
+	struct {
+		const char *server_name;/* [unique,charset(UTF16)] */
+		const char *trusted_domain_name;/* [unique,charset(UTF16)] */
+		uint32_t flags;
+	} in;
+
 	struct {
+		struct lsa_ForestTrustInformation **forest_trust_info;/* [ref] */
 		WERROR result;
 	} out;
 
 };
 
 
-struct netr_NETRGETFORESTTRUSTINFORMATION {
+struct netr_GetForestTrustInformation {
 	struct {
+		const char *server_name;/* [unique,charset(UTF16)] */
+		const char *trusted_domain_name;/* [ref,charset(UTF16)] */
+		struct netr_Authenticator *credential;/* [ref] */
+		uint32_t flags;
+	} in;
+
+	struct {
+		struct netr_Authenticator *return_authenticator;/* [ref] */
+		struct lsa_ForestTrustInformation **forest_trust_info;/* [ref] */
 		WERROR result;
 	} out;
 
diff --git a/source3/librpc/gen_ndr/ntsvcs.h b/source3/librpc/gen_ndr/ntsvcs.h
new file mode 100644
index 0000000000..9cdfa656b4
--- /dev/null
+++ b/source3/librpc/gen_ndr/ntsvcs.h
@@ -0,0 +1,568 @@
+/* header auto-generated by pidl */
+
+#include <stdint.h>
+
+#ifndef _HEADER_ntsvcs
+#define _HEADER_ntsvcs
+
+struct PNP_HwProfInfo {
+	uint32_t unknown1;
+	uint16_t unknown2[160];
+	uint32_t unknown3;
+};
+
+
+struct PNP_Disconnect {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_Connect {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetVersion {
+	struct {
+		uint16_t *version;/* [ref] */
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetGlobalState {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_InitDetection {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_ReportLogOn {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_ValidateDeviceInstance {
+	struct {
+		const char *devicepath;/* [ref,charset(UTF16)] */
+		uint32_t flags;
+	} in;
+
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetRootDeviceInstance {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetRelatedDeviceInstance {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_EnumerateSubKeys {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetDeviceList {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetDeviceListSize {
+	struct {
+		const char *devicename;/* [unique,charset(UTF16)] */
+		uint32_t flags;
+	} in;
+
+	struct {
+		uint32_t *size;/* [ref] */
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetDepth {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetDeviceRegProp {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_SetDeviceRegProp {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetClassInstance {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_CreateKey {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_DeleteRegistryKey {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetClassCount {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetClassName {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_DeleteClassKey {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetInterfaceDeviceAlias {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetInterfaceDeviceList {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetInterfaceDeviceListSize {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_RegisterDeviceClassAssociation {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_UnregisterDeviceClassAssociation {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetClassRegProp {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_SetClassRegProp {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_CreateDevInst {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_DeviceInstanceAction {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetDeviceStatus {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_SetDeviceProblem {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_DisableDevInst {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_UninstallDevInst {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_AddID {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_RegisterDriver {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_QueryRemove {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_RequestDeviceEject {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_IsDockStationPresent {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_RequestEjectPC {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_HwProfFlags {
+	struct {
+		uint32_t unknown1;
+		const char *devicepath;/* [ref,charset(UTF16)] */
+		uint32_t unknown2;
+		const char *unknown5;/* [unique,charset(UTF16)] */
+		uint32_t unknown6;
+		uint32_t unknown7;
+		uint32_t *unknown3;/* [ref] */
+		uint16_t *unknown4;/* [unique] */
+	} in;
+
+	struct {
+		const char **unknown5a;/* [unique,charset(UTF16)] */
+		uint32_t *unknown3;/* [ref] */
+		uint16_t *unknown4;/* [unique] */
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetHwProfInfo {
+	struct {
+		uint32_t idx;
+		uint32_t unknown1;
+		uint32_t unknown2;
+		struct PNP_HwProfInfo *info;/* [ref] */
+	} in;
+
+	struct {
+		struct PNP_HwProfInfo *info;/* [ref] */
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_AddEmptyLogConf {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_FreeLogConf {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetFirstLogConf {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetNextLogConf {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetLogConfPriority {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_AddResDes {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_FreeResDes {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetNextResDes {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetResDesData {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetResDesDataSize {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_ModifyResDes {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_DetectResourceLimit {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_QueryResConfList {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_SetHwProf {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_QueryArbitratorFreeData {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_QueryArbitratorFreeSize {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_RunDetection {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_RegisterNotification {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_UnregisterNotification {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetCustomDevProp {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetVersionInternal {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetBlockedDriverInfo {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+
+struct PNP_GetServerSideDeviceInstallFlags {
+	struct {
+		WERROR result;
+	} out;
+
+};
+
+#endif /* _HEADER_ntsvcs */
diff --git a/source3/librpc/gen_ndr/samr.h b/source3/librpc/gen_ndr/samr.h
new file mode 100644
index 0000000000..c0e2d9d9a9
--- /dev/null
+++ b/source3/librpc/gen_ndr/samr.h
@@ -0,0 +1,1759 @@
+/* header auto-generated by pidl */
+
+#include <stdint.h>
+
+#include "librpc/gen_ndr/misc.h"
+#include "librpc/gen_ndr/lsa.h"
+#include "librpc/gen_ndr/security.h"
+#ifndef _HEADER_samr
+#define _HEADER_samr
+
+#define MAX_SAM_ENTRIES_W2K	( 0x400 )
+#define MAX_SAM_ENTRIES_W95	( 50 )
+#define SAMR_ENUM_USERS_MULTIPLIER	( 54 )
+#define PASS_MUST_CHANGE_AT_NEXT_LOGON	( 0x01 )
+#define PASS_DONT_CHANGE_AT_NEXT_LOGON	( 0x00 )
+/* bitmap samr_AcctFlags */
+#define ACB_DISABLED ( 0x00000001 )
+#define ACB_HOMDIRREQ ( 0x00000002 )
+#define ACB_PWNOTREQ ( 0x00000004 )
+#define ACB_TEMPDUP ( 0x00000008 )
+#define ACB_NORMAL ( 0x00000010 )
+#define ACB_MNS ( 0x00000020 )
+#define ACB_DOMTRUST ( 0x00000040 )
+#define ACB_WSTRUST ( 0x00000080 )
+#define ACB_SVRTRUST ( 0x00000100 )
+#define ACB_PWNOEXP ( 0x00000200 )
+#define ACB_AUTOLOCK ( 0x00000400 )
+#define ACB_ENC_TXT_PWD_ALLOWED ( 0x00000800 )
+#define ACB_SMARTCARD_REQUIRED ( 0x00001000 )
+#define ACB_TRUSTED_FOR_DELEGATION ( 0x00002000 )
+#define ACB_NOT_DELEGATED ( 0x00004000 )
+#define ACB_USE_DES_KEY_ONLY ( 0x00008000 )
+#define ACB_DONT_REQUIRE_PREAUTH ( 0x00010000 )
+#define ACB_PW_EXPIRED ( 0x00020000 )
+#define ACB_NO_AUTH_DATA_REQD ( 0x00080000 )
+
+/* bitmap samr_ConnectAccessMask */
+#define SAMR_ACCESS_CONNECT_TO_SERVER ( 0x00000001 )
+#define SAMR_ACCESS_SHUTDOWN_SERVER ( 0x00000002 )
+#define SAMR_ACCESS_INITIALIZE_SERVER ( 0x00000004 )
+#define SAMR_ACCESS_CREATE_DOMAIN ( 0x00000008 )
+#define SAMR_ACCESS_ENUM_DOMAINS ( 0x00000010 )
+#define SAMR_ACCESS_OPEN_DOMAIN ( 0x00000020 )
+
+/* bitmap samr_UserAccessMask */
+#define SAMR_USER_ACCESS_GET_NAME_ETC ( 0x00000001 )
+#define SAMR_USER_ACCESS_GET_LOCALE ( 0x00000002 )
+#define SAMR_USER_ACCESS_SET_LOC_COM ( 0x00000004 )
+#define SAMR_USER_ACCESS_GET_LOGONINFO ( 0x00000008 )
+#define SAMR_USER_ACCESS_GET_ATTRIBUTES ( 0x00000010 )
+#define SAMR_USER_ACCESS_SET_ATTRIBUTES ( 0x00000020 )
+#define SAMR_USER_ACCESS_CHANGE_PASSWORD ( 0x00000040 )
+#define SAMR_USER_ACCESS_SET_PASSWORD ( 0x00000080 )
+#define SAMR_USER_ACCESS_GET_GROUPS ( 0x00000100 )
+#define SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP ( 0x00000200 )
+#define SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP ( 0x00000400 )
+
+/* bitmap samr_DomainAccessMask */
+#define SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 ( 0x00000001 )
+#define SAMR_DOMAIN_ACCESS_SET_INFO_1 ( 0x00000002 )
+#define SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 ( 0x00000004 )
+#define SAMR_DOMAIN_ACCESS_SET_INFO_2 ( 0x00000008 )
+#define SAMR_DOMAIN_ACCESS_CREATE_USER ( 0x00000010 )
+#define SAMR_DOMAIN_ACCESS_CREATE_GROUP ( 0x00000020 )
+#define SAMR_DOMAIN_ACCESS_CREATE_ALIAS ( 0x00000040 )
+#define SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS ( 0x00000080 )
+#define SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS ( 0x00000100 )
+#define SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT ( 0x00000200 )
+#define SAMR_DOMAIN_ACCESS_SET_INFO_3 ( 0x00000400 )
+
+/* bitmap samr_GroupAccessMask */
+#define SAMR_GROUP_ACCESS_LOOKUP_INFO ( 0x00000001 )
+#define SAMR_GROUP_ACCESS_SET_INFO ( 0x00000002 )
+#define SAMR_GROUP_ACCESS_ADD_MEMBER ( 0x00000004 )
+#define SAMR_GROUP_ACCESS_REMOVE_MEMBER ( 0x00000008 )
+#define SAMR_GROUP_ACCESS_GET_MEMBERS ( 0x00000010 )
+
+/* bitmap samr_AliasAccessMask */
+#define SAMR_ALIAS_ACCESS_ADD_MEMBER ( 0x00000001 )
+#define SAMR_ALIAS_ACCESS_REMOVE_MEMBER ( 0x00000002 )
+#define SAMR_ALIAS_ACCESS_GET_MEMBERS ( 0x00000004 )
+#define SAMR_ALIAS_ACCESS_LOOKUP_INFO ( 0x00000008 )
+#define SAMR_ALIAS_ACCESS_SET_INFO ( 0x00000010 )
+
+struct samr_SamEntry {
+	uint32_t idx;
+	struct lsa_String name;
+};
+
+struct samr_SamArray {
+	uint32_t count;
+	struct samr_SamEntry *entries;/* [unique,size_is(count)] */
+};
+
+enum samr_Role
+#ifndef USE_UINT_ENUMS
+ {
+	SAMR_ROLE_STANDALONE=0,
+	SAMR_ROLE_DOMAIN_MEMBER=1,
+	SAMR_ROLE_DOMAIN_BDC=2,
+	SAMR_ROLE_DOMAIN_PDC=3
+}
+#else
+ { __donnot_use_enum_samr_Role=0x7FFFFFFF}
+#define SAMR_ROLE_STANDALONE ( 0 )
+#define SAMR_ROLE_DOMAIN_MEMBER ( 1 )
+#define SAMR_ROLE_DOMAIN_BDC ( 2 )
+#define SAMR_ROLE_DOMAIN_PDC ( 3 )
+#endif
+;
+
+/* bitmap samr_PasswordProperties */
+#define DOMAIN_PASSWORD_COMPLEX ( 0x00000001 )
+#define DOMAIN_PASSWORD_NO_ANON_CHANGE ( 0x00000002 )
+#define DOMAIN_PASSWORD_NO_CLEAR_CHANGE ( 0x00000004 )
+#define DOMAIN_PASSWORD_LOCKOUT_ADMINS ( 0x00000008 )
+#define DOMAIN_PASSWORD_STORE_CLEARTEXT ( 0x00000010 )
+#define DOMAIN_REFUSE_PASSWORD_CHANGE ( 0x00000020 )
+
+struct samr_DomInfo1 {
+	uint16_t min_password_length;
+	uint16_t password_history_length;
+	uint32_t password_properties;
+	int64_t max_password_age;
+	int64_t min_password_age;
+};
+
+struct samr_DomInfo2 {
+	NTTIME force_logoff_time;
+	struct lsa_String comment;
+	struct lsa_String domain_name;
+	struct lsa_String primary;
+	uint64_t sequence_num;
+	uint32_t unknown2;
+	enum samr_Role role;
+	uint32_t unknown3;
+	uint32_t num_users;
+	uint32_t num_groups;
+	uint32_t num_aliases;
+};
+
+struct samr_DomInfo3 {
+	NTTIME force_logoff_time;
+};
+
+struct samr_DomInfo4 {
+	struct lsa_String comment;
+};
+
+struct samr_DomInfo5 {
+	struct lsa_String domain_name;
+};
+
+struct samr_DomInfo6 {
+	struct lsa_String primary;
+};
+
+struct samr_DomInfo7 {
+	enum samr_Role role;
+};
+
+struct samr_DomInfo8 {
+	uint64_t sequence_num;
+	NTTIME domain_create_time;
+};
+
+struct samr_DomInfo9 {
+	uint32_t unknown;
+};
+
+struct samr_DomInfo11 {
+	struct samr_DomInfo2 info2;
+	uint64_t lockout_duration;
+	uint64_t lockout_window;
+	uint16_t lockout_threshold;
+};
+
+struct samr_DomInfo12 {
+	uint64_t lockout_duration;
+	uint64_t lockout_window;
+	uint16_t lockout_threshold;
+};
+
+struct samr_DomInfo13 {
+	uint64_t sequence_num;
+	NTTIME domain_create_time;
+	uint32_t unknown1;
+	uint32_t unknown2;
+};
+
+union samr_DomainInfo {
+	struct samr_DomInfo1 info1;/* [case] */
+	struct samr_DomInfo2 info2;/* [case(2)] */
+	struct samr_DomInfo3 info3;/* [case(3)] */
+	struct samr_DomInfo4 info4;/* [case(4)] */
+	struct samr_DomInfo5 info5;/* [case(5)] */
+	struct samr_DomInfo6 info6;/* [case(6)] */
+	struct samr_DomInfo7 info7;/* [case(7)] */
+	struct samr_DomInfo8 info8;/* [case(8)] */
+	struct samr_DomInfo9 info9;/* [case(9)] */
+	struct samr_DomInfo11 info11;/* [case(11)] */
+	struct samr_DomInfo12 info12;/* [case(12)] */
+	struct samr_DomInfo13 info13;/* [case(13)] */
+}/* [switch_type(uint16)] */;
+
+struct samr_Ids {
+	uint32_t count;/* [range(0,1024)] */
+	uint32_t *ids;/* [unique,size_is(count)] */
+};
+
+/* bitmap samr_GroupAttrs */
+#define SE_GROUP_MANDATORY ( 0x00000001 )
+#define SE_GROUP_ENABLED_BY_DEFAULT ( 0x00000002 )
+#define SE_GROUP_ENABLED ( 0x00000004 )
+#define SE_GROUP_OWNER ( 0x00000008 )
+#define SE_GROUP_USE_FOR_DENY_ONLY ( 0x00000010 )
+#define SE_GROUP_RESOURCE ( 0x20000000 )
+#define SE_GROUP_LOGON_ID ( 0xC0000000 )
+
+struct samr_GroupInfoAll {
+	struct lsa_String name;
+	uint32_t attributes;
+	uint32_t num_members;
+	struct lsa_String description;
+};
+
+struct samr_GroupInfoAttributes {
+	uint32_t attributes;
+};
+
+struct samr_GroupInfoDescription {
+	struct lsa_String description;
+};
+
+enum samr_GroupInfoEnum
+#ifndef USE_UINT_ENUMS
+ {
+	GROUPINFOALL=1,
+	GROUPINFONAME=2,
+	GROUPINFOATTRIBUTES=3,
+	GROUPINFODESCRIPTION=4,
+	GROUPINFOALL2=5
+}
+#else
+ { __donnot_use_enum_samr_GroupInfoEnum=0x7FFFFFFF}
+#define GROUPINFOALL ( 1 )
+#define GROUPINFONAME ( 2 )
+#define GROUPINFOATTRIBUTES ( 3 )
+#define GROUPINFODESCRIPTION ( 4 )
+#define GROUPINFOALL2 ( 5 )
+#endif
+;
+
+union samr_GroupInfo {
+	struct samr_GroupInfoAll all;/* [case(GROUPINFOALL)] */
+	struct lsa_String name;/* [case(GROUPINFONAME)] */
+	struct samr_GroupInfoAttributes attributes;/* [case(GROUPINFOATTRIBUTES)] */
+	struct lsa_String description;/* [case(GROUPINFODESCRIPTION)] */
+	struct samr_GroupInfoAll all2;/* [case(GROUPINFOALL2)] */
+}/* [switch_type(samr_GroupInfoEnum)] */;
+
+struct samr_RidTypeArray {
+	uint32_t count;
+	uint32_t *rids;/* [unique,size_is(count)] */
+	uint32_t *types;/* [unique,size_is(count)] */
+};
+
+struct samr_AliasInfoAll {
+	struct lsa_String name;
+	uint32_t num_members;
+	struct lsa_String description;
+};
+
+enum samr_AliasInfoEnum
+#ifndef USE_UINT_ENUMS
+ {
+	ALIASINFOALL=1,
+	ALIASINFONAME=2,
+	ALIASINFODESCRIPTION=3
+}
+#else
+ { __donnot_use_enum_samr_AliasInfoEnum=0x7FFFFFFF}
+#define ALIASINFOALL ( 1 )
+#define ALIASINFONAME ( 2 )
+#define ALIASINFODESCRIPTION ( 3 )
+#endif
+;
+
+union samr_AliasInfo {
+	struct samr_AliasInfoAll all;/* [case(ALIASINFOALL)] */
+	struct lsa_String name;/* [case(ALIASINFONAME)] */
+	struct lsa_String description;/* [case(ALIASINFODESCRIPTION)] */
+}/* [switch_type(samr_AliasInfoEnum)] */;
+
+struct samr_UserInfo1 {
+	struct lsa_String account_name;
+	struct lsa_String full_name;
+	uint32_t primary_gid;
+	struct lsa_String description;
+	struct lsa_String comment;
+};
+
+struct samr_UserInfo2 {
+	struct lsa_String comment;
+	struct lsa_String unknown;
+	uint16_t country_code;
+	uint16_t code_page;
+};
+
+struct samr_LogonHours {
+	uint16_t units_per_week;
+	uint8_t *bits;/* [unique,length_is(units_per_week/8),size_is(1260)] */
+}/* [public,flag(LIBNDR_PRINT_ARRAY_HEX)] */;
+
+struct samr_UserInfo3 {
+	struct lsa_String account_name;
+	struct lsa_String full_name;
+	uint32_t rid;
+	uint32_t primary_gid;
+	struct lsa_String home_directory;
+	struct lsa_String home_drive;
+	struct lsa_String logon_script;
+	struct lsa_String profile_path;
+	struct lsa_String workstations;
+	NTTIME last_logon;
+	NTTIME last_logoff;
+	NTTIME last_password_change;
+	NTTIME allow_password_change;
+	NTTIME force_password_change;
+	struct samr_LogonHours logon_hours;
+	uint16_t bad_password_count;
+	uint16_t logon_count;
+	uint32_t acct_flags;
+};
+
+struct samr_UserInfo4 {
+	struct samr_LogonHours logon_hours;
+};
+
+struct samr_UserInfo5 {
+	struct lsa_String account_name;
+	struct lsa_String full_name;
+	uint32_t rid;
+	uint32_t primary_gid;
+	struct lsa_String home_directory;
+	struct lsa_String home_drive;
+	struct lsa_String logon_script;
+	struct lsa_String profile_path;
+	struct lsa_String description;
+	struct lsa_String workstations;
+	NTTIME last_logon;
+	NTTIME last_logoff;
+	struct samr_LogonHours logon_hours;
+	uint16_t bad_password_count;
+	uint16_t logon_count;
+	NTTIME last_password_change;
+	NTTIME acct_expiry;
+	uint32_t acct_flags;
+};
+
+struct samr_UserInfo6 {
+	struct lsa_String account_name;
+	struct lsa_String full_name;
+};
+
+struct samr_UserInfo7 {
+	struct lsa_String account_name;
+};
+
+struct samr_UserInfo8 {
+	struct lsa_String full_name;
+};
+
+struct samr_UserInfo9 {
+	uint32_t primary_gid;
+};
+
+struct samr_UserInfo10 {
+	struct lsa_String home_directory;
+	struct lsa_String home_drive;
+};
+
+struct samr_UserInfo11 {
+	struct lsa_String logon_script;
+};
+
+struct samr_UserInfo12 {
+	struct lsa_String profile_path;
+};
+
+struct samr_UserInfo13 {
+	struct lsa_String description;
+};
+
+struct samr_UserInfo14 {
+	struct lsa_String workstations;
+};
+
+struct samr_UserInfo16 {
+	uint32_t acct_flags;
+};
+
+struct samr_UserInfo17 {
+	NTTIME acct_expiry;
+};
+
+struct samr_Password {
+	uint8_t hash[16];
+}/* [public,flag(LIBNDR_PRINT_ARRAY_HEX)] */;
+
+struct samr_UserInfo18 {
+	struct samr_Password lm_pwd;
+	struct samr_Password nt_pwd;
+	uint8_t lm_pwd_active;
+	uint8_t nt_pwd_active;
+};
+
+struct samr_UserInfo20 {
+	struct lsa_String parameters;
+};
+
+/* bitmap samr_FieldsPresent */
+#define SAMR_FIELD_ACCOUNT_NAME ( 0x00000001 )
+#define SAMR_FIELD_FULL_NAME ( 0x00000002 )
+#define SAMR_FIELD_RID ( 0x00000004 )
+#define SAMR_FIELD_PRIMARY_GID ( 0x00000008 )
+#define SAMR_FIELD_DESCRIPTION ( 0x00000010 )
+#define SAMR_FIELD_COMMENT ( 0x00000020 )
+#define SAMR_FIELD_HOME_DIRECTORY ( 0x00000040 )
+#define SAMR_FIELD_HOME_DRIVE ( 0x00000080 )
+#define SAMR_FIELD_LOGON_SCRIPT ( 0x00000100 )
+#define SAMR_FIELD_PROFILE_PATH ( 0x00000200 )
+#define SAMR_FIELD_WORKSTATIONS ( 0x00000400 )
+#define SAMR_FIELD_LAST_LOGON ( 0x00000800 )
+#define SAMR_FIELD_LAST_LOGOFF ( 0x00001000 )
+#define SAMR_FIELD_LOGON_HOURS ( 0x00002000 )
+#define SAMR_FIELD_BAD_PWD_COUNT ( 0x00004000 )
+#define SAMR_FIELD_NUM_LOGONS ( 0x00008000 )
+#define SAMR_FIELD_ALLOW_PWD_CHANGE ( 0x00010000 )
+#define SAMR_FIELD_FORCE_PWD_CHANGE ( 0x00020000 )
+#define SAMR_FIELD_LAST_PWD_CHANGE ( 0x00040000 )
+#define SAMR_FIELD_ACCT_EXPIRY ( 0x00080000 )
+#define SAMR_FIELD_ACCT_FLAGS ( 0x00100000 )
+#define SAMR_FIELD_PARAMETERS ( 0x00200000 )
+#define SAMR_FIELD_COUNTRY_CODE ( 0x00400000 )
+#define SAMR_FIELD_CODE_PAGE ( 0x00800000 )
+#define SAMR_FIELD_PASSWORD ( 0x01000000 )
+#define SAMR_FIELD_PASSWORD2 ( 0x02000000 )
+#define SAMR_FIELD_PRIVATE_DATA ( 0x04000000 )
+#define SAMR_FIELD_EXPIRED_FLAG ( 0x08000000 )
+#define SAMR_FIELD_SEC_DESC ( 0x10000000 )
+#define SAMR_FIELD_OWF_PWD ( 0x20000000 )
+
+struct samr_UserInfo21 {
+	NTTIME last_logon;
+	NTTIME last_logoff;
+	NTTIME last_password_change;
+	NTTIME acct_expiry;
+	NTTIME allow_password_change;
+	NTTIME force_password_change;
+	struct lsa_String account_name;
+	struct lsa_String full_name;
+	struct lsa_String home_directory;
+	struct lsa_String home_drive;
+	struct lsa_String logon_script;
+	struct lsa_String profile_path;
+	struct lsa_String description;
+	struct lsa_String workstations;
+	struct lsa_String comment;
+	struct lsa_String parameters;
+	struct lsa_String unknown1;
+	struct lsa_String unknown2;
+	struct lsa_String unknown3;
+	uint32_t buf_count;
+	uint8_t *buffer;/* [unique,size_is(buf_count)] */
+	uint32_t rid;
+	uint32_t primary_gid;
+	uint32_t acct_flags;
+	uint32_t fields_present;
+	struct samr_LogonHours logon_hours;
+	uint16_t bad_password_count;
+	uint16_t logon_count;
+	uint16_t country_code;
+	uint16_t code_page;
+	uint8_t nt_password_set;
+	uint8_t lm_password_set;
+	uint8_t password_expired;
+	uint8_t unknown4;
+};
+
+struct samr_CryptPassword {
+	uint8_t data[516];
+}/* [public,flag(LIBNDR_PRINT_ARRAY_HEX)] */;
+
+struct samr_UserInfo23 {
+	struct samr_UserInfo21 info;
+	struct samr_CryptPassword password;
+};
+
+struct samr_UserInfo24 {
+	struct samr_CryptPassword password;
+	uint8_t pw_len;
+};
+
+struct samr_CryptPasswordEx {
+	uint8_t data[532];
+}/* [flag(LIBNDR_PRINT_ARRAY_HEX)] */;
+
+struct samr_UserInfo25 {
+	struct samr_UserInfo21 info;
+	struct samr_CryptPasswordEx password;
+};
+
+struct samr_UserInfo26 {
+	struct samr_CryptPasswordEx password;
+	uint8_t pw_len;
+};
+
+union samr_UserInfo {
+	struct samr_UserInfo1 info1;/* [case] */
+	struct samr_UserInfo2 info2;/* [case(2)] */
+	struct samr_UserInfo3 info3;/* [case(3)] */
+	struct samr_UserInfo4 info4;/* [case(4)] */
+	struct samr_UserInfo5 info5;/* [case(5)] */
+	struct samr_UserInfo6 info6;/* [case(6)] */
+	struct samr_UserInfo7 info7;/* [case(7)] */
+	struct samr_UserInfo8 info8;/* [case(8)] */
+	struct samr_UserInfo9 info9;/* [case(9)] */
+	struct samr_UserInfo10 info10;/* [case(10)] */
+	struct samr_UserInfo11 info11;/* [case(11)] */
+	struct samr_UserInfo12 info12;/* [case(12)] */
+	struct samr_UserInfo13 info13;/* [case(13)] */
+	struct samr_UserInfo14 info14;/* [case(14)] */
+	struct samr_UserInfo16 info16;/* [case(16)] */
+	struct samr_UserInfo17 info17;/* [case(17)] */
+	struct samr_UserInfo18 info18;/* [case(18)] */
+	struct samr_UserInfo20 info20;/* [case(20)] */
+	struct samr_UserInfo21 info21;/* [case(21)] */
+	struct samr_UserInfo23 info23;/* [case(23)] */
+	struct samr_UserInfo24 info24;/* [case(24)] */
+	struct samr_UserInfo25 info25;/* [case(25)] */
+	struct samr_UserInfo26 info26;/* [case(26)] */
+}/* [switch_type(uint16)] */;
+
+struct samr_RidWithAttribute {
+	uint32_t rid;
+	uint32_t attributes;
+}/* [public] */;
+
+struct samr_RidWithAttributeArray {
+	uint32_t count;
+	struct samr_RidWithAttribute *rids;/* [unique,size_is(count)] */
+}/* [public] */;
+
+struct samr_DispEntryGeneral {
+	uint32_t idx;
+	uint32_t rid;
+	uint32_t acct_flags;
+	struct lsa_String account_name;
+	struct lsa_String description;
+	struct lsa_String full_name;
+};
+
+struct samr_DispInfoGeneral {
+	uint32_t count;
+	struct samr_DispEntryGeneral *entries;/* [unique,size_is(count)] */
+};
+
+struct samr_DispEntryFull {
+	uint32_t idx;
+	uint32_t rid;
+	uint32_t acct_flags;
+	struct lsa_String account_name;
+	struct lsa_String description;
+};
+
+struct samr_DispInfoFull {
+	uint32_t count;
+	struct samr_DispEntryFull *entries;/* [unique,size_is(count)] */
+};
+
+struct samr_DispEntryFullGroup {
+	uint32_t idx;
+	uint32_t rid;
+	uint32_t acct_flags;
+	struct lsa_String account_name;
+	struct lsa_String description;
+};
+
+struct samr_DispInfoFullGroups {
+	uint32_t count;
+	struct samr_DispEntryFullGroup *entries;/* [unique,size_is(count)] */
+};
+
+struct samr_DispEntryAscii {
+	uint32_t idx;
+	struct lsa_AsciiStringLarge account_name;
+};
+
+struct samr_DispInfoAscii {
+	uint32_t count;
+	struct samr_DispEntryAscii *entries;/* [unique,size_is(count)] */
+};
+
+union samr_DispInfo {
+	struct samr_DispInfoGeneral info1;/* [case] */
+	struct samr_DispInfoFull info2;/* [case(2)] */
+	struct samr_DispInfoFullGroups info3;/* [case(3)] */
+	struct samr_DispInfoAscii info4;/* [case(4)] */
+	struct samr_DispInfoAscii info5;/* [case(5)] */
+}/* [switch_type(uint16)] */;
+
+struct samr_PwInfo {
+	uint16_t min_password_length;
+	uint32_t password_properties;
+};
+
+enum samr_ConnectVersion
+#ifndef USE_UINT_ENUMS
+ {
+	SAMR_CONNECT_PRE_W2K=1,
+	SAMR_CONNECT_W2K=2,
+	SAMR_CONNECT_AFTER_W2K=3
+}
+#else
+ { __donnot_use_enum_samr_ConnectVersion=0x7FFFFFFF}
+#define SAMR_CONNECT_PRE_W2K ( 1 )
+#define SAMR_CONNECT_W2K ( 2 )
+#define SAMR_CONNECT_AFTER_W2K ( 3 )
+#endif
+;
+
+enum samr_RejectReason;
+
+struct samr_ChangeReject {
+	enum samr_RejectReason reason;
+	uint32_t unknown1;
+	uint32_t unknown2;
+};
+
+struct samr_ConnectInfo1 {
+	enum samr_ConnectVersion client_version;
+	uint32_t unknown2;
+};
+
+union samr_ConnectInfo {
+	struct samr_ConnectInfo1 info1;/* [case] */
+};
+
+/* bitmap samr_ValidateFieldsPresent */
+#define SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET ( 0x00000001 )
+#define SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME ( 0x00000002 )
+#define SAMR_VALIDATE_FIELD_LOCKOUT_TIME ( 0x00000004 )
+#define SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT ( 0x00000008 )
+#define SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH ( 0x00000010 )
+#define SAMR_VALIDATE_FIELD_PASSWORD_HISTORY ( 0x00000020 )
+
+enum samr_ValidatePasswordLevel
+#ifndef USE_UINT_ENUMS
+ {
+	NetValidateAuthentication=1,
+	NetValidatePasswordChange=2,
+	NetValidatePasswordReset=3
+}
+#else
+ { __donnot_use_enum_samr_ValidatePasswordLevel=0x7FFFFFFF}
+#define NetValidateAuthentication ( 1 )
+#define NetValidatePasswordChange ( 2 )
+#define NetValidatePasswordReset ( 3 )
+#endif
+;
+
+enum samr_ValidationStatus
+#ifndef USE_UINT_ENUMS
+ {
+	SAMR_VALIDATION_STATUS_SUCCESS=0,
+	SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE=1,
+	SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT=2,
+	SAMR_VALIDATION_STATUS_BAD_PASSWORD=4,
+	SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT=5,
+	SAMR_VALIDATION_STATUS_PWD_TOO_SHORT=6,
+	SAMR_VALIDATION_STATUS_PWD_TOO_LONG=7,
+	SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH=8,
+	SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT=9
+}
+#else
+ { __donnot_use_enum_samr_ValidationStatus=0x7FFFFFFF}
+#define SAMR_VALIDATION_STATUS_SUCCESS ( 0 )
+#define SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE ( 1 )
+#define SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT ( 2 )
+#define SAMR_VALIDATION_STATUS_BAD_PASSWORD ( 4 )
+#define SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT ( 5 )
+#define SAMR_VALIDATION_STATUS_PWD_TOO_SHORT ( 6 )
+#define SAMR_VALIDATION_STATUS_PWD_TOO_LONG ( 7 )
+#define SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH ( 8 )
+#define SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT ( 9 )
+#endif
+;
+
+struct samr_ValidationBlob {
+	uint32_t length;
+	uint8_t *data;/* [unique,size_is(length)] */
+};
+
+struct samr_ValidatePasswordInfo {
+	uint32_t fields_present;
+	NTTIME last_password_change;
+	NTTIME bad_password_time;
+	NTTIME lockout_time;
+	uint32_t bad_pwd_count;
+	uint32_t pwd_history_len;
+	struct samr_ValidationBlob *pwd_history;/* [unique,size_is(pwd_history_len)] */
+};
+
+struct samr_ValidatePasswordRepCtr {
+	struct samr_ValidatePasswordInfo info;
+	enum samr_ValidationStatus status;
+};
+
+union samr_ValidatePasswordRep {
+	struct samr_ValidatePasswordRepCtr ctr1;/* [case] */
+	struct samr_ValidatePasswordRepCtr ctr2;/* [case(2)] */
+	struct samr_ValidatePasswordRepCtr ctr3;/* [case(3)] */
+}/* [switch_type(uint16)] */;
+
+struct samr_ValidatePasswordReq3 {
+	struct samr_ValidatePasswordInfo info;
+	struct lsa_StringLarge password;
+	struct lsa_StringLarge account;
+	struct samr_ValidationBlob hash;
+	uint8_t pwd_must_change_at_next_logon;
+	uint8_t clear_lockout;
+};
+
+struct samr_ValidatePasswordReq2 {
+	struct samr_ValidatePasswordInfo info;
+	struct lsa_StringLarge password;
+	struct lsa_StringLarge account;
+	struct samr_ValidationBlob hash;
+	uint8_t password_matched;
+};
+
+struct samr_ValidatePasswordReq1 {
+	struct samr_ValidatePasswordInfo info;
+	uint8_t password_matched;
+};
+
+union samr_ValidatePasswordReq {
+	struct samr_ValidatePasswordReq1 req1;/* [case] */
+	struct samr_ValidatePasswordReq2 req2;/* [case(2)] */
+	struct samr_ValidatePasswordReq3 req3;/* [case(3)] */
+}/* [switch_type(uint16)] */;
+
+
+struct samr_Connect {
+	struct {
+		uint16_t *system_name;/* [unique] */
+		uint32_t access_mask;
+	} in;
+
+	struct {
+		struct policy_handle *connect_handle;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_Close {
+	struct {
+		struct policy_handle *handle;/* [ref] */
+	} in;
+
+	struct {
+		struct policy_handle *handle;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_SetSecurity {
+	struct {
+		struct policy_handle *handle;/* [ref] */
+		uint32_t sec_info;
+		struct sec_desc_buf *sdbuf;/* [ref] */
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_QuerySecurity {
+	struct {
+		struct policy_handle *handle;/* [ref] */
+		uint32_t sec_info;
+	} in;
+
+	struct {
+		struct sec_desc_buf **sdbuf;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_Shutdown {
+	struct {
+		struct policy_handle *connect_handle;/* [ref] */
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_LookupDomain {
+	struct {
+		struct policy_handle *connect_handle;/* [ref] */
+		struct lsa_String *domain_name;/* [ref] */
+	} in;
+
+	struct {
+		struct dom_sid2 **sid;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_EnumDomains {
+	struct {
+		struct policy_handle *connect_handle;/* [ref] */
+		uint32_t buf_size;
+		uint32_t *resume_handle;/* [ref] */
+	} in;
+
+	struct {
+		struct samr_SamArray **sam;/* [ref] */
+		uint32_t *num_entries;/* [ref] */
+		uint32_t *resume_handle;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_OpenDomain {
+	struct {
+		struct policy_handle *connect_handle;/* [ref] */
+		uint32_t access_mask;
+		struct dom_sid2 *sid;/* [ref] */
+	} in;
+
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_QueryDomainInfo {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		uint16_t level;
+	} in;
+
+	struct {
+		union samr_DomainInfo **info;/* [ref,switch_is(level)] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_SetDomainInfo {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		uint16_t level;
+		union samr_DomainInfo *info;/* [ref,switch_is(level)] */
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_CreateDomainGroup {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		struct lsa_String *name;/* [ref] */
+		uint32_t access_mask;
+	} in;
+
+	struct {
+		struct policy_handle *group_handle;/* [ref] */
+		uint32_t *rid;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_EnumDomainGroups {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		uint32_t max_size;
+		uint32_t *resume_handle;/* [ref] */
+	} in;
+
+	struct {
+		struct samr_SamArray **sam;/* [ref] */
+		uint32_t *num_entries;/* [ref] */
+		uint32_t *resume_handle;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_CreateUser {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		struct lsa_String *account_name;/* [ref] */
+		uint32_t access_mask;
+	} in;
+
+	struct {
+		struct policy_handle *user_handle;/* [ref] */
+		uint32_t *rid;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_EnumDomainUsers {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		uint32_t acct_flags;
+		uint32_t max_size;
+		uint32_t *resume_handle;/* [ref] */
+	} in;
+
+	struct {
+		struct samr_SamArray **sam;/* [ref] */
+		uint32_t *num_entries;/* [ref] */
+		uint32_t *resume_handle;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_CreateDomAlias {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		struct lsa_String *alias_name;/* [ref] */
+		uint32_t access_mask;
+	} in;
+
+	struct {
+		struct policy_handle *alias_handle;/* [ref] */
+		uint32_t *rid;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_EnumDomainAliases {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		uint32_t max_size;
+		uint32_t *resume_handle;/* [ref] */
+	} in;
+
+	struct {
+		struct samr_SamArray **sam;/* [ref] */
+		uint32_t *num_entries;/* [ref] */
+		uint32_t *resume_handle;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_GetAliasMembership {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		struct lsa_SidArray *sids;/* [ref] */
+	} in;
+
+	struct {
+		struct samr_Ids *rids;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_LookupNames {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		uint32_t num_names;/* [range(0,1000)] */
+		struct lsa_String *names;/* [length_is(num_names),size_is(1000)] */
+	} in;
+
+	struct {
+		struct samr_Ids *rids;/* [ref] */
+		struct samr_Ids *types;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_LookupRids {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		uint32_t num_rids;/* [range(0,1000)] */
+		uint32_t *rids;/* [length_is(num_rids),size_is(1000)] */
+	} in;
+
+	struct {
+		struct lsa_Strings *names;/* [ref] */
+		struct samr_Ids *types;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_OpenGroup {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		uint32_t access_mask;
+		uint32_t rid;
+	} in;
+
+	struct {
+		struct policy_handle *group_handle;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_QueryGroupInfo {
+	struct {
+		struct policy_handle *group_handle;/* [ref] */
+		enum samr_GroupInfoEnum level;
+	} in;
+
+	struct {
+		union samr_GroupInfo **info;/* [ref,switch_is(level)] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_SetGroupInfo {
+	struct {
+		struct policy_handle *group_handle;/* [ref] */
+		enum samr_GroupInfoEnum level;
+		union samr_GroupInfo *info;/* [ref,switch_is(level)] */
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_AddGroupMember {
+	struct {
+		struct policy_handle *group_handle;/* [ref] */
+		uint32_t rid;
+		uint32_t flags;
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_DeleteDomainGroup {
+	struct {
+		struct policy_handle *group_handle;/* [ref] */
+	} in;
+
+	struct {
+		struct policy_handle *group_handle;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_DeleteGroupMember {
+	struct {
+		struct policy_handle *group_handle;/* [ref] */
+		uint32_t rid;
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_QueryGroupMember {
+	struct {
+		struct policy_handle *group_handle;/* [ref] */
+	} in;
+
+	struct {
+		struct samr_RidTypeArray **rids;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_SetMemberAttributesOfGroup {
+	struct {
+		struct policy_handle *group_handle;/* [ref] */
+		uint32_t unknown1;
+		uint32_t unknown2;
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_OpenAlias {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		uint32_t access_mask;
+		uint32_t rid;
+	} in;
+
+	struct {
+		struct policy_handle *alias_handle;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_QueryAliasInfo {
+	struct {
+		struct policy_handle *alias_handle;/* [ref] */
+		enum samr_AliasInfoEnum level;
+	} in;
+
+	struct {
+		union samr_AliasInfo **info;/* [ref,switch_is(level)] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_SetAliasInfo {
+	struct {
+		struct policy_handle *alias_handle;/* [ref] */
+		enum samr_AliasInfoEnum level;
+		union samr_AliasInfo *info;/* [ref,switch_is(level)] */
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_DeleteDomAlias {
+	struct {
+		struct policy_handle *alias_handle;/* [ref] */
+	} in;
+
+	struct {
+		struct policy_handle *alias_handle;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_AddAliasMember {
+	struct {
+		struct policy_handle *alias_handle;/* [ref] */
+		struct dom_sid2 *sid;/* [ref] */
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_DeleteAliasMember {
+	struct {
+		struct policy_handle *alias_handle;/* [ref] */
+		struct dom_sid2 *sid;/* [ref] */
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_GetMembersInAlias {
+	struct {
+		struct policy_handle *alias_handle;/* [ref] */
+	} in;
+
+	struct {
+		struct lsa_SidArray *sids;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_OpenUser {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		uint32_t access_mask;
+		uint32_t rid;
+	} in;
+
+	struct {
+		struct policy_handle *user_handle;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_DeleteUser {
+	struct {
+		struct policy_handle *user_handle;/* [ref] */
+	} in;
+
+	struct {
+		struct policy_handle *user_handle;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_QueryUserInfo {
+	struct {
+		struct policy_handle *user_handle;/* [ref] */
+		uint16_t level;
+	} in;
+
+	struct {
+		union samr_UserInfo **info;/* [ref,switch_is(level)] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_SetUserInfo {
+	struct {
+		struct policy_handle *user_handle;/* [ref] */
+		uint16_t level;
+		union samr_UserInfo *info;/* [ref,switch_is(level)] */
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_ChangePasswordUser {
+	struct {
+		struct policy_handle *user_handle;/* [ref] */
+		uint8_t lm_present;
+		struct samr_Password *old_lm_crypted;/* [unique] */
+		struct samr_Password *new_lm_crypted;/* [unique] */
+		uint8_t nt_present;
+		struct samr_Password *old_nt_crypted;/* [unique] */
+		struct samr_Password *new_nt_crypted;/* [unique] */
+		uint8_t cross1_present;
+		struct samr_Password *nt_cross;/* [unique] */
+		uint8_t cross2_present;
+		struct samr_Password *lm_cross;/* [unique] */
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_GetGroupsForUser {
+	struct {
+		struct policy_handle *user_handle;/* [ref] */
+	} in;
+
+	struct {
+		struct samr_RidWithAttributeArray **rids;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_QueryDisplayInfo {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		uint16_t level;
+		uint32_t start_idx;
+		uint32_t max_entries;
+		uint32_t buf_size;
+	} in;
+
+	struct {
+		uint32_t *total_size;/* [ref] */
+		uint32_t *returned_size;/* [ref] */
+		union samr_DispInfo *info;/* [ref,switch_is(level)] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_GetDisplayEnumerationIndex {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		uint16_t level;
+		struct lsa_String name;
+	} in;
+
+	struct {
+		uint32_t *idx;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_TestPrivateFunctionsDomain {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_TestPrivateFunctionsUser {
+	struct {
+		struct policy_handle *user_handle;/* [ref] */
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_GetUserPwInfo {
+	struct {
+		struct policy_handle *user_handle;/* [ref] */
+	} in;
+
+	struct {
+		struct samr_PwInfo *info;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_RemoveMemberFromForeignDomain {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		struct dom_sid2 *sid;/* [ref] */
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_QueryDomainInfo2 {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		uint16_t level;
+	} in;
+
+	struct {
+		union samr_DomainInfo **info;/* [ref,switch_is(level)] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_QueryUserInfo2 {
+	struct {
+		struct policy_handle *user_handle;/* [ref] */
+		uint16_t level;
+	} in;
+
+	struct {
+		union samr_UserInfo *info;/* [ref,switch_is(level)] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_QueryDisplayInfo2 {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		uint16_t level;
+		uint32_t start_idx;
+		uint32_t max_entries;
+		uint32_t buf_size;
+	} in;
+
+	struct {
+		uint32_t *total_size;/* [ref] */
+		uint32_t *returned_size;/* [ref] */
+		union samr_DispInfo *info;/* [ref,switch_is(level)] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_GetDisplayEnumerationIndex2 {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		uint16_t level;
+		struct lsa_String name;
+	} in;
+
+	struct {
+		uint32_t *idx;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_CreateUser2 {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		struct lsa_String *account_name;/* [ref] */
+		uint32_t acct_flags;
+		uint32_t access_mask;
+	} in;
+
+	struct {
+		struct policy_handle *user_handle;/* [ref] */
+		uint32_t *access_granted;/* [ref] */
+		uint32_t *rid;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_QueryDisplayInfo3 {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		uint16_t level;
+		uint32_t start_idx;
+		uint32_t max_entries;
+		uint32_t buf_size;
+	} in;
+
+	struct {
+		uint32_t *total_size;/* [ref] */
+		uint32_t *returned_size;/* [ref] */
+		union samr_DispInfo *info;/* [ref,switch_is(level)] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_AddMultipleMembersToAlias {
+	struct {
+		struct policy_handle *alias_handle;/* [ref] */
+		struct lsa_SidArray *sids;/* [ref] */
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_RemoveMultipleMembersFromAlias {
+	struct {
+		struct policy_handle *alias_handle;/* [ref] */
+		struct lsa_SidArray *sids;/* [ref] */
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_OemChangePasswordUser2 {
+	struct {
+		struct lsa_AsciiString *server;/* [unique] */
+		struct lsa_AsciiString *account;/* [ref] */
+		struct samr_CryptPassword *password;/* [unique] */
+		struct samr_Password *hash;/* [unique] */
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_ChangePasswordUser2 {
+	struct {
+		struct lsa_String *server;/* [unique] */
+		struct lsa_String *account;/* [ref] */
+		struct samr_CryptPassword *nt_password;/* [unique] */
+		struct samr_Password *nt_verifier;/* [unique] */
+		uint8_t lm_change;
+		struct samr_CryptPassword *lm_password;/* [unique] */
+		struct samr_Password *lm_verifier;/* [unique] */
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_GetDomPwInfo {
+	struct {
+		struct lsa_String *domain_name;/* [unique] */
+	} in;
+
+	struct {
+		struct samr_PwInfo *info;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_Connect2 {
+	struct {
+		const char *system_name;/* [unique,charset(UTF16)] */
+		uint32_t access_mask;
+	} in;
+
+	struct {
+		struct policy_handle *connect_handle;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_SetUserInfo2 {
+	struct {
+		struct policy_handle *user_handle;/* [ref] */
+		uint16_t level;
+		union samr_UserInfo *info;/* [ref,switch_is(level)] */
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_SetBootKeyInformation {
+	struct {
+		struct policy_handle *connect_handle;/* [ref] */
+		uint32_t unknown1;
+		uint32_t unknown2;
+		uint32_t unknown3;
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_GetBootKeyInformation {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+	} in;
+
+	struct {
+		uint32_t *unknown;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_Connect3 {
+	struct {
+		const char *system_name;/* [unique,charset(UTF16)] */
+		uint32_t unknown;
+		uint32_t access_mask;
+	} in;
+
+	struct {
+		struct policy_handle *connect_handle;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_Connect4 {
+	struct {
+		const char *system_name;/* [unique,charset(UTF16)] */
+		enum samr_ConnectVersion client_version;
+		uint32_t access_mask;
+	} in;
+
+	struct {
+		struct policy_handle *connect_handle;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_ChangePasswordUser3 {
+	struct {
+		struct lsa_String *server;/* [unique] */
+		struct lsa_String *account;/* [ref] */
+		struct samr_CryptPassword *nt_password;/* [unique] */
+		struct samr_Password *nt_verifier;/* [unique] */
+		uint8_t lm_change;
+		struct samr_CryptPassword *lm_password;/* [unique] */
+		struct samr_Password *lm_verifier;/* [unique] */
+		struct samr_CryptPassword *password3;/* [unique] */
+	} in;
+
+	struct {
+		struct samr_DomInfo1 **dominfo;/* [ref] */
+		struct samr_ChangeReject **reject;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_Connect5 {
+	struct {
+		const char *system_name;/* [unique,charset(UTF16)] */
+		uint32_t access_mask;
+		uint32_t level_in;
+		union samr_ConnectInfo *info_in;/* [ref,switch_is(level_in)] */
+	} in;
+
+	struct {
+		uint32_t *level_out;/* [ref] */
+		union samr_ConnectInfo *info_out;/* [ref,switch_is(*level_out)] */
+		struct policy_handle *connect_handle;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_RidToSid {
+	struct {
+		struct policy_handle *domain_handle;/* [ref] */
+		uint32_t rid;
+	} in;
+
+	struct {
+		struct dom_sid2 *sid;/* [ref] */
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_SetDsrmPassword {
+	struct {
+		struct lsa_String *name;/* [unique] */
+		uint32_t unknown;
+		struct samr_Password *hash;/* [unique] */
+	} in;
+
+	struct {
+		NTSTATUS result;
+	} out;
+
+};
+
+
+struct samr_ValidatePassword {
+	struct {
+		enum samr_ValidatePasswordLevel level;
+		union samr_ValidatePasswordReq req;/* [switch_is(level)] */
+	} in;
+
+	struct {
+		union samr_ValidatePasswordRep *rep;/* [ref,switch_is(level)] */
+		NTSTATUS result;
+	} out;
+
+};
+
+#endif /* _HEADER_samr */
diff --git a/source3/librpc/gen_ndr/security.h b/source3/librpc/gen_ndr/security.h
index 1c51af5b9c..a17fd512f7 100644
--- a/source3/librpc/gen_ndr/security.h
+++ b/source3/librpc/gen_ndr/security.h
@@ -1 +1,326 @@
-#include "ndr/security.h"
+/* header auto-generated by pidl */
+
+#include <stdint.h>
+
+#include "librpc/gen_ndr/misc.h"
+#define dom_sid2 dom_sid
+#define dom_sid28 dom_sid
+#ifndef _HEADER_security
+#define _HEADER_security
+
+#define SEC_MASK_GENERIC	( 0xF0000000 )
+#define SEC_MASK_FLAGS	( 0x0F000000 )
+#define SEC_MASK_STANDARD	( 0x00FF0000 )
+#define SEC_MASK_SPECIFIC	( 0x0000FFFF )
+#define SEC_GENERIC_ALL	( 0x10000000 )
+#define SEC_GENERIC_EXECUTE	( 0x20000000 )
+#define SEC_GENERIC_WRITE	( 0x40000000 )
+#define SEC_GENERIC_READ	( 0x80000000 )
+#define SEC_FLAG_SYSTEM_SECURITY	( 0x01000000 )
+#define SEC_FLAG_MAXIMUM_ALLOWED	( 0x02000000 )
+#define SEC_STD_DELETE	( 0x00010000 )
+#define SEC_STD_READ_CONTROL	( 0x00020000 )
+#define SEC_STD_WRITE_DAC	( 0x00040000 )
+#define SEC_STD_WRITE_OWNER	( 0x00080000 )
+#define SEC_STD_SYNCHRONIZE	( 0x00100000 )
+#define SEC_STD_REQUIRED	( 0x000F0000 )
+#define SEC_STD_ALL	( 0x001F0000 )
+#define SEC_FILE_READ_DATA	( 0x00000001 )
+#define SEC_FILE_WRITE_DATA	( 0x00000002 )
+#define SEC_FILE_APPEND_DATA	( 0x00000004 )
+#define SEC_FILE_READ_EA	( 0x00000008 )
+#define SEC_FILE_WRITE_EA	( 0x00000010 )
+#define SEC_FILE_EXECUTE	( 0x00000020 )
+#define SEC_FILE_READ_ATTRIBUTE	( 0x00000080 )
+#define SEC_FILE_WRITE_ATTRIBUTE	( 0x00000100 )
+#define SEC_FILE_ALL	( 0x000001ff )
+#define SEC_DIR_LIST	( 0x00000001 )
+#define SEC_DIR_ADD_FILE	( 0x00000002 )
+#define SEC_DIR_ADD_SUBDIR	( 0x00000004 )
+#define SEC_DIR_READ_EA	( 0x00000008 )
+#define SEC_DIR_WRITE_EA	( 0x00000010 )
+#define SEC_DIR_TRAVERSE	( 0x00000020 )
+#define SEC_DIR_DELETE_CHILD	( 0x00000040 )
+#define SEC_DIR_READ_ATTRIBUTE	( 0x00000080 )
+#define SEC_DIR_WRITE_ATTRIBUTE	( 0x00000100 )
+#define SEC_REG_QUERY_VALUE	( 0x00000001 )
+#define SEC_REG_SET_VALUE	( 0x00000002 )
+#define SEC_REG_CREATE_SUBKEY	( 0x00000004 )
+#define SEC_REG_ENUM_SUBKEYS	( 0x00000008 )
+#define SEC_REG_NOTIFY	( 0x00000010 )
+#define SEC_REG_CREATE_LINK	( 0x00000020 )
+#define SEC_ADS_CREATE_CHILD	( 0x00000001 )
+#define SEC_ADS_DELETE_CHILD	( 0x00000002 )
+#define SEC_ADS_LIST	( 0x00000004 )
+#define SEC_ADS_SELF_WRITE	( 0x00000008 )
+#define SEC_ADS_READ_PROP	( 0x00000010 )
+#define SEC_ADS_WRITE_PROP	( 0x00000020 )
+#define SEC_ADS_DELETE_TREE	( 0x00000040 )
+#define SEC_ADS_LIST_OBJECT	( 0x00000080 )
+#define SEC_ADS_CONTROL_ACCESS	( 0x00000100 )
+#define SEC_RIGHTS_FILE_READ	( SEC_STD_READ_CONTROL|SEC_STD_SYNCHRONIZE|SEC_FILE_READ_DATA|SEC_FILE_READ_ATTRIBUTE|SEC_FILE_READ_EA )
+#define SEC_RIGHTS_FILE_WRITE	( SEC_STD_READ_CONTROL|SEC_STD_SYNCHRONIZE|SEC_FILE_WRITE_DATA|SEC_FILE_WRITE_ATTRIBUTE|SEC_FILE_WRITE_EA|SEC_FILE_APPEND_DATA )
+#define SEC_RIGHTS_FILE_EXECUTE	( SEC_STD_SYNCHRONIZE|SEC_STD_READ_CONTROL|SEC_FILE_READ_ATTRIBUTE|SEC_FILE_EXECUTE )
+#define SEC_RIGHTS_FILE_ALL	( SEC_STD_ALL|SEC_FILE_ALL )
+#define SEC_RIGHTS_DIR_READ	( SEC_RIGHTS_FILE_READ )
+#define SEC_RIGHTS_DIR_WRITE	( SEC_RIGHTS_FILE_WRITE )
+#define SEC_RIGHTS_DIR_EXECUTE	( SEC_RIGHTS_FILE_EXECUTE )
+#define SEC_RIGHTS_DIR_ALL	( SEC_RIGHTS_FILE_ALL )
+#define SID_NULL	( "S-1-0-0" )
+#define NAME_WORLD	( "WORLD" )
+#define SID_WORLD_DOMAIN	( "S-1-1" )
+#define SID_WORLD	( "S-1-1-0" )
+#define SID_CREATOR_OWNER_DOMAIN	( "S-1-3" )
+#define SID_CREATOR_OWNER	( "S-1-3-0" )
+#define SID_CREATOR_GROUP	( "S-1-3-1" )
+#define NAME_NT_AUTHORITY	( "NT AUTHORITY" )
+#define SID_NT_AUTHORITY	( "S-1-5" )
+#define SID_NT_DIALUP	( "S-1-5-1" )
+#define SID_NT_NETWORK	( "S-1-5-2" )
+#define SID_NT_BATCH	( "S-1-5-3" )
+#define SID_NT_INTERACTIVE	( "S-1-5-4" )
+#define SID_NT_SERVICE	( "S-1-5-6" )
+#define SID_NT_ANONYMOUS	( "S-1-5-7" )
+#define SID_NT_PROXY	( "S-1-5-8" )
+#define SID_NT_ENTERPRISE_DCS	( "S-1-5-9" )
+#define SID_NT_SELF	( "S-1-5-10" )
+#define SID_NT_AUTHENTICATED_USERS	( "S-1-5-11" )
+#define SID_NT_RESTRICTED	( "S-1-5-12" )
+#define SID_NT_TERMINAL_SERVER_USERS	( "S-1-5-13" )
+#define SID_NT_REMOTE_INTERACTIVE	( "S-1-5-14" )
+#define SID_NT_THIS_ORGANISATION	( "S-1-5-15" )
+#define SID_NT_SYSTEM	( "S-1-5-18" )
+#define SID_NT_LOCAL_SERVICE	( "S-1-5-19" )
+#define SID_NT_NETWORK_SERVICE	( "S-1-5-20" )
+#define NAME_BUILTIN	( "BUILTIN" )
+#define SID_BUILTIN	( "S-1-5-32" )
+#define SID_BUILTIN_ADMINISTRATORS	( "S-1-5-32-544" )
+#define SID_BUILTIN_USERS	( "S-1-5-32-545" )
+#define SID_BUILTIN_GUESTS	( "S-1-5-32-546" )
+#define SID_BUILTIN_POWER_USERS	( "S-1-5-32-547" )
+#define SID_BUILTIN_ACCOUNT_OPERATORS	( "S-1-5-32-548" )
+#define SID_BUILTIN_SERVER_OPERATORS	( "S-1-5-32-549" )
+#define SID_BUILTIN_PRINT_OPERATORS	( "S-1-5-32-550" )
+#define SID_BUILTIN_BACKUP_OPERATORS	( "S-1-5-32-551" )
+#define SID_BUILTIN_REPLICATOR	( "S-1-5-32-552" )
+#define SID_BUILTIN_RAS_SERVERS	( "S-1-5-32-553" )
+#define SID_BUILTIN_PREW2K	( "S-1-5-32-554" )
+#define DOMAIN_RID_LOGON	( 9 )
+#define DOMAIN_RID_ADMINISTRATOR	( 500 )
+#define DOMAIN_RID_GUEST	( 501 )
+#define DOMAIN_RID_ADMINS	( 512 )
+#define DOMAIN_RID_USERS	( 513 )
+#define DOMAIN_RID_DOMAIN_MEMBERS	( 515 )
+#define DOMAIN_RID_DCS	( 516 )
+#define DOMAIN_RID_CERT_ADMINS	( 517 )
+#define DOMAIN_RID_SCHEMA_ADMINS	( 518 )
+#define DOMAIN_RID_ENTERPRISE_ADMINS	( 519 )
+#define NT4_ACL_REVISION	( SECURITY_ACL_REVISION_NT4 )
+#define SD_REVISION	( SECURITY_DESCRIPTOR_REVISION_1 )
+enum sec_privilege
+#ifndef USE_UINT_ENUMS
+ {
+	SEC_PRIV_SECURITY=1,
+	SEC_PRIV_BACKUP=2,
+	SEC_PRIV_RESTORE=3,
+	SEC_PRIV_SYSTEMTIME=4,
+	SEC_PRIV_SHUTDOWN=5,
+	SEC_PRIV_REMOTE_SHUTDOWN=6,
+	SEC_PRIV_TAKE_OWNERSHIP=7,
+	SEC_PRIV_DEBUG=8,
+	SEC_PRIV_SYSTEM_ENVIRONMENT=9,
+	SEC_PRIV_SYSTEM_PROFILE=10,
+	SEC_PRIV_PROFILE_SINGLE_PROCESS=11,
+	SEC_PRIV_INCREASE_BASE_PRIORITY=12,
+	SEC_PRIV_LOAD_DRIVER=13,
+	SEC_PRIV_CREATE_PAGEFILE=14,
+	SEC_PRIV_INCREASE_QUOTA=15,
+	SEC_PRIV_CHANGE_NOTIFY=16,
+	SEC_PRIV_UNDOCK=17,
+	SEC_PRIV_MANAGE_VOLUME=18,
+	SEC_PRIV_IMPERSONATE=19,
+	SEC_PRIV_CREATE_GLOBAL=20,
+	SEC_PRIV_ENABLE_DELEGATION=21,
+	SEC_PRIV_INTERACTIVE_LOGON=22,
+	SEC_PRIV_NETWORK_LOGON=23,
+	SEC_PRIV_REMOTE_INTERACTIVE_LOGON=24
+}
+#else
+ { __donnot_use_enum_sec_privilege=0x7FFFFFFF}
+#define SEC_PRIV_SECURITY ( 1 )
+#define SEC_PRIV_BACKUP ( 2 )
+#define SEC_PRIV_RESTORE ( 3 )
+#define SEC_PRIV_SYSTEMTIME ( 4 )
+#define SEC_PRIV_SHUTDOWN ( 5 )
+#define SEC_PRIV_REMOTE_SHUTDOWN ( 6 )
+#define SEC_PRIV_TAKE_OWNERSHIP ( 7 )
+#define SEC_PRIV_DEBUG ( 8 )
+#define SEC_PRIV_SYSTEM_ENVIRONMENT ( 9 )
+#define SEC_PRIV_SYSTEM_PROFILE ( 10 )
+#define SEC_PRIV_PROFILE_SINGLE_PROCESS ( 11 )
+#define SEC_PRIV_INCREASE_BASE_PRIORITY ( 12 )
+#define SEC_PRIV_LOAD_DRIVER ( 13 )
+#define SEC_PRIV_CREATE_PAGEFILE ( 14 )
+#define SEC_PRIV_INCREASE_QUOTA ( 15 )
+#define SEC_PRIV_CHANGE_NOTIFY ( 16 )
+#define SEC_PRIV_UNDOCK ( 17 )
+#define SEC_PRIV_MANAGE_VOLUME ( 18 )
+#define SEC_PRIV_IMPERSONATE ( 19 )
+#define SEC_PRIV_CREATE_GLOBAL ( 20 )
+#define SEC_PRIV_ENABLE_DELEGATION ( 21 )
+#define SEC_PRIV_INTERACTIVE_LOGON ( 22 )
+#define SEC_PRIV_NETWORK_LOGON ( 23 )
+#define SEC_PRIV_REMOTE_INTERACTIVE_LOGON ( 24 )
+#endif
+;
+
+/* bitmap security_ace_flags */
+#define SEC_ACE_FLAG_OBJECT_INHERIT ( 0x01 )
+#define SEC_ACE_FLAG_CONTAINER_INHERIT ( 0x02 )
+#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT ( 0x04 )
+#define SEC_ACE_FLAG_INHERIT_ONLY ( 0x08 )
+#define SEC_ACE_FLAG_INHERITED_ACE ( 0x10 )
+#define SEC_ACE_FLAG_VALID_INHERIT ( 0x0f )
+#define SEC_ACE_FLAG_SUCCESSFUL_ACCESS ( 0x40 )
+#define SEC_ACE_FLAG_FAILED_ACCESS ( 0x80 )
+
+enum security_ace_type
+#ifndef USE_UINT_ENUMS
+ {
+	SEC_ACE_TYPE_ACCESS_ALLOWED=0,
+	SEC_ACE_TYPE_ACCESS_DENIED=1,
+	SEC_ACE_TYPE_SYSTEM_AUDIT=2,
+	SEC_ACE_TYPE_SYSTEM_ALARM=3,
+	SEC_ACE_TYPE_ALLOWED_COMPOUND=4,
+	SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT=5,
+	SEC_ACE_TYPE_ACCESS_DENIED_OBJECT=6,
+	SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT=7,
+	SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT=8
+}
+#else
+ { __donnot_use_enum_security_ace_type=0x7FFFFFFF}
+#define SEC_ACE_TYPE_ACCESS_ALLOWED ( 0 )
+#define SEC_ACE_TYPE_ACCESS_DENIED ( 1 )
+#define SEC_ACE_TYPE_SYSTEM_AUDIT ( 2 )
+#define SEC_ACE_TYPE_SYSTEM_ALARM ( 3 )
+#define SEC_ACE_TYPE_ALLOWED_COMPOUND ( 4 )
+#define SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ( 5 )
+#define SEC_ACE_TYPE_ACCESS_DENIED_OBJECT ( 6 )
+#define SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT ( 7 )
+#define SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT ( 8 )
+#endif
+;
+
+/* bitmap security_ace_object_flags */
+#define SEC_ACE_OBJECT_TYPE_PRESENT ( 0x00000001 )
+#define SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT ( 0x00000002 )
+
+union security_ace_object_type {
+	struct GUID type;/* [case(SEC_ACE_OBJECT_TYPE_PRESENT)] */
+}/* [nodiscriminant] */;
+
+union security_ace_object_inherited_type {
+	struct GUID inherited_type;/* [case(SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT)] */
+}/* [nodiscriminant] */;
+
+struct security_ace_object {
+	uint32_t flags;
+	union security_ace_object_type type;/* [switch_is(flags&SEC_ACE_OBJECT_TYPE_PRESENT)] */
+	union security_ace_object_inherited_type inherited_type;/* [switch_is(flags&SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT)] */
+};
+
+union security_ace_object_ctr {
+	struct security_ace_object object;/* [case(SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT)] */
+}/* [nodiscriminant] */;
+
+struct security_ace {
+	enum security_ace_type type;
+	uint8_t flags;
+	uint16_t size;/* [value(ndr_size_security_ace(r,ndr->flags))] */
+	uint32_t access_mask;
+	union security_ace_object_ctr object;/* [switch_is(type)] */
+	struct dom_sid trustee;
+}/* [gensize,public,nosize] */;
+
+enum security_acl_revision
+#ifndef USE_UINT_ENUMS
+ {
+	SECURITY_ACL_REVISION_NT4=2,
+	SECURITY_ACL_REVISION_ADS=4
+}
+#else
+ { __donnot_use_enum_security_acl_revision=0x7FFFFFFF}
+#define SECURITY_ACL_REVISION_NT4 ( 2 )
+#define SECURITY_ACL_REVISION_ADS ( 4 )
+#endif
+;
+
+struct security_acl {
+	enum security_acl_revision revision;
+	uint16_t size;/* [value(ndr_size_security_acl(r,ndr->flags))] */
+	uint32_t num_aces;/* [range(0,1000)] */
+	struct security_ace *aces;
+}/* [gensize,public,nosize] */;
+
+enum security_descriptor_revision
+#ifndef USE_UINT_ENUMS
+ {
+	SECURITY_DESCRIPTOR_REVISION_1=1
+}
+#else
+ { __donnot_use_enum_security_descriptor_revision=0x7FFFFFFF}
+#define SECURITY_DESCRIPTOR_REVISION_1 ( 1 )
+#endif
+;
+
+/* bitmap security_descriptor_type */
+#define SEC_DESC_OWNER_DEFAULTED ( 0x0001 )
+#define SEC_DESC_GROUP_DEFAULTED ( 0x0002 )
+#define SEC_DESC_DACL_PRESENT ( 0x0004 )
+#define SEC_DESC_DACL_DEFAULTED ( 0x0008 )
+#define SEC_DESC_SACL_PRESENT ( 0x0010 )
+#define SEC_DESC_SACL_DEFAULTED ( 0x0020 )
+#define SEC_DESC_DACL_TRUSTED ( 0x0040 )
+#define SEC_DESC_SERVER_SECURITY ( 0x0080 )
+#define SEC_DESC_DACL_AUTO_INHERIT_REQ ( 0x0100 )
+#define SEC_DESC_SACL_AUTO_INHERIT_REQ ( 0x0200 )
+#define SEC_DESC_DACL_AUTO_INHERITED ( 0x0400 )
+#define SEC_DESC_SACL_AUTO_INHERITED ( 0x0800 )
+#define SEC_DESC_DACL_PROTECTED ( 0x1000 )
+#define SEC_DESC_SACL_PROTECTED ( 0x2000 )
+#define SEC_DESC_RM_CONTROL_VALID ( 0x4000 )
+#define SEC_DESC_SELF_RELATIVE ( 0x8000 )
+
+struct security_descriptor {
+	enum security_descriptor_revision revision;
+	uint16_t type;
+	struct dom_sid *owner_sid;/* [relative] */
+	struct dom_sid *group_sid;/* [relative] */
+	struct security_acl *sacl;/* [relative] */
+	struct security_acl *dacl;/* [relative] */
+}/* [gensize,public,flag(LIBNDR_FLAG_LITTLE_ENDIAN),nosize] */;
+
+struct sec_desc_buf {
+	uint32_t sd_size;/* [value(ndr_size_security_descriptor(sd,ndr->flags)),range(0,0x40000)] */
+	struct security_descriptor *sd;/* [unique,subcontext(4)] */
+}/* [public] */;
+
+struct security_token {
+	struct dom_sid *user_sid;/* [unique] */
+	struct dom_sid *group_sid;/* [unique] */
+	uint32_t num_sids;
+	struct dom_sid **sids;/* [unique,size_is(num_sids)] */
+	uint64_t privilege_mask;
+}/* [public] */;
+
+/* bitmap security_secinfo */
+#define SECINFO_OWNER ( 0x00000001 )
+#define SECINFO_GROUP ( 0x00000002 )
+#define SECINFO_DACL ( 0x00000004 )
+#define SECINFO_SACL ( 0x00000008 )
+#define SECINFO_UNPROTECTED_SACL ( 0x10000000 )
+#define SECINFO_UNPROTECTED_DACL ( 0x20000000 )
+#define SECINFO_PROTECTED_SACL ( 0x40000000 )
+#define SECINFO_PROTECTED_DACL ( 0x80000000 )
+
+#endif /* _HEADER_security */
diff --git a/source3/librpc/gen_ndr/srv_dfs.c b/source3/librpc/gen_ndr/srv_dfs.c
index 384c2ba940..1ecd687e3a 100644
--- a/source3/librpc/gen_ndr/srv_dfs.c
+++ b/source3/librpc/gen_ndr/srv_dfs.c
@@ -17,7 +17,7 @@ static bool api_dfs_GetManagerVersion(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_GETMANAGERVERSION];
 
-	r = talloc(NULL, struct dfs_GetManagerVersion);
+	r = talloc(talloc_tos(), struct dfs_GetManagerVersion);
 	if (r == NULL) {
 		return false;
 	}
@@ -97,7 +97,7 @@ static bool api_dfs_Add(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_ADD];
 
-	r = talloc(NULL, struct dfs_Add);
+	r = talloc(talloc_tos(), struct dfs_Add);
 	if (r == NULL) {
 		return false;
 	}
@@ -170,7 +170,7 @@ static bool api_dfs_Remove(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_REMOVE];
 
-	r = talloc(NULL, struct dfs_Remove);
+	r = talloc(talloc_tos(), struct dfs_Remove);
 	if (r == NULL) {
 		return false;
 	}
@@ -243,7 +243,7 @@ static bool api_dfs_SetInfo(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_SETINFO];
 
-	r = talloc(NULL, struct dfs_SetInfo);
+	r = talloc(talloc_tos(), struct dfs_SetInfo);
 	if (r == NULL) {
 		return false;
 	}
@@ -316,7 +316,7 @@ static bool api_dfs_GetInfo(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_GETINFO];
 
-	r = talloc(NULL, struct dfs_GetInfo);
+	r = talloc(talloc_tos(), struct dfs_GetInfo);
 	if (r == NULL) {
 		return false;
 	}
@@ -396,7 +396,7 @@ static bool api_dfs_Enum(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_ENUM];
 
-	r = talloc(NULL, struct dfs_Enum);
+	r = talloc(talloc_tos(), struct dfs_Enum);
 	if (r == NULL) {
 		return false;
 	}
@@ -472,7 +472,7 @@ static bool api_dfs_Rename(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_RENAME];
 
-	r = talloc(NULL, struct dfs_Rename);
+	r = talloc(talloc_tos(), struct dfs_Rename);
 	if (r == NULL) {
 		return false;
 	}
@@ -545,7 +545,7 @@ static bool api_dfs_Move(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_MOVE];
 
-	r = talloc(NULL, struct dfs_Move);
+	r = talloc(talloc_tos(), struct dfs_Move);
 	if (r == NULL) {
 		return false;
 	}
@@ -618,7 +618,7 @@ static bool api_dfs_ManagerGetConfigInfo(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_MANAGERGETCONFIGINFO];
 
-	r = talloc(NULL, struct dfs_ManagerGetConfigInfo);
+	r = talloc(talloc_tos(), struct dfs_ManagerGetConfigInfo);
 	if (r == NULL) {
 		return false;
 	}
@@ -691,7 +691,7 @@ static bool api_dfs_ManagerSendSiteInfo(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_MANAGERSENDSITEINFO];
 
-	r = talloc(NULL, struct dfs_ManagerSendSiteInfo);
+	r = talloc(talloc_tos(), struct dfs_ManagerSendSiteInfo);
 	if (r == NULL) {
 		return false;
 	}
@@ -764,7 +764,7 @@ static bool api_dfs_AddFtRoot(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_ADDFTROOT];
 
-	r = talloc(NULL, struct dfs_AddFtRoot);
+	r = talloc(talloc_tos(), struct dfs_AddFtRoot);
 	if (r == NULL) {
 		return false;
 	}
@@ -839,7 +839,7 @@ static bool api_dfs_RemoveFtRoot(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_REMOVEFTROOT];
 
-	r = talloc(NULL, struct dfs_RemoveFtRoot);
+	r = talloc(talloc_tos(), struct dfs_RemoveFtRoot);
 	if (r == NULL) {
 		return false;
 	}
@@ -914,7 +914,7 @@ static bool api_dfs_AddStdRoot(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_ADDSTDROOT];
 
-	r = talloc(NULL, struct dfs_AddStdRoot);
+	r = talloc(talloc_tos(), struct dfs_AddStdRoot);
 	if (r == NULL) {
 		return false;
 	}
@@ -987,7 +987,7 @@ static bool api_dfs_RemoveStdRoot(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_REMOVESTDROOT];
 
-	r = talloc(NULL, struct dfs_RemoveStdRoot);
+	r = talloc(talloc_tos(), struct dfs_RemoveStdRoot);
 	if (r == NULL) {
 		return false;
 	}
@@ -1060,7 +1060,7 @@ static bool api_dfs_ManagerInitialize(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_MANAGERINITIALIZE];
 
-	r = talloc(NULL, struct dfs_ManagerInitialize);
+	r = talloc(talloc_tos(), struct dfs_ManagerInitialize);
 	if (r == NULL) {
 		return false;
 	}
@@ -1133,7 +1133,7 @@ static bool api_dfs_AddStdRootForced(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_ADDSTDROOTFORCED];
 
-	r = talloc(NULL, struct dfs_AddStdRootForced);
+	r = talloc(talloc_tos(), struct dfs_AddStdRootForced);
 	if (r == NULL) {
 		return false;
 	}
@@ -1206,7 +1206,7 @@ static bool api_dfs_GetDcAddress(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_GETDCADDRESS];
 
-	r = talloc(NULL, struct dfs_GetDcAddress);
+	r = talloc(talloc_tos(), struct dfs_GetDcAddress);
 	if (r == NULL) {
 		return false;
 	}
@@ -1233,6 +1233,10 @@ static bool api_dfs_GetDcAddress(pipes_struct *p)
 		NDR_PRINT_IN_DEBUG(dfs_GetDcAddress, r);
 	}
 
+	ZERO_STRUCT(r->out);
+	r->out.server_fullname = r->in.server_fullname;
+	r->out.is_root = r->in.is_root;
+	r->out.ttl = r->in.ttl;
 	r->out.result = _dfs_GetDcAddress(p, r);
 
 	if (p->rng_fault_state) {
@@ -1279,7 +1283,7 @@ static bool api_dfs_SetDcAddress(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_SETDCADDRESS];
 
-	r = talloc(NULL, struct dfs_SetDcAddress);
+	r = talloc(talloc_tos(), struct dfs_SetDcAddress);
 	if (r == NULL) {
 		return false;
 	}
@@ -1352,7 +1356,7 @@ static bool api_dfs_FlushFtTable(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_FLUSHFTTABLE];
 
-	r = talloc(NULL, struct dfs_FlushFtTable);
+	r = talloc(talloc_tos(), struct dfs_FlushFtTable);
 	if (r == NULL) {
 		return false;
 	}
@@ -1425,7 +1429,7 @@ static bool api_dfs_Add2(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_ADD2];
 
-	r = talloc(NULL, struct dfs_Add2);
+	r = talloc(talloc_tos(), struct dfs_Add2);
 	if (r == NULL) {
 		return false;
 	}
@@ -1498,7 +1502,7 @@ static bool api_dfs_Remove2(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_REMOVE2];
 
-	r = talloc(NULL, struct dfs_Remove2);
+	r = talloc(talloc_tos(), struct dfs_Remove2);
 	if (r == NULL) {
 		return false;
 	}
@@ -1571,7 +1575,7 @@ static bool api_dfs_EnumEx(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_ENUMEX];
 
-	r = talloc(NULL, struct dfs_EnumEx);
+	r = talloc(talloc_tos(), struct dfs_EnumEx);
 	if (r == NULL) {
 		return false;
 	}
@@ -1647,7 +1651,7 @@ static bool api_dfs_SetInfo2(pipes_struct *p)
 
 	call = &ndr_table_netdfs.calls[NDR_DFS_SETINFO2];
 
-	r = talloc(NULL, struct dfs_SetInfo2);
+	r = talloc(talloc_tos(), struct dfs_SetInfo2);
 	if (r == NULL) {
 		return false;
 	}
diff --git a/source3/librpc/gen_ndr/srv_dssetup.c b/source3/librpc/gen_ndr/srv_dssetup.c
new file mode 100644
index 0000000000..7a1cae9b5a
--- /dev/null
+++ b/source3/librpc/gen_ndr/srv_dssetup.c
@@ -0,0 +1,845 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * server auto-generated by pidl. DO NOT MODIFY!
+ */
+
+#include "includes.h"
+#include "librpc/gen_ndr/srv_dssetup.h"
+
+static bool api_dssetup_DsRoleGetPrimaryDomainInformation(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct dssetup_DsRoleGetPrimaryDomainInformation *r;
+
+	call = &ndr_table_dssetup.calls[NDR_DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION];
+
+	r = talloc(talloc_tos(), struct dssetup_DsRoleGetPrimaryDomainInformation);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleGetPrimaryDomainInformation, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.info = talloc_zero(r, union dssetup_DsRoleInfo);
+	if (r->out.info == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _dssetup_DsRoleGetPrimaryDomainInformation(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleGetPrimaryDomainInformation, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_dssetup_DsRoleDnsNameToFlatName(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct dssetup_DsRoleDnsNameToFlatName *r;
+
+	call = &ndr_table_dssetup.calls[NDR_DSSETUP_DSROLEDNSNAMETOFLATNAME];
+
+	r = talloc(talloc_tos(), struct dssetup_DsRoleDnsNameToFlatName);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleDnsNameToFlatName, r);
+	}
+
+	r->out.result = _dssetup_DsRoleDnsNameToFlatName(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleDnsNameToFlatName, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_dssetup_DsRoleDcAsDc(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct dssetup_DsRoleDcAsDc *r;
+
+	call = &ndr_table_dssetup.calls[NDR_DSSETUP_DSROLEDCASDC];
+
+	r = talloc(talloc_tos(), struct dssetup_DsRoleDcAsDc);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleDcAsDc, r);
+	}
+
+	r->out.result = _dssetup_DsRoleDcAsDc(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleDcAsDc, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_dssetup_DsRoleDcAsReplica(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct dssetup_DsRoleDcAsReplica *r;
+
+	call = &ndr_table_dssetup.calls[NDR_DSSETUP_DSROLEDCASREPLICA];
+
+	r = talloc(talloc_tos(), struct dssetup_DsRoleDcAsReplica);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleDcAsReplica, r);
+	}
+
+	r->out.result = _dssetup_DsRoleDcAsReplica(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleDcAsReplica, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_dssetup_DsRoleDemoteDc(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct dssetup_DsRoleDemoteDc *r;
+
+	call = &ndr_table_dssetup.calls[NDR_DSSETUP_DSROLEDEMOTEDC];
+
+	r = talloc(talloc_tos(), struct dssetup_DsRoleDemoteDc);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleDemoteDc, r);
+	}
+
+	r->out.result = _dssetup_DsRoleDemoteDc(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleDemoteDc, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_dssetup_DsRoleGetDcOperationProgress(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct dssetup_DsRoleGetDcOperationProgress *r;
+
+	call = &ndr_table_dssetup.calls[NDR_DSSETUP_DSROLEGETDCOPERATIONPROGRESS];
+
+	r = talloc(talloc_tos(), struct dssetup_DsRoleGetDcOperationProgress);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleGetDcOperationProgress, r);
+	}
+
+	r->out.result = _dssetup_DsRoleGetDcOperationProgress(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleGetDcOperationProgress, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_dssetup_DsRoleGetDcOperationResults(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct dssetup_DsRoleGetDcOperationResults *r;
+
+	call = &ndr_table_dssetup.calls[NDR_DSSETUP_DSROLEGETDCOPERATIONRESULTS];
+
+	r = talloc(talloc_tos(), struct dssetup_DsRoleGetDcOperationResults);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleGetDcOperationResults, r);
+	}
+
+	r->out.result = _dssetup_DsRoleGetDcOperationResults(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleGetDcOperationResults, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_dssetup_DsRoleCancel(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct dssetup_DsRoleCancel *r;
+
+	call = &ndr_table_dssetup.calls[NDR_DSSETUP_DSROLECANCEL];
+
+	r = talloc(talloc_tos(), struct dssetup_DsRoleCancel);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleCancel, r);
+	}
+
+	r->out.result = _dssetup_DsRoleCancel(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleCancel, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_dssetup_DsRoleServerSaveStateForUpgrade(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct dssetup_DsRoleServerSaveStateForUpgrade *r;
+
+	call = &ndr_table_dssetup.calls[NDR_DSSETUP_DSROLESERVERSAVESTATEFORUPGRADE];
+
+	r = talloc(talloc_tos(), struct dssetup_DsRoleServerSaveStateForUpgrade);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleServerSaveStateForUpgrade, r);
+	}
+
+	r->out.result = _dssetup_DsRoleServerSaveStateForUpgrade(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleServerSaveStateForUpgrade, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_dssetup_DsRoleUpgradeDownlevelServer(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct dssetup_DsRoleUpgradeDownlevelServer *r;
+
+	call = &ndr_table_dssetup.calls[NDR_DSSETUP_DSROLEUPGRADEDOWNLEVELSERVER];
+
+	r = talloc(talloc_tos(), struct dssetup_DsRoleUpgradeDownlevelServer);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleUpgradeDownlevelServer, r);
+	}
+
+	r->out.result = _dssetup_DsRoleUpgradeDownlevelServer(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleUpgradeDownlevelServer, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_dssetup_DsRoleAbortDownlevelServerUpgrade(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct dssetup_DsRoleAbortDownlevelServerUpgrade *r;
+
+	call = &ndr_table_dssetup.calls[NDR_DSSETUP_DSROLEABORTDOWNLEVELSERVERUPGRADE];
+
+	r = talloc(talloc_tos(), struct dssetup_DsRoleAbortDownlevelServerUpgrade);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(dssetup_DsRoleAbortDownlevelServerUpgrade, r);
+	}
+
+	r->out.result = _dssetup_DsRoleAbortDownlevelServerUpgrade(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(dssetup_DsRoleAbortDownlevelServerUpgrade, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+
+/* Tables */
+static struct api_struct api_dssetup_cmds[] = 
+{
+	{"DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION", NDR_DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION, api_dssetup_DsRoleGetPrimaryDomainInformation},
+	{"DSSETUP_DSROLEDNSNAMETOFLATNAME", NDR_DSSETUP_DSROLEDNSNAMETOFLATNAME, api_dssetup_DsRoleDnsNameToFlatName},
+	{"DSSETUP_DSROLEDCASDC", NDR_DSSETUP_DSROLEDCASDC, api_dssetup_DsRoleDcAsDc},
+	{"DSSETUP_DSROLEDCASREPLICA", NDR_DSSETUP_DSROLEDCASREPLICA, api_dssetup_DsRoleDcAsReplica},
+	{"DSSETUP_DSROLEDEMOTEDC", NDR_DSSETUP_DSROLEDEMOTEDC, api_dssetup_DsRoleDemoteDc},
+	{"DSSETUP_DSROLEGETDCOPERATIONPROGRESS", NDR_DSSETUP_DSROLEGETDCOPERATIONPROGRESS, api_dssetup_DsRoleGetDcOperationProgress},
+	{"DSSETUP_DSROLEGETDCOPERATIONRESULTS", NDR_DSSETUP_DSROLEGETDCOPERATIONRESULTS, api_dssetup_DsRoleGetDcOperationResults},
+	{"DSSETUP_DSROLECANCEL", NDR_DSSETUP_DSROLECANCEL, api_dssetup_DsRoleCancel},
+	{"DSSETUP_DSROLESERVERSAVESTATEFORUPGRADE", NDR_DSSETUP_DSROLESERVERSAVESTATEFORUPGRADE, api_dssetup_DsRoleServerSaveStateForUpgrade},
+	{"DSSETUP_DSROLEUPGRADEDOWNLEVELSERVER", NDR_DSSETUP_DSROLEUPGRADEDOWNLEVELSERVER, api_dssetup_DsRoleUpgradeDownlevelServer},
+	{"DSSETUP_DSROLEABORTDOWNLEVELSERVERUPGRADE", NDR_DSSETUP_DSROLEABORTDOWNLEVELSERVERUPGRADE, api_dssetup_DsRoleAbortDownlevelServerUpgrade},
+};
+
+void dssetup_get_pipe_fns(struct api_struct **fns, int *n_fns)
+{
+	*fns = api_dssetup_cmds;
+	*n_fns = sizeof(api_dssetup_cmds) / sizeof(struct api_struct);
+}
+
+NTSTATUS rpc_dssetup_init(void)
+{
+	return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "dssetup", "dssetup", api_dssetup_cmds, sizeof(api_dssetup_cmds) / sizeof(struct api_struct));
+}
diff --git a/source3/librpc/gen_ndr/srv_dssetup.h b/source3/librpc/gen_ndr/srv_dssetup.h
new file mode 100644
index 0000000000..3233899eac
--- /dev/null
+++ b/source3/librpc/gen_ndr/srv_dssetup.h
@@ -0,0 +1,17 @@
+#include "librpc/gen_ndr/ndr_dssetup.h"
+#ifndef __SRV_DSSETUP__
+#define __SRV_DSSETUP__
+WERROR _dssetup_DsRoleGetPrimaryDomainInformation(pipes_struct *p, struct dssetup_DsRoleGetPrimaryDomainInformation *r);
+WERROR _dssetup_DsRoleDnsNameToFlatName(pipes_struct *p, struct dssetup_DsRoleDnsNameToFlatName *r);
+WERROR _dssetup_DsRoleDcAsDc(pipes_struct *p, struct dssetup_DsRoleDcAsDc *r);
+WERROR _dssetup_DsRoleDcAsReplica(pipes_struct *p, struct dssetup_DsRoleDcAsReplica *r);
+WERROR _dssetup_DsRoleDemoteDc(pipes_struct *p, struct dssetup_DsRoleDemoteDc *r);
+WERROR _dssetup_DsRoleGetDcOperationProgress(pipes_struct *p, struct dssetup_DsRoleGetDcOperationProgress *r);
+WERROR _dssetup_DsRoleGetDcOperationResults(pipes_struct *p, struct dssetup_DsRoleGetDcOperationResults *r);
+WERROR _dssetup_DsRoleCancel(pipes_struct *p, struct dssetup_DsRoleCancel *r);
+WERROR _dssetup_DsRoleServerSaveStateForUpgrade(pipes_struct *p, struct dssetup_DsRoleServerSaveStateForUpgrade *r);
+WERROR _dssetup_DsRoleUpgradeDownlevelServer(pipes_struct *p, struct dssetup_DsRoleUpgradeDownlevelServer *r);
+WERROR _dssetup_DsRoleAbortDownlevelServerUpgrade(pipes_struct *p, struct dssetup_DsRoleAbortDownlevelServerUpgrade *r);
+void dssetup_get_pipe_fns(struct api_struct **fns, int *n_fns);
+NTSTATUS rpc_dssetup_init(void);
+#endif /* __SRV_DSSETUP__ */
diff --git a/source3/librpc/gen_ndr/srv_echo.c b/source3/librpc/gen_ndr/srv_echo.c
index de5fc9cd46..3f725049cd 100644
--- a/source3/librpc/gen_ndr/srv_echo.c
+++ b/source3/librpc/gen_ndr/srv_echo.c
@@ -17,7 +17,7 @@ static bool api_echo_AddOne(pipes_struct *p)
 
 	call = &ndr_table_rpcecho.calls[NDR_ECHO_ADDONE];
 
-	r = talloc(NULL, struct echo_AddOne);
+	r = talloc(talloc_tos(), struct echo_AddOne);
 	if (r == NULL) {
 		return false;
 	}
@@ -97,7 +97,7 @@ static bool api_echo_EchoData(pipes_struct *p)
 
 	call = &ndr_table_rpcecho.calls[NDR_ECHO_ECHODATA];
 
-	r = talloc(NULL, struct echo_EchoData);
+	r = talloc(talloc_tos(), struct echo_EchoData);
 	if (r == NULL) {
 		return false;
 	}
@@ -177,7 +177,7 @@ static bool api_echo_SinkData(pipes_struct *p)
 
 	call = &ndr_table_rpcecho.calls[NDR_ECHO_SINKDATA];
 
-	r = talloc(NULL, struct echo_SinkData);
+	r = talloc(talloc_tos(), struct echo_SinkData);
 	if (r == NULL) {
 		return false;
 	}
@@ -250,7 +250,7 @@ static bool api_echo_SourceData(pipes_struct *p)
 
 	call = &ndr_table_rpcecho.calls[NDR_ECHO_SOURCEDATA];
 
-	r = talloc(NULL, struct echo_SourceData);
+	r = talloc(talloc_tos(), struct echo_SourceData);
 	if (r == NULL) {
 		return false;
 	}
@@ -330,7 +330,7 @@ static bool api_echo_TestCall(pipes_struct *p)
 
 	call = &ndr_table_rpcecho.calls[NDR_ECHO_TESTCALL];
 
-	r = talloc(NULL, struct echo_TestCall);
+	r = talloc(talloc_tos(), struct echo_TestCall);
 	if (r == NULL) {
 		return false;
 	}
@@ -410,7 +410,7 @@ static bool api_echo_TestCall2(pipes_struct *p)
 
 	call = &ndr_table_rpcecho.calls[NDR_ECHO_TESTCALL2];
 
-	r = talloc(NULL, struct echo_TestCall2);
+	r = talloc(talloc_tos(), struct echo_TestCall2);
 	if (r == NULL) {
 		return false;
 	}
@@ -490,7 +490,7 @@ static bool api_echo_TestSleep(pipes_struct *p)
 
 	call = &ndr_table_rpcecho.calls[NDR_ECHO_TESTSLEEP];
 
-	r = talloc(NULL, struct echo_TestSleep);
+	r = talloc(talloc_tos(), struct echo_TestSleep);
 	if (r == NULL) {
 		return false;
 	}
@@ -563,7 +563,7 @@ static bool api_echo_TestEnum(pipes_struct *p)
 
 	call = &ndr_table_rpcecho.calls[NDR_ECHO_TESTENUM];
 
-	r = talloc(NULL, struct echo_TestEnum);
+	r = talloc(talloc_tos(), struct echo_TestEnum);
 	if (r == NULL) {
 		return false;
 	}
@@ -640,7 +640,7 @@ static bool api_echo_TestSurrounding(pipes_struct *p)
 
 	call = &ndr_table_rpcecho.calls[NDR_ECHO_TESTSURROUNDING];
 
-	r = talloc(NULL, struct echo_TestSurrounding);
+	r = talloc(talloc_tos(), struct echo_TestSurrounding);
 	if (r == NULL) {
 		return false;
 	}
@@ -715,7 +715,7 @@ static bool api_echo_TestDoublePointer(pipes_struct *p)
 
 	call = &ndr_table_rpcecho.calls[NDR_ECHO_TESTDOUBLEPOINTER];
 
-	r = talloc(NULL, struct echo_TestDoublePointer);
+	r = talloc(talloc_tos(), struct echo_TestDoublePointer);
 	if (r == NULL) {
 		return false;
 	}
diff --git a/source3/librpc/gen_ndr/srv_epmapper.c b/source3/librpc/gen_ndr/srv_epmapper.c
index af768d9555..e6c89a553f 100644
--- a/source3/librpc/gen_ndr/srv_epmapper.c
+++ b/source3/librpc/gen_ndr/srv_epmapper.c
@@ -17,7 +17,7 @@ static bool api_epm_Insert(pipes_struct *p)
 
 	call = &ndr_table_epmapper.calls[NDR_EPM_INSERT];
 
-	r = talloc(NULL, struct epm_Insert);
+	r = talloc(talloc_tos(), struct epm_Insert);
 	if (r == NULL) {
 		return false;
 	}
@@ -90,7 +90,7 @@ static bool api_epm_Delete(pipes_struct *p)
 
 	call = &ndr_table_epmapper.calls[NDR_EPM_DELETE];
 
-	r = talloc(NULL, struct epm_Delete);
+	r = talloc(talloc_tos(), struct epm_Delete);
 	if (r == NULL) {
 		return false;
 	}
@@ -163,7 +163,7 @@ static bool api_epm_Lookup(pipes_struct *p)
 
 	call = &ndr_table_epmapper.calls[NDR_EPM_LOOKUP];
 
-	r = talloc(NULL, struct epm_Lookup);
+	r = talloc(talloc_tos(), struct epm_Lookup);
 	if (r == NULL) {
 		return false;
 	}
@@ -250,7 +250,7 @@ static bool api_epm_Map(pipes_struct *p)
 
 	call = &ndr_table_epmapper.calls[NDR_EPM_MAP];
 
-	r = talloc(NULL, struct epm_Map);
+	r = talloc(talloc_tos(), struct epm_Map);
 	if (r == NULL) {
 		return false;
 	}
@@ -337,7 +337,7 @@ static bool api_epm_LookupHandleFree(pipes_struct *p)
 
 	call = &ndr_table_epmapper.calls[NDR_EPM_LOOKUPHANDLEFREE];
 
-	r = talloc(NULL, struct epm_LookupHandleFree);
+	r = talloc(talloc_tos(), struct epm_LookupHandleFree);
 	if (r == NULL) {
 		return false;
 	}
@@ -412,7 +412,7 @@ static bool api_epm_InqObject(pipes_struct *p)
 
 	call = &ndr_table_epmapper.calls[NDR_EPM_INQOBJECT];
 
-	r = talloc(NULL, struct epm_InqObject);
+	r = talloc(talloc_tos(), struct epm_InqObject);
 	if (r == NULL) {
 		return false;
 	}
@@ -485,7 +485,7 @@ static bool api_epm_MgmtDelete(pipes_struct *p)
 
 	call = &ndr_table_epmapper.calls[NDR_EPM_MGMTDELETE];
 
-	r = talloc(NULL, struct epm_MgmtDelete);
+	r = talloc(talloc_tos(), struct epm_MgmtDelete);
 	if (r == NULL) {
 		return false;
 	}
@@ -558,7 +558,7 @@ static bool api_epm_MapAuth(pipes_struct *p)
 
 	call = &ndr_table_epmapper.calls[NDR_EPM_MAPAUTH];
 
-	r = talloc(NULL, struct epm_MapAuth);
+	r = talloc(talloc_tos(), struct epm_MapAuth);
 	if (r == NULL) {
 		return false;
 	}
diff --git a/source3/librpc/gen_ndr/srv_eventlog.c b/source3/librpc/gen_ndr/srv_eventlog.c
index d9310a8fbb..4d0722bdd7 100644
--- a/source3/librpc/gen_ndr/srv_eventlog.c
+++ b/source3/librpc/gen_ndr/srv_eventlog.c
@@ -17,7 +17,7 @@ static bool api_eventlog_ClearEventLogW(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_CLEAREVENTLOGW];
 
-	r = talloc(NULL, struct eventlog_ClearEventLogW);
+	r = talloc(talloc_tos(), struct eventlog_ClearEventLogW);
 	if (r == NULL) {
 		return false;
 	}
@@ -90,7 +90,7 @@ static bool api_eventlog_BackupEventLogW(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_BACKUPEVENTLOGW];
 
-	r = talloc(NULL, struct eventlog_BackupEventLogW);
+	r = talloc(talloc_tos(), struct eventlog_BackupEventLogW);
 	if (r == NULL) {
 		return false;
 	}
@@ -163,7 +163,7 @@ static bool api_eventlog_CloseEventLog(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_CLOSEEVENTLOG];
 
-	r = talloc(NULL, struct eventlog_CloseEventLog);
+	r = talloc(talloc_tos(), struct eventlog_CloseEventLog);
 	if (r == NULL) {
 		return false;
 	}
@@ -238,7 +238,7 @@ static bool api_eventlog_DeregisterEventSource(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_DEREGISTEREVENTSOURCE];
 
-	r = talloc(NULL, struct eventlog_DeregisterEventSource);
+	r = talloc(talloc_tos(), struct eventlog_DeregisterEventSource);
 	if (r == NULL) {
 		return false;
 	}
@@ -311,7 +311,7 @@ static bool api_eventlog_GetNumRecords(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_GETNUMRECORDS];
 
-	r = talloc(NULL, struct eventlog_GetNumRecords);
+	r = talloc(talloc_tos(), struct eventlog_GetNumRecords);
 	if (r == NULL) {
 		return false;
 	}
@@ -391,7 +391,7 @@ static bool api_eventlog_GetOldestRecord(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_GETOLDESTRECORD];
 
-	r = talloc(NULL, struct eventlog_GetOldestRecord);
+	r = talloc(talloc_tos(), struct eventlog_GetOldestRecord);
 	if (r == NULL) {
 		return false;
 	}
@@ -418,6 +418,13 @@ static bool api_eventlog_GetOldestRecord(pipes_struct *p)
 		NDR_PRINT_IN_DEBUG(eventlog_GetOldestRecord, r);
 	}
 
+	ZERO_STRUCT(r->out);
+	r->out.oldest_entry = talloc_zero(r, uint32_t);
+	if (r->out.oldest_entry == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
 	r->out.result = _eventlog_GetOldestRecord(p, r);
 
 	if (p->rng_fault_state) {
@@ -464,7 +471,7 @@ static bool api_eventlog_ChangeNotify(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_CHANGENOTIFY];
 
-	r = talloc(NULL, struct eventlog_ChangeNotify);
+	r = talloc(talloc_tos(), struct eventlog_ChangeNotify);
 	if (r == NULL) {
 		return false;
 	}
@@ -537,7 +544,7 @@ static bool api_eventlog_OpenEventLogW(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_OPENEVENTLOGW];
 
-	r = talloc(NULL, struct eventlog_OpenEventLogW);
+	r = talloc(talloc_tos(), struct eventlog_OpenEventLogW);
 	if (r == NULL) {
 		return false;
 	}
@@ -617,7 +624,7 @@ static bool api_eventlog_RegisterEventSourceW(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_REGISTEREVENTSOURCEW];
 
-	r = talloc(NULL, struct eventlog_RegisterEventSourceW);
+	r = talloc(talloc_tos(), struct eventlog_RegisterEventSourceW);
 	if (r == NULL) {
 		return false;
 	}
@@ -690,7 +697,7 @@ static bool api_eventlog_OpenBackupEventLogW(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_OPENBACKUPEVENTLOGW];
 
-	r = talloc(NULL, struct eventlog_OpenBackupEventLogW);
+	r = talloc(talloc_tos(), struct eventlog_OpenBackupEventLogW);
 	if (r == NULL) {
 		return false;
 	}
@@ -763,7 +770,7 @@ static bool api_eventlog_ReadEventLogW(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_READEVENTLOGW];
 
-	r = talloc(NULL, struct eventlog_ReadEventLogW);
+	r = talloc(talloc_tos(), struct eventlog_ReadEventLogW);
 	if (r == NULL) {
 		return false;
 	}
@@ -855,7 +862,7 @@ static bool api_eventlog_ReportEventW(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_REPORTEVENTW];
 
-	r = talloc(NULL, struct eventlog_ReportEventW);
+	r = talloc(talloc_tos(), struct eventlog_ReportEventW);
 	if (r == NULL) {
 		return false;
 	}
@@ -928,7 +935,7 @@ static bool api_eventlog_ClearEventLogA(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_CLEAREVENTLOGA];
 
-	r = talloc(NULL, struct eventlog_ClearEventLogA);
+	r = talloc(talloc_tos(), struct eventlog_ClearEventLogA);
 	if (r == NULL) {
 		return false;
 	}
@@ -1001,7 +1008,7 @@ static bool api_eventlog_BackupEventLogA(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_BACKUPEVENTLOGA];
 
-	r = talloc(NULL, struct eventlog_BackupEventLogA);
+	r = talloc(talloc_tos(), struct eventlog_BackupEventLogA);
 	if (r == NULL) {
 		return false;
 	}
@@ -1074,7 +1081,7 @@ static bool api_eventlog_OpenEventLogA(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_OPENEVENTLOGA];
 
-	r = talloc(NULL, struct eventlog_OpenEventLogA);
+	r = talloc(talloc_tos(), struct eventlog_OpenEventLogA);
 	if (r == NULL) {
 		return false;
 	}
@@ -1147,7 +1154,7 @@ static bool api_eventlog_RegisterEventSourceA(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_REGISTEREVENTSOURCEA];
 
-	r = talloc(NULL, struct eventlog_RegisterEventSourceA);
+	r = talloc(talloc_tos(), struct eventlog_RegisterEventSourceA);
 	if (r == NULL) {
 		return false;
 	}
@@ -1220,7 +1227,7 @@ static bool api_eventlog_OpenBackupEventLogA(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_OPENBACKUPEVENTLOGA];
 
-	r = talloc(NULL, struct eventlog_OpenBackupEventLogA);
+	r = talloc(talloc_tos(), struct eventlog_OpenBackupEventLogA);
 	if (r == NULL) {
 		return false;
 	}
@@ -1293,7 +1300,7 @@ static bool api_eventlog_ReadEventLogA(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_READEVENTLOGA];
 
-	r = talloc(NULL, struct eventlog_ReadEventLogA);
+	r = talloc(talloc_tos(), struct eventlog_ReadEventLogA);
 	if (r == NULL) {
 		return false;
 	}
@@ -1366,7 +1373,7 @@ static bool api_eventlog_ReportEventA(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_REPORTEVENTA];
 
-	r = talloc(NULL, struct eventlog_ReportEventA);
+	r = talloc(talloc_tos(), struct eventlog_ReportEventA);
 	if (r == NULL) {
 		return false;
 	}
@@ -1439,7 +1446,7 @@ static bool api_eventlog_RegisterClusterSvc(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_REGISTERCLUSTERSVC];
 
-	r = talloc(NULL, struct eventlog_RegisterClusterSvc);
+	r = talloc(talloc_tos(), struct eventlog_RegisterClusterSvc);
 	if (r == NULL) {
 		return false;
 	}
@@ -1512,7 +1519,7 @@ static bool api_eventlog_DeregisterClusterSvc(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_DEREGISTERCLUSTERSVC];
 
-	r = talloc(NULL, struct eventlog_DeregisterClusterSvc);
+	r = talloc(talloc_tos(), struct eventlog_DeregisterClusterSvc);
 	if (r == NULL) {
 		return false;
 	}
@@ -1585,7 +1592,7 @@ static bool api_eventlog_WriteClusterEvents(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_WRITECLUSTEREVENTS];
 
-	r = talloc(NULL, struct eventlog_WriteClusterEvents);
+	r = talloc(talloc_tos(), struct eventlog_WriteClusterEvents);
 	if (r == NULL) {
 		return false;
 	}
@@ -1658,7 +1665,7 @@ static bool api_eventlog_GetLogIntormation(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_GETLOGINTORMATION];
 
-	r = talloc(NULL, struct eventlog_GetLogIntormation);
+	r = talloc(talloc_tos(), struct eventlog_GetLogIntormation);
 	if (r == NULL) {
 		return false;
 	}
@@ -1731,7 +1738,7 @@ static bool api_eventlog_FlushEventLog(pipes_struct *p)
 
 	call = &ndr_table_eventlog.calls[NDR_EVENTLOG_FLUSHEVENTLOG];
 
-	r = talloc(NULL, struct eventlog_FlushEventLog);
+	r = talloc(talloc_tos(), struct eventlog_FlushEventLog);
 	if (r == NULL) {
 		return false;
 	}
diff --git a/source3/librpc/gen_ndr/srv_initshutdown.c b/source3/librpc/gen_ndr/srv_initshutdown.c
index 794adea81b..f24530c1c1 100644
--- a/source3/librpc/gen_ndr/srv_initshutdown.c
+++ b/source3/librpc/gen_ndr/srv_initshutdown.c
@@ -17,7 +17,7 @@ static bool api_initshutdown_Init(pipes_struct *p)
 
 	call = &ndr_table_initshutdown.calls[NDR_INITSHUTDOWN_INIT];
 
-	r = talloc(NULL, struct initshutdown_Init);
+	r = talloc(talloc_tos(), struct initshutdown_Init);
 	if (r == NULL) {
 		return false;
 	}
@@ -90,7 +90,7 @@ static bool api_initshutdown_Abort(pipes_struct *p)
 
 	call = &ndr_table_initshutdown.calls[NDR_INITSHUTDOWN_ABORT];
 
-	r = talloc(NULL, struct initshutdown_Abort);
+	r = talloc(talloc_tos(), struct initshutdown_Abort);
 	if (r == NULL) {
 		return false;
 	}
@@ -163,7 +163,7 @@ static bool api_initshutdown_InitEx(pipes_struct *p)
 
 	call = &ndr_table_initshutdown.calls[NDR_INITSHUTDOWN_INITEX];
 
-	r = talloc(NULL, struct initshutdown_InitEx);
+	r = talloc(talloc_tos(), struct initshutdown_InitEx);
 	if (r == NULL) {
 		return false;
 	}
diff --git a/source3/librpc/gen_ndr/srv_lsa.c b/source3/librpc/gen_ndr/srv_lsa.c
index 68dc32cef5..1ce0448469 100644
--- a/source3/librpc/gen_ndr/srv_lsa.c
+++ b/source3/librpc/gen_ndr/srv_lsa.c
@@ -17,7 +17,7 @@ static bool api_lsa_Close(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_CLOSE];
 
-	r = talloc(NULL, struct lsa_Close);
+	r = talloc(talloc_tos(), struct lsa_Close);
 	if (r == NULL) {
 		return false;
 	}
@@ -92,7 +92,7 @@ static bool api_lsa_Delete(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_DELETE];
 
-	r = talloc(NULL, struct lsa_Delete);
+	r = talloc(talloc_tos(), struct lsa_Delete);
 	if (r == NULL) {
 		return false;
 	}
@@ -165,7 +165,7 @@ static bool api_lsa_EnumPrivs(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_ENUMPRIVS];
 
-	r = talloc(NULL, struct lsa_EnumPrivs);
+	r = talloc(talloc_tos(), struct lsa_EnumPrivs);
 	if (r == NULL) {
 		return false;
 	}
@@ -246,7 +246,7 @@ static bool api_lsa_QuerySecurity(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_QUERYSECURITY];
 
-	r = talloc(NULL, struct lsa_QuerySecurity);
+	r = talloc(talloc_tos(), struct lsa_QuerySecurity);
 	if (r == NULL) {
 		return false;
 	}
@@ -274,7 +274,7 @@ static bool api_lsa_QuerySecurity(pipes_struct *p)
 	}
 
 	ZERO_STRUCT(r->out);
-	r->out.sdbuf = talloc_zero(r, struct sec_desc_buf);
+	r->out.sdbuf = talloc_zero(r, struct sec_desc_buf *);
 	if (r->out.sdbuf == NULL) {
 		talloc_free(r);
 		return false;
@@ -326,7 +326,7 @@ static bool api_lsa_SetSecObj(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_SETSECOBJ];
 
-	r = talloc(NULL, struct lsa_SetSecObj);
+	r = talloc(talloc_tos(), struct lsa_SetSecObj);
 	if (r == NULL) {
 		return false;
 	}
@@ -399,7 +399,7 @@ static bool api_lsa_ChangePassword(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_CHANGEPASSWORD];
 
-	r = talloc(NULL, struct lsa_ChangePassword);
+	r = talloc(talloc_tos(), struct lsa_ChangePassword);
 	if (r == NULL) {
 		return false;
 	}
@@ -472,7 +472,7 @@ static bool api_lsa_OpenPolicy(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_OPENPOLICY];
 
-	r = talloc(NULL, struct lsa_OpenPolicy);
+	r = talloc(talloc_tos(), struct lsa_OpenPolicy);
 	if (r == NULL) {
 		return false;
 	}
@@ -552,7 +552,7 @@ static bool api_lsa_QueryInfoPolicy(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_QUERYINFOPOLICY];
 
-	r = talloc(NULL, struct lsa_QueryInfoPolicy);
+	r = talloc(talloc_tos(), struct lsa_QueryInfoPolicy);
 	if (r == NULL) {
 		return false;
 	}
@@ -580,7 +580,7 @@ static bool api_lsa_QueryInfoPolicy(pipes_struct *p)
 	}
 
 	ZERO_STRUCT(r->out);
-	r->out.info = talloc_zero(r, union lsa_PolicyInformation);
+	r->out.info = talloc_zero(r, union lsa_PolicyInformation *);
 	if (r->out.info == NULL) {
 		talloc_free(r);
 		return false;
@@ -632,7 +632,7 @@ static bool api_lsa_SetInfoPolicy(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_SETINFOPOLICY];
 
-	r = talloc(NULL, struct lsa_SetInfoPolicy);
+	r = talloc(talloc_tos(), struct lsa_SetInfoPolicy);
 	if (r == NULL) {
 		return false;
 	}
@@ -705,7 +705,7 @@ static bool api_lsa_ClearAuditLog(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_CLEARAUDITLOG];
 
-	r = talloc(NULL, struct lsa_ClearAuditLog);
+	r = talloc(talloc_tos(), struct lsa_ClearAuditLog);
 	if (r == NULL) {
 		return false;
 	}
@@ -778,7 +778,7 @@ static bool api_lsa_CreateAccount(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_CREATEACCOUNT];
 
-	r = talloc(NULL, struct lsa_CreateAccount);
+	r = talloc(talloc_tos(), struct lsa_CreateAccount);
 	if (r == NULL) {
 		return false;
 	}
@@ -858,7 +858,7 @@ static bool api_lsa_EnumAccounts(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_ENUMACCOUNTS];
 
-	r = talloc(NULL, struct lsa_EnumAccounts);
+	r = talloc(talloc_tos(), struct lsa_EnumAccounts);
 	if (r == NULL) {
 		return false;
 	}
@@ -939,7 +939,7 @@ static bool api_lsa_CreateTrustedDomain(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_CREATETRUSTEDDOMAIN];
 
-	r = talloc(NULL, struct lsa_CreateTrustedDomain);
+	r = talloc(talloc_tos(), struct lsa_CreateTrustedDomain);
 	if (r == NULL) {
 		return false;
 	}
@@ -1019,7 +1019,7 @@ static bool api_lsa_EnumTrustDom(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_ENUMTRUSTDOM];
 
-	r = talloc(NULL, struct lsa_EnumTrustDom);
+	r = talloc(talloc_tos(), struct lsa_EnumTrustDom);
 	if (r == NULL) {
 		return false;
 	}
@@ -1100,7 +1100,7 @@ static bool api_lsa_LookupNames(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_LOOKUPNAMES];
 
-	r = talloc(NULL, struct lsa_LookupNames);
+	r = talloc(talloc_tos(), struct lsa_LookupNames);
 	if (r == NULL) {
 		return false;
 	}
@@ -1128,7 +1128,7 @@ static bool api_lsa_LookupNames(pipes_struct *p)
 	}
 
 	ZERO_STRUCT(r->out);
-	r->out.domains = talloc_zero(r, struct lsa_RefDomainList);
+	r->out.domains = talloc_zero(r, struct lsa_RefDomainList *);
 	if (r->out.domains == NULL) {
 		talloc_free(r);
 		return false;
@@ -1182,7 +1182,7 @@ static bool api_lsa_LookupSids(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_LOOKUPSIDS];
 
-	r = talloc(NULL, struct lsa_LookupSids);
+	r = talloc(talloc_tos(), struct lsa_LookupSids);
 	if (r == NULL) {
 		return false;
 	}
@@ -1210,7 +1210,7 @@ static bool api_lsa_LookupSids(pipes_struct *p)
 	}
 
 	ZERO_STRUCT(r->out);
-	r->out.domains = talloc_zero(r, struct lsa_RefDomainList);
+	r->out.domains = talloc_zero(r, struct lsa_RefDomainList *);
 	if (r->out.domains == NULL) {
 		talloc_free(r);
 		return false;
@@ -1264,7 +1264,7 @@ static bool api_lsa_CreateSecret(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_CREATESECRET];
 
-	r = talloc(NULL, struct lsa_CreateSecret);
+	r = talloc(talloc_tos(), struct lsa_CreateSecret);
 	if (r == NULL) {
 		return false;
 	}
@@ -1344,7 +1344,7 @@ static bool api_lsa_OpenAccount(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_OPENACCOUNT];
 
-	r = talloc(NULL, struct lsa_OpenAccount);
+	r = talloc(talloc_tos(), struct lsa_OpenAccount);
 	if (r == NULL) {
 		return false;
 	}
@@ -1424,7 +1424,7 @@ static bool api_lsa_EnumPrivsAccount(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_ENUMPRIVSACCOUNT];
 
-	r = talloc(NULL, struct lsa_EnumPrivsAccount);
+	r = talloc(talloc_tos(), struct lsa_EnumPrivsAccount);
 	if (r == NULL) {
 		return false;
 	}
@@ -1452,7 +1452,7 @@ static bool api_lsa_EnumPrivsAccount(pipes_struct *p)
 	}
 
 	ZERO_STRUCT(r->out);
-	r->out.privs = talloc_zero(r, struct lsa_PrivilegeSet);
+	r->out.privs = talloc_zero(r, struct lsa_PrivilegeSet *);
 	if (r->out.privs == NULL) {
 		talloc_free(r);
 		return false;
@@ -1504,7 +1504,7 @@ static bool api_lsa_AddPrivilegesToAccount(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_ADDPRIVILEGESTOACCOUNT];
 
-	r = talloc(NULL, struct lsa_AddPrivilegesToAccount);
+	r = talloc(talloc_tos(), struct lsa_AddPrivilegesToAccount);
 	if (r == NULL) {
 		return false;
 	}
@@ -1577,7 +1577,7 @@ static bool api_lsa_RemovePrivilegesFromAccount(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_REMOVEPRIVILEGESFROMACCOUNT];
 
-	r = talloc(NULL, struct lsa_RemovePrivilegesFromAccount);
+	r = talloc(talloc_tos(), struct lsa_RemovePrivilegesFromAccount);
 	if (r == NULL) {
 		return false;
 	}
@@ -1650,7 +1650,7 @@ static bool api_lsa_GetQuotasForAccount(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_GETQUOTASFORACCOUNT];
 
-	r = talloc(NULL, struct lsa_GetQuotasForAccount);
+	r = talloc(talloc_tos(), struct lsa_GetQuotasForAccount);
 	if (r == NULL) {
 		return false;
 	}
@@ -1723,7 +1723,7 @@ static bool api_lsa_SetQuotasForAccount(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_SETQUOTASFORACCOUNT];
 
-	r = talloc(NULL, struct lsa_SetQuotasForAccount);
+	r = talloc(talloc_tos(), struct lsa_SetQuotasForAccount);
 	if (r == NULL) {
 		return false;
 	}
@@ -1796,7 +1796,7 @@ static bool api_lsa_GetSystemAccessAccount(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_GETSYSTEMACCESSACCOUNT];
 
-	r = talloc(NULL, struct lsa_GetSystemAccessAccount);
+	r = talloc(talloc_tos(), struct lsa_GetSystemAccessAccount);
 	if (r == NULL) {
 		return false;
 	}
@@ -1823,6 +1823,13 @@ static bool api_lsa_GetSystemAccessAccount(pipes_struct *p)
 		NDR_PRINT_IN_DEBUG(lsa_GetSystemAccessAccount, r);
 	}
 
+	ZERO_STRUCT(r->out);
+	r->out.access_mask = talloc_zero(r, uint32_t);
+	if (r->out.access_mask == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
 	r->out.result = _lsa_GetSystemAccessAccount(p, r);
 
 	if (p->rng_fault_state) {
@@ -1869,7 +1876,7 @@ static bool api_lsa_SetSystemAccessAccount(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_SETSYSTEMACCESSACCOUNT];
 
-	r = talloc(NULL, struct lsa_SetSystemAccessAccount);
+	r = talloc(talloc_tos(), struct lsa_SetSystemAccessAccount);
 	if (r == NULL) {
 		return false;
 	}
@@ -1942,7 +1949,7 @@ static bool api_lsa_OpenTrustedDomain(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_OPENTRUSTEDDOMAIN];
 
-	r = talloc(NULL, struct lsa_OpenTrustedDomain);
+	r = talloc(talloc_tos(), struct lsa_OpenTrustedDomain);
 	if (r == NULL) {
 		return false;
 	}
@@ -2022,7 +2029,7 @@ static bool api_lsa_QueryTrustedDomainInfo(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_QUERYTRUSTEDDOMAININFO];
 
-	r = talloc(NULL, struct lsa_QueryTrustedDomainInfo);
+	r = talloc(talloc_tos(), struct lsa_QueryTrustedDomainInfo);
 	if (r == NULL) {
 		return false;
 	}
@@ -2102,7 +2109,7 @@ static bool api_lsa_SetInformationTrustedDomain(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_SETINFORMATIONTRUSTEDDOMAIN];
 
-	r = talloc(NULL, struct lsa_SetInformationTrustedDomain);
+	r = talloc(talloc_tos(), struct lsa_SetInformationTrustedDomain);
 	if (r == NULL) {
 		return false;
 	}
@@ -2175,7 +2182,7 @@ static bool api_lsa_OpenSecret(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_OPENSECRET];
 
-	r = talloc(NULL, struct lsa_OpenSecret);
+	r = talloc(talloc_tos(), struct lsa_OpenSecret);
 	if (r == NULL) {
 		return false;
 	}
@@ -2255,7 +2262,7 @@ static bool api_lsa_SetSecret(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_SETSECRET];
 
-	r = talloc(NULL, struct lsa_SetSecret);
+	r = talloc(talloc_tos(), struct lsa_SetSecret);
 	if (r == NULL) {
 		return false;
 	}
@@ -2328,7 +2335,7 @@ static bool api_lsa_QuerySecret(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_QUERYSECRET];
 
-	r = talloc(NULL, struct lsa_QuerySecret);
+	r = talloc(talloc_tos(), struct lsa_QuerySecret);
 	if (r == NULL) {
 		return false;
 	}
@@ -2406,7 +2413,7 @@ static bool api_lsa_LookupPrivValue(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_LOOKUPPRIVVALUE];
 
-	r = talloc(NULL, struct lsa_LookupPrivValue);
+	r = talloc(talloc_tos(), struct lsa_LookupPrivValue);
 	if (r == NULL) {
 		return false;
 	}
@@ -2486,7 +2493,7 @@ static bool api_lsa_LookupPrivName(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_LOOKUPPRIVNAME];
 
-	r = talloc(NULL, struct lsa_LookupPrivName);
+	r = talloc(talloc_tos(), struct lsa_LookupPrivName);
 	if (r == NULL) {
 		return false;
 	}
@@ -2566,7 +2573,7 @@ static bool api_lsa_LookupPrivDisplayName(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_LOOKUPPRIVDISPLAYNAME];
 
-	r = talloc(NULL, struct lsa_LookupPrivDisplayName);
+	r = talloc(talloc_tos(), struct lsa_LookupPrivDisplayName);
 	if (r == NULL) {
 		return false;
 	}
@@ -2594,13 +2601,18 @@ static bool api_lsa_LookupPrivDisplayName(pipes_struct *p)
 	}
 
 	ZERO_STRUCT(r->out);
-	r->out.disp_name = talloc_zero(r, struct lsa_StringLarge);
+	r->out.disp_name = talloc_zero(r, struct lsa_StringLarge *);
 	if (r->out.disp_name == NULL) {
 		talloc_free(r);
 		return false;
 	}
 
-	r->out.language_id = r->in.language_id;
+	r->out.returned_language_id = talloc_zero(r, uint16_t);
+	if (r->out.returned_language_id == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
 	r->out.result = _lsa_LookupPrivDisplayName(p, r);
 
 	if (p->rng_fault_state) {
@@ -2647,7 +2659,7 @@ static bool api_lsa_DeleteObject(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_DELETEOBJECT];
 
-	r = talloc(NULL, struct lsa_DeleteObject);
+	r = talloc(talloc_tos(), struct lsa_DeleteObject);
 	if (r == NULL) {
 		return false;
 	}
@@ -2674,6 +2686,8 @@ static bool api_lsa_DeleteObject(pipes_struct *p)
 		NDR_PRINT_IN_DEBUG(lsa_DeleteObject, r);
 	}
 
+	ZERO_STRUCT(r->out);
+	r->out.handle = r->in.handle;
 	r->out.result = _lsa_DeleteObject(p, r);
 
 	if (p->rng_fault_state) {
@@ -2720,7 +2734,7 @@ static bool api_lsa_EnumAccountsWithUserRight(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_ENUMACCOUNTSWITHUSERRIGHT];
 
-	r = talloc(NULL, struct lsa_EnumAccountsWithUserRight);
+	r = talloc(talloc_tos(), struct lsa_EnumAccountsWithUserRight);
 	if (r == NULL) {
 		return false;
 	}
@@ -2800,7 +2814,7 @@ static bool api_lsa_EnumAccountRights(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_ENUMACCOUNTRIGHTS];
 
-	r = talloc(NULL, struct lsa_EnumAccountRights);
+	r = talloc(talloc_tos(), struct lsa_EnumAccountRights);
 	if (r == NULL) {
 		return false;
 	}
@@ -2880,7 +2894,7 @@ static bool api_lsa_AddAccountRights(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_ADDACCOUNTRIGHTS];
 
-	r = talloc(NULL, struct lsa_AddAccountRights);
+	r = talloc(talloc_tos(), struct lsa_AddAccountRights);
 	if (r == NULL) {
 		return false;
 	}
@@ -2953,7 +2967,7 @@ static bool api_lsa_RemoveAccountRights(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_REMOVEACCOUNTRIGHTS];
 
-	r = talloc(NULL, struct lsa_RemoveAccountRights);
+	r = talloc(talloc_tos(), struct lsa_RemoveAccountRights);
 	if (r == NULL) {
 		return false;
 	}
@@ -3026,7 +3040,7 @@ static bool api_lsa_QueryTrustedDomainInfoBySid(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_QUERYTRUSTEDDOMAININFOBYSID];
 
-	r = talloc(NULL, struct lsa_QueryTrustedDomainInfoBySid);
+	r = talloc(talloc_tos(), struct lsa_QueryTrustedDomainInfoBySid);
 	if (r == NULL) {
 		return false;
 	}
@@ -3106,7 +3120,7 @@ static bool api_lsa_SetTrustedDomainInfo(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_SETTRUSTEDDOMAININFO];
 
-	r = talloc(NULL, struct lsa_SetTrustedDomainInfo);
+	r = talloc(talloc_tos(), struct lsa_SetTrustedDomainInfo);
 	if (r == NULL) {
 		return false;
 	}
@@ -3179,7 +3193,7 @@ static bool api_lsa_DeleteTrustedDomain(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_DELETETRUSTEDDOMAIN];
 
-	r = talloc(NULL, struct lsa_DeleteTrustedDomain);
+	r = talloc(talloc_tos(), struct lsa_DeleteTrustedDomain);
 	if (r == NULL) {
 		return false;
 	}
@@ -3252,7 +3266,7 @@ static bool api_lsa_StorePrivateData(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_STOREPRIVATEDATA];
 
-	r = talloc(NULL, struct lsa_StorePrivateData);
+	r = talloc(talloc_tos(), struct lsa_StorePrivateData);
 	if (r == NULL) {
 		return false;
 	}
@@ -3325,7 +3339,7 @@ static bool api_lsa_RetrievePrivateData(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_RETRIEVEPRIVATEDATA];
 
-	r = talloc(NULL, struct lsa_RetrievePrivateData);
+	r = talloc(talloc_tos(), struct lsa_RetrievePrivateData);
 	if (r == NULL) {
 		return false;
 	}
@@ -3398,7 +3412,7 @@ static bool api_lsa_OpenPolicy2(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_OPENPOLICY2];
 
-	r = talloc(NULL, struct lsa_OpenPolicy2);
+	r = talloc(talloc_tos(), struct lsa_OpenPolicy2);
 	if (r == NULL) {
 		return false;
 	}
@@ -3478,7 +3492,7 @@ static bool api_lsa_GetUserName(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_GETUSERNAME];
 
-	r = talloc(NULL, struct lsa_GetUserName);
+	r = talloc(talloc_tos(), struct lsa_GetUserName);
 	if (r == NULL) {
 		return false;
 	}
@@ -3554,7 +3568,7 @@ static bool api_lsa_QueryInfoPolicy2(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_QUERYINFOPOLICY2];
 
-	r = talloc(NULL, struct lsa_QueryInfoPolicy2);
+	r = talloc(talloc_tos(), struct lsa_QueryInfoPolicy2);
 	if (r == NULL) {
 		return false;
 	}
@@ -3582,7 +3596,7 @@ static bool api_lsa_QueryInfoPolicy2(pipes_struct *p)
 	}
 
 	ZERO_STRUCT(r->out);
-	r->out.info = talloc_zero(r, union lsa_PolicyInformation);
+	r->out.info = talloc_zero(r, union lsa_PolicyInformation *);
 	if (r->out.info == NULL) {
 		talloc_free(r);
 		return false;
@@ -3634,7 +3648,7 @@ static bool api_lsa_SetInfoPolicy2(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_SETINFOPOLICY2];
 
-	r = talloc(NULL, struct lsa_SetInfoPolicy2);
+	r = talloc(talloc_tos(), struct lsa_SetInfoPolicy2);
 	if (r == NULL) {
 		return false;
 	}
@@ -3707,7 +3721,7 @@ static bool api_lsa_QueryTrustedDomainInfoByName(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_QUERYTRUSTEDDOMAININFOBYNAME];
 
-	r = talloc(NULL, struct lsa_QueryTrustedDomainInfoByName);
+	r = talloc(talloc_tos(), struct lsa_QueryTrustedDomainInfoByName);
 	if (r == NULL) {
 		return false;
 	}
@@ -3787,7 +3801,7 @@ static bool api_lsa_SetTrustedDomainInfoByName(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_SETTRUSTEDDOMAININFOBYNAME];
 
-	r = talloc(NULL, struct lsa_SetTrustedDomainInfoByName);
+	r = talloc(talloc_tos(), struct lsa_SetTrustedDomainInfoByName);
 	if (r == NULL) {
 		return false;
 	}
@@ -3860,7 +3874,7 @@ static bool api_lsa_EnumTrustedDomainsEx(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_ENUMTRUSTEDDOMAINSEX];
 
-	r = talloc(NULL, struct lsa_EnumTrustedDomainsEx);
+	r = talloc(talloc_tos(), struct lsa_EnumTrustedDomainsEx);
 	if (r == NULL) {
 		return false;
 	}
@@ -3941,7 +3955,7 @@ static bool api_lsa_CreateTrustedDomainEx(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_CREATETRUSTEDDOMAINEX];
 
-	r = talloc(NULL, struct lsa_CreateTrustedDomainEx);
+	r = talloc(talloc_tos(), struct lsa_CreateTrustedDomainEx);
 	if (r == NULL) {
 		return false;
 	}
@@ -4014,7 +4028,7 @@ static bool api_lsa_CloseTrustedDomainEx(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_CLOSETRUSTEDDOMAINEX];
 
-	r = talloc(NULL, struct lsa_CloseTrustedDomainEx);
+	r = talloc(talloc_tos(), struct lsa_CloseTrustedDomainEx);
 	if (r == NULL) {
 		return false;
 	}
@@ -4089,7 +4103,7 @@ static bool api_lsa_QueryDomainInformationPolicy(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_QUERYDOMAININFORMATIONPOLICY];
 
-	r = talloc(NULL, struct lsa_QueryDomainInformationPolicy);
+	r = talloc(talloc_tos(), struct lsa_QueryDomainInformationPolicy);
 	if (r == NULL) {
 		return false;
 	}
@@ -4169,7 +4183,7 @@ static bool api_lsa_SetDomainInformationPolicy(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_SETDOMAININFORMATIONPOLICY];
 
-	r = talloc(NULL, struct lsa_SetDomainInformationPolicy);
+	r = talloc(talloc_tos(), struct lsa_SetDomainInformationPolicy);
 	if (r == NULL) {
 		return false;
 	}
@@ -4242,7 +4256,7 @@ static bool api_lsa_OpenTrustedDomainByName(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_OPENTRUSTEDDOMAINBYNAME];
 
-	r = talloc(NULL, struct lsa_OpenTrustedDomainByName);
+	r = talloc(talloc_tos(), struct lsa_OpenTrustedDomainByName);
 	if (r == NULL) {
 		return false;
 	}
@@ -4322,7 +4336,7 @@ static bool api_lsa_TestCall(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_TESTCALL];
 
-	r = talloc(NULL, struct lsa_TestCall);
+	r = talloc(talloc_tos(), struct lsa_TestCall);
 	if (r == NULL) {
 		return false;
 	}
@@ -4395,7 +4409,7 @@ static bool api_lsa_LookupSids2(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_LOOKUPSIDS2];
 
-	r = talloc(NULL, struct lsa_LookupSids2);
+	r = talloc(talloc_tos(), struct lsa_LookupSids2);
 	if (r == NULL) {
 		return false;
 	}
@@ -4423,7 +4437,7 @@ static bool api_lsa_LookupSids2(pipes_struct *p)
 	}
 
 	ZERO_STRUCT(r->out);
-	r->out.domains = talloc_zero(r, struct lsa_RefDomainList);
+	r->out.domains = talloc_zero(r, struct lsa_RefDomainList *);
 	if (r->out.domains == NULL) {
 		talloc_free(r);
 		return false;
@@ -4477,7 +4491,7 @@ static bool api_lsa_LookupNames2(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_LOOKUPNAMES2];
 
-	r = talloc(NULL, struct lsa_LookupNames2);
+	r = talloc(talloc_tos(), struct lsa_LookupNames2);
 	if (r == NULL) {
 		return false;
 	}
@@ -4505,7 +4519,7 @@ static bool api_lsa_LookupNames2(pipes_struct *p)
 	}
 
 	ZERO_STRUCT(r->out);
-	r->out.domains = talloc_zero(r, struct lsa_RefDomainList);
+	r->out.domains = talloc_zero(r, struct lsa_RefDomainList *);
 	if (r->out.domains == NULL) {
 		talloc_free(r);
 		return false;
@@ -4559,7 +4573,7 @@ static bool api_lsa_CreateTrustedDomainEx2(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_CREATETRUSTEDDOMAINEX2];
 
-	r = talloc(NULL, struct lsa_CreateTrustedDomainEx2);
+	r = talloc(talloc_tos(), struct lsa_CreateTrustedDomainEx2);
 	if (r == NULL) {
 		return false;
 	}
@@ -4632,7 +4646,7 @@ static bool api_lsa_CREDRWRITE(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_CREDRWRITE];
 
-	r = talloc(NULL, struct lsa_CREDRWRITE);
+	r = talloc(talloc_tos(), struct lsa_CREDRWRITE);
 	if (r == NULL) {
 		return false;
 	}
@@ -4705,7 +4719,7 @@ static bool api_lsa_CREDRREAD(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_CREDRREAD];
 
-	r = talloc(NULL, struct lsa_CREDRREAD);
+	r = talloc(talloc_tos(), struct lsa_CREDRREAD);
 	if (r == NULL) {
 		return false;
 	}
@@ -4778,7 +4792,7 @@ static bool api_lsa_CREDRENUMERATE(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_CREDRENUMERATE];
 
-	r = talloc(NULL, struct lsa_CREDRENUMERATE);
+	r = talloc(talloc_tos(), struct lsa_CREDRENUMERATE);
 	if (r == NULL) {
 		return false;
 	}
@@ -4851,7 +4865,7 @@ static bool api_lsa_CREDRWRITEDOMAINCREDENTIALS(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_CREDRWRITEDOMAINCREDENTIALS];
 
-	r = talloc(NULL, struct lsa_CREDRWRITEDOMAINCREDENTIALS);
+	r = talloc(talloc_tos(), struct lsa_CREDRWRITEDOMAINCREDENTIALS);
 	if (r == NULL) {
 		return false;
 	}
@@ -4924,7 +4938,7 @@ static bool api_lsa_CREDRREADDOMAINCREDENTIALS(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_CREDRREADDOMAINCREDENTIALS];
 
-	r = talloc(NULL, struct lsa_CREDRREADDOMAINCREDENTIALS);
+	r = talloc(talloc_tos(), struct lsa_CREDRREADDOMAINCREDENTIALS);
 	if (r == NULL) {
 		return false;
 	}
@@ -4997,7 +5011,7 @@ static bool api_lsa_CREDRDELETE(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_CREDRDELETE];
 
-	r = talloc(NULL, struct lsa_CREDRDELETE);
+	r = talloc(talloc_tos(), struct lsa_CREDRDELETE);
 	if (r == NULL) {
 		return false;
 	}
@@ -5070,7 +5084,7 @@ static bool api_lsa_CREDRGETTARGETINFO(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_CREDRGETTARGETINFO];
 
-	r = talloc(NULL, struct lsa_CREDRGETTARGETINFO);
+	r = talloc(talloc_tos(), struct lsa_CREDRGETTARGETINFO);
 	if (r == NULL) {
 		return false;
 	}
@@ -5143,7 +5157,7 @@ static bool api_lsa_CREDRPROFILELOADED(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_CREDRPROFILELOADED];
 
-	r = talloc(NULL, struct lsa_CREDRPROFILELOADED);
+	r = talloc(talloc_tos(), struct lsa_CREDRPROFILELOADED);
 	if (r == NULL) {
 		return false;
 	}
@@ -5216,7 +5230,7 @@ static bool api_lsa_LookupNames3(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_LOOKUPNAMES3];
 
-	r = talloc(NULL, struct lsa_LookupNames3);
+	r = talloc(talloc_tos(), struct lsa_LookupNames3);
 	if (r == NULL) {
 		return false;
 	}
@@ -5244,7 +5258,7 @@ static bool api_lsa_LookupNames3(pipes_struct *p)
 	}
 
 	ZERO_STRUCT(r->out);
-	r->out.domains = talloc_zero(r, struct lsa_RefDomainList);
+	r->out.domains = talloc_zero(r, struct lsa_RefDomainList *);
 	if (r->out.domains == NULL) {
 		talloc_free(r);
 		return false;
@@ -5298,7 +5312,7 @@ static bool api_lsa_CREDRGETSESSIONTYPES(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_CREDRGETSESSIONTYPES];
 
-	r = talloc(NULL, struct lsa_CREDRGETSESSIONTYPES);
+	r = talloc(talloc_tos(), struct lsa_CREDRGETSESSIONTYPES);
 	if (r == NULL) {
 		return false;
 	}
@@ -5371,7 +5385,7 @@ static bool api_lsa_LSARREGISTERAUDITEVENT(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_LSARREGISTERAUDITEVENT];
 
-	r = talloc(NULL, struct lsa_LSARREGISTERAUDITEVENT);
+	r = talloc(talloc_tos(), struct lsa_LSARREGISTERAUDITEVENT);
 	if (r == NULL) {
 		return false;
 	}
@@ -5444,7 +5458,7 @@ static bool api_lsa_LSARGENAUDITEVENT(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_LSARGENAUDITEVENT];
 
-	r = talloc(NULL, struct lsa_LSARGENAUDITEVENT);
+	r = talloc(talloc_tos(), struct lsa_LSARGENAUDITEVENT);
 	if (r == NULL) {
 		return false;
 	}
@@ -5517,7 +5531,7 @@ static bool api_lsa_LSARUNREGISTERAUDITEVENT(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_LSARUNREGISTERAUDITEVENT];
 
-	r = talloc(NULL, struct lsa_LSARUNREGISTERAUDITEVENT);
+	r = talloc(talloc_tos(), struct lsa_LSARUNREGISTERAUDITEVENT);
 	if (r == NULL) {
 		return false;
 	}
@@ -5579,18 +5593,18 @@ static bool api_lsa_LSARUNREGISTERAUDITEVENT(pipes_struct *p)
 	return true;
 }
 
-static bool api_lsa_LSARQUERYFORESTTRUSTINFORMATION(pipes_struct *p)
+static bool api_lsa_lsaRQueryForestTrustInformation(pipes_struct *p)
 {
 	const struct ndr_interface_call *call;
 	struct ndr_pull *pull;
 	struct ndr_push *push;
 	enum ndr_err_code ndr_err;
 	DATA_BLOB blob;
-	struct lsa_LSARQUERYFORESTTRUSTINFORMATION *r;
+	struct lsa_lsaRQueryForestTrustInformation *r;
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_LSARQUERYFORESTTRUSTINFORMATION];
 
-	r = talloc(NULL, struct lsa_LSARQUERYFORESTTRUSTINFORMATION);
+	r = talloc(talloc_tos(), struct lsa_lsaRQueryForestTrustInformation);
 	if (r == NULL) {
 		return false;
 	}
@@ -5614,10 +5628,17 @@ static bool api_lsa_LSARQUERYFORESTTRUSTINFORMATION(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(lsa_LSARQUERYFORESTTRUSTINFORMATION, r);
+		NDR_PRINT_IN_DEBUG(lsa_lsaRQueryForestTrustInformation, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.forest_trust_info = talloc_zero(r, struct lsa_ForestTrustInformation *);
+	if (r->out.forest_trust_info == NULL) {
+		talloc_free(r);
+		return false;
 	}
 
-	r->out.result = _lsa_LSARQUERYFORESTTRUSTINFORMATION(p, r);
+	r->out.result = _lsa_lsaRQueryForestTrustInformation(p, r);
 
 	if (p->rng_fault_state) {
 		talloc_free(r);
@@ -5626,7 +5647,7 @@ static bool api_lsa_LSARQUERYFORESTTRUSTINFORMATION(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(lsa_LSARQUERYFORESTTRUSTINFORMATION, r);
+		NDR_PRINT_OUT_DEBUG(lsa_lsaRQueryForestTrustInformation, r);
 	}
 
 	push = ndr_push_init_ctx(r);
@@ -5663,7 +5684,7 @@ static bool api_lsa_LSARSETFORESTTRUSTINFORMATION(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_LSARSETFORESTTRUSTINFORMATION];
 
-	r = talloc(NULL, struct lsa_LSARSETFORESTTRUSTINFORMATION);
+	r = talloc(talloc_tos(), struct lsa_LSARSETFORESTTRUSTINFORMATION);
 	if (r == NULL) {
 		return false;
 	}
@@ -5736,7 +5757,7 @@ static bool api_lsa_CREDRRENAME(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_CREDRRENAME];
 
-	r = talloc(NULL, struct lsa_CREDRRENAME);
+	r = talloc(talloc_tos(), struct lsa_CREDRRENAME);
 	if (r == NULL) {
 		return false;
 	}
@@ -5809,7 +5830,7 @@ static bool api_lsa_LookupSids3(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_LOOKUPSIDS3];
 
-	r = talloc(NULL, struct lsa_LookupSids3);
+	r = talloc(talloc_tos(), struct lsa_LookupSids3);
 	if (r == NULL) {
 		return false;
 	}
@@ -5837,7 +5858,7 @@ static bool api_lsa_LookupSids3(pipes_struct *p)
 	}
 
 	ZERO_STRUCT(r->out);
-	r->out.domains = talloc_zero(r, struct lsa_RefDomainList);
+	r->out.domains = talloc_zero(r, struct lsa_RefDomainList *);
 	if (r->out.domains == NULL) {
 		talloc_free(r);
 		return false;
@@ -5891,7 +5912,7 @@ static bool api_lsa_LookupNames4(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_LOOKUPNAMES4];
 
-	r = talloc(NULL, struct lsa_LookupNames4);
+	r = talloc(talloc_tos(), struct lsa_LookupNames4);
 	if (r == NULL) {
 		return false;
 	}
@@ -5919,7 +5940,7 @@ static bool api_lsa_LookupNames4(pipes_struct *p)
 	}
 
 	ZERO_STRUCT(r->out);
-	r->out.domains = talloc_zero(r, struct lsa_RefDomainList);
+	r->out.domains = talloc_zero(r, struct lsa_RefDomainList *);
 	if (r->out.domains == NULL) {
 		talloc_free(r);
 		return false;
@@ -5973,7 +5994,7 @@ static bool api_lsa_LSAROPENPOLICYSCE(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_LSAROPENPOLICYSCE];
 
-	r = talloc(NULL, struct lsa_LSAROPENPOLICYSCE);
+	r = talloc(talloc_tos(), struct lsa_LSAROPENPOLICYSCE);
 	if (r == NULL) {
 		return false;
 	}
@@ -6046,7 +6067,7 @@ static bool api_lsa_LSARADTREGISTERSECURITYEVENTSOURCE(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_LSARADTREGISTERSECURITYEVENTSOURCE];
 
-	r = talloc(NULL, struct lsa_LSARADTREGISTERSECURITYEVENTSOURCE);
+	r = talloc(talloc_tos(), struct lsa_LSARADTREGISTERSECURITYEVENTSOURCE);
 	if (r == NULL) {
 		return false;
 	}
@@ -6119,7 +6140,7 @@ static bool api_lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_LSARADTUNREGISTERSECURITYEVENTSOURCE];
 
-	r = talloc(NULL, struct lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE);
+	r = talloc(talloc_tos(), struct lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE);
 	if (r == NULL) {
 		return false;
 	}
@@ -6192,7 +6213,7 @@ static bool api_lsa_LSARADTREPORTSECURITYEVENT(pipes_struct *p)
 
 	call = &ndr_table_lsarpc.calls[NDR_LSA_LSARADTREPORTSECURITYEVENT];
 
-	r = talloc(NULL, struct lsa_LSARADTREPORTSECURITYEVENT);
+	r = talloc(talloc_tos(), struct lsa_LSARADTREPORTSECURITYEVENT);
 	if (r == NULL) {
 		return false;
 	}
@@ -6331,7 +6352,7 @@ static struct api_struct api_lsarpc_cmds[] =
 	{"LSA_LSARREGISTERAUDITEVENT", NDR_LSA_LSARREGISTERAUDITEVENT, api_lsa_LSARREGISTERAUDITEVENT},
 	{"LSA_LSARGENAUDITEVENT", NDR_LSA_LSARGENAUDITEVENT, api_lsa_LSARGENAUDITEVENT},
 	{"LSA_LSARUNREGISTERAUDITEVENT", NDR_LSA_LSARUNREGISTERAUDITEVENT, api_lsa_LSARUNREGISTERAUDITEVENT},
-	{"LSA_LSARQUERYFORESTTRUSTINFORMATION", NDR_LSA_LSARQUERYFORESTTRUSTINFORMATION, api_lsa_LSARQUERYFORESTTRUSTINFORMATION},
+	{"LSA_LSARQUERYFORESTTRUSTINFORMATION", NDR_LSA_LSARQUERYFORESTTRUSTINFORMATION, api_lsa_lsaRQueryForestTrustInformation},
 	{"LSA_LSARSETFORESTTRUSTINFORMATION", NDR_LSA_LSARSETFORESTTRUSTINFORMATION, api_lsa_LSARSETFORESTTRUSTINFORMATION},
 	{"LSA_CREDRRENAME", NDR_LSA_CREDRRENAME, api_lsa_CREDRRENAME},
 	{"LSA_LOOKUPSIDS3", NDR_LSA_LOOKUPSIDS3, api_lsa_LookupSids3},
diff --git a/source3/librpc/gen_ndr/srv_lsa.h b/source3/librpc/gen_ndr/srv_lsa.h
index e3decb2862..223ee5e970 100644
--- a/source3/librpc/gen_ndr/srv_lsa.h
+++ b/source3/librpc/gen_ndr/srv_lsa.h
@@ -74,7 +74,7 @@ NTSTATUS _lsa_CREDRGETSESSIONTYPES(pipes_struct *p, struct lsa_CREDRGETSESSIONTY
 NTSTATUS _lsa_LSARREGISTERAUDITEVENT(pipes_struct *p, struct lsa_LSARREGISTERAUDITEVENT *r);
 NTSTATUS _lsa_LSARGENAUDITEVENT(pipes_struct *p, struct lsa_LSARGENAUDITEVENT *r);
 NTSTATUS _lsa_LSARUNREGISTERAUDITEVENT(pipes_struct *p, struct lsa_LSARUNREGISTERAUDITEVENT *r);
-NTSTATUS _lsa_LSARQUERYFORESTTRUSTINFORMATION(pipes_struct *p, struct lsa_LSARQUERYFORESTTRUSTINFORMATION *r);
+NTSTATUS _lsa_lsaRQueryForestTrustInformation(pipes_struct *p, struct lsa_lsaRQueryForestTrustInformation *r);
 NTSTATUS _lsa_LSARSETFORESTTRUSTINFORMATION(pipes_struct *p, struct lsa_LSARSETFORESTTRUSTINFORMATION *r);
 NTSTATUS _lsa_CREDRRENAME(pipes_struct *p, struct lsa_CREDRRENAME *r);
 NTSTATUS _lsa_LookupSids3(pipes_struct *p, struct lsa_LookupSids3 *r);
diff --git a/source3/librpc/gen_ndr/srv_netlogon.c b/source3/librpc/gen_ndr/srv_netlogon.c
index 163de46ca8..67876f11ef 100644
--- a/source3/librpc/gen_ndr/srv_netlogon.c
+++ b/source3/librpc/gen_ndr/srv_netlogon.c
@@ -17,7 +17,7 @@ static bool api_netr_LogonUasLogon(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_LOGONUASLOGON];
 
-	r = talloc(NULL, struct netr_LogonUasLogon);
+	r = talloc(talloc_tos(), struct netr_LogonUasLogon);
 	if (r == NULL) {
 		return false;
 	}
@@ -97,7 +97,7 @@ static bool api_netr_LogonUasLogoff(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_LOGONUASLOGOFF];
 
-	r = talloc(NULL, struct netr_LogonUasLogoff);
+	r = talloc(talloc_tos(), struct netr_LogonUasLogoff);
 	if (r == NULL) {
 		return false;
 	}
@@ -177,7 +177,7 @@ static bool api_netr_LogonSamLogon(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_LOGONSAMLOGON];
 
-	r = talloc(NULL, struct netr_LogonSamLogon);
+	r = talloc(talloc_tos(), struct netr_LogonSamLogon);
 	if (r == NULL) {
 		return false;
 	}
@@ -264,7 +264,7 @@ static bool api_netr_LogonSamLogoff(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_LOGONSAMLOGOFF];
 
-	r = talloc(NULL, struct netr_LogonSamLogoff);
+	r = talloc(talloc_tos(), struct netr_LogonSamLogoff);
 	if (r == NULL) {
 		return false;
 	}
@@ -339,7 +339,7 @@ static bool api_netr_ServerReqChallenge(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_SERVERREQCHALLENGE];
 
-	r = talloc(NULL, struct netr_ServerReqChallenge);
+	r = talloc(talloc_tos(), struct netr_ServerReqChallenge);
 	if (r == NULL) {
 		return false;
 	}
@@ -367,7 +367,12 @@ static bool api_netr_ServerReqChallenge(pipes_struct *p)
 	}
 
 	ZERO_STRUCT(r->out);
-	r->out.credentials = r->in.credentials;
+	r->out.return_credentials = talloc_zero(r, struct netr_Credential);
+	if (r->out.return_credentials == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
 	r->out.result = _netr_ServerReqChallenge(p, r);
 
 	if (p->rng_fault_state) {
@@ -414,7 +419,7 @@ static bool api_netr_ServerAuthenticate(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_SERVERAUTHENTICATE];
 
-	r = talloc(NULL, struct netr_ServerAuthenticate);
+	r = talloc(talloc_tos(), struct netr_ServerAuthenticate);
 	if (r == NULL) {
 		return false;
 	}
@@ -442,7 +447,12 @@ static bool api_netr_ServerAuthenticate(pipes_struct *p)
 	}
 
 	ZERO_STRUCT(r->out);
-	r->out.credentials = r->in.credentials;
+	r->out.return_credentials = talloc_zero(r, struct netr_Credential);
+	if (r->out.return_credentials == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
 	r->out.result = _netr_ServerAuthenticate(p, r);
 
 	if (p->rng_fault_state) {
@@ -489,7 +499,7 @@ static bool api_netr_ServerPasswordSet(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_SERVERPASSWORDSET];
 
-	r = talloc(NULL, struct netr_ServerPasswordSet);
+	r = talloc(talloc_tos(), struct netr_ServerPasswordSet);
 	if (r == NULL) {
 		return false;
 	}
@@ -569,7 +579,7 @@ static bool api_netr_DatabaseDeltas(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_DATABASEDELTAS];
 
-	r = talloc(NULL, struct netr_DatabaseDeltas);
+	r = talloc(talloc_tos(), struct netr_DatabaseDeltas);
 	if (r == NULL) {
 		return false;
 	}
@@ -599,7 +609,7 @@ static bool api_netr_DatabaseDeltas(pipes_struct *p)
 	ZERO_STRUCT(r->out);
 	r->out.return_authenticator = r->in.return_authenticator;
 	r->out.sequence_num = r->in.sequence_num;
-	r->out.delta_enum_array = talloc_zero(r, struct netr_DELTA_ENUM_ARRAY);
+	r->out.delta_enum_array = talloc_zero(r, struct netr_DELTA_ENUM_ARRAY *);
 	if (r->out.delta_enum_array == NULL) {
 		talloc_free(r);
 		return false;
@@ -651,7 +661,7 @@ static bool api_netr_DatabaseSync(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_DATABASESYNC];
 
-	r = talloc(NULL, struct netr_DatabaseSync);
+	r = talloc(talloc_tos(), struct netr_DatabaseSync);
 	if (r == NULL) {
 		return false;
 	}
@@ -733,7 +743,7 @@ static bool api_netr_AccountDeltas(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_ACCOUNTDELTAS];
 
-	r = talloc(NULL, struct netr_AccountDeltas);
+	r = talloc(talloc_tos(), struct netr_AccountDeltas);
 	if (r == NULL) {
 		return false;
 	}
@@ -832,7 +842,7 @@ static bool api_netr_AccountSync(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_ACCOUNTSYNC];
 
-	r = talloc(NULL, struct netr_AccountSync);
+	r = talloc(talloc_tos(), struct netr_AccountSync);
 	if (r == NULL) {
 		return false;
 	}
@@ -932,7 +942,7 @@ static bool api_netr_GetDcName(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_GETDCNAME];
 
-	r = talloc(NULL, struct netr_GetDcName);
+	r = talloc(talloc_tos(), struct netr_GetDcName);
 	if (r == NULL) {
 		return false;
 	}
@@ -1012,7 +1022,7 @@ static bool api_netr_LogonControl(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_LOGONCONTROL];
 
-	r = talloc(NULL, struct netr_LogonControl);
+	r = talloc(talloc_tos(), struct netr_LogonControl);
 	if (r == NULL) {
 		return false;
 	}
@@ -1092,7 +1102,7 @@ static bool api_netr_GetAnyDCName(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_GETANYDCNAME];
 
-	r = talloc(NULL, struct netr_GetAnyDCName);
+	r = talloc(talloc_tos(), struct netr_GetAnyDCName);
 	if (r == NULL) {
 		return false;
 	}
@@ -1172,7 +1182,7 @@ static bool api_netr_LogonControl2(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_LOGONCONTROL2];
 
-	r = talloc(NULL, struct netr_LogonControl2);
+	r = talloc(talloc_tos(), struct netr_LogonControl2);
 	if (r == NULL) {
 		return false;
 	}
@@ -1252,7 +1262,7 @@ static bool api_netr_ServerAuthenticate2(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_SERVERAUTHENTICATE2];
 
-	r = talloc(NULL, struct netr_ServerAuthenticate2);
+	r = talloc(talloc_tos(), struct netr_ServerAuthenticate2);
 	if (r == NULL) {
 		return false;
 	}
@@ -1280,7 +1290,12 @@ static bool api_netr_ServerAuthenticate2(pipes_struct *p)
 	}
 
 	ZERO_STRUCT(r->out);
-	r->out.credentials = r->in.credentials;
+	r->out.return_credentials = talloc_zero(r, struct netr_Credential);
+	if (r->out.return_credentials == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
 	r->out.negotiate_flags = r->in.negotiate_flags;
 	r->out.result = _netr_ServerAuthenticate2(p, r);
 
@@ -1328,7 +1343,7 @@ static bool api_netr_DatabaseSync2(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_DATABASESYNC2];
 
-	r = talloc(NULL, struct netr_DatabaseSync2);
+	r = talloc(talloc_tos(), struct netr_DatabaseSync2);
 	if (r == NULL) {
 		return false;
 	}
@@ -1358,7 +1373,7 @@ static bool api_netr_DatabaseSync2(pipes_struct *p)
 	ZERO_STRUCT(r->out);
 	r->out.return_authenticator = r->in.return_authenticator;
 	r->out.sync_context = r->in.sync_context;
-	r->out.delta_enum_array = talloc_zero(r, struct netr_DELTA_ENUM_ARRAY);
+	r->out.delta_enum_array = talloc_zero(r, struct netr_DELTA_ENUM_ARRAY *);
 	if (r->out.delta_enum_array == NULL) {
 		talloc_free(r);
 		return false;
@@ -1410,7 +1425,7 @@ static bool api_netr_DatabaseRedo(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_DATABASEREDO];
 
-	r = talloc(NULL, struct netr_DatabaseRedo);
+	r = talloc(talloc_tos(), struct netr_DatabaseRedo);
 	if (r == NULL) {
 		return false;
 	}
@@ -1491,7 +1506,7 @@ static bool api_netr_LogonControl2Ex(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_LOGONCONTROL2EX];
 
-	r = talloc(NULL, struct netr_LogonControl2Ex);
+	r = talloc(talloc_tos(), struct netr_LogonControl2Ex);
 	if (r == NULL) {
 		return false;
 	}
@@ -1560,18 +1575,18 @@ static bool api_netr_LogonControl2Ex(pipes_struct *p)
 	return true;
 }
 
-static bool api_netr_NETRENUMERATETRUSTEDDOMAINS(pipes_struct *p)
+static bool api_netr_NetrEnumerateTrustedDomains(pipes_struct *p)
 {
 	const struct ndr_interface_call *call;
 	struct ndr_pull *pull;
 	struct ndr_push *push;
 	enum ndr_err_code ndr_err;
 	DATA_BLOB blob;
-	struct netr_NETRENUMERATETRUSTEDDOMAINS *r;
+	struct netr_NetrEnumerateTrustedDomains *r;
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_NETRENUMERATETRUSTEDDOMAINS];
 
-	r = talloc(NULL, struct netr_NETRENUMERATETRUSTEDDOMAINS);
+	r = talloc(talloc_tos(), struct netr_NetrEnumerateTrustedDomains);
 	if (r == NULL) {
 		return false;
 	}
@@ -1595,10 +1610,17 @@ static bool api_netr_NETRENUMERATETRUSTEDDOMAINS(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_NETRENUMERATETRUSTEDDOMAINS, r);
+		NDR_PRINT_IN_DEBUG(netr_NetrEnumerateTrustedDomains, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.trusted_domains_blob = talloc_zero(r, struct netr_Blob);
+	if (r->out.trusted_domains_blob == NULL) {
+		talloc_free(r);
+		return false;
 	}
 
-	r->out.result = _netr_NETRENUMERATETRUSTEDDOMAINS(p, r);
+	r->out.result = _netr_NetrEnumerateTrustedDomains(p, r);
 
 	if (p->rng_fault_state) {
 		talloc_free(r);
@@ -1607,7 +1629,7 @@ static bool api_netr_NETRENUMERATETRUSTEDDOMAINS(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_NETRENUMERATETRUSTEDDOMAINS, r);
+		NDR_PRINT_OUT_DEBUG(netr_NetrEnumerateTrustedDomains, r);
 	}
 
 	push = ndr_push_init_ctx(r);
@@ -1644,7 +1666,7 @@ static bool api_netr_DsRGetDCName(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_DSRGETDCNAME];
 
-	r = talloc(NULL, struct netr_DsRGetDCName);
+	r = talloc(talloc_tos(), struct netr_DsRGetDCName);
 	if (r == NULL) {
 		return false;
 	}
@@ -1672,7 +1694,7 @@ static bool api_netr_DsRGetDCName(pipes_struct *p)
 	}
 
 	ZERO_STRUCT(r->out);
-	r->out.info = talloc_zero(r, struct netr_DsRGetDCNameInfo);
+	r->out.info = talloc_zero(r, struct netr_DsRGetDCNameInfo *);
 	if (r->out.info == NULL) {
 		talloc_free(r);
 		return false;
@@ -1724,7 +1746,7 @@ static bool api_netr_NETRLOGONDUMMYROUTINE1(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_NETRLOGONDUMMYROUTINE1];
 
-	r = talloc(NULL, struct netr_NETRLOGONDUMMYROUTINE1);
+	r = talloc(talloc_tos(), struct netr_NETRLOGONDUMMYROUTINE1);
 	if (r == NULL) {
 		return false;
 	}
@@ -1797,7 +1819,7 @@ static bool api_netr_NETRLOGONSETSERVICEBITS(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_NETRLOGONSETSERVICEBITS];
 
-	r = talloc(NULL, struct netr_NETRLOGONSETSERVICEBITS);
+	r = talloc(talloc_tos(), struct netr_NETRLOGONSETSERVICEBITS);
 	if (r == NULL) {
 		return false;
 	}
@@ -1859,18 +1881,18 @@ static bool api_netr_NETRLOGONSETSERVICEBITS(pipes_struct *p)
 	return true;
 }
 
-static bool api_netr_NETRLOGONGETTRUSTRID(pipes_struct *p)
+static bool api_netr_LogonGetTrustRid(pipes_struct *p)
 {
 	const struct ndr_interface_call *call;
 	struct ndr_pull *pull;
 	struct ndr_push *push;
 	enum ndr_err_code ndr_err;
 	DATA_BLOB blob;
-	struct netr_NETRLOGONGETTRUSTRID *r;
+	struct netr_LogonGetTrustRid *r;
 
-	call = &ndr_table_netlogon.calls[NDR_NETR_NETRLOGONGETTRUSTRID];
+	call = &ndr_table_netlogon.calls[NDR_NETR_LOGONGETTRUSTRID];
 
-	r = talloc(NULL, struct netr_NETRLOGONGETTRUSTRID);
+	r = talloc(talloc_tos(), struct netr_LogonGetTrustRid);
 	if (r == NULL) {
 		return false;
 	}
@@ -1894,10 +1916,17 @@ static bool api_netr_NETRLOGONGETTRUSTRID(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_NETRLOGONGETTRUSTRID, r);
+		NDR_PRINT_IN_DEBUG(netr_LogonGetTrustRid, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.rid = talloc_zero(r, uint32_t);
+	if (r->out.rid == NULL) {
+		talloc_free(r);
+		return false;
 	}
 
-	r->out.result = _netr_NETRLOGONGETTRUSTRID(p, r);
+	r->out.result = _netr_LogonGetTrustRid(p, r);
 
 	if (p->rng_fault_state) {
 		talloc_free(r);
@@ -1906,7 +1935,7 @@ static bool api_netr_NETRLOGONGETTRUSTRID(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_NETRLOGONGETTRUSTRID, r);
+		NDR_PRINT_OUT_DEBUG(netr_LogonGetTrustRid, r);
 	}
 
 	push = ndr_push_init_ctx(r);
@@ -1943,7 +1972,7 @@ static bool api_netr_NETRLOGONCOMPUTESERVERDIGEST(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_NETRLOGONCOMPUTESERVERDIGEST];
 
-	r = talloc(NULL, struct netr_NETRLOGONCOMPUTESERVERDIGEST);
+	r = talloc(talloc_tos(), struct netr_NETRLOGONCOMPUTESERVERDIGEST);
 	if (r == NULL) {
 		return false;
 	}
@@ -2016,7 +2045,7 @@ static bool api_netr_NETRLOGONCOMPUTECLIENTDIGEST(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_NETRLOGONCOMPUTECLIENTDIGEST];
 
-	r = talloc(NULL, struct netr_NETRLOGONCOMPUTECLIENTDIGEST);
+	r = talloc(talloc_tos(), struct netr_NETRLOGONCOMPUTECLIENTDIGEST);
 	if (r == NULL) {
 		return false;
 	}
@@ -2089,7 +2118,7 @@ static bool api_netr_ServerAuthenticate3(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_SERVERAUTHENTICATE3];
 
-	r = talloc(NULL, struct netr_ServerAuthenticate3);
+	r = talloc(talloc_tos(), struct netr_ServerAuthenticate3);
 	if (r == NULL) {
 		return false;
 	}
@@ -2171,7 +2200,7 @@ static bool api_netr_DsRGetDCNameEx(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_DSRGETDCNAMEEX];
 
-	r = talloc(NULL, struct netr_DsRGetDCNameEx);
+	r = talloc(talloc_tos(), struct netr_DsRGetDCNameEx);
 	if (r == NULL) {
 		return false;
 	}
@@ -2199,7 +2228,7 @@ static bool api_netr_DsRGetDCNameEx(pipes_struct *p)
 	}
 
 	ZERO_STRUCT(r->out);
-	r->out.info = talloc_zero(r, struct netr_DsRGetDCNameInfo);
+	r->out.info = talloc_zero(r, struct netr_DsRGetDCNameInfo *);
 	if (r->out.info == NULL) {
 		talloc_free(r);
 		return false;
@@ -2251,7 +2280,7 @@ static bool api_netr_DsRGetSiteName(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_DSRGETSITENAME];
 
-	r = talloc(NULL, struct netr_DsRGetSiteName);
+	r = talloc(talloc_tos(), struct netr_DsRGetSiteName);
 	if (r == NULL) {
 		return false;
 	}
@@ -2331,7 +2360,7 @@ static bool api_netr_LogonGetDomainInfo(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_LOGONGETDOMAININFO];
 
-	r = talloc(NULL, struct netr_LogonGetDomainInfo);
+	r = talloc(talloc_tos(), struct netr_LogonGetDomainInfo);
 	if (r == NULL) {
 		return false;
 	}
@@ -2412,7 +2441,7 @@ static bool api_netr_ServerPasswordSet2(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_SERVERPASSWORDSET2];
 
-	r = talloc(NULL, struct netr_ServerPasswordSet2);
+	r = talloc(talloc_tos(), struct netr_ServerPasswordSet2);
 	if (r == NULL) {
 		return false;
 	}
@@ -2481,18 +2510,18 @@ static bool api_netr_ServerPasswordSet2(pipes_struct *p)
 	return true;
 }
 
-static bool api_netr_NETRSERVERPASSWORDGET(pipes_struct *p)
+static bool api_netr_ServerPasswordGet(pipes_struct *p)
 {
 	const struct ndr_interface_call *call;
 	struct ndr_pull *pull;
 	struct ndr_push *push;
 	enum ndr_err_code ndr_err;
 	DATA_BLOB blob;
-	struct netr_NETRSERVERPASSWORDGET *r;
+	struct netr_ServerPasswordGet *r;
 
-	call = &ndr_table_netlogon.calls[NDR_NETR_NETRSERVERPASSWORDGET];
+	call = &ndr_table_netlogon.calls[NDR_NETR_SERVERPASSWORDGET];
 
-	r = talloc(NULL, struct netr_NETRSERVERPASSWORDGET);
+	r = talloc(talloc_tos(), struct netr_ServerPasswordGet);
 	if (r == NULL) {
 		return false;
 	}
@@ -2516,10 +2545,23 @@ static bool api_netr_NETRSERVERPASSWORDGET(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_NETRSERVERPASSWORDGET, r);
+		NDR_PRINT_IN_DEBUG(netr_ServerPasswordGet, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.return_authenticator = talloc_zero(r, struct netr_Authenticator);
+	if (r->out.return_authenticator == NULL) {
+		talloc_free(r);
+		return false;
 	}
 
-	r->out.result = _netr_NETRSERVERPASSWORDGET(p, r);
+	r->out.password = talloc_zero(r, struct samr_Password);
+	if (r->out.password == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _netr_ServerPasswordGet(p, r);
 
 	if (p->rng_fault_state) {
 		talloc_free(r);
@@ -2528,7 +2570,7 @@ static bool api_netr_NETRSERVERPASSWORDGET(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_NETRSERVERPASSWORDGET, r);
+		NDR_PRINT_OUT_DEBUG(netr_ServerPasswordGet, r);
 	}
 
 	push = ndr_push_init_ctx(r);
@@ -2565,7 +2607,7 @@ static bool api_netr_NETRLOGONSENDTOSAM(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_NETRLOGONSENDTOSAM];
 
-	r = talloc(NULL, struct netr_NETRLOGONSENDTOSAM);
+	r = talloc(talloc_tos(), struct netr_NETRLOGONSENDTOSAM);
 	if (r == NULL) {
 		return false;
 	}
@@ -2627,18 +2669,18 @@ static bool api_netr_NETRLOGONSENDTOSAM(pipes_struct *p)
 	return true;
 }
 
-static bool api_netr_DSRADDRESSTOSITENAMESW(pipes_struct *p)
+static bool api_netr_DsRAddressToSitenamesW(pipes_struct *p)
 {
 	const struct ndr_interface_call *call;
 	struct ndr_pull *pull;
 	struct ndr_push *push;
 	enum ndr_err_code ndr_err;
 	DATA_BLOB blob;
-	struct netr_DSRADDRESSTOSITENAMESW *r;
+	struct netr_DsRAddressToSitenamesW *r;
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_DSRADDRESSTOSITENAMESW];
 
-	r = talloc(NULL, struct netr_DSRADDRESSTOSITENAMESW);
+	r = talloc(talloc_tos(), struct netr_DsRAddressToSitenamesW);
 	if (r == NULL) {
 		return false;
 	}
@@ -2662,10 +2704,17 @@ static bool api_netr_DSRADDRESSTOSITENAMESW(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_DSRADDRESSTOSITENAMESW, r);
+		NDR_PRINT_IN_DEBUG(netr_DsRAddressToSitenamesW, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.ctr = talloc_zero(r, struct netr_DsRAddressToSitenamesWCtr *);
+	if (r->out.ctr == NULL) {
+		talloc_free(r);
+		return false;
 	}
 
-	r->out.result = _netr_DSRADDRESSTOSITENAMESW(p, r);
+	r->out.result = _netr_DsRAddressToSitenamesW(p, r);
 
 	if (p->rng_fault_state) {
 		talloc_free(r);
@@ -2674,7 +2723,7 @@ static bool api_netr_DSRADDRESSTOSITENAMESW(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_DSRADDRESSTOSITENAMESW, r);
+		NDR_PRINT_OUT_DEBUG(netr_DsRAddressToSitenamesW, r);
 	}
 
 	push = ndr_push_init_ctx(r);
@@ -2711,7 +2760,7 @@ static bool api_netr_DsRGetDCNameEx2(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_DSRGETDCNAMEEX2];
 
-	r = talloc(NULL, struct netr_DsRGetDCNameEx2);
+	r = talloc(talloc_tos(), struct netr_DsRGetDCNameEx2);
 	if (r == NULL) {
 		return false;
 	}
@@ -2739,7 +2788,7 @@ static bool api_netr_DsRGetDCNameEx2(pipes_struct *p)
 	}
 
 	ZERO_STRUCT(r->out);
-	r->out.info = talloc_zero(r, struct netr_DsRGetDCNameInfo);
+	r->out.info = talloc_zero(r, struct netr_DsRGetDCNameInfo *);
 	if (r->out.info == NULL) {
 		talloc_free(r);
 		return false;
@@ -2791,7 +2840,7 @@ static bool api_netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_NETRLOGONGETTIMESERVICEPARENTDOMAIN];
 
-	r = talloc(NULL, struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN);
+	r = talloc(talloc_tos(), struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN);
 	if (r == NULL) {
 		return false;
 	}
@@ -2853,18 +2902,18 @@ static bool api_netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(pipes_struct *p)
 	return true;
 }
 
-static bool api_netr_NETRENUMERATETRUSTEDDOMAINSEX(pipes_struct *p)
+static bool api_netr_NetrEnumerateTrustedDomainsEx(pipes_struct *p)
 {
 	const struct ndr_interface_call *call;
 	struct ndr_pull *pull;
 	struct ndr_push *push;
 	enum ndr_err_code ndr_err;
 	DATA_BLOB blob;
-	struct netr_NETRENUMERATETRUSTEDDOMAINSEX *r;
+	struct netr_NetrEnumerateTrustedDomainsEx *r;
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_NETRENUMERATETRUSTEDDOMAINSEX];
 
-	r = talloc(NULL, struct netr_NETRENUMERATETRUSTEDDOMAINSEX);
+	r = talloc(talloc_tos(), struct netr_NetrEnumerateTrustedDomainsEx);
 	if (r == NULL) {
 		return false;
 	}
@@ -2888,10 +2937,17 @@ static bool api_netr_NETRENUMERATETRUSTEDDOMAINSEX(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_NETRENUMERATETRUSTEDDOMAINSEX, r);
+		NDR_PRINT_IN_DEBUG(netr_NetrEnumerateTrustedDomainsEx, r);
 	}
 
-	r->out.result = _netr_NETRENUMERATETRUSTEDDOMAINSEX(p, r);
+	ZERO_STRUCT(r->out);
+	r->out.dom_trust_list = talloc_zero(r, struct netr_DomainTrustList);
+	if (r->out.dom_trust_list == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _netr_NetrEnumerateTrustedDomainsEx(p, r);
 
 	if (p->rng_fault_state) {
 		talloc_free(r);
@@ -2900,7 +2956,7 @@ static bool api_netr_NETRENUMERATETRUSTEDDOMAINSEX(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_NETRENUMERATETRUSTEDDOMAINSEX, r);
+		NDR_PRINT_OUT_DEBUG(netr_NetrEnumerateTrustedDomainsEx, r);
 	}
 
 	push = ndr_push_init_ctx(r);
@@ -2926,18 +2982,18 @@ static bool api_netr_NETRENUMERATETRUSTEDDOMAINSEX(pipes_struct *p)
 	return true;
 }
 
-static bool api_netr_DSRADDRESSTOSITENAMESEXW(pipes_struct *p)
+static bool api_netr_DsRAddressToSitenamesExW(pipes_struct *p)
 {
 	const struct ndr_interface_call *call;
 	struct ndr_pull *pull;
 	struct ndr_push *push;
 	enum ndr_err_code ndr_err;
 	DATA_BLOB blob;
-	struct netr_DSRADDRESSTOSITENAMESEXW *r;
+	struct netr_DsRAddressToSitenamesExW *r;
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_DSRADDRESSTOSITENAMESEXW];
 
-	r = talloc(NULL, struct netr_DSRADDRESSTOSITENAMESEXW);
+	r = talloc(talloc_tos(), struct netr_DsRAddressToSitenamesExW);
 	if (r == NULL) {
 		return false;
 	}
@@ -2961,10 +3017,17 @@ static bool api_netr_DSRADDRESSTOSITENAMESEXW(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_DSRADDRESSTOSITENAMESEXW, r);
+		NDR_PRINT_IN_DEBUG(netr_DsRAddressToSitenamesExW, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.ctr = talloc_zero(r, struct netr_DsRAddressToSitenamesExWCtr *);
+	if (r->out.ctr == NULL) {
+		talloc_free(r);
+		return false;
 	}
 
-	r->out.result = _netr_DSRADDRESSTOSITENAMESEXW(p, r);
+	r->out.result = _netr_DsRAddressToSitenamesExW(p, r);
 
 	if (p->rng_fault_state) {
 		talloc_free(r);
@@ -2973,7 +3036,7 @@ static bool api_netr_DSRADDRESSTOSITENAMESEXW(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_DSRADDRESSTOSITENAMESEXW, r);
+		NDR_PRINT_OUT_DEBUG(netr_DsRAddressToSitenamesExW, r);
 	}
 
 	push = ndr_push_init_ctx(r);
@@ -2999,18 +3062,18 @@ static bool api_netr_DSRADDRESSTOSITENAMESEXW(pipes_struct *p)
 	return true;
 }
 
-static bool api_netr_DSRGETDCSITECOVERAGEW(pipes_struct *p)
+static bool api_netr_DsrGetDcSiteCoverageW(pipes_struct *p)
 {
 	const struct ndr_interface_call *call;
 	struct ndr_pull *pull;
 	struct ndr_push *push;
 	enum ndr_err_code ndr_err;
 	DATA_BLOB blob;
-	struct netr_DSRGETDCSITECOVERAGEW *r;
+	struct netr_DsrGetDcSiteCoverageW *r;
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_DSRGETDCSITECOVERAGEW];
 
-	r = talloc(NULL, struct netr_DSRGETDCSITECOVERAGEW);
+	r = talloc(talloc_tos(), struct netr_DsrGetDcSiteCoverageW);
 	if (r == NULL) {
 		return false;
 	}
@@ -3034,10 +3097,17 @@ static bool api_netr_DSRGETDCSITECOVERAGEW(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_DSRGETDCSITECOVERAGEW, r);
+		NDR_PRINT_IN_DEBUG(netr_DsrGetDcSiteCoverageW, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.ctr = talloc_zero(r, struct DcSitesCtr);
+	if (r->out.ctr == NULL) {
+		talloc_free(r);
+		return false;
 	}
 
-	r->out.result = _netr_DSRGETDCSITECOVERAGEW(p, r);
+	r->out.result = _netr_DsrGetDcSiteCoverageW(p, r);
 
 	if (p->rng_fault_state) {
 		talloc_free(r);
@@ -3046,7 +3116,7 @@ static bool api_netr_DSRGETDCSITECOVERAGEW(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_DSRGETDCSITECOVERAGEW, r);
+		NDR_PRINT_OUT_DEBUG(netr_DsrGetDcSiteCoverageW, r);
 	}
 
 	push = ndr_push_init_ctx(r);
@@ -3083,7 +3153,7 @@ static bool api_netr_LogonSamLogonEx(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_LOGONSAMLOGONEX];
 
-	r = talloc(NULL, struct netr_LogonSamLogonEx);
+	r = talloc(talloc_tos(), struct netr_LogonSamLogonEx);
 	if (r == NULL) {
 		return false;
 	}
@@ -3170,7 +3240,7 @@ static bool api_netr_DsrEnumerateDomainTrusts(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_DSRENUMERATEDOMAINTRUSTS];
 
-	r = talloc(NULL, struct netr_DsrEnumerateDomainTrusts);
+	r = talloc(talloc_tos(), struct netr_DsrEnumerateDomainTrusts);
 	if (r == NULL) {
 		return false;
 	}
@@ -3198,13 +3268,7 @@ static bool api_netr_DsrEnumerateDomainTrusts(pipes_struct *p)
 	}
 
 	ZERO_STRUCT(r->out);
-	r->out.count = talloc_zero(r, uint32_t);
-	if (r->out.count == NULL) {
-		talloc_free(r);
-		return false;
-	}
-
-	r->out.trusts = talloc_zero_array(r, struct netr_DomainTrust *, r->out.count);
+	r->out.trusts = talloc_zero(r, struct netr_DomainTrustList);
 	if (r->out.trusts == NULL) {
 		talloc_free(r);
 		return false;
@@ -3245,18 +3309,18 @@ static bool api_netr_DsrEnumerateDomainTrusts(pipes_struct *p)
 	return true;
 }
 
-static bool api_netr_DSRDEREGISTERDNSHOSTRECORDS(pipes_struct *p)
+static bool api_netr_DsrDeregisterDNSHostRecords(pipes_struct *p)
 {
 	const struct ndr_interface_call *call;
 	struct ndr_pull *pull;
 	struct ndr_push *push;
 	enum ndr_err_code ndr_err;
 	DATA_BLOB blob;
-	struct netr_DSRDEREGISTERDNSHOSTRECORDS *r;
+	struct netr_DsrDeregisterDNSHostRecords *r;
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_DSRDEREGISTERDNSHOSTRECORDS];
 
-	r = talloc(NULL, struct netr_DSRDEREGISTERDNSHOSTRECORDS);
+	r = talloc(talloc_tos(), struct netr_DsrDeregisterDNSHostRecords);
 	if (r == NULL) {
 		return false;
 	}
@@ -3280,10 +3344,10 @@ static bool api_netr_DSRDEREGISTERDNSHOSTRECORDS(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_DSRDEREGISTERDNSHOSTRECORDS, r);
+		NDR_PRINT_IN_DEBUG(netr_DsrDeregisterDNSHostRecords, r);
 	}
 
-	r->out.result = _netr_DSRDEREGISTERDNSHOSTRECORDS(p, r);
+	r->out.result = _netr_DsrDeregisterDNSHostRecords(p, r);
 
 	if (p->rng_fault_state) {
 		talloc_free(r);
@@ -3292,7 +3356,7 @@ static bool api_netr_DSRDEREGISTERDNSHOSTRECORDS(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_DSRDEREGISTERDNSHOSTRECORDS, r);
+		NDR_PRINT_OUT_DEBUG(netr_DsrDeregisterDNSHostRecords, r);
 	}
 
 	push = ndr_push_init_ctx(r);
@@ -3318,18 +3382,18 @@ static bool api_netr_DSRDEREGISTERDNSHOSTRECORDS(pipes_struct *p)
 	return true;
 }
 
-static bool api_netr_NETRSERVERTRUSTPASSWORDSGET(pipes_struct *p)
+static bool api_netr_ServerTrustPasswordsGet(pipes_struct *p)
 {
 	const struct ndr_interface_call *call;
 	struct ndr_pull *pull;
 	struct ndr_push *push;
 	enum ndr_err_code ndr_err;
 	DATA_BLOB blob;
-	struct netr_NETRSERVERTRUSTPASSWORDSGET *r;
+	struct netr_ServerTrustPasswordsGet *r;
 
-	call = &ndr_table_netlogon.calls[NDR_NETR_NETRSERVERTRUSTPASSWORDSGET];
+	call = &ndr_table_netlogon.calls[NDR_NETR_SERVERTRUSTPASSWORDSGET];
 
-	r = talloc(NULL, struct netr_NETRSERVERTRUSTPASSWORDSGET);
+	r = talloc(talloc_tos(), struct netr_ServerTrustPasswordsGet);
 	if (r == NULL) {
 		return false;
 	}
@@ -3353,10 +3417,29 @@ static bool api_netr_NETRSERVERTRUSTPASSWORDSGET(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_NETRSERVERTRUSTPASSWORDSGET, r);
+		NDR_PRINT_IN_DEBUG(netr_ServerTrustPasswordsGet, r);
 	}
 
-	r->out.result = _netr_NETRSERVERTRUSTPASSWORDSGET(p, r);
+	ZERO_STRUCT(r->out);
+	r->out.return_authenticator = talloc_zero(r, struct netr_Authenticator);
+	if (r->out.return_authenticator == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.password = talloc_zero(r, struct samr_Password);
+	if (r->out.password == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.password2 = talloc_zero(r, struct samr_Password);
+	if (r->out.password2 == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _netr_ServerTrustPasswordsGet(p, r);
 
 	if (p->rng_fault_state) {
 		talloc_free(r);
@@ -3365,7 +3448,7 @@ static bool api_netr_NETRSERVERTRUSTPASSWORDSGET(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_NETRSERVERTRUSTPASSWORDSGET, r);
+		NDR_PRINT_OUT_DEBUG(netr_ServerTrustPasswordsGet, r);
 	}
 
 	push = ndr_push_init_ctx(r);
@@ -3391,18 +3474,18 @@ static bool api_netr_NETRSERVERTRUSTPASSWORDSGET(pipes_struct *p)
 	return true;
 }
 
-static bool api_netr_DSRGETFORESTTRUSTINFORMATION(pipes_struct *p)
+static bool api_netr_DsRGetForestTrustInformation(pipes_struct *p)
 {
 	const struct ndr_interface_call *call;
 	struct ndr_pull *pull;
 	struct ndr_push *push;
 	enum ndr_err_code ndr_err;
 	DATA_BLOB blob;
-	struct netr_DSRGETFORESTTRUSTINFORMATION *r;
+	struct netr_DsRGetForestTrustInformation *r;
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_DSRGETFORESTTRUSTINFORMATION];
 
-	r = talloc(NULL, struct netr_DSRGETFORESTTRUSTINFORMATION);
+	r = talloc(talloc_tos(), struct netr_DsRGetForestTrustInformation);
 	if (r == NULL) {
 		return false;
 	}
@@ -3426,10 +3509,17 @@ static bool api_netr_DSRGETFORESTTRUSTINFORMATION(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_DSRGETFORESTTRUSTINFORMATION, r);
+		NDR_PRINT_IN_DEBUG(netr_DsRGetForestTrustInformation, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.forest_trust_info = talloc_zero(r, struct lsa_ForestTrustInformation *);
+	if (r->out.forest_trust_info == NULL) {
+		talloc_free(r);
+		return false;
 	}
 
-	r->out.result = _netr_DSRGETFORESTTRUSTINFORMATION(p, r);
+	r->out.result = _netr_DsRGetForestTrustInformation(p, r);
 
 	if (p->rng_fault_state) {
 		talloc_free(r);
@@ -3438,7 +3528,7 @@ static bool api_netr_DSRGETFORESTTRUSTINFORMATION(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_DSRGETFORESTTRUSTINFORMATION, r);
+		NDR_PRINT_OUT_DEBUG(netr_DsRGetForestTrustInformation, r);
 	}
 
 	push = ndr_push_init_ctx(r);
@@ -3464,18 +3554,18 @@ static bool api_netr_DSRGETFORESTTRUSTINFORMATION(pipes_struct *p)
 	return true;
 }
 
-static bool api_netr_NETRGETFORESTTRUSTINFORMATION(pipes_struct *p)
+static bool api_netr_GetForestTrustInformation(pipes_struct *p)
 {
 	const struct ndr_interface_call *call;
 	struct ndr_pull *pull;
 	struct ndr_push *push;
 	enum ndr_err_code ndr_err;
 	DATA_BLOB blob;
-	struct netr_NETRGETFORESTTRUSTINFORMATION *r;
+	struct netr_GetForestTrustInformation *r;
 
-	call = &ndr_table_netlogon.calls[NDR_NETR_NETRGETFORESTTRUSTINFORMATION];
+	call = &ndr_table_netlogon.calls[NDR_NETR_GETFORESTTRUSTINFORMATION];
 
-	r = talloc(NULL, struct netr_NETRGETFORESTTRUSTINFORMATION);
+	r = talloc(talloc_tos(), struct netr_GetForestTrustInformation);
 	if (r == NULL) {
 		return false;
 	}
@@ -3499,10 +3589,23 @@ static bool api_netr_NETRGETFORESTTRUSTINFORMATION(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(netr_NETRGETFORESTTRUSTINFORMATION, r);
+		NDR_PRINT_IN_DEBUG(netr_GetForestTrustInformation, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.return_authenticator = talloc_zero(r, struct netr_Authenticator);
+	if (r->out.return_authenticator == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.forest_trust_info = talloc_zero(r, struct lsa_ForestTrustInformation *);
+	if (r->out.forest_trust_info == NULL) {
+		talloc_free(r);
+		return false;
 	}
 
-	r->out.result = _netr_NETRGETFORESTTRUSTINFORMATION(p, r);
+	r->out.result = _netr_GetForestTrustInformation(p, r);
 
 	if (p->rng_fault_state) {
 		talloc_free(r);
@@ -3511,7 +3614,7 @@ static bool api_netr_NETRGETFORESTTRUSTINFORMATION(pipes_struct *p)
 	}
 
 	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(netr_NETRGETFORESTTRUSTINFORMATION, r);
+		NDR_PRINT_OUT_DEBUG(netr_GetForestTrustInformation, r);
 	}
 
 	push = ndr_push_init_ctx(r);
@@ -3548,7 +3651,7 @@ static bool api_netr_LogonSamLogonWithFlags(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_LOGONSAMLOGONWITHFLAGS];
 
-	r = talloc(NULL, struct netr_LogonSamLogonWithFlags);
+	r = talloc(talloc_tos(), struct netr_LogonSamLogonWithFlags);
 	if (r == NULL) {
 		return false;
 	}
@@ -3636,7 +3739,7 @@ static bool api_netr_NETRSERVERGETTRUSTINFO(pipes_struct *p)
 
 	call = &ndr_table_netlogon.calls[NDR_NETR_NETRSERVERGETTRUSTINFO];
 
-	r = talloc(NULL, struct netr_NETRSERVERGETTRUSTINFO);
+	r = talloc(talloc_tos(), struct netr_NETRSERVERGETTRUSTINFO);
 	if (r == NULL) {
 		return false;
 	}
@@ -3721,11 +3824,11 @@ static struct api_struct api_netlogon_cmds[] =
 	{"NETR_DATABASESYNC2", NDR_NETR_DATABASESYNC2, api_netr_DatabaseSync2},
 	{"NETR_DATABASEREDO", NDR_NETR_DATABASEREDO, api_netr_DatabaseRedo},
 	{"NETR_LOGONCONTROL2EX", NDR_NETR_LOGONCONTROL2EX, api_netr_LogonControl2Ex},
-	{"NETR_NETRENUMERATETRUSTEDDOMAINS", NDR_NETR_NETRENUMERATETRUSTEDDOMAINS, api_netr_NETRENUMERATETRUSTEDDOMAINS},
+	{"NETR_NETRENUMERATETRUSTEDDOMAINS", NDR_NETR_NETRENUMERATETRUSTEDDOMAINS, api_netr_NetrEnumerateTrustedDomains},
 	{"NETR_DSRGETDCNAME", NDR_NETR_DSRGETDCNAME, api_netr_DsRGetDCName},
 	{"NETR_NETRLOGONDUMMYROUTINE1", NDR_NETR_NETRLOGONDUMMYROUTINE1, api_netr_NETRLOGONDUMMYROUTINE1},
 	{"NETR_NETRLOGONSETSERVICEBITS", NDR_NETR_NETRLOGONSETSERVICEBITS, api_netr_NETRLOGONSETSERVICEBITS},
-	{"NETR_NETRLOGONGETTRUSTRID", NDR_NETR_NETRLOGONGETTRUSTRID, api_netr_NETRLOGONGETTRUSTRID},
+	{"NETR_LOGONGETTRUSTRID", NDR_NETR_LOGONGETTRUSTRID, api_netr_LogonGetTrustRid},
 	{"NETR_NETRLOGONCOMPUTESERVERDIGEST", NDR_NETR_NETRLOGONCOMPUTESERVERDIGEST, api_netr_NETRLOGONCOMPUTESERVERDIGEST},
 	{"NETR_NETRLOGONCOMPUTECLIENTDIGEST", NDR_NETR_NETRLOGONCOMPUTECLIENTDIGEST, api_netr_NETRLOGONCOMPUTECLIENTDIGEST},
 	{"NETR_SERVERAUTHENTICATE3", NDR_NETR_SERVERAUTHENTICATE3, api_netr_ServerAuthenticate3},
@@ -3733,20 +3836,20 @@ static struct api_struct api_netlogon_cmds[] =
 	{"NETR_DSRGETSITENAME", NDR_NETR_DSRGETSITENAME, api_netr_DsRGetSiteName},
 	{"NETR_LOGONGETDOMAININFO", NDR_NETR_LOGONGETDOMAININFO, api_netr_LogonGetDomainInfo},
 	{"NETR_SERVERPASSWORDSET2", NDR_NETR_SERVERPASSWORDSET2, api_netr_ServerPasswordSet2},
-	{"NETR_NETRSERVERPASSWORDGET", NDR_NETR_NETRSERVERPASSWORDGET, api_netr_NETRSERVERPASSWORDGET},
+	{"NETR_SERVERPASSWORDGET", NDR_NETR_SERVERPASSWORDGET, api_netr_ServerPasswordGet},
 	{"NETR_NETRLOGONSENDTOSAM", NDR_NETR_NETRLOGONSENDTOSAM, api_netr_NETRLOGONSENDTOSAM},
-	{"NETR_DSRADDRESSTOSITENAMESW", NDR_NETR_DSRADDRESSTOSITENAMESW, api_netr_DSRADDRESSTOSITENAMESW},
+	{"NETR_DSRADDRESSTOSITENAMESW", NDR_NETR_DSRADDRESSTOSITENAMESW, api_netr_DsRAddressToSitenamesW},
 	{"NETR_DSRGETDCNAMEEX2", NDR_NETR_DSRGETDCNAMEEX2, api_netr_DsRGetDCNameEx2},
 	{"NETR_NETRLOGONGETTIMESERVICEPARENTDOMAIN", NDR_NETR_NETRLOGONGETTIMESERVICEPARENTDOMAIN, api_netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN},
-	{"NETR_NETRENUMERATETRUSTEDDOMAINSEX", NDR_NETR_NETRENUMERATETRUSTEDDOMAINSEX, api_netr_NETRENUMERATETRUSTEDDOMAINSEX},
-	{"NETR_DSRADDRESSTOSITENAMESEXW", NDR_NETR_DSRADDRESSTOSITENAMESEXW, api_netr_DSRADDRESSTOSITENAMESEXW},
-	{"NETR_DSRGETDCSITECOVERAGEW", NDR_NETR_DSRGETDCSITECOVERAGEW, api_netr_DSRGETDCSITECOVERAGEW},
+	{"NETR_NETRENUMERATETRUSTEDDOMAINSEX", NDR_NETR_NETRENUMERATETRUSTEDDOMAINSEX, api_netr_NetrEnumerateTrustedDomainsEx},
+	{"NETR_DSRADDRESSTOSITENAMESEXW", NDR_NETR_DSRADDRESSTOSITENAMESEXW, api_netr_DsRAddressToSitenamesExW},
+	{"NETR_DSRGETDCSITECOVERAGEW", NDR_NETR_DSRGETDCSITECOVERAGEW, api_netr_DsrGetDcSiteCoverageW},
 	{"NETR_LOGONSAMLOGONEX", NDR_NETR_LOGONSAMLOGONEX, api_netr_LogonSamLogonEx},
 	{"NETR_DSRENUMERATEDOMAINTRUSTS", NDR_NETR_DSRENUMERATEDOMAINTRUSTS, api_netr_DsrEnumerateDomainTrusts},
-	{"NETR_DSRDEREGISTERDNSHOSTRECORDS", NDR_NETR_DSRDEREGISTERDNSHOSTRECORDS, api_netr_DSRDEREGISTERDNSHOSTRECORDS},
-	{"NETR_NETRSERVERTRUSTPASSWORDSGET", NDR_NETR_NETRSERVERTRUSTPASSWORDSGET, api_netr_NETRSERVERTRUSTPASSWORDSGET},
-	{"NETR_DSRGETFORESTTRUSTINFORMATION", NDR_NETR_DSRGETFORESTTRUSTINFORMATION, api_netr_DSRGETFORESTTRUSTINFORMATION},
-	{"NETR_NETRGETFORESTTRUSTINFORMATION", NDR_NETR_NETRGETFORESTTRUSTINFORMATION, api_netr_NETRGETFORESTTRUSTINFORMATION},
+	{"NETR_DSRDEREGISTERDNSHOSTRECORDS", NDR_NETR_DSRDEREGISTERDNSHOSTRECORDS, api_netr_DsrDeregisterDNSHostRecords},
+	{"NETR_SERVERTRUSTPASSWORDSGET", NDR_NETR_SERVERTRUSTPASSWORDSGET, api_netr_ServerTrustPasswordsGet},
+	{"NETR_DSRGETFORESTTRUSTINFORMATION", NDR_NETR_DSRGETFORESTTRUSTINFORMATION, api_netr_DsRGetForestTrustInformation},
+	{"NETR_GETFORESTTRUSTINFORMATION", NDR_NETR_GETFORESTTRUSTINFORMATION, api_netr_GetForestTrustInformation},
 	{"NETR_LOGONSAMLOGONWITHFLAGS", NDR_NETR_LOGONSAMLOGONWITHFLAGS, api_netr_LogonSamLogonWithFlags},
 	{"NETR_NETRSERVERGETTRUSTINFO", NDR_NETR_NETRSERVERGETTRUSTINFO, api_netr_NETRSERVERGETTRUSTINFO},
 };
diff --git a/source3/librpc/gen_ndr/srv_netlogon.h b/source3/librpc/gen_ndr/srv_netlogon.h
index 8350f437cd..1fe16c603b 100644
--- a/source3/librpc/gen_ndr/srv_netlogon.h
+++ b/source3/librpc/gen_ndr/srv_netlogon.h
@@ -12,7 +12,7 @@ NTSTATUS _netr_DatabaseDeltas(pipes_struct *p, struct netr_DatabaseDeltas *r);
 NTSTATUS _netr_DatabaseSync(pipes_struct *p, struct netr_DatabaseSync *r);
 NTSTATUS _netr_AccountDeltas(pipes_struct *p, struct netr_AccountDeltas *r);
 NTSTATUS _netr_AccountSync(pipes_struct *p, struct netr_AccountSync *r);
-NTSTATUS _netr_GetDcName(pipes_struct *p, struct netr_GetDcName *r);
+WERROR _netr_GetDcName(pipes_struct *p, struct netr_GetDcName *r);
 WERROR _netr_LogonControl(pipes_struct *p, struct netr_LogonControl *r);
 WERROR _netr_GetAnyDCName(pipes_struct *p, struct netr_GetAnyDCName *r);
 WERROR _netr_LogonControl2(pipes_struct *p, struct netr_LogonControl2 *r);
@@ -20,11 +20,11 @@ NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p, struct netr_ServerAuthentica
 NTSTATUS _netr_DatabaseSync2(pipes_struct *p, struct netr_DatabaseSync2 *r);
 NTSTATUS _netr_DatabaseRedo(pipes_struct *p, struct netr_DatabaseRedo *r);
 WERROR _netr_LogonControl2Ex(pipes_struct *p, struct netr_LogonControl2Ex *r);
-WERROR _netr_NETRENUMERATETRUSTEDDOMAINS(pipes_struct *p, struct netr_NETRENUMERATETRUSTEDDOMAINS *r);
+WERROR _netr_NetrEnumerateTrustedDomains(pipes_struct *p, struct netr_NetrEnumerateTrustedDomains *r);
 WERROR _netr_DsRGetDCName(pipes_struct *p, struct netr_DsRGetDCName *r);
 WERROR _netr_NETRLOGONDUMMYROUTINE1(pipes_struct *p, struct netr_NETRLOGONDUMMYROUTINE1 *r);
 WERROR _netr_NETRLOGONSETSERVICEBITS(pipes_struct *p, struct netr_NETRLOGONSETSERVICEBITS *r);
-WERROR _netr_NETRLOGONGETTRUSTRID(pipes_struct *p, struct netr_NETRLOGONGETTRUSTRID *r);
+WERROR _netr_LogonGetTrustRid(pipes_struct *p, struct netr_LogonGetTrustRid *r);
 WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(pipes_struct *p, struct netr_NETRLOGONCOMPUTESERVERDIGEST *r);
 WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(pipes_struct *p, struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r);
 NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p, struct netr_ServerAuthenticate3 *r);
@@ -32,20 +32,20 @@ WERROR _netr_DsRGetDCNameEx(pipes_struct *p, struct netr_DsRGetDCNameEx *r);
 WERROR _netr_DsRGetSiteName(pipes_struct *p, struct netr_DsRGetSiteName *r);
 NTSTATUS _netr_LogonGetDomainInfo(pipes_struct *p, struct netr_LogonGetDomainInfo *r);
 NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p, struct netr_ServerPasswordSet2 *r);
-WERROR _netr_NETRSERVERPASSWORDGET(pipes_struct *p, struct netr_NETRSERVERPASSWORDGET *r);
+WERROR _netr_ServerPasswordGet(pipes_struct *p, struct netr_ServerPasswordGet *r);
 WERROR _netr_NETRLOGONSENDTOSAM(pipes_struct *p, struct netr_NETRLOGONSENDTOSAM *r);
-WERROR _netr_DSRADDRESSTOSITENAMESW(pipes_struct *p, struct netr_DSRADDRESSTOSITENAMESW *r);
+WERROR _netr_DsRAddressToSitenamesW(pipes_struct *p, struct netr_DsRAddressToSitenamesW *r);
 WERROR _netr_DsRGetDCNameEx2(pipes_struct *p, struct netr_DsRGetDCNameEx2 *r);
 WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(pipes_struct *p, struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r);
-WERROR _netr_NETRENUMERATETRUSTEDDOMAINSEX(pipes_struct *p, struct netr_NETRENUMERATETRUSTEDDOMAINSEX *r);
-WERROR _netr_DSRADDRESSTOSITENAMESEXW(pipes_struct *p, struct netr_DSRADDRESSTOSITENAMESEXW *r);
-WERROR _netr_DSRGETDCSITECOVERAGEW(pipes_struct *p, struct netr_DSRGETDCSITECOVERAGEW *r);
+WERROR _netr_NetrEnumerateTrustedDomainsEx(pipes_struct *p, struct netr_NetrEnumerateTrustedDomainsEx *r);
+WERROR _netr_DsRAddressToSitenamesExW(pipes_struct *p, struct netr_DsRAddressToSitenamesExW *r);
+WERROR _netr_DsrGetDcSiteCoverageW(pipes_struct *p, struct netr_DsrGetDcSiteCoverageW *r);
 NTSTATUS _netr_LogonSamLogonEx(pipes_struct *p, struct netr_LogonSamLogonEx *r);
 WERROR _netr_DsrEnumerateDomainTrusts(pipes_struct *p, struct netr_DsrEnumerateDomainTrusts *r);
-WERROR _netr_DSRDEREGISTERDNSHOSTRECORDS(pipes_struct *p, struct netr_DSRDEREGISTERDNSHOSTRECORDS *r);
-WERROR _netr_NETRSERVERTRUSTPASSWORDSGET(pipes_struct *p, struct netr_NETRSERVERTRUSTPASSWORDSGET *r);
-WERROR _netr_DSRGETFORESTTRUSTINFORMATION(pipes_struct *p, struct netr_DSRGETFORESTTRUSTINFORMATION *r);
-WERROR _netr_NETRGETFORESTTRUSTINFORMATION(pipes_struct *p, struct netr_NETRGETFORESTTRUSTINFORMATION *r);
+WERROR _netr_DsrDeregisterDNSHostRecords(pipes_struct *p, struct netr_DsrDeregisterDNSHostRecords *r);
+NTSTATUS _netr_ServerTrustPasswordsGet(pipes_struct *p, struct netr_ServerTrustPasswordsGet *r);
+WERROR _netr_DsRGetForestTrustInformation(pipes_struct *p, struct netr_DsRGetForestTrustInformation *r);
+WERROR _netr_GetForestTrustInformation(pipes_struct *p, struct netr_GetForestTrustInformation *r);
 NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p, struct netr_LogonSamLogonWithFlags *r);
 WERROR _netr_NETRSERVERGETTRUSTINFO(pipes_struct *p, struct netr_NETRSERVERGETTRUSTINFO *r);
 void netlogon_get_pipe_fns(struct api_struct **fns, int *n_fns);
diff --git a/source3/librpc/gen_ndr/srv_ntsvcs.c b/source3/librpc/gen_ndr/srv_ntsvcs.c
new file mode 100644
index 0000000000..339de6c747
--- /dev/null
+++ b/source3/librpc/gen_ndr/srv_ntsvcs.c
@@ -0,0 +1,4859 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * server auto-generated by pidl. DO NOT MODIFY!
+ */
+
+#include "includes.h"
+#include "librpc/gen_ndr/srv_ntsvcs.h"
+
+static bool api_PNP_Disconnect(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_Disconnect *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_DISCONNECT];
+
+	r = talloc(talloc_tos(), struct PNP_Disconnect);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_Disconnect, r);
+	}
+
+	r->out.result = _PNP_Disconnect(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_Disconnect, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_Connect(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_Connect *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_CONNECT];
+
+	r = talloc(talloc_tos(), struct PNP_Connect);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_Connect, r);
+	}
+
+	r->out.result = _PNP_Connect(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_Connect, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetVersion(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetVersion *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETVERSION];
+
+	r = talloc(talloc_tos(), struct PNP_GetVersion);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetVersion, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.version = talloc_zero(r, uint16_t);
+	if (r->out.version == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _PNP_GetVersion(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetVersion, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetGlobalState(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetGlobalState *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETGLOBALSTATE];
+
+	r = talloc(talloc_tos(), struct PNP_GetGlobalState);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetGlobalState, r);
+	}
+
+	r->out.result = _PNP_GetGlobalState(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetGlobalState, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_InitDetection(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_InitDetection *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_INITDETECTION];
+
+	r = talloc(talloc_tos(), struct PNP_InitDetection);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_InitDetection, r);
+	}
+
+	r->out.result = _PNP_InitDetection(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_InitDetection, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_ReportLogOn(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_ReportLogOn *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_REPORTLOGON];
+
+	r = talloc(talloc_tos(), struct PNP_ReportLogOn);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_ReportLogOn, r);
+	}
+
+	r->out.result = _PNP_ReportLogOn(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_ReportLogOn, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_ValidateDeviceInstance(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_ValidateDeviceInstance *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_VALIDATEDEVICEINSTANCE];
+
+	r = talloc(talloc_tos(), struct PNP_ValidateDeviceInstance);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_ValidateDeviceInstance, r);
+	}
+
+	r->out.result = _PNP_ValidateDeviceInstance(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_ValidateDeviceInstance, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetRootDeviceInstance(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetRootDeviceInstance *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETROOTDEVICEINSTANCE];
+
+	r = talloc(talloc_tos(), struct PNP_GetRootDeviceInstance);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetRootDeviceInstance, r);
+	}
+
+	r->out.result = _PNP_GetRootDeviceInstance(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetRootDeviceInstance, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetRelatedDeviceInstance(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetRelatedDeviceInstance *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETRELATEDDEVICEINSTANCE];
+
+	r = talloc(talloc_tos(), struct PNP_GetRelatedDeviceInstance);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetRelatedDeviceInstance, r);
+	}
+
+	r->out.result = _PNP_GetRelatedDeviceInstance(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetRelatedDeviceInstance, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_EnumerateSubKeys(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_EnumerateSubKeys *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_ENUMERATESUBKEYS];
+
+	r = talloc(talloc_tos(), struct PNP_EnumerateSubKeys);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_EnumerateSubKeys, r);
+	}
+
+	r->out.result = _PNP_EnumerateSubKeys(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_EnumerateSubKeys, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetDeviceList(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetDeviceList *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETDEVICELIST];
+
+	r = talloc(talloc_tos(), struct PNP_GetDeviceList);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetDeviceList, r);
+	}
+
+	r->out.result = _PNP_GetDeviceList(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetDeviceList, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetDeviceListSize(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetDeviceListSize *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETDEVICELISTSIZE];
+
+	r = talloc(talloc_tos(), struct PNP_GetDeviceListSize);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetDeviceListSize, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.size = talloc_zero(r, uint32_t);
+	if (r->out.size == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _PNP_GetDeviceListSize(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetDeviceListSize, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetDepth(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetDepth *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETDEPTH];
+
+	r = talloc(talloc_tos(), struct PNP_GetDepth);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetDepth, r);
+	}
+
+	r->out.result = _PNP_GetDepth(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetDepth, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetDeviceRegProp(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetDeviceRegProp *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETDEVICEREGPROP];
+
+	r = talloc(talloc_tos(), struct PNP_GetDeviceRegProp);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetDeviceRegProp, r);
+	}
+
+	r->out.result = _PNP_GetDeviceRegProp(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetDeviceRegProp, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_SetDeviceRegProp(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_SetDeviceRegProp *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_SETDEVICEREGPROP];
+
+	r = talloc(talloc_tos(), struct PNP_SetDeviceRegProp);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_SetDeviceRegProp, r);
+	}
+
+	r->out.result = _PNP_SetDeviceRegProp(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_SetDeviceRegProp, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetClassInstance(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetClassInstance *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETCLASSINSTANCE];
+
+	r = talloc(talloc_tos(), struct PNP_GetClassInstance);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetClassInstance, r);
+	}
+
+	r->out.result = _PNP_GetClassInstance(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetClassInstance, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_CreateKey(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_CreateKey *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_CREATEKEY];
+
+	r = talloc(talloc_tos(), struct PNP_CreateKey);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_CreateKey, r);
+	}
+
+	r->out.result = _PNP_CreateKey(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_CreateKey, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_DeleteRegistryKey(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_DeleteRegistryKey *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_DELETEREGISTRYKEY];
+
+	r = talloc(talloc_tos(), struct PNP_DeleteRegistryKey);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_DeleteRegistryKey, r);
+	}
+
+	r->out.result = _PNP_DeleteRegistryKey(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_DeleteRegistryKey, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetClassCount(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetClassCount *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETCLASSCOUNT];
+
+	r = talloc(talloc_tos(), struct PNP_GetClassCount);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetClassCount, r);
+	}
+
+	r->out.result = _PNP_GetClassCount(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetClassCount, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetClassName(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetClassName *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETCLASSNAME];
+
+	r = talloc(talloc_tos(), struct PNP_GetClassName);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetClassName, r);
+	}
+
+	r->out.result = _PNP_GetClassName(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetClassName, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_DeleteClassKey(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_DeleteClassKey *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_DELETECLASSKEY];
+
+	r = talloc(talloc_tos(), struct PNP_DeleteClassKey);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_DeleteClassKey, r);
+	}
+
+	r->out.result = _PNP_DeleteClassKey(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_DeleteClassKey, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetInterfaceDeviceAlias(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetInterfaceDeviceAlias *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETINTERFACEDEVICEALIAS];
+
+	r = talloc(talloc_tos(), struct PNP_GetInterfaceDeviceAlias);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetInterfaceDeviceAlias, r);
+	}
+
+	r->out.result = _PNP_GetInterfaceDeviceAlias(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetInterfaceDeviceAlias, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetInterfaceDeviceList(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetInterfaceDeviceList *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETINTERFACEDEVICELIST];
+
+	r = talloc(talloc_tos(), struct PNP_GetInterfaceDeviceList);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetInterfaceDeviceList, r);
+	}
+
+	r->out.result = _PNP_GetInterfaceDeviceList(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetInterfaceDeviceList, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetInterfaceDeviceListSize(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetInterfaceDeviceListSize *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETINTERFACEDEVICELISTSIZE];
+
+	r = talloc(talloc_tos(), struct PNP_GetInterfaceDeviceListSize);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetInterfaceDeviceListSize, r);
+	}
+
+	r->out.result = _PNP_GetInterfaceDeviceListSize(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetInterfaceDeviceListSize, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_RegisterDeviceClassAssociation(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_RegisterDeviceClassAssociation *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_REGISTERDEVICECLASSASSOCIATION];
+
+	r = talloc(talloc_tos(), struct PNP_RegisterDeviceClassAssociation);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_RegisterDeviceClassAssociation, r);
+	}
+
+	r->out.result = _PNP_RegisterDeviceClassAssociation(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_RegisterDeviceClassAssociation, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_UnregisterDeviceClassAssociation(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_UnregisterDeviceClassAssociation *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_UNREGISTERDEVICECLASSASSOCIATION];
+
+	r = talloc(talloc_tos(), struct PNP_UnregisterDeviceClassAssociation);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_UnregisterDeviceClassAssociation, r);
+	}
+
+	r->out.result = _PNP_UnregisterDeviceClassAssociation(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_UnregisterDeviceClassAssociation, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetClassRegProp(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetClassRegProp *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETCLASSREGPROP];
+
+	r = talloc(talloc_tos(), struct PNP_GetClassRegProp);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetClassRegProp, r);
+	}
+
+	r->out.result = _PNP_GetClassRegProp(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetClassRegProp, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_SetClassRegProp(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_SetClassRegProp *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_SETCLASSREGPROP];
+
+	r = talloc(talloc_tos(), struct PNP_SetClassRegProp);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_SetClassRegProp, r);
+	}
+
+	r->out.result = _PNP_SetClassRegProp(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_SetClassRegProp, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_CreateDevInst(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_CreateDevInst *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_CREATEDEVINST];
+
+	r = talloc(talloc_tos(), struct PNP_CreateDevInst);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_CreateDevInst, r);
+	}
+
+	r->out.result = _PNP_CreateDevInst(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_CreateDevInst, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_DeviceInstanceAction(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_DeviceInstanceAction *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_DEVICEINSTANCEACTION];
+
+	r = talloc(talloc_tos(), struct PNP_DeviceInstanceAction);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_DeviceInstanceAction, r);
+	}
+
+	r->out.result = _PNP_DeviceInstanceAction(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_DeviceInstanceAction, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetDeviceStatus(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetDeviceStatus *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETDEVICESTATUS];
+
+	r = talloc(talloc_tos(), struct PNP_GetDeviceStatus);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetDeviceStatus, r);
+	}
+
+	r->out.result = _PNP_GetDeviceStatus(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetDeviceStatus, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_SetDeviceProblem(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_SetDeviceProblem *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_SETDEVICEPROBLEM];
+
+	r = talloc(talloc_tos(), struct PNP_SetDeviceProblem);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_SetDeviceProblem, r);
+	}
+
+	r->out.result = _PNP_SetDeviceProblem(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_SetDeviceProblem, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_DisableDevInst(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_DisableDevInst *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_DISABLEDEVINST];
+
+	r = talloc(talloc_tos(), struct PNP_DisableDevInst);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_DisableDevInst, r);
+	}
+
+	r->out.result = _PNP_DisableDevInst(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_DisableDevInst, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_UninstallDevInst(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_UninstallDevInst *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_UNINSTALLDEVINST];
+
+	r = talloc(talloc_tos(), struct PNP_UninstallDevInst);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_UninstallDevInst, r);
+	}
+
+	r->out.result = _PNP_UninstallDevInst(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_UninstallDevInst, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_AddID(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_AddID *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_ADDID];
+
+	r = talloc(talloc_tos(), struct PNP_AddID);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_AddID, r);
+	}
+
+	r->out.result = _PNP_AddID(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_AddID, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_RegisterDriver(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_RegisterDriver *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_REGISTERDRIVER];
+
+	r = talloc(talloc_tos(), struct PNP_RegisterDriver);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_RegisterDriver, r);
+	}
+
+	r->out.result = _PNP_RegisterDriver(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_RegisterDriver, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_QueryRemove(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_QueryRemove *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_QUERYREMOVE];
+
+	r = talloc(talloc_tos(), struct PNP_QueryRemove);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_QueryRemove, r);
+	}
+
+	r->out.result = _PNP_QueryRemove(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_QueryRemove, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_RequestDeviceEject(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_RequestDeviceEject *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_REQUESTDEVICEEJECT];
+
+	r = talloc(talloc_tos(), struct PNP_RequestDeviceEject);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_RequestDeviceEject, r);
+	}
+
+	r->out.result = _PNP_RequestDeviceEject(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_RequestDeviceEject, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_IsDockStationPresent(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_IsDockStationPresent *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_ISDOCKSTATIONPRESENT];
+
+	r = talloc(talloc_tos(), struct PNP_IsDockStationPresent);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_IsDockStationPresent, r);
+	}
+
+	r->out.result = _PNP_IsDockStationPresent(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_IsDockStationPresent, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_RequestEjectPC(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_RequestEjectPC *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_REQUESTEJECTPC];
+
+	r = talloc(talloc_tos(), struct PNP_RequestEjectPC);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_RequestEjectPC, r);
+	}
+
+	r->out.result = _PNP_RequestEjectPC(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_RequestEjectPC, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_HwProfFlags(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_HwProfFlags *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_HWPROFFLAGS];
+
+	r = talloc(talloc_tos(), struct PNP_HwProfFlags);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_HwProfFlags, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.unknown3 = r->in.unknown3;
+	r->out.unknown4 = r->in.unknown4;
+	r->out.unknown5a = talloc_zero(r, const char *);
+	if (r->out.unknown5a == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _PNP_HwProfFlags(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_HwProfFlags, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetHwProfInfo(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetHwProfInfo *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETHWPROFINFO];
+
+	r = talloc(talloc_tos(), struct PNP_GetHwProfInfo);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetHwProfInfo, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.info = r->in.info;
+	r->out.result = _PNP_GetHwProfInfo(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetHwProfInfo, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_AddEmptyLogConf(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_AddEmptyLogConf *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_ADDEMPTYLOGCONF];
+
+	r = talloc(talloc_tos(), struct PNP_AddEmptyLogConf);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_AddEmptyLogConf, r);
+	}
+
+	r->out.result = _PNP_AddEmptyLogConf(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_AddEmptyLogConf, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_FreeLogConf(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_FreeLogConf *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_FREELOGCONF];
+
+	r = talloc(talloc_tos(), struct PNP_FreeLogConf);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_FreeLogConf, r);
+	}
+
+	r->out.result = _PNP_FreeLogConf(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_FreeLogConf, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetFirstLogConf(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetFirstLogConf *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETFIRSTLOGCONF];
+
+	r = talloc(talloc_tos(), struct PNP_GetFirstLogConf);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetFirstLogConf, r);
+	}
+
+	r->out.result = _PNP_GetFirstLogConf(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetFirstLogConf, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetNextLogConf(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetNextLogConf *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETNEXTLOGCONF];
+
+	r = talloc(talloc_tos(), struct PNP_GetNextLogConf);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetNextLogConf, r);
+	}
+
+	r->out.result = _PNP_GetNextLogConf(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetNextLogConf, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetLogConfPriority(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetLogConfPriority *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETLOGCONFPRIORITY];
+
+	r = talloc(talloc_tos(), struct PNP_GetLogConfPriority);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetLogConfPriority, r);
+	}
+
+	r->out.result = _PNP_GetLogConfPriority(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetLogConfPriority, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_AddResDes(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_AddResDes *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_ADDRESDES];
+
+	r = talloc(talloc_tos(), struct PNP_AddResDes);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_AddResDes, r);
+	}
+
+	r->out.result = _PNP_AddResDes(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_AddResDes, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_FreeResDes(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_FreeResDes *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_FREERESDES];
+
+	r = talloc(talloc_tos(), struct PNP_FreeResDes);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_FreeResDes, r);
+	}
+
+	r->out.result = _PNP_FreeResDes(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_FreeResDes, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetNextResDes(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetNextResDes *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETNEXTRESDES];
+
+	r = talloc(talloc_tos(), struct PNP_GetNextResDes);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetNextResDes, r);
+	}
+
+	r->out.result = _PNP_GetNextResDes(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetNextResDes, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetResDesData(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetResDesData *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETRESDESDATA];
+
+	r = talloc(talloc_tos(), struct PNP_GetResDesData);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetResDesData, r);
+	}
+
+	r->out.result = _PNP_GetResDesData(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetResDesData, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetResDesDataSize(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetResDesDataSize *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETRESDESDATASIZE];
+
+	r = talloc(talloc_tos(), struct PNP_GetResDesDataSize);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetResDesDataSize, r);
+	}
+
+	r->out.result = _PNP_GetResDesDataSize(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetResDesDataSize, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_ModifyResDes(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_ModifyResDes *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_MODIFYRESDES];
+
+	r = talloc(talloc_tos(), struct PNP_ModifyResDes);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_ModifyResDes, r);
+	}
+
+	r->out.result = _PNP_ModifyResDes(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_ModifyResDes, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_DetectResourceLimit(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_DetectResourceLimit *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_DETECTRESOURCELIMIT];
+
+	r = talloc(talloc_tos(), struct PNP_DetectResourceLimit);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_DetectResourceLimit, r);
+	}
+
+	r->out.result = _PNP_DetectResourceLimit(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_DetectResourceLimit, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_QueryResConfList(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_QueryResConfList *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_QUERYRESCONFLIST];
+
+	r = talloc(talloc_tos(), struct PNP_QueryResConfList);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_QueryResConfList, r);
+	}
+
+	r->out.result = _PNP_QueryResConfList(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_QueryResConfList, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_SetHwProf(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_SetHwProf *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_SETHWPROF];
+
+	r = talloc(talloc_tos(), struct PNP_SetHwProf);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_SetHwProf, r);
+	}
+
+	r->out.result = _PNP_SetHwProf(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_SetHwProf, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_QueryArbitratorFreeData(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_QueryArbitratorFreeData *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_QUERYARBITRATORFREEDATA];
+
+	r = talloc(talloc_tos(), struct PNP_QueryArbitratorFreeData);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_QueryArbitratorFreeData, r);
+	}
+
+	r->out.result = _PNP_QueryArbitratorFreeData(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_QueryArbitratorFreeData, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_QueryArbitratorFreeSize(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_QueryArbitratorFreeSize *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_QUERYARBITRATORFREESIZE];
+
+	r = talloc(talloc_tos(), struct PNP_QueryArbitratorFreeSize);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_QueryArbitratorFreeSize, r);
+	}
+
+	r->out.result = _PNP_QueryArbitratorFreeSize(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_QueryArbitratorFreeSize, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_RunDetection(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_RunDetection *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_RUNDETECTION];
+
+	r = talloc(talloc_tos(), struct PNP_RunDetection);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_RunDetection, r);
+	}
+
+	r->out.result = _PNP_RunDetection(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_RunDetection, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_RegisterNotification(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_RegisterNotification *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_REGISTERNOTIFICATION];
+
+	r = talloc(talloc_tos(), struct PNP_RegisterNotification);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_RegisterNotification, r);
+	}
+
+	r->out.result = _PNP_RegisterNotification(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_RegisterNotification, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_UnregisterNotification(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_UnregisterNotification *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_UNREGISTERNOTIFICATION];
+
+	r = talloc(talloc_tos(), struct PNP_UnregisterNotification);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_UnregisterNotification, r);
+	}
+
+	r->out.result = _PNP_UnregisterNotification(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_UnregisterNotification, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetCustomDevProp(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetCustomDevProp *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETCUSTOMDEVPROP];
+
+	r = talloc(talloc_tos(), struct PNP_GetCustomDevProp);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetCustomDevProp, r);
+	}
+
+	r->out.result = _PNP_GetCustomDevProp(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetCustomDevProp, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetVersionInternal(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetVersionInternal *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETVERSIONINTERNAL];
+
+	r = talloc(talloc_tos(), struct PNP_GetVersionInternal);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetVersionInternal, r);
+	}
+
+	r->out.result = _PNP_GetVersionInternal(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetVersionInternal, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetBlockedDriverInfo(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetBlockedDriverInfo *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETBLOCKEDDRIVERINFO];
+
+	r = talloc(talloc_tos(), struct PNP_GetBlockedDriverInfo);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetBlockedDriverInfo, r);
+	}
+
+	r->out.result = _PNP_GetBlockedDriverInfo(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetBlockedDriverInfo, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_PNP_GetServerSideDeviceInstallFlags(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct PNP_GetServerSideDeviceInstallFlags *r;
+
+	call = &ndr_table_ntsvcs.calls[NDR_PNP_GETSERVERSIDEDEVICEINSTALLFLAGS];
+
+	r = talloc(talloc_tos(), struct PNP_GetServerSideDeviceInstallFlags);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(PNP_GetServerSideDeviceInstallFlags, r);
+	}
+
+	r->out.result = _PNP_GetServerSideDeviceInstallFlags(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(PNP_GetServerSideDeviceInstallFlags, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+
+/* Tables */
+static struct api_struct api_ntsvcs_cmds[] = 
+{
+	{"PNP_DISCONNECT", NDR_PNP_DISCONNECT, api_PNP_Disconnect},
+	{"PNP_CONNECT", NDR_PNP_CONNECT, api_PNP_Connect},
+	{"PNP_GETVERSION", NDR_PNP_GETVERSION, api_PNP_GetVersion},
+	{"PNP_GETGLOBALSTATE", NDR_PNP_GETGLOBALSTATE, api_PNP_GetGlobalState},
+	{"PNP_INITDETECTION", NDR_PNP_INITDETECTION, api_PNP_InitDetection},
+	{"PNP_REPORTLOGON", NDR_PNP_REPORTLOGON, api_PNP_ReportLogOn},
+	{"PNP_VALIDATEDEVICEINSTANCE", NDR_PNP_VALIDATEDEVICEINSTANCE, api_PNP_ValidateDeviceInstance},
+	{"PNP_GETROOTDEVICEINSTANCE", NDR_PNP_GETROOTDEVICEINSTANCE, api_PNP_GetRootDeviceInstance},
+	{"PNP_GETRELATEDDEVICEINSTANCE", NDR_PNP_GETRELATEDDEVICEINSTANCE, api_PNP_GetRelatedDeviceInstance},
+	{"PNP_ENUMERATESUBKEYS", NDR_PNP_ENUMERATESUBKEYS, api_PNP_EnumerateSubKeys},
+	{"PNP_GETDEVICELIST", NDR_PNP_GETDEVICELIST, api_PNP_GetDeviceList},
+	{"PNP_GETDEVICELISTSIZE", NDR_PNP_GETDEVICELISTSIZE, api_PNP_GetDeviceListSize},
+	{"PNP_GETDEPTH", NDR_PNP_GETDEPTH, api_PNP_GetDepth},
+	{"PNP_GETDEVICEREGPROP", NDR_PNP_GETDEVICEREGPROP, api_PNP_GetDeviceRegProp},
+	{"PNP_SETDEVICEREGPROP", NDR_PNP_SETDEVICEREGPROP, api_PNP_SetDeviceRegProp},
+	{"PNP_GETCLASSINSTANCE", NDR_PNP_GETCLASSINSTANCE, api_PNP_GetClassInstance},
+	{"PNP_CREATEKEY", NDR_PNP_CREATEKEY, api_PNP_CreateKey},
+	{"PNP_DELETEREGISTRYKEY", NDR_PNP_DELETEREGISTRYKEY, api_PNP_DeleteRegistryKey},
+	{"PNP_GETCLASSCOUNT", NDR_PNP_GETCLASSCOUNT, api_PNP_GetClassCount},
+	{"PNP_GETCLASSNAME", NDR_PNP_GETCLASSNAME, api_PNP_GetClassName},
+	{"PNP_DELETECLASSKEY", NDR_PNP_DELETECLASSKEY, api_PNP_DeleteClassKey},
+	{"PNP_GETINTERFACEDEVICEALIAS", NDR_PNP_GETINTERFACEDEVICEALIAS, api_PNP_GetInterfaceDeviceAlias},
+	{"PNP_GETINTERFACEDEVICELIST", NDR_PNP_GETINTERFACEDEVICELIST, api_PNP_GetInterfaceDeviceList},
+	{"PNP_GETINTERFACEDEVICELISTSIZE", NDR_PNP_GETINTERFACEDEVICELISTSIZE, api_PNP_GetInterfaceDeviceListSize},
+	{"PNP_REGISTERDEVICECLASSASSOCIATION", NDR_PNP_REGISTERDEVICECLASSASSOCIATION, api_PNP_RegisterDeviceClassAssociation},
+	{"PNP_UNREGISTERDEVICECLASSASSOCIATION", NDR_PNP_UNREGISTERDEVICECLASSASSOCIATION, api_PNP_UnregisterDeviceClassAssociation},
+	{"PNP_GETCLASSREGPROP", NDR_PNP_GETCLASSREGPROP, api_PNP_GetClassRegProp},
+	{"PNP_SETCLASSREGPROP", NDR_PNP_SETCLASSREGPROP, api_PNP_SetClassRegProp},
+	{"PNP_CREATEDEVINST", NDR_PNP_CREATEDEVINST, api_PNP_CreateDevInst},
+	{"PNP_DEVICEINSTANCEACTION", NDR_PNP_DEVICEINSTANCEACTION, api_PNP_DeviceInstanceAction},
+	{"PNP_GETDEVICESTATUS", NDR_PNP_GETDEVICESTATUS, api_PNP_GetDeviceStatus},
+	{"PNP_SETDEVICEPROBLEM", NDR_PNP_SETDEVICEPROBLEM, api_PNP_SetDeviceProblem},
+	{"PNP_DISABLEDEVINST", NDR_PNP_DISABLEDEVINST, api_PNP_DisableDevInst},
+	{"PNP_UNINSTALLDEVINST", NDR_PNP_UNINSTALLDEVINST, api_PNP_UninstallDevInst},
+	{"PNP_ADDID", NDR_PNP_ADDID, api_PNP_AddID},
+	{"PNP_REGISTERDRIVER", NDR_PNP_REGISTERDRIVER, api_PNP_RegisterDriver},
+	{"PNP_QUERYREMOVE", NDR_PNP_QUERYREMOVE, api_PNP_QueryRemove},
+	{"PNP_REQUESTDEVICEEJECT", NDR_PNP_REQUESTDEVICEEJECT, api_PNP_RequestDeviceEject},
+	{"PNP_ISDOCKSTATIONPRESENT", NDR_PNP_ISDOCKSTATIONPRESENT, api_PNP_IsDockStationPresent},
+	{"PNP_REQUESTEJECTPC", NDR_PNP_REQUESTEJECTPC, api_PNP_RequestEjectPC},
+	{"PNP_HWPROFFLAGS", NDR_PNP_HWPROFFLAGS, api_PNP_HwProfFlags},
+	{"PNP_GETHWPROFINFO", NDR_PNP_GETHWPROFINFO, api_PNP_GetHwProfInfo},
+	{"PNP_ADDEMPTYLOGCONF", NDR_PNP_ADDEMPTYLOGCONF, api_PNP_AddEmptyLogConf},
+	{"PNP_FREELOGCONF", NDR_PNP_FREELOGCONF, api_PNP_FreeLogConf},
+	{"PNP_GETFIRSTLOGCONF", NDR_PNP_GETFIRSTLOGCONF, api_PNP_GetFirstLogConf},
+	{"PNP_GETNEXTLOGCONF", NDR_PNP_GETNEXTLOGCONF, api_PNP_GetNextLogConf},
+	{"PNP_GETLOGCONFPRIORITY", NDR_PNP_GETLOGCONFPRIORITY, api_PNP_GetLogConfPriority},
+	{"PNP_ADDRESDES", NDR_PNP_ADDRESDES, api_PNP_AddResDes},
+	{"PNP_FREERESDES", NDR_PNP_FREERESDES, api_PNP_FreeResDes},
+	{"PNP_GETNEXTRESDES", NDR_PNP_GETNEXTRESDES, api_PNP_GetNextResDes},
+	{"PNP_GETRESDESDATA", NDR_PNP_GETRESDESDATA, api_PNP_GetResDesData},
+	{"PNP_GETRESDESDATASIZE", NDR_PNP_GETRESDESDATASIZE, api_PNP_GetResDesDataSize},
+	{"PNP_MODIFYRESDES", NDR_PNP_MODIFYRESDES, api_PNP_ModifyResDes},
+	{"PNP_DETECTRESOURCELIMIT", NDR_PNP_DETECTRESOURCELIMIT, api_PNP_DetectResourceLimit},
+	{"PNP_QUERYRESCONFLIST", NDR_PNP_QUERYRESCONFLIST, api_PNP_QueryResConfList},
+	{"PNP_SETHWPROF", NDR_PNP_SETHWPROF, api_PNP_SetHwProf},
+	{"PNP_QUERYARBITRATORFREEDATA", NDR_PNP_QUERYARBITRATORFREEDATA, api_PNP_QueryArbitratorFreeData},
+	{"PNP_QUERYARBITRATORFREESIZE", NDR_PNP_QUERYARBITRATORFREESIZE, api_PNP_QueryArbitratorFreeSize},
+	{"PNP_RUNDETECTION", NDR_PNP_RUNDETECTION, api_PNP_RunDetection},
+	{"PNP_REGISTERNOTIFICATION", NDR_PNP_REGISTERNOTIFICATION, api_PNP_RegisterNotification},
+	{"PNP_UNREGISTERNOTIFICATION", NDR_PNP_UNREGISTERNOTIFICATION, api_PNP_UnregisterNotification},
+	{"PNP_GETCUSTOMDEVPROP", NDR_PNP_GETCUSTOMDEVPROP, api_PNP_GetCustomDevProp},
+	{"PNP_GETVERSIONINTERNAL", NDR_PNP_GETVERSIONINTERNAL, api_PNP_GetVersionInternal},
+	{"PNP_GETBLOCKEDDRIVERINFO", NDR_PNP_GETBLOCKEDDRIVERINFO, api_PNP_GetBlockedDriverInfo},
+	{"PNP_GETSERVERSIDEDEVICEINSTALLFLAGS", NDR_PNP_GETSERVERSIDEDEVICEINSTALLFLAGS, api_PNP_GetServerSideDeviceInstallFlags},
+};
+
+void ntsvcs_get_pipe_fns(struct api_struct **fns, int *n_fns)
+{
+	*fns = api_ntsvcs_cmds;
+	*n_fns = sizeof(api_ntsvcs_cmds) / sizeof(struct api_struct);
+}
+
+NTSTATUS rpc_ntsvcs_init(void)
+{
+	return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "ntsvcs", "ntsvcs", api_ntsvcs_cmds, sizeof(api_ntsvcs_cmds) / sizeof(struct api_struct));
+}
diff --git a/source3/librpc/gen_ndr/srv_ntsvcs.h b/source3/librpc/gen_ndr/srv_ntsvcs.h
new file mode 100644
index 0000000000..c3969b11da
--- /dev/null
+++ b/source3/librpc/gen_ndr/srv_ntsvcs.h
@@ -0,0 +1,71 @@
+#include "librpc/gen_ndr/ndr_ntsvcs.h"
+#ifndef __SRV_NTSVCS__
+#define __SRV_NTSVCS__
+WERROR _PNP_Disconnect(pipes_struct *p, struct PNP_Disconnect *r);
+WERROR _PNP_Connect(pipes_struct *p, struct PNP_Connect *r);
+WERROR _PNP_GetVersion(pipes_struct *p, struct PNP_GetVersion *r);
+WERROR _PNP_GetGlobalState(pipes_struct *p, struct PNP_GetGlobalState *r);
+WERROR _PNP_InitDetection(pipes_struct *p, struct PNP_InitDetection *r);
+WERROR _PNP_ReportLogOn(pipes_struct *p, struct PNP_ReportLogOn *r);
+WERROR _PNP_ValidateDeviceInstance(pipes_struct *p, struct PNP_ValidateDeviceInstance *r);
+WERROR _PNP_GetRootDeviceInstance(pipes_struct *p, struct PNP_GetRootDeviceInstance *r);
+WERROR _PNP_GetRelatedDeviceInstance(pipes_struct *p, struct PNP_GetRelatedDeviceInstance *r);
+WERROR _PNP_EnumerateSubKeys(pipes_struct *p, struct PNP_EnumerateSubKeys *r);
+WERROR _PNP_GetDeviceList(pipes_struct *p, struct PNP_GetDeviceList *r);
+WERROR _PNP_GetDeviceListSize(pipes_struct *p, struct PNP_GetDeviceListSize *r);
+WERROR _PNP_GetDepth(pipes_struct *p, struct PNP_GetDepth *r);
+WERROR _PNP_GetDeviceRegProp(pipes_struct *p, struct PNP_GetDeviceRegProp *r);
+WERROR _PNP_SetDeviceRegProp(pipes_struct *p, struct PNP_SetDeviceRegProp *r);
+WERROR _PNP_GetClassInstance(pipes_struct *p, struct PNP_GetClassInstance *r);
+WERROR _PNP_CreateKey(pipes_struct *p, struct PNP_CreateKey *r);
+WERROR _PNP_DeleteRegistryKey(pipes_struct *p, struct PNP_DeleteRegistryKey *r);
+WERROR _PNP_GetClassCount(pipes_struct *p, struct PNP_GetClassCount *r);
+WERROR _PNP_GetClassName(pipes_struct *p, struct PNP_GetClassName *r);
+WERROR _PNP_DeleteClassKey(pipes_struct *p, struct PNP_DeleteClassKey *r);
+WERROR _PNP_GetInterfaceDeviceAlias(pipes_struct *p, struct PNP_GetInterfaceDeviceAlias *r);
+WERROR _PNP_GetInterfaceDeviceList(pipes_struct *p, struct PNP_GetInterfaceDeviceList *r);
+WERROR _PNP_GetInterfaceDeviceListSize(pipes_struct *p, struct PNP_GetInterfaceDeviceListSize *r);
+WERROR _PNP_RegisterDeviceClassAssociation(pipes_struct *p, struct PNP_RegisterDeviceClassAssociation *r);
+WERROR _PNP_UnregisterDeviceClassAssociation(pipes_struct *p, struct PNP_UnregisterDeviceClassAssociation *r);
+WERROR _PNP_GetClassRegProp(pipes_struct *p, struct PNP_GetClassRegProp *r);
+WERROR _PNP_SetClassRegProp(pipes_struct *p, struct PNP_SetClassRegProp *r);
+WERROR _PNP_CreateDevInst(pipes_struct *p, struct PNP_CreateDevInst *r);
+WERROR _PNP_DeviceInstanceAction(pipes_struct *p, struct PNP_DeviceInstanceAction *r);
+WERROR _PNP_GetDeviceStatus(pipes_struct *p, struct PNP_GetDeviceStatus *r);
+WERROR _PNP_SetDeviceProblem(pipes_struct *p, struct PNP_SetDeviceProblem *r);
+WERROR _PNP_DisableDevInst(pipes_struct *p, struct PNP_DisableDevInst *r);
+WERROR _PNP_UninstallDevInst(pipes_struct *p, struct PNP_UninstallDevInst *r);
+WERROR _PNP_AddID(pipes_struct *p, struct PNP_AddID *r);
+WERROR _PNP_RegisterDriver(pipes_struct *p, struct PNP_RegisterDriver *r);
+WERROR _PNP_QueryRemove(pipes_struct *p, struct PNP_QueryRemove *r);
+WERROR _PNP_RequestDeviceEject(pipes_struct *p, struct PNP_RequestDeviceEject *r);
+WERROR _PNP_IsDockStationPresent(pipes_struct *p, struct PNP_IsDockStationPresent *r);
+WERROR _PNP_RequestEjectPC(pipes_struct *p, struct PNP_RequestEjectPC *r);
+WERROR _PNP_HwProfFlags(pipes_struct *p, struct PNP_HwProfFlags *r);
+WERROR _PNP_GetHwProfInfo(pipes_struct *p, struct PNP_GetHwProfInfo *r);
+WERROR _PNP_AddEmptyLogConf(pipes_struct *p, struct PNP_AddEmptyLogConf *r);
+WERROR _PNP_FreeLogConf(pipes_struct *p, struct PNP_FreeLogConf *r);
+WERROR _PNP_GetFirstLogConf(pipes_struct *p, struct PNP_GetFirstLogConf *r);
+WERROR _PNP_GetNextLogConf(pipes_struct *p, struct PNP_GetNextLogConf *r);
+WERROR _PNP_GetLogConfPriority(pipes_struct *p, struct PNP_GetLogConfPriority *r);
+WERROR _PNP_AddResDes(pipes_struct *p, struct PNP_AddResDes *r);
+WERROR _PNP_FreeResDes(pipes_struct *p, struct PNP_FreeResDes *r);
+WERROR _PNP_GetNextResDes(pipes_struct *p, struct PNP_GetNextResDes *r);
+WERROR _PNP_GetResDesData(pipes_struct *p, struct PNP_GetResDesData *r);
+WERROR _PNP_GetResDesDataSize(pipes_struct *p, struct PNP_GetResDesDataSize *r);
+WERROR _PNP_ModifyResDes(pipes_struct *p, struct PNP_ModifyResDes *r);
+WERROR _PNP_DetectResourceLimit(pipes_struct *p, struct PNP_DetectResourceLimit *r);
+WERROR _PNP_QueryResConfList(pipes_struct *p, struct PNP_QueryResConfList *r);
+WERROR _PNP_SetHwProf(pipes_struct *p, struct PNP_SetHwProf *r);
+WERROR _PNP_QueryArbitratorFreeData(pipes_struct *p, struct PNP_QueryArbitratorFreeData *r);
+WERROR _PNP_QueryArbitratorFreeSize(pipes_struct *p, struct PNP_QueryArbitratorFreeSize *r);
+WERROR _PNP_RunDetection(pipes_struct *p, struct PNP_RunDetection *r);
+WERROR _PNP_RegisterNotification(pipes_struct *p, struct PNP_RegisterNotification *r);
+WERROR _PNP_UnregisterNotification(pipes_struct *p, struct PNP_UnregisterNotification *r);
+WERROR _PNP_GetCustomDevProp(pipes_struct *p, struct PNP_GetCustomDevProp *r);
+WERROR _PNP_GetVersionInternal(pipes_struct *p, struct PNP_GetVersionInternal *r);
+WERROR _PNP_GetBlockedDriverInfo(pipes_struct *p, struct PNP_GetBlockedDriverInfo *r);
+WERROR _PNP_GetServerSideDeviceInstallFlags(pipes_struct *p, struct PNP_GetServerSideDeviceInstallFlags *r);
+void ntsvcs_get_pipe_fns(struct api_struct **fns, int *n_fns);
+NTSTATUS rpc_ntsvcs_init(void);
+#endif /* __SRV_NTSVCS__ */
diff --git a/source3/librpc/gen_ndr/srv_samr.c b/source3/librpc/gen_ndr/srv_samr.c
new file mode 100644
index 0000000000..3994587981
--- /dev/null
+++ b/source3/librpc/gen_ndr/srv_samr.c
@@ -0,0 +1,5482 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * server auto-generated by pidl. DO NOT MODIFY!
+ */
+
+#include "includes.h"
+#include "librpc/gen_ndr/srv_samr.h"
+
+static bool api_samr_Connect(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_Connect *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_CONNECT];
+
+	r = talloc(talloc_tos(), struct samr_Connect);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_Connect, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.connect_handle = talloc_zero(r, struct policy_handle);
+	if (r->out.connect_handle == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_Connect(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_Connect, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_Close(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_Close *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_CLOSE];
+
+	r = talloc(talloc_tos(), struct samr_Close);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_Close, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.handle = r->in.handle;
+	r->out.result = _samr_Close(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_Close, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_SetSecurity(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_SetSecurity *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_SETSECURITY];
+
+	r = talloc(talloc_tos(), struct samr_SetSecurity);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_SetSecurity, r);
+	}
+
+	r->out.result = _samr_SetSecurity(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_SetSecurity, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_QuerySecurity(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_QuerySecurity *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_QUERYSECURITY];
+
+	r = talloc(talloc_tos(), struct samr_QuerySecurity);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QuerySecurity, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.sdbuf = talloc_zero(r, struct sec_desc_buf *);
+	if (r->out.sdbuf == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_QuerySecurity(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QuerySecurity, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_Shutdown(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_Shutdown *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_SHUTDOWN];
+
+	r = talloc(talloc_tos(), struct samr_Shutdown);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_Shutdown, r);
+	}
+
+	r->out.result = _samr_Shutdown(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_Shutdown, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_LookupDomain(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_LookupDomain *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_LOOKUPDOMAIN];
+
+	r = talloc(talloc_tos(), struct samr_LookupDomain);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_LookupDomain, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.sid = talloc_zero(r, struct dom_sid2 *);
+	if (r->out.sid == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_LookupDomain(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_LookupDomain, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_EnumDomains(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_EnumDomains *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_ENUMDOMAINS];
+
+	r = talloc(talloc_tos(), struct samr_EnumDomains);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_EnumDomains, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.resume_handle = r->in.resume_handle;
+	r->out.sam = talloc_zero(r, struct samr_SamArray *);
+	if (r->out.sam == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.num_entries = talloc_zero(r, uint32_t);
+	if (r->out.num_entries == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_EnumDomains(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_EnumDomains, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_OpenDomain(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_OpenDomain *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_OPENDOMAIN];
+
+	r = talloc(talloc_tos(), struct samr_OpenDomain);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_OpenDomain, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.domain_handle = talloc_zero(r, struct policy_handle);
+	if (r->out.domain_handle == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_OpenDomain(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_OpenDomain, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_QueryDomainInfo(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_QueryDomainInfo *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_QUERYDOMAININFO];
+
+	r = talloc(talloc_tos(), struct samr_QueryDomainInfo);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QueryDomainInfo, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.info = talloc_zero(r, union samr_DomainInfo *);
+	if (r->out.info == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_QueryDomainInfo(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QueryDomainInfo, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_SetDomainInfo(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_SetDomainInfo *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_SETDOMAININFO];
+
+	r = talloc(talloc_tos(), struct samr_SetDomainInfo);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_SetDomainInfo, r);
+	}
+
+	r->out.result = _samr_SetDomainInfo(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_SetDomainInfo, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_CreateDomainGroup(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_CreateDomainGroup *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_CREATEDOMAINGROUP];
+
+	r = talloc(talloc_tos(), struct samr_CreateDomainGroup);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_CreateDomainGroup, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.group_handle = talloc_zero(r, struct policy_handle);
+	if (r->out.group_handle == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.rid = talloc_zero(r, uint32_t);
+	if (r->out.rid == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_CreateDomainGroup(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_CreateDomainGroup, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_EnumDomainGroups(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_EnumDomainGroups *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_ENUMDOMAINGROUPS];
+
+	r = talloc(talloc_tos(), struct samr_EnumDomainGroups);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_EnumDomainGroups, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.resume_handle = r->in.resume_handle;
+	r->out.sam = talloc_zero(r, struct samr_SamArray *);
+	if (r->out.sam == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.num_entries = talloc_zero(r, uint32_t);
+	if (r->out.num_entries == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_EnumDomainGroups(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_EnumDomainGroups, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_CreateUser(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_CreateUser *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_CREATEUSER];
+
+	r = talloc(talloc_tos(), struct samr_CreateUser);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_CreateUser, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.user_handle = talloc_zero(r, struct policy_handle);
+	if (r->out.user_handle == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.rid = talloc_zero(r, uint32_t);
+	if (r->out.rid == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_CreateUser(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_CreateUser, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_EnumDomainUsers(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_EnumDomainUsers *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_ENUMDOMAINUSERS];
+
+	r = talloc(talloc_tos(), struct samr_EnumDomainUsers);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_EnumDomainUsers, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.resume_handle = r->in.resume_handle;
+	r->out.sam = talloc_zero(r, struct samr_SamArray *);
+	if (r->out.sam == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.num_entries = talloc_zero(r, uint32_t);
+	if (r->out.num_entries == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_EnumDomainUsers(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_EnumDomainUsers, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_CreateDomAlias(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_CreateDomAlias *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_CREATEDOMALIAS];
+
+	r = talloc(talloc_tos(), struct samr_CreateDomAlias);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_CreateDomAlias, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.alias_handle = talloc_zero(r, struct policy_handle);
+	if (r->out.alias_handle == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.rid = talloc_zero(r, uint32_t);
+	if (r->out.rid == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_CreateDomAlias(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_CreateDomAlias, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_EnumDomainAliases(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_EnumDomainAliases *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_ENUMDOMAINALIASES];
+
+	r = talloc(talloc_tos(), struct samr_EnumDomainAliases);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_EnumDomainAliases, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.resume_handle = r->in.resume_handle;
+	r->out.sam = talloc_zero(r, struct samr_SamArray *);
+	if (r->out.sam == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.num_entries = talloc_zero(r, uint32_t);
+	if (r->out.num_entries == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_EnumDomainAliases(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_EnumDomainAliases, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_GetAliasMembership(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_GetAliasMembership *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_GETALIASMEMBERSHIP];
+
+	r = talloc(talloc_tos(), struct samr_GetAliasMembership);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_GetAliasMembership, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.rids = talloc_zero(r, struct samr_Ids);
+	if (r->out.rids == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_GetAliasMembership(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_GetAliasMembership, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_LookupNames(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_LookupNames *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_LOOKUPNAMES];
+
+	r = talloc(talloc_tos(), struct samr_LookupNames);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_LookupNames, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.rids = talloc_zero(r, struct samr_Ids);
+	if (r->out.rids == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.types = talloc_zero(r, struct samr_Ids);
+	if (r->out.types == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_LookupNames(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_LookupNames, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_LookupRids(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_LookupRids *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_LOOKUPRIDS];
+
+	r = talloc(talloc_tos(), struct samr_LookupRids);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_LookupRids, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.names = talloc_zero(r, struct lsa_Strings);
+	if (r->out.names == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.types = talloc_zero(r, struct samr_Ids);
+	if (r->out.types == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_LookupRids(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_LookupRids, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_OpenGroup(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_OpenGroup *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_OPENGROUP];
+
+	r = talloc(talloc_tos(), struct samr_OpenGroup);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_OpenGroup, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.group_handle = talloc_zero(r, struct policy_handle);
+	if (r->out.group_handle == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_OpenGroup(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_OpenGroup, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_QueryGroupInfo(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_QueryGroupInfo *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_QUERYGROUPINFO];
+
+	r = talloc(talloc_tos(), struct samr_QueryGroupInfo);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QueryGroupInfo, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.info = talloc_zero(r, union samr_GroupInfo *);
+	if (r->out.info == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_QueryGroupInfo(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QueryGroupInfo, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_SetGroupInfo(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_SetGroupInfo *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_SETGROUPINFO];
+
+	r = talloc(talloc_tos(), struct samr_SetGroupInfo);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_SetGroupInfo, r);
+	}
+
+	r->out.result = _samr_SetGroupInfo(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_SetGroupInfo, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_AddGroupMember(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_AddGroupMember *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_ADDGROUPMEMBER];
+
+	r = talloc(talloc_tos(), struct samr_AddGroupMember);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_AddGroupMember, r);
+	}
+
+	r->out.result = _samr_AddGroupMember(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_AddGroupMember, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_DeleteDomainGroup(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_DeleteDomainGroup *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_DELETEDOMAINGROUP];
+
+	r = talloc(talloc_tos(), struct samr_DeleteDomainGroup);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_DeleteDomainGroup, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.group_handle = r->in.group_handle;
+	r->out.result = _samr_DeleteDomainGroup(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_DeleteDomainGroup, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_DeleteGroupMember(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_DeleteGroupMember *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_DELETEGROUPMEMBER];
+
+	r = talloc(talloc_tos(), struct samr_DeleteGroupMember);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_DeleteGroupMember, r);
+	}
+
+	r->out.result = _samr_DeleteGroupMember(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_DeleteGroupMember, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_QueryGroupMember(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_QueryGroupMember *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_QUERYGROUPMEMBER];
+
+	r = talloc(talloc_tos(), struct samr_QueryGroupMember);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QueryGroupMember, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.rids = talloc_zero(r, struct samr_RidTypeArray *);
+	if (r->out.rids == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_QueryGroupMember(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QueryGroupMember, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_SetMemberAttributesOfGroup(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_SetMemberAttributesOfGroup *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_SETMEMBERATTRIBUTESOFGROUP];
+
+	r = talloc(talloc_tos(), struct samr_SetMemberAttributesOfGroup);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_SetMemberAttributesOfGroup, r);
+	}
+
+	r->out.result = _samr_SetMemberAttributesOfGroup(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_SetMemberAttributesOfGroup, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_OpenAlias(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_OpenAlias *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_OPENALIAS];
+
+	r = talloc(talloc_tos(), struct samr_OpenAlias);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_OpenAlias, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.alias_handle = talloc_zero(r, struct policy_handle);
+	if (r->out.alias_handle == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_OpenAlias(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_OpenAlias, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_QueryAliasInfo(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_QueryAliasInfo *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_QUERYALIASINFO];
+
+	r = talloc(talloc_tos(), struct samr_QueryAliasInfo);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QueryAliasInfo, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.info = talloc_zero(r, union samr_AliasInfo *);
+	if (r->out.info == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_QueryAliasInfo(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QueryAliasInfo, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_SetAliasInfo(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_SetAliasInfo *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_SETALIASINFO];
+
+	r = talloc(talloc_tos(), struct samr_SetAliasInfo);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_SetAliasInfo, r);
+	}
+
+	r->out.result = _samr_SetAliasInfo(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_SetAliasInfo, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_DeleteDomAlias(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_DeleteDomAlias *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_DELETEDOMALIAS];
+
+	r = talloc(talloc_tos(), struct samr_DeleteDomAlias);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_DeleteDomAlias, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.alias_handle = r->in.alias_handle;
+	r->out.result = _samr_DeleteDomAlias(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_DeleteDomAlias, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_AddAliasMember(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_AddAliasMember *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_ADDALIASMEMBER];
+
+	r = talloc(talloc_tos(), struct samr_AddAliasMember);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_AddAliasMember, r);
+	}
+
+	r->out.result = _samr_AddAliasMember(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_AddAliasMember, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_DeleteAliasMember(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_DeleteAliasMember *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_DELETEALIASMEMBER];
+
+	r = talloc(talloc_tos(), struct samr_DeleteAliasMember);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_DeleteAliasMember, r);
+	}
+
+	r->out.result = _samr_DeleteAliasMember(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_DeleteAliasMember, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_GetMembersInAlias(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_GetMembersInAlias *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_GETMEMBERSINALIAS];
+
+	r = talloc(talloc_tos(), struct samr_GetMembersInAlias);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_GetMembersInAlias, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.sids = talloc_zero(r, struct lsa_SidArray);
+	if (r->out.sids == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_GetMembersInAlias(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_GetMembersInAlias, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_OpenUser(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_OpenUser *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_OPENUSER];
+
+	r = talloc(talloc_tos(), struct samr_OpenUser);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_OpenUser, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.user_handle = talloc_zero(r, struct policy_handle);
+	if (r->out.user_handle == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_OpenUser(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_OpenUser, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_DeleteUser(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_DeleteUser *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_DELETEUSER];
+
+	r = talloc(talloc_tos(), struct samr_DeleteUser);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_DeleteUser, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.user_handle = r->in.user_handle;
+	r->out.result = _samr_DeleteUser(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_DeleteUser, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_QueryUserInfo(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_QueryUserInfo *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_QUERYUSERINFO];
+
+	r = talloc(talloc_tos(), struct samr_QueryUserInfo);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QueryUserInfo, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.info = talloc_zero(r, union samr_UserInfo *);
+	if (r->out.info == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_QueryUserInfo(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QueryUserInfo, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_SetUserInfo(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_SetUserInfo *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_SETUSERINFO];
+
+	r = talloc(talloc_tos(), struct samr_SetUserInfo);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_SetUserInfo, r);
+	}
+
+	r->out.result = _samr_SetUserInfo(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_SetUserInfo, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_ChangePasswordUser(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_ChangePasswordUser *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_CHANGEPASSWORDUSER];
+
+	r = talloc(talloc_tos(), struct samr_ChangePasswordUser);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_ChangePasswordUser, r);
+	}
+
+	r->out.result = _samr_ChangePasswordUser(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_ChangePasswordUser, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_GetGroupsForUser(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_GetGroupsForUser *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_GETGROUPSFORUSER];
+
+	r = talloc(talloc_tos(), struct samr_GetGroupsForUser);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_GetGroupsForUser, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.rids = talloc_zero(r, struct samr_RidWithAttributeArray *);
+	if (r->out.rids == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_GetGroupsForUser(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_GetGroupsForUser, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_QueryDisplayInfo(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_QueryDisplayInfo *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_QUERYDISPLAYINFO];
+
+	r = talloc(talloc_tos(), struct samr_QueryDisplayInfo);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QueryDisplayInfo, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.total_size = talloc_zero(r, uint32_t);
+	if (r->out.total_size == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.returned_size = talloc_zero(r, uint32_t);
+	if (r->out.returned_size == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.info = talloc_zero(r, union samr_DispInfo);
+	if (r->out.info == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_QueryDisplayInfo(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QueryDisplayInfo, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_GetDisplayEnumerationIndex(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_GetDisplayEnumerationIndex *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_GETDISPLAYENUMERATIONINDEX];
+
+	r = talloc(talloc_tos(), struct samr_GetDisplayEnumerationIndex);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_GetDisplayEnumerationIndex, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.idx = talloc_zero(r, uint32_t);
+	if (r->out.idx == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_GetDisplayEnumerationIndex(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_GetDisplayEnumerationIndex, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_TestPrivateFunctionsDomain(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_TestPrivateFunctionsDomain *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_TESTPRIVATEFUNCTIONSDOMAIN];
+
+	r = talloc(talloc_tos(), struct samr_TestPrivateFunctionsDomain);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_TestPrivateFunctionsDomain, r);
+	}
+
+	r->out.result = _samr_TestPrivateFunctionsDomain(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_TestPrivateFunctionsDomain, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_TestPrivateFunctionsUser(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_TestPrivateFunctionsUser *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_TESTPRIVATEFUNCTIONSUSER];
+
+	r = talloc(talloc_tos(), struct samr_TestPrivateFunctionsUser);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_TestPrivateFunctionsUser, r);
+	}
+
+	r->out.result = _samr_TestPrivateFunctionsUser(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_TestPrivateFunctionsUser, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_GetUserPwInfo(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_GetUserPwInfo *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_GETUSERPWINFO];
+
+	r = talloc(talloc_tos(), struct samr_GetUserPwInfo);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_GetUserPwInfo, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.info = talloc_zero(r, struct samr_PwInfo);
+	if (r->out.info == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_GetUserPwInfo(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_GetUserPwInfo, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_RemoveMemberFromForeignDomain(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_RemoveMemberFromForeignDomain *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_REMOVEMEMBERFROMFOREIGNDOMAIN];
+
+	r = talloc(talloc_tos(), struct samr_RemoveMemberFromForeignDomain);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_RemoveMemberFromForeignDomain, r);
+	}
+
+	r->out.result = _samr_RemoveMemberFromForeignDomain(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_RemoveMemberFromForeignDomain, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_QueryDomainInfo2(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_QueryDomainInfo2 *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_QUERYDOMAININFO2];
+
+	r = talloc(talloc_tos(), struct samr_QueryDomainInfo2);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QueryDomainInfo2, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.info = talloc_zero(r, union samr_DomainInfo *);
+	if (r->out.info == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_QueryDomainInfo2(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QueryDomainInfo2, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_QueryUserInfo2(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_QueryUserInfo2 *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_QUERYUSERINFO2];
+
+	r = talloc(talloc_tos(), struct samr_QueryUserInfo2);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QueryUserInfo2, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.info = talloc_zero(r, union samr_UserInfo);
+	if (r->out.info == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_QueryUserInfo2(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QueryUserInfo2, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_QueryDisplayInfo2(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_QueryDisplayInfo2 *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_QUERYDISPLAYINFO2];
+
+	r = talloc(talloc_tos(), struct samr_QueryDisplayInfo2);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QueryDisplayInfo2, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.total_size = talloc_zero(r, uint32_t);
+	if (r->out.total_size == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.returned_size = talloc_zero(r, uint32_t);
+	if (r->out.returned_size == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.info = talloc_zero(r, union samr_DispInfo);
+	if (r->out.info == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_QueryDisplayInfo2(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QueryDisplayInfo2, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_GetDisplayEnumerationIndex2(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_GetDisplayEnumerationIndex2 *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_GETDISPLAYENUMERATIONINDEX2];
+
+	r = talloc(talloc_tos(), struct samr_GetDisplayEnumerationIndex2);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_GetDisplayEnumerationIndex2, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.idx = talloc_zero(r, uint32_t);
+	if (r->out.idx == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_GetDisplayEnumerationIndex2(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_GetDisplayEnumerationIndex2, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_CreateUser2(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_CreateUser2 *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_CREATEUSER2];
+
+	r = talloc(talloc_tos(), struct samr_CreateUser2);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_CreateUser2, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.user_handle = talloc_zero(r, struct policy_handle);
+	if (r->out.user_handle == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.access_granted = talloc_zero(r, uint32_t);
+	if (r->out.access_granted == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.rid = talloc_zero(r, uint32_t);
+	if (r->out.rid == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_CreateUser2(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_CreateUser2, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_QueryDisplayInfo3(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_QueryDisplayInfo3 *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_QUERYDISPLAYINFO3];
+
+	r = talloc(talloc_tos(), struct samr_QueryDisplayInfo3);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_QueryDisplayInfo3, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.total_size = talloc_zero(r, uint32_t);
+	if (r->out.total_size == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.returned_size = talloc_zero(r, uint32_t);
+	if (r->out.returned_size == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.info = talloc_zero(r, union samr_DispInfo);
+	if (r->out.info == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_QueryDisplayInfo3(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_QueryDisplayInfo3, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_AddMultipleMembersToAlias(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_AddMultipleMembersToAlias *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_ADDMULTIPLEMEMBERSTOALIAS];
+
+	r = talloc(talloc_tos(), struct samr_AddMultipleMembersToAlias);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_AddMultipleMembersToAlias, r);
+	}
+
+	r->out.result = _samr_AddMultipleMembersToAlias(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_AddMultipleMembersToAlias, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_RemoveMultipleMembersFromAlias(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_RemoveMultipleMembersFromAlias *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_REMOVEMULTIPLEMEMBERSFROMALIAS];
+
+	r = talloc(talloc_tos(), struct samr_RemoveMultipleMembersFromAlias);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_RemoveMultipleMembersFromAlias, r);
+	}
+
+	r->out.result = _samr_RemoveMultipleMembersFromAlias(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_RemoveMultipleMembersFromAlias, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_OemChangePasswordUser2(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_OemChangePasswordUser2 *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_OEMCHANGEPASSWORDUSER2];
+
+	r = talloc(talloc_tos(), struct samr_OemChangePasswordUser2);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_OemChangePasswordUser2, r);
+	}
+
+	r->out.result = _samr_OemChangePasswordUser2(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_OemChangePasswordUser2, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_ChangePasswordUser2(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_ChangePasswordUser2 *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_CHANGEPASSWORDUSER2];
+
+	r = talloc(talloc_tos(), struct samr_ChangePasswordUser2);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_ChangePasswordUser2, r);
+	}
+
+	r->out.result = _samr_ChangePasswordUser2(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_ChangePasswordUser2, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_GetDomPwInfo(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_GetDomPwInfo *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_GETDOMPWINFO];
+
+	r = talloc(talloc_tos(), struct samr_GetDomPwInfo);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_GetDomPwInfo, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.info = talloc_zero(r, struct samr_PwInfo);
+	if (r->out.info == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_GetDomPwInfo(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_GetDomPwInfo, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_Connect2(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_Connect2 *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_CONNECT2];
+
+	r = talloc(talloc_tos(), struct samr_Connect2);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_Connect2, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.connect_handle = talloc_zero(r, struct policy_handle);
+	if (r->out.connect_handle == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_Connect2(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_Connect2, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_SetUserInfo2(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_SetUserInfo2 *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_SETUSERINFO2];
+
+	r = talloc(talloc_tos(), struct samr_SetUserInfo2);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_SetUserInfo2, r);
+	}
+
+	r->out.result = _samr_SetUserInfo2(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_SetUserInfo2, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_SetBootKeyInformation(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_SetBootKeyInformation *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_SETBOOTKEYINFORMATION];
+
+	r = talloc(talloc_tos(), struct samr_SetBootKeyInformation);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_SetBootKeyInformation, r);
+	}
+
+	r->out.result = _samr_SetBootKeyInformation(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_SetBootKeyInformation, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_GetBootKeyInformation(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_GetBootKeyInformation *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_GETBOOTKEYINFORMATION];
+
+	r = talloc(talloc_tos(), struct samr_GetBootKeyInformation);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_GetBootKeyInformation, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.unknown = talloc_zero(r, uint32_t);
+	if (r->out.unknown == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_GetBootKeyInformation(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_GetBootKeyInformation, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_Connect3(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_Connect3 *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_CONNECT3];
+
+	r = talloc(talloc_tos(), struct samr_Connect3);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_Connect3, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.connect_handle = talloc_zero(r, struct policy_handle);
+	if (r->out.connect_handle == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_Connect3(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_Connect3, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_Connect4(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_Connect4 *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_CONNECT4];
+
+	r = talloc(talloc_tos(), struct samr_Connect4);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_Connect4, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.connect_handle = talloc_zero(r, struct policy_handle);
+	if (r->out.connect_handle == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_Connect4(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_Connect4, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_ChangePasswordUser3(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_ChangePasswordUser3 *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_CHANGEPASSWORDUSER3];
+
+	r = talloc(talloc_tos(), struct samr_ChangePasswordUser3);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_ChangePasswordUser3, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.dominfo = talloc_zero(r, struct samr_DomInfo1 *);
+	if (r->out.dominfo == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.reject = talloc_zero(r, struct samr_ChangeReject *);
+	if (r->out.reject == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_ChangePasswordUser3(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_ChangePasswordUser3, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_Connect5(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_Connect5 *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_CONNECT5];
+
+	r = talloc(talloc_tos(), struct samr_Connect5);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_Connect5, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.level_out = talloc_zero(r, uint32_t);
+	if (r->out.level_out == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.info_out = talloc_zero(r, union samr_ConnectInfo);
+	if (r->out.info_out == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.connect_handle = talloc_zero(r, struct policy_handle);
+	if (r->out.connect_handle == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_Connect5(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_Connect5, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_RidToSid(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_RidToSid *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_RIDTOSID];
+
+	r = talloc(talloc_tos(), struct samr_RidToSid);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_RidToSid, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.sid = talloc_zero(r, struct dom_sid2);
+	if (r->out.sid == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_RidToSid(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_RidToSid, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_SetDsrmPassword(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_SetDsrmPassword *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_SETDSRMPASSWORD];
+
+	r = talloc(talloc_tos(), struct samr_SetDsrmPassword);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_SetDsrmPassword, r);
+	}
+
+	r->out.result = _samr_SetDsrmPassword(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_SetDsrmPassword, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+static bool api_samr_ValidatePassword(pipes_struct *p)
+{
+	const struct ndr_interface_call *call;
+	struct ndr_pull *pull;
+	struct ndr_push *push;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct samr_ValidatePassword *r;
+
+	call = &ndr_table_samr.calls[NDR_SAMR_VALIDATEPASSWORD];
+
+	r = talloc(talloc_tos(), struct samr_ValidatePassword);
+	if (r == NULL) {
+		return false;
+	}
+
+	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull = ndr_pull_init_blob(&blob, r);
+	if (pull == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
+	ndr_err = call->ndr_pull(pull, NDR_IN, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_IN_DEBUG(samr_ValidatePassword, r);
+	}
+
+	ZERO_STRUCT(r->out);
+	r->out.rep = talloc_zero(r, union samr_ValidatePasswordRep);
+	if (r->out.rep == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.result = _samr_ValidatePassword(p, r);
+
+	if (p->rng_fault_state) {
+		talloc_free(r);
+		/* Return true here, srv_pipe_hnd.c will take care */
+		return true;
+	}
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_OUT_DEBUG(samr_ValidatePassword, r);
+	}
+
+	push = ndr_push_init_ctx(r);
+	if (push == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	ndr_err = call->ndr_push(push, NDR_OUT, r);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		talloc_free(r);
+		return false;
+	}
+
+	blob = ndr_push_blob(push);
+	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
+		talloc_free(r);
+		return false;
+	}
+
+	talloc_free(r);
+
+	return true;
+}
+
+
+/* Tables */
+static struct api_struct api_samr_cmds[] = 
+{
+	{"SAMR_CONNECT", NDR_SAMR_CONNECT, api_samr_Connect},
+	{"SAMR_CLOSE", NDR_SAMR_CLOSE, api_samr_Close},
+	{"SAMR_SETSECURITY", NDR_SAMR_SETSECURITY, api_samr_SetSecurity},
+	{"SAMR_QUERYSECURITY", NDR_SAMR_QUERYSECURITY, api_samr_QuerySecurity},
+	{"SAMR_SHUTDOWN", NDR_SAMR_SHUTDOWN, api_samr_Shutdown},
+	{"SAMR_LOOKUPDOMAIN", NDR_SAMR_LOOKUPDOMAIN, api_samr_LookupDomain},
+	{"SAMR_ENUMDOMAINS", NDR_SAMR_ENUMDOMAINS, api_samr_EnumDomains},
+	{"SAMR_OPENDOMAIN", NDR_SAMR_OPENDOMAIN, api_samr_OpenDomain},
+	{"SAMR_QUERYDOMAININFO", NDR_SAMR_QUERYDOMAININFO, api_samr_QueryDomainInfo},
+	{"SAMR_SETDOMAININFO", NDR_SAMR_SETDOMAININFO, api_samr_SetDomainInfo},
+	{"SAMR_CREATEDOMAINGROUP", NDR_SAMR_CREATEDOMAINGROUP, api_samr_CreateDomainGroup},
+	{"SAMR_ENUMDOMAINGROUPS", NDR_SAMR_ENUMDOMAINGROUPS, api_samr_EnumDomainGroups},
+	{"SAMR_CREATEUSER", NDR_SAMR_CREATEUSER, api_samr_CreateUser},
+	{"SAMR_ENUMDOMAINUSERS", NDR_SAMR_ENUMDOMAINUSERS, api_samr_EnumDomainUsers},
+	{"SAMR_CREATEDOMALIAS", NDR_SAMR_CREATEDOMALIAS, api_samr_CreateDomAlias},
+	{"SAMR_ENUMDOMAINALIASES", NDR_SAMR_ENUMDOMAINALIASES, api_samr_EnumDomainAliases},
+	{"SAMR_GETALIASMEMBERSHIP", NDR_SAMR_GETALIASMEMBERSHIP, api_samr_GetAliasMembership},
+	{"SAMR_LOOKUPNAMES", NDR_SAMR_LOOKUPNAMES, api_samr_LookupNames},
+	{"SAMR_LOOKUPRIDS", NDR_SAMR_LOOKUPRIDS, api_samr_LookupRids},
+	{"SAMR_OPENGROUP", NDR_SAMR_OPENGROUP, api_samr_OpenGroup},
+	{"SAMR_QUERYGROUPINFO", NDR_SAMR_QUERYGROUPINFO, api_samr_QueryGroupInfo},
+	{"SAMR_SETGROUPINFO", NDR_SAMR_SETGROUPINFO, api_samr_SetGroupInfo},
+	{"SAMR_ADDGROUPMEMBER", NDR_SAMR_ADDGROUPMEMBER, api_samr_AddGroupMember},
+	{"SAMR_DELETEDOMAINGROUP", NDR_SAMR_DELETEDOMAINGROUP, api_samr_DeleteDomainGroup},
+	{"SAMR_DELETEGROUPMEMBER", NDR_SAMR_DELETEGROUPMEMBER, api_samr_DeleteGroupMember},
+	{"SAMR_QUERYGROUPMEMBER", NDR_SAMR_QUERYGROUPMEMBER, api_samr_QueryGroupMember},
+	{"SAMR_SETMEMBERATTRIBUTESOFGROUP", NDR_SAMR_SETMEMBERATTRIBUTESOFGROUP, api_samr_SetMemberAttributesOfGroup},
+	{"SAMR_OPENALIAS", NDR_SAMR_OPENALIAS, api_samr_OpenAlias},
+	{"SAMR_QUERYALIASINFO", NDR_SAMR_QUERYALIASINFO, api_samr_QueryAliasInfo},
+	{"SAMR_SETALIASINFO", NDR_SAMR_SETALIASINFO, api_samr_SetAliasInfo},
+	{"SAMR_DELETEDOMALIAS", NDR_SAMR_DELETEDOMALIAS, api_samr_DeleteDomAlias},
+	{"SAMR_ADDALIASMEMBER", NDR_SAMR_ADDALIASMEMBER, api_samr_AddAliasMember},
+	{"SAMR_DELETEALIASMEMBER", NDR_SAMR_DELETEALIASMEMBER, api_samr_DeleteAliasMember},
+	{"SAMR_GETMEMBERSINALIAS", NDR_SAMR_GETMEMBERSINALIAS, api_samr_GetMembersInAlias},
+	{"SAMR_OPENUSER", NDR_SAMR_OPENUSER, api_samr_OpenUser},
+	{"SAMR_DELETEUSER", NDR_SAMR_DELETEUSER, api_samr_DeleteUser},
+	{"SAMR_QUERYUSERINFO", NDR_SAMR_QUERYUSERINFO, api_samr_QueryUserInfo},
+	{"SAMR_SETUSERINFO", NDR_SAMR_SETUSERINFO, api_samr_SetUserInfo},
+	{"SAMR_CHANGEPASSWORDUSER", NDR_SAMR_CHANGEPASSWORDUSER, api_samr_ChangePasswordUser},
+	{"SAMR_GETGROUPSFORUSER", NDR_SAMR_GETGROUPSFORUSER, api_samr_GetGroupsForUser},
+	{"SAMR_QUERYDISPLAYINFO", NDR_SAMR_QUERYDISPLAYINFO, api_samr_QueryDisplayInfo},
+	{"SAMR_GETDISPLAYENUMERATIONINDEX", NDR_SAMR_GETDISPLAYENUMERATIONINDEX, api_samr_GetDisplayEnumerationIndex},
+	{"SAMR_TESTPRIVATEFUNCTIONSDOMAIN", NDR_SAMR_TESTPRIVATEFUNCTIONSDOMAIN, api_samr_TestPrivateFunctionsDomain},
+	{"SAMR_TESTPRIVATEFUNCTIONSUSER", NDR_SAMR_TESTPRIVATEFUNCTIONSUSER, api_samr_TestPrivateFunctionsUser},
+	{"SAMR_GETUSERPWINFO", NDR_SAMR_GETUSERPWINFO, api_samr_GetUserPwInfo},
+	{"SAMR_REMOVEMEMBERFROMFOREIGNDOMAIN", NDR_SAMR_REMOVEMEMBERFROMFOREIGNDOMAIN, api_samr_RemoveMemberFromForeignDomain},
+	{"SAMR_QUERYDOMAININFO2", NDR_SAMR_QUERYDOMAININFO2, api_samr_QueryDomainInfo2},
+	{"SAMR_QUERYUSERINFO2", NDR_SAMR_QUERYUSERINFO2, api_samr_QueryUserInfo2},
+	{"SAMR_QUERYDISPLAYINFO2", NDR_SAMR_QUERYDISPLAYINFO2, api_samr_QueryDisplayInfo2},
+	{"SAMR_GETDISPLAYENUMERATIONINDEX2", NDR_SAMR_GETDISPLAYENUMERATIONINDEX2, api_samr_GetDisplayEnumerationIndex2},
+	{"SAMR_CREATEUSER2", NDR_SAMR_CREATEUSER2, api_samr_CreateUser2},
+	{"SAMR_QUERYDISPLAYINFO3", NDR_SAMR_QUERYDISPLAYINFO3, api_samr_QueryDisplayInfo3},
+	{"SAMR_ADDMULTIPLEMEMBERSTOALIAS", NDR_SAMR_ADDMULTIPLEMEMBERSTOALIAS, api_samr_AddMultipleMembersToAlias},
+	{"SAMR_REMOVEMULTIPLEMEMBERSFROMALIAS", NDR_SAMR_REMOVEMULTIPLEMEMBERSFROMALIAS, api_samr_RemoveMultipleMembersFromAlias},
+	{"SAMR_OEMCHANGEPASSWORDUSER2", NDR_SAMR_OEMCHANGEPASSWORDUSER2, api_samr_OemChangePasswordUser2},
+	{"SAMR_CHANGEPASSWORDUSER2", NDR_SAMR_CHANGEPASSWORDUSER2, api_samr_ChangePasswordUser2},
+	{"SAMR_GETDOMPWINFO", NDR_SAMR_GETDOMPWINFO, api_samr_GetDomPwInfo},
+	{"SAMR_CONNECT2", NDR_SAMR_CONNECT2, api_samr_Connect2},
+	{"SAMR_SETUSERINFO2", NDR_SAMR_SETUSERINFO2, api_samr_SetUserInfo2},
+	{"SAMR_SETBOOTKEYINFORMATION", NDR_SAMR_SETBOOTKEYINFORMATION, api_samr_SetBootKeyInformation},
+	{"SAMR_GETBOOTKEYINFORMATION", NDR_SAMR_GETBOOTKEYINFORMATION, api_samr_GetBootKeyInformation},
+	{"SAMR_CONNECT3", NDR_SAMR_CONNECT3, api_samr_Connect3},
+	{"SAMR_CONNECT4", NDR_SAMR_CONNECT4, api_samr_Connect4},
+	{"SAMR_CHANGEPASSWORDUSER3", NDR_SAMR_CHANGEPASSWORDUSER3, api_samr_ChangePasswordUser3},
+	{"SAMR_CONNECT5", NDR_SAMR_CONNECT5, api_samr_Connect5},
+	{"SAMR_RIDTOSID", NDR_SAMR_RIDTOSID, api_samr_RidToSid},
+	{"SAMR_SETDSRMPASSWORD", NDR_SAMR_SETDSRMPASSWORD, api_samr_SetDsrmPassword},
+	{"SAMR_VALIDATEPASSWORD", NDR_SAMR_VALIDATEPASSWORD, api_samr_ValidatePassword},
+};
+
+void samr_get_pipe_fns(struct api_struct **fns, int *n_fns)
+{
+	*fns = api_samr_cmds;
+	*n_fns = sizeof(api_samr_cmds) / sizeof(struct api_struct);
+}
+
+NTSTATUS rpc_samr_init(void)
+{
+	return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "samr", "samr", api_samr_cmds, sizeof(api_samr_cmds) / sizeof(struct api_struct));
+}
diff --git a/source3/librpc/gen_ndr/srv_samr.h b/source3/librpc/gen_ndr/srv_samr.h
new file mode 100644
index 0000000000..7d5cdd745d
--- /dev/null
+++ b/source3/librpc/gen_ndr/srv_samr.h
@@ -0,0 +1,74 @@
+#include "librpc/gen_ndr/ndr_samr.h"
+#ifndef __SRV_SAMR__
+#define __SRV_SAMR__
+NTSTATUS _samr_Connect(pipes_struct *p, struct samr_Connect *r);
+NTSTATUS _samr_Close(pipes_struct *p, struct samr_Close *r);
+NTSTATUS _samr_SetSecurity(pipes_struct *p, struct samr_SetSecurity *r);
+NTSTATUS _samr_QuerySecurity(pipes_struct *p, struct samr_QuerySecurity *r);
+NTSTATUS _samr_Shutdown(pipes_struct *p, struct samr_Shutdown *r);
+NTSTATUS _samr_LookupDomain(pipes_struct *p, struct samr_LookupDomain *r);
+NTSTATUS _samr_EnumDomains(pipes_struct *p, struct samr_EnumDomains *r);
+NTSTATUS _samr_OpenDomain(pipes_struct *p, struct samr_OpenDomain *r);
+NTSTATUS _samr_QueryDomainInfo(pipes_struct *p, struct samr_QueryDomainInfo *r);
+NTSTATUS _samr_SetDomainInfo(pipes_struct *p, struct samr_SetDomainInfo *r);
+NTSTATUS _samr_CreateDomainGroup(pipes_struct *p, struct samr_CreateDomainGroup *r);
+NTSTATUS _samr_EnumDomainGroups(pipes_struct *p, struct samr_EnumDomainGroups *r);
+NTSTATUS _samr_CreateUser(pipes_struct *p, struct samr_CreateUser *r);
+NTSTATUS _samr_EnumDomainUsers(pipes_struct *p, struct samr_EnumDomainUsers *r);
+NTSTATUS _samr_CreateDomAlias(pipes_struct *p, struct samr_CreateDomAlias *r);
+NTSTATUS _samr_EnumDomainAliases(pipes_struct *p, struct samr_EnumDomainAliases *r);
+NTSTATUS _samr_GetAliasMembership(pipes_struct *p, struct samr_GetAliasMembership *r);
+NTSTATUS _samr_LookupNames(pipes_struct *p, struct samr_LookupNames *r);
+NTSTATUS _samr_LookupRids(pipes_struct *p, struct samr_LookupRids *r);
+NTSTATUS _samr_OpenGroup(pipes_struct *p, struct samr_OpenGroup *r);
+NTSTATUS _samr_QueryGroupInfo(pipes_struct *p, struct samr_QueryGroupInfo *r);
+NTSTATUS _samr_SetGroupInfo(pipes_struct *p, struct samr_SetGroupInfo *r);
+NTSTATUS _samr_AddGroupMember(pipes_struct *p, struct samr_AddGroupMember *r);
+NTSTATUS _samr_DeleteDomainGroup(pipes_struct *p, struct samr_DeleteDomainGroup *r);
+NTSTATUS _samr_DeleteGroupMember(pipes_struct *p, struct samr_DeleteGroupMember *r);
+NTSTATUS _samr_QueryGroupMember(pipes_struct *p, struct samr_QueryGroupMember *r);
+NTSTATUS _samr_SetMemberAttributesOfGroup(pipes_struct *p, struct samr_SetMemberAttributesOfGroup *r);
+NTSTATUS _samr_OpenAlias(pipes_struct *p, struct samr_OpenAlias *r);
+NTSTATUS _samr_QueryAliasInfo(pipes_struct *p, struct samr_QueryAliasInfo *r);
+NTSTATUS _samr_SetAliasInfo(pipes_struct *p, struct samr_SetAliasInfo *r);
+NTSTATUS _samr_DeleteDomAlias(pipes_struct *p, struct samr_DeleteDomAlias *r);
+NTSTATUS _samr_AddAliasMember(pipes_struct *p, struct samr_AddAliasMember *r);
+NTSTATUS _samr_DeleteAliasMember(pipes_struct *p, struct samr_DeleteAliasMember *r);
+NTSTATUS _samr_GetMembersInAlias(pipes_struct *p, struct samr_GetMembersInAlias *r);
+NTSTATUS _samr_OpenUser(pipes_struct *p, struct samr_OpenUser *r);
+NTSTATUS _samr_DeleteUser(pipes_struct *p, struct samr_DeleteUser *r);
+NTSTATUS _samr_QueryUserInfo(pipes_struct *p, struct samr_QueryUserInfo *r);
+NTSTATUS _samr_SetUserInfo(pipes_struct *p, struct samr_SetUserInfo *r);
+NTSTATUS _samr_ChangePasswordUser(pipes_struct *p, struct samr_ChangePasswordUser *r);
+NTSTATUS _samr_GetGroupsForUser(pipes_struct *p, struct samr_GetGroupsForUser *r);
+NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p, struct samr_QueryDisplayInfo *r);
+NTSTATUS _samr_GetDisplayEnumerationIndex(pipes_struct *p, struct samr_GetDisplayEnumerationIndex *r);
+NTSTATUS _samr_TestPrivateFunctionsDomain(pipes_struct *p, struct samr_TestPrivateFunctionsDomain *r);
+NTSTATUS _samr_TestPrivateFunctionsUser(pipes_struct *p, struct samr_TestPrivateFunctionsUser *r);
+NTSTATUS _samr_GetUserPwInfo(pipes_struct *p, struct samr_GetUserPwInfo *r);
+NTSTATUS _samr_RemoveMemberFromForeignDomain(pipes_struct *p, struct samr_RemoveMemberFromForeignDomain *r);
+NTSTATUS _samr_QueryDomainInfo2(pipes_struct *p, struct samr_QueryDomainInfo2 *r);
+NTSTATUS _samr_QueryUserInfo2(pipes_struct *p, struct samr_QueryUserInfo2 *r);
+NTSTATUS _samr_QueryDisplayInfo2(pipes_struct *p, struct samr_QueryDisplayInfo2 *r);
+NTSTATUS _samr_GetDisplayEnumerationIndex2(pipes_struct *p, struct samr_GetDisplayEnumerationIndex2 *r);
+NTSTATUS _samr_CreateUser2(pipes_struct *p, struct samr_CreateUser2 *r);
+NTSTATUS _samr_QueryDisplayInfo3(pipes_struct *p, struct samr_QueryDisplayInfo3 *r);
+NTSTATUS _samr_AddMultipleMembersToAlias(pipes_struct *p, struct samr_AddMultipleMembersToAlias *r);
+NTSTATUS _samr_RemoveMultipleMembersFromAlias(pipes_struct *p, struct samr_RemoveMultipleMembersFromAlias *r);
+NTSTATUS _samr_OemChangePasswordUser2(pipes_struct *p, struct samr_OemChangePasswordUser2 *r);
+NTSTATUS _samr_ChangePasswordUser2(pipes_struct *p, struct samr_ChangePasswordUser2 *r);
+NTSTATUS _samr_GetDomPwInfo(pipes_struct *p, struct samr_GetDomPwInfo *r);
+NTSTATUS _samr_Connect2(pipes_struct *p, struct samr_Connect2 *r);
+NTSTATUS _samr_SetUserInfo2(pipes_struct *p, struct samr_SetUserInfo2 *r);
+NTSTATUS _samr_SetBootKeyInformation(pipes_struct *p, struct samr_SetBootKeyInformation *r);
+NTSTATUS _samr_GetBootKeyInformation(pipes_struct *p, struct samr_GetBootKeyInformation *r);
+NTSTATUS _samr_Connect3(pipes_struct *p, struct samr_Connect3 *r);
+NTSTATUS _samr_Connect4(pipes_struct *p, struct samr_Connect4 *r);
+NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p, struct samr_ChangePasswordUser3 *r);
+NTSTATUS _samr_Connect5(pipes_struct *p, struct samr_Connect5 *r);
+NTSTATUS _samr_RidToSid(pipes_struct *p, struct samr_RidToSid *r);
+NTSTATUS _samr_SetDsrmPassword(pipes_struct *p, struct samr_SetDsrmPassword *r);
+NTSTATUS _samr_ValidatePassword(pipes_struct *p, struct samr_ValidatePassword *r);
+void samr_get_pipe_fns(struct api_struct **fns, int *n_fns);
+NTSTATUS rpc_samr_init(void);
+#endif /* __SRV_SAMR__ */
diff --git a/source3/librpc/gen_ndr/srv_srvsvc.c b/source3/librpc/gen_ndr/srv_srvsvc.c
index 44fe358a84..afd458765e 100644
--- a/source3/librpc/gen_ndr/srv_srvsvc.c
+++ b/source3/librpc/gen_ndr/srv_srvsvc.c
@@ -17,7 +17,7 @@ static bool api_srvsvc_NetCharDevEnum(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETCHARDEVENUM];
 
-	r = talloc(NULL, struct srvsvc_NetCharDevEnum);
+	r = talloc(talloc_tos(), struct srvsvc_NetCharDevEnum);
 	if (r == NULL) {
 		return false;
 	}
@@ -100,7 +100,7 @@ static bool api_srvsvc_NetCharDevGetInfo(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETCHARDEVGETINFO];
 
-	r = talloc(NULL, struct srvsvc_NetCharDevGetInfo);
+	r = talloc(talloc_tos(), struct srvsvc_NetCharDevGetInfo);
 	if (r == NULL) {
 		return false;
 	}
@@ -180,7 +180,7 @@ static bool api_srvsvc_NetCharDevControl(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETCHARDEVCONTROL];
 
-	r = talloc(NULL, struct srvsvc_NetCharDevControl);
+	r = talloc(talloc_tos(), struct srvsvc_NetCharDevControl);
 	if (r == NULL) {
 		return false;
 	}
@@ -253,7 +253,7 @@ static bool api_srvsvc_NetCharDevQEnum(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETCHARDEVQENUM];
 
-	r = talloc(NULL, struct srvsvc_NetCharDevQEnum);
+	r = talloc(talloc_tos(), struct srvsvc_NetCharDevQEnum);
 	if (r == NULL) {
 		return false;
 	}
@@ -336,7 +336,7 @@ static bool api_srvsvc_NetCharDevQGetInfo(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETCHARDEVQGETINFO];
 
-	r = talloc(NULL, struct srvsvc_NetCharDevQGetInfo);
+	r = talloc(talloc_tos(), struct srvsvc_NetCharDevQGetInfo);
 	if (r == NULL) {
 		return false;
 	}
@@ -416,7 +416,7 @@ static bool api_srvsvc_NetCharDevQSetInfo(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETCHARDEVQSETINFO];
 
-	r = talloc(NULL, struct srvsvc_NetCharDevQSetInfo);
+	r = talloc(talloc_tos(), struct srvsvc_NetCharDevQSetInfo);
 	if (r == NULL) {
 		return false;
 	}
@@ -491,7 +491,7 @@ static bool api_srvsvc_NetCharDevQPurge(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETCHARDEVQPURGE];
 
-	r = talloc(NULL, struct srvsvc_NetCharDevQPurge);
+	r = talloc(talloc_tos(), struct srvsvc_NetCharDevQPurge);
 	if (r == NULL) {
 		return false;
 	}
@@ -564,7 +564,7 @@ static bool api_srvsvc_NetCharDevQPurgeSelf(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETCHARDEVQPURGESELF];
 
-	r = talloc(NULL, struct srvsvc_NetCharDevQPurgeSelf);
+	r = talloc(talloc_tos(), struct srvsvc_NetCharDevQPurgeSelf);
 	if (r == NULL) {
 		return false;
 	}
@@ -637,7 +637,7 @@ static bool api_srvsvc_NetConnEnum(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETCONNENUM];
 
-	r = talloc(NULL, struct srvsvc_NetConnEnum);
+	r = talloc(talloc_tos(), struct srvsvc_NetConnEnum);
 	if (r == NULL) {
 		return false;
 	}
@@ -720,7 +720,7 @@ static bool api_srvsvc_NetFileEnum(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETFILEENUM];
 
-	r = talloc(NULL, struct srvsvc_NetFileEnum);
+	r = talloc(talloc_tos(), struct srvsvc_NetFileEnum);
 	if (r == NULL) {
 		return false;
 	}
@@ -803,7 +803,7 @@ static bool api_srvsvc_NetFileGetInfo(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETFILEGETINFO];
 
-	r = talloc(NULL, struct srvsvc_NetFileGetInfo);
+	r = talloc(talloc_tos(), struct srvsvc_NetFileGetInfo);
 	if (r == NULL) {
 		return false;
 	}
@@ -883,7 +883,7 @@ static bool api_srvsvc_NetFileClose(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETFILECLOSE];
 
-	r = talloc(NULL, struct srvsvc_NetFileClose);
+	r = talloc(talloc_tos(), struct srvsvc_NetFileClose);
 	if (r == NULL) {
 		return false;
 	}
@@ -956,7 +956,7 @@ static bool api_srvsvc_NetSessEnum(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETSESSENUM];
 
-	r = talloc(NULL, struct srvsvc_NetSessEnum);
+	r = talloc(talloc_tos(), struct srvsvc_NetSessEnum);
 	if (r == NULL) {
 		return false;
 	}
@@ -1039,7 +1039,7 @@ static bool api_srvsvc_NetSessDel(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETSESSDEL];
 
-	r = talloc(NULL, struct srvsvc_NetSessDel);
+	r = talloc(talloc_tos(), struct srvsvc_NetSessDel);
 	if (r == NULL) {
 		return false;
 	}
@@ -1112,7 +1112,7 @@ static bool api_srvsvc_NetShareAdd(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETSHAREADD];
 
-	r = talloc(NULL, struct srvsvc_NetShareAdd);
+	r = talloc(talloc_tos(), struct srvsvc_NetShareAdd);
 	if (r == NULL) {
 		return false;
 	}
@@ -1187,7 +1187,7 @@ static bool api_srvsvc_NetShareEnumAll(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETSHAREENUMALL];
 
-	r = talloc(NULL, struct srvsvc_NetShareEnumAll);
+	r = talloc(talloc_tos(), struct srvsvc_NetShareEnumAll);
 	if (r == NULL) {
 		return false;
 	}
@@ -1270,7 +1270,7 @@ static bool api_srvsvc_NetShareGetInfo(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETSHAREGETINFO];
 
-	r = talloc(NULL, struct srvsvc_NetShareGetInfo);
+	r = talloc(talloc_tos(), struct srvsvc_NetShareGetInfo);
 	if (r == NULL) {
 		return false;
 	}
@@ -1350,7 +1350,7 @@ static bool api_srvsvc_NetShareSetInfo(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETSHARESETINFO];
 
-	r = talloc(NULL, struct srvsvc_NetShareSetInfo);
+	r = talloc(talloc_tos(), struct srvsvc_NetShareSetInfo);
 	if (r == NULL) {
 		return false;
 	}
@@ -1425,7 +1425,7 @@ static bool api_srvsvc_NetShareDel(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETSHAREDEL];
 
-	r = talloc(NULL, struct srvsvc_NetShareDel);
+	r = talloc(talloc_tos(), struct srvsvc_NetShareDel);
 	if (r == NULL) {
 		return false;
 	}
@@ -1498,7 +1498,7 @@ static bool api_srvsvc_NetShareDelSticky(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETSHAREDELSTICKY];
 
-	r = talloc(NULL, struct srvsvc_NetShareDelSticky);
+	r = talloc(talloc_tos(), struct srvsvc_NetShareDelSticky);
 	if (r == NULL) {
 		return false;
 	}
@@ -1571,7 +1571,7 @@ static bool api_srvsvc_NetShareCheck(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETSHARECHECK];
 
-	r = talloc(NULL, struct srvsvc_NetShareCheck);
+	r = talloc(talloc_tos(), struct srvsvc_NetShareCheck);
 	if (r == NULL) {
 		return false;
 	}
@@ -1651,7 +1651,7 @@ static bool api_srvsvc_NetSrvGetInfo(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETSRVGETINFO];
 
-	r = talloc(NULL, struct srvsvc_NetSrvGetInfo);
+	r = talloc(talloc_tos(), struct srvsvc_NetSrvGetInfo);
 	if (r == NULL) {
 		return false;
 	}
@@ -1731,7 +1731,7 @@ static bool api_srvsvc_NetSrvSetInfo(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETSRVSETINFO];
 
-	r = talloc(NULL, struct srvsvc_NetSrvSetInfo);
+	r = talloc(talloc_tos(), struct srvsvc_NetSrvSetInfo);
 	if (r == NULL) {
 		return false;
 	}
@@ -1806,7 +1806,7 @@ static bool api_srvsvc_NetDiskEnum(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETDISKENUM];
 
-	r = talloc(NULL, struct srvsvc_NetDiskEnum);
+	r = talloc(talloc_tos(), struct srvsvc_NetDiskEnum);
 	if (r == NULL) {
 		return false;
 	}
@@ -1888,7 +1888,7 @@ static bool api_srvsvc_NetServerStatisticsGet(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETSERVERSTATISTICSGET];
 
-	r = talloc(NULL, struct srvsvc_NetServerStatisticsGet);
+	r = talloc(talloc_tos(), struct srvsvc_NetServerStatisticsGet);
 	if (r == NULL) {
 		return false;
 	}
@@ -1968,7 +1968,7 @@ static bool api_srvsvc_NetTransportAdd(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETTRANSPORTADD];
 
-	r = talloc(NULL, struct srvsvc_NetTransportAdd);
+	r = talloc(talloc_tos(), struct srvsvc_NetTransportAdd);
 	if (r == NULL) {
 		return false;
 	}
@@ -2041,7 +2041,7 @@ static bool api_srvsvc_NetTransportEnum(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETTRANSPORTENUM];
 
-	r = talloc(NULL, struct srvsvc_NetTransportEnum);
+	r = talloc(talloc_tos(), struct srvsvc_NetTransportEnum);
 	if (r == NULL) {
 		return false;
 	}
@@ -2124,7 +2124,7 @@ static bool api_srvsvc_NetTransportDel(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETTRANSPORTDEL];
 
-	r = talloc(NULL, struct srvsvc_NetTransportDel);
+	r = talloc(talloc_tos(), struct srvsvc_NetTransportDel);
 	if (r == NULL) {
 		return false;
 	}
@@ -2197,7 +2197,7 @@ static bool api_srvsvc_NetRemoteTOD(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETREMOTETOD];
 
-	r = talloc(NULL, struct srvsvc_NetRemoteTOD);
+	r = talloc(talloc_tos(), struct srvsvc_NetRemoteTOD);
 	if (r == NULL) {
 		return false;
 	}
@@ -2277,7 +2277,7 @@ static bool api_srvsvc_NetSetServiceBits(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETSETSERVICEBITS];
 
-	r = talloc(NULL, struct srvsvc_NetSetServiceBits);
+	r = talloc(talloc_tos(), struct srvsvc_NetSetServiceBits);
 	if (r == NULL) {
 		return false;
 	}
@@ -2350,7 +2350,7 @@ static bool api_srvsvc_NetPathType(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETPATHTYPE];
 
-	r = talloc(NULL, struct srvsvc_NetPathType);
+	r = talloc(talloc_tos(), struct srvsvc_NetPathType);
 	if (r == NULL) {
 		return false;
 	}
@@ -2430,7 +2430,7 @@ static bool api_srvsvc_NetPathCanonicalize(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETPATHCANONICALIZE];
 
-	r = talloc(NULL, struct srvsvc_NetPathCanonicalize);
+	r = talloc(talloc_tos(), struct srvsvc_NetPathCanonicalize);
 	if (r == NULL) {
 		return false;
 	}
@@ -2511,7 +2511,7 @@ static bool api_srvsvc_NetPathCompare(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETPATHCOMPARE];
 
-	r = talloc(NULL, struct srvsvc_NetPathCompare);
+	r = talloc(talloc_tos(), struct srvsvc_NetPathCompare);
 	if (r == NULL) {
 		return false;
 	}
@@ -2584,7 +2584,7 @@ static bool api_srvsvc_NetNameValidate(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETNAMEVALIDATE];
 
-	r = talloc(NULL, struct srvsvc_NetNameValidate);
+	r = talloc(talloc_tos(), struct srvsvc_NetNameValidate);
 	if (r == NULL) {
 		return false;
 	}
@@ -2657,7 +2657,7 @@ static bool api_srvsvc_NETRPRNAMECANONICALIZE(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETRPRNAMECANONICALIZE];
 
-	r = talloc(NULL, struct srvsvc_NETRPRNAMECANONICALIZE);
+	r = talloc(talloc_tos(), struct srvsvc_NETRPRNAMECANONICALIZE);
 	if (r == NULL) {
 		return false;
 	}
@@ -2730,7 +2730,7 @@ static bool api_srvsvc_NetPRNameCompare(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETPRNAMECOMPARE];
 
-	r = talloc(NULL, struct srvsvc_NetPRNameCompare);
+	r = talloc(talloc_tos(), struct srvsvc_NetPRNameCompare);
 	if (r == NULL) {
 		return false;
 	}
@@ -2803,7 +2803,7 @@ static bool api_srvsvc_NetShareEnum(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETSHAREENUM];
 
-	r = talloc(NULL, struct srvsvc_NetShareEnum);
+	r = talloc(talloc_tos(), struct srvsvc_NetShareEnum);
 	if (r == NULL) {
 		return false;
 	}
@@ -2886,7 +2886,7 @@ static bool api_srvsvc_NetShareDelStart(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETSHAREDELSTART];
 
-	r = talloc(NULL, struct srvsvc_NetShareDelStart);
+	r = talloc(talloc_tos(), struct srvsvc_NetShareDelStart);
 	if (r == NULL) {
 		return false;
 	}
@@ -2966,7 +2966,7 @@ static bool api_srvsvc_NetShareDelCommit(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETSHAREDELCOMMIT];
 
-	r = talloc(NULL, struct srvsvc_NetShareDelCommit);
+	r = talloc(talloc_tos(), struct srvsvc_NetShareDelCommit);
 	if (r == NULL) {
 		return false;
 	}
@@ -3041,7 +3041,7 @@ static bool api_srvsvc_NetGetFileSecurity(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETGETFILESECURITY];
 
-	r = talloc(NULL, struct srvsvc_NetGetFileSecurity);
+	r = talloc(talloc_tos(), struct srvsvc_NetGetFileSecurity);
 	if (r == NULL) {
 		return false;
 	}
@@ -3121,7 +3121,7 @@ static bool api_srvsvc_NetSetFileSecurity(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETSETFILESECURITY];
 
-	r = talloc(NULL, struct srvsvc_NetSetFileSecurity);
+	r = talloc(talloc_tos(), struct srvsvc_NetSetFileSecurity);
 	if (r == NULL) {
 		return false;
 	}
@@ -3194,7 +3194,7 @@ static bool api_srvsvc_NetServerTransportAddEx(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETSERVERTRANSPORTADDEX];
 
-	r = talloc(NULL, struct srvsvc_NetServerTransportAddEx);
+	r = talloc(talloc_tos(), struct srvsvc_NetServerTransportAddEx);
 	if (r == NULL) {
 		return false;
 	}
@@ -3267,7 +3267,7 @@ static bool api_srvsvc_NetServerSetServiceBitsEx(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETSERVERSETSERVICEBITSEX];
 
-	r = talloc(NULL, struct srvsvc_NetServerSetServiceBitsEx);
+	r = talloc(talloc_tos(), struct srvsvc_NetServerSetServiceBitsEx);
 	if (r == NULL) {
 		return false;
 	}
@@ -3340,7 +3340,7 @@ static bool api_srvsvc_NETRDFSGETVERSION(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETRDFSGETVERSION];
 
-	r = talloc(NULL, struct srvsvc_NETRDFSGETVERSION);
+	r = talloc(talloc_tos(), struct srvsvc_NETRDFSGETVERSION);
 	if (r == NULL) {
 		return false;
 	}
@@ -3413,7 +3413,7 @@ static bool api_srvsvc_NETRDFSCREATELOCALPARTITION(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETRDFSCREATELOCALPARTITION];
 
-	r = talloc(NULL, struct srvsvc_NETRDFSCREATELOCALPARTITION);
+	r = talloc(talloc_tos(), struct srvsvc_NETRDFSCREATELOCALPARTITION);
 	if (r == NULL) {
 		return false;
 	}
@@ -3486,7 +3486,7 @@ static bool api_srvsvc_NETRDFSDELETELOCALPARTITION(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETRDFSDELETELOCALPARTITION];
 
-	r = talloc(NULL, struct srvsvc_NETRDFSDELETELOCALPARTITION);
+	r = talloc(talloc_tos(), struct srvsvc_NETRDFSDELETELOCALPARTITION);
 	if (r == NULL) {
 		return false;
 	}
@@ -3559,7 +3559,7 @@ static bool api_srvsvc_NETRDFSSETLOCALVOLUMESTATE(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETRDFSSETLOCALVOLUMESTATE];
 
-	r = talloc(NULL, struct srvsvc_NETRDFSSETLOCALVOLUMESTATE);
+	r = talloc(talloc_tos(), struct srvsvc_NETRDFSSETLOCALVOLUMESTATE);
 	if (r == NULL) {
 		return false;
 	}
@@ -3632,7 +3632,7 @@ static bool api_srvsvc_NETRDFSSETSERVERINFO(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETRDFSSETSERVERINFO];
 
-	r = talloc(NULL, struct srvsvc_NETRDFSSETSERVERINFO);
+	r = talloc(talloc_tos(), struct srvsvc_NETRDFSSETSERVERINFO);
 	if (r == NULL) {
 		return false;
 	}
@@ -3705,7 +3705,7 @@ static bool api_srvsvc_NETRDFSCREATEEXITPOINT(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETRDFSCREATEEXITPOINT];
 
-	r = talloc(NULL, struct srvsvc_NETRDFSCREATEEXITPOINT);
+	r = talloc(talloc_tos(), struct srvsvc_NETRDFSCREATEEXITPOINT);
 	if (r == NULL) {
 		return false;
 	}
@@ -3778,7 +3778,7 @@ static bool api_srvsvc_NETRDFSDELETEEXITPOINT(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETRDFSDELETEEXITPOINT];
 
-	r = talloc(NULL, struct srvsvc_NETRDFSDELETEEXITPOINT);
+	r = talloc(talloc_tos(), struct srvsvc_NETRDFSDELETEEXITPOINT);
 	if (r == NULL) {
 		return false;
 	}
@@ -3851,7 +3851,7 @@ static bool api_srvsvc_NETRDFSMODIFYPREFIX(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETRDFSMODIFYPREFIX];
 
-	r = talloc(NULL, struct srvsvc_NETRDFSMODIFYPREFIX);
+	r = talloc(talloc_tos(), struct srvsvc_NETRDFSMODIFYPREFIX);
 	if (r == NULL) {
 		return false;
 	}
@@ -3924,7 +3924,7 @@ static bool api_srvsvc_NETRDFSFIXLOCALVOLUME(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETRDFSFIXLOCALVOLUME];
 
-	r = talloc(NULL, struct srvsvc_NETRDFSFIXLOCALVOLUME);
+	r = talloc(talloc_tos(), struct srvsvc_NETRDFSFIXLOCALVOLUME);
 	if (r == NULL) {
 		return false;
 	}
@@ -3997,7 +3997,7 @@ static bool api_srvsvc_NETRDFSMANAGERREPORTSITEINFO(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETRDFSMANAGERREPORTSITEINFO];
 
-	r = talloc(NULL, struct srvsvc_NETRDFSMANAGERREPORTSITEINFO);
+	r = talloc(talloc_tos(), struct srvsvc_NETRDFSMANAGERREPORTSITEINFO);
 	if (r == NULL) {
 		return false;
 	}
@@ -4070,7 +4070,7 @@ static bool api_srvsvc_NETRSERVERTRANSPORTDELEX(pipes_struct *p)
 
 	call = &ndr_table_srvsvc.calls[NDR_SRVSVC_NETRSERVERTRANSPORTDELEX];
 
-	r = talloc(NULL, struct srvsvc_NETRSERVERTRANSPORTDELEX);
+	r = talloc(talloc_tos(), struct srvsvc_NETRSERVERTRANSPORTDELEX);
 	if (r == NULL) {
 		return false;
 	}
diff --git a/source3/librpc/gen_ndr/srv_svcctl.c b/source3/librpc/gen_ndr/srv_svcctl.c
index 4a0a2591ab..10db320452 100644
--- a/source3/librpc/gen_ndr/srv_svcctl.c
+++ b/source3/librpc/gen_ndr/srv_svcctl.c
@@ -17,7 +17,7 @@ static bool api_svcctl_CloseServiceHandle(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_CLOSESERVICEHANDLE];
 
-	r = talloc(NULL, struct svcctl_CloseServiceHandle);
+	r = talloc(talloc_tos(), struct svcctl_CloseServiceHandle);
 	if (r == NULL) {
 		return false;
 	}
@@ -92,7 +92,7 @@ static bool api_svcctl_ControlService(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_CONTROLSERVICE];
 
-	r = talloc(NULL, struct svcctl_ControlService);
+	r = talloc(talloc_tos(), struct svcctl_ControlService);
 	if (r == NULL) {
 		return false;
 	}
@@ -172,7 +172,7 @@ static bool api_svcctl_DeleteService(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_DELETESERVICE];
 
-	r = talloc(NULL, struct svcctl_DeleteService);
+	r = talloc(talloc_tos(), struct svcctl_DeleteService);
 	if (r == NULL) {
 		return false;
 	}
@@ -245,7 +245,7 @@ static bool api_svcctl_LockServiceDatabase(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_LOCKSERVICEDATABASE];
 
-	r = talloc(NULL, struct svcctl_LockServiceDatabase);
+	r = talloc(talloc_tos(), struct svcctl_LockServiceDatabase);
 	if (r == NULL) {
 		return false;
 	}
@@ -325,7 +325,7 @@ static bool api_svcctl_QueryServiceObjectSecurity(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_QUERYSERVICEOBJECTSECURITY];
 
-	r = talloc(NULL, struct svcctl_QueryServiceObjectSecurity);
+	r = talloc(talloc_tos(), struct svcctl_QueryServiceObjectSecurity);
 	if (r == NULL) {
 		return false;
 	}
@@ -352,6 +352,19 @@ static bool api_svcctl_QueryServiceObjectSecurity(pipes_struct *p)
 		NDR_PRINT_IN_DEBUG(svcctl_QueryServiceObjectSecurity, r);
 	}
 
+	ZERO_STRUCT(r->out);
+	r->out.buffer = talloc_zero_array(r, uint8_t, r->in.buffer_size);
+	if (r->out.buffer == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
+	r->out.needed = talloc_zero(r, uint32_t);
+	if (r->out.needed == NULL) {
+		talloc_free(r);
+		return false;
+	}
+
 	r->out.result = _svcctl_QueryServiceObjectSecurity(p, r);
 
 	if (p->rng_fault_state) {
@@ -398,7 +411,7 @@ static bool api_svcctl_SetServiceObjectSecurity(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_SETSERVICEOBJECTSECURITY];
 
-	r = talloc(NULL, struct svcctl_SetServiceObjectSecurity);
+	r = talloc(talloc_tos(), struct svcctl_SetServiceObjectSecurity);
 	if (r == NULL) {
 		return false;
 	}
@@ -471,7 +484,7 @@ static bool api_svcctl_QueryServiceStatus(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_QUERYSERVICESTATUS];
 
-	r = talloc(NULL, struct svcctl_QueryServiceStatus);
+	r = talloc(talloc_tos(), struct svcctl_QueryServiceStatus);
 	if (r == NULL) {
 		return false;
 	}
@@ -551,7 +564,7 @@ static bool api_svcctl_SetServiceStatus(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_SETSERVICESTATUS];
 
-	r = talloc(NULL, struct svcctl_SetServiceStatus);
+	r = talloc(talloc_tos(), struct svcctl_SetServiceStatus);
 	if (r == NULL) {
 		return false;
 	}
@@ -624,7 +637,7 @@ static bool api_svcctl_UnlockServiceDatabase(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_UNLOCKSERVICEDATABASE];
 
-	r = talloc(NULL, struct svcctl_UnlockServiceDatabase);
+	r = talloc(talloc_tos(), struct svcctl_UnlockServiceDatabase);
 	if (r == NULL) {
 		return false;
 	}
@@ -699,7 +712,7 @@ static bool api_svcctl_NotifyBootConfigStatus(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_NOTIFYBOOTCONFIGSTATUS];
 
-	r = talloc(NULL, struct svcctl_NotifyBootConfigStatus);
+	r = talloc(talloc_tos(), struct svcctl_NotifyBootConfigStatus);
 	if (r == NULL) {
 		return false;
 	}
@@ -772,7 +785,7 @@ static bool api_svcctl_SCSetServiceBitsW(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_SCSETSERVICEBITSW];
 
-	r = talloc(NULL, struct svcctl_SCSetServiceBitsW);
+	r = talloc(talloc_tos(), struct svcctl_SCSetServiceBitsW);
 	if (r == NULL) {
 		return false;
 	}
@@ -845,7 +858,7 @@ static bool api_svcctl_ChangeServiceConfigW(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_CHANGESERVICECONFIGW];
 
-	r = talloc(NULL, struct svcctl_ChangeServiceConfigW);
+	r = talloc(talloc_tos(), struct svcctl_ChangeServiceConfigW);
 	if (r == NULL) {
 		return false;
 	}
@@ -925,7 +938,7 @@ static bool api_svcctl_CreateServiceW(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_CREATESERVICEW];
 
-	r = talloc(NULL, struct svcctl_CreateServiceW);
+	r = talloc(talloc_tos(), struct svcctl_CreateServiceW);
 	if (r == NULL) {
 		return false;
 	}
@@ -1006,7 +1019,7 @@ static bool api_svcctl_EnumDependentServicesW(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_ENUMDEPENDENTSERVICESW];
 
-	r = talloc(NULL, struct svcctl_EnumDependentServicesW);
+	r = talloc(talloc_tos(), struct svcctl_EnumDependentServicesW);
 	if (r == NULL) {
 		return false;
 	}
@@ -1098,7 +1111,7 @@ static bool api_svcctl_EnumServicesStatusW(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_ENUMSERVICESSTATUSW];
 
-	r = talloc(NULL, struct svcctl_EnumServicesStatusW);
+	r = talloc(talloc_tos(), struct svcctl_EnumServicesStatusW);
 	if (r == NULL) {
 		return false;
 	}
@@ -1191,7 +1204,7 @@ static bool api_svcctl_OpenSCManagerW(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_OPENSCMANAGERW];
 
-	r = talloc(NULL, struct svcctl_OpenSCManagerW);
+	r = talloc(talloc_tos(), struct svcctl_OpenSCManagerW);
 	if (r == NULL) {
 		return false;
 	}
@@ -1271,7 +1284,7 @@ static bool api_svcctl_OpenServiceW(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_OPENSERVICEW];
 
-	r = talloc(NULL, struct svcctl_OpenServiceW);
+	r = talloc(talloc_tos(), struct svcctl_OpenServiceW);
 	if (r == NULL) {
 		return false;
 	}
@@ -1351,7 +1364,7 @@ static bool api_svcctl_QueryServiceConfigW(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_QUERYSERVICECONFIGW];
 
-	r = talloc(NULL, struct svcctl_QueryServiceConfigW);
+	r = talloc(talloc_tos(), struct svcctl_QueryServiceConfigW);
 	if (r == NULL) {
 		return false;
 	}
@@ -1437,7 +1450,7 @@ static bool api_svcctl_QueryServiceLockStatusW(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_QUERYSERVICELOCKSTATUSW];
 
-	r = talloc(NULL, struct svcctl_QueryServiceLockStatusW);
+	r = talloc(talloc_tos(), struct svcctl_QueryServiceLockStatusW);
 	if (r == NULL) {
 		return false;
 	}
@@ -1523,7 +1536,7 @@ static bool api_svcctl_StartServiceW(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_STARTSERVICEW];
 
-	r = talloc(NULL, struct svcctl_StartServiceW);
+	r = talloc(talloc_tos(), struct svcctl_StartServiceW);
 	if (r == NULL) {
 		return false;
 	}
@@ -1596,7 +1609,7 @@ static bool api_svcctl_GetServiceDisplayNameW(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_GETSERVICEDISPLAYNAMEW];
 
-	r = talloc(NULL, struct svcctl_GetServiceDisplayNameW);
+	r = talloc(talloc_tos(), struct svcctl_GetServiceDisplayNameW);
 	if (r == NULL) {
 		return false;
 	}
@@ -1677,7 +1690,7 @@ static bool api_svcctl_GetServiceKeyNameW(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_GETSERVICEKEYNAMEW];
 
-	r = talloc(NULL, struct svcctl_GetServiceKeyNameW);
+	r = talloc(talloc_tos(), struct svcctl_GetServiceKeyNameW);
 	if (r == NULL) {
 		return false;
 	}
@@ -1758,7 +1771,7 @@ static bool api_svcctl_SCSetServiceBitsA(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_SCSETSERVICEBITSA];
 
-	r = talloc(NULL, struct svcctl_SCSetServiceBitsA);
+	r = talloc(talloc_tos(), struct svcctl_SCSetServiceBitsA);
 	if (r == NULL) {
 		return false;
 	}
@@ -1831,7 +1844,7 @@ static bool api_svcctl_ChangeServiceConfigA(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_CHANGESERVICECONFIGA];
 
-	r = talloc(NULL, struct svcctl_ChangeServiceConfigA);
+	r = talloc(talloc_tos(), struct svcctl_ChangeServiceConfigA);
 	if (r == NULL) {
 		return false;
 	}
@@ -1911,7 +1924,7 @@ static bool api_svcctl_CreateServiceA(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_CREATESERVICEA];
 
-	r = talloc(NULL, struct svcctl_CreateServiceA);
+	r = talloc(talloc_tos(), struct svcctl_CreateServiceA);
 	if (r == NULL) {
 		return false;
 	}
@@ -1991,7 +2004,7 @@ static bool api_svcctl_EnumDependentServicesA(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_ENUMDEPENDENTSERVICESA];
 
-	r = talloc(NULL, struct svcctl_EnumDependentServicesA);
+	r = talloc(talloc_tos(), struct svcctl_EnumDependentServicesA);
 	if (r == NULL) {
 		return false;
 	}
@@ -2083,7 +2096,7 @@ static bool api_svcctl_EnumServicesStatusA(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_ENUMSERVICESSTATUSA];
 
-	r = talloc(NULL, struct svcctl_EnumServicesStatusA);
+	r = talloc(talloc_tos(), struct svcctl_EnumServicesStatusA);
 	if (r == NULL) {
 		return false;
 	}
@@ -2176,7 +2189,7 @@ static bool api_svcctl_OpenSCManagerA(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_OPENSCMANAGERA];
 
-	r = talloc(NULL, struct svcctl_OpenSCManagerA);
+	r = talloc(talloc_tos(), struct svcctl_OpenSCManagerA);
 	if (r == NULL) {
 		return false;
 	}
@@ -2256,7 +2269,7 @@ static bool api_svcctl_OpenServiceA(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_OPENSERVICEA];
 
-	r = talloc(NULL, struct svcctl_OpenServiceA);
+	r = talloc(talloc_tos(), struct svcctl_OpenServiceA);
 	if (r == NULL) {
 		return false;
 	}
@@ -2329,7 +2342,7 @@ static bool api_svcctl_QueryServiceConfigA(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_QUERYSERVICECONFIGA];
 
-	r = talloc(NULL, struct svcctl_QueryServiceConfigA);
+	r = talloc(talloc_tos(), struct svcctl_QueryServiceConfigA);
 	if (r == NULL) {
 		return false;
 	}
@@ -2415,7 +2428,7 @@ static bool api_svcctl_QueryServiceLockStatusA(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_QUERYSERVICELOCKSTATUSA];
 
-	r = talloc(NULL, struct svcctl_QueryServiceLockStatusA);
+	r = talloc(talloc_tos(), struct svcctl_QueryServiceLockStatusA);
 	if (r == NULL) {
 		return false;
 	}
@@ -2501,7 +2514,7 @@ static bool api_svcctl_StartServiceA(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_STARTSERVICEA];
 
-	r = talloc(NULL, struct svcctl_StartServiceA);
+	r = talloc(talloc_tos(), struct svcctl_StartServiceA);
 	if (r == NULL) {
 		return false;
 	}
@@ -2574,7 +2587,7 @@ static bool api_svcctl_GetServiceDisplayNameA(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_GETSERVICEDISPLAYNAMEA];
 
-	r = talloc(NULL, struct svcctl_GetServiceDisplayNameA);
+	r = talloc(talloc_tos(), struct svcctl_GetServiceDisplayNameA);
 	if (r == NULL) {
 		return false;
 	}
@@ -2655,7 +2668,7 @@ static bool api_svcctl_GetServiceKeyNameA(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_GETSERVICEKEYNAMEA];
 
-	r = talloc(NULL, struct svcctl_GetServiceKeyNameA);
+	r = talloc(talloc_tos(), struct svcctl_GetServiceKeyNameA);
 	if (r == NULL) {
 		return false;
 	}
@@ -2736,7 +2749,7 @@ static bool api_svcctl_GetCurrentGroupeStateW(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_GETCURRENTGROUPESTATEW];
 
-	r = talloc(NULL, struct svcctl_GetCurrentGroupeStateW);
+	r = talloc(talloc_tos(), struct svcctl_GetCurrentGroupeStateW);
 	if (r == NULL) {
 		return false;
 	}
@@ -2809,7 +2822,7 @@ static bool api_svcctl_EnumServiceGroupW(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_ENUMSERVICEGROUPW];
 
-	r = talloc(NULL, struct svcctl_EnumServiceGroupW);
+	r = talloc(talloc_tos(), struct svcctl_EnumServiceGroupW);
 	if (r == NULL) {
 		return false;
 	}
@@ -2882,7 +2895,7 @@ static bool api_svcctl_ChangeServiceConfig2A(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_CHANGESERVICECONFIG2A];
 
-	r = talloc(NULL, struct svcctl_ChangeServiceConfig2A);
+	r = talloc(talloc_tos(), struct svcctl_ChangeServiceConfig2A);
 	if (r == NULL) {
 		return false;
 	}
@@ -2955,7 +2968,7 @@ static bool api_svcctl_ChangeServiceConfig2W(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_CHANGESERVICECONFIG2W];
 
-	r = talloc(NULL, struct svcctl_ChangeServiceConfig2W);
+	r = talloc(talloc_tos(), struct svcctl_ChangeServiceConfig2W);
 	if (r == NULL) {
 		return false;
 	}
@@ -3028,7 +3041,7 @@ static bool api_svcctl_QueryServiceConfig2A(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_QUERYSERVICECONFIG2A];
 
-	r = talloc(NULL, struct svcctl_QueryServiceConfig2A);
+	r = talloc(talloc_tos(), struct svcctl_QueryServiceConfig2A);
 	if (r == NULL) {
 		return false;
 	}
@@ -3114,7 +3127,7 @@ static bool api_svcctl_QueryServiceConfig2W(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_QUERYSERVICECONFIG2W];
 
-	r = talloc(NULL, struct svcctl_QueryServiceConfig2W);
+	r = talloc(talloc_tos(), struct svcctl_QueryServiceConfig2W);
 	if (r == NULL) {
 		return false;
 	}
@@ -3200,7 +3213,7 @@ static bool api_svcctl_QueryServiceStatusEx(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_QUERYSERVICESTATUSEX];
 
-	r = talloc(NULL, struct svcctl_QueryServiceStatusEx);
+	r = talloc(talloc_tos(), struct svcctl_QueryServiceStatusEx);
 	if (r == NULL) {
 		return false;
 	}
@@ -3286,7 +3299,7 @@ static bool api_EnumServicesStatusExA(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_ENUMSERVICESSTATUSEXA];
 
-	r = talloc(NULL, struct EnumServicesStatusExA);
+	r = talloc(talloc_tos(), struct EnumServicesStatusExA);
 	if (r == NULL) {
 		return false;
 	}
@@ -3385,7 +3398,7 @@ static bool api_EnumServicesStatusExW(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_ENUMSERVICESSTATUSEXW];
 
-	r = talloc(NULL, struct EnumServicesStatusExW);
+	r = talloc(talloc_tos(), struct EnumServicesStatusExW);
 	if (r == NULL) {
 		return false;
 	}
@@ -3484,7 +3497,7 @@ static bool api_svcctl_SCSendTSMessage(pipes_struct *p)
 
 	call = &ndr_table_svcctl.calls[NDR_SVCCTL_SCSENDTSMESSAGE];
 
-	r = talloc(NULL, struct svcctl_SCSendTSMessage);
+	r = talloc(talloc_tos(), struct svcctl_SCSendTSMessage);
 	if (r == NULL) {
 		return false;
 	}
diff --git a/source3/librpc/gen_ndr/srv_unixinfo.c b/source3/librpc/gen_ndr/srv_unixinfo.c
deleted file mode 100644
index 36a6250ad0..0000000000
--- a/source3/librpc/gen_ndr/srv_unixinfo.c
+++ /dev/null
@@ -1,430 +0,0 @@
-/*
- * Unix SMB/CIFS implementation.
- * server auto-generated by pidl. DO NOT MODIFY!
- */
-
-#include "includes.h"
-#include "librpc/gen_ndr/srv_unixinfo.h"
-
-static bool api_unixinfo_SidToUid(pipes_struct *p)
-{
-	const struct ndr_interface_call *call;
-	struct ndr_pull *pull;
-	struct ndr_push *push;
-	enum ndr_err_code ndr_err;
-	DATA_BLOB blob;
-	struct unixinfo_SidToUid *r;
-
-	call = &ndr_table_unixinfo.calls[NDR_UNIXINFO_SIDTOUID];
-
-	r = talloc(NULL, struct unixinfo_SidToUid);
-	if (r == NULL) {
-		return false;
-	}
-
-	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
-		talloc_free(r);
-		return false;
-	}
-
-	pull = ndr_pull_init_blob(&blob, r);
-	if (pull == NULL) {
-		talloc_free(r);
-		return false;
-	}
-
-	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
-	ndr_err = call->ndr_pull(pull, NDR_IN, r);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		talloc_free(r);
-		return false;
-	}
-
-	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(unixinfo_SidToUid, r);
-	}
-
-	ZERO_STRUCT(r->out);
-	r->out.uid = talloc_zero(r, uint64_t);
-	if (r->out.uid == NULL) {
-		talloc_free(r);
-		return false;
-	}
-
-	r->out.result = _unixinfo_SidToUid(p, r);
-
-	if (p->rng_fault_state) {
-		talloc_free(r);
-		/* Return true here, srv_pipe_hnd.c will take care */
-		return true;
-	}
-
-	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(unixinfo_SidToUid, r);
-	}
-
-	push = ndr_push_init_ctx(r);
-	if (push == NULL) {
-		talloc_free(r);
-		return false;
-	}
-
-	ndr_err = call->ndr_push(push, NDR_OUT, r);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		talloc_free(r);
-		return false;
-	}
-
-	blob = ndr_push_blob(push);
-	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
-		talloc_free(r);
-		return false;
-	}
-
-	talloc_free(r);
-
-	return true;
-}
-
-static bool api_unixinfo_UidToSid(pipes_struct *p)
-{
-	const struct ndr_interface_call *call;
-	struct ndr_pull *pull;
-	struct ndr_push *push;
-	enum ndr_err_code ndr_err;
-	DATA_BLOB blob;
-	struct unixinfo_UidToSid *r;
-
-	call = &ndr_table_unixinfo.calls[NDR_UNIXINFO_UIDTOSID];
-
-	r = talloc(NULL, struct unixinfo_UidToSid);
-	if (r == NULL) {
-		return false;
-	}
-
-	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
-		talloc_free(r);
-		return false;
-	}
-
-	pull = ndr_pull_init_blob(&blob, r);
-	if (pull == NULL) {
-		talloc_free(r);
-		return false;
-	}
-
-	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
-	ndr_err = call->ndr_pull(pull, NDR_IN, r);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		talloc_free(r);
-		return false;
-	}
-
-	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(unixinfo_UidToSid, r);
-	}
-
-	ZERO_STRUCT(r->out);
-	r->out.sid = talloc_zero(r, struct dom_sid);
-	if (r->out.sid == NULL) {
-		talloc_free(r);
-		return false;
-	}
-
-	r->out.result = _unixinfo_UidToSid(p, r);
-
-	if (p->rng_fault_state) {
-		talloc_free(r);
-		/* Return true here, srv_pipe_hnd.c will take care */
-		return true;
-	}
-
-	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(unixinfo_UidToSid, r);
-	}
-
-	push = ndr_push_init_ctx(r);
-	if (push == NULL) {
-		talloc_free(r);
-		return false;
-	}
-
-	ndr_err = call->ndr_push(push, NDR_OUT, r);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		talloc_free(r);
-		return false;
-	}
-
-	blob = ndr_push_blob(push);
-	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
-		talloc_free(r);
-		return false;
-	}
-
-	talloc_free(r);
-
-	return true;
-}
-
-static bool api_unixinfo_SidToGid(pipes_struct *p)
-{
-	const struct ndr_interface_call *call;
-	struct ndr_pull *pull;
-	struct ndr_push *push;
-	enum ndr_err_code ndr_err;
-	DATA_BLOB blob;
-	struct unixinfo_SidToGid *r;
-
-	call = &ndr_table_unixinfo.calls[NDR_UNIXINFO_SIDTOGID];
-
-	r = talloc(NULL, struct unixinfo_SidToGid);
-	if (r == NULL) {
-		return false;
-	}
-
-	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
-		talloc_free(r);
-		return false;
-	}
-
-	pull = ndr_pull_init_blob(&blob, r);
-	if (pull == NULL) {
-		talloc_free(r);
-		return false;
-	}
-
-	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
-	ndr_err = call->ndr_pull(pull, NDR_IN, r);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		talloc_free(r);
-		return false;
-	}
-
-	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(unixinfo_SidToGid, r);
-	}
-
-	ZERO_STRUCT(r->out);
-	r->out.gid = talloc_zero(r, uint64_t);
-	if (r->out.gid == NULL) {
-		talloc_free(r);
-		return false;
-	}
-
-	r->out.result = _unixinfo_SidToGid(p, r);
-
-	if (p->rng_fault_state) {
-		talloc_free(r);
-		/* Return true here, srv_pipe_hnd.c will take care */
-		return true;
-	}
-
-	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(unixinfo_SidToGid, r);
-	}
-
-	push = ndr_push_init_ctx(r);
-	if (push == NULL) {
-		talloc_free(r);
-		return false;
-	}
-
-	ndr_err = call->ndr_push(push, NDR_OUT, r);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		talloc_free(r);
-		return false;
-	}
-
-	blob = ndr_push_blob(push);
-	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
-		talloc_free(r);
-		return false;
-	}
-
-	talloc_free(r);
-
-	return true;
-}
-
-static bool api_unixinfo_GidToSid(pipes_struct *p)
-{
-	const struct ndr_interface_call *call;
-	struct ndr_pull *pull;
-	struct ndr_push *push;
-	enum ndr_err_code ndr_err;
-	DATA_BLOB blob;
-	struct unixinfo_GidToSid *r;
-
-	call = &ndr_table_unixinfo.calls[NDR_UNIXINFO_GIDTOSID];
-
-	r = talloc(NULL, struct unixinfo_GidToSid);
-	if (r == NULL) {
-		return false;
-	}
-
-	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
-		talloc_free(r);
-		return false;
-	}
-
-	pull = ndr_pull_init_blob(&blob, r);
-	if (pull == NULL) {
-		talloc_free(r);
-		return false;
-	}
-
-	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
-	ndr_err = call->ndr_pull(pull, NDR_IN, r);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		talloc_free(r);
-		return false;
-	}
-
-	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(unixinfo_GidToSid, r);
-	}
-
-	ZERO_STRUCT(r->out);
-	r->out.sid = talloc_zero(r, struct dom_sid);
-	if (r->out.sid == NULL) {
-		talloc_free(r);
-		return false;
-	}
-
-	r->out.result = _unixinfo_GidToSid(p, r);
-
-	if (p->rng_fault_state) {
-		talloc_free(r);
-		/* Return true here, srv_pipe_hnd.c will take care */
-		return true;
-	}
-
-	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(unixinfo_GidToSid, r);
-	}
-
-	push = ndr_push_init_ctx(r);
-	if (push == NULL) {
-		talloc_free(r);
-		return false;
-	}
-
-	ndr_err = call->ndr_push(push, NDR_OUT, r);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		talloc_free(r);
-		return false;
-	}
-
-	blob = ndr_push_blob(push);
-	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
-		talloc_free(r);
-		return false;
-	}
-
-	talloc_free(r);
-
-	return true;
-}
-
-static bool api_unixinfo_GetPWUid(pipes_struct *p)
-{
-	const struct ndr_interface_call *call;
-	struct ndr_pull *pull;
-	struct ndr_push *push;
-	enum ndr_err_code ndr_err;
-	DATA_BLOB blob;
-	struct unixinfo_GetPWUid *r;
-
-	call = &ndr_table_unixinfo.calls[NDR_UNIXINFO_GETPWUID];
-
-	r = talloc(NULL, struct unixinfo_GetPWUid);
-	if (r == NULL) {
-		return false;
-	}
-
-	if (!prs_data_blob(&p->in_data.data, &blob, r)) {
-		talloc_free(r);
-		return false;
-	}
-
-	pull = ndr_pull_init_blob(&blob, r);
-	if (pull == NULL) {
-		talloc_free(r);
-		return false;
-	}
-
-	pull->flags |= LIBNDR_FLAG_REF_ALLOC;
-	ndr_err = call->ndr_pull(pull, NDR_IN, r);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		talloc_free(r);
-		return false;
-	}
-
-	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_IN_DEBUG(unixinfo_GetPWUid, r);
-	}
-
-	ZERO_STRUCT(r->out);
-	r->out.count = r->in.count;
-	r->out.infos = talloc_zero_array(r, struct unixinfo_GetPWUidInfo, *r->out.count);
-	if (r->out.infos == NULL) {
-		talloc_free(r);
-		return false;
-	}
-
-	r->out.result = _unixinfo_GetPWUid(p, r);
-
-	if (p->rng_fault_state) {
-		talloc_free(r);
-		/* Return true here, srv_pipe_hnd.c will take care */
-		return true;
-	}
-
-	if (DEBUGLEVEL >= 10) {
-		NDR_PRINT_OUT_DEBUG(unixinfo_GetPWUid, r);
-	}
-
-	push = ndr_push_init_ctx(r);
-	if (push == NULL) {
-		talloc_free(r);
-		return false;
-	}
-
-	ndr_err = call->ndr_push(push, NDR_OUT, r);
-	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		talloc_free(r);
-		return false;
-	}
-
-	blob = ndr_push_blob(push);
-	if (!prs_copy_data_in(&p->out_data.rdata, (const char *)blob.data, (uint32_t)blob.length)) {
-		talloc_free(r);
-		return false;
-	}
-
-	talloc_free(r);
-
-	return true;
-}
-
-
-/* Tables */
-static struct api_struct api_unixinfo_cmds[] = 
-{
-	{"UNIXINFO_SIDTOUID", NDR_UNIXINFO_SIDTOUID, api_unixinfo_SidToUid},
-	{"UNIXINFO_UIDTOSID", NDR_UNIXINFO_UIDTOSID, api_unixinfo_UidToSid},
-	{"UNIXINFO_SIDTOGID", NDR_UNIXINFO_SIDTOGID, api_unixinfo_SidToGid},
-	{"UNIXINFO_GIDTOSID", NDR_UNIXINFO_GIDTOSID, api_unixinfo_GidToSid},
-	{"UNIXINFO_GETPWUID", NDR_UNIXINFO_GETPWUID, api_unixinfo_GetPWUid},
-};
-
-void unixinfo_get_pipe_fns(struct api_struct **fns, int *n_fns)
-{
-	*fns = api_unixinfo_cmds;
-	*n_fns = sizeof(api_unixinfo_cmds) / sizeof(struct api_struct);
-}
-
-NTSTATUS rpc_unixinfo_init(void)
-{
-	return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "unixinfo", "unixinfo", api_unixinfo_cmds, sizeof(api_unixinfo_cmds) / sizeof(struct api_struct));
-}
diff --git a/source3/librpc/gen_ndr/srv_unixinfo.h b/source3/librpc/gen_ndr/srv_unixinfo.h
deleted file mode 100644
index 6e5c033b61..0000000000
--- a/source3/librpc/gen_ndr/srv_unixinfo.h
+++ /dev/null
@@ -1,11 +0,0 @@
-#include "librpc/gen_ndr/ndr_unixinfo.h"
-#ifndef __SRV_UNIXINFO__
-#define __SRV_UNIXINFO__
-NTSTATUS _unixinfo_SidToUid(pipes_struct *p, struct unixinfo_SidToUid *r);
-NTSTATUS _unixinfo_UidToSid(pipes_struct *p, struct unixinfo_UidToSid *r);
-NTSTATUS _unixinfo_SidToGid(pipes_struct *p, struct unixinfo_SidToGid *r);
-NTSTATUS _unixinfo_GidToSid(pipes_struct *p, struct unixinfo_GidToSid *r);
-NTSTATUS _unixinfo_GetPWUid(pipes_struct *p, struct unixinfo_GetPWUid *r);
-void unixinfo_get_pipe_fns(struct api_struct **fns, int *n_fns);
-NTSTATUS rpc_unixinfo_init(void);
-#endif /* __SRV_UNIXINFO__ */
diff --git a/source3/librpc/gen_ndr/srv_winreg.c b/source3/librpc/gen_ndr/srv_winreg.c
index ecce99f67a..4672944ad0 100644
--- a/source3/librpc/gen_ndr/srv_winreg.c
+++ b/source3/librpc/gen_ndr/srv_winreg.c
@@ -17,7 +17,7 @@ static bool api_winreg_OpenHKCR(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_OPENHKCR];
 
-	r = talloc(NULL, struct winreg_OpenHKCR);
+	r = talloc(talloc_tos(), struct winreg_OpenHKCR);
 	if (r == NULL) {
 		return false;
 	}
@@ -97,7 +97,7 @@ static bool api_winreg_OpenHKCU(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_OPENHKCU];
 
-	r = talloc(NULL, struct winreg_OpenHKCU);
+	r = talloc(talloc_tos(), struct winreg_OpenHKCU);
 	if (r == NULL) {
 		return false;
 	}
@@ -177,7 +177,7 @@ static bool api_winreg_OpenHKLM(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_OPENHKLM];
 
-	r = talloc(NULL, struct winreg_OpenHKLM);
+	r = talloc(talloc_tos(), struct winreg_OpenHKLM);
 	if (r == NULL) {
 		return false;
 	}
@@ -257,7 +257,7 @@ static bool api_winreg_OpenHKPD(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_OPENHKPD];
 
-	r = talloc(NULL, struct winreg_OpenHKPD);
+	r = talloc(talloc_tos(), struct winreg_OpenHKPD);
 	if (r == NULL) {
 		return false;
 	}
@@ -337,7 +337,7 @@ static bool api_winreg_OpenHKU(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_OPENHKU];
 
-	r = talloc(NULL, struct winreg_OpenHKU);
+	r = talloc(talloc_tos(), struct winreg_OpenHKU);
 	if (r == NULL) {
 		return false;
 	}
@@ -417,7 +417,7 @@ static bool api_winreg_CloseKey(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_CLOSEKEY];
 
-	r = talloc(NULL, struct winreg_CloseKey);
+	r = talloc(talloc_tos(), struct winreg_CloseKey);
 	if (r == NULL) {
 		return false;
 	}
@@ -492,7 +492,7 @@ static bool api_winreg_CreateKey(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_CREATEKEY];
 
-	r = talloc(NULL, struct winreg_CreateKey);
+	r = talloc(talloc_tos(), struct winreg_CreateKey);
 	if (r == NULL) {
 		return false;
 	}
@@ -573,7 +573,7 @@ static bool api_winreg_DeleteKey(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_DELETEKEY];
 
-	r = talloc(NULL, struct winreg_DeleteKey);
+	r = talloc(talloc_tos(), struct winreg_DeleteKey);
 	if (r == NULL) {
 		return false;
 	}
@@ -646,7 +646,7 @@ static bool api_winreg_DeleteValue(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_DELETEVALUE];
 
-	r = talloc(NULL, struct winreg_DeleteValue);
+	r = talloc(talloc_tos(), struct winreg_DeleteValue);
 	if (r == NULL) {
 		return false;
 	}
@@ -719,7 +719,7 @@ static bool api_winreg_EnumKey(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_ENUMKEY];
 
-	r = talloc(NULL, struct winreg_EnumKey);
+	r = talloc(talloc_tos(), struct winreg_EnumKey);
 	if (r == NULL) {
 		return false;
 	}
@@ -796,7 +796,7 @@ static bool api_winreg_EnumValue(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_ENUMVALUE];
 
-	r = talloc(NULL, struct winreg_EnumValue);
+	r = talloc(talloc_tos(), struct winreg_EnumValue);
 	if (r == NULL) {
 		return false;
 	}
@@ -875,7 +875,7 @@ static bool api_winreg_FlushKey(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_FLUSHKEY];
 
-	r = talloc(NULL, struct winreg_FlushKey);
+	r = talloc(talloc_tos(), struct winreg_FlushKey);
 	if (r == NULL) {
 		return false;
 	}
@@ -948,7 +948,7 @@ static bool api_winreg_GetKeySecurity(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_GETKEYSECURITY];
 
-	r = talloc(NULL, struct winreg_GetKeySecurity);
+	r = talloc(talloc_tos(), struct winreg_GetKeySecurity);
 	if (r == NULL) {
 		return false;
 	}
@@ -1023,7 +1023,7 @@ static bool api_winreg_LoadKey(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_LOADKEY];
 
-	r = talloc(NULL, struct winreg_LoadKey);
+	r = talloc(talloc_tos(), struct winreg_LoadKey);
 	if (r == NULL) {
 		return false;
 	}
@@ -1096,7 +1096,7 @@ static bool api_winreg_NotifyChangeKeyValue(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_NOTIFYCHANGEKEYVALUE];
 
-	r = talloc(NULL, struct winreg_NotifyChangeKeyValue);
+	r = talloc(talloc_tos(), struct winreg_NotifyChangeKeyValue);
 	if (r == NULL) {
 		return false;
 	}
@@ -1169,7 +1169,7 @@ static bool api_winreg_OpenKey(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_OPENKEY];
 
-	r = talloc(NULL, struct winreg_OpenKey);
+	r = talloc(talloc_tos(), struct winreg_OpenKey);
 	if (r == NULL) {
 		return false;
 	}
@@ -1249,7 +1249,7 @@ static bool api_winreg_QueryInfoKey(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_QUERYINFOKEY];
 
-	r = talloc(NULL, struct winreg_QueryInfoKey);
+	r = talloc(talloc_tos(), struct winreg_QueryInfoKey);
 	if (r == NULL) {
 		return false;
 	}
@@ -1372,7 +1372,7 @@ static bool api_winreg_QueryValue(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_QUERYVALUE];
 
-	r = talloc(NULL, struct winreg_QueryValue);
+	r = talloc(talloc_tos(), struct winreg_QueryValue);
 	if (r == NULL) {
 		return false;
 	}
@@ -1450,7 +1450,7 @@ static bool api_winreg_ReplaceKey(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_REPLACEKEY];
 
-	r = talloc(NULL, struct winreg_ReplaceKey);
+	r = talloc(talloc_tos(), struct winreg_ReplaceKey);
 	if (r == NULL) {
 		return false;
 	}
@@ -1523,7 +1523,7 @@ static bool api_winreg_RestoreKey(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_RESTOREKEY];
 
-	r = talloc(NULL, struct winreg_RestoreKey);
+	r = talloc(talloc_tos(), struct winreg_RestoreKey);
 	if (r == NULL) {
 		return false;
 	}
@@ -1596,7 +1596,7 @@ static bool api_winreg_SaveKey(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_SAVEKEY];
 
-	r = talloc(NULL, struct winreg_SaveKey);
+	r = talloc(talloc_tos(), struct winreg_SaveKey);
 	if (r == NULL) {
 		return false;
 	}
@@ -1669,7 +1669,7 @@ static bool api_winreg_SetKeySecurity(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_SETKEYSECURITY];
 
-	r = talloc(NULL, struct winreg_SetKeySecurity);
+	r = talloc(talloc_tos(), struct winreg_SetKeySecurity);
 	if (r == NULL) {
 		return false;
 	}
@@ -1742,7 +1742,7 @@ static bool api_winreg_SetValue(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_SETVALUE];
 
-	r = talloc(NULL, struct winreg_SetValue);
+	r = talloc(talloc_tos(), struct winreg_SetValue);
 	if (r == NULL) {
 		return false;
 	}
@@ -1815,7 +1815,7 @@ static bool api_winreg_UnLoadKey(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_UNLOADKEY];
 
-	r = talloc(NULL, struct winreg_UnLoadKey);
+	r = talloc(talloc_tos(), struct winreg_UnLoadKey);
 	if (r == NULL) {
 		return false;
 	}
@@ -1888,7 +1888,7 @@ static bool api_winreg_InitiateSystemShutdown(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_INITIATESYSTEMSHUTDOWN];
 
-	r = talloc(NULL, struct winreg_InitiateSystemShutdown);
+	r = talloc(talloc_tos(), struct winreg_InitiateSystemShutdown);
 	if (r == NULL) {
 		return false;
 	}
@@ -1961,7 +1961,7 @@ static bool api_winreg_AbortSystemShutdown(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_ABORTSYSTEMSHUTDOWN];
 
-	r = talloc(NULL, struct winreg_AbortSystemShutdown);
+	r = talloc(talloc_tos(), struct winreg_AbortSystemShutdown);
 	if (r == NULL) {
 		return false;
 	}
@@ -2034,7 +2034,7 @@ static bool api_winreg_GetVersion(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_GETVERSION];
 
-	r = talloc(NULL, struct winreg_GetVersion);
+	r = talloc(talloc_tos(), struct winreg_GetVersion);
 	if (r == NULL) {
 		return false;
 	}
@@ -2114,7 +2114,7 @@ static bool api_winreg_OpenHKCC(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_OPENHKCC];
 
-	r = talloc(NULL, struct winreg_OpenHKCC);
+	r = talloc(talloc_tos(), struct winreg_OpenHKCC);
 	if (r == NULL) {
 		return false;
 	}
@@ -2194,7 +2194,7 @@ static bool api_winreg_OpenHKDD(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_OPENHKDD];
 
-	r = talloc(NULL, struct winreg_OpenHKDD);
+	r = talloc(talloc_tos(), struct winreg_OpenHKDD);
 	if (r == NULL) {
 		return false;
 	}
@@ -2274,7 +2274,7 @@ static bool api_winreg_QueryMultipleValues(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_QUERYMULTIPLEVALUES];
 
-	r = talloc(NULL, struct winreg_QueryMultipleValues);
+	r = talloc(talloc_tos(), struct winreg_QueryMultipleValues);
 	if (r == NULL) {
 		return false;
 	}
@@ -2351,7 +2351,7 @@ static bool api_winreg_InitiateSystemShutdownEx(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_INITIATESYSTEMSHUTDOWNEX];
 
-	r = talloc(NULL, struct winreg_InitiateSystemShutdownEx);
+	r = talloc(talloc_tos(), struct winreg_InitiateSystemShutdownEx);
 	if (r == NULL) {
 		return false;
 	}
@@ -2424,7 +2424,7 @@ static bool api_winreg_SaveKeyEx(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_SAVEKEYEX];
 
-	r = talloc(NULL, struct winreg_SaveKeyEx);
+	r = talloc(talloc_tos(), struct winreg_SaveKeyEx);
 	if (r == NULL) {
 		return false;
 	}
@@ -2497,7 +2497,7 @@ static bool api_winreg_OpenHKPT(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_OPENHKPT];
 
-	r = talloc(NULL, struct winreg_OpenHKPT);
+	r = talloc(talloc_tos(), struct winreg_OpenHKPT);
 	if (r == NULL) {
 		return false;
 	}
@@ -2577,7 +2577,7 @@ static bool api_winreg_OpenHKPN(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_OPENHKPN];
 
-	r = talloc(NULL, struct winreg_OpenHKPN);
+	r = talloc(talloc_tos(), struct winreg_OpenHKPN);
 	if (r == NULL) {
 		return false;
 	}
@@ -2657,7 +2657,7 @@ static bool api_winreg_QueryMultipleValues2(pipes_struct *p)
 
 	call = &ndr_table_winreg.calls[NDR_WINREG_QUERYMULTIPLEVALUES2];
 
-	r = talloc(NULL, struct winreg_QueryMultipleValues2);
+	r = talloc(talloc_tos(), struct winreg_QueryMultipleValues2);
 	if (r == NULL) {
 		return false;
 	}
diff --git a/source3/librpc/gen_ndr/srv_wkssvc.c b/source3/librpc/gen_ndr/srv_wkssvc.c
index ddbf3aa373..90e6f482f4 100644
--- a/source3/librpc/gen_ndr/srv_wkssvc.c
+++ b/source3/librpc/gen_ndr/srv_wkssvc.c
@@ -17,7 +17,7 @@ static bool api_wkssvc_NetWkstaGetInfo(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETWKSTAGETINFO];
 
-	r = talloc(NULL, struct wkssvc_NetWkstaGetInfo);
+	r = talloc(talloc_tos(), struct wkssvc_NetWkstaGetInfo);
 	if (r == NULL) {
 		return false;
 	}
@@ -97,7 +97,7 @@ static bool api_wkssvc_NetWkstaSetInfo(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETWKSTASETINFO];
 
-	r = talloc(NULL, struct wkssvc_NetWkstaSetInfo);
+	r = talloc(talloc_tos(), struct wkssvc_NetWkstaSetInfo);
 	if (r == NULL) {
 		return false;
 	}
@@ -172,7 +172,7 @@ static bool api_wkssvc_NetWkstaEnumUsers(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETWKSTAENUMUSERS];
 
-	r = talloc(NULL, struct wkssvc_NetWkstaEnumUsers);
+	r = talloc(talloc_tos(), struct wkssvc_NetWkstaEnumUsers);
 	if (r == NULL) {
 		return false;
 	}
@@ -254,7 +254,7 @@ static bool api_wkssvc_NetrWkstaUserGetInfo(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRWKSTAUSERGETINFO];
 
-	r = talloc(NULL, struct wkssvc_NetrWkstaUserGetInfo);
+	r = talloc(talloc_tos(), struct wkssvc_NetrWkstaUserGetInfo);
 	if (r == NULL) {
 		return false;
 	}
@@ -334,7 +334,7 @@ static bool api_wkssvc_NetrWkstaUserSetInfo(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRWKSTAUSERSETINFO];
 
-	r = talloc(NULL, struct wkssvc_NetrWkstaUserSetInfo);
+	r = talloc(talloc_tos(), struct wkssvc_NetrWkstaUserSetInfo);
 	if (r == NULL) {
 		return false;
 	}
@@ -409,7 +409,7 @@ static bool api_wkssvc_NetWkstaTransportEnum(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETWKSTATRANSPORTENUM];
 
-	r = talloc(NULL, struct wkssvc_NetWkstaTransportEnum);
+	r = talloc(talloc_tos(), struct wkssvc_NetWkstaTransportEnum);
 	if (r == NULL) {
 		return false;
 	}
@@ -491,7 +491,7 @@ static bool api_wkssvc_NetrWkstaTransportAdd(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRWKSTATRANSPORTADD];
 
-	r = talloc(NULL, struct wkssvc_NetrWkstaTransportAdd);
+	r = talloc(talloc_tos(), struct wkssvc_NetrWkstaTransportAdd);
 	if (r == NULL) {
 		return false;
 	}
@@ -566,7 +566,7 @@ static bool api_wkssvc_NetrWkstaTransportDel(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRWKSTATRANSPORTDEL];
 
-	r = talloc(NULL, struct wkssvc_NetrWkstaTransportDel);
+	r = talloc(talloc_tos(), struct wkssvc_NetrWkstaTransportDel);
 	if (r == NULL) {
 		return false;
 	}
@@ -639,7 +639,7 @@ static bool api_wkssvc_NetrUseAdd(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRUSEADD];
 
-	r = talloc(NULL, struct wkssvc_NetrUseAdd);
+	r = talloc(talloc_tos(), struct wkssvc_NetrUseAdd);
 	if (r == NULL) {
 		return false;
 	}
@@ -714,7 +714,7 @@ static bool api_wkssvc_NetrUseGetInfo(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRUSEGETINFO];
 
-	r = talloc(NULL, struct wkssvc_NetrUseGetInfo);
+	r = talloc(talloc_tos(), struct wkssvc_NetrUseGetInfo);
 	if (r == NULL) {
 		return false;
 	}
@@ -794,7 +794,7 @@ static bool api_wkssvc_NetrUseDel(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRUSEDEL];
 
-	r = talloc(NULL, struct wkssvc_NetrUseDel);
+	r = talloc(talloc_tos(), struct wkssvc_NetrUseDel);
 	if (r == NULL) {
 		return false;
 	}
@@ -867,7 +867,7 @@ static bool api_wkssvc_NetrUseEnum(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRUSEENUM];
 
-	r = talloc(NULL, struct wkssvc_NetrUseEnum);
+	r = talloc(talloc_tos(), struct wkssvc_NetrUseEnum);
 	if (r == NULL) {
 		return false;
 	}
@@ -949,7 +949,7 @@ static bool api_wkssvc_NetrMessageBufferSend(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRMESSAGEBUFFERSEND];
 
-	r = talloc(NULL, struct wkssvc_NetrMessageBufferSend);
+	r = talloc(talloc_tos(), struct wkssvc_NetrMessageBufferSend);
 	if (r == NULL) {
 		return false;
 	}
@@ -1022,7 +1022,7 @@ static bool api_wkssvc_NetrWorkstationStatisticsGet(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRWORKSTATIONSTATISTICSGET];
 
-	r = talloc(NULL, struct wkssvc_NetrWorkstationStatisticsGet);
+	r = talloc(talloc_tos(), struct wkssvc_NetrWorkstationStatisticsGet);
 	if (r == NULL) {
 		return false;
 	}
@@ -1102,7 +1102,7 @@ static bool api_wkssvc_NetrLogonDomainNameAdd(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRLOGONDOMAINNAMEADD];
 
-	r = talloc(NULL, struct wkssvc_NetrLogonDomainNameAdd);
+	r = talloc(talloc_tos(), struct wkssvc_NetrLogonDomainNameAdd);
 	if (r == NULL) {
 		return false;
 	}
@@ -1175,7 +1175,7 @@ static bool api_wkssvc_NetrLogonDomainNameDel(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRLOGONDOMAINNAMEDEL];
 
-	r = talloc(NULL, struct wkssvc_NetrLogonDomainNameDel);
+	r = talloc(talloc_tos(), struct wkssvc_NetrLogonDomainNameDel);
 	if (r == NULL) {
 		return false;
 	}
@@ -1248,7 +1248,7 @@ static bool api_wkssvc_NetrJoinDomain(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRJOINDOMAIN];
 
-	r = talloc(NULL, struct wkssvc_NetrJoinDomain);
+	r = talloc(talloc_tos(), struct wkssvc_NetrJoinDomain);
 	if (r == NULL) {
 		return false;
 	}
@@ -1321,7 +1321,7 @@ static bool api_wkssvc_NetrUnjoinDomain(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRUNJOINDOMAIN];
 
-	r = talloc(NULL, struct wkssvc_NetrUnjoinDomain);
+	r = talloc(talloc_tos(), struct wkssvc_NetrUnjoinDomain);
 	if (r == NULL) {
 		return false;
 	}
@@ -1394,7 +1394,7 @@ static bool api_wkssvc_NetrRenameMachineInDomain(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRRENAMEMACHINEINDOMAIN];
 
-	r = talloc(NULL, struct wkssvc_NetrRenameMachineInDomain);
+	r = talloc(talloc_tos(), struct wkssvc_NetrRenameMachineInDomain);
 	if (r == NULL) {
 		return false;
 	}
@@ -1467,7 +1467,7 @@ static bool api_wkssvc_NetrValidateName(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRVALIDATENAME];
 
-	r = talloc(NULL, struct wkssvc_NetrValidateName);
+	r = talloc(talloc_tos(), struct wkssvc_NetrValidateName);
 	if (r == NULL) {
 		return false;
 	}
@@ -1540,7 +1540,7 @@ static bool api_wkssvc_NetrGetJoinInformation(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRGETJOININFORMATION];
 
-	r = talloc(NULL, struct wkssvc_NetrGetJoinInformation);
+	r = talloc(talloc_tos(), struct wkssvc_NetrGetJoinInformation);
 	if (r == NULL) {
 		return false;
 	}
@@ -1621,7 +1621,7 @@ static bool api_wkssvc_NetrGetJoinableOus(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRGETJOINABLEOUS];
 
-	r = talloc(NULL, struct wkssvc_NetrGetJoinableOus);
+	r = talloc(talloc_tos(), struct wkssvc_NetrGetJoinableOus);
 	if (r == NULL) {
 		return false;
 	}
@@ -1650,7 +1650,7 @@ static bool api_wkssvc_NetrGetJoinableOus(pipes_struct *p)
 
 	ZERO_STRUCT(r->out);
 	r->out.num_ous = r->in.num_ous;
-	r->out.ous = talloc_zero_array(r, const char **, *r->out.num_ous);
+	r->out.ous = talloc_zero(r, const char **);
 	if (r->out.ous == NULL) {
 		talloc_free(r);
 		return false;
@@ -1702,7 +1702,7 @@ static bool api_wkssvc_NetrJoinDomain2(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRJOINDOMAIN2];
 
-	r = talloc(NULL, struct wkssvc_NetrJoinDomain2);
+	r = talloc(talloc_tos(), struct wkssvc_NetrJoinDomain2);
 	if (r == NULL) {
 		return false;
 	}
@@ -1775,7 +1775,7 @@ static bool api_wkssvc_NetrUnjoinDomain2(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRUNJOINDOMAIN2];
 
-	r = talloc(NULL, struct wkssvc_NetrUnjoinDomain2);
+	r = talloc(talloc_tos(), struct wkssvc_NetrUnjoinDomain2);
 	if (r == NULL) {
 		return false;
 	}
@@ -1848,7 +1848,7 @@ static bool api_wkssvc_NetrRenameMachineInDomain2(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRRENAMEMACHINEINDOMAIN2];
 
-	r = talloc(NULL, struct wkssvc_NetrRenameMachineInDomain2);
+	r = talloc(talloc_tos(), struct wkssvc_NetrRenameMachineInDomain2);
 	if (r == NULL) {
 		return false;
 	}
@@ -1921,7 +1921,7 @@ static bool api_wkssvc_NetrValidateName2(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRVALIDATENAME2];
 
-	r = talloc(NULL, struct wkssvc_NetrValidateName2);
+	r = talloc(talloc_tos(), struct wkssvc_NetrValidateName2);
 	if (r == NULL) {
 		return false;
 	}
@@ -1994,7 +1994,7 @@ static bool api_wkssvc_NetrGetJoinableOus2(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRGETJOINABLEOUS2];
 
-	r = talloc(NULL, struct wkssvc_NetrGetJoinableOus2);
+	r = talloc(talloc_tos(), struct wkssvc_NetrGetJoinableOus2);
 	if (r == NULL) {
 		return false;
 	}
@@ -2023,7 +2023,7 @@ static bool api_wkssvc_NetrGetJoinableOus2(pipes_struct *p)
 
 	ZERO_STRUCT(r->out);
 	r->out.num_ous = r->in.num_ous;
-	r->out.ous = talloc_zero_array(r, const char **, *r->out.num_ous);
+	r->out.ous = talloc_zero(r, const char **);
 	if (r->out.ous == NULL) {
 		talloc_free(r);
 		return false;
@@ -2075,7 +2075,7 @@ static bool api_wkssvc_NetrAddAlternateComputerName(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRADDALTERNATECOMPUTERNAME];
 
-	r = talloc(NULL, struct wkssvc_NetrAddAlternateComputerName);
+	r = talloc(talloc_tos(), struct wkssvc_NetrAddAlternateComputerName);
 	if (r == NULL) {
 		return false;
 	}
@@ -2148,7 +2148,7 @@ static bool api_wkssvc_NetrRemoveAlternateComputerName(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRREMOVEALTERNATECOMPUTERNAME];
 
-	r = talloc(NULL, struct wkssvc_NetrRemoveAlternateComputerName);
+	r = talloc(talloc_tos(), struct wkssvc_NetrRemoveAlternateComputerName);
 	if (r == NULL) {
 		return false;
 	}
@@ -2221,7 +2221,7 @@ static bool api_wkssvc_NetrSetPrimaryComputername(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRSETPRIMARYCOMPUTERNAME];
 
-	r = talloc(NULL, struct wkssvc_NetrSetPrimaryComputername);
+	r = talloc(talloc_tos(), struct wkssvc_NetrSetPrimaryComputername);
 	if (r == NULL) {
 		return false;
 	}
@@ -2294,7 +2294,7 @@ static bool api_wkssvc_NetrEnumerateComputerNames(pipes_struct *p)
 
 	call = &ndr_table_wkssvc.calls[NDR_WKSSVC_NETRENUMERATECOMPUTERNAMES];
 
-	r = talloc(NULL, struct wkssvc_NetrEnumerateComputerNames);
+	r = talloc(talloc_tos(), struct wkssvc_NetrEnumerateComputerNames);
 	if (r == NULL) {
 		return false;
 	}
diff --git a/source3/librpc/gen_ndr/srvsvc.h b/source3/librpc/gen_ndr/srvsvc.h
index bc167bb31c..6e6c7829a0 100644
--- a/source3/librpc/gen_ndr/srvsvc.h
+++ b/source3/librpc/gen_ndr/srvsvc.h
@@ -11,10 +11,6 @@
 #define STYPE_HIDDEN	( 0x80000000 )
 #define SHARE_1005_CSC_POLICY_MASK	( 0x00000030 )
 #define SHARE_1005_CSC_POLICY_SHIFT	( 4 )
-;
-
-;
-
 struct srvsvc_NetCharDevInfo0 {
 	const char *device;/* [unique,charset(UTF16)] */
 };
@@ -325,8 +321,6 @@ struct srvsvc_NetShareCtr1004 {
 #define SHARE_1005_IN_DFS ( 0x00000001 )
 #define SHARE_1005_DFS_ROOT ( 0x00000002 )
 
-;
-
 struct srvsvc_NetShareInfo1005 {
 	uint32_t dfs_flags;
 };
diff --git a/source3/librpc/gen_ndr/svcctl.h b/source3/librpc/gen_ndr/svcctl.h
index f0e476c105..c13e96b2a0 100644
--- a/source3/librpc/gen_ndr/svcctl.h
+++ b/source3/librpc/gen_ndr/svcctl.h
@@ -68,8 +68,6 @@ struct ENUM_SERVICE_STATUS {
 #define SV_TYPE_LOCAL_LIST_ONLY ( 0x40000000 )
 #define SV_TYPE_DOMAIN_ENUM ( 0x80000000 )
 
-;
-
 enum SERVICE_CONTROL
 #ifndef USE_UINT_ENUMS
  {
@@ -136,6 +134,14 @@ struct svcctl_LockServiceDatabase {
 
 struct svcctl_QueryServiceObjectSecurity {
 	struct {
+		struct policy_handle *handle;/* [ref] */
+		uint32_t security_flags;
+		uint32_t buffer_size;/* [range(0,0x40000)] */
+	} in;
+
+	struct {
+		uint8_t *buffer;/* [ref,size_is(buffer_size)] */
+		uint32_t *needed;/* [ref,range(0,0x40000)] */
 		WERROR result;
 	} out;
 
@@ -144,6 +150,13 @@ struct svcctl_QueryServiceObjectSecurity {
 
 struct svcctl_SetServiceObjectSecurity {
 	struct {
+		struct policy_handle *handle;/* [ref] */
+		uint32_t security_flags;
+		uint8_t *buffer;/* [ref,size_is(buffer_size)] */
+		uint32_t buffer_size;
+	} in;
+
+	struct {
 		WERROR result;
 	} out;
 
diff --git a/source3/librpc/gen_ndr/unixinfo.h b/source3/librpc/gen_ndr/unixinfo.h
deleted file mode 100644
index 34dc27f469..0000000000
--- a/source3/librpc/gen_ndr/unixinfo.h
+++ /dev/null
@@ -1,82 +0,0 @@
-/* header auto-generated by pidl */
-
-#include <stdint.h>
-
-#include "librpc/gen_ndr/security.h"
-#ifndef _HEADER_unixinfo
-#define _HEADER_unixinfo
-
-struct unixinfo_GetPWUidInfo {
-	NTSTATUS status;
-	const char * homedir;/* [flag(LIBNDR_FLAG_STR_UTF8|LIBNDR_FLAG_STR_NULLTERM)] */
-	const char * shell;/* [flag(LIBNDR_FLAG_STR_UTF8|LIBNDR_FLAG_STR_NULLTERM)] */
-};
-
-
-struct unixinfo_SidToUid {
-	struct {
-		struct dom_sid sid;
-	} in;
-
-	struct {
-		uint64_t *uid;/* [ref] */
-		NTSTATUS result;
-	} out;
-
-};
-
-
-struct unixinfo_UidToSid {
-	struct {
-		uint64_t uid;
-	} in;
-
-	struct {
-		struct dom_sid *sid;/* [ref] */
-		NTSTATUS result;
-	} out;
-
-};
-
-
-struct unixinfo_SidToGid {
-	struct {
-		struct dom_sid sid;
-	} in;
-
-	struct {
-		uint64_t *gid;/* [ref] */
-		NTSTATUS result;
-	} out;
-
-};
-
-
-struct unixinfo_GidToSid {
-	struct {
-		uint64_t gid;
-	} in;
-
-	struct {
-		struct dom_sid *sid;/* [ref] */
-		NTSTATUS result;
-	} out;
-
-};
-
-
-struct unixinfo_GetPWUid {
-	struct {
-		uint64_t *uids;/* [size_is(*count)] */
-		uint32_t *count;/* [ref,range(0 1023)] */
-	} in;
-
-	struct {
-		struct unixinfo_GetPWUidInfo *infos;/* [size_is(*count)] */
-		uint32_t *count;/* [ref,range(0 1023)] */
-		NTSTATUS result;
-	} out;
-
-};
-
-#endif /* _HEADER_unixinfo */
diff --git a/source3/librpc/gen_ndr/winreg.h b/source3/librpc/gen_ndr/winreg.h
index 8c498963b6..5570b310cd 100644
--- a/source3/librpc/gen_ndr/winreg.h
+++ b/source3/librpc/gen_ndr/winreg.h
@@ -8,8 +8,6 @@
 #ifndef _HEADER_winreg
 #define _HEADER_winreg
 
-;
-
 /* bitmap winreg_AccessMask */
 #define KEY_QUERY_VALUE ( 0x00001 )
 #define KEY_SET_VALUE ( 0x00002 )
@@ -20,8 +18,6 @@
 #define KEY_WOW64_64KEY ( 0x00100 )
 #define KEY_WOW64_32KEY ( 0x00200 )
 
-;
-
 enum winreg_Type
 #ifndef USE_UINT_ENUMS
  {
diff --git a/source3/librpc/gen_ndr/wkssvc.h b/source3/librpc/gen_ndr/wkssvc.h
index b4df7c2d8f..088ad6632b 100644
--- a/source3/librpc/gen_ndr/wkssvc.h
+++ b/source3/librpc/gen_ndr/wkssvc.h
@@ -415,8 +415,6 @@ struct wkssvc_NetrWorkstationStatistics {
 /* bitmap wkssvc_renameflags */
 #define WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE ( 0x00000002 )
 
-;
-
 enum wkssvc_NetValidateNameType
 #ifndef USE_UINT_ENUMS
  {
@@ -471,8 +469,6 @@ struct wkssvc_PasswordBuffer {
 #define WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE ( 0x00000002 )
 #define WKSSVC_JOIN_FLAGS_JOIN_TYPE ( 0x00000001 )
 
-;
-
 enum wkssvc_ComputerNameType
 #ifndef USE_UINT_ENUMS
  {
@@ -830,7 +826,7 @@ struct wkssvc_NetrGetJoinableOus {
 	} in;
 
 	struct {
-		const char ***ous;/* [ref,charset(UTF16),size_is(*num_ous)] */
+		const char ***ous;/* [ref,charset(UTF16),size_is(,*num_ous)] */
 		uint32_t *num_ous;/* [ref] */
 		WERROR result;
 	} out;
@@ -912,7 +908,7 @@ struct wkssvc_NetrGetJoinableOus2 {
 	} in;
 
 	struct {
-		const char ***ous;/* [ref,charset(UTF16),size_is(*num_ous)] */
+		const char ***ous;/* [ref,charset(UTF16),size_is(,*num_ous)] */
 		uint32_t *num_ous;/* [ref] */
 		WERROR result;
 	} out;
diff --git a/source3/librpc/idl/dfs.idl b/source3/librpc/idl/dfs.idl
index 2b519b15d5..d4c05f9936 100644
--- a/source3/librpc/idl/dfs.idl
+++ b/source3/librpc/idl/dfs.idl
@@ -5,7 +5,8 @@
 [ uuid("4fc742e0-4a10-11cf-8273-00aa004ae673"),
   version(3.0),
   pointer_default(unique),
-  helpstring("Settings for Microsoft Distributed File System")
+  helpstring("Settings for Microsoft Distributed File System"),
+  endpoint("ncacn_np:[\\pipe\\netdfs]", "ncacn_ip_tcp:", "ncalrpc:")
 ] interface netdfs
 {
 	/******************/
@@ -49,12 +50,11 @@
 		[string,charset(UTF16)] uint16 *path;
 	} dfs_Info1;
 
-	/* first 4 bits unverified yet */
 	typedef [public,bitmap32bit] bitmap {
 		DFS_VOLUME_STATE_OK 		= 0x1,
 		DFS_VOLUME_STATE_INCONSISTENT 	= 0x2,
-		DFS_VOLUME_STATE_OFFLINE 	= 0x4,
-		DFS_VOLUME_STATE_ONLINE		= 0x8,
+		DFS_VOLUME_STATE_OFFLINE 	= 0x3,
+		DFS_VOLUME_STATE_ONLINE		= 0x4,
 		DFS_VOLUME_STATE_STANDALONE	= DFS_VOLUME_FLAVOR_STANDALONE,
 		DFS_VOLUME_STATE_AD_BLOB	= DFS_VOLUME_FLAVOR_AD_BLOB
 	} dfs_VolumeState;
@@ -263,6 +263,16 @@
 
 	typedef struct {
 		uint32 count;
+		[size_is(count)] dfs_Info5 *s;
+	} dfs_EnumArray5;
+
+	typedef struct {
+		uint32 count;
+		[size_is(count)] dfs_Info6 *s;
+	} dfs_EnumArray6;
+
+	typedef struct {
+		uint32 count;
 		[size_is(count)] dfs_Info200 *s;
 	} dfs_EnumArray200;
 
@@ -277,6 +287,8 @@
 		[case(2)] dfs_EnumArray2 *info2;
 		[case(3)] dfs_EnumArray3 *info3;
 		[case(4)] dfs_EnumArray4 *info4;
+		[case(5)] dfs_EnumArray5 *info5;
+		[case(6)] dfs_EnumArray6 *info6;
 		[case(200)] dfs_EnumArray200 *info200;
 		[case(300)] dfs_EnumArray300 *info300;
 	} dfs_EnumInfo;
@@ -363,10 +375,20 @@
 		);
 
 	/* Function 0x10 */
-	WERROR dfs_GetDcAddress();
+	WERROR dfs_GetDcAddress(
+		[in]		[string,charset(UTF16)] uint16 servername[],
+		[in,out,ref]	[string,charset(UTF16)] uint16 **server_fullname,
+		[in,out,ref] 	boolean8 *is_root,
+		[in,out,ref] 	uint32 *ttl
+		);
 
 	/* Function 0x11 */
-	WERROR dfs_SetDcAddress();
+	WERROR dfs_SetDcAddress(
+		[in]		[string,charset(UTF16)] uint16 servername[],
+		[in]		[string,charset(UTF16)] uint16 server_fullname[],
+		[in]		uint32	flags,
+		[in]		uint32	ttl
+		);
 
 	/* Function 0x12 */
 	WERROR dfs_FlushFtTable(
diff --git a/source3/librpc/idl/dssetup.idl b/source3/librpc/idl/dssetup.idl
new file mode 100644
index 0000000000..af6350cc43
--- /dev/null
+++ b/source3/librpc/idl/dssetup.idl
@@ -0,0 +1,101 @@
+/*
+  dssetup interface definition
+*/
+
+import "misc.idl";
+
+[
+	uuid("3919286a-b10c-11d0-9ba8-00c04fd92ef5"),
+	version(0.0),
+	endpoint("ncacn_np:[\\pipe\\lsarpc]", "ncacn_np:[\\pipe\\lsass]", "ncacn_ip_tcp:", "ncalrpc:"),
+	pointer_default(unique),
+	helpstring("Active Directory Setup")
+] interface dssetup
+{
+	/**********************************************/
+	/* Function 0x00                              */
+
+	typedef enum {
+		DS_ROLE_STANDALONE_WORKSTATION = 0,
+		DS_ROLE_MEMBER_WORKSTATION     = 1,
+		DS_ROLE_STANDALONE_SERVER      = 2,
+		DS_ROLE_MEMBER_SERVER          = 3,
+		DS_ROLE_BACKUP_DC              = 4,
+		DS_ROLE_PRIMARY_DC             = 5
+	} dssetup_DsRole;
+
+	typedef [bitmap32bit] bitmap {
+		DS_ROLE_PRIMARY_DS_RUNNING		= 0x00000001,
+		DS_ROLE_PRIMARY_DS_MIXED_MODE		= 0x00000002,
+		DS_ROLE_UPGRADE_IN_PROGRESS		= 0x00000004,
+		DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT	= 0x01000000
+	} dssetup_DsRoleFlags;
+
+	typedef struct {
+		dssetup_DsRole		role;
+		dssetup_DsRoleFlags	flags;
+		[charset(UTF16),string] uint16			*domain;
+		[charset(UTF16),string] uint16			*dns_domain;
+		[charset(UTF16),string] uint16			*forest;
+		GUID			domain_guid;
+	} dssetup_DsRolePrimaryDomInfoBasic;
+
+	typedef [v1_enum] enum {
+		DS_ROLE_NOT_UPGRADING = 0,
+		DS_ROLE_UPGRADING     = 1
+	} dssetup_DsUpgrade;
+
+	typedef enum {
+		DS_ROLE_PREVIOUS_UNKNOWN = 0,
+		DS_ROLE_PREVIOUS_PRIMARY = 1,
+		DS_ROLE_PREVIOUS_BACKUP  = 2
+	} dssetup_DsPrevious;
+
+	typedef struct {
+		dssetup_DsUpgrade	upgrading;
+		dssetup_DsPrevious	previous_role;
+	} dssetup_DsRoleUpgradeStatus;
+
+	typedef enum {
+		DS_ROLE_OP_IDLE         = 0,
+		DS_ROLE_OP_ACTIVE       = 1,
+		DS_ROLE_OP_NEEDS_REBOOT = 2
+	} dssetup_DsRoleOp;
+
+	typedef struct {
+		dssetup_DsRoleOp status;
+	} dssetup_DsRoleOpStatus;
+
+	typedef enum {
+		DS_ROLE_BASIC_INFORMATION	= 1,
+		DS_ROLE_UPGRADE_STATUS		= 2,
+		DS_ROLE_OP_STATUS		= 3
+	} dssetup_DsRoleInfoLevel;
+
+	typedef [switch_type(dssetup_DsRoleInfoLevel)] union {
+		[case(DS_ROLE_BASIC_INFORMATION)] dssetup_DsRolePrimaryDomInfoBasic	basic;
+		[case(DS_ROLE_UPGRADE_STATUS)]    dssetup_DsRoleUpgradeStatus    	upgrade;
+		[case(DS_ROLE_OP_STATUS)]         dssetup_DsRoleOpStatus		opstatus;
+	} dssetup_DsRoleInfo;
+
+	WERROR dssetup_DsRoleGetPrimaryDomainInformation(
+		[in] dssetup_DsRoleInfoLevel level,
+		[out,switch_is(level),unique] dssetup_DsRoleInfo *info
+		);
+
+	/*
+	  w2k3 has removed all the calls below from their implementation.
+	  These stubs are left here only as a way of documenting the names
+	  of the calls in case they ever turn up on the wire.
+	*/
+	WERROR dssetup_DsRoleDnsNameToFlatName();
+	WERROR dssetup_DsRoleDcAsDc();
+	WERROR dssetup_DsRoleDcAsReplica();
+	WERROR dssetup_DsRoleDemoteDc();
+	WERROR dssetup_DsRoleGetDcOperationProgress();
+	WERROR dssetup_DsRoleGetDcOperationResults();
+	WERROR dssetup_DsRoleCancel();
+	WERROR dssetup_DsRoleServerSaveStateForUpgrade();
+	WERROR dssetup_DsRoleUpgradeDownlevelServer();
+	WERROR dssetup_DsRoleAbortDownlevelServerUpgrade();
+}
diff --git a/source3/librpc/idl/echo.idl b/source3/librpc/idl/echo.idl
index fa030be761..5ea37f1ac1 100644
--- a/source3/librpc/idl/echo.idl
+++ b/source3/librpc/idl/echo.idl
@@ -50,9 +50,9 @@ interface rpcecho
 		uint32 v;
 	} echo_info3;
 
-	typedef struct {
+	struct echo_info4 {
 		hyper v;
-	} echo_info4;
+	};
 
 	typedef struct {
 		uint8 v1;
@@ -66,14 +66,14 @@ interface rpcecho
 
 	typedef struct {
 		uint8 v1;
-		echo_info4 info4;
+		struct echo_info4 info4;
 	} echo_info7;
 
 	typedef [switch_type(uint16)] union {
 		[case(1)]  echo_info1 info1;
 		[case(2)]  echo_info2 info2;
 		[case(3)]  echo_info3 info3;
-		[case(4)]  echo_info4 info4;
+		[case(4)]  struct echo_info4 info4;
 		[case(5)]  echo_info5 info5;
 		[case(6)]  echo_info6 info6;
 		[case(7)]  echo_info7 info7;
diff --git a/source3/librpc/idl/eventlog.idl b/source3/librpc/idl/eventlog.idl
index e088137ccf..18b1a0e454 100644
--- a/source3/librpc/idl/eventlog.idl
+++ b/source3/librpc/idl/eventlog.idl
@@ -3,11 +3,11 @@
 /*
   eventlog interface definition
 */
+
 import "lsa.idl", "security.idl";
 
 [ uuid("82273fdc-e32a-18c3-3f78-827929dc23ea"),
   version(0.0),
-  pointer_default(unique),
   helpstring("Event Logger")
 ] interface eventlog
 {
@@ -59,7 +59,7 @@ import "lsa.idl", "security.idl";
 	/* Function: 0x00 */
 	NTSTATUS eventlog_ClearEventLogW(
 		[in] policy_handle *handle,
-		[in,unique] lsa_String *unknown
+		[in,unique] lsa_String *backupfile
 	);
 
 	/******************/
@@ -80,12 +80,15 @@ import "lsa.idl", "security.idl";
 	/* Function: 0x04 */
 	NTSTATUS eventlog_GetNumRecords(
 		[in] policy_handle *handle,
-		[out,ref] uint32 *number
+		[out] uint32 *number
 	);
 
 	/******************/
 	/* Function: 0x05 */
-	NTSTATUS eventlog_GetOldestRecord();
+	NTSTATUS eventlog_GetOldestRecord(
+		[in] policy_handle *handle,
+		[out,ref] uint32 *oldest_entry
+	);
 
 	/******************/
 	/* Function: 0x06 */
@@ -95,8 +98,8 @@ import "lsa.idl", "security.idl";
 	/* Function: 0x07 */
 	NTSTATUS eventlog_OpenEventLogW(
 		[in,unique]	    eventlog_OpenUnknown0 *unknown0,
-		[in]	    lsa_String logname,
-		[in]	    lsa_String servername,
+		[in,ref]    lsa_String *logname,
+		[in,ref]    lsa_String *servername,
 		[in]	    uint32 unknown2,
 		[in]	    uint32 unknown3,
 		[out]   policy_handle *handle
@@ -116,8 +119,8 @@ import "lsa.idl", "security.idl";
 		[in] policy_handle *handle,
 		[in] uint32 flags,
 		[in] uint32 offset,
-		[in] uint32 number_of_bytes,
-		[out,size_is(number_of_bytes)] uint8 *data,
+		[in] [range(0,0x7FFFF)] uint32 number_of_bytes,
+		[out,ref,size_is(number_of_bytes)] uint8 *data,
 		[out,ref] uint32 *sent_size,
 		[out,ref] uint32 *real_size
 	);
diff --git a/source3/librpc/idl/initshutdown.idl b/source3/librpc/idl/initshutdown.idl
index 50d49637c2..868e48e28a 100644
--- a/source3/librpc/idl/initshutdown.idl
+++ b/source3/librpc/idl/initshutdown.idl
@@ -18,8 +18,8 @@
 	} initshutdown_String_sub;
 
 	typedef [public] struct {
-		[value(strlen_m(r->name->name)*2)] uint16 name_len;
-		[value(strlen_m_term(r->name->name)*2)] uint16 name_size;
+		[value(strlen_m(name->name)*2)] uint16 name_len;
+		[value(strlen_m_term(name->name)*2)] uint16 name_size;
 		initshutdown_String_sub *name;
 	} initshutdown_String;
 
diff --git a/source3/librpc/idl/krb5pac.idl b/source3/librpc/idl/krb5pac.idl
new file mode 100644
index 0000000000..601e3e1a27
--- /dev/null
+++ b/source3/librpc/idl/krb5pac.idl
@@ -0,0 +1,104 @@
+/*
+  krb5 PAC
+*/
+
+#include "idl_types.h"
+
+import "security.idl", "netlogon.idl", "samr.idl";
+
+[
+  uuid("12345778-1234-abcd-0000-00000000"),
+  version(0.0),
+  pointer_default(unique),
+  helpstring("Active Directory KRB5 PAC")
+]
+interface krb5pac
+{
+	typedef struct {
+		NTTIME logon_time;
+		[value(2*strlen_m(account_name))] uint16 size;
+		[charset(UTF16)] uint8 account_name[size];
+	} PAC_LOGON_NAME;
+
+	typedef [public,flag(NDR_PAHEX)] struct {
+		uint32 type;
+		[flag(NDR_REMAINING)] DATA_BLOB signature;
+	} PAC_SIGNATURE_DATA;
+
+	typedef [gensize] struct {
+		netr_SamInfo3 info3;
+		dom_sid2 *res_group_dom_sid;
+		samr_RidWithAttributeArray res_groups;
+	} PAC_LOGON_INFO;
+
+	typedef [public] struct {
+		[value(0x00081001)] uint32 unknown1;
+		[value(0xCCCCCCCC)] uint32 unknown2;
+		[value(NDR_ROUND(ndr_size_PAC_LOGON_INFO(info, ndr->flags)+4,8))] uint32 _ndr_size;
+		[value(0x00000000)] uint32 unknown3;
+		PAC_LOGON_INFO *info;
+	} PAC_LOGON_INFO_CTR;
+
+	typedef [public,v1_enum] enum {
+		PAC_TYPE_LOGON_INFO = 1,
+		PAC_TYPE_SRV_CHECKSUM = 6,
+		PAC_TYPE_KDC_CHECKSUM = 7,
+		PAC_TYPE_LOGON_NAME = 10,
+		PAC_TYPE_CONSTRAINED_DELEGATION = 11
+	} PAC_TYPE;
+
+	typedef [public,nodiscriminant,gensize] union {
+		[case(PAC_TYPE_LOGON_INFO)]	PAC_LOGON_INFO_CTR logon_info;
+		[case(PAC_TYPE_SRV_CHECKSUM)]	PAC_SIGNATURE_DATA srv_cksum;
+		[case(PAC_TYPE_KDC_CHECKSUM)]	PAC_SIGNATURE_DATA kdc_cksum;
+		[case(PAC_TYPE_LOGON_NAME)]	PAC_LOGON_NAME logon_name;
+	} PAC_INFO;
+
+	typedef [public,nopush,nopull,noprint] struct {
+		PAC_TYPE type;
+		[value(_ndr_size_PAC_INFO(info, type, 0))] uint32 _ndr_size;
+		[relative,switch_is(type),subcontext(0),subcontext_size(_subcontext_size_PAC_INFO(r, ndr->flags)),flag(NDR_ALIGN8)] PAC_INFO *info;
+		[value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
+	} PAC_BUFFER;
+
+	typedef [public] struct {
+		uint32 num_buffers;
+		uint32 version;
+		PAC_BUFFER buffers[num_buffers];
+	} PAC_DATA;
+
+	typedef struct {
+		[flag(NDR_REMAINING)] DATA_BLOB remaining;
+	} DATA_BLOB_REM;
+
+	typedef [public] struct {
+		PAC_TYPE type;
+		uint32 ndr_size;
+		[relative,subcontext(0),subcontext_size(NDR_ROUND(ndr_size,8)),flag(NDR_ALIGN8)] DATA_BLOB_REM *info;
+		[value(0)] uint32 _pad; /* Top half of a 64 bit pointer? */
+	} PAC_BUFFER_RAW;
+
+	typedef [public] struct {
+		uint32 num_buffers;
+		uint32 version;
+		PAC_BUFFER_RAW buffers[num_buffers];
+	} PAC_DATA_RAW;
+
+	void decode_pac(
+		[in] PAC_DATA pac
+		);
+
+	void decode_pac_raw(
+		[in] PAC_DATA_RAW pac
+		);
+
+	void decode_login_info(
+		[in] PAC_LOGON_INFO logon_info
+		);
+
+	/* used for samba3 netsamlogon cache */
+	typedef [public] struct {
+		time_t timestamp;
+		netr_SamInfo3 info3;
+	} netsamlogoncache_entry;
+}
diff --git a/source3/librpc/idl/libnet_join.idl b/source3/librpc/idl/libnet_join.idl
index 2741b7bd7b..65d17c9203 100644
--- a/source3/librpc/idl/libnet_join.idl
+++ b/source3/librpc/idl/libnet_join.idl
@@ -13,7 +13,7 @@ interface libnetjoin
 {
 	typedef bitmap wkssvc_joinflags wkssvc_joinflags;
 
-	[nopush,nopull] WERROR libnet_JoinCtx(
+	[nopush,nopull,noopnum] WERROR libnet_JoinCtx(
 		[in] string dc_name,
 		[in] string machine_name,
 		[in,ref] string *domain_name,
@@ -39,7 +39,7 @@ interface libnetjoin
 		[out] boolean8 domain_is_ad
 		);
 
-	[nopush,nopull] WERROR libnet_UnjoinCtx(
+	[nopush,nopull,noopnum] WERROR libnet_UnjoinCtx(
 		[in] string dc_name,
 		[in] string machine_name,
 		[in] string domain_name,
@@ -55,6 +55,8 @@ interface libnetjoin
 		[out] string netbios_domain_name,
 		[out] string dns_domain_name,
 		[out] boolean8 modified_config,
-		[out] string error_string
+		[out] string error_string,
+		[out] boolean8 disabled_machine_account,
+		[out] boolean8 deleted_machine_account
 		);
 }
diff --git a/source3/librpc/idl/lsa.idl b/source3/librpc/idl/lsa.idl
index 7daf648a63..ee8a2fe6b2 100644
--- a/source3/librpc/idl/lsa.idl
+++ b/source3/librpc/idl/lsa.idl
@@ -23,7 +23,7 @@ import "security.idl";
 
 	typedef [public] struct {
 		[value(2*strlen_m(string))] uint16 length;
-		[value(2*(strlen_m(string)+1))] uint16 size;
+		[value(2*strlen_m_term(string))] uint16 size;
 		[charset(UTF16),size_is(size/2),length_is(length/2)] uint16 *string;
 	} lsa_StringLarge;
 
@@ -35,9 +35,15 @@ import "security.idl";
 	typedef [public] struct {
 		[value(strlen_m(string))] uint16 length;
 		[value(strlen_m(string))] uint16 size;
-		ascstr_noterm *string;
+		[charset(DOS),size_is(size),length_is(length)] uint8 *string;
 	} lsa_AsciiString;
 
+	typedef [public] struct {
+		[value(strlen_m(string))] uint16 length;
+		[value(strlen_m_term(string))] uint16 size;
+		[charset(DOS),size_is(size),length_is(length)] uint8 *string;
+	} lsa_AsciiStringLarge;
+
 	/******************/
 	/* Function: 0x00 */
 	NTSTATUS lsa_Close (
@@ -47,7 +53,7 @@ import "security.idl";
 
 	/******************/
 	/* Function: 0x01 */
-	NTSTATUS lsa_Delete (
+	[public] NTSTATUS lsa_Delete (
 		[in]     policy_handle *handle
 		);
 
@@ -69,11 +75,11 @@ import "security.idl";
 		[size_is(count)] lsa_PrivEntry *privs;
 	} lsa_PrivArray;
 
-	NTSTATUS lsa_EnumPrivs (
+	[public] NTSTATUS lsa_EnumPrivs (
 		[in]     policy_handle *handle,
-		[in,out] uint32 *resume_handle,
-		[in]         uint32 max_count,
-		[out]    lsa_PrivArray *privs
+		[in,out,ref] uint32 *resume_handle,
+		[out,ref] lsa_PrivArray *privs,
+		[in]         uint32 max_count
 		);
 
 	/******************/
@@ -82,14 +88,17 @@ import "security.idl";
 	NTSTATUS lsa_QuerySecurity (
 		[in]     policy_handle *handle,
 		[in]         security_secinfo sec_info,
-		[out,unique]        sec_desc_buf *sdbuf
+		[out,ref]    sec_desc_buf **sdbuf
 		);
 
 
 	/******************/
 	/* Function: 0x04 */
-	NTSTATUS lsa_SetSecObj ();
-
+	NTSTATUS lsa_SetSecObj(
+		[in]		policy_handle *handle,
+		[in]		security_secinfo sec_info,
+		[in,ref]	sec_desc_buf *sdbuf
+		);
 
 	/******************/
 	/* Function: 0x05 */
@@ -114,12 +123,27 @@ import "security.idl";
 		lsa_QosInfo *sec_qos;
 	} lsa_ObjectAttribute;
 
+	typedef [public,bitmap32bit] bitmap {
+		LSA_POLICY_VIEW_LOCAL_INFORMATION	= 0x00000001,
+		LSA_POLICY_VIEW_AUDIT_INFORMATION	= 0x00000002,
+		LSA_POLICY_GET_PRIVATE_INFORMATION	= 0x00000004,
+		LSA_POLICY_TRUST_ADMIN			= 0x00000008,
+		LSA_POLICY_CREATE_ACCOUNT		= 0x00000010,
+		LSA_POLICY_CREATE_SECRET		= 0x00000020,
+		LSA_POLICY_CREATE_PRIVILEGE		= 0x00000040,
+		LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS	= 0x00000080,
+		LSA_POLICY_SET_AUDIT_REQUIREMENTS	= 0x00000100,
+		LSA_POLICY_AUDIT_LOG_ADMIN		= 0x00000200,
+		LSA_POLICY_SERVER_ADMIN			= 0x00000400,
+		LSA_POLICY_LOOKUP_NAMES			= 0x00000800
+	} lsa_PolicyAccessMask;
+
 	/* notice the screwup with the system_name - thats why MS created
 	   OpenPolicy2 */
-	NTSTATUS lsa_OpenPolicy (
+	[public] NTSTATUS lsa_OpenPolicy (
 		[in,unique]       uint16 *system_name,
 		[in]   lsa_ObjectAttribute *attr,
-		[in]       uint32 access_mask,
+		[in]   lsa_PolicyAccessMask access_mask,
 		[out]  policy_handle *handle
 		);
 	
@@ -138,9 +162,29 @@ import "security.idl";
 		uint32 unknown;
 	} lsa_AuditLogInfo;
 
+	typedef [v1_enum] enum {
+		LSA_AUDIT_POLICY_NONE=0,
+		LSA_AUDIT_POLICY_SUCCESS=1,
+		LSA_AUDIT_POLICY_FAILURE=2,
+		LSA_AUDIT_POLICY_ALL=(LSA_AUDIT_POLICY_SUCCESS|LSA_AUDIT_POLICY_FAILURE),
+		LSA_AUDIT_POLICY_CLEAR=4
+	} lsa_PolicyAuditPolicy;
+
+	typedef enum {
+		LSA_AUDIT_CATEGORY_SYSTEM = 0,
+		LSA_AUDIT_CATEGORY_LOGON = 1,
+		LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS = 2,
+		LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS = 3,
+		LSA_AUDIT_CATEGORY_PROCCESS_TRACKING = 4,
+		LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES = 5,
+		LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT = 6,
+		LSA_AUDIT_CATEGORY_DIRECTORY_SERVICE_ACCESS = 7,	/* only in win2k/2k3 */
+		LSA_AUDIT_CATEGORY_ACCOUNT_LOGON = 8			/* only in win2k/2k3 */
+	} lsa_PolicyAuditEventType;
+
 	typedef struct {
 		uint32 auditing_mode;
-		[size_is(count)] uint32 *settings;
+		[size_is(count)] lsa_PolicyAuditPolicy *settings;
 		uint32 count;
 	} lsa_AuditEventsInfo;
 
@@ -231,10 +275,10 @@ import "security.idl";
 		[case(LSA_POLICY_INFO_DNS)]              lsa_DnsDomainInfo      dns;
 	} lsa_PolicyInformation;
 
-	NTSTATUS lsa_QueryInfoPolicy (
+	NTSTATUS lsa_QueryInfoPolicy(
 		[in]                            policy_handle *handle,
 		[in]                            lsa_PolicyInfo level,
-		[out,unique,switch_is(level)]   lsa_PolicyInformation *info
+		[out,ref,switch_is(level)]      lsa_PolicyInformation **info
 		);
 
 	/******************/
@@ -251,9 +295,9 @@ import "security.idl";
 
 	/******************/
 	/* Function: 0x0a */
-	NTSTATUS lsa_CreateAccount (
+	[public] NTSTATUS lsa_CreateAccount (
 		[in]    policy_handle *handle,
-		[in]    dom_sid2 *sid,
+		[in,ref] dom_sid2 *sid,
 		[in]    uint32 access_mask,
 		[out]   policy_handle *acct_handle
 		);
@@ -272,18 +316,18 @@ import "security.idl";
 		[size_is(num_sids)] lsa_SidPtr *sids;
 	} lsa_SidArray;
 
-	NTSTATUS lsa_EnumAccounts (
+	[public] NTSTATUS lsa_EnumAccounts (
 		[in]         policy_handle *handle,
-		[in,out]     uint32 *resume_handle,
-		[in,range(0,8192)] uint32 num_entries,
-		[out]        lsa_SidArray *sids
+		[in,out,ref] uint32 *resume_handle,
+		[out,ref]    lsa_SidArray *sids,
+		[in,range(0,8192)] uint32 num_entries
 		);
 
 
 	/*************************************************/
 	/* Function: 0x0c                                */
 
-	NTSTATUS lsa_CreateTrustedDomain(
+	[public] NTSTATUS lsa_CreateTrustedDomain(
 		[in]         policy_handle *handle,
 		[in]         lsa_DomainInfo *info,
 		[in]         uint32 access_mask,
@@ -304,9 +348,9 @@ import "security.idl";
 
 	NTSTATUS lsa_EnumTrustDom (
 		[in]               policy_handle *handle,
-		[in,out]           uint32 *resume_handle,
-		[in,range(0,1000)] uint32 max_size,
-		[out]              lsa_DomainList *domains
+		[in,out,ref]       uint32 *resume_handle,
+		[out,ref]          lsa_DomainList *domains,
+		[in]               uint32 max_size
 		);
 
 
@@ -337,20 +381,39 @@ import "security.idl";
 	} lsa_TransSidArray;
 
 	const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
+	const int MAX_REF_DOMAINS = LSA_REF_DOMAIN_LIST_MULTIPLIER;
+
 	typedef struct {
 		[range(0,1000)] uint32 count;
 		[size_is(count)] lsa_DomainInfo *domains;
 		uint32 max_size;
 	} lsa_RefDomainList;
 
-	NTSTATUS lsa_LookupNames (
+	/* Level 1: Ask everywhere
+	 * Level 2: Ask domain and trusted domains, no builtin and wkn
+	 * Level 3: Only ask domain
+	 * Level 4: W2k3ad: Only ask AD trusts
+	 * Level 5: Only ask transitive forest trusts
+	 * Level 6: Like 4
+	 */
+
+	typedef enum {
+		LSA_LOOKUP_NAMES_ALL = 1,
+		LSA_LOOKUP_NAMES_DOMAINS_ONLY = 2,
+		LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3,
+		LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY = 4,
+		LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY = 5,
+		LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6
+	} lsa_LookupNamesLevel;
+
+	[public] NTSTATUS lsa_LookupNames (
 		[in]         policy_handle *handle,
 		[in,range(0,1000)] uint32 num_names,
 		[in,size_is(num_names)]  lsa_String names[],
-		[out,unique] lsa_RefDomainList *domains,
-		[in,out]     lsa_TransSidArray *sids,
-		[in]         uint16 level,
-		[in,out]     uint32 *count
+		[out,ref]    lsa_RefDomainList **domains,
+		[in,out,ref] lsa_TransSidArray *sids,
+		[in]         lsa_LookupNamesLevel level,
+		[in,out,ref] uint32 *count
 		);
 
 
@@ -368,18 +431,21 @@ import "security.idl";
 		[size_is(count)] lsa_TranslatedName *names;
 	} lsa_TransNameArray;
 
-	NTSTATUS lsa_LookupSids (
+	/* This number is based on Win2k and later maximum response allowed */
+	const int MAX_LOOKUP_SIDS = 0x5000; /* 20480 */
+
+	[public] NTSTATUS lsa_LookupSids (
 		[in]         policy_handle *handle,
-		[in]         lsa_SidArray *sids,
-		[out,unique]        lsa_RefDomainList *domains,
-		[in,out]     lsa_TransNameArray *names,
+		[in,ref]     lsa_SidArray *sids,
+		[out,ref]    lsa_RefDomainList **domains,
+		[in,out,ref] lsa_TransNameArray *names,
 		[in]         uint16 level,
-		[in,out] uint32 *count
+		[in,out,ref] uint32 *count
 		);
 
 
 	/* Function:        0x10 */
-	NTSTATUS lsa_CreateSecret(
+	[public] NTSTATUS lsa_CreateSecret(
 		[in]         policy_handle *handle,
 		[in]         lsa_String       name,
 		[in]         uint32         access_mask,
@@ -389,9 +455,9 @@ import "security.idl";
 
 	/*****************************************/
 	/* Function:     0x11                    */
-	NTSTATUS lsa_OpenAccount (
+	NTSTATUS lsa_OpenAccount(
 		[in]         policy_handle *handle,
-		[in]         dom_sid2 *sid,
+		[in,ref]     dom_sid2 *sid,
 		[in]         uint32 access_mask,
 		[out]        policy_handle *acct_handle
 		);
@@ -413,7 +479,7 @@ import "security.idl";
 	
 	NTSTATUS lsa_EnumPrivsAccount (
 		[in]         policy_handle *handle,
-		[out,unique] lsa_PrivilegeSet *privs
+		[out,ref] lsa_PrivilegeSet **privs
 		);
 
 
@@ -421,7 +487,7 @@ import "security.idl";
 	/* Function:            0x13 */
 	NTSTATUS lsa_AddPrivilegesToAccount(
 		[in]         policy_handle *handle,
-		[in]         lsa_PrivilegeSet *privs
+		[in,ref]     lsa_PrivilegeSet *privs
 		);
 	
 
@@ -440,9 +506,16 @@ import "security.idl";
 	NTSTATUS lsa_SetQuotasForAccount();
 	
 	/* Function:    0x17 */
-	NTSTATUS lsa_GetSystemAccessAccount();
+	NTSTATUS lsa_GetSystemAccessAccount(
+		[in]	policy_handle *handle,
+		[out,ref] uint32 *access_mask
+		);
+
 	/* Function:    0x18 */
-	NTSTATUS lsa_SetSystemAccessAccount();
+	NTSTATUS lsa_SetSystemAccessAccount(
+		[in]	policy_handle *handle,
+		[in]	uint32 access_mask
+		);
 
 	/* Function:        0x19 */
 	NTSTATUS lsa_OpenTrustedDomain(
@@ -559,7 +632,7 @@ import "security.idl";
 	NTSTATUS lsa_SetInformationTrustedDomain();
 
 	/* Function:          0x1c */
-	NTSTATUS lsa_OpenSecret(
+	[public] NTSTATUS lsa_OpenSecret(
 		[in]     policy_handle    *handle,
 		[in]         lsa_String        name,
 		[in]         uint32            access_mask,
@@ -568,7 +641,7 @@ import "security.idl";
 
 	/* Function:           0x1d */
 
-	NTSTATUS lsa_SetSecret(
+	[public] NTSTATUS lsa_SetSecret(
 		[in]     policy_handle    *sec_handle,
 		[in,unique]         lsa_DATA_BUF     *new_val,
 		[in,unique]         lsa_DATA_BUF     *old_val
@@ -579,7 +652,7 @@ import "security.idl";
 	} lsa_DATA_BUF_PTR;
 
 	/* Function:         0x1e */
-	NTSTATUS lsa_QuerySecret (
+	[public] NTSTATUS lsa_QuerySecret (
 		[in]     policy_handle     *sec_handle,
 		[in,out,unique]     lsa_DATA_BUF_PTR  *new_val,
 		[in,out,unique]     NTTIME_hyper      *new_mtime,
@@ -590,8 +663,8 @@ import "security.idl";
 	/* Function:     0x1f */
 	NTSTATUS lsa_LookupPrivValue(
 		[in]     policy_handle *handle,
-		[in]     lsa_String *name,
-		[out]    lsa_LUID *luid
+		[in,ref] lsa_String *name,
+		[out,ref] lsa_LUID *luid
 		);
 
 
@@ -606,19 +679,21 @@ import "security.idl";
 	/*******************/
 	/* Function:  0x21 */
 	NTSTATUS lsa_LookupPrivDisplayName (
-		[in]     policy_handle *handle,
-		[in]     lsa_String *name,
-		[out,unique]        lsa_StringLarge *disp_name,
+		[in] policy_handle *handle,
+		[in,ref] lsa_String *name,
+		[in] uint16 language_id,
+		[in] uint16 language_id_sys,
+		[out,ref] lsa_StringLarge **disp_name,
 		/* see http://www.microsoft.com/globaldev/nlsweb/ for
 		   language definitions */
-		[in,out] uint16 *language_id,
-		[in]         uint16 unknown
+		[out,ref] uint16 *returned_language_id
 		);
 
 	/* Function:        0x22 */
-	NTSTATUS lsa_DeleteObject();
+	NTSTATUS lsa_DeleteObject(
+		[in,out] policy_handle *handle
+		);
 
-	
 	/*******************/
 	/* Function:      0x23 */
 	NTSTATUS lsa_EnumAccountsWithUserRight (
@@ -633,14 +708,14 @@ import "security.idl";
 	} lsa_RightAttribute;
 	
 	typedef struct {
-		uint32 count;
+		[range(0,256)] uint32 count;
 		[size_is(count)] lsa_StringLarge *names;
 	} lsa_RightSet;
 	
 	NTSTATUS lsa_EnumAccountRights (
 		[in]     policy_handle *handle,
-		[in]     dom_sid2 *sid,
-		[out]    lsa_RightSet *rights
+		[in,ref] dom_sid2 *sid,
+		[out,ref] lsa_RightSet *rights
 		);
 
 
@@ -648,17 +723,17 @@ import "security.idl";
 	/* Function:       0x25 */
 	NTSTATUS lsa_AddAccountRights (
 		[in]     policy_handle *handle,
-		[in]     dom_sid2 *sid,
-		[in]     lsa_RightSet *rights
+		[in,ref] dom_sid2 *sid,
+		[in,ref] lsa_RightSet *rights
 		);
 	
 	/**********************/
 	/* Function:       0x26 */
 	NTSTATUS lsa_RemoveAccountRights (
 		[in]     policy_handle *handle,
-		[in]     dom_sid2 *sid,
-		[in]         uint32 unknown,
-		[in]     lsa_RightSet *rights
+		[in,ref] dom_sid2 *sid,
+		[in]     uint8 remove_all,
+		[in,ref] lsa_RightSet *rights
 		);
 
 	/* Function:   0x27 */
@@ -685,32 +760,28 @@ import "security.idl";
 
 	/**********************/
 	/* Function:     0x2c */
-	NTSTATUS lsa_OpenPolicy2 (
+	[public] NTSTATUS lsa_OpenPolicy2 (
 		[in,unique]      [string,charset(UTF16)] uint16 *system_name,
 		[in]  lsa_ObjectAttribute *attr,
-		[in]      uint32 access_mask,
+		[in]  lsa_PolicyAccessMask access_mask,
 		[out] policy_handle *handle
 		);
 
 	/**********************/
 	/* Function:     0x2d */
-	typedef struct {
-		lsa_String *string;
-	} lsa_StringPointer;
-
 	NTSTATUS lsa_GetUserName(
 		[in,unique] [string,charset(UTF16)] uint16 *system_name,
-		[in,out,unique] lsa_String *account_name,
-		[in,out,unique] lsa_StringPointer *authority_name
+		[in,out,ref] lsa_String **account_name,
+		[in,out,unique] lsa_String **authority_name
 		);
 
 	/**********************/
 	/* Function:          0x2e */
 
 	NTSTATUS lsa_QueryInfoPolicy2(
-		[in]                 policy_handle *handle,
-		[in]                     lsa_PolicyInfo level,
-		[out,unique,switch_is(level)]   lsa_PolicyInformation *info
+		[in]                         policy_handle *handle,
+		[in]                         lsa_PolicyInfo level,
+		[out,ref,switch_is(level)]   lsa_PolicyInformation **info
 		);
 
 	/* Function 0x2f */
@@ -723,10 +794,10 @@ import "security.idl";
 	/**********************/
 	/* Function 0x30 */
 	NTSTATUS lsa_QueryTrustedDomainInfoByName(
-		[in]                   policy_handle         *handle,
-		[in]                   lsa_String             trusted_domain,
-		[in]                   lsa_TrustDomInfoEnum   level, 
-		[out,unique,switch_is(level)] lsa_TrustedDomainInfo *info
+		[in]                   policy_handle          *handle,
+		[in,ref]               lsa_String             *trusted_domain,
+		[in]                   lsa_TrustDomInfoEnum   level,
+		[out,ref,switch_is(level)] lsa_TrustedDomainInfo *info
 		);
 
 	/**********************/
@@ -832,13 +903,13 @@ import "security.idl";
 		[size_is(count)] lsa_TranslatedName2 *names;
 	} lsa_TransNameArray2;
 
-	NTSTATUS lsa_LookupSids2(
+	[public] NTSTATUS lsa_LookupSids2(
 		[in]     policy_handle *handle,
-		[in]     lsa_SidArray *sids,
-		[out,unique]        lsa_RefDomainList *domains,
-		[in,out] lsa_TransNameArray2 *names,
+		[in,ref] lsa_SidArray *sids,
+		[out,ref]    lsa_RefDomainList **domains,
+		[in,out,ref] lsa_TransNameArray2 *names,
 		[in]         uint16 level,
-		[in,out] uint32 *count,
+		[in,out,ref] uint32 *count,
 		[in]         uint32 unknown1,
 		[in]         uint32 unknown2
 		);
@@ -858,14 +929,14 @@ import "security.idl";
 		[size_is(count)] lsa_TranslatedSid2 *sids;
 	} lsa_TransSidArray2;
 
-	NTSTATUS lsa_LookupNames2 (
+	[public] NTSTATUS lsa_LookupNames2 (
 		[in]     policy_handle *handle,
 		[in,range(0,1000)] uint32 num_names,
 		[in,size_is(num_names)]  lsa_String names[],
-		[out,unique]        lsa_RefDomainList *domains,
-		[in,out] lsa_TransSidArray2 *sids,
-		[in]         uint16 level,
-		[in,out] uint32 *count,
+		[out,ref]    lsa_RefDomainList **domains,
+		[in,out,ref] lsa_TransSidArray2 *sids,
+		[in]         lsa_LookupNamesLevel level,
+		[in,out,ref] uint32 *count,
 		[in]         uint32 unknown1,
 		[in]         uint32 unknown2
 		);
@@ -911,14 +982,14 @@ import "security.idl";
 		[size_is(count)] lsa_TranslatedSid3 *sids;
 	} lsa_TransSidArray3;
 
-	NTSTATUS lsa_LookupNames3 (
+	[public] NTSTATUS lsa_LookupNames3 (
 		[in]     policy_handle *handle,
 		[in,range(0,1000)] uint32 num_names,
 		[in,size_is(num_names)]  lsa_String names[],
-		[out,unique]        lsa_RefDomainList *domains,
-		[in,out] lsa_TransSidArray3 *sids,
-		[in]         uint16 level,
-		[in,out] uint32 *count,
+		[out,ref]    lsa_RefDomainList **domains,
+		[in,out,ref] lsa_TransSidArray3 *sids,
+		[in]         lsa_LookupNamesLevel level,
+		[in,out,ref] uint32 *count,
 		[in]         uint32 unknown1,
 		[in]         uint32 unknown2
 		);
@@ -936,7 +1007,49 @@ import "security.idl";
 	NTSTATUS lsa_LSARUNREGISTERAUDITEVENT();
 
 	/* Function 0x49 */
-	NTSTATUS lsa_LSARQUERYFORESTTRUSTINFORMATION();
+	typedef struct {
+		[range(0,131072)] uint32 length;
+		[size_is(length)] uint8 *data;
+	} lsa_ForestTrustBinaryData;
+
+	typedef struct {
+		dom_sid2 *domain_sid;
+		lsa_StringLarge dns_domain_name;
+		lsa_StringLarge netbios_domain_name;
+	} lsa_ForestTrustDomainInfo;
+
+	typedef [switch_type(uint32)] union {
+		[case(LSA_FOREST_TRUST_TOP_LEVEL_NAME)] lsa_String top_level_name;
+		[case(LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX)] lsa_StringLarge top_level_name_ex;
+		[case(LSA_FOREST_TRUST_DOMAIN_INFO)] lsa_ForestTrustDomainInfo domain_info;
+		[default] lsa_ForestTrustBinaryData data;
+	} lsa_ForestTrustData;
+
+	typedef [v1_enum] enum {
+		LSA_FOREST_TRUST_TOP_LEVEL_NAME = 0,
+		LSA_FOREST_TRUST_TOP_LEVEL_NAME_EX = 1,
+		LSA_FOREST_TRUST_DOMAIN_INFO = 2,
+		LSA_FOREST_TRUST_RECORD_TYPE_LAST = 3
+	} lsa_ForestTrustRecordType;
+
+	typedef struct {
+		uint32 flags;
+		lsa_ForestTrustRecordType level;
+		hyper unknown;
+		[switch_is(level)] lsa_ForestTrustData forest_trust_data;
+	} lsa_ForestTrustRecord;
+
+	typedef [public] struct {
+		[range(0,4000)] uint32 count;
+		[size_is(count)] lsa_ForestTrustRecord **entries;
+	} lsa_ForestTrustInformation;
+
+	NTSTATUS lsa_lsaRQueryForestTrustInformation(
+		[in] policy_handle *handle,
+		[in,ref] lsa_String *trusted_domain_name,
+		[in] uint16 unknown, /* level ? */
+		[out,ref] lsa_ForestTrustInformation **forest_trust_info
+		);
 
 	/* Function 0x4a */
 	NTSTATUS lsa_LSARSETFORESTTRUSTINFORMATION();
@@ -947,12 +1060,12 @@ import "security.idl";
 	/*****************/
 	/* Function 0x4c */
 
-	NTSTATUS lsa_LookupSids3(
-		[in]         lsa_SidArray *sids,
-		[out,unique] lsa_RefDomainList *domains,
-		[in,out]     lsa_TransNameArray2 *names,
+	[public] NTSTATUS lsa_LookupSids3(
+		[in,ref]     lsa_SidArray *sids,
+		[out,ref]    lsa_RefDomainList **domains,
+		[in,out,ref] lsa_TransNameArray2 *names,
 		[in]         uint16 level,
-		[in,out]     uint32 *count,
+		[in,out,ref] uint32 *count,
 		[in]         uint32 unknown1,
 		[in]         uint32 unknown2
 		);
@@ -961,10 +1074,10 @@ import "security.idl";
 	NTSTATUS lsa_LookupNames4(
 		[in,range(0,1000)] uint32 num_names,
 		[in,size_is(num_names)]  lsa_String names[],
-		[out,unique]        lsa_RefDomainList *domains,
-		[in,out] lsa_TransSidArray3 *sids,
-		[in]         uint16 level,
-		[in,out] uint32 *count,
+		[out,ref]    lsa_RefDomainList **domains,
+		[in,out,ref] lsa_TransSidArray3 *sids,
+		[in]         lsa_LookupNamesLevel level,
+		[in,out,ref] uint32 *count,
 		[in]         uint32 unknown1,
 		[in]         uint32 unknown2
 		);
diff --git a/source3/librpc/idl/misc.idl b/source3/librpc/idl/misc.idl
index ae098d09ac..132a81f138 100644
--- a/source3/librpc/idl/misc.idl
+++ b/source3/librpc/idl/misc.idl
@@ -45,8 +45,7 @@ interface misc
 	typedef [public,v1_enum] enum {
 		SAMR_REJECT_OTHER      = 0,
 		SAMR_REJECT_TOO_SHORT  = 1,
-		SAMR_REJECT_COMPLEXITY = 2
+		SAMR_REJECT_IN_HISTORY = 2,
+		SAMR_REJECT_COMPLEXITY = 5
 	} samr_RejectReason;
-
-
 }
diff --git a/source3/librpc/idl/netlogon.idl b/source3/librpc/idl/netlogon.idl
index 72feb2f9ed..5979701703 100644
--- a/source3/librpc/idl/netlogon.idl
+++ b/source3/librpc/idl/netlogon.idl
@@ -4,22 +4,21 @@
   who contributed!
 */
 
-#include "idl_types.h"
-
 import "lsa.idl", "samr.idl", "security.idl";
 
+#include "idl_types.h"
 
 [
   uuid("12345678-1234-abcd-ef00-01234567cffb"),
   version(1.0),
   endpoint("ncacn_np:[\\pipe\\netlogon]","ncacn_ip_tcp:","ncalrpc:"),
-  pointer_default(unique),
-  pointer_default_top(unique)
+  pointer_default(unique)
 ]
 
 interface netlogon
 {
 	typedef bitmap samr_AcctFlags samr_AcctFlags;
+	typedef bitmap samr_GroupAttrs samr_GroupAttrs;
 
 	/*****************/
 	/* Function 0x00 */
@@ -44,10 +43,10 @@ interface netlogon
 	} netr_UasInfo;
 
 	WERROR netr_LogonUasLogon(
-		[in]   [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
 		[in]   [string,charset(UTF16)] uint16 account_name[],
 		[in]   [string,charset(UTF16)] uint16 workstation[],
-		[out]  netr_UasInfo *info
+		[out,ref]  netr_UasInfo *info
 		);
 
 
@@ -60,7 +59,7 @@ interface netlogon
 	} netr_UasLogoffInfo;
 
 	WERROR netr_LogonUasLogoff(
-		[in] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
 		[in] [string,charset(UTF16)] uint16 account_name[],
 		[in] [string,charset(UTF16)] uint16 workstation[],
 		[out,ref] netr_UasLogoffInfo *info
@@ -87,13 +86,18 @@ interface netlogon
 		[size_is(size/2),length_is(length/2)] uint16 *bindata;
 	} netr_AcctLockStr;
 
-	const int MSV1_0_CLEARTEXT_PASSWORD_ALLOWED = 0x002;
-	const int MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT = 0x020;
-	const int MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT = 0x800;
+	typedef [public,bitmap32bit] bitmap {
+		MSV1_0_CLEARTEXT_PASSWORD_ALLOWED	= 0x00000002,
+		MSV1_0_UPDATE_LOGON_STATISTICS		= 0x00000004,
+		MSV1_0_RETURN_USER_PARAMETERS		= 0x00000008,
+		MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT	= 0x00000020,
+		MSV1_0_RETURN_PROFILE_PATH		= 0x00000200,
+		MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT	= 0x00000800
+	} netr_LogonParameterControl;
 
 	typedef struct {
 		lsa_String  domain_name;
-		uint32      parameter_control; /* see MSV1_0_* */
+		netr_LogonParameterControl parameter_control; /* see MSV1_0_* */
 		uint32      logon_id_low;
 		uint32      logon_id_high;
 		lsa_String  account_name;
@@ -127,11 +131,6 @@ interface netlogon
 		[case(6)] netr_NetworkInfo  *network;
 	} netr_LogonLevel;
 
-	typedef [public] struct {
-		uint32 rid;
-		uint32 attributes;
-	} netr_GroupMembership;
-
 	typedef [public,flag(NDR_PAHEX)] struct {
 		uint8 key[16];
 	} netr_UserSessionKey;
@@ -142,16 +141,17 @@ interface netlogon
 
 	/* Flags for user_flags below */
 	typedef [public,bitmap32bit] bitmap {
-		NETLOGON_GUEST			= 0x0001,
-		NETLOGON_NOENCRYPTION		= 0x0002,
-		NETLOGON_CACHED_ACCOUNT		= 0x0004,
-		NETLOGON_USED_LM_PASSWORD	= 0x0008,
-		NETLOGON_EXTRA_SIDS 		= 0x0020,
-		NETLOGON_SUBAUTH_SESSION_KEY	= 0x0040,
-		NETLOGON_SERVER_TRUST_ACCOUNT	= 0x0080,
-		NETLOGON_NTLMV2_ENABLED		= 0x0100,
-		NETLOGON_RESOURCE_GROUPS	= 0x0200,
-		NETLOGON_PROFILE_PATH_RETURNED	= 0x0400
+		NETLOGON_GUEST			= 0x00000001,
+		NETLOGON_NOENCRYPTION		= 0x00000002,
+		NETLOGON_CACHED_ACCOUNT		= 0x00000004,
+		NETLOGON_USED_LM_PASSWORD	= 0x00000008,
+		NETLOGON_EXTRA_SIDS 		= 0x00000020,
+		NETLOGON_SUBAUTH_SESSION_KEY	= 0x00000040,
+		NETLOGON_SERVER_TRUST_ACCOUNT	= 0x00000080,
+		NETLOGON_NTLMV2_ENABLED		= 0x00000100,
+		NETLOGON_RESOURCE_GROUPS	= 0x00000200,
+		NETLOGON_PROFILE_PATH_RETURNED	= 0x00000400,
+		NETLOGON_GRACE_LOGON		= 0x01000000
 	} netr_UserFlags;
 
 	typedef struct {
@@ -188,7 +188,7 @@ interface netlogon
 
 	typedef struct {
 		dom_sid2 *sid;
-		uint32 attribute;
+		samr_GroupAttrs attributes;
 	} netr_SidAttr;
 
 	typedef [public] struct {
@@ -240,12 +240,12 @@ interface netlogon
 	} netr_Authenticator;
 
 	NTSTATUS netr_LogonSamLogon(
-		[in] [string,charset(UTF16)] uint16 *server_name,
-		[in] [string,charset(UTF16)] uint16 *computer_name,
-		[in] netr_Authenticator *credential,
-		[in][out] netr_Authenticator *return_authenticator,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *computer_name,
+		[in,unique] netr_Authenticator *credential,
+		[in,out,unique] netr_Authenticator *return_authenticator,
 		[in]  uint16 logon_level,
-		[in]  [switch_is(logon_level)] netr_LogonLevel logon,
+		[in,ref]  [switch_is(logon_level)] netr_LogonLevel *logon,
 		[in]  uint16 validation_level,
 		[out,ref] [switch_is(validation_level)] netr_Validation *validation,
 		[out,ref] uint8 *authoritative
@@ -256,10 +256,10 @@ interface netlogon
 	/* Function 0x03 */
 
 	NTSTATUS netr_LogonSamLogoff(
-		[in] [string,charset(UTF16)] uint16 *server_name,
-		[in] [string,charset(UTF16)] uint16 *computer_name,
-		[in]      netr_Authenticator *credential,
-		[in][out] netr_Authenticator *return_authenticator,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *computer_name,
+		[in,unique] netr_Authenticator *credential,
+		[in,out,unique] netr_Authenticator *return_authenticator,
 		[in] uint16 logon_level,
 		[in] [switch_is(logon_level)] netr_LogonLevel logon
 		);
@@ -270,9 +270,10 @@ interface netlogon
 	/* Function 0x04 */
 
 	NTSTATUS netr_ServerReqChallenge(
-		[in,string,charset(UTF16)] uint16 *server_name,
+		[in,unique,string,charset(UTF16)] uint16 *server_name,
 		[in,string,charset(UTF16)] uint16 computer_name[],
-		[in,out,ref] netr_Credential *credentials
+		[in,ref] netr_Credential *credentials,
+		[out,ref] netr_Credential *return_credentials
 		);
 
 
@@ -282,11 +283,12 @@ interface netlogon
 	typedef enum netr_SchannelType netr_SchannelType;
 
 	NTSTATUS netr_ServerAuthenticate(
-		[in,string,charset(UTF16)] uint16 *server_name,
+		[in,unique,string,charset(UTF16)] uint16 *server_name,
 		[in,string,charset(UTF16)] uint16 account_name[],
 		[in]                       netr_SchannelType secure_channel_type,
 		[in,string,charset(UTF16)] uint16 computer_name[],
-		[in,out,ref] netr_Credential *credentials
+		[in,ref] netr_Credential *credentials,
+		[out,ref] netr_Credential *return_credentials
 		);
 
 
@@ -294,13 +296,13 @@ interface netlogon
 	/* Function 0x06 */
 
 	NTSTATUS netr_ServerPasswordSet(
-		[in]  [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
 		[in]  [string,charset(UTF16)] uint16 account_name[],
 		[in]  netr_SchannelType secure_channel_type,
 		[in]  [string,charset(UTF16)] uint16 computer_name[],
-		[in]  netr_Authenticator credential,
-		[in]  samr_Password new_password,
-		[out,ref] netr_Authenticator *return_authenticator
+		[in,ref]  netr_Authenticator *credential,
+		[out,ref] netr_Authenticator *return_authenticator,
+		[in,ref] samr_Password *new_password
 		);
 
 
@@ -330,10 +332,10 @@ interface netlogon
 
 	typedef struct {
 		uint16 nt_length;
-		uint16 nt_size;
+		[value(nt_length)] uint16 nt_size;
 		uint32 nt_flags;
 		uint16 lm_length;
-		uint16 lm_size;
+		[value(lm_length)] uint16 lm_size;
 		uint32 lm_flags;
 		uint8 nt_history[nt_length];
 		uint8 lm_history[lm_length];
@@ -342,10 +344,10 @@ interface netlogon
 	typedef struct {
 		netr_USER_KEY16 lmpassword;
 		netr_USER_KEY16 ntpassword;
-		netr_PasswordHistory lmhistory;
+		netr_PasswordHistory history;
 	} netr_USER_KEYS2;
 
-	typedef struct {
+	typedef struct { /* TODO: make this a union! */
 		netr_USER_KEYS2 keys2;
 	} netr_USER_KEY_UNION;
 
@@ -680,12 +682,12 @@ interface netlogon
 	NTSTATUS netr_DatabaseDeltas(
 		[in]      [string,charset(UTF16)] uint16 logon_server[],
 		[in]      [string,charset(UTF16)] uint16 computername[],
-		[in]      netr_Authenticator credential,
+		[in,ref]  netr_Authenticator *credential,
 		[in,out,ref]  netr_Authenticator *return_authenticator,
 		[in]      netr_SamDatabaseID database_id,
 		[in,out,ref]  udlong *sequence_num,
-		[in]      uint32 preferredmaximumlength,
-		[out]     netr_DELTA_ENUM_ARRAY *delta_enum_array
+		[out,ref]     netr_DELTA_ENUM_ARRAY **delta_enum_array,
+		[in]      uint32 preferredmaximumlength
 		);
 
 
@@ -700,7 +702,7 @@ interface netlogon
 		[in]     netr_SamDatabaseID database_id,
 		[in,out,ref] uint32 *sync_context,
 		[in]     uint32 preferredmaximumlength,
-		[out]    netr_DELTA_ENUM_ARRAY *delta_enum_array
+		[out,ref]    netr_DELTA_ENUM_ARRAY *delta_enum_array
 		);
 
 
@@ -720,7 +722,7 @@ interface netlogon
 	} netr_AccountBuffer;
 
 	NTSTATUS netr_AccountDeltas(
-		[in]     [string,charset(UTF16)] uint16 *logon_server,
+		[in,unique] [string,charset(UTF16)] uint16 *logon_server,
 		[in]     [string,charset(UTF16)] uint16 computername[],
 		[in]     netr_Authenticator credential,
 		[in,out,ref] netr_Authenticator *return_authenticator,
@@ -739,7 +741,7 @@ interface netlogon
 	/* Function 0x0A */
 
 	NTSTATUS netr_AccountSync(
-		[in]      [string,charset(UTF16)] uint16 *logon_server,
+		[in,unique] [string,charset(UTF16)] uint16 *logon_server,
 		[in]      [string,charset(UTF16)] uint16 computername[],
 		[in]      netr_Authenticator credential,
 		[in,out,ref]  netr_Authenticator *return_authenticator,
@@ -757,9 +759,9 @@ interface netlogon
 	/*****************/
 	/* Function 0x0B */
 
-	NTSTATUS netr_GetDcName(
+	WERROR netr_GetDcName(
 		[in]  [string,charset(UTF16)] uint16 logon_server[],
-		[in]  [string,charset(UTF16)] uint16 *domainname,
+		[in,unique] [string,charset(UTF16)] uint16 *domainname,
 		[out,ref] [string,charset(UTF16)] uint16 **dcname
 		);
 
@@ -796,6 +798,7 @@ interface netlogon
 
 	/* function_code values */
 	typedef [v1_enum] enum {
+		NETLOGON_CONTROL_SYNC             = 2,
 		NETLOGON_CONTROL_REDISCOVER       = 5,
 		NETLOGON_CONTROL_TC_QUERY         = 6,
 		NETLOGON_CONTROL_TRANSPORT_NOTIFY = 7,
@@ -803,7 +806,7 @@ interface netlogon
 	} netr_LogonControlCode;
 
 	WERROR netr_LogonControl(
-		[in]   [string,charset(UTF16)] uint16 *logon_server,
+		[in,unique] [string,charset(UTF16)] uint16 *logon_server,
 		[in]   netr_LogonControlCode function_code,
 		[in]   uint32 level,
 		[out,ref,switch_is(level)]  netr_CONTROL_QUERY_INFORMATION *info
@@ -814,8 +817,8 @@ interface netlogon
 	/* Function 0x0D */
 
 	WERROR netr_GetAnyDCName(
-		[in]  [string,charset(UTF16)] uint16 *logon_server,
-		[in]  [string,charset(UTF16)] uint16 *domainname,
+		[in,unique] [string,charset(UTF16)] uint16 *logon_server,
+		[in,unique] [string,charset(UTF16)] uint16 *domainname,
 		[out,ref] [string,charset(UTF16)] uint16 **dcname
 		);
 
@@ -831,10 +834,10 @@ interface netlogon
 	} netr_CONTROL_DATA_INFORMATION;
 
 	WERROR netr_LogonControl2(
-		[in]    [string,charset(UTF16)] uint16 *logon_server,
+		[in,unique] [string,charset(UTF16)] uint16 *logon_server,
 		[in]    uint32 function_code,
 		[in]    uint32 level,
-		[in][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION  data,
+		[in,ref][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION  *data,
 		[out,ref][switch_is(level)]        netr_CONTROL_QUERY_INFORMATION *query
 		);
 
@@ -850,11 +853,12 @@ interface netlogon
 	/* Function 0x0F */
 
 	NTSTATUS netr_ServerAuthenticate2(
-		[in]         [string,charset(UTF16)] uint16 *server_name,
+		[in,unique]  [string,charset(UTF16)] uint16 *server_name,
 		[in]         [string,charset(UTF16)] uint16 account_name[],
 		[in]         netr_SchannelType secure_channel_type,
 		[in]         [string,charset(UTF16)] uint16 computer_name[],
-		[in,out,ref] netr_Credential *credentials,
+		[in,ref]     netr_Credential *credentials,
+		[out,ref]    netr_Credential *return_credentials,
 		[in,out,ref] uint32 *negotiate_flags
 		);
 
@@ -865,13 +869,13 @@ interface netlogon
 	NTSTATUS netr_DatabaseSync2(
 		[in]     [string,charset(UTF16)] uint16 logon_server[],
 		[in]     [string,charset(UTF16)] uint16 computername[],
-		[in]     netr_Authenticator credential,
+		[in]     netr_Authenticator *credential,
 		[in,out,ref] netr_Authenticator *return_authenticator,
 		[in]     netr_SamDatabaseID database_id,
 		[in]     uint16 restart_state,
 		[in,out,ref] uint32 *sync_context,
-		[in]     uint32 preferredmaximumlength,
-		[out]    netr_DELTA_ENUM_ARRAY *delta_enum_array
+		[out,ref]    netr_DELTA_ENUM_ARRAY **delta_enum_array,
+		[in]     uint32 preferredmaximumlength
 		);
 
 
@@ -885,9 +889,9 @@ interface netlogon
 		[in]     [string,charset(UTF16)] uint16 computername[],
 		[in]     netr_Authenticator credential,
 		[in,out,ref] netr_Authenticator *return_authenticator,
-		[in][size_is(change_log_entry_size)] uint8 *change_log_entry,
+		[in,unique][size_is(change_log_entry_size)] uint8 *change_log_entry,
 		[in]     uint32 change_log_entry_size,
-		[out]    netr_DELTA_ENUM_ARRAY *delta_enum_array
+		[out,ref]    netr_DELTA_ENUM_ARRAY *delta_enum_array
 		);
 
 
@@ -895,38 +899,94 @@ interface netlogon
 	/* Function 0x12 */
 
 	WERROR netr_LogonControl2Ex(
-		[in]   [string,charset(UTF16)] uint16 *logon_server,
+		[in,unique] [string,charset(UTF16)] uint16 *logon_server,
 		[in]   uint32 function_code,
 		[in]   uint32 level,
 		[in][switch_is(function_code)] netr_CONTROL_DATA_INFORMATION  data,
-		[out,ref][switch_is(level)]        netr_CONTROL_QUERY_INFORMATION *query
+		[out,ref][switch_is(level)]	netr_CONTROL_QUERY_INFORMATION *query
 		);
 
 	/*****************/
 	/* Function 0x13 */
-	WERROR netr_NETRENUMERATETRUSTEDDOMAINS() ;
+	typedef struct {
+		uint32 length;
+		[size_is(length)] uint8 *data;
+	} netr_Blob;
+
+	WERROR netr_NetrEnumerateTrustedDomains(
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[out,ref] netr_Blob *trusted_domains_blob
+		);
 
 	/*****************/
-	/* Function 0x14 */		
+	/* Function 0x14 */
+
+	/* one unkown bit still: DS_IP_VERSION_AGNOSTIC - gd*/
+
+	typedef [bitmap32bit] bitmap {
+		DS_FORCE_REDISCOVERY		= 0x00000001,
+		DS_DIRECTORY_SERVICE_REQUIRED	= 0x00000010,
+		DS_DIRECTORY_SERVICE_PREFERRED	= 0x00000020,
+		DS_GC_SERVER_REQUIRED		= 0x00000040,
+		DS_PDC_REQUIRED			= 0x00000080,
+		DS_BACKGROUND_ONLY		= 0x00000100,
+		DS_IP_REQUIRED			= 0x00000200,
+		DS_KDC_REQUIRED			= 0x00000400,
+		DS_TIMESERV_REQUIRED		= 0x00000800,
+		DS_WRITABLE_REQUIRED		= 0x00001000,
+		DS_GOOD_TIMESERV_PREFERRED	= 0x00002000,
+		DS_AVOID_SELF			= 0x00004000,
+		DS_ONLY_LDAP_NEEDED		= 0x00008000,
+		DS_IS_FLAT_NAME			= 0x00010000,
+		DS_IS_DNS_NAME			= 0x00020000,
+		DS_TRY_NEXTCLOSEST_SITE		= 0x00040000,
+		DS_DIRECTORY_SERVICE_6_REQUIRED = 0x00080000,
+		DS_RETURN_DNS_NAME		= 0x40000000,
+		DS_RETURN_FLAT_NAME		= 0x80000000
+	} netr_DsRGetDCName_flags;
+
+	typedef [v1_enum] enum {
+		DS_ADDRESS_TYPE_INET		= 1,
+		DS_ADDRESS_TYPE_NETBIOS		= 2
+	} netr_DsRGetDCNameInfo_AddressType;
+
+	typedef [bitmap32bit] bitmap {
+		DS_SERVER_PDC			 = 0x00000001 /* NBT_SERVER_PDC */,
+		DS_SERVER_GC			 = 0x00000004 /* NBT_SERVER_GC */,
+		DS_SERVER_LDAP			 = 0x00000008 /* NBT_SERVER_LDAP */,
+		DS_SERVER_DS			 = 0x00000010 /* NBT_SERVER_DS */,
+		DS_SERVER_KDC			 = 0x00000020 /* NBT_SERVER_KDC */,
+		DS_SERVER_TIMESERV		 = 0x00000040 /* NBT_SERVER_TIMESERV */,
+		DS_SERVER_CLOSEST		 = 0x00000080 /* NBT_SERVER_CLOSEST */,
+		DS_SERVER_WRITABLE		 = 0x00000100 /* NBT_SERVER_WRITABLE */,
+		DS_SERVER_GOOD_TIMESERV		 = 0x00000200 /* NBT_SERVER_GOOD_TIMESERV */,
+		DS_SERVER_NDNC			 = 0x00000400,
+		DS_SERVER_SELECT_SECRET_DOMAIN_6 = 0x00000800,
+		DS_SERVER_FULL_SECRET_DOMAIN_6	 = 0x00001000,
+		DS_DNS_CONTROLLER		 = 0x20000000,
+		DS_DNS_DOMAIN			 = 0x40000000,
+		DS_DNS_FOREST			 = 0x80000000
+	} netr_DsR_DcFlags;
+
 	typedef struct {
 		[string,charset(UTF16)] uint16 *dc_unc;
 		[string,charset(UTF16)] uint16 *dc_address;
-		int32 dc_address_type;
+		netr_DsRGetDCNameInfo_AddressType dc_address_type;
 		GUID domain_guid;
 		[string,charset(UTF16)] uint16 *domain_name;
 		[string,charset(UTF16)] uint16 *forest_name;
-		uint32 dc_flags;
+		netr_DsR_DcFlags dc_flags;
 		[string,charset(UTF16)] uint16 *dc_site_name;
 		[string,charset(UTF16)] uint16 *client_site_name;
 	} netr_DsRGetDCNameInfo;
 
 	WERROR netr_DsRGetDCName(
-		[in] [string,charset(UTF16)] uint16 *server_unc,
-		[in] [string,charset(UTF16)] uint16 *domain_name,
-		[in] GUID *domain_guid,
-		[in] GUID *site_guid,
-		[in] uint32 flags,
-		[out] netr_DsRGetDCNameInfo *info
+		[in,unique] [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique] [string,charset(UTF16)] uint16 *domain_name,
+		[in,unique] GUID *domain_guid,
+		[in,unique] GUID *site_guid,
+		[in] netr_DsRGetDCName_flags flags,
+		[out,ref] netr_DsRGetDCNameInfo **info
 		);
 
 	/*****************/
@@ -939,7 +999,11 @@ interface netlogon
 
 	/****************/
 	/* Function 0x17 */
-	WERROR netr_NETRLOGONGETTRUSTRID();
+	WERROR netr_LogonGetTrustRid(
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *domain_name,
+		[out,ref] uint32 *rid
+	);
 
 	/****************/
 	/* Function 0x18 */
@@ -952,7 +1016,7 @@ interface netlogon
 	/****************/
 	/* Function 0x1a */
 	NTSTATUS netr_ServerAuthenticate3(
-		[in]         [string,charset(UTF16)] uint16 *server_name,
+		[in,unique]  [string,charset(UTF16)] uint16 *server_name,
 		[in]         [string,charset(UTF16)] uint16 account_name[],
 		[in]         netr_SchannelType secure_channel_type,
 		[in]         [string,charset(UTF16)] uint16 computer_name[],
@@ -965,29 +1029,24 @@ interface netlogon
 	/* Function 0x1b */
 
 	WERROR netr_DsRGetDCNameEx(
-		[in] [string,charset(UTF16)] uint16 *server_unc,
-		[in] [string,charset(UTF16)] uint16 *domain_name,
-		[in] GUID *domain_guid,
-		[in] [string,charset(UTF16)] uint16 *site_name,
-		[in] uint32 flags,
-		[out] netr_DsRGetDCNameInfo *info
+		[in,unique] [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique] [string,charset(UTF16)] uint16 *domain_name,
+		[in,unique] GUID *domain_guid,
+		[in,unique] [string,charset(UTF16)] uint16 *site_name,
+		[in] netr_DsRGetDCName_flags flags,
+		[out,ref] netr_DsRGetDCNameInfo **info
 		);
 
 	/****************/
 	/* Function 0x1c */
 	WERROR netr_DsRGetSiteName(
-		[in] [string,charset(UTF16)] uint16 *computer_name,
+		[in,unique] [string,charset(UTF16)] uint16 *computer_name,
 		[out,ref] [string,charset(UTF16)] uint16 **site
 		);
 
 	/****************/
 	/* Function 0x1d */
 
-	typedef struct {
-		uint32 length;
-		[size_is(length)] uint8 *data;
-	} netr_Blob;
-
 	typedef [flag(NDR_PAHEX)] struct {
 		uint16 length;
 		uint16 size;
@@ -1038,7 +1097,7 @@ interface netlogon
 	
 	NTSTATUS netr_LogonGetDomainInfo(
 		[in]         [string,charset(UTF16)] uint16 server_name[],
-		[in]         [string,charset(UTF16)] uint16 *computer_name,
+		[in,unique]  [string,charset(UTF16)] uint16 *computer_name,
 		[in,ref]     netr_Authenticator *credential,
 		[in,out,ref] netr_Authenticator *return_authenticator,
 		[in]	     uint32 level,
@@ -1054,7 +1113,7 @@ interface netlogon
 	/*****************/
 	/* Function 0x1e */
 	NTSTATUS netr_ServerPasswordSet2(
-		[in]  [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
 		[in]  [string,charset(UTF16)] uint16 account_name[],
 		[in]  netr_SchannelType secure_channel_type,
 		[in]  [string,charset(UTF16)] uint16 computer_name[],
@@ -1065,7 +1124,15 @@ interface netlogon
 
 	/****************/
 	/* Function 0x1f */
-	WERROR netr_NETRSERVERPASSWORDGET();
+	WERROR netr_ServerPasswordGet(
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in]  [string,charset(UTF16)] uint16 account_name[],
+		[in]  netr_SchannelType secure_channel_type,
+		[in]  [string,charset(UTF16)] uint16 computer_name[],
+		[in,ref] netr_Authenticator *credential,
+		[out,ref] netr_Authenticator *return_authenticator,
+		[out,ref] samr_Password *password
+		);
 
 	/****************/
 	/* Function 0x20 */
@@ -1073,19 +1140,34 @@ interface netlogon
 
 	/****************/
 	/* Function 0x21 */
-	WERROR netr_DSRADDRESSTOSITENAMESW();
+	typedef struct {
+		uint32 count;
+		[size_is(count)] lsa_String *sitename;
+	} netr_DsRAddressToSitenamesWCtr;
+
+	typedef struct {
+		[size_is(size)] uint8 *buffer;
+		uint32 size;
+	} netr_DsRAddress;
+
+	WERROR netr_DsRAddressToSitenamesW(
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in] [range(0,32000)] uint32 count,
+		[in] [size_is(count)] [ref] netr_DsRAddress *addresses,
+		[out] [ref] netr_DsRAddressToSitenamesWCtr **ctr
+		);
 
 	/****************/
 	/* Function 0x22 */
 	WERROR netr_DsRGetDCNameEx2(
-		[in] [string,charset(UTF16)] uint16 *server_unc,
-		[in] [string,charset(UTF16)] uint16 *client_account,
-		[in] uint32 mask,
-		[in] [string,charset(UTF16)] uint16 *domain_name,
-		[in] GUID *domain_guid,
-		[in] [string,charset(UTF16)] uint16 *site_name,
-		[in] uint32 flags,
-		[out] netr_DsRGetDCNameInfo *info
+		[in,unique] [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique] [string,charset(UTF16)] uint16 *client_account,
+		[in] samr_AcctFlags mask,
+		[in,unique] [string,charset(UTF16)] uint16 *domain_name,
+		[in,unique] GUID *domain_guid,
+		[in,unique] [string,charset(UTF16)] uint16 *site_name,
+		[in] netr_DsRGetDCName_flags flags,
+		[out,ref] netr_DsRGetDCNameInfo **info
 		);
 
 	/****************/
@@ -1094,32 +1176,6 @@ interface netlogon
 
 	/****************/
 	/* Function 0x24 */
-	WERROR netr_NETRENUMERATETRUSTEDDOMAINSEX();
-
-	/****************/
-	/* Function 0x25 */
-	WERROR netr_DSRADDRESSTOSITENAMESEXW();
-
-	/****************/
-	/* Function 0x26 */
-	WERROR netr_DSRGETDCSITECOVERAGEW();
-
-	/****************/
-	/* Function 0x27 */
-	NTSTATUS netr_LogonSamLogonEx(
-		[in] [string,charset(UTF16)] uint16 *server_name,
-		[in] [string,charset(UTF16)] uint16 *computer_name,
-		[in]  uint16 logon_level,
-		[in]  [switch_is(logon_level)] netr_LogonLevel logon,
-		[in]  uint16 validation_level,
-		[out,ref] [switch_is(validation_level)] netr_Validation *validation,
-		[out,ref] uint8 *authoritative,
-		[in,out,ref] uint32 *flags
-		);
-
-	/****************/
-	/* Function 0x28 */
-
 	typedef [bitmap32bit] bitmap {
 		NETR_TRUST_FLAG_IN_FOREST = 0x00000001,
 		NETR_TRUST_FLAG_OUTBOUND  = 0x00000002,
@@ -1157,39 +1213,122 @@ interface netlogon
 		GUID			guid;
 	} netr_DomainTrust;
 
+        typedef struct {
+                uint32 count;
+                [size_is(count)] netr_DomainTrust *array;
+        } netr_DomainTrustList;
+
+	WERROR netr_NetrEnumerateTrustedDomainsEx(
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[out,ref] netr_DomainTrustList *dom_trust_list
+	);
+
+	/****************/
+	/* Function 0x25 */
+	typedef struct {
+		uint32 count;
+		[size_is(count)] lsa_String *sitename;
+		[size_is(count)] lsa_String *subnetname;
+	} netr_DsRAddressToSitenamesExWCtr;
+
+	WERROR netr_DsRAddressToSitenamesExW(
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in] [range(0,32000)] uint32 count,
+		[in] [size_is(count)] [ref] netr_DsRAddress *addresses,
+		[out] [ref] netr_DsRAddressToSitenamesExWCtr **ctr
+		);
+
+	/****************/
+	/* Function 0x26 */
+
+	typedef struct {
+		uint32 num_sites;
+		[size_is(num_sites)] [unique] lsa_String *sites;
+	} DcSitesCtr;
+
+	WERROR netr_DsrGetDcSiteCoverageW(
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[out,ref] DcSitesCtr *ctr
+		);
+
+	/****************/
+	/* Function 0x27 */
+	NTSTATUS netr_LogonSamLogonEx(
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *computer_name,
+		[in]  uint16 logon_level,
+		[in,ref]  [switch_is(logon_level)] netr_LogonLevel *logon,
+		[in]  uint16 validation_level,
+		[out,ref] [switch_is(validation_level)] netr_Validation *validation,
+		[out,ref] uint8 *authoritative,
+		[in,out,ref] uint32 *flags
+		);
+
+	/****************/
+	/* Function 0x28 */
+
 	WERROR netr_DsrEnumerateDomainTrusts(
-		[in]                 [string,charset(UTF16)] uint16           *server_name,
+		[in,unique]          [string,charset(UTF16)] uint16           *server_name,
 		[in]                 netr_TrustFlags  trust_flags,
-		[out,ref]                uint32           *count,
-		[out,ref,size_is(count)] netr_DomainTrust **trusts
+		[out,ref]            netr_DomainTrustList *trusts
 		);
 
 
 	/****************/
 	/* Function 0x29 */
-	WERROR netr_DSRDEREGISTERDNSHOSTRECORDS();
+	WERROR netr_DsrDeregisterDNSHostRecords(
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *domain,
+		[in,unique] GUID *domain_guid,
+		[in,unique] GUID *dsa_guid,
+		[in,ref] [string,charset(UTF16)] uint16 *dns_host
+		);
 
 	/****************/
 	/* Function 0x2a */
-	WERROR netr_NETRSERVERTRUSTPASSWORDSGET();
+	NTSTATUS netr_ServerTrustPasswordsGet(
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in]  [string,charset(UTF16)] uint16 account_name[],
+		[in]  netr_SchannelType secure_channel_type,
+		[in]  [string,charset(UTF16)] uint16 computer_name[],
+		[in,ref] netr_Authenticator *credential,
+		[out,ref] netr_Authenticator *return_authenticator,
+		[out,ref] samr_Password *password,
+		[out,ref] samr_Password *password2
+	);
 
 	/****************/
 	/* Function 0x2b */
-	WERROR netr_DSRGETFORESTTRUSTINFORMATION();
+
+	const int DS_GFTI_UPDATE_TDO = 0x1;
+
+	WERROR netr_DsRGetForestTrustInformation(
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *trusted_domain_name,
+		[in] uint32 flags,
+		[out,ref] lsa_ForestTrustInformation **forest_trust_info
+		);
 
 	/****************/
 	/* Function 0x2c */
-	WERROR netr_NETRGETFORESTTRUSTINFORMATION();
+	WERROR netr_GetForestTrustInformation(
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in,ref] [string,charset(UTF16)] uint16 *trusted_domain_name,
+		[in,ref] netr_Authenticator *credential,
+		[out,ref] netr_Authenticator *return_authenticator,
+		[in] uint32 flags,
+		[out,ref] lsa_ForestTrustInformation **forest_trust_info
+		);
 
 	/****************/
 	/* Function 0x2d */
 
 	/* this is the ADS varient. I don't yet know what the "flags" are for */
 	NTSTATUS netr_LogonSamLogonWithFlags(
-		[in] [string,charset(UTF16)] uint16 *server_name,
-		[in] [string,charset(UTF16)] uint16 *computer_name,
-		[in] netr_Authenticator *credential,
-		[in][out] netr_Authenticator *return_authenticator,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *computer_name,
+		[in,unique] netr_Authenticator *credential,
+		[in,out,unique] netr_Authenticator *return_authenticator,
 		[in]  uint16 logon_level,
 		[in]  [switch_is(logon_level)] netr_LogonLevel logon,
 		[in]  uint16 validation_level,
diff --git a/source3/librpc/idl/ntsvcs.idl b/source3/librpc/idl/ntsvcs.idl
index 05ba68e727..af0c7032da 100644
--- a/source3/librpc/idl/ntsvcs.idl
+++ b/source3/librpc/idl/ntsvcs.idl
@@ -9,69 +9,358 @@
 ]
 interface ntsvcs
 {
-	void PNP_Disconnect();
-	void PNP_Connect();
-	void PNP_GetVersion();
-	void PNP_GetGlobalState();
-	void PNP_InitDetection();
-	void PNP_ReportLogOn();
-	void PNP_ValidateDeviceInstance();
-	void PNP_GetRootDeviceInstance();
-	void PNP_GetRelatedDeviceInstance();
-	void PNP_EnumerateSubKeys();
-	void PNP_GetDeviceList();
-	void PNP_GetDeviceListSize();
-	void PNP_GetDepth();
-	void PNP_GetDeviceRegProp();
-	void PNP_SetDeviceRegProp();
-	void PNP_GetClassInstance();
-	void PNP_CreateKey();
-	void PNP_DeleteRegistryKey();
-	void PNP_GetClassCount();
-	void PNP_GetClassName();
-	void PNP_DeleteClassKey();
-	void PNP_GetInterfaceDeviceAlias();
-	void PNP_GetInterfaceDeviceList();
-	void PNP_GetInterfaceDeviceListSize();
-	void PNP_RegisterDeviceClassAssociation();
-	void PNP_UnregisterDeviceClassAssociation();
-	void PNP_GetClassRegProp();
-	void PNP_SetClassRegProp();
-	void PNP_CreateDevInst();
-	void PNP_DeviceInstanceAction();
-	void PNP_GetDeviceStatus();
-	void PNP_SetDeviceProblem();
-	void PNP_DisableDevInst();
-	void PNP_UninstallDevInst();
-	void PNP_AddID();
-	void PNP_RegisterDriver();
-	void PNP_QueryRemove();
-	void PNP_RequestDeviceEject();
-	void PNP_IsDockStationPresent();
-	void PNP_RequestEjectPC();
-	void PNP_HwProfFlags();
-	void PNP_GetHwProfInfo();
-	void PNP_AddEmptyLogConf();
-	void PNP_FreeLogConf();
-	void PNP_GetFirstLogConf();
-	void PNP_GetNextLogConf();
-	void PNP_GetLogConfPriority();
-	void PNP_AddResDes();
-	void PNP_FreeResDes();
-	void PNP_GetNextResDes();
-	void PNP_GetResDesData();
-	void PNP_GetResDesDataSize();
-	void PNP_ModifyResDes();
-	void PNP_DetectResourceLimit();
-	void PNP_QueryResConfList();
-	void PNP_SetHwProf();
-	void PNP_QueryArbitratorFreeData();
-	void PNP_QueryArbitratorFreeSize();
-	void PNP_RunDetection();
-	void PNP_RegisterNotification();
-	void PNP_UnregisterNotification();
-	void PNP_GetCustomDevProp();
-	void PNP_GetVersionInternal();
-	void PNP_GetBlockedDriverInfo();
-	void PNP_GetServerSideDeviceInstallFlags();
+	/******************/
+	/* Function: 0x00 */
+
+	WERROR PNP_Disconnect();
+
+	/******************/
+	/* Function: 0x01 */
+
+	WERROR PNP_Connect();
+
+	/******************/
+	/* Function: 0x02 */
+
+	WERROR PNP_GetVersion(
+		[out,ref] uint16 *version
+		);
+
+	/******************/
+	/* Function: 0x03 */
+
+	WERROR PNP_GetGlobalState();
+
+	/******************/
+	/* Function: 0x04 */
+
+	WERROR PNP_InitDetection();
+
+	/******************/
+	/* Function: 0x05 */
+
+	WERROR PNP_ReportLogOn();
+
+	/******************/
+	/* Function: 0x06 */
+
+	WERROR PNP_ValidateDeviceInstance(
+		[in,ref] [string,charset(UTF16)] uint16 *devicepath,
+		[in] uint32 flags
+		);
+
+	/******************/
+	/* Function: 0x07 */
+
+	WERROR PNP_GetRootDeviceInstance();
+
+	/******************/
+	/* Function: 0x08 */
+
+	WERROR PNP_GetRelatedDeviceInstance();
+
+	/******************/
+	/* Function: 0x09 */
+
+	WERROR PNP_EnumerateSubKeys();
+
+	/******************/
+	/* Function: 0x0a */
+
+	WERROR PNP_GetDeviceList();
+
+	/******************/
+	/* Function: 0x0b */
+
+	WERROR PNP_GetDeviceListSize(
+		[in,unique] [string,charset(UTF16)] uint16 *devicename,
+		[out,ref] uint32 *size,
+		[in] uint32 flags
+		);
+
+	/******************/
+	/* Function: 0x0c */
+
+	WERROR PNP_GetDepth();
+
+	/******************/
+	/* Function: 0x0d */
+
+	WERROR PNP_GetDeviceRegProp();
+
+	/******************/
+	/* Function: 0x0e */
+
+	WERROR PNP_SetDeviceRegProp();
+
+	/******************/
+	/* Function: 0x0f */
+
+	WERROR PNP_GetClassInstance();
+
+	/******************/
+	/* Function: 0x10 */
+
+	WERROR PNP_CreateKey();
+
+	/******************/
+	/* Function: 0x11 */
+
+	WERROR PNP_DeleteRegistryKey();
+
+	/******************/
+	/* Function: 0x12 */
+
+	WERROR PNP_GetClassCount();
+
+	/******************/
+	/* Function: 0x13 */
+
+	WERROR PNP_GetClassName();
+
+	/******************/
+	/* Function: 0x14 */
+
+	WERROR PNP_DeleteClassKey();
+
+	/******************/
+	/* Function: 0x15 */
+
+	WERROR PNP_GetInterfaceDeviceAlias();
+
+	/******************/
+	/* Function: 0x16 */
+
+	WERROR PNP_GetInterfaceDeviceList();
+
+	/******************/
+	/* Function: 0x17 */
+
+	WERROR PNP_GetInterfaceDeviceListSize();
+
+	/******************/
+	/* Function: 0x18 */
+
+	WERROR PNP_RegisterDeviceClassAssociation();
+
+	/******************/
+	/* Function: 0x19 */
+
+	WERROR PNP_UnregisterDeviceClassAssociation();
+
+	/******************/
+	/* Function: 0x1a */
+
+	WERROR PNP_GetClassRegProp();
+
+	/******************/
+	/* Function: 0x1b */
+
+	WERROR PNP_SetClassRegProp();
+
+	/******************/
+	/* Function: 0x1c */
+
+	WERROR PNP_CreateDevInst();
+
+	/******************/
+	/* Function: 0x1d */
+
+	WERROR PNP_DeviceInstanceAction();
+
+	/******************/
+	/* Function: 0x1e */
+
+	WERROR PNP_GetDeviceStatus();
+
+	/******************/
+	/* Function: 0x1f */
+
+	WERROR PNP_SetDeviceProblem();
+
+	/******************/
+	/* Function: 0x20 */
+
+	WERROR PNP_DisableDevInst();
+
+	/******************/
+	/* Function: 0x21 */
+
+	WERROR PNP_UninstallDevInst();
+
+	/******************/
+	/* Function: 0x22 */
+
+	WERROR PNP_AddID();
+
+	/******************/
+	/* Function: 0x23 */
+
+	WERROR PNP_RegisterDriver();
+
+	/******************/
+	/* Function: 0x24 */
+
+	WERROR PNP_QueryRemove();
+
+	/******************/
+	/* Function: 0x25 */
+
+	WERROR PNP_RequestDeviceEject();
+
+	/******************/
+	/* Function: 0x26 */
+
+	WERROR PNP_IsDockStationPresent();
+
+	/******************/
+	/* Function: 0x27 */
+
+	WERROR PNP_RequestEjectPC();
+
+	/******************/
+	/* Function: 0x28 */
+
+	WERROR PNP_HwProfFlags(
+		[in] uint32 unknown1,
+		[in,ref] [string,charset(UTF16)] uint16 *devicepath,
+		[in] uint32 unknown2,
+		[in,out,ref] uint32 *unknown3,
+		[in,out,unique] uint16 *unknown4,
+		[in,unique] [string,charset(UTF16)] uint16 *unknown5,
+		[out,unique] [string,charset(UTF16)] uint16 **unknown5a,
+		[in] uint32 unknown6,
+		[in] uint32 unknown7
+		);
+
+	/******************/
+	/* Function: 0x29 */
+
+	typedef struct {
+		uint32 unknown1;
+		uint16 unknown2[160];
+		uint32 unknown3;
+	} PNP_HwProfInfo;
+
+	WERROR PNP_GetHwProfInfo(
+		[in] uint32 idx,
+		[in,out,ref] PNP_HwProfInfo *info,
+		[in] uint32 unknown1,
+		[in] uint32 unknown2
+		);
+
+	/******************/
+	/* Function: 0x2a */
+
+	WERROR PNP_AddEmptyLogConf();
+
+	/******************/
+	/* Function: 0x2b */
+
+	WERROR PNP_FreeLogConf();
+
+	/******************/
+	/* Function: 0x2c */
+
+	WERROR PNP_GetFirstLogConf();
+
+	/******************/
+	/* Function: 0x2d */
+
+	WERROR PNP_GetNextLogConf();
+
+	/******************/
+	/* Function: 0x2e */
+
+	WERROR PNP_GetLogConfPriority();
+
+	/******************/
+	/* Function: 0x2f */
+
+	WERROR PNP_AddResDes();
+
+	/******************/
+	/* Function: 0x30 */
+
+	WERROR PNP_FreeResDes();
+
+	/******************/
+	/* Function: 0x31 */
+
+	WERROR PNP_GetNextResDes();
+
+	/******************/
+	/* Function: 0x32 */
+
+	WERROR PNP_GetResDesData();
+
+	/******************/
+	/* Function: 0x33 */
+
+	WERROR PNP_GetResDesDataSize();
+
+	/******************/
+	/* Function: 0x34 */
+
+	WERROR PNP_ModifyResDes();
+
+	/******************/
+	/* Function: 0x35 */
+
+	WERROR PNP_DetectResourceLimit();
+
+	/******************/
+	/* Function: 0x36 */
+
+	WERROR PNP_QueryResConfList();
+
+	/******************/
+	/* Function: 0x37 */
+
+	WERROR PNP_SetHwProf();
+
+	/******************/
+	/* Function: 0x38 */
+
+	WERROR PNP_QueryArbitratorFreeData();
+
+	/******************/
+	/* Function: 0x39 */
+
+	WERROR PNP_QueryArbitratorFreeSize();
+
+	/******************/
+	/* Function: 0x3a */
+
+	WERROR PNP_RunDetection();
+
+	/******************/
+	/* Function: 0x3b */
+
+	WERROR PNP_RegisterNotification();
+
+	/******************/
+	/* Function: 0x3c */
+
+	WERROR PNP_UnregisterNotification();
+
+	/******************/
+	/* Function: 0x3d */
+
+	WERROR PNP_GetCustomDevProp();
+
+	/******************/
+	/* Function: 0x3e */
+
+	WERROR PNP_GetVersionInternal();
+
+	/******************/
+	/* Function: 0x3f */
+
+	WERROR PNP_GetBlockedDriverInfo();
+
+	/******************/
+	/* Function: 0x40 */
+
+	WERROR PNP_GetServerSideDeviceInstallFlags();
 }
diff --git a/source3/librpc/idl/samr.idl b/source3/librpc/idl/samr.idl
index afeca3edd6..c2449d3088 100644
--- a/source3/librpc/idl/samr.idl
+++ b/source3/librpc/idl/samr.idl
@@ -3,6 +3,7 @@
 /*
   samr interface definition
 */
+import "misc.idl", "lsa.idl", "security.idl";
 
 /*
   Thanks to Todd Sabin for some information from his samr.idl in acltools
@@ -11,9 +12,7 @@
 [ uuid("12345778-1234-abcd-ef00-0123456789ac"),
   version(1.0),
   endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"),
-  pointer_default(unique),
-  pointer_default_top(unique),
-  depends(misc,lsa,security)
+  pointer_default(unique)
 ] interface samr
 {
 	typedef bitmap security_secinfo security_secinfo;
@@ -41,19 +40,72 @@
 		ACB_NO_AUTH_DATA_REQD		= 0x00080000   /* 1 = No authorization data required */
 	} samr_AcctFlags;
 
+	typedef [bitmap32bit] bitmap {
+		SAMR_ACCESS_CONNECT_TO_SERVER   = 0x00000001,
+		SAMR_ACCESS_SHUTDOWN_SERVER     = 0x00000002,
+		SAMR_ACCESS_INITIALIZE_SERVER   = 0x00000004,
+		SAMR_ACCESS_CREATE_DOMAIN       = 0x00000008,
+		SAMR_ACCESS_ENUM_DOMAINS        = 0x00000010,
+		SAMR_ACCESS_OPEN_DOMAIN         = 0x00000020
+	} samr_ConnectAccessMask;
+
+	typedef [bitmap32bit] bitmap {
+		SAMR_USER_ACCESS_GET_NAME_ETC             = 0x00000001,
+		SAMR_USER_ACCESS_GET_LOCALE               = 0x00000002,
+		SAMR_USER_ACCESS_SET_LOC_COM              = 0x00000004,
+		SAMR_USER_ACCESS_GET_LOGONINFO            = 0x00000008,
+		SAMR_USER_ACCESS_GET_ATTRIBUTES           = 0x00000010,
+		SAMR_USER_ACCESS_SET_ATTRIBUTES           = 0x00000020,
+		SAMR_USER_ACCESS_CHANGE_PASSWORD          = 0x00000040,
+		SAMR_USER_ACCESS_SET_PASSWORD             = 0x00000080,
+		SAMR_USER_ACCESS_GET_GROUPS               = 0x00000100,
+		SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP     = 0x00000200,
+		SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP  = 0x00000400
+	} samr_UserAccessMask;
+
+	typedef [bitmap32bit] bitmap {
+		SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1  = 0x00000001,
+		SAMR_DOMAIN_ACCESS_SET_INFO_1     = 0x00000002,
+		SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2  = 0x00000004,
+		SAMR_DOMAIN_ACCESS_SET_INFO_2     = 0x00000008,
+		SAMR_DOMAIN_ACCESS_CREATE_USER    = 0x00000010,
+		SAMR_DOMAIN_ACCESS_CREATE_GROUP   = 0x00000020,
+		SAMR_DOMAIN_ACCESS_CREATE_ALIAS   = 0x00000040,
+		SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS   = 0x00000080,
+		SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS  = 0x00000100,
+		SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT   = 0x00000200,
+		SAMR_DOMAIN_ACCESS_SET_INFO_3     = 0x00000400
+	} samr_DomainAccessMask;
+
+	typedef [bitmap32bit] bitmap {
+		SAMR_GROUP_ACCESS_LOOKUP_INFO     = 0x00000001,
+		SAMR_GROUP_ACCESS_SET_INFO        = 0x00000002,
+		SAMR_GROUP_ACCESS_ADD_MEMBER      = 0x00000004,
+		SAMR_GROUP_ACCESS_REMOVE_MEMBER   = 0x00000008,
+		SAMR_GROUP_ACCESS_GET_MEMBERS     = 0x00000010
+	} samr_GroupAccessMask;
+
+	typedef [bitmap32bit] bitmap {
+		SAMR_ALIAS_ACCESS_ADD_MEMBER      = 0x00000001,
+		SAMR_ALIAS_ACCESS_REMOVE_MEMBER   = 0x00000002,
+		SAMR_ALIAS_ACCESS_GET_MEMBERS     = 0x00000004,
+		SAMR_ALIAS_ACCESS_LOOKUP_INFO     = 0x00000008,
+		SAMR_ALIAS_ACCESS_SET_INFO        = 0x00000010
+	} samr_AliasAccessMask;
+
 	/******************/
 	/* Function: 0x00 */
 	NTSTATUS samr_Connect (
 		/* notice the lack of [string] */
-		[in]       uint16 *system_name,
-		[in]       uint32 access_mask,
+		[in,unique] uint16 *system_name,
+		[in]       samr_ConnectAccessMask access_mask,
 		[out,ref]  policy_handle *connect_handle
 		);
 
 
 	/******************/
 	/* Function: 0x01 */
-	NTSTATUS samr_Close (
+	[public] NTSTATUS samr_Close (
 		[in,out,ref]  policy_handle *handle
 		);
 
@@ -72,7 +124,7 @@
 	NTSTATUS samr_QuerySecurity (
 		[in,ref]          policy_handle *handle,
 		[in]              security_secinfo sec_info,
-		[out]             sec_desc_buf *sdbuf
+		[out,ref]         sec_desc_buf **sdbuf
 		);
 
 	/******************/
@@ -88,9 +140,9 @@
 	/******************/
 	/* Function: 0x05 */
 	NTSTATUS samr_LookupDomain (
-		[in,ref]  policy_handle *connect_handle,		
+		[in,ref]  policy_handle *connect_handle,
 		[in,ref]  lsa_String *domain_name,
-		[out]     dom_sid2 *sid
+		[out,ref] dom_sid2 **sid
 		);
 
 
@@ -108,19 +160,19 @@
 	} samr_SamArray;
 
 	NTSTATUS samr_EnumDomains (
-		[in,ref]      policy_handle *connect_handle,
+		[in]          policy_handle *connect_handle,
 		[in,out,ref]  uint32 *resume_handle,
+		[out,ref]     samr_SamArray **sam,
 		[in]          uint32 buf_size,
-		[out]         samr_SamArray *sam,
-		[out]         uint32 num_entries
+		[out,ref]     uint32 *num_entries
 		);
 
 
 	/************************/
 	/* Function    0x07     */
-	NTSTATUS samr_OpenDomain(
+	[public] NTSTATUS samr_OpenDomain(
 		[in,ref]      policy_handle *connect_handle,
-		[in]          uint32 access_mask,
+		[in]          samr_DomainAccessMask access_mask,
 		[in,ref]      dom_sid2 *sid,
 		[out,ref]     policy_handle *domain_handle
 		);
@@ -129,10 +181,10 @@
 	/* Function    0x08     */
 	/* server roles */
 	typedef [v1_enum] enum {
-		ROLE_STANDALONE    = 0,
-		ROLE_DOMAIN_MEMBER = 1,
-		ROLE_DOMAIN_BDC    = 2,
-		ROLE_DOMAIN_PDC    = 3
+		SAMR_ROLE_STANDALONE    = 0,
+		SAMR_ROLE_DOMAIN_MEMBER = 1,
+		SAMR_ROLE_DOMAIN_BDC    = 2,
+		SAMR_ROLE_DOMAIN_PDC    = 3
 	} samr_Role;
 
 	/* password properties flags */
@@ -235,7 +287,7 @@
 	NTSTATUS samr_QueryDomainInfo(
 		[in,ref]      policy_handle *domain_handle,
 		[in]          uint16 level,
-		[out,switch_is(level)] samr_DomainInfo *info
+		[out,ref,switch_is(level)] samr_DomainInfo **info
 		);
 
 	/************************/
@@ -256,7 +308,7 @@
 	NTSTATUS samr_CreateDomainGroup(
 		[in,ref]      policy_handle *domain_handle,
 		[in,ref]      lsa_String *name,
-		[in]          uint32 access_mask,
+		[in]          samr_GroupAccessMask access_mask,
 		[out,ref]     policy_handle *group_handle,
 		[out,ref]     uint32 *rid
 		);
@@ -264,12 +316,16 @@
 
 	/************************/
 	/* Function    0x0b     */
+
+	const int MAX_SAM_ENTRIES_W2K = 0x400; /* 1024 */
+	const int MAX_SAM_ENTRIES_W95 = 50;
+
 	NTSTATUS samr_EnumDomainGroups(
-		[in,ref]      policy_handle *domain_handle,
+		[in]          policy_handle *domain_handle,
 		[in,out,ref]  uint32 *resume_handle,
+		[out,ref]     samr_SamArray **sam,
 		[in]          uint32 max_size,
-		[out]         samr_SamArray *sam,
-		[out]         uint32 num_entries
+		[out,ref]     uint32 *num_entries
 		);
 
 	/************************/
@@ -277,7 +333,7 @@
 	NTSTATUS samr_CreateUser(
 		[in,ref]      policy_handle *domain_handle,
 		[in,ref]      lsa_String *account_name,
-		[in]          uint32 access_mask,
+		[in]          samr_UserAccessMask access_mask,
 		[out,ref]     policy_handle *user_handle,
 		[out,ref]     uint32 *rid
 		);
@@ -292,12 +348,12 @@
 	const int SAMR_ENUM_USERS_MULTIPLIER = 54;
 
 	NTSTATUS samr_EnumDomainUsers(
-		[in,ref]      policy_handle *domain_handle,
+		[in]          policy_handle *domain_handle,
 		[in,out,ref]  uint32 *resume_handle,
 		[in]          samr_AcctFlags acct_flags,
+		[out,ref]     samr_SamArray **sam,
 		[in]          uint32 max_size,
-		[out]         samr_SamArray *sam,
-		[out]         uint32 num_entries
+		[out,ref]     uint32 *num_entries
 		);
 
 	/************************/
@@ -305,7 +361,7 @@
 	NTSTATUS samr_CreateDomAlias(
 		[in,ref]      policy_handle *domain_handle,
 		[in,ref]      lsa_String   *alias_name,
-		[in]          uint32         access_mask,
+		[in]          samr_AliasAccessMask access_mask,
 		[out,ref]     policy_handle *alias_handle,
 		[out,ref]     uint32        *rid
 		);
@@ -313,11 +369,11 @@
 	/************************/
 	/* Function    0x0f     */
 	NTSTATUS samr_EnumDomainAliases(
-		[in,ref]      policy_handle *domain_handle,
+		[in]          policy_handle *domain_handle,
 		[in,out,ref]  uint32 *resume_handle,
-		[in]          samr_AcctFlags acct_flags,
-		[out]         samr_SamArray *sam,
-		[out]         uint32 num_entries
+		[out,ref]     samr_SamArray **sam,
+		[in]          uint32 max_size,
+		[out,ref]     uint32 *num_entries
 		);
 
 	/************************/
@@ -337,12 +393,12 @@
 	/************************/
 	/* Function    0x11     */
 
-	NTSTATUS samr_LookupNames(
+	[public] NTSTATUS samr_LookupNames(
 		[in,ref]      policy_handle *domain_handle,
 		[in,range(0,1000)] uint32 num_names,
 		[in,size_is(1000),length_is(num_names)] lsa_String names[],
-		[out]         samr_Ids rids,
-		[out]         samr_Ids types
+		[out,ref]     samr_Ids *rids,
+		[out,ref]     samr_Ids *types
 		);
 
 
@@ -352,15 +408,15 @@
 		[in,ref]      policy_handle *domain_handle,
 		[in,range(0,1000)] uint32 num_rids,
 		[in,size_is(1000),length_is(num_rids)] uint32 rids[],
-		[out]         lsa_Strings names,
-		[out]         samr_Ids types
+		[out,ref]     lsa_Strings *names,
+		[out,ref]     samr_Ids *types
 		);
 
 	/************************/
 	/* Function    0x13     */
 	NTSTATUS samr_OpenGroup(
 		[in,ref]      policy_handle *domain_handle,
-		[in]          uint32 access_mask,
+		[in]          samr_GroupAccessMask access_mask,
 		[in]          uint32 rid,
 		[out,ref]     policy_handle *group_handle
 		);
@@ -413,7 +469,7 @@
 	NTSTATUS samr_QueryGroupInfo(
 		[in,ref]                  policy_handle *group_handle,
 		[in]                      samr_GroupInfoEnum level,
-		[out,switch_is(level)]    samr_GroupInfo *info
+		[out,ref,switch_is(level)] samr_GroupInfo **info
 		);
 
 	/************************/
@@ -456,7 +512,7 @@
 
 	NTSTATUS samr_QueryGroupMember(
 		[in,ref]  policy_handle *group_handle,
-		[out]     samr_RidTypeArray *rids
+		[out,ref] samr_RidTypeArray **rids
 		);
 
 
@@ -480,7 +536,7 @@
 	/* Function    0x1b     */
 	NTSTATUS samr_OpenAlias (
 		[in,ref]      policy_handle *domain_handle,
-		[in]          uint32 access_mask,
+		[in]          samr_AliasAccessMask access_mask,
 		[in]          uint32 rid,
 		[out,ref]     policy_handle *alias_handle
 		);
@@ -510,7 +566,7 @@
 	NTSTATUS samr_QueryAliasInfo(
 		[in,ref]                  policy_handle  *alias_handle,
 		[in]                      samr_AliasInfoEnum      level,
-		[out,switch_is(level)]    samr_AliasInfo *info
+		[out,ref,switch_is(level)] samr_AliasInfo **info
 		);
 
 	/************************/
@@ -550,9 +606,9 @@
 
 	/************************/
 	/* Function    0x22     */
-	NTSTATUS samr_OpenUser(
+	[public] NTSTATUS samr_OpenUser(
 		[in,ref]      policy_handle *domain_handle,
-		[in]          uint32 access_mask,
+		[in]          samr_UserAccessMask access_mask,
 		[in]          uint32 rid,
 		[out,ref]     policy_handle *user_handle
 		);
@@ -678,28 +734,59 @@
 		NTTIME acct_expiry;
 	} samr_UserInfo17;
 
+	typedef [public, flag(NDR_PAHEX)] struct {
+		uint8 hash[16];
+	} samr_Password;
+
+	typedef struct {
+		samr_Password lm_pwd;
+		samr_Password nt_pwd;
+		boolean8 lm_pwd_active;
+		boolean8 nt_pwd_active;
+	} samr_UserInfo18;
+
 	typedef struct {
 		lsa_String parameters;
 	} samr_UserInfo20;
 
 	/* this defines the bits used for fields_present in info21 */
 	typedef [bitmap32bit] bitmap {
-		SAMR_FIELD_ACCOUNT_NAME = 0x00000001,
-		SAMR_FIELD_FULL_NAME    = 0x00000002,
-		SAMR_FIELD_DESCRIPTION  = 0x00000010,
-		SAMR_FIELD_COMMENT      = 0x00000020,
-		SAMR_FIELD_LOGON_SCRIPT = 0x00000100,
-		SAMR_FIELD_PROFILE_PATH = 0x00000200,
-		SAMR_FIELD_WORKSTATIONS = 0x00000400,
-		SAMR_FIELD_LOGON_HOURS  = 0x00002000,
-		SAMR_FIELD_ACCT_FLAGS   = 0x00100000,
-		SAMR_FIELD_PARAMETERS   = 0x00200000,
-		SAMR_FIELD_COUNTRY_CODE = 0x00400000,
-		SAMR_FIELD_CODE_PAGE    = 0x00800000,
-		SAMR_FIELD_PASSWORD     = 0x01000000, /* either of these */
-		SAMR_FIELD_PASSWORD2    = 0x02000000 /* two bits seems to work */
+		SAMR_FIELD_ACCOUNT_NAME     = 0x00000001,
+		SAMR_FIELD_FULL_NAME        = 0x00000002,
+		SAMR_FIELD_RID              = 0x00000004,
+		SAMR_FIELD_PRIMARY_GID      = 0x00000008,
+		SAMR_FIELD_DESCRIPTION      = 0x00000010,
+		SAMR_FIELD_COMMENT          = 0x00000020,
+		SAMR_FIELD_HOME_DIRECTORY   = 0x00000040,
+		SAMR_FIELD_HOME_DRIVE       = 0x00000080,
+		SAMR_FIELD_LOGON_SCRIPT     = 0x00000100,
+		SAMR_FIELD_PROFILE_PATH     = 0x00000200,
+		SAMR_FIELD_WORKSTATIONS     = 0x00000400,
+		SAMR_FIELD_LAST_LOGON       = 0x00000800,
+		SAMR_FIELD_LAST_LOGOFF      = 0x00001000,
+		SAMR_FIELD_LOGON_HOURS      = 0x00002000,
+		SAMR_FIELD_BAD_PWD_COUNT    = 0x00004000,
+		SAMR_FIELD_NUM_LOGONS       = 0x00008000,
+		SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000,
+		SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000,
+		SAMR_FIELD_LAST_PWD_CHANGE  = 0x00040000,
+		SAMR_FIELD_ACCT_EXPIRY      = 0x00080000,
+		SAMR_FIELD_ACCT_FLAGS       = 0x00100000,
+		SAMR_FIELD_PARAMETERS       = 0x00200000,
+		SAMR_FIELD_COUNTRY_CODE     = 0x00400000,
+		SAMR_FIELD_CODE_PAGE        = 0x00800000,
+		SAMR_FIELD_PASSWORD         = 0x01000000, /* either of these */
+		SAMR_FIELD_PASSWORD2        = 0x02000000, /* two bits seems to work */
+		SAMR_FIELD_PRIVATE_DATA     = 0x04000000,
+		SAMR_FIELD_EXPIRED_FLAG     = 0x08000000,
+		SAMR_FIELD_SEC_DESC         = 0x10000000,
+		SAMR_FIELD_OWF_PWD          = 0x20000000
 	} samr_FieldsPresent;
 
+	/* used for 'password_expired' in samr_UserInfo21 */
+	const int PASS_MUST_CHANGE_AT_NEXT_LOGON = 0x01;
+	const int PASS_DONT_CHANGE_AT_NEXT_LOGON = 0x00;
+
 	typedef struct {
 		NTTIME last_logon;
 		NTTIME last_logoff;
@@ -782,6 +869,7 @@
 		[case(14)] samr_UserInfo14 info14;
 		[case(16)] samr_UserInfo16 info16;
 		[case(17)] samr_UserInfo17 info17;
+		[case(18)] samr_UserInfo18 info18;
 		[case(20)] samr_UserInfo20 info20;
 		[case(21)] samr_UserInfo21 info21;
 		[case(23)] samr_UserInfo23 info23;
@@ -790,16 +878,16 @@
 		[case(26)] samr_UserInfo26 info26;
 	} samr_UserInfo;
 
-	NTSTATUS samr_QueryUserInfo(
+	[public] NTSTATUS samr_QueryUserInfo(
 		[in,ref]                  policy_handle *user_handle,
 		[in]                      uint16 level,
-		[out,switch_is(level)]    samr_UserInfo *info
+		[out,ref,switch_is(level)] samr_UserInfo **info
 		);
 
 
 	/************************/
 	/* Function    0x25     */
-	NTSTATUS samr_SetUserInfo(
+	[public] NTSTATUS samr_SetUserInfo(
 		[in,ref]                   policy_handle *user_handle,
 		[in]                       uint16 level,
 		[in,ref,switch_is(level)]  samr_UserInfo *info
@@ -807,10 +895,6 @@
 
 	/************************/
 	/* Function    0x26     */
-	typedef [public, flag(NDR_PAHEX)] struct {
-		uint8 hash[16];
-	} samr_Password;
-
 	/*
 	  this is a password change interface that doesn't give
 	  the server the plaintext password. Depricated.
@@ -818,15 +902,15 @@
 	NTSTATUS samr_ChangePasswordUser(
 		[in,ref]    policy_handle *user_handle,
 		[in]        boolean8 lm_present,
-		[in]        samr_Password *old_lm_crypted,
-		[in]        samr_Password *new_lm_crypted,
+		[in,unique] samr_Password *old_lm_crypted,
+		[in,unique] samr_Password *new_lm_crypted,
 		[in]        boolean8 nt_present,
-		[in]        samr_Password *old_nt_crypted,
-		[in]        samr_Password *new_nt_crypted,
+		[in,unique] samr_Password *old_nt_crypted,
+		[in,unique] samr_Password *new_nt_crypted,
 		[in]        boolean8 cross1_present,
-		[in]        samr_Password *nt_cross,
+		[in,unique] samr_Password *nt_cross,
 		[in]        boolean8 cross2_present,
-		[in]        samr_Password *lm_cross
+		[in,unique] samr_Password *lm_cross
 		);
 
 	/************************/
@@ -844,7 +928,7 @@
 
 	NTSTATUS samr_GetGroupsForUser(
 		[in,ref]   policy_handle *user_handle,
-		[out]      samr_RidWithAttributeArray  *rids
+		[out,ref]  samr_RidWithAttributeArray  **rids
 		);
 
 	/************************/
@@ -855,8 +939,8 @@
 		uint32    rid;
 		samr_AcctFlags acct_flags;
 		lsa_String account_name;
-		lsa_String full_name;
 		lsa_String description;
+		lsa_String full_name;
 	} samr_DispEntryGeneral;
 
 	typedef struct {
@@ -879,7 +963,20 @@
 
 	typedef struct {
 		uint32    idx;
-		lsa_AsciiString account_name;
+		uint32    rid;
+		samr_GroupAttrs acct_flags;
+		lsa_String account_name;
+		lsa_String description;
+	} samr_DispEntryFullGroup;
+
+	typedef struct {
+		uint32 count;
+		[size_is(count)] samr_DispEntryFullGroup *entries;
+	} samr_DispInfoFullGroups;
+
+	typedef struct {
+		uint32    idx;
+		lsa_AsciiStringLarge account_name;
 	} samr_DispEntryAscii;
 
 	typedef struct {
@@ -890,7 +987,7 @@
 	typedef [switch_type(uint16)] union {
 		[case(1)] samr_DispInfoGeneral info1;/* users */
 		[case(2)] samr_DispInfoFull info2; /* trust accounts? */
-		[case(3)] samr_DispInfoFull info3; /* groups */
+		[case(3)] samr_DispInfoFullGroups info3; /* groups */
 		[case(4)] samr_DispInfoAscii info4; /* users */
 		[case(5)] samr_DispInfoAscii info5; /* groups */
 	} samr_DispInfo;
@@ -901,9 +998,9 @@
 		[in]        uint32 start_idx,
 		[in]        uint32 max_entries,
 		[in]        uint32 buf_size,
-		[out]       uint32 total_size,
-		[out]       uint32 returned_size,
-		[out,switch_is(level)] samr_DispInfo info
+		[out,ref]   uint32 *total_size,
+		[out,ref]   uint32 *returned_size,
+		[out,ref,switch_is(level)] samr_DispInfo *info
 		);
 
 
@@ -923,7 +1020,7 @@
 		[in,ref]    policy_handle *domain_handle,
 		[in]        uint16 level,
 		[in]        lsa_String name,
-		[out]       uint32 idx
+		[out,ref]   uint32 *idx
 		);
 
 
@@ -958,9 +1055,9 @@
 		samr_PasswordProperties password_properties;
 	} samr_PwInfo;
 
-	NTSTATUS samr_GetUserPwInfo(
+	[public] NTSTATUS samr_GetUserPwInfo(
 		[in,ref]    policy_handle *user_handle,
-		[out]       samr_PwInfo info
+		[out,ref]   samr_PwInfo *info
 		);
 
 	/************************/
@@ -979,7 +1076,7 @@
 	NTSTATUS samr_QueryDomainInfo2(
 		[in,ref]      policy_handle *domain_handle,
 		[in]          uint16 level,
-		[out,switch_is(level)] samr_DomainInfo *info
+		[out,ref,switch_is(level)] samr_DomainInfo **info
 		);
 
 	/************************/
@@ -991,7 +1088,7 @@
 	NTSTATUS samr_QueryUserInfo2(
 		[in,ref]                  policy_handle *user_handle,
 		[in]                      uint16 level,
-		[out,switch_is(level)]    samr_UserInfo *info
+		[out,ref,switch_is(level)]    samr_UserInfo *info
 		);
 
 	/************************/
@@ -1006,9 +1103,9 @@
 		[in]        uint32 start_idx,
 		[in]        uint32 max_entries,
 		[in]        uint32 buf_size,
-		[out]       uint32 total_size,
-		[out]       uint32 returned_size,
-		[out,switch_is(level)] samr_DispInfo info
+		[out,ref]   uint32 *total_size,
+		[out,ref]   uint32 *returned_size,
+		[out,ref,switch_is(level)] samr_DispInfo *info
 		);
 
 	/************************/
@@ -1021,7 +1118,7 @@
 		[in,ref]    policy_handle *domain_handle,
 		[in]        uint16 level,
 		[in]        lsa_String name,
-		[out]       uint32 idx
+		[out,ref]   uint32 *idx
 		);
 
 
@@ -1031,7 +1128,7 @@
 		[in,ref]      policy_handle *domain_handle,
 		[in,ref]      lsa_String *account_name,
 		[in]          samr_AcctFlags acct_flags,
-		[in]          uint32 access_mask,
+		[in]          samr_UserAccessMask access_mask,
 		[out,ref]     policy_handle *user_handle,
 		[out,ref]     uint32 *access_granted,
 		[out,ref]     uint32 *rid
@@ -1050,9 +1147,9 @@
 		[in]        uint32 start_idx,
 		[in]        uint32 max_entries,
 		[in]        uint32 buf_size,
-		[out]       uint32 total_size,
-		[out]       uint32 returned_size,
-		[out,switch_is(level)] samr_DispInfo info
+		[out,ref]   uint32 *total_size,
+		[out,ref]   uint32 *returned_size,
+		[out,ref,switch_is(level)] samr_DispInfo *info
 		);
 
 	/************************/
@@ -1073,36 +1170,36 @@
 	/* Function    0x36     */
 
 	NTSTATUS samr_OemChangePasswordUser2(
-		[in]              lsa_AsciiString *server,
+		[in,unique]       lsa_AsciiString *server,
 		[in,ref]          lsa_AsciiString *account,
-		[in]              samr_CryptPassword *password,
-		[in]              samr_Password *hash
+		[in,unique]       samr_CryptPassword *password,
+		[in,unique]       samr_Password *hash
 		);
 
 	/************************/
 	/* Function    0x37     */
 	NTSTATUS samr_ChangePasswordUser2(
-		[in]              lsa_String *server,
+		[in,unique]       lsa_String *server,
 		[in,ref]          lsa_String *account,
-		[in]              samr_CryptPassword *nt_password,
-		[in]              samr_Password *nt_verifier,
+		[in,unique]       samr_CryptPassword *nt_password,
+		[in,unique]       samr_Password *nt_verifier,
 		[in]              boolean8 lm_change,
-		[in]              samr_CryptPassword *lm_password,
-		[in]              samr_Password *lm_verifier
+		[in,unique]       samr_CryptPassword *lm_password,
+		[in,unique]       samr_Password *lm_verifier
 		);
 
 	/************************/
 	/* Function    0x38     */
 	NTSTATUS samr_GetDomPwInfo(
-		[in]        lsa_String *domain_name,
-		[out]       samr_PwInfo info
+		[in,unique] lsa_String *domain_name,
+		[out,ref]   samr_PwInfo *info
 		);
 
 	/************************/
 	/* Function    0x39     */
 	NTSTATUS samr_Connect2(
-		[in,string,charset(UTF16)] uint16 *system_name,
-		[in] uint32 access_mask,
+		[in,unique,string,charset(UTF16)] uint16 *system_name,
+		[in] samr_ConnectAccessMask access_mask,
 		[out,ref]  policy_handle *connect_handle
 		);
 
@@ -1111,7 +1208,7 @@
 	/*
 	  seems to be an exact alias for samr_SetUserInfo() 
 	*/
-	NTSTATUS samr_SetUserInfo2(
+	[public] NTSTATUS samr_SetUserInfo2(
 		[in,ref]                   policy_handle *user_handle,
 		[in]                       uint16 level,
 		[in,ref,switch_is(level)]  samr_UserInfo *info
@@ -1133,25 +1230,32 @@
 	/* Function    0x3c     */
 	NTSTATUS samr_GetBootKeyInformation(
 		[in,ref]   policy_handle *domain_handle,
-		[out]      uint32 unknown
+		[out,ref]  uint32 *unknown
 		);
 
 	/************************/
 	/* Function    0x3d     */
 	NTSTATUS samr_Connect3(
-		[in,string,charset(UTF16)] uint16 *system_name,
+		[in,unique,string,charset(UTF16)] uint16 *system_name,
 		/* this unknown value seems to be completely ignored by w2k3 */
 		[in] uint32 unknown,
-		[in] uint32 access_mask,
+		[in] samr_ConnectAccessMask access_mask,
 		[out,ref]  policy_handle *connect_handle
 		);
 
 	/************************/
 	/* Function    0x3e     */
+
+	typedef enum {
+		SAMR_CONNECT_PRE_W2K	= 1,
+		SAMR_CONNECT_W2K	= 2,
+		SAMR_CONNECT_AFTER_W2K	= 3
+	} samr_ConnectVersion;
+
 	NTSTATUS samr_Connect4(
-		[in,string,charset(UTF16)] uint16 *system_name,
-		[in] uint32 unknown,
-		[in] uint32 access_mask,
+		[in,unique,string,charset(UTF16)] uint16 *system_name,
+		[in] samr_ConnectVersion client_version,
+		[in] samr_ConnectAccessMask access_mask,
 		[out,ref]  policy_handle *connect_handle
 		);
 
@@ -1167,23 +1271,23 @@
 	} samr_ChangeReject;
 
 	NTSTATUS samr_ChangePasswordUser3(
-		[in]              lsa_String *server,
+		[in,unique]       lsa_String *server,
 		[in,ref]          lsa_String *account,
-		[in]              samr_CryptPassword *nt_password,
-		[in]              samr_Password *nt_verifier,
+		[in,unique]       samr_CryptPassword *nt_password,
+		[in,unique]       samr_Password *nt_verifier,
 		[in]              boolean8 lm_change,
-		[in]              samr_CryptPassword *lm_password,
-		[in]              samr_Password *lm_verifier,
-		[in]              samr_CryptPassword *password3,
-		[out]             samr_DomInfo1 *dominfo,
-		[out]             samr_ChangeReject *reject
+		[in,unique]       samr_CryptPassword *lm_password,
+		[in,unique]       samr_Password *lm_verifier,
+		[in,unique]       samr_CryptPassword *password3,
+		[out,ref]         samr_DomInfo1 **dominfo,
+		[out,ref]         samr_ChangeReject **reject
 		);
 
 	/************************/
 	/* Function    0x40      */
 
 	typedef struct {
-		uint32         unknown1; /* w2k3 gives 3 */
+		samr_ConnectVersion client_version; /* w2k3 gives 3 */
 		uint32         unknown2; /* w2k3 gives 0 */
 	} samr_ConnectInfo1;
 
@@ -1191,11 +1295,13 @@
 		[case(1)]  samr_ConnectInfo1 info1;
 	} samr_ConnectInfo;
 
-	NTSTATUS samr_Connect5(
-		[in,string,charset(UTF16)] uint16 *system_name,
-		[in]       uint32             access_mask,
-		[in,out]   uint32             level,
-		[in,out,switch_is(level),ref] samr_ConnectInfo *info,
+	[public] NTSTATUS samr_Connect5(
+		[in,unique,string,charset(UTF16)] uint16 *system_name,
+		[in]       samr_ConnectAccessMask  access_mask,
+		[in]       uint32             level_in,
+		[in,ref,switch_is(level_in)] samr_ConnectInfo *info_in,
+		[out,ref]  uint32             *level_out,
+		[out,ref,switch_is(*level_out)] samr_ConnectInfo *info_out,
 		[out,ref]  policy_handle      *connect_handle
 		);
 
@@ -1204,7 +1310,7 @@
 	NTSTATUS samr_RidToSid(
 		[in,ref]    policy_handle *domain_handle,
 		[in]        uint32        rid,
-		[out]       dom_sid2      *sid
+		[out,ref]   dom_sid2      *sid
 		);
 
 
@@ -1218,17 +1324,107 @@
 	*/
 
 	NTSTATUS samr_SetDsrmPassword(
-		[in]       lsa_String *name,
+		[in,unique] lsa_String *name,
 		[in]       uint32 unknown,
-		[in]       samr_Password *hash
+		[in,unique] samr_Password *hash
 		);
 
 
 	/************************/
 	/* Function    0x43     */
-	/*
-	  I haven't been able to work out the format of this one yet.
-	  Seems to start with a switch level for a union?
-	*/
-	NTSTATUS samr_ValidatePassword();
+	/************************/
+	typedef [bitmap32bit] bitmap {
+		SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET		= 0x00000001,
+		SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME		= 0x00000002,
+		SAMR_VALIDATE_FIELD_LOCKOUT_TIME		= 0x00000004,
+		SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT		= 0x00000008,
+		SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH	= 0x00000010,
+		SAMR_VALIDATE_FIELD_PASSWORD_HISTORY		= 0x00000020
+	} samr_ValidateFieldsPresent;
+
+	typedef enum {
+		NetValidateAuthentication = 1,
+		NetValidatePasswordChange= 2,
+		NetValidatePasswordReset = 3
+	} samr_ValidatePasswordLevel;
+
+	/* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't
+	 * identified the mapping of
+	 * - NERR_PasswordFilterError
+	 * - NERR_PasswordExpired and
+	 * - NERR_PasswordCantChange
+	 * yet - Guenther
+	 */
+
+	typedef enum {
+		SAMR_VALIDATION_STATUS_SUCCESS = 0,
+		SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1,
+		SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2,
+		SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4,
+		SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5,
+		SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6,
+		SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7,
+		SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8,
+		SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9
+	} samr_ValidationStatus;
+
+	typedef struct {
+		uint32 length;
+		[size_is(length)] uint8 *data;
+        } samr_ValidationBlob;
+
+	typedef struct {
+		samr_ValidateFieldsPresent fields_present;
+		NTTIME_hyper last_password_change;
+		NTTIME_hyper bad_password_time;
+		NTTIME_hyper lockout_time;
+		uint32 bad_pwd_count;
+		uint32 pwd_history_len;
+		[size_is(pwd_history_len)] samr_ValidationBlob *pwd_history;
+	} samr_ValidatePasswordInfo;
+
+	typedef struct {
+		samr_ValidatePasswordInfo info;
+		samr_ValidationStatus status;
+	} samr_ValidatePasswordRepCtr;
+
+	typedef [switch_type(uint16)] union {
+		[case(1)] samr_ValidatePasswordRepCtr ctr1;
+		[case(2)] samr_ValidatePasswordRepCtr ctr2;
+		[case(3)] samr_ValidatePasswordRepCtr ctr3;
+	} samr_ValidatePasswordRep;
+
+	typedef struct {
+		samr_ValidatePasswordInfo info;
+		lsa_StringLarge password;
+		lsa_StringLarge account;
+		samr_ValidationBlob hash;
+		boolean8 pwd_must_change_at_next_logon;
+		boolean8 clear_lockout;
+	} samr_ValidatePasswordReq3;
+
+	typedef struct {
+		samr_ValidatePasswordInfo info;
+		lsa_StringLarge password;
+		lsa_StringLarge account;
+		samr_ValidationBlob hash;
+		boolean8 password_matched;
+	} samr_ValidatePasswordReq2;
+
+	typedef struct {
+		samr_ValidatePasswordInfo info;
+		boolean8 password_matched;
+	} samr_ValidatePasswordReq1;
+
+	typedef [switch_type(uint16)] union {
+		[case(1)] samr_ValidatePasswordReq1 req1;
+		[case(2)] samr_ValidatePasswordReq2 req2;
+		[case(3)] samr_ValidatePasswordReq3 req3;
+	} samr_ValidatePasswordReq;
+
+	NTSTATUS samr_ValidatePassword(
+		[in] samr_ValidatePasswordLevel level,
+		[in,switch_is(level)] samr_ValidatePasswordReq req,
+		[out,ref,switch_is(level)] samr_ValidatePasswordRep *rep
+		);
 }
diff --git a/source3/librpc/idl/security.idl b/source3/librpc/idl/security.idl
index 8a0d36a696..c4c30e9b5a 100644
--- a/source3/librpc/idl/security.idl
+++ b/source3/librpc/idl/security.idl
@@ -4,9 +4,26 @@
   security IDL structures
 */
 
+import "misc.idl";
+
+/* 
+   use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really
+   just a dom sid, but with the sub_auths represented as a conformant
+   array. As with all in-structure conformant arrays, the array length
+   is placed before the start of the structure. That's what gives rise
+   to the extra num_auths elemenent. We don't want the Samba code to
+   have to bother with such esoteric NDR details, so its easier to just
+   define it as a dom_sid and use pidl magic to make it all work. It
+   just means you need to mark a sid as a "dom_sid2" in the IDL when you
+   know it is of the conformant array variety
+*/
+cpp_quote("#define dom_sid2 dom_sid")
+
+/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */
+cpp_quote("#define dom_sid28 dom_sid")
+
 [
-	pointer_default(unique),
-	depends(misc,security)
+	pointer_default(unique)
 ]
 interface security
 {
@@ -121,6 +138,8 @@ interface security
 	const string SID_NULL = "S-1-0-0";
 
 	/* the world domain */
+	const string NAME_WORLD       = "WORLD";
+
 	const string SID_WORLD_DOMAIN = "S-1-1";
 	const string SID_WORLD        = "S-1-1-0";
 
@@ -130,6 +149,8 @@ interface security
 	const string SID_CREATOR_GROUP        = "S-1-3-1";
 
 	/* SECURITY_NT_AUTHORITY */
+	const string NAME_NT_AUTHORITY            = "NT AUTHORITY";
+
 	const string SID_NT_AUTHORITY             = "S-1-5";
 	const string SID_NT_DIALUP                = "S-1-5-1";
 	const string SID_NT_NETWORK               = "S-1-5-2";
@@ -150,6 +171,8 @@ interface security
 	const string SID_NT_NETWORK_SERVICE       = "S-1-5-20";
 
 	/* SECURITY_BUILTIN_DOMAIN_RID */
+	const string NAME_BUILTIN                  = "BUILTIN";
+
 	const string SID_BUILTIN                   = "S-1-5-32";
 	const string SID_BUILTIN_ADMINISTRATORS    = "S-1-5-32-544";
 	const string SID_BUILTIN_USERS             = "S-1-5-32-545";
@@ -169,6 +192,7 @@ interface security
 	const int DOMAIN_RID_GUEST                 = 501;
 	const int DOMAIN_RID_ADMINS                = 512;
 	const int DOMAIN_RID_USERS                 = 513;
+	const int DOMAIN_RID_DOMAIN_MEMBERS        = 515;
 	const int DOMAIN_RID_DCS                   = 516;
 	const int DOMAIN_RID_CERT_ADMINS           = 517;
 	const int DOMAIN_RID_SCHEMA_ADMINS         = 518;
@@ -206,16 +230,6 @@ interface security
 		SEC_PRIV_REMOTE_INTERACTIVE_LOGON  = 24
 	} sec_privilege;
 
-
-	/* a domain SID. Note that unlike Samba3 this contains a pointer,
-	   so you can't copy them using assignment */
-	typedef [public,gensize,noprint,noejs,nosize] struct {
-		uint8  sid_rev_num;             /**< SID revision number */
-		[range(0,15)] int8  num_auths;  /**< Number of sub-authorities */
-		uint8  id_auth[6];              /**< Identifier Authority */
-		uint32 sub_auths[num_auths];
-	} dom_sid;
-
 	typedef [bitmap8bit] bitmap {
 		SEC_ACE_FLAG_OBJECT_INHERIT		= 0x01,
 		SEC_ACE_FLAG_CONTAINER_INHERIT		= 0x02,
@@ -239,7 +253,7 @@ interface security
 		SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT	= 8
 	} security_ace_type;
 
-	typedef bitmap {
+	typedef [bitmap32bit] bitmap {
 		SEC_ACE_OBJECT_TYPE_PRESENT		= 0x00000001,
 		SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT	= 0x00000002
 	} security_ace_object_flags;
diff --git a/source3/librpc/idl/spoolss.idl b/source3/librpc/idl/spoolss.idl
index 104c0e32e5..2144393ebd 100644
--- a/source3/librpc/idl/spoolss.idl
+++ b/source3/librpc/idl/spoolss.idl
@@ -3,17 +3,17 @@
 /*
   spoolss interface definitions
 */
+import "security.idl", "winreg.idl";
 
 [ uuid("12345678-1234-abcd-ef00-0123456789ab"),
   version(1.0),
   endpoint("ncacn_np:[\\pipe\\spoolss]"),
   pointer_default(unique),
-  pointer_default_top(unique),
   helpstring("Spooler SubSystem"),
-  depends(security),
   helper("librpc/ndr/ndr_spoolss_buf.h")
 ] interface spoolss
 {
+	typedef [v1_enum] enum winreg_Type winreg_Type;
 	typedef struct {
 		uint16 year;
 		uint16 month;
@@ -58,7 +58,7 @@
 	} spoolss_PrinterInfo0;
 
 	typedef [public,gensize] struct {
-	        string32 devicename;
+		[charset(UTF16)] uint16 devicename[32];
 		uint16 specversion;
 		uint16 driverversion;
 		uint16 size;
@@ -77,7 +77,7 @@
 		uint16 yresolution;
 		uint16 ttoption;
 		uint16 collate;
-	        string32 formname;
+		[charset(UTF16)] uint16 formname[32];
 		uint16 logpixels;
 		uint32 bitsperpel;
 		uint32 pelswidth;
@@ -104,7 +104,6 @@
 		PRINTER_ENUM_REMOTE      = 0x00000010,
 		PRINTER_ENUM_SHARED      = 0x00000020,
 		PRINTER_ENUM_NETWORK     = 0x00000040,
-		PRINTER_ENUM_UNKNOWN_8   = 0x00000008,
 		PRINTER_ENUM_EXPAND      = 0x00004000,
 		PRINTER_ENUM_CONTAINER   = 0x00008000,
 		PRINTER_ENUM_ICON1       = 0x00010000,
@@ -254,13 +253,13 @@
 	/* we are using this as internal parsing code */
 	[public,noopnum,noprint] WERROR _spoolss_EnumPrinters(
 		[in] spoolss_EnumPrinterFlags flags,
-		[in] [string,charset(UTF16)] uint16 *server,
+		[in,unique] [string,charset(UTF16)] uint16 *server,
 		[in] uint32 level,
-		[in] DATA_BLOB *buffer,
+		[in,unique] DATA_BLOB *buffer,
 		[in] uint32 offered,
-		[out] DATA_BLOB *info,
-		[out] uint32 *needed,
-		[out] uint32 *count
+		[out,unique] DATA_BLOB *info,
+		[out] uint32 needed,
+		[out] uint32 count
 	);
 	[public,noopnum,noprint] void __spoolss_EnumPrinters(
 		[in] uint32 level,
@@ -269,16 +268,16 @@
 	);
 	[nopull,nopush] WERROR spoolss_EnumPrinters(
 		[in] spoolss_EnumPrinterFlags flags,
-		[in] [string,charset(UTF16)] uint16 *server,
+		[in,unique] [string,charset(UTF16)] uint16 *server,
 		[in] uint32 level,
-		[in] DATA_BLOB *buffer,
+		[in,unique] DATA_BLOB *buffer,
 		[in] uint32 offered,
 		/* what we have here is a subcontext containing an array of no discriminant unions
 		 * and the array has no size in front
 		 */
-		[out,switch_is(level),size_is(count)] spoolss_PrinterInfo *info,
-		[out] uint32 *needed,
-		[out] uint32 *count
+		[out,unique,switch_is(level),size_is(count)] spoolss_PrinterInfo *info,
+		[out] uint32 needed,
+		[out] uint32 count
 	);
 
 	/******************/
@@ -288,9 +287,9 @@
 		[subcontext(4),subcontext_size(_ndr_size)] spoolss_DeviceMode *devmode;
 	} spoolss_DevmodeContainer;
 
-	WERROR spoolss_OpenPrinter(
-		[in] [string,charset(UTF16)] uint16 *printername,
-		[in] [string,charset(UTF16)] uint16 *datatype,
+	[public] WERROR spoolss_OpenPrinter(
+		[in,unique] [string,charset(UTF16)] uint16 *printername,
+		[in,unique] [string,charset(UTF16)] uint16 *datatype,
 		[in] spoolss_DevmodeContainer devmode_ctr,
 		[in] uint32 access_mask,
 		[out,ref] policy_handle *handle
@@ -339,7 +338,7 @@
 	WERROR spoolss_SetJob(
 		[in,ref] policy_handle *handle,
 		[in] uint32 job_id,
-		[in] spoolss_JobInfoContainer *ctr,
+		[in,unique] spoolss_JobInfoContainer *ctr,
 		[in] spoolss_JobControl command
 	);
 
@@ -349,10 +348,10 @@
 		[in,ref] policy_handle *handle,
 		[in] 	 uint32 job_id,
 		[in] 	 uint32 level,
-		[in] 	 DATA_BLOB *buffer,
+		[in,unique] DATA_BLOB *buffer,
 		[in] 	 uint32 offered,
-		[out,subcontext(4),subcontext_size(offered),switch_is(level)] spoolss_JobInfo *info,
-		[out] 	 uint32 *needed
+		[out,unique,subcontext(4),subcontext_size(offered),switch_is(level)] spoolss_JobInfo *info,
+		[out] 	 uint32 needed
 	);
 
 	/******************/
@@ -362,11 +361,11 @@
 		[in] 	 uint32 firstjob,
 		[in] 	 uint32 numjobs,
 		[in] 	 uint32 level,
-		[in] 	 DATA_BLOB *buffer,
+		[in,unique] DATA_BLOB *buffer,
 		[in] 	 uint32 offered,
-		[out] 	 DATA_BLOB *info,
-		[out] 	 uint32 *needed,
-		[out] 	 uint32 *count
+		[out,unique] DATA_BLOB *info,
+		[out] 	 uint32 needed,
+		[out] 	 uint32 count
 	);
 	[public,noopnum,noprint] void __spoolss_EnumJobs(
 		[in] uint32 level,
@@ -378,11 +377,11 @@
 		[in]	 uint32 firstjob,
 		[in]	 uint32 numjobs,
 		[in]	 uint32 level,
-		[in]     DATA_BLOB *buffer,
+		[in,unique] DATA_BLOB *buffer,
 		[in] 	 uint32 offered,
-		[out,switch_is(level),size_is(count)] spoolss_JobInfo *info,
-		[out] 	 uint32 *needed,
-		[out]	 uint32 *count
+		[out,unique,switch_is(level),size_is(count)] spoolss_JobInfo *info,
+		[out] 	 uint32 needed,
+		[out]	 uint32 count
 	);
 
 	/******************/
@@ -432,13 +431,13 @@
 
 	/******************/
 	/* Function: 0x08 */
-	WERROR spoolss_GetPrinter(
+	[public] WERROR spoolss_GetPrinter(
 		[in,ref] policy_handle *handle,
 		[in] 	 uint32 level,
-		[in] 	 DATA_BLOB *buffer,
+		[in,unique] DATA_BLOB *buffer,
 		[in] 	 uint32 offered,
-		[out,subcontext(4),subcontext_size(offered),switch_is(level)] spoolss_PrinterInfo *info,
-		[out] 	 uint32 *needed
+		[out,unique,subcontext(4),subcontext_size(offered),switch_is(level)] spoolss_PrinterInfo *info,
+		[out] 	 uint32 needed
 	);
 
 	/******************/
@@ -538,14 +537,14 @@
 	/******************/
 	/* Function: 0x0a */
 	[public,noopnum,noprint] WERROR _spoolss_EnumPrinterDrivers(
-		[in] [string,charset(UTF16)] uint16 *server,
-		[in] [string,charset(UTF16)] uint16 *environment,
+		[in,unique] [string,charset(UTF16)] uint16 *server,
+		[in,unique] [string,charset(UTF16)] uint16 *environment,
 		[in] uint32 level,
-		[in] DATA_BLOB *buffer,
+		[in,unique] DATA_BLOB *buffer,
 		[in] uint32 offered,
-		[out] DATA_BLOB *info,
-		[out] uint32 *needed,
-		[out] uint32 *count
+		[out,unique] DATA_BLOB *info,
+		[out] uint32 needed,
+		[out] uint32 count
 	);
 	[public,noopnum,noprint] void __spoolss_EnumPrinterDrivers(
 		[in] uint32 level,
@@ -553,14 +552,14 @@
 		[out,switch_is(level)] spoolss_DriverInfo info[count]
 	);
 	[nopull,nopush] WERROR spoolss_EnumPrinterDrivers(
-		[in] [string,charset(UTF16)] uint16 *server,
-		[in] [string,charset(UTF16)] uint16 *environment,
+		[in,unique] [string,charset(UTF16)] uint16 *server,
+		[in,unique] [string,charset(UTF16)] uint16 *environment,
 		[in] uint32 level,
-		[in] DATA_BLOB *buffer,
+		[in,unique] DATA_BLOB *buffer,
 		[in] uint32 offered,
-		[out,switch_is(level),size_is(count)] spoolss_DriverInfo *info,
-		[out] uint32 *needed,
-		[out] uint32 *count
+		[out,unique,switch_is(level),size_is(count)] spoolss_DriverInfo *info,
+		[out] uint32 needed,
+		[out] uint32 count
 	);
 
 	/******************/
@@ -582,21 +581,21 @@
 		[default] spoolss_DriverDirectoryInfo1 info1;
 	} spoolss_DriverDirectoryInfo;
 
-	WERROR spoolss_GetPrinterDriverDirectory(
-		[in] [string,charset(UTF16)] uint16 *server,
-		[in] [string,charset(UTF16)] uint16 *environment,
+	[public] WERROR spoolss_GetPrinterDriverDirectory(
+		[in,unique] [string,charset(UTF16)] uint16 *server,
+		[in,unique] [string,charset(UTF16)] uint16 *environment,
 		[in] uint32 level,
-		[in] DATA_BLOB *buffer,
+		[in,unique] DATA_BLOB *buffer,
 		[in] uint32 offered,
-		[out,subcontext(4),subcontext_size(offered),switch_is(level)] spoolss_DriverDirectoryInfo *info,
-		[out] uint32 *needed
+		[out,unique,subcontext(4),subcontext_size(offered),switch_is(level)] spoolss_DriverDirectoryInfo *info,
+		[out] uint32 needed
 	);
 
 	/******************/
 	/* Function: 0x0d */
 	WERROR spoolss_DeletePrinterDriver(
 		[in,ref] policy_handle *handle,
-		[in] [string,charset(UTF16)] uint16 *server,
+		[in,unique] [string,charset(UTF16)] uint16 *server,
 		[in] [string,charset(UTF16)] uint16 architecture[],
 		[in] [string,charset(UTF16)] uint16 driver[]
 	);
@@ -618,14 +617,14 @@
 	} spoolss_PrintProcessorInfo;
 
 	[public,noopnum,noprint] WERROR _spoolss_EnumPrintProcessors(
-		[in] [string,charset(UTF16)] uint16 *servername,
-		[in] [string,charset(UTF16)] uint16 *environment,
+		[in,unique] [string,charset(UTF16)] uint16 *servername,
+		[in,unique] [string,charset(UTF16)] uint16 *environment,
 		[in] uint32 level,
-		[in] DATA_BLOB *buffer,
+		[in,unique] DATA_BLOB *buffer,
 		[in] uint32 offered,
-		[out] DATA_BLOB *info,
-		[out] uint32 *needed,
-		[out] uint32 *count
+		[out,unique] DATA_BLOB *info,
+		[out] uint32 needed,
+		[out] uint32 count
 	);
 	[public,noopnum,noprint] void __spoolss_EnumPrintProcessors(
 		[in] uint32 level,
@@ -633,14 +632,14 @@
 		[out,switch_is(level)] spoolss_PrintProcessorInfo info[count]
 	);
 	[nopull,nopush] WERROR spoolss_EnumPrintProcessors(
-		[in] [string,charset(UTF16)] uint16 *servername,
-		[in] [string,charset(UTF16)] uint16 *environment,
+		[in,unique] [string,charset(UTF16)] uint16 *servername,
+		[in,unique] [string,charset(UTF16)] uint16 *environment,
 		[in] uint32 level,
-		[in] DATA_BLOB *buffer,
+		[in,unique] DATA_BLOB *buffer,
 		[in] uint32 offered,
-		[out,switch_is(level),size_is(count)] spoolss_PrintProcessorInfo *info,
-		[out] uint32 *needed,
-		[out] uint32 *count
+		[out,unique,switch_is(level),size_is(count)] spoolss_PrintProcessorInfo *info,
+		[out] uint32 needed,
+		[out] uint32 count
 	);
 
 	/******************/
@@ -667,7 +666,7 @@
 		[in,ref] policy_handle *handle,
 		[in] uint32 level,
 		[in,switch_is(level)] spoolss_DocumentInfo info,
-		[out] uint32 *job_id
+		[out] uint32 job_id
 	);
 
 	/******************/
@@ -682,7 +681,7 @@
 		[in,ref] policy_handle *handle,
 		[in] DATA_BLOB data,
 		[in,value(r->in.data.length)] uint32 _data_size,
-		[out] uint32 *num_written
+		[out] uint32 num_written
 	);
 
 	/******************/
@@ -702,8 +701,8 @@
 	WERROR spoolss_ReadPrinter(
 		[in,ref] policy_handle *handle,
 		[in] uint32 data_size,
-		[out] DATA_BLOB *data,
-		[out,value(r->out.data.length)] uint32 *_data_size
+		[out] DATA_BLOB data,
+		[out,value(r->out.data.length)] uint32 _data_size
 	);
 
 	/******************/
@@ -767,21 +766,21 @@
 		[in,ref] policy_handle *handle,
 		[in] 	 [string,charset(UTF16)] uint16 value_name[],
 		[in] 	 uint32 offered,
-		[out] 	 spoolss_PrinterDataType *type,
-		[out] 	 DATA_BLOB *data,
-		[out] 	 uint32 *needed
+		[out] 	 spoolss_PrinterDataType type,
+		[out] 	 DATA_BLOB data,
+		[out] 	 uint32 needed
 	);
 	[noopnum,noprint,public] void __spoolss_GetPrinterData(
 		[in] spoolss_PrinterDataType type,
-		[out,switch_is(type)] spoolss_PrinterData *data
+		[out,switch_is(type)] spoolss_PrinterData data
 	);
-	[nopull,nopush] WERROR spoolss_GetPrinterData(
+	[nopull,nopush,public] WERROR spoolss_GetPrinterData(
 		[in,ref] policy_handle *handle,
 		[in] 	 [string,charset(UTF16)] uint16 value_name[],
 		[in] 	 uint32 offered,
-		[out] 	 spoolss_PrinterDataType *type,
-		[out,subcontext(4),subcontext_size(offered),switch_is(type)] spoolss_PrinterData *data,
-		[out] 	 uint32 *needed
+		[out] 	 spoolss_PrinterDataType type,
+		[out,subcontext(4),subcontext_size(offered),switch_is(type)] spoolss_PrinterData data,
+		[out] 	 uint32 needed
 	);
 
 	/******************/
@@ -791,11 +790,11 @@
 		[in] [string,charset(UTF16)] uint16 value_name[],
 		[in] spoolss_PrinterDataType type,
 		[in] DATA_BLOB data,
-		[in] uint32 *_offered
+		[in] uint32 _offered
 	);
 	[noopnum,nopull,noprint,public] void __spoolss_SetPrinterData(
 		[in] spoolss_PrinterDataType type,
-		[out,switch_is(type)] spoolss_PrinterData *data
+		[out,switch_is(type)] spoolss_PrinterData data
 	);
 	[nopush] WERROR spoolss_SetPrinterData(
 		[in,ref] policy_handle *handle,
@@ -812,7 +811,7 @@
 
 	/******************/
 	/* Function: 0x1d */
-	WERROR spoolss_ClosePrinter(
+	[public] WERROR spoolss_ClosePrinter(
 		[in,out,ref]     policy_handle *handle
 	);
 
@@ -878,10 +877,10 @@
 		[in,ref] policy_handle *handle,
 		[in] [string,charset(UTF16)] uint16 form_name[],
 		[in] uint32 level,
-		[in] DATA_BLOB *buffer,
+		[in,unique] DATA_BLOB *buffer,
 		[in] uint32 offered,
-		[out,subcontext(4),subcontext_size(offered),switch_is(level)] spoolss_FormInfo *info,
-		[out] uint32 *needed
+		[out,unique,subcontext(4),subcontext_size(offered),switch_is(level)] spoolss_FormInfo *info,
+		[out] uint32 needed
 	);
 
 	/******************/
@@ -898,11 +897,11 @@
 	[public,noopnum,noprint] WERROR _spoolss_EnumForms(
 		[in,ref] policy_handle *handle,
 		[in] 	 uint32 level,
-		[in] 	 DATA_BLOB *buffer,
+		[in,unique] DATA_BLOB *buffer,
 		[in] 	 uint32 offered,
-		[out]	 DATA_BLOB *info,
-		[out]	 uint32 *needed,
-		[out]	 uint32 *count
+		[out,unique] DATA_BLOB *info,
+		[out]	 uint32 needed,
+		[out]	 uint32 count
 	);
 	[public,noopnum,noprint] void __spoolss_EnumForms(
 		[in] uint32 level,
@@ -912,11 +911,11 @@
 	[nopull,nopush] WERROR spoolss_EnumForms(
 		[in,ref] policy_handle *handle,
 		[in] 	 uint32 level,
-		[in] 	 DATA_BLOB *buffer,
+		[in,unique] DATA_BLOB *buffer,
 		[in] 	 uint32 offered,
-		[out,switch_is(level),size_is(count)] spoolss_FormInfo *info,
-		[out] uint32 *needed,
-		[out] uint32 *count
+		[out,unique,switch_is(level),size_is(count)] spoolss_FormInfo *info,
+		[out] uint32 needed,
+		[out] uint32 count
 	);
 
 	typedef struct {
@@ -948,13 +947,13 @@
 	/******************/
 	/* Function: 0x23 */
 	[public,noopnum,noprint] WERROR _spoolss_EnumPorts(
-		[in] [string,charset(UTF16)] uint16 *servername,
+		[in,unique] [string,charset(UTF16)] uint16 *servername,
 		[in] uint32 level,
-		[in] DATA_BLOB *buffer,
+		[in,unique] DATA_BLOB *buffer,
 		[in] uint32 offered,
-		[out] DATA_BLOB *info,
-		[out] uint32 *needed,
-		[out] uint32 *count
+		[out,unique] DATA_BLOB *info,
+		[out] uint32 needed,
+		[out] uint32 count
 	);
 	[public,noopnum,noprint] void __spoolss_EnumPorts(
 		[in] uint32 level,
@@ -962,13 +961,13 @@
 		[out,switch_is(level)] spoolss_PortInfo info[count]
 	);
 	[nopull,nopush] WERROR spoolss_EnumPorts(
-		[in] [string,charset(UTF16)] uint16 *servername,
+		[in,unique] [string,charset(UTF16)] uint16 *servername,
 		[in] uint32 level,
-		[in] DATA_BLOB *buffer,
+		[in,unique] DATA_BLOB *buffer,
 		[in] uint32 offered,
-		[out,switch_is(level),size_is(count)] spoolss_PortInfo *info,
-		[out] uint32 *needed,
-		[out] uint32 *count
+		[out,unique,switch_is(level),size_is(count)] spoolss_PortInfo *info,
+		[out] uint32 needed,
+		[out] uint32 count
 	);
 
 	/******************/
@@ -990,13 +989,13 @@
 	} spoolss_MonitorInfo;
 
 	[public,noopnum,noprint] WERROR _spoolss_EnumMonitors(
-		[in] [string,charset(UTF16)] uint16 *servername,
+		[in,unique] [string,charset(UTF16)] uint16 *servername,
 		[in] uint32 level,
-		[in] DATA_BLOB *buffer,
+		[in,unique] DATA_BLOB *buffer,
 		[in] uint32 offered,
-		[out] DATA_BLOB *info,
-		[out] uint32 *needed,
-		[out] uint32 *count
+		[out,unique] DATA_BLOB *info,
+		[out] uint32 needed,
+		[out] uint32 count
 	);
 	[public,noopnum,noprint] void __spoolss_EnumMonitors(
 		[in] uint32 level,
@@ -1004,19 +1003,19 @@
 		[out,switch_is(level)] spoolss_MonitorInfo info[count]
 	);
 	[nopull,nopush] WERROR spoolss_EnumMonitors(
-		[in] [string,charset(UTF16)] uint16 *servername,
+		[in,unique] [string,charset(UTF16)] uint16 *servername,
 		[in] uint32 level,
-		[in] DATA_BLOB *buffer,
+		[in,unique] DATA_BLOB *buffer,
 		[in] uint32 offered,
-		[out,switch_is(level),size_is(count)] spoolss_MonitorInfo *info,
-		[out] uint32 *needed,
-		[out] uint32 *count
+		[out,unique,switch_is(level),size_is(count)] spoolss_MonitorInfo *info,
+		[out] uint32 needed,
+		[out] uint32 count
 	);
 
 	/******************/
 	/* Function: 0x25 */
 	WERROR spoolss_AddPort(
-	       [in] [string,charset(UTF16)] uint16 *server_name,
+	       [in,unique] [string,charset(UTF16)] uint16 *server_name,
 	       [in] uint32 unknown,
 	       [in] [string,charset(UTF16)] uint16 monitor_name[]
 	);
@@ -1102,16 +1101,16 @@
 	/* Function: 0x35 */
 	WERROR spoolss_GetPrinterDriver2(
 		[in,ref] policy_handle *handle,
-		[in] 	 [string,charset(UTF16)] uint16 *architecture,
+		[in,unique] [string,charset(UTF16)] uint16 *architecture,
 		[in] 	 uint32 level,
-		[in] 	 DATA_BLOB *buffer,
+		[in,unique] DATA_BLOB *buffer,
 		[in] 	 uint32 offered,
 		[in] 	 uint32 client_major_version,
 		[in] 	 uint32 client_minor_version,
-		[out] 	 DATA_BLOB *info,
-		[out] 	 uint32 *needed,
-		[out] 	 uint32 *server_major_version,
-		[out] 	 uint32 *server_minor_version
+		[out,unique] DATA_BLOB *info,
+		[out] 	 uint32 needed,
+		[out] 	 uint32 server_major_version,
+		[out] 	 uint32 server_minor_version
 	);
 
 	/******************/
@@ -1126,7 +1125,8 @@
 
 	/******************/
 	/* Function: 0x38 */
-	WERROR spoolss_FindClosePrinterNotify(
+	[public] WERROR spoolss_FindClosePrinterNotify(
+		[in,ref] policy_handle *handle
 	);
 
 	/******************/
@@ -1136,7 +1136,13 @@
 
 	/******************/
 	/* Function: 0x3a */
-	WERROR spoolss_ReplyOpenPrinter(
+	[public] WERROR spoolss_ReplyOpenPrinter(
+		[in,string,charset(UTF16)] uint16 server_name[],
+		[in] uint32 printer_local,
+		[in] winreg_Type type,
+		[in] uint32 unknown1,
+		[in] uint32 unknown2,
+		[out,ref] policy_handle *handle
 	);
 
 	/******************/
@@ -1146,7 +1152,8 @@
 
 	/******************/
 	/* Function: 0x3c */
-	WERROR spoolss_ReplyClosePrinter(
+	[public] WERROR spoolss_ReplyClosePrinter(
+		[in,out,ref] policy_handle *handle
 	);
 
 	/******************/
@@ -1169,31 +1176,65 @@
 	WERROR spoolss_ResetPrinterEx(
 	);
 
+	typedef [enum16bit] enum {
+		SPOOLSS_FIELD_SERVER_NAME		=  0,
+		SPOOLSS_FIELD_PRINTER_NAME		=  1,
+		SPOOLSS_FIELD_SHARE_NAME    	=  2,
+		SPOOLSS_FIELD_PORT_NAME			=  3,
+		SPOOLSS_FIELD_DRIVER_NAME		=  4,
+		SPOOLSS_FIELD_COMMENT			=  5,
+		SPOOLSS_FIELD_LOCATION			=  6,
+		SPOOLSS_FIELD_DEVMODE			=  7,
+		SPOOLSS_FIELD_SEPFILE			=  8,
+		SPOOLSS_FIELD_PRINT_PROCESSOR	=  9,
+		SPOOLSS_FIELD_PARAMETERS		= 10,
+		SPOOLSS_FIELD_DATATYPE			= 11,
+		SPOOLSS_FIELD_SECURITY_DESCRIPTOR=12,
+		SPOOLSS_FIELD_ATTRIBUTES		= 13,
+		SPOOLSS_FIELD_PRIORITY			= 14,
+		SPOOLSS_FIELD_DEFAULT_PRIORITY	= 15,
+		SPOOLSS_FIELD_START_TIME		= 16,
+		SPOOLSS_FIELD_UNTIL_TIME		= 17,
+		SPOOLSS_FIELD_STATUS			= 18,
+		SPOOLSS_FIELD_STATUS_STRING		= 19,
+		SPOOLSS_FIELD_CJOBS				= 20,
+		SPOOLSS_FIELD_AVERAGE_PPM		= 21,
+		SPOOLSS_FIELD_TOTAL_PAGES		= 22,
+		SPOOLSS_FIELD_PAGES_PRINTED 	= 23,
+		SPOOLSS_FIELD_TOTAL_BYTES		= 24,
+		SPOOLSS_FIELD_BYTES_PRINTED		= 25
+	} spoolss_Field;
+
+	typedef [enum16bit] enum {
+		SPOOLSS_NOTIFY_PRINTER 			= 0,
+		SPOOLSS_NOTIFY_JOB				= 1
+	} spoolss_NotifyType;
+
 	/******************/
 	/* Function: 0x41 */
-	typedef [flag(NDR_PAHEX)] struct {
+	typedef struct {
+		spoolss_NotifyType type;
 		uint16 u1;
-		uint16 u2;
+		uint32 u2;
 		uint32 u3;
-		uint32 u4;
 		uint32 count;
-		[size_is(count)] uint16 *array;
-	} spoolss_RemoteFindFirstPrinterChangeNotifyEx_t2;
+		[size_is(count)] spoolss_Field *fields;
+	} spoolss_NotifyOptionsArray;
 
 	typedef struct {
-		uint32 u1;
-		uint32 u2;
+		uint32 version;
+		uint32 flags;
 		uint32 count;
-		[size_is(count)] spoolss_RemoteFindFirstPrinterChangeNotifyEx_t2 *t2;
-	} spoolss_RemoteFindFirstPrinterChangeNotifyEx_t1;
+		[size_is(count)] spoolss_NotifyOptionsArray *options;
+	} spoolss_NotifyOptionsContainer;
 
-	WERROR spoolss_RemoteFindFirstPrinterChangeNotifyEx(
+	[public] WERROR spoolss_RemoteFindFirstPrinterChangeNotifyEx(
 		[in,ref] policy_handle *handle,
-		[in] uint32 u1,
-		[in] uint32 u2,
-		[in] [string,charset(UTF16)] uint16 *str,
-		[in] uint32 u3,
-		[in] spoolss_RemoteFindFirstPrinterChangeNotifyEx_t1 *t1
+		[in] uint32 flags,
+		[in] uint32 options,
+		[in,unique] [string,charset(UTF16)] uint16 *str,
+		[in] uint32 printer_local,
+		[in,unique] spoolss_NotifyOptionsContainer *t1
 	);
 
 	/******************/
@@ -1201,9 +1242,55 @@
 	WERROR spoolss_RouterRefreshPrinterChangeNotification(
 	);
 
+	typedef struct {
+		uint32 size;
+		[size_is(size/2),unique,charset(UTF16)] uint16 *string;
+	} spoolss_NotifyUTF16String;
+
+	typedef struct {
+		uint32 size;
+		[size_is(size),charset(DOS)] uint8 *string;
+	} spoolss_NotifyDOSString;
+
+	typedef struct {
+		uint16 data[8];
+	} spoolss_NotifyBlobData;
+
+	typedef struct {
+		uint32 len;
+		[unique] spoolss_NotifyBlobData *data;
+	} spoolss_NotifyBlob;
+
+	typedef [switch_type(uint32)] union {
+		[case(1)] dlong integer;
+		[case(2)] spoolss_NotifyUTF16String utf16_string;
+		[case(3)] spoolss_NotifyDOSString ascii_string;
+		[case(4)] spoolss_NotifyBlob blob;
+		[case(5)] spoolss_NotifyDOSString ascii_string;
+	} spoolss_NotifyData;
+
+	typedef struct {
+		spoolss_NotifyType type;
+		spoolss_Field field;
+		uint32 variable_type;
+		uint32 job_id;
+		[switch_is(variable_type)] spoolss_NotifyData data;
+	} spoolss_Notify;
+
+	typedef struct {
+		uint32 version;
+		uint32 flags;
+		uint32 count;
+		[size_is(count)] spoolss_Notify notifies[];
+	} spoolss_NotifyInfo;
+
 	/******************/
 	/* Function: 0x43 */
-	WERROR spoolss_RemoteFindNextPrinterChangeNotifyEx(
+	[public] WERROR spoolss_RemoteFindNextPrinterChangeNotifyEx(
+		[in,ref] policy_handle *handle,
+		[in] uint32 change_low,
+		[in,unique] spoolss_NotifyOptionsContainer *container,
+		[out, unique] spoolss_NotifyInfo *info
 	);
 
 	/******************/
@@ -1225,11 +1312,72 @@
 		[case(1)]  spoolss_UserLevel1 *level1;
 	} spoolss_UserLevel;
 
+	typedef bitmap {
+		SERVER_ACCESS_ADMINISTER	= 0x00000001,
+		SERVER_ACCESS_ENUMERATE		= 0x00000002,
+		PRINTER_ACCESS_ADMINISTER	= 0x00000004,
+		PRINTER_ACCESS_USE		= 0x00000008,
+		JOB_ACCESS_ADMINISTER		= 0x00000010
+	} spoolss_AccessRights;
+
+	/* Access rights for print servers */
+	const int SERVER_ALL_ACCESS	= SEC_STD_REQUIRED |
+					  SERVER_ACCESS_ADMINISTER |
+					  SERVER_ACCESS_ENUMERATE;
+
+	const int SERVER_READ		= SEC_STD_READ_CONTROL |
+					  SERVER_ACCESS_ENUMERATE;
+
+	const int SERVER_WRITE		= STANDARD_RIGHTS_WRITE_ACCESS |
+					  SERVER_ACCESS_ADMINISTER |
+					  SERVER_ACCESS_ENUMERATE;
+
+	const int SERVER_EXECUTE	= SEC_STD_READ_CONTROL |
+					  SERVER_ACCESS_ENUMERATE;
+
+	/* Access rights for printers */
+	const int PRINTER_ALL_ACCESS	= SEC_STD_REQUIRED |
+					  PRINTER_ACCESS_ADMINISTER |
+					  PRINTER_ACCESS_USE;
+
+	const int PRINTER_READ		= SEC_STD_READ_CONTROL |
+					  PRINTER_ACCESS_USE;
+
+	const int PRINTER_WRITE		= STANDARD_RIGHTS_WRITE_ACCESS |
+					  PRINTER_ACCESS_USE;
+
+	const int PRINTER_EXECUTE	= SEC_STD_READ_CONTROL |
+					  PRINTER_ACCESS_USE;
+
+	/* Access rights for jobs */
+	const int JOB_ALL_ACCESS	= SEC_STD_REQUIRED |
+					  JOB_ACCESS_ADMINISTER;
+
+	const int JOB_READ		= SEC_STD_READ_CONTROL |
+					  JOB_ACCESS_ADMINISTER;
+
+	const int JOB_WRITE		= STANDARD_RIGHTS_WRITE_ACCESS |
+					  JOB_ACCESS_ADMINISTER;
+
+	const int JOB_EXECUTE		= SEC_STD_READ_CONTROL |
+					  JOB_ACCESS_ADMINISTER;
+
+	/* ACE masks for various print permissions */
+	const int PRINTER_ACE_FULL_CONTROL = SEC_GENERIC_ALL |
+						PRINTER_ALL_ACCESS;
+
+	const int PRINTER_ACE_MANAGE_DOCUMENTS = SEC_GENERIC_ALL |
+						READ_CONTROL_ACCESS;
+
+	const int PRINTER_ACE_PRINT	= GENERIC_EXECUTE_ACCESS |
+					  READ_CONTROL_ACCESS |
+					  PRINTER_ACCESS_USE;
+
 	/******************/
 	/* Function: 0x45 */
-	WERROR spoolss_OpenPrinterEx(
-		[in]                  [string,charset(UTF16)] uint16 *printername,
-		[in]                  [string,charset(UTF16)] uint16 *datatype,
+	[public] WERROR spoolss_OpenPrinterEx(
+		[in,unique]           [string,charset(UTF16)] uint16 *printername,
+		[in,unique]           [string,charset(UTF16)] uint16 *datatype,
 		[in]	              spoolss_DevmodeContainer devmode_ctr,
 		[in]	              uint32 access_mask,
 		[in]	              uint32 level,
@@ -1240,11 +1388,11 @@
 	/******************/
 	/* Function: 0x46 */
 	WERROR spoolss_AddPrinterEx(
-		[in] [string,charset(UTF16)] uint16 *server,
+		[in,unique] [string,charset(UTF16)] uint16 *server,
 		[in] uint32 level,
-		[in,switch_is(level)] spoolss_PrinterInfo *info,
+		[in,unique,switch_is(level)] spoolss_PrinterInfo *info,
 		[in] spoolss_DevmodeContainer devmode_ctr,
-		[in] security_descriptor *secdesc,
+		[in,unique] security_descriptor *secdesc,
 		[in] uint32 ulevel,
 		[in,switch_is(ulevel)] spoolss_UserLevel userlevel
 	);
@@ -1259,12 +1407,13 @@
 	WERROR spoolss_EnumPrinterData(
 		[in,ref] policy_handle *handle,
 		[in]	 uint32 enum_index,
+		[out,ref,size_is(value_offered/2),charset(UTF16)] uint16 *value_name,
 		[in]     uint32 value_offered,
-		[out]	 lstring *value_name,
-		[out]	 uint32 *value_needed,
-		[out]    uint32 *printerdata_type,
-		[out]    DATA_BLOB *buffer,
-		[in,out,ref] uint32 *data_size
+		[out,ref] uint32 *value_needed,
+		[out,ref] uint32 *printerdata_type,
+		[out,ref] DATA_BLOB *buffer,
+		[in]	 uint32 data_offered,
+		[out,ref] uint32 *data_needed
 	);
 
 	/******************/
@@ -1307,25 +1456,30 @@
 		[in] 	 [string,charset(UTF16)] uint16 key_name[],
 		[in] 	 [string,charset(UTF16)] uint16 value_name[],
 		[in] 	 uint32 offered,
-		[out] 	 uint32 *type,
-		[out] 	 DATA_BLOB *buffer,
-		[out] 	 uint32 *needed
+		[out] 	 uint32 type,
+		[out] 	 DATA_BLOB buffer,
+		[out] 	 uint32 needed
 	);
 
 	/******************/
 	/* Function: 0x4f */
-	WERROR spoolss_EnumPrinterDataEx(
+	[public] WERROR spoolss_EnumPrinterDataEx(
 		[in,ref] policy_handle *handle,
 		[in] 	 [string,charset(UTF16)] uint16 key_name[],
 		[in] 	 uint32 offered,
-		[out] 	 DATA_BLOB *buffer,
-		[out] 	 uint32 *needed,
-		[out] 	 uint32 *count
+		[out] 	 DATA_BLOB buffer,
+		[out] 	 uint32 needed,
+		[out] 	 uint32 count
 	);
 
 	/******************/
 	/* Function: 0x50 */
-	WERROR spoolss_EnumPrinterKey(
+	[public] WERROR spoolss_EnumPrinterKey(
+		[in, ref] policy_handle *handle,
+		[in] [string,charset(UTF16)] uint16 key_name[],
+		[out] uint32 key_buffer_size,
+		[out] uint16 key_buffer[key_buffer_size],
+		[in,out] uint32 needed
 	);
 
 	/******************/
@@ -1375,14 +1529,14 @@
 		[in,value(r->in.in_data.length)] uint32 _in_data_length,
 		[in] uint32 offered,
 		[in] uint32 unknown1,
-		[out] DATA_BLOB *out_data,
-		[out] uint32 *needed,
-		[out] uint32 *unknown2
+		[out] DATA_BLOB out_data,
+		[out] uint32 needed,
+		[out] uint32 unknown2
 	);
 
 	/******************/
 	/* Function: 0x59 */
-	WERROR spoolss_AddPrinterDriverEx(
+	[public] WERROR spoolss_AddPrinterDriverEx(
 	);
 
 	/******************/
diff --git a/source3/librpc/idl/srvsvc.idl b/source3/librpc/idl/srvsvc.idl
index c66486b29c..2f23fd1e70 100644
--- a/source3/librpc/idl/srvsvc.idl
+++ b/source3/librpc/idl/srvsvc.idl
@@ -10,7 +10,6 @@ import "security.idl", "svcctl.idl";
   version(3.0),
   endpoint("ncacn_np:[\\pipe\\srvsvc]", "ncacn_ip_tcp:", "ncalrpc:"),
   pointer_default(unique),
-  pointer_default_top(unique),
   helpstring("Server Service")
 ] interface srvsvc
 {
@@ -56,7 +55,7 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x00 */
 	WERROR srvsvc_NetCharDevEnum(
-		[in]   [string,charset(UTF16)] uint16 *server_unc, 
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in,out,ref]   uint32 *level,
 		[in,out,ref,switch_is(*level)]   srvsvc_NetCharDevCtr *ctr,
 		[in]   uint32 max_buffer,
@@ -67,7 +66,7 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x01 */
 	WERROR srvsvc_NetCharDevGetInfo(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique] [string,charset(UTF16)] uint16 *server_unc,
 		[in]   [string,charset(UTF16)] uint16 device_name[],
 		[in]   uint32 level,
 		[out,ref,switch_is(level)]   srvsvc_NetCharDevInfo *info
@@ -76,7 +75,7 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x02 */
 	WERROR srvsvc_NetCharDevControl(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique] [string,charset(UTF16)] uint16 *server_unc,
 		[in]   [string,charset(UTF16)] uint16 device_name[],
 		[in]   uint32 opcode
 		);
@@ -121,19 +120,19 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x03 */
 	WERROR srvsvc_NetCharDevQEnum(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
-		[in]   [string,charset(UTF16)] uint16 *user,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *user,
 		[in,out,ref]   uint32 *level,
 		[in,out,switch_is(*level),ref]   srvsvc_NetCharDevQCtr *ctr,
 		[in]   uint32 max_buffer,
 		[out,ref]   uint32 *totalentries,
-		[in,out]   uint32 *resume_handle
+		[in,out,unique]   uint32 *resume_handle
 		);
 
 	/******************/
 	/* Function: 0x04 */
 	WERROR srvsvc_NetCharDevQGetInfo(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique] [string,charset(UTF16)] uint16 *server_unc,
 		[in]   [string,charset(UTF16)] uint16 queue_name[],
 		[in]   [string,charset(UTF16)] uint16 user[],
 		[in]   uint32 level,
@@ -143,24 +142,24 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x05 */
 	WERROR srvsvc_NetCharDevQSetInfo(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique] [string,charset(UTF16)] uint16 *server_unc,
 		[in]   [string,charset(UTF16)] uint16 queue_name[],
 		[in]   uint32 level,
 		[in,switch_is(level)]   srvsvc_NetCharDevQInfo info,
-		[in,out]   uint32 *parm_error
+		[in,out,unique]   uint32 *parm_error
 		);
 
 	/******************/
 	/* Function: 0x06 */
 	WERROR srvsvc_NetCharDevQPurge(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique] [string,charset(UTF16)] uint16 *server_unc,
 		[in]   [string,charset(UTF16)] uint16 queue_name[]
 		);
 
 	/******************/
 	/* Function: 0x07 */
 	WERROR srvsvc_NetCharDevQPurgeSelf(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique] [string,charset(UTF16)] uint16 *server_unc,
 		[in]   [string,charset(UTF16)] uint16 queue_name[],
 		[in]   [string,charset(UTF16)] uint16 computer_name[]
 		);
@@ -201,8 +200,8 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x08 */
 	WERROR srvsvc_NetConnEnum(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
-		[in]   [string,charset(UTF16)] uint16 *path,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *path,
 		[in,out,ref]   uint32 *level,
 		[in,out,switch_is(*level),ref]   srvsvc_NetConnCtr *ctr,
 		[in]   uint32 max_buffer,
@@ -250,9 +249,9 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x09 */
 	WERROR srvsvc_NetFileEnum(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
-		[in]   [string,charset(UTF16)] uint16 *path,
-		[in]   [string,charset(UTF16)] uint16 *user,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *path,
+		[in,unique]   [string,charset(UTF16)] uint16 *user,
 		[in,out,ref]   uint32 *level,
 		[in,out,switch_is(*level),ref]   srvsvc_NetFileCtr *ctr,
 		[in]   uint32 max_buffer,
@@ -263,7 +262,7 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x0a */
 	WERROR srvsvc_NetFileGetInfo(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in]   uint32 fid,
 		[in]   uint32 level,
 		[out,switch_is(level),ref]   srvsvc_NetFileInfo *info
@@ -272,7 +271,7 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x0b */
 	WERROR srvsvc_NetFileClose(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in]   uint32 fid	
 		);
 
@@ -357,9 +356,9 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x0c */
 	WERROR srvsvc_NetSessEnum(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
-		[in]   [string,charset(UTF16)] uint16 *client,
-		[in]   [string,charset(UTF16)] uint16 *user,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *client,
+		[in,unique]   [string,charset(UTF16)] uint16 *user,
 		[in,out,ref]   uint32 *level,
 		[in,out,switch_is(*level),ref]   srvsvc_NetSessCtr *ctr,
 		[in]   uint32 max_buffer,
@@ -370,9 +369,9 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x0d */
 	WERROR srvsvc_NetSessDel(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
-		[in]   [string,charset(UTF16)] uint16 *client,
-		[in]   [string,charset(UTF16)] uint16 *user
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *client,
+		[in,unique]   [string,charset(UTF16)] uint16 *user
 		);
 
 /**************************/
@@ -546,27 +545,27 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x0e */
 	WERROR srvsvc_NetShareAdd(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in]   uint32 level,
 		[in,switch_is(level)] srvsvc_NetShareInfo info,
-		[in,out]   uint32 *parm_error
+		[in,out,unique]   uint32 *parm_error
 		);
 
 	/******************/
 	/* Function: 0x0f */
 	WERROR srvsvc_NetShareEnumAll (
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in,out,ref]   uint32 *level,
 		[in,out,ref,switch_is(*level)] srvsvc_NetShareCtr *ctr,
 		[in]   uint32 max_buffer,
 		[out,ref]  uint32 *totalentries,
-		[in,out]   uint32 *resume_handle
+		[in,out,unique]   uint32 *resume_handle
 		);
 
 	/******************/
 	/* Function: 0x10 */
 	WERROR srvsvc_NetShareGetInfo(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in]   [string,charset(UTF16)] uint16 share_name[],
 		[in]   uint32 level,
 		[out,ref,switch_is(level)] srvsvc_NetShareInfo *info
@@ -575,17 +574,17 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x11 */
 	WERROR srvsvc_NetShareSetInfo(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in]   [string,charset(UTF16)] uint16 share_name[],
 		[in]   uint32 level,
 		[in,switch_is(level)] srvsvc_NetShareInfo info,
-		[in,out]   uint32 *parm_error
+		[in,out,unique]   uint32 *parm_error
 		);
 
 	/******************/
 	/* Function: 0x12 */
 	WERROR srvsvc_NetShareDel(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in]   [string,charset(UTF16)] uint16 share_name[],
 		[in]   uint32 reserved
 		);
@@ -593,7 +592,7 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x13 */
 	WERROR srvsvc_NetShareDelSticky(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in]   [string,charset(UTF16)] uint16 share_name[],
 		[in]   uint32 reserved
 		);
@@ -601,7 +600,7 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x14 */
 	WERROR srvsvc_NetShareCheck(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in]   [string,charset(UTF16)] uint16 device_name[],
 		[out,ref]  srvsvc_ShareType *type
 		);
@@ -1111,7 +1110,7 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x15 */
 	WERROR srvsvc_NetSrvGetInfo(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in]   uint32 level,
 		[out,ref,switch_is(level)] srvsvc_NetSrvInfo *info
 		);
@@ -1119,10 +1118,10 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x16 */
 	WERROR srvsvc_NetSrvSetInfo(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in]   uint32 level,
 		[in,switch_is(level)] srvsvc_NetSrvInfo info,
-		[in,out]   uint32 *parm_error
+		[in,out,unique]   uint32 *parm_error
 		);
 
 /**************************/
@@ -1140,12 +1139,12 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x17 */
 	WERROR srvsvc_NetDiskEnum(
-		[in]      [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]      [string,charset(UTF16)] uint16 *server_unc,
 		[in]      uint32 level,
 		[in,out,ref]  srvsvc_NetDiskInfo *info,
 		[in]      uint32 maxlen,
 		[out,ref]     uint32 *totalentries,
-		[in,out]  uint32 *resume_handle
+		[in,out,unique]  uint32 *resume_handle
 		);
 
 /**************************/
@@ -1174,8 +1173,8 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x18 */
 	WERROR srvsvc_NetServerStatisticsGet(
-		[in]      [string,charset(UTF16)] uint16 *server_unc,
-		[in]      [string,charset(UTF16)] uint16 *service,
+		[in,unique]      [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]      [string,charset(UTF16)] uint16 *service,
 		[in]      uint32 level,
 		[in]      uint32 options,
 		[out,ref]     srvsvc_Statistics *stats
@@ -1195,7 +1194,7 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x19 */
 	WERROR srvsvc_NetTransportAdd(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in] uint32 level,
 		[in,switch_is(level)]   srvsvc_NetTransportInfo info
 		);
@@ -1262,7 +1261,7 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x1a */
 	WERROR srvsvc_NetTransportEnum(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in,out,ref] uint32 *level,
 		[in,out,ref,switch_is(*level)]   srvsvc_NetTransportCtr *transports,
 		[in]   uint32 max_buffer,
@@ -1273,7 +1272,7 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x1b */
 	WERROR srvsvc_NetTransportDel(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in]	uint32 unknown,
 		[in] 	srvsvc_NetTransportInfo0 transport
 		);
@@ -1299,8 +1298,8 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x1c */
 	WERROR srvsvc_NetRemoteTOD(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
-		[out]   srvsvc_NetRemoteTODInfo *info
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
+		[out,unique]   srvsvc_NetRemoteTODInfo *info
 		);
 
 /**************************/
@@ -1309,8 +1308,8 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x1d */
 	WERROR srvsvc_NetSetServiceBits(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
-		[in]   [string,charset(UTF16)] uint16 *transport,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *transport,
 		[in]   uint32 servicebits,
 		[in]   uint32 updateimmediately
 		);
@@ -1321,7 +1320,7 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x1e */
 	WERROR srvsvc_NetPathType(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in]   [string,charset(UTF16)] uint16 path[],
 		[in]   uint32 pathflags,
 		[out,ref]   uint32 *pathtype
@@ -1330,7 +1329,7 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x1f */
 	WERROR srvsvc_NetPathCanonicalize(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in]   [string,charset(UTF16)] uint16 path[],
 		[out]  [size_is(maxbuf)] uint8 can_path[],
 		[in]   uint32 maxbuf,
@@ -1342,7 +1341,7 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x20 */
 	WERROR srvsvc_NetPathCompare(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in]   [string,charset(UTF16)] uint16 path1[],
 		[in]   [string,charset(UTF16)] uint16 path2[],
 		[in]    uint32 pathtype,
@@ -1355,7 +1354,7 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x21 */
 	WERROR srvsvc_NetNameValidate(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in]   [string,charset(UTF16)] uint16 name[],
 		[in]    uint32 name_type,
 		[in]    uint32 flags
@@ -1369,7 +1368,7 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x23 */
 	WERROR srvsvc_NetPRNameCompare(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in]   [string,charset(UTF16)] uint16 name1[],
 		[in]   [string,charset(UTF16)] uint16 name2[],
 		[in]    uint32 name_type,
@@ -1384,7 +1383,7 @@ import "security.idl", "svcctl.idl";
 	/* Note, there must be some way to return entries read vs 
 	   total entries ... */
 	WERROR srvsvc_NetShareEnum(
-		[in]       [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]       [string,charset(UTF16)] uint16 *server_unc,
 	 	[in,out,ref]   uint32 *level,
 		[in,out,ref,switch_is(*level)]   srvsvc_NetShareCtr *ctr,
 		[in]       uint32 max_buffer,
@@ -1395,33 +1394,33 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x25 */
 	WERROR srvsvc_NetShareDelStart(
-		[in]       [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]       [string,charset(UTF16)] uint16 *server_unc,
 		[in]       [string,charset(UTF16)] uint16 share[],
 		[in]       uint32 reserved,
-		[out] policy_handle *hnd
+		[out,unique] policy_handle *hnd
 		);
 
 	/******************/
 	/* Function: 0x26 */
 	WERROR srvsvc_NetShareDelCommit(
-		[in, out] policy_handle *hnd
+		[in, out,unique] policy_handle *hnd
 		);
 
 	/******************/
 	/* Function: 0x27 */
 	WERROR srvsvc_NetGetFileSecurity(
-		[in]       [string,charset(UTF16)] uint16 *server_unc,
-		[in]       [string,charset(UTF16)] uint16 *share,
+		[in,unique]       [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]       [string,charset(UTF16)] uint16 *share,
 		[in]       [string,charset(UTF16)] uint16 file[],
 		[in]       security_secinfo securityinformation,
-		[out]	   sec_desc_buf *sd_buf
+		[out,unique]	   sec_desc_buf *sd_buf
 		);
 
 	/******************/
 	/* Function: 0x28 */
 	WERROR srvsvc_NetSetFileSecurity(
-		[in]       [string,charset(UTF16)] uint16 *server_unc,
-		[in]       [string,charset(UTF16)] uint16 *share,
+		[in,unique]       [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]       [string,charset(UTF16)] uint16 *share,
 		[in]       [string,charset(UTF16)] uint16 file[],
 		[in]       security_secinfo securityinformation,
 		[in]	   sec_desc_buf sd_buf
@@ -1439,7 +1438,7 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x29 */
 	WERROR srvsvc_NetServerTransportAddEx(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
 		[in] uint32 level,
 		[in,switch_is(level)]   srvsvc_NetTransportInfo info
 		);
@@ -1447,9 +1446,9 @@ import "security.idl", "svcctl.idl";
 	/******************/
 	/* Function: 0x2a */
 	WERROR srvsvc_NetServerSetServiceBitsEx(
-		[in]   [string,charset(UTF16)] uint16 *server_unc,
-		[in]   [string,charset(UTF16)] uint16 *emulated_server_unc,
-		[in]   [string,charset(UTF16)] uint16 *transport,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *emulated_server_unc,
+		[in,unique]   [string,charset(UTF16)] uint16 *transport,
 		[in]   uint32 servicebitsofinterest,
 		[in]   uint32 servicebits,
 		[in]   uint32 updateimmediately
diff --git a/source3/librpc/idl/svcctl.idl b/source3/librpc/idl/svcctl.idl
index 2fbdb71e74..e36a0918bf 100644
--- a/source3/librpc/idl/svcctl.idl
+++ b/source3/librpc/idl/svcctl.idl
@@ -7,7 +7,6 @@
 [ uuid("367abb81-9844-35f1-ad32-98f038001003"),
   version(2.0),
   pointer_default(unique),
-  pointer_default_top(unique),
   endpoint("ncacn_np:[\\pipe\\svcctl]", "ncalrpc:"),
   helpstring("Service Control")
 ] interface svcctl
@@ -116,11 +115,20 @@
 	/*****************/
 	/* Function 0x04 */
 	WERROR svcctl_QueryServiceObjectSecurity(
+		[in] policy_handle *handle,
+		[in] uint32 security_flags,
+		[out,ref,size_is(buffer_size)] uint8 *buffer,
+		[in,range(0,0x40000)] uint32 buffer_size,
+		[out,ref,range(0,0x40000)] uint32 *needed
 	);
 
 	/*****************/
 	/* Function 0x05 */
 	WERROR svcctl_SetServiceObjectSecurity(
+		[in] policy_handle *handle,
+		[in] uint32 security_flags,
+		[in,ref,size_is(buffer_size)] uint8 *buffer,
+		[in] uint32 buffer_size
 	);
 
 	/*****************/
@@ -162,13 +170,13 @@
 		[in] uint32 type,
 		[in] uint32 start,
 		[in] uint32 error,
-		[in] [string,charset(UTF16)] uint16 *binary_path,
-		[in] [string,charset(UTF16)] uint16 *load_order_group,
+		[in,unique] [string,charset(UTF16)] uint16 *binary_path,
+		[in,unique] [string,charset(UTF16)] uint16 *load_order_group,
 		[out,ref] uint32 *tag_id,
-		[in] [string,charset(UTF16)] uint16 *dependencies,
-		[in] [string,charset(UTF16)] uint16 *service_start_name,
-		[in] [string,charset(UTF16)] uint16 *password,
-		[in] [string,charset(UTF16)] uint16 *display_name
+		[in,unique] [string,charset(UTF16)] uint16 *dependencies,
+		[in,unique] [string,charset(UTF16)] uint16 *service_start_name,
+		[in,unique] [string,charset(UTF16)] uint16 *password,
+		[in,unique] [string,charset(UTF16)] uint16 *display_name
 	);
 
 	/*****************/
@@ -176,18 +184,18 @@
 	WERROR svcctl_CreateServiceW(
 		[in,ref] policy_handle *scmanager_handle,
 		[in] [string,charset(UTF16)] uint16 ServiceName[],
-		[in] [string,charset(UTF16)] uint16 *DisplayName,
+		[in,unique] [string,charset(UTF16)] uint16 *DisplayName,
 		[in] uint32 desired_access,
 		[in] uint32 type,
 		[in] uint32 start_type,
 		[in] uint32 error_control,
 		[in] [string,charset(UTF16)] uint16 binary_path[],
-		[in] [string,charset(UTF16)] uint16 *LoadOrderGroupKey,
-  		[in,out] uint32 *TagId,
-		[in,size_is(dependencies_size)] uint8 *dependencies,
+		[in,unique] [string,charset(UTF16)] uint16 *LoadOrderGroupKey,
+		[in,out,unique] uint32 *TagId,
+		[in,unique,size_is(dependencies_size)] uint8 *dependencies,
 		[in] uint32 dependencies_size,
-		[in] [string,charset(UTF16)] uint16 *service_start_name,
-		[in,size_is(password_size)] uint8 *password,
+		[in,unique] [string,charset(UTF16)] uint16 *service_start_name,
+		[in,unique,size_is(password_size)] uint8 *password,
 		[in] uint32 password_size,
 		[out,ref] policy_handle *handle
 	);
@@ -197,7 +205,7 @@
 	WERROR svcctl_EnumDependentServicesW(
 		[in,ref] policy_handle *service,
 		[in] uint32 state,
-		[out] ENUM_SERVICE_STATUS *service_status,
+		[out,unique] ENUM_SERVICE_STATUS *service_status,
 		[in] uint32 buf_size,
 		[out,ref] uint32 *bytes_needed,
 		[out,ref] uint32 *services_returned
@@ -213,14 +221,14 @@
 		[out,size_is(buf_size)] uint8 service[*],
 		[out,ref] uint32 *bytes_needed,
 		[out,ref] uint32 *services_returned,
-		[in,out] uint32 *resume_handle
+		[in,out,unique] uint32 *resume_handle
 	);
 
 	/*****************/
 	/* Function 0x0f */
 	WERROR svcctl_OpenSCManagerW(
-		[in] [string,charset(UTF16)] uint16 *MachineName,
-		[in] [string,charset(UTF16)] uint16 *DatabaseName,
+		[in,unique] [string,charset(UTF16)] uint16 *MachineName,
+		[in,unique] [string,charset(UTF16)] uint16 *DatabaseName,
 		[in] uint32 access_mask,
 		[out,ref] policy_handle *handle
 	);
@@ -257,25 +265,25 @@
 	WERROR svcctl_StartServiceW(
 		[in,ref] policy_handle *handle,
 		[in] uint32 NumArgs,
-		[in/*FIXME:,length_is(NumArgs)*/] [string,charset(UTF16)] uint16 *Arguments
+		[in,unique/*FIXME:,length_is(NumArgs)*/] [string,charset(UTF16)] uint16 *Arguments
 	);
 
 	/*****************/
 	/* Function 0x14 */
 	WERROR svcctl_GetServiceDisplayNameW(
 		[in,ref] policy_handle *handle,
-		[in] [string,charset(UTF16)] uint16 *service_name,
+		[in,unique] [string,charset(UTF16)] uint16 *service_name,
 		[out,ref] [string,charset(UTF16)] uint16 **display_name,
-		[in,out] uint32 *display_name_length
+		[in,out,unique] uint32 *display_name_length
 	); 
 
 	/*****************/
 	/* Function 0x15 */
 	WERROR svcctl_GetServiceKeyNameW(
 		[in,ref] policy_handle *handle,
-		[in] [string,charset(UTF16)] uint16 *service_name,
+		[in,unique] [string,charset(UTF16)] uint16 *service_name,
 		[out,ref] [string,charset(UTF16)] uint16 **key_name,
-		[in,out] uint32 *display_name_length
+		[in,out,unique] uint32 *display_name_length
 	);
 
 	/*****************/
@@ -294,31 +302,31 @@
 		[in] uint32 type,
 		[in] uint32 start,
 		[in] uint32 error,
-		[in] [string,charset(UTF16)] uint16 *binary_path,
-		[in] [string,charset(UTF16)] uint16 *load_order_group,
+		[in,unique] [string,charset(UTF16)] uint16 *binary_path,
+		[in,unique] [string,charset(UTF16)] uint16 *load_order_group,
 		[out,ref] uint32 *tag_id,
-		[in] [string,charset(UTF16)] uint16 *dependencies,
-		[in] [string,charset(UTF16)] uint16 *service_start_name,
-		[in] [string,charset(UTF16)] uint16 *password,
-		[in] [string,charset(UTF16)] uint16 *display_name
+		[in,unique] [string,charset(UTF16)] uint16 *dependencies,
+		[in,unique] [string,charset(UTF16)] uint16 *service_start_name,
+		[in,unique] [string,charset(UTF16)] uint16 *password,
+		[in,unique] [string,charset(UTF16)] uint16 *display_name
 	);
 
 	/*****************/
 	/* Function 0x18 */
 	WERROR svcctl_CreateServiceA(
 		[in,ref] policy_handle *handle,
-		[in] [string,charset(UTF16)] uint16 *ServiceName,
-		[in] [string,charset(UTF16)] uint16 *DisplayName,
+		[in,unique] [string,charset(UTF16)] uint16 *ServiceName,
+		[in,unique] [string,charset(UTF16)] uint16 *DisplayName,
 		[in] uint32 desired_access,
 		[in] uint32 type,
 		[in] uint32 start_type,
 		[in] uint32 error_control,
-		[in] [string,charset(UTF16)] uint16 *binary_path,
-		[in] [string,charset(UTF16)] uint16 *LoadOrderGroupKey,
-  		[out] uint32 *TagId,
-		[in] [string,charset(UTF16)] uint16 *dependencies,
-		[in] [string,charset(UTF16)] uint16 *service_start_name,
-		[in] [string,charset(UTF16)] uint16 *password
+		[in,unique] [string,charset(UTF16)] uint16 *binary_path,
+		[in,unique] [string,charset(UTF16)] uint16 *LoadOrderGroupKey,
+		[out,unique] uint32 *TagId,
+		[in,unique] [string,charset(UTF16)] uint16 *dependencies,
+		[in,unique] [string,charset(UTF16)] uint16 *service_start_name,
+		[in,unique] [string,charset(UTF16)] uint16 *password
 	);
 
 	/*****************/
@@ -326,7 +334,7 @@
 	WERROR svcctl_EnumDependentServicesA(
 		[in,ref] policy_handle *service,
 		[in] uint32 state,
-		[out] ENUM_SERVICE_STATUS *service_status,
+		[out,unique] ENUM_SERVICE_STATUS *service_status,
 		[in] uint32 buf_size,
 		[out,ref] uint32 *bytes_needed,
 		[out,ref] uint32 *services_returned
@@ -342,14 +350,14 @@
 		[out,size_is(buf_size)] uint8 service[*],
 		[out,ref] uint32 *bytes_needed,
 		[out,ref] uint32 *services_returned,
-		[in,out] uint32 *resume_handle
+		[in,out,unique] uint32 *resume_handle
 	);
 	
 	/*****************/
 	/* Function 0x1b */
 	WERROR svcctl_OpenSCManagerA(
-		[in] [string,charset(UTF16)] uint16 *MachineName,
-		[in] [string,charset(UTF16)] uint16 *DatabaseName,
+		[in,unique] [string,charset(UTF16)] uint16 *MachineName,
+		[in,unique] [string,charset(UTF16)] uint16 *DatabaseName,
 		[in] uint32 access_mask,
 		[out,ref] policy_handle *handle
 	);
@@ -358,7 +366,7 @@
 	/* Function 0x1c */
 	WERROR svcctl_OpenServiceA(
 		[in,ref] policy_handle *scmanager_handle,
-		[in] [string,charset(UTF16)] uint16 *ServiceName,
+		[in,unique] [string,charset(UTF16)] uint16 *ServiceName,
 		[in] uint32 access_mask
 	);
 
@@ -385,25 +393,25 @@
 	WERROR svcctl_StartServiceA(
 		[in,ref] policy_handle *handle,
 		[in] uint32 NumArgs,
-		[in/*FIXME:,length_is(NumArgs)*/] [string,charset(UTF16)] uint16 *Arguments
+		[in,unique/*FIXME:,length_is(NumArgs)*/] [string,charset(UTF16)] uint16 *Arguments
 	);
 
 	/*****************/
 	/* Function 0x20 */
 	WERROR svcctl_GetServiceDisplayNameA(
 		[in,ref] policy_handle *handle,
-		[in] [string,charset(UTF16)] uint16 *service_name,
+		[in,unique] [string,charset(UTF16)] uint16 *service_name,
 		[out,ref] [string,charset(UTF16)] uint16 **display_name,
-		[in,out] uint32 *display_name_length
+		[in,out,unique] uint32 *display_name_length
 	); 
 
 	/*****************/
 	/* Function 0x21 */
 	WERROR svcctl_GetServiceKeyNameA(
 		[in,ref] policy_handle *handle,
-		[in] [string,charset(UTF16)] uint16 *service_name,
+		[in,unique] [string,charset(UTF16)] uint16 *service_name,
 		[out,ref] [string,charset(UTF16)] uint16 **key_name,
-		[in,out] uint32 *display_name_length
+		[in,out,unique] uint32 *display_name_length
 	);
 
 	/*****************/
@@ -421,7 +429,7 @@
 	WERROR svcctl_ChangeServiceConfig2A(
 		[in,ref] policy_handle *handle,
 		[in] uint32 info_level,
-		[in] uint8 *info
+		[in,unique] uint8 *info
 	);
 
 	/*****************/
@@ -429,7 +437,7 @@
 	WERROR svcctl_ChangeServiceConfig2W(
 		[in,ref] policy_handle *handle,
 		[in] uint32 info_level,
-		[in] uint8 *info
+		[in,unique] uint8 *info
 	);
 
 	/*****************/
@@ -473,7 +481,7 @@
 		[in] uint32 buf_size,
 		[out,ref] uint32 *bytes_needed,
 		[out,ref] uint32 *service_returned,
-		[in,out] uint32 *resume_handle, 
+		[in,out,unique] uint32 *resume_handle,
 		[out,ref] [string,charset(UTF16)] uint16 **group_name
 	);
 
@@ -488,7 +496,7 @@
 		[in] uint32 buf_size,
 		[out,ref] uint32 *bytes_needed,
 		[out,ref] uint32 *service_returned,
-		[in,out] uint32 *resume_handle, 
+		[in,out,unique] uint32 *resume_handle,
 		[out,ref] [string,charset(UTF16)] uint16 **group_name
 	);
 
diff --git a/source3/librpc/idl/unixinfo.idl b/source3/librpc/idl/unixinfo.idl
deleted file mode 100644
index 48bc565fff..0000000000
--- a/source3/librpc/idl/unixinfo.idl
+++ /dev/null
@@ -1,56 +0,0 @@
-#include "idl_types.h"
-/*
-  Unixinfo interface definition
-*/
-
-import "security.idl";
-
-[ uuid("9c54e310-a955-4885-bd31-78787147dfa6"),
-  version(0.0),
-  endpoint("ncacn_np:[\\pipe\\unixinfo]", "ncacn_ip_tcp:", "ncalrpc:"),
-  pointer_default(unique),
-  helpstring("Unixinfo specific stuff")
-] interface unixinfo
-{
-	/******************/
-	/* Function: 0x00 */
-	NTSTATUS unixinfo_SidToUid (
-	    [in]	dom_sid sid,
-	    [out]	hyper *uid
-	    );
-
-	/******************/
-	/* Function: 0x01 */
-	NTSTATUS unixinfo_UidToSid (
-	    [in]	hyper uid,
-	    [out]	dom_sid *sid
-	    );
-
-	/******************/
-	/* Function: 0x02 */
-	NTSTATUS unixinfo_SidToGid (
-	    [in]	dom_sid sid,
-	    [out]	hyper *gid
-	    );
-
-	/******************/
-	/* Function: 0x03 */
-	NTSTATUS unixinfo_GidToSid (
-	    [in]	hyper gid,
-	    [out]	dom_sid *sid
-	    );
-
-	typedef struct {
-		NTSTATUS status;
-		utf8string homedir;
-		utf8string shell;
-	} unixinfo_GetPWUidInfo;
-
-	/******************/
-	/* Function: 0x04 */
-        NTSTATUS unixinfo_GetPWUid (
-		[in,out,ref,range(0,1023)] uint32 *count,
-		[in,size_is(*count)] hyper uids[],
-		[out,size_is(*count)] unixinfo_GetPWUidInfo infos[*]
-        );
-}
diff --git a/source3/librpc/idl/winreg.idl b/source3/librpc/idl/winreg.idl
index 9f316ab39b..f7a61ecbea 100644
--- a/source3/librpc/idl/winreg.idl
+++ b/source3/librpc/idl/winreg.idl
@@ -9,7 +9,6 @@ import "lsa.idl", "initshutdown.idl", "security.idl";
   version(1.0),
   endpoint("ncacn_np:[\\pipe\\winreg]","ncacn_ip_tcp:","ncalrpc:"),
   pointer_default(unique),
-  pointer_default_top(unique),
   helpstring("Remote Registry Service")
 ] interface winreg
 {
@@ -50,7 +49,7 @@ import "lsa.idl", "initshutdown.idl", "security.idl";
 	/******************/
 	/* Function: 0x00 */
 	WERROR winreg_OpenHKCR(
-		[in]      uint16 *system_name,
+		[in,unique] uint16 *system_name,
 		[in]      winreg_AccessMask access_mask,
 		[out,ref] policy_handle *handle
 	);
@@ -58,7 +57,7 @@ import "lsa.idl", "initshutdown.idl", "security.idl";
 	/******************/
 	/* Function: 0x01 */
 	WERROR winreg_OpenHKCU(
-	        [in]      uint16 *system_name,
+	        [in,unique] uint16 *system_name,
 		[in]      winreg_AccessMask access_mask,
 		[out,ref] policy_handle *handle
 	);
@@ -66,7 +65,7 @@ import "lsa.idl", "initshutdown.idl", "security.idl";
 	/******************/
 	/* Function: 0x02 */
 	WERROR winreg_OpenHKLM(
-		[in]      uint16 *system_name,
+		[in,unique] uint16 *system_name,
 		[in]      winreg_AccessMask access_mask,
 		[out,ref] policy_handle *handle
 	);
@@ -74,7 +73,7 @@ import "lsa.idl", "initshutdown.idl", "security.idl";
 	/******************/
 	/* Function: 0x03 */
 	WERROR winreg_OpenHKPD(
-		[in]      uint16 *system_name,
+		[in,unique] uint16 *system_name,
 		[in]      winreg_AccessMask access_mask,
 		[out,ref] policy_handle *handle
 	);
@@ -82,7 +81,7 @@ import "lsa.idl", "initshutdown.idl", "security.idl";
 	/******************/
 	/* Function: 0x04 */
 	WERROR winreg_OpenHKU(
-		[in]      uint16 *system_name,
+		[in,unique] uint16 *system_name,
 		[in]      winreg_AccessMask access_mask,
 		[out,ref] policy_handle *handle
 	);
@@ -198,8 +197,8 @@ import "lsa.idl", "initshutdown.idl", "security.idl";
 	/* Function: 0x0d */
 	WERROR winreg_LoadKey(
 		[in,ref] policy_handle *handle,
-		[in] winreg_String *keyname,
-		[in] winreg_String *filename
+		[in,unique] winreg_String *keyname,
+		[in,unique] winreg_String *filename
 	);
 
 	/******************/
@@ -244,10 +243,10 @@ import "lsa.idl", "initshutdown.idl", "security.idl";
 	WERROR winreg_QueryValue(
 		[in,ref] policy_handle *handle,
 		[in] winreg_String value_name,
-		[in,out] winreg_Type *type,
-		[in,out,size_is(*data_size),length_is(*value_length)] uint8 *data,
-		[in,out] uint32 *data_size,
-		[in,out] uint32 *value_length
+		[in,out,unique] winreg_Type *type,
+		[in,out,unique,size_is(*data_size),length_is(*value_length)] uint8 *data,
+		[in,out,unique] uint32 *data_size,
+		[in,out,unique] uint32 *value_length
 	);
 
 	/******************/
@@ -304,8 +303,8 @@ import "lsa.idl", "initshutdown.idl", "security.idl";
 	/******************/
 	/* Function: 0x18 */
 	WERROR winreg_InitiateSystemShutdown(
-		[in]	uint16 *hostname,
-		[in]	initshutdown_String *message,
+		[in,unique] uint16 *hostname,
+		[in,unique] initshutdown_String *message,
 		[in]	uint32 timeout,
 		[in]	uint8 force_apps,
 		[in]	uint8 reboot
@@ -314,7 +313,7 @@ import "lsa.idl", "initshutdown.idl", "security.idl";
 	/******************/
 	/* Function: 0x19 */
 	WERROR winreg_AbortSystemShutdown(
-		[in]	uint16 *server
+		[in,unique] uint16 *server
 	);
 
 	/******************/
@@ -327,7 +326,7 @@ import "lsa.idl", "initshutdown.idl", "security.idl";
 	/******************/
 	/* Function: 0x1b */
 	WERROR winreg_OpenHKCC(
-		[in]      uint16 *system_name,
+		[in,unique] uint16 *system_name,
 		[in]      winreg_AccessMask access_mask,
 		[out,ref] policy_handle *handle
 	);
@@ -335,7 +334,7 @@ import "lsa.idl", "initshutdown.idl", "security.idl";
 	/******************/
 	/* Function: 0x1c */
 	WERROR winreg_OpenHKDD(
-		[in]      uint16 *system_name,
+		[in,unique] uint16 *system_name,
 		[in]      winreg_AccessMask access_mask,
 		[out,ref] policy_handle *handle
 	);
@@ -353,15 +352,15 @@ import "lsa.idl", "initshutdown.idl", "security.idl";
 		[in,ref] policy_handle *key_handle, 
 		[in,out,ref,size_is(num_values),length_is(num_values)] QueryMultipleValue *values,
 		[in] uint32 num_values,
-		[in,out,size_is(*buffer_size),length_is(*buffer_size)] uint8 *buffer,
+		[in,out,unique,size_is(*buffer_size),length_is(*buffer_size)] uint8 *buffer,
 		[in,out,ref] uint32 *buffer_size
 	);
 
 	/******************/
 	/* Function: 0x1e */
 	WERROR winreg_InitiateSystemShutdownEx(
-		[in] uint16 *hostname,
-		[in] initshutdown_String *message,
+		[in,unique] uint16 *hostname,
+		[in,unique] initshutdown_String *message,
 		[in] uint32 timeout,
 		[in] uint8 force_apps,
 		[in] uint8 reboot,
@@ -376,7 +375,7 @@ import "lsa.idl", "initshutdown.idl", "security.idl";
 	/******************/
 	/* Function: 0x20 */
 	WERROR winreg_OpenHKPT(
-		[in]      uint16 *system_name,
+		[in,unique] uint16 *system_name,
 		[in]      winreg_AccessMask access_mask,
 		[out,ref] policy_handle *handle
 	);
@@ -384,7 +383,7 @@ import "lsa.idl", "initshutdown.idl", "security.idl";
 	/******************/
 	/* Function: 0x21 */
 	WERROR winreg_OpenHKPN(
-		[in]      uint16 *system_name,
+		[in,unique] uint16 *system_name,
 		[in]      winreg_AccessMask access_mask,
 		[out,ref] policy_handle *handle
 	);
diff --git a/source3/librpc/idl/wkssvc.idl b/source3/librpc/idl/wkssvc.idl
index 9829379eef..023ce59ad9 100644
--- a/source3/librpc/idl/wkssvc.idl
+++ b/source3/librpc/idl/wkssvc.idl
@@ -9,7 +9,6 @@ import "srvsvc.idl", "lsa.idl";
 [ uuid("6bffd098-a112-3610-9833-46c3f87e345a"),
   version(1.0),
   pointer_default(unique),
-  pointer_default_top(unique),
   helpstring("Workstation Service"),
   endpoint("ncacn_np:[\\pipe\\wkssvc]","ncacn_ip_tcp:","ncalrpc:")
 ] interface wkssvc
@@ -259,7 +258,7 @@ import "srvsvc.idl", "lsa.idl";
 	} wkssvc_NetWkstaInfo;
 
 	WERROR wkssvc_NetWkstaGetInfo(
-		[in]   [string,charset(UTF16)] uint16 *server_name,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_name,
 		[in]   uint32 level,
 		[out,switch_is(level),ref]  wkssvc_NetWkstaInfo *info
 		);
@@ -268,7 +267,7 @@ import "srvsvc.idl", "lsa.idl";
 	/******************/
 	/* Function: 0x01 */
 	WERROR wkssvc_NetWkstaSetInfo(
-		[in]   [string,charset(UTF16)] uint16 *server_name,
+		[in,unique]   [string,charset(UTF16)] uint16 *server_name,
 		[in]   uint32 level,
 		[in,switch_is(level),ref]  wkssvc_NetWkstaInfo *info,
 		[in,out,ref]   uint32 *parm_error
@@ -309,11 +308,11 @@ import "srvsvc.idl", "lsa.idl";
 	} wkssvc_NetWkstaEnumUsersInfo;
 
 	WERROR wkssvc_NetWkstaEnumUsers(
-		[in] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
 		[in,out,ref] wkssvc_NetWkstaEnumUsersInfo *info,
 		[in] uint32 prefmaxlen,
 		[out,ref] uint32 *entries_read,
-		[in,out] uint32 *resume_handle
+		[in,out,unique] uint32 *resume_handle
 		);
 
 	/*****************************/
@@ -329,7 +328,7 @@ import "srvsvc.idl", "lsa.idl";
 	} wkssvc_NetrWkstaUserInfo;
 
 	WERROR wkssvc_NetrWkstaUserGetInfo(
-		[in] [string,charset(UTF16)] uint16 *unknown,
+		[in,unique] [string,charset(UTF16)] uint16 *unknown,
 		[in] uint32 level,
 		[out,ref] [switch_is(level)] wkssvc_NetrWkstaUserInfo *info
 		);
@@ -337,10 +336,10 @@ import "srvsvc.idl", "lsa.idl";
 	/*****************************/
 	/* Function        0x04      */
 	WERROR wkssvc_NetrWkstaUserSetInfo(
-		[in] [string,charset(UTF16)] uint16 *unknown,
+		[in,unique] [string,charset(UTF16)] uint16 *unknown,
 		[in] uint32 level,
 		[in,ref] [switch_is(level)] wkssvc_NetrWkstaUserInfo *info,
-		[in,out] uint32 *parm_err
+		[in,out,unique] uint32 *parm_err
 		);
 
 	/*****************************/
@@ -369,29 +368,29 @@ import "srvsvc.idl", "lsa.idl";
 	} wkssvc_NetWkstaTransportInfo;
 
 	WERROR wkssvc_NetWkstaTransportEnum (
-		[in]         [string,charset(UTF16)] uint16 *server_name,
+		[in,unique]         [string,charset(UTF16)] uint16 *server_name,
 		[in,out,ref] wkssvc_NetWkstaTransportInfo *info,
 		[in]         uint32 max_buffer,
 		[out,ref]    uint32 *total_entries,
-		[in,out]     uint32 *resume_handle
+		[in,out,unique]     uint32 *resume_handle
 		);
 
 	/*****************************/
 	/* Function        0x06      */
 	/* only supported on NT */
 	WERROR wkssvc_NetrWkstaTransportAdd(
-		[in] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
 		[in] uint32 level, /* must be 0 */
 		[in,ref] wkssvc_NetWkstaTransportInfo0 *info0,
-		[in,out] uint32 *parm_err
+		[in,out,unique] uint32 *parm_err
                 );
 
 	/*****************************/
 	/* Function        0x07      */
 	/* only supported on NT */
 	WERROR wkssvc_NetrWkstaTransportDel(
-		[in] [string,charset(UTF16)] uint16 *server_name,
-		[in] [string,charset(UTF16)] uint16 *transport_name,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *transport_name,
 		[in] uint32 unknown3
 		);
 
@@ -437,16 +436,16 @@ import "srvsvc.idl", "lsa.idl";
 	} wkssvc_NetrUseGetInfoCtr;
 
 	WERROR wkssvc_NetrUseAdd(
-		[in] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
 		[in] uint32 level,
 		[in,ref] [switch_is(level)] wkssvc_NetrUseGetInfoCtr *ctr,
-		[in,out] uint32 *parm_err
+		[in,out,unique] uint32 *parm_err
 		);
 
 	/*****************************/
 	/* Function        0x09      */
 	WERROR wkssvc_NetrUseGetInfo(
-		[in] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
 		[in,ref] [string,charset(UTF16)] uint16 *use_name,
 		[in] uint32 level,
 		[out,ref] [switch_is(level)] wkssvc_NetrUseGetInfoCtr *ctr
@@ -455,7 +454,7 @@ import "srvsvc.idl", "lsa.idl";
 	/*****************************/
 	/* Function        0x0a      */
 	WERROR wkssvc_NetrUseDel(
-		[in] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
 		[in,ref] [string,charset(UTF16)] uint16 *use_name,
 		[in] uint32 force_cond
 		);
@@ -489,19 +488,19 @@ import "srvsvc.idl", "lsa.idl";
 	} wkssvc_NetrUseEnumInfo;
 
 	WERROR wkssvc_NetrUseEnum(
-		[in] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
 		[in,out,ref] wkssvc_NetrUseEnumInfo *info,
 		[in] uint32 prefmaxlen,
 		[out,ref] uint32 *entries_read,
-		[in,out] uint32 *resume_handle
+		[in,out,unique] uint32 *resume_handle
 		);
 
 	/*****************************/
 	/* Function        0x0c      */
 	WERROR wkssvc_NetrMessageBufferSend(
-		[in] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
 		[in,ref] [string,charset(UTF16)] uint16 *message_name,
-		[in] [string,charset(UTF16)] uint16 *message_sender_name,
+		[in,unique] [string,charset(UTF16)] uint16 *message_sender_name,
 		[in,ref] [size_is(message_size)] uint8 *message_buffer,
 		[in] uint32 message_size
 		);
@@ -552,8 +551,8 @@ import "srvsvc.idl", "lsa.idl";
 	} wkssvc_NetrWorkstationStatistics;
 
 	WERROR wkssvc_NetrWorkstationStatisticsGet(
-		[in] [string,charset(UTF16)] uint16 *server_name,
-		[in] [string,charset(UTF16)] uint16 *unknown2,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *unknown2,
 		[in] uint32 unknown3,
 		[in] uint32 unknown4,
 		[out,ref] wkssvc_NetrWorkstationStatistics **info
@@ -574,20 +573,20 @@ import "srvsvc.idl", "lsa.idl";
 	/*****************************/
 	/* Function        0x10      */
 	WERROR wkssvc_NetrJoinDomain(
-		[in] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
 		[in,ref] [string,charset(UTF16)] uint16 *domain_name,
-		[in] [string,charset(UTF16)] uint16 *account_ou,
-		[in] [string,charset(UTF16)] uint16 *Account,
-		[in] [string,charset(UTF16)] uint16 *password,
+		[in,unique] [string,charset(UTF16)] uint16 *account_ou,
+		[in,unique] [string,charset(UTF16)] uint16 *Account,
+		[in,unique] [string,charset(UTF16)] uint16 *password,
 		[in] wkssvc_joinflags join_flags
 		);
 
 	/*****************************/
 	/* Function        0x11      */
 	WERROR wkssvc_NetrUnjoinDomain(
-		[in] [string,charset(UTF16)] uint16 *server_name,
-		[in] [string,charset(UTF16)] uint16 *Account,
-		[in] [string,charset(UTF16)] uint16 *password,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *Account,
+		[in,unique] [string,charset(UTF16)] uint16 *password,
 		[in] wkssvc_joinflags unjoin_flags
 		);
 
@@ -599,10 +598,10 @@ import "srvsvc.idl", "lsa.idl";
 	} wkssvc_renameflags;
 
 	WERROR wkssvc_NetrRenameMachineInDomain(
-		[in] [string,charset(UTF16)] uint16 *server_name,
-		[in] [string,charset(UTF16)] uint16 *NewMachineName,
-		[in] [string,charset(UTF16)] uint16 *Account,
-		[in] [string,charset(UTF16)] uint16 *password,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *NewMachineName,
+		[in,unique] [string,charset(UTF16)] uint16 *Account,
+		[in,unique] [string,charset(UTF16)] uint16 *password,
 		[in] wkssvc_renameflags RenameOptions
 		);
 
@@ -618,10 +617,10 @@ import "srvsvc.idl", "lsa.idl";
 	} wkssvc_NetValidateNameType;
 
 	WERROR wkssvc_NetrValidateName(
-		[in] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
 		[in,ref] [string,charset(UTF16)] uint16 *name,
-		[in] [string,charset(UTF16)] uint16 *Account,
-		[in] [string,charset(UTF16)] uint16 *Password,
+		[in,unique] [string,charset(UTF16)] uint16 *Account,
+		[in,unique] [string,charset(UTF16)] uint16 *Password,
 		[in] wkssvc_NetValidateNameType name_type
 		);
 
@@ -635,7 +634,7 @@ import "srvsvc.idl", "lsa.idl";
 	} wkssvc_NetJoinStatus;
 
 	WERROR wkssvc_NetrGetJoinInformation(
-		[in] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
 		[in,out,ref] [string,charset(UTF16)] uint16 **name_buffer,
 		[out,ref] wkssvc_NetJoinStatus *name_type
 		);
@@ -643,12 +642,16 @@ import "srvsvc.idl", "lsa.idl";
 	/*****************************/
 	/* Function        0x15      */
 	WERROR wkssvc_NetrGetJoinableOus(
-		[in] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
 		[in,ref] [string,charset(UTF16)] uint16 *domain_name,
-		[in] [string,charset(UTF16)] uint16 *Account,
-		[in] [string,charset(UTF16)] uint16 *unknown,
+		[in,unique] [string,charset(UTF16)] uint16 *Account,
+		[in,unique] [string,charset(UTF16)] uint16 *unknown,
 		[in,out,ref] uint32 *num_ous,
-		[out,ref] [size_is(*num_ous)] [string,charset(UTF16)] uint16 ***ous
+		/*
+		 * this is a [ref] pointer to a [unique] pointer to an
+		 * array of [unique] pointers to a string array
+		 */
+		[out,ref] [size_is(,*num_ous)] [string,charset(UTF16)] uint16 ***ous
 		);
 
 	typedef [flag(NDR_PAHEX)] struct {
@@ -687,81 +690,85 @@ import "srvsvc.idl", "lsa.idl";
 	/*****************************/
 	/* Function        0x16      */
 	WERROR wkssvc_NetrJoinDomain2 (
-		[in]         [string,charset(UTF16)] uint16 *server_name,
+		[in,unique]  [string,charset(UTF16)] uint16 *server_name,
 		[in,ref]     [string,charset(UTF16)] uint16 *domain_name,
-		[in]         [string,charset(UTF16)] uint16 *account_ou,
-		[in]         [string,charset(UTF16)] uint16 *admin_account,
-		[in]         wkssvc_PasswordBuffer *encrypted_password,
+		[in,unique]  [string,charset(UTF16)] uint16 *account_ou,
+		[in,unique]  [string,charset(UTF16)] uint16 *admin_account,
+		[in,unique]  wkssvc_PasswordBuffer *encrypted_password,
 		[in]         wkssvc_joinflags join_flags
 		);
 
 	/*****************************/
 	/* Function        0x17      */
 	WERROR wkssvc_NetrUnjoinDomain2 (
-		[in] [string,charset(UTF16)] uint16 *server_name,
-		[in] [string,charset(UTF16)] uint16 *account,
-		[in] wkssvc_PasswordBuffer *encrypted_password,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *account,
+		[in,unique] wkssvc_PasswordBuffer *encrypted_password,
 		[in] wkssvc_joinflags unjoin_flags
 		);
 
 	/*****************************/
 	/* Function        0x18      */
 	WERROR wkssvc_NetrRenameMachineInDomain2(
-		[in] [string,charset(UTF16)] uint16 *server_name,
-		[in] [string,charset(UTF16)] uint16 *NewMachineName,
-		[in] [string,charset(UTF16)] uint16 *Account,
-		[in] wkssvc_PasswordBuffer *EncryptedPassword,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *NewMachineName,
+		[in,unique] [string,charset(UTF16)] uint16 *Account,
+		[in,unique] wkssvc_PasswordBuffer *EncryptedPassword,
 		[in] wkssvc_renameflags RenameOptions
 		);
 
 	/*****************************/
 	/* Function        0x19      */
 	WERROR wkssvc_NetrValidateName2(
-		[in] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
 		[in,ref] [string,charset(UTF16)] uint16 *name,
-		[in] [string,charset(UTF16)] uint16 *Account,
-		[in] wkssvc_PasswordBuffer *EncryptedPassword,
+		[in,unique] [string,charset(UTF16)] uint16 *Account,
+		[in,unique] wkssvc_PasswordBuffer *EncryptedPassword,
 		[in] wkssvc_NetValidateNameType name_type
 		);
 
 	/*****************************/
 	/* Function        0x1a      */
 	WERROR wkssvc_NetrGetJoinableOus2(
-		[in] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
 		[in,ref] [string,charset(UTF16)] uint16 *domain_name,
-		[in] [string,charset(UTF16)] uint16 *Account,
-		[in] wkssvc_PasswordBuffer *EncryptedPassword,
+		[in,unique] [string,charset(UTF16)] uint16 *Account,
+		[in,unique] wkssvc_PasswordBuffer *EncryptedPassword,
 		[in,out,ref] uint32 *num_ous,
-		[out,ref] [size_is(*num_ous)] [string,charset(UTF16)] uint16 ***ous
+		/*
+		 * this is a [ref] pointer to a [unique] pointer to an
+		 * array of [unique] pointers to a string array
+		 */
+		[out,ref] [size_is(,*num_ous)] [string,charset(UTF16)] uint16 ***ous
 		);
 
 	/*****************************/
 	/* Function        0x1b      */
 	WERROR wkssvc_NetrAddAlternateComputerName(
-		[in] [string,charset(UTF16)] uint16 *server_name,
-		[in] [string,charset(UTF16)] uint16 *NewAlternateMachineName,
-		[in] [string,charset(UTF16)] uint16 *Account,
-		[in] wkssvc_PasswordBuffer *EncryptedPassword,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *NewAlternateMachineName,
+		[in,unique] [string,charset(UTF16)] uint16 *Account,
+		[in,unique] wkssvc_PasswordBuffer *EncryptedPassword,
 		[in] uint32 Reserved
 		);
 
 	/*****************************/
 	/* Function        0x1c      */
 	WERROR wkssvc_NetrRemoveAlternateComputerName(
-		[in] [string,charset(UTF16)] uint16 *server_name,
-		[in] [string,charset(UTF16)] uint16 *AlternateMachineNameToRemove,
-		[in] [string,charset(UTF16)] uint16 *Account,
-		[in] wkssvc_PasswordBuffer *EncryptedPassword,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *AlternateMachineNameToRemove,
+		[in,unique] [string,charset(UTF16)] uint16 *Account,
+		[in,unique] wkssvc_PasswordBuffer *EncryptedPassword,
 		[in] uint32 Reserved
 		);
 
 	/*****************************/
 	/* Function        0x1d      */
 	WERROR wkssvc_NetrSetPrimaryComputername(
-		[in] [string,charset(UTF16)] uint16 *server_name,
-		[in] [string,charset(UTF16)] uint16 *primary_name,
-		[in] [string,charset(UTF16)] uint16 *Account,
-		[in] wkssvc_PasswordBuffer *EncryptedPassword,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *primary_name,
+		[in,unique] [string,charset(UTF16)] uint16 *Account,
+		[in,unique] wkssvc_PasswordBuffer *EncryptedPassword,
 		[in] uint32 Reserved
 		);
 
@@ -780,7 +787,7 @@ import "srvsvc.idl", "lsa.idl";
         } wkssvc_ComputerNamesCtr;
 
 	WERROR wkssvc_NetrEnumerateComputerNames(
-		[in] [string,charset(UTF16)] uint16 *server_name,
+		[in,unique] [string,charset(UTF16)] uint16 *server_name,
 		[in] wkssvc_ComputerNameType name_type,
 		[in] uint32 Reserved,
 		[out,ref] wkssvc_ComputerNamesCtr **ctr
diff --git a/source3/librpc/ndr/libndr.h b/source3/librpc/ndr/libndr.h
index d0c2c74db9..a277a626c7 100644
--- a/source3/librpc/ndr/libndr.h
+++ b/source3/librpc/ndr/libndr.h
@@ -22,8 +22,8 @@
 
 #define _PRINTF_ATTRIBUTE(a,b) 
 
-#include "librpc/ndr/misc.h"
-#include "librpc/ndr/security.h"
+#include "librpc/gen_ndr/misc.h"
+#include "librpc/gen_ndr/security.h"
 
 /*
   this provides definitions for the libcli/rpc/ MSRPC library
diff --git a/source3/librpc/ndr/misc.h b/source3/librpc/ndr/misc.h
deleted file mode 100644
index 71975d7858..0000000000
--- a/source3/librpc/ndr/misc.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/* header auto-generated by pidl */
-
-#ifndef _HEADER_misc
-#define _HEADER_misc
-
-struct GUID {
-	uint32_t time_low;
-	uint16_t time_mid;
-	uint16_t time_hi_and_version;
-	uint8_t clock_seq[2];
-	uint8_t node[6];
-}/* [noprint,gensize,public,noejs] */;
-
-struct ndr_syntax_id {
-	struct GUID uuid;
-	uint32_t if_version;
-}/* [public] */;
-
-struct policy_handle {
-	uint32_t handle_type;
-	struct GUID uuid;
-}/* [public] */;
-
-enum netr_SchannelType {
-	SEC_CHAN_WKSTA=2,
-	SEC_CHAN_DOMAIN=4,
-	SEC_CHAN_BDC=6
-};
-
-enum netr_SamDatabaseID {
-	SAM_DATABASE_DOMAIN=0,
-	SAM_DATABASE_BUILTIN=1,
-	SAM_DATABASE_PRIVS=2
-};
-
-enum samr_RejectReason {
-	SAMR_REJECT_OTHER=0,
-	SAMR_REJECT_TOO_SHORT=1,
-	SAMR_REJECT_COMPLEXITY=2
-};
-
-#endif /* _HEADER_misc */
diff --git a/source3/librpc/ndr/ndr.c b/source3/librpc/ndr/ndr.c
index 62a88a8856..53eff00d59 100644
--- a/source3/librpc/ndr/ndr.c
+++ b/source3/librpc/ndr/ndr.c
@@ -176,12 +176,16 @@ _PUBLIC_ void ndr_print_debug_helper(struct ndr_print *ndr, const char *format,
 {
 	va_list ap;
 	char *s = NULL;
-	int i;
+	int i, ret;
 
 	va_start(ap, format);
-	vasprintf(&s, format, ap);
+	ret = vasprintf(&s, format, ap);
 	va_end(ap);
 
+	if (ret == -1) {
+		return;
+	}
+
 	for (i=0;i<ndr->depth;i++) {
 		DEBUGADD(0,("    "));
 	}
@@ -450,11 +454,16 @@ _PUBLIC_ enum ndr_err_code ndr_pull_error(struct ndr_pull *ndr,
 {
 	char *s=NULL;
 	va_list ap;
+	int ret;
 
 	va_start(ap, format);
-	vasprintf(&s, format, ap);
+	ret = vasprintf(&s, format, ap);
 	va_end(ap);
 
+	if (ret == -1) {
+		return NDR_ERR_ALLOC;
+	}
+
 	DEBUG(3,("ndr_pull_error(%u): %s\n", ndr_err, s));
 
 	free(s);
@@ -471,11 +480,16 @@ _PUBLIC_ enum ndr_err_code ndr_push_error(struct ndr_push *ndr,
 {
 	char *s=NULL;
 	va_list ap;
+	int ret;
 
 	va_start(ap, format);
-	vasprintf(&s, format, ap);
+	ret = vasprintf(&s, format, ap);
 	va_end(ap);
 
+	if (ret == -1) {
+		return NDR_ERR_ALLOC;
+	}
+
 	DEBUG(3,("ndr_push_error(%u): %s\n", ndr_err, s));
 
 	free(s);
diff --git a/source3/librpc/ndr/ndr_basic.c b/source3/librpc/ndr/ndr_basic.c
index 54397c9469..f342c6e36f 100644
--- a/source3/librpc/ndr/ndr_basic.c
+++ b/source3/librpc/ndr/ndr_basic.c
@@ -773,8 +773,7 @@ _PUBLIC_ void ndr_print_array_uint8(struct ndr_print *ndr, const char *name,
 	ndr->depth++;
 	for (i=0;i<count;i++) {
 		char *idx=NULL;
-		asprintf(&idx, "[%d]", i);
-		if (idx) {
+		if (asprintf(&idx, "[%d]", i) != -1) {
 			ndr_print_uint8(ndr, idx, data[i]);
 			free(idx);
 		}
diff --git a/source3/librpc/ndr/ndr_krb5pac.c b/source3/librpc/ndr/ndr_krb5pac.c
new file mode 100644
index 0000000000..b0eab44012
--- /dev/null
+++ b/source3/librpc/ndr/ndr_krb5pac.c
@@ -0,0 +1,141 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   routines for marshalling/unmarshalling spoolss subcontext buffer structures
+
+   Copyright (C) Stefan Metzmacher 2005
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include "includes.h"
+
+#include "librpc/gen_ndr/ndr_krb5pac.h"
+
+static size_t _ndr_size_PAC_INFO(const union PAC_INFO *r, uint32_t level, int flags)
+{
+	size_t s = ndr_size_PAC_INFO(r, level, flags);
+	switch (level) {
+		case PAC_TYPE_LOGON_INFO:
+			return NDR_ROUND(s,8);
+		default:
+			return s;
+	}
+}
+
+static size_t _subcontext_size_PAC_INFO(const union PAC_INFO *r, uint32_t level, int flags)
+{
+	size_t s = ndr_size_PAC_INFO(r, level, flags);
+	return NDR_ROUND(s,8);
+}
+
+enum ndr_err_code ndr_push_PAC_BUFFER(struct ndr_push *ndr, int ndr_flags, const struct PAC_BUFFER *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_PAC_TYPE(ndr, NDR_SCALARS, r->type));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, _ndr_size_PAC_INFO(r->info,r->type,0)));
+		{
+			uint32_t _flags_save_PAC_INFO = ndr->flags;
+			ndr_set_flags(&ndr->flags, LIBNDR_FLAG_ALIGN8);
+			NDR_CHECK(ndr_push_relative_ptr1(ndr, r->info));
+			ndr->flags = _flags_save_PAC_INFO;
+		}
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		{
+			uint32_t _flags_save_PAC_INFO = ndr->flags;
+			ndr_set_flags(&ndr->flags, LIBNDR_FLAG_ALIGN8);
+			if (r->info) {
+				NDR_CHECK(ndr_push_relative_ptr2(ndr, r->info));
+				{
+					struct ndr_push *_ndr_info;
+					NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_info, 0, _subcontext_size_PAC_INFO(r->info,r->type,0)));
+					NDR_CHECK(ndr_push_set_switch_value(_ndr_info, r->info, r->type));
+					NDR_CHECK(ndr_push_PAC_INFO(_ndr_info, NDR_SCALARS|NDR_BUFFERS, r->info));
+					NDR_CHECK(ndr_push_subcontext_end(ndr, _ndr_info, 0, _subcontext_size_PAC_INFO(r->info,r->type,0)));
+				}
+			}
+			ndr->flags = _flags_save_PAC_INFO;
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+enum ndr_err_code ndr_pull_PAC_BUFFER(struct ndr_pull *ndr, int ndr_flags, struct PAC_BUFFER *r)
+{
+	uint32_t _ptr_info;
+	TALLOC_CTX *_mem_save_info_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_PAC_TYPE(ndr, NDR_SCALARS, &r->type));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->_ndr_size));
+		{
+			uint32_t _flags_save_PAC_INFO = ndr->flags;
+			ndr_set_flags(&ndr->flags, LIBNDR_FLAG_ALIGN8);
+			NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_info));
+			if (_ptr_info) {
+				NDR_PULL_ALLOC(ndr, r->info);
+				NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->info, _ptr_info));
+			} else {
+				r->info = NULL;
+			}
+			ndr->flags = _flags_save_PAC_INFO;
+		}
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->_pad));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		{
+			uint32_t _flags_save_PAC_INFO = ndr->flags;
+			ndr_set_flags(&ndr->flags, LIBNDR_FLAG_ALIGN8);
+			if (r->info) {
+				uint32_t _relative_save_offset;
+				_relative_save_offset = ndr->offset;
+				NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->info));
+				_mem_save_info_0 = NDR_PULL_GET_MEM_CTX(ndr);
+				NDR_PULL_SET_MEM_CTX(ndr, r->info, 0);
+				{
+					struct ndr_pull *_ndr_info;
+					NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_info, 0, r->_ndr_size));
+					NDR_CHECK(ndr_pull_set_switch_value(_ndr_info, r->info, r->type));
+					NDR_CHECK(ndr_pull_PAC_INFO(_ndr_info, NDR_SCALARS|NDR_BUFFERS, r->info));
+					NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_info, 0, r->_ndr_size));
+				}
+				NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, 0);
+				ndr->offset = _relative_save_offset;
+			}
+			ndr->flags = _flags_save_PAC_INFO;
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+void ndr_print_PAC_BUFFER(struct ndr_print *ndr, const char *name, const struct PAC_BUFFER *r)
+{
+	ndr_print_struct(ndr, name, "PAC_BUFFER");
+	ndr->depth++;
+	ndr_print_PAC_TYPE(ndr, "type", r->type);
+	ndr_print_uint32(ndr, "_ndr_size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?_ndr_size_PAC_INFO(r->info,r->type,0):r->_ndr_size);
+	ndr_print_ptr(ndr, "info", r->info);
+	ndr->depth++;
+	if (r->info) {
+		ndr_print_set_switch_value(ndr, r->info, r->type);
+		ndr_print_PAC_INFO(ndr, "info", r->info);
+	}
+	ndr->depth--;
+	ndr_print_uint32(ndr, "_pad", r->_pad);
+	ndr->depth--;
+}
diff --git a/source3/librpc/ndr/ndr_misc.c b/source3/librpc/ndr/ndr_misc.c
index 245ba45215..79761b9251 100644
--- a/source3/librpc/ndr/ndr_misc.c
+++ b/source3/librpc/ndr/ndr_misc.c
@@ -24,41 +24,6 @@
 
 #include "includes.h"
 
-enum ndr_err_code ndr_push_GUID(struct ndr_push *ndr, int ndr_flags, const struct GUID *r)
-{
-	if (ndr_flags & NDR_SCALARS) {
-		NDR_CHECK(ndr_push_align(ndr, 4));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->time_low));
-		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->time_mid));
-		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->time_hi_and_version));
-		NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->clock_seq, 2));
-		NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->node, 6));
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-enum ndr_err_code ndr_pull_GUID(struct ndr_pull *ndr, int ndr_flags, struct GUID *r)
-{
-	if (ndr_flags & NDR_SCALARS) {
-		NDR_CHECK(ndr_pull_align(ndr, 4));
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->time_low));
-		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->time_mid));
-		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->time_hi_and_version));
-		NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->clock_seq, 2));
-		NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->node, 6));
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-size_t ndr_size_GUID(const struct GUID *r, int flags)
-{
-	return ndr_size_struct(r, flags, (ndr_push_flags_fn_t)ndr_push_GUID);
-}
-
 /**
  * see if a range of memory is all zero. A NULL pointer is considered
  * to be all zero 
@@ -78,39 +43,6 @@ void ndr_print_GUID(struct ndr_print *ndr, const char *name, const struct GUID *
 	ndr->print(ndr, "%-25s: %s", name, GUID_string(ndr, guid));
 }
 
-enum ndr_err_code ndr_push_policy_handle(struct ndr_push *ndr, int ndr_flags, const struct policy_handle *r)
-{
-	if (ndr_flags & NDR_SCALARS) {
-		NDR_CHECK(ndr_push_align(ndr, 4));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->handle_type));
-		NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS, &r->uuid));
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-enum ndr_err_code ndr_pull_policy_handle(struct ndr_pull *ndr, int ndr_flags, struct policy_handle *r)
-{
-	if (ndr_flags & NDR_SCALARS) {
-		NDR_CHECK(ndr_pull_align(ndr, 4));
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->handle_type));
-		NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->uuid));
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-void ndr_print_policy_handle(struct ndr_print *ndr, const char *name, const struct policy_handle *r)
-{
-	ndr_print_struct(ndr, name, "policy_handle");
-	ndr->depth++;
-	ndr_print_uint32(ndr, "handle_type", r->handle_type);
-	ndr_print_GUID(ndr, "uuid", &r->uuid);
-	ndr->depth--;
-}
-
 enum ndr_err_code ndr_push_server_id(struct ndr_push *ndr, int ndr_flags, const struct server_id *r)
 {
 	if (ndr_flags & NDR_SCALARS) {
@@ -153,84 +85,3 @@ void ndr_print_server_id(struct ndr_print *ndr, const char *name, const struct s
 #endif
 	ndr->depth--;
 }
-
-void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct ads_struct *r)
-{
-	if (!r) { return; }
-
-	ndr_print_struct(ndr, name, "ads_struct");
-	ndr->depth++;
-	ndr_print_bool(ndr, "is_mine", r->is_mine);
-	ndr_print_struct(ndr, name, "server");
-	ndr->depth++;
-	ndr_print_string(ndr, "realm", r->server.realm);
-	ndr_print_string(ndr, "workgroup", r->server.workgroup);
-	ndr_print_string(ndr, "ldap_server", r->server.ldap_server);
-	ndr_print_bool(ndr, "foreign", r->server.foreign);
-	ndr->depth--;
-	ndr_print_struct(ndr, name, "auth");
-	ndr->depth++;
-	ndr_print_string(ndr, "realm", r->auth.realm);
-#ifdef DEBUG_PASSWORD
-	ndr_print_string(ndr, "password", r->auth.password);
-#else
-	ndr_print_string(ndr, "password", "(PASSWORD ommited)");
-#endif
-	ndr_print_string(ndr, "user_name", r->auth.user_name);
-	ndr_print_string(ndr, "kdc_server", r->auth.kdc_server);
-	ndr_print_uint32(ndr, "flags", r->auth.flags);
-	ndr_print_uint32(ndr, "time_offset", r->auth.time_offset);
-	ndr_print_time_t(ndr, "tgt_expire", r->auth.tgt_expire);
-	ndr_print_time_t(ndr, "tgs_expire", r->auth.tgs_expire);
-	ndr_print_time_t(ndr, "renewable", r->auth.renewable);
-	ndr->depth--;
-	ndr_print_struct(ndr, name, "config");
-	ndr->depth++;
-	ndr_print_uint32(ndr, "flags", r->config.flags);
-	ndr_print_string(ndr, "realm", r->config.realm);
-	ndr_print_string(ndr, "bind_path", r->config.bind_path);
-	ndr_print_string(ndr, "ldap_server_name", r->config.ldap_server_name);
-	ndr_print_string(ndr, "server_site_name", r->config.server_site_name);
-	ndr_print_string(ndr, "client_site_name", r->config.client_site_name);
-	ndr_print_time_t(ndr, "current_time", r->config.current_time);
-	ndr_print_bool(ndr, "tried_closest_dc", r->config.tried_closest_dc);
-	ndr_print_string(ndr, "schema_path", r->config.schema_path);
-	ndr_print_string(ndr, "config_path", r->config.config_path);
-	ndr->depth--;
-#ifdef HAVE_LDAP
-	ndr_print_struct(ndr, name, "ldap");
-	ndr->depth++;
-	ndr_print_ptr(ndr, "ld", r->ldap.ld);
-	ndr_print_sockaddr_storage(ndr, "ss", &r->ldap.ss);
-	ndr_print_time_t(ndr, "last_attempt", r->ldap.last_attempt);
-	ndr_print_uint32(ndr, "port", r->ldap.port);
-	ndr_print_uint16(ndr, "wrap_type", r->ldap.wrap_type);
-#ifdef HAVE_LDAP_SASL_WRAPPING
-	ndr_print_ptr(ndr, "sbiod", r->ldap.sbiod);
-#endif /* HAVE_LDAP_SASL_WRAPPING */
-	ndr_print_ptr(ndr, "mem_ctx", r->ldap.mem_ctx);
-	ndr_print_ptr(ndr, "wrap_ops", r->ldap.wrap_ops);
-	ndr_print_ptr(ndr, "wrap_private_data", r->ldap.wrap_private_data);
-	ndr_print_struct(ndr, name, "in");
-	ndr->depth++;
-	ndr_print_uint32(ndr, "ofs", r->ldap.in.ofs);
-	ndr_print_uint32(ndr, "needed", r->ldap.in.needed);
-	ndr_print_uint32(ndr, "left", r->ldap.in.left);
-	ndr_print_uint32(ndr, "max_wrapped", r->ldap.in.max_wrapped);
-	ndr_print_uint32(ndr, "min_wrapped", r->ldap.in.min_wrapped);
-	ndr_print_uint32(ndr, "size", r->ldap.in.size);
-	ndr_print_array_uint8(ndr, "buf", r->ldap.in.buf, r->ldap.in.size);
-	ndr->depth--;
-	ndr_print_struct(ndr, name, "out");
-	ndr->depth++;
-	ndr_print_uint32(ndr, "ofs", r->ldap.out.ofs);
-	ndr_print_uint32(ndr, "left", r->ldap.out.left);
-	ndr_print_uint32(ndr, "max_unwrapped", r->ldap.out.max_unwrapped);
-	ndr_print_uint32(ndr, "sig_size", r->ldap.out.sig_size);
-	ndr_print_uint32(ndr, "size", r->ldap.out.size);
-	ndr_print_array_uint8(ndr, "buf", r->ldap.out.buf, r->ldap.out.size);
-	ndr->depth--;
-	ndr->depth--;
-#endif /* HAVE_LDAP */
-	ndr->depth--;
-}
diff --git a/source3/librpc/ndr/ndr_sec_helper.c b/source3/librpc/ndr/ndr_sec_helper.c
index d1938b9588..f8bad6ca61 100644
--- a/source3/librpc/ndr/ndr_sec_helper.c
+++ b/source3/librpc/ndr/ndr_sec_helper.c
@@ -89,818 +89,3 @@ void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct d
 {
 	ndr_print_dom_sid(ndr, name, sid);
 }
-
-static enum ndr_err_code ndr_push_security_ace_flags(struct ndr_push *ndr, int ndr_flags, uint8_t r)
-{
-	NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r));
-	return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_security_ace_flags(struct ndr_pull *ndr, int ndr_flags, uint8_t *r)
-{
-	uint8_t v;
-	NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &v));
-	*r = v;
-	return NDR_ERR_SUCCESS;
-}
-
-void ndr_print_security_ace_flags(struct ndr_print *ndr, const char *name, uint8_t r)
-{
-	ndr_print_uint8(ndr, name, r);
-	ndr->depth++;
-	ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_OBJECT_INHERIT", SEC_ACE_FLAG_OBJECT_INHERIT, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_CONTAINER_INHERIT", SEC_ACE_FLAG_CONTAINER_INHERIT, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_NO_PROPAGATE_INHERIT", SEC_ACE_FLAG_NO_PROPAGATE_INHERIT, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_INHERIT_ONLY", SEC_ACE_FLAG_INHERIT_ONLY, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_INHERITED_ACE", SEC_ACE_FLAG_INHERITED_ACE, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_VALID_INHERIT", SEC_ACE_FLAG_VALID_INHERIT, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_SUCCESSFUL_ACCESS", SEC_ACE_FLAG_SUCCESSFUL_ACCESS, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint8_t), "SEC_ACE_FLAG_FAILED_ACCESS", SEC_ACE_FLAG_FAILED_ACCESS, r);
-	ndr->depth--;
-}
-
-static enum ndr_err_code ndr_push_security_ace_type(struct ndr_push *ndr, int ndr_flags, enum security_ace_type r)
-{
-	NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r));
-	return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_security_ace_type(struct ndr_pull *ndr, int ndr_flags, enum security_ace_type *r)
-{
-	uint8_t v;
-	NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &v));
-	*r = (enum security_ace_type)v;
-	return NDR_ERR_SUCCESS;
-}
-
-void ndr_print_security_ace_type(struct ndr_print *ndr, const char *name, enum security_ace_type r)
-{
-	const char *val = NULL;
-
-	switch (r) {
-		case SEC_ACE_TYPE_ACCESS_ALLOWED: val = "SEC_ACE_TYPE_ACCESS_ALLOWED"; break;
-		case SEC_ACE_TYPE_ACCESS_DENIED: val = "SEC_ACE_TYPE_ACCESS_DENIED"; break;
-		case SEC_ACE_TYPE_SYSTEM_AUDIT: val = "SEC_ACE_TYPE_SYSTEM_AUDIT"; break;
-		case SEC_ACE_TYPE_SYSTEM_ALARM: val = "SEC_ACE_TYPE_SYSTEM_ALARM"; break;
-		case SEC_ACE_TYPE_ALLOWED_COMPOUND: val = "SEC_ACE_TYPE_ALLOWED_COMPOUND"; break;
-		case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: val = "SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT"; break;
-		case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: val = "SEC_ACE_TYPE_ACCESS_DENIED_OBJECT"; break;
-		case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT: val = "SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT"; break;
-		case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT: val = "SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT"; break;
-	}
-	ndr_print_enum(ndr, name, "ENUM", val, r);
-}
-
-static enum ndr_err_code ndr_push_security_ace_object_flags(struct ndr_push *ndr, int ndr_flags, uint32_t r)
-{
-	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
-	return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_security_ace_object_flags(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
-{
-	uint32_t v;
-	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
-	*r = v;
-	return NDR_ERR_SUCCESS;
-}
-
-void ndr_print_security_ace_object_flags(struct ndr_print *ndr, const char *name, uint32_t r)
-{
-	ndr_print_uint32(ndr, name, r);
-	ndr->depth++;
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SEC_ACE_OBJECT_TYPE_PRESENT", SEC_ACE_OBJECT_TYPE_PRESENT, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT", SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT, r);
-	ndr->depth--;
-}
-
-static enum ndr_err_code ndr_push_security_ace_object_type(struct ndr_push *ndr, int ndr_flags, const union security_ace_object_type *r)
-{
-	int level;
-	level = ndr_push_get_switch_value(ndr, r);
-	if (ndr_flags & NDR_SCALARS) {
-		switch (level) {
-			case SEC_ACE_OBJECT_TYPE_PRESENT:
-				NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS, &r->type));
-			break;
-
-			default:
-			break;
-
-		}
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-		switch (level) {
-			case SEC_ACE_OBJECT_TYPE_PRESENT:
-			break;
-
-			default:
-			break;
-
-		}
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_security_ace_object_type(struct ndr_pull *ndr, int ndr_flags, union security_ace_object_type *r)
-{
-	int level;
-	level = ndr_pull_get_switch_value(ndr, r);
-	if (ndr_flags & NDR_SCALARS) {
-		switch (level) {
-			case SEC_ACE_OBJECT_TYPE_PRESENT: {
-				NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->type));
-			break; }
-
-			default: {
-			break; }
-
-		}
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-		switch (level) {
-			case SEC_ACE_OBJECT_TYPE_PRESENT:
-			break;
-
-			default:
-			break;
-
-		}
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-void ndr_print_security_ace_object_type(struct ndr_print *ndr, const char *name, const union security_ace_object_type *r)
-{
-	int level;
-	level = ndr_print_get_switch_value(ndr, r);
-	ndr_print_union(ndr, name, level, "security_ace_object_type");
-	switch (level) {
-		case SEC_ACE_OBJECT_TYPE_PRESENT:
-			ndr_print_GUID(ndr, "type", &r->type);
-		break;
-
-		default:
-		break;
-
-	}
-}
-
-static enum ndr_err_code ndr_push_security_ace_object_inherited_type(struct ndr_push *ndr, int ndr_flags, const union security_ace_object_inherited_type *r)
-{
-	int level;
-	level = ndr_push_get_switch_value(ndr, r);
-	if (ndr_flags & NDR_SCALARS) {
-		switch (level) {
-			case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
-				NDR_CHECK(ndr_push_GUID(ndr, NDR_SCALARS, &r->inherited_type));
-			break;
-
-			default:
-			break;
-
-		}
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-		switch (level) {
-			case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
-			break;
-
-			default:
-			break;
-
-		}
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr, int ndr_flags, union security_ace_object_inherited_type *r)
-{
-	int level;
-	level = ndr_pull_get_switch_value(ndr, r);
-	if (ndr_flags & NDR_SCALARS) {
-		switch (level) {
-			case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT: {
-				NDR_CHECK(ndr_pull_GUID(ndr, NDR_SCALARS, &r->inherited_type));
-			break; }
-
-			default: {
-			break; }
-
-		}
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-		switch (level) {
-			case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
-			break;
-
-			default:
-			break;
-
-		}
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-void ndr_print_security_ace_object_inherited_type(struct ndr_print *ndr, const char *name, const union security_ace_object_inherited_type *r)
-{
-	int level;
-	level = ndr_print_get_switch_value(ndr, r);
-	ndr_print_union(ndr, name, level, "security_ace_object_inherited_type");
-	switch (level) {
-		case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
-			ndr_print_GUID(ndr, "inherited_type", &r->inherited_type);
-		break;
-
-		default:
-		break;
-
-	}
-}
-
-static enum ndr_err_code ndr_push_security_ace_object(struct ndr_push *ndr, int ndr_flags, const struct security_ace_object *r)
-{
-	if (ndr_flags & NDR_SCALARS) {
-		NDR_CHECK(ndr_push_align(ndr, 4));
-		NDR_CHECK(ndr_push_security_ace_object_flags(ndr, NDR_SCALARS, r->flags));
-		NDR_CHECK(ndr_push_set_switch_value(ndr, &r->type, r->flags&SEC_ACE_OBJECT_TYPE_PRESENT));
-		NDR_CHECK(ndr_push_security_ace_object_type(ndr, NDR_SCALARS, &r->type));
-		NDR_CHECK(ndr_push_set_switch_value(ndr, &r->inherited_type, r->flags&SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT));
-		NDR_CHECK(ndr_push_security_ace_object_inherited_type(ndr, NDR_SCALARS, &r->inherited_type));
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-		NDR_CHECK(ndr_push_security_ace_object_type(ndr, NDR_BUFFERS, &r->type));
-		NDR_CHECK(ndr_push_security_ace_object_inherited_type(ndr, NDR_BUFFERS, &r->inherited_type));
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_security_ace_object(struct ndr_pull *ndr, int ndr_flags, struct security_ace_object *r)
-{
-	if (ndr_flags & NDR_SCALARS) {
-		NDR_CHECK(ndr_pull_align(ndr, 4));
-		NDR_CHECK(ndr_pull_security_ace_object_flags(ndr, NDR_SCALARS, &r->flags));
-		NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->type, r->flags&SEC_ACE_OBJECT_TYPE_PRESENT));
-		NDR_CHECK(ndr_pull_security_ace_object_type(ndr, NDR_SCALARS, &r->type));
-		NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->inherited_type, r->flags&SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT));
-		NDR_CHECK(ndr_pull_security_ace_object_inherited_type(ndr, NDR_SCALARS, &r->inherited_type));
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-		NDR_CHECK(ndr_pull_security_ace_object_type(ndr, NDR_BUFFERS, &r->type));
-		NDR_CHECK(ndr_pull_security_ace_object_inherited_type(ndr, NDR_BUFFERS, &r->inherited_type));
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-void ndr_print_security_ace_object(struct ndr_print *ndr, const char *name, const struct security_ace_object *r)
-{
-	ndr_print_struct(ndr, name, "security_ace_object");
-	ndr->depth++;
-	ndr_print_security_ace_object_flags(ndr, "flags", r->flags);
-	ndr_print_set_switch_value(ndr, &r->type, r->flags&SEC_ACE_OBJECT_TYPE_PRESENT);
-	ndr_print_security_ace_object_type(ndr, "type", &r->type);
-	ndr_print_set_switch_value(ndr, &r->inherited_type, r->flags&SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT);
-	ndr_print_security_ace_object_inherited_type(ndr, "inherited_type", &r->inherited_type);
-	ndr->depth--;
-}
-
-static enum ndr_err_code ndr_push_security_ace_object_ctr(struct ndr_push *ndr, int ndr_flags, const union security_ace_object_ctr *r)
-{
-	int level;
-	level = ndr_push_get_switch_value(ndr, r);
-	if (ndr_flags & NDR_SCALARS) {
-		switch (level) {
-			case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
-				NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_SCALARS, &r->object));
-			break;
-
-			case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
-				NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_SCALARS, &r->object));
-			break;
-
-			case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
-				NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_SCALARS, &r->object));
-			break;
-
-			case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
-				NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_SCALARS, &r->object));
-			break;
-
-			default:
-			break;
-
-		}
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-		switch (level) {
-			case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
-				NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_BUFFERS, &r->object));
-			break;
-
-			case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
-				NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_BUFFERS, &r->object));
-			break;
-
-			case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
-				NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_BUFFERS, &r->object));
-			break;
-
-			case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
-				NDR_CHECK(ndr_push_security_ace_object(ndr, NDR_BUFFERS, &r->object));
-			break;
-
-			default:
-			break;
-
-		}
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr, int ndr_flags, union security_ace_object_ctr *r)
-{
-	int level;
-	level = ndr_pull_get_switch_value(ndr, r);
-	if (ndr_flags & NDR_SCALARS) {
-		switch (level) {
-			case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: {
-				NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_SCALARS, &r->object));
-			break; }
-
-			case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: {
-				NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_SCALARS, &r->object));
-			break; }
-
-			case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT: {
-				NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_SCALARS, &r->object));
-			break; }
-
-			case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT: {
-				NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_SCALARS, &r->object));
-			break; }
-
-			default: {
-			break; }
-
-		}
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-		switch (level) {
-			case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
-				NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_BUFFERS, &r->object));
-			break;
-
-			case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
-				NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_BUFFERS, &r->object));
-			break;
-
-			case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
-				NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_BUFFERS, &r->object));
-			break;
-
-			case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
-				NDR_CHECK(ndr_pull_security_ace_object(ndr, NDR_BUFFERS, &r->object));
-			break;
-
-			default:
-			break;
-
-		}
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-void ndr_print_security_ace_object_ctr(struct ndr_print *ndr, const char *name, const union security_ace_object_ctr *r)
-{
-	int level;
-	level = ndr_print_get_switch_value(ndr, r);
-	ndr_print_union(ndr, name, level, "security_ace_object_ctr");
-	switch (level) {
-		case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
-			ndr_print_security_ace_object(ndr, "object", &r->object);
-		break;
-
-		case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT:
-			ndr_print_security_ace_object(ndr, "object", &r->object);
-		break;
-
-		case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT:
-			ndr_print_security_ace_object(ndr, "object", &r->object);
-		break;
-
-		case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT:
-			ndr_print_security_ace_object(ndr, "object", &r->object);
-		break;
-
-		default:
-		break;
-
-	}
-}
-
-enum ndr_err_code ndr_push_security_ace(struct ndr_push *ndr, int ndr_flags, const struct security_ace *r)
-{
-	if (ndr_flags & NDR_SCALARS) {
-		NDR_CHECK(ndr_push_align(ndr, 4));
-		NDR_CHECK(ndr_push_security_ace_type(ndr, NDR_SCALARS, r->type));
-		NDR_CHECK(ndr_push_security_ace_flags(ndr, NDR_SCALARS, r->flags));
-		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, ndr_size_security_ace(r,ndr->flags)));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->access_mask));
-		NDR_CHECK(ndr_push_set_switch_value(ndr, &r->object, r->type));
-		NDR_CHECK(ndr_push_security_ace_object_ctr(ndr, NDR_SCALARS, &r->object));
-		NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, &r->trustee));
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-		NDR_CHECK(ndr_push_security_ace_object_ctr(ndr, NDR_BUFFERS, &r->object));
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-enum ndr_err_code ndr_pull_security_ace(struct ndr_pull *ndr, int ndr_flags, struct security_ace *r)
-{
-	if (ndr_flags & NDR_SCALARS) {
-		NDR_CHECK(ndr_pull_align(ndr, 4));
-		NDR_CHECK(ndr_pull_security_ace_type(ndr, NDR_SCALARS, &r->type));
-		NDR_CHECK(ndr_pull_security_ace_flags(ndr, NDR_SCALARS, &r->flags));
-		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->access_mask));
-		NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object, r->type));
-		NDR_CHECK(ndr_pull_security_ace_object_ctr(ndr, NDR_SCALARS, &r->object));
-		NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->trustee));
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-		NDR_CHECK(ndr_pull_security_ace_object_ctr(ndr, NDR_BUFFERS, &r->object));
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-void ndr_print_security_ace(struct ndr_print *ndr, const char *name, const struct security_ace *r)
-{
-	ndr_print_struct(ndr, name, "security_ace");
-	ndr->depth++;
-	ndr_print_security_ace_type(ndr, "type", r->type);
-	ndr_print_security_ace_flags(ndr, "flags", r->flags);
-	ndr_print_uint16(ndr, "size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?ndr_size_security_ace(r,ndr->flags):r->size);
-	ndr_print_uint32(ndr, "access_mask", r->access_mask);
-	ndr_print_set_switch_value(ndr, &r->object, r->type);
-	ndr_print_security_ace_object_ctr(ndr, "object", &r->object);
-	ndr_print_dom_sid(ndr, "trustee", &r->trustee);
-	ndr->depth--;
-}
-
-static enum ndr_err_code ndr_push_security_acl_revision(struct ndr_push *ndr, int ndr_flags, enum security_acl_revision r)
-{
-	NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
-	return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_security_acl_revision(struct ndr_pull *ndr, int ndr_flags, enum security_acl_revision *r)
-{
-	uint16_t v;
-	NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
-	*r = (enum security_acl_revision)v;
-	return NDR_ERR_SUCCESS;
-}
-
-void ndr_print_security_acl_revision(struct ndr_print *ndr, const char *name, enum security_acl_revision r)
-{
-	const char *val = NULL;
-
-	switch (r) {
-		case SECURITY_ACL_REVISION_NT4: val = "SECURITY_ACL_REVISION_NT4"; break;
-		case SECURITY_ACL_REVISION_ADS: val = "SECURITY_ACL_REVISION_ADS"; break;
-	}
-	ndr_print_enum(ndr, name, "ENUM", val, r);
-}
-
-enum ndr_err_code ndr_push_security_acl(struct ndr_push *ndr, int ndr_flags, const struct security_acl *r)
-{
-	uint32_t cntr_aces_0;
-	if (ndr_flags & NDR_SCALARS) {
-		NDR_CHECK(ndr_push_align(ndr, 4));
-		NDR_CHECK(ndr_push_security_acl_revision(ndr, NDR_SCALARS, r->revision));
-		NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, ndr_size_security_acl(r,ndr->flags)));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->num_aces));
-		for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) {
-			NDR_CHECK(ndr_push_security_ace(ndr, NDR_SCALARS, &r->aces[cntr_aces_0]));
-		}
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-		for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) {
-			NDR_CHECK(ndr_push_security_ace(ndr, NDR_BUFFERS, &r->aces[cntr_aces_0]));
-		}
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-enum ndr_err_code ndr_pull_security_acl(struct ndr_pull *ndr, int ndr_flags, struct security_acl *r)
-{
-	uint32_t cntr_aces_0;
-	TALLOC_CTX *_mem_save_aces_0;
-	if (ndr_flags & NDR_SCALARS) {
-		NDR_CHECK(ndr_pull_align(ndr, 4));
-		NDR_CHECK(ndr_pull_security_acl_revision(ndr, NDR_SCALARS, &r->revision));
-		NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_aces));
-		if (r->num_aces > 1000) { /* num_aces is unsigned */
-			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
-		}
-		NDR_PULL_ALLOC_N(ndr, r->aces, r->num_aces);
-		_mem_save_aces_0 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, r->aces, 0);
-		for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) {
-			NDR_CHECK(ndr_pull_security_ace(ndr, NDR_SCALARS, &r->aces[cntr_aces_0]));
-		}
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_aces_0, 0);
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-		_mem_save_aces_0 = NDR_PULL_GET_MEM_CTX(ndr);
-		NDR_PULL_SET_MEM_CTX(ndr, r->aces, 0);
-		for (cntr_aces_0 = 0; cntr_aces_0 < r->num_aces; cntr_aces_0++) {
-			NDR_CHECK(ndr_pull_security_ace(ndr, NDR_BUFFERS, &r->aces[cntr_aces_0]));
-		}
-		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_aces_0, 0);
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-void ndr_print_security_acl(struct ndr_print *ndr, const char *name, const struct security_acl *r)
-{
-	uint32_t cntr_aces_0;
-	ndr_print_struct(ndr, name, "security_acl");
-	ndr->depth++;
-	ndr_print_security_acl_revision(ndr, "revision", r->revision);
-	ndr_print_uint16(ndr, "size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?ndr_size_security_acl(r,ndr->flags):r->size);
-	ndr_print_uint32(ndr, "num_aces", r->num_aces);
-	ndr->print(ndr, "%s: ARRAY(%d)", "aces", r->num_aces);
-	ndr->depth++;
-	for (cntr_aces_0=0;cntr_aces_0<r->num_aces;cntr_aces_0++) {
-		char *idx_0=NULL;
-		asprintf(&idx_0, "[%d]", cntr_aces_0);
-		if (idx_0) {
-			ndr_print_security_ace(ndr, "aces", &r->aces[cntr_aces_0]);
-			free(idx_0);
-		}
-	}
-	ndr->depth--;
-	ndr->depth--;
-}
-
-static enum ndr_err_code ndr_push_security_descriptor_revision(struct ndr_push *ndr, int ndr_flags, enum security_descriptor_revision r)
-{
-	NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r));
-	return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_security_descriptor_revision(struct ndr_pull *ndr, int ndr_flags, enum security_descriptor_revision *r)
-{
-	uint8_t v;
-	NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &v));
-	*r = (enum security_descriptor_revision)v;
-	return NDR_ERR_SUCCESS;
-}
-
-void ndr_print_security_descriptor_revision(struct ndr_print *ndr, const char *name, enum security_descriptor_revision r)
-{
-	const char *val = NULL;
-
-	switch (r) {
-		case SECURITY_DESCRIPTOR_REVISION_1: val = "SECURITY_DESCRIPTOR_REVISION_1"; break;
-	}
-	ndr_print_enum(ndr, name, "ENUM", val, r);
-}
-
-static enum ndr_err_code ndr_push_security_descriptor_type(struct ndr_push *ndr, int ndr_flags, uint16_t r)
-{
-	NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
-	return NDR_ERR_SUCCESS;
-}
-
-static enum ndr_err_code ndr_pull_security_descriptor_type(struct ndr_pull *ndr, int ndr_flags, uint16_t *r)
-{
-	uint16_t v;
-	NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
-	*r = v;
-	return NDR_ERR_SUCCESS;
-}
-
-void ndr_print_security_descriptor_type(struct ndr_print *ndr, const char *name, uint16_t r)
-{
-	ndr_print_uint16(ndr, name, r);
-	ndr->depth++;
-	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_OWNER_DEFAULTED", SEC_DESC_OWNER_DEFAULTED, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_GROUP_DEFAULTED", SEC_DESC_GROUP_DEFAULTED, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_PRESENT", SEC_DESC_DACL_PRESENT, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_DEFAULTED", SEC_DESC_DACL_DEFAULTED, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SACL_PRESENT", SEC_DESC_SACL_PRESENT, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SACL_DEFAULTED", SEC_DESC_SACL_DEFAULTED, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_TRUSTED", SEC_DESC_DACL_TRUSTED, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SERVER_SECURITY", SEC_DESC_SERVER_SECURITY, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_AUTO_INHERIT_REQ", SEC_DESC_DACL_AUTO_INHERIT_REQ, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SACL_AUTO_INHERIT_REQ", SEC_DESC_SACL_AUTO_INHERIT_REQ, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_AUTO_INHERITED", SEC_DESC_DACL_AUTO_INHERITED, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SACL_AUTO_INHERITED", SEC_DESC_SACL_AUTO_INHERITED, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_DACL_PROTECTED", SEC_DESC_DACL_PROTECTED, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SACL_PROTECTED", SEC_DESC_SACL_PROTECTED, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_RM_CONTROL_VALID", SEC_DESC_RM_CONTROL_VALID, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "SEC_DESC_SELF_RELATIVE", SEC_DESC_SELF_RELATIVE, r);
-	ndr->depth--;
-}
-
-enum ndr_err_code ndr_push_security_descriptor(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor *r)
-{
-	{
-		uint32_t _flags_save_STRUCT = ndr->flags;
-		ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
-		if (ndr_flags & NDR_SCALARS) {
-			NDR_CHECK(ndr_push_align(ndr, 4));
-			NDR_CHECK(ndr_push_security_descriptor_revision(ndr, NDR_SCALARS, r->revision));
-			NDR_CHECK(ndr_push_security_descriptor_type(ndr, NDR_SCALARS, r->type));
-			NDR_CHECK(ndr_push_relative_ptr1(ndr, r->owner_sid));
-			NDR_CHECK(ndr_push_relative_ptr1(ndr, r->group_sid));
-			NDR_CHECK(ndr_push_relative_ptr1(ndr, r->sacl));
-			NDR_CHECK(ndr_push_relative_ptr1(ndr, r->dacl));
-		}
-		if (ndr_flags & NDR_BUFFERS) {
-			if (r->owner_sid) {
-				NDR_CHECK(ndr_push_relative_ptr2(ndr, r->owner_sid));
-				NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
-			}
-			if (r->group_sid) {
-				NDR_CHECK(ndr_push_relative_ptr2(ndr, r->group_sid));
-				NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, r->group_sid));
-			}
-			if (r->sacl) {
-				NDR_CHECK(ndr_push_relative_ptr2(ndr, r->sacl));
-				NDR_CHECK(ndr_push_security_acl(ndr, NDR_SCALARS|NDR_BUFFERS, r->sacl));
-			}
-			if (r->dacl) {
-				NDR_CHECK(ndr_push_relative_ptr2(ndr, r->dacl));
-				NDR_CHECK(ndr_push_security_acl(ndr, NDR_SCALARS|NDR_BUFFERS, r->dacl));
-			}
-		}
-		ndr->flags = _flags_save_STRUCT;
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-enum ndr_err_code ndr_pull_security_descriptor(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor *r)
-{
-	uint32_t _ptr_owner_sid;
-	TALLOC_CTX *_mem_save_owner_sid_0;
-	uint32_t _ptr_group_sid;
-	TALLOC_CTX *_mem_save_group_sid_0;
-	uint32_t _ptr_sacl;
-	TALLOC_CTX *_mem_save_sacl_0;
-	uint32_t _ptr_dacl;
-	TALLOC_CTX *_mem_save_dacl_0;
-	{
-		uint32_t _flags_save_STRUCT = ndr->flags;
-		ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
-		if (ndr_flags & NDR_SCALARS) {
-			NDR_CHECK(ndr_pull_align(ndr, 4));
-			NDR_CHECK(ndr_pull_security_descriptor_revision(ndr, NDR_SCALARS, &r->revision));
-			NDR_CHECK(ndr_pull_security_descriptor_type(ndr, NDR_SCALARS, &r->type));
-			NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_owner_sid));
-			if (_ptr_owner_sid) {
-				NDR_PULL_ALLOC(ndr, r->owner_sid);
-				NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->owner_sid, _ptr_owner_sid));
-			} else {
-				r->owner_sid = NULL;
-			}
-			NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_sid));
-			if (_ptr_group_sid) {
-				NDR_PULL_ALLOC(ndr, r->group_sid);
-				NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->group_sid, _ptr_group_sid));
-			} else {
-				r->group_sid = NULL;
-			}
-			NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sacl));
-			if (_ptr_sacl) {
-				NDR_PULL_ALLOC(ndr, r->sacl);
-				NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->sacl, _ptr_sacl));
-			} else {
-				r->sacl = NULL;
-			}
-			NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dacl));
-			if (_ptr_dacl) {
-				NDR_PULL_ALLOC(ndr, r->dacl);
-				NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->dacl, _ptr_dacl));
-			} else {
-				r->dacl = NULL;
-			}
-		}
-		if (ndr_flags & NDR_BUFFERS) {
-			if (r->owner_sid) {
-				struct ndr_pull_save _relative_save;
-				ndr_pull_save(ndr, &_relative_save);
-				NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid));
-				_mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
-				NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0);
-				NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
-				NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0);
-				ndr_pull_restore(ndr, &_relative_save);
-			}
-			if (r->group_sid) {
-				struct ndr_pull_save _relative_save;
-				ndr_pull_save(ndr, &_relative_save);
-				NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid));
-				_mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
-				NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0);
-				NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid));
-				NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0);
-				ndr_pull_restore(ndr, &_relative_save);
-			}
-			if (r->sacl) {
-				struct ndr_pull_save _relative_save;
-				ndr_pull_save(ndr, &_relative_save);
-				NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->sacl));
-				_mem_save_sacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
-				NDR_PULL_SET_MEM_CTX(ndr, r->sacl, 0);
-				NDR_CHECK(ndr_pull_security_acl(ndr, NDR_SCALARS|NDR_BUFFERS, r->sacl));
-				NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sacl_0, 0);
-				ndr_pull_restore(ndr, &_relative_save);
-			}
-			if (r->dacl) {
-				struct ndr_pull_save _relative_save;
-				ndr_pull_save(ndr, &_relative_save);
-				NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->dacl));
-				_mem_save_dacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
-				NDR_PULL_SET_MEM_CTX(ndr, r->dacl, 0);
-				NDR_CHECK(ndr_pull_security_acl(ndr, NDR_SCALARS|NDR_BUFFERS, r->dacl));
-				NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dacl_0, 0);
-				ndr_pull_restore(ndr, &_relative_save);
-			}
-		}
-		ndr->flags = _flags_save_STRUCT;
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-void ndr_print_security_descriptor(struct ndr_print *ndr, const char *name, const struct security_descriptor *r)
-{
-	ndr_print_struct(ndr, name, "security_descriptor");
-	{
-		uint32_t _flags_save_STRUCT = ndr->flags;
-		ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
-		ndr->depth++;
-		ndr_print_security_descriptor_revision(ndr, "revision", r->revision);
-		ndr_print_security_descriptor_type(ndr, "type", r->type);
-		ndr_print_ptr(ndr, "owner_sid", r->owner_sid);
-		ndr->depth++;
-		if (r->owner_sid) {
-			ndr_print_dom_sid(ndr, "owner_sid", r->owner_sid);
-		}
-		ndr->depth--;
-		ndr_print_ptr(ndr, "group_sid", r->group_sid);
-		ndr->depth++;
-		if (r->group_sid) {
-			ndr_print_dom_sid(ndr, "group_sid", r->group_sid);
-		}
-		ndr->depth--;
-		ndr_print_ptr(ndr, "sacl", r->sacl);
-		ndr->depth++;
-		if (r->sacl) {
-			ndr_print_security_acl(ndr, "sacl", r->sacl);
-		}
-		ndr->depth--;
-		ndr_print_ptr(ndr, "dacl", r->dacl);
-		ndr->depth++;
-		if (r->dacl) {
-			ndr_print_security_acl(ndr, "dacl", r->dacl);
-		}
-		ndr->depth--;
-		ndr->depth--;
-		ndr->flags = _flags_save_STRUCT;
-	}
-}
-
-enum ndr_err_code ndr_push_security_secinfo(struct ndr_push *ndr, int ndr_flags, uint32_t r)
-{
-	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
-	return NDR_ERR_SUCCESS;
-}
-
-enum ndr_err_code ndr_pull_security_secinfo(struct ndr_pull *ndr, int ndr_flags, uint32_t *r)
-{
-	uint32_t v;
-	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
-	*r = v;
-	return NDR_ERR_SUCCESS;
-}
-
-void ndr_print_security_secinfo(struct ndr_print *ndr, const char *name, uint32_t r)
-{
-	ndr_print_uint32(ndr, name, r);
-	ndr->depth++;
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_OWNER", SECINFO_OWNER, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_GROUP", SECINFO_GROUP, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_DACL", SECINFO_DACL, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_SACL", SECINFO_SACL, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_UNPROTECTED_SACL", SECINFO_UNPROTECTED_SACL, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_UNPROTECTED_DACL", SECINFO_UNPROTECTED_DACL, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_PROTECTED_SACL", SECINFO_PROTECTED_SACL, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_PROTECTED_DACL", SECINFO_PROTECTED_DACL, r);
-	ndr->depth--;
-}
-
diff --git a/source3/librpc/ndr/ndr_string.c b/source3/librpc/ndr/ndr_string.c
index 711dbce538..e553443bd8 100644
--- a/source3/librpc/ndr/ndr_string.c
+++ b/source3/librpc/ndr/ndr_string.c
@@ -633,8 +633,7 @@ _PUBLIC_ void ndr_print_string_array(struct ndr_print *ndr, const char *name, co
 	ndr->depth++;
 	for (i=0;i<count;i++) {
 		char *idx=NULL;
-		asprintf(&idx, "[%d]", i);
-		if (idx) {
+		if (asprintf(&idx, "[%d]", i) != -1) {
 			ndr_print_string(ndr, idx, a[i]);
 			free(idx);
 		}
diff --git a/source3/librpc/ndr/security.h b/source3/librpc/ndr/security.h
deleted file mode 100644
index 99f7daf2bd..0000000000
--- a/source3/librpc/ndr/security.h
+++ /dev/null
@@ -1,257 +0,0 @@
-/* header auto-generated by pidl */
-
-#ifndef _HEADER_security
-#define _HEADER_security
-
-#define SEC_MASK_GENERIC	( 0xF0000000 )
-#define SEC_MASK_FLAGS	( 0x0F000000 )
-#define SEC_MASK_STANDARD	( 0x00FF0000 )
-#define SEC_MASK_SPECIFIC	( 0x0000FFFF )
-#define SEC_GENERIC_ALL	( 0x10000000 )
-#define SEC_GENERIC_EXECUTE	( 0x20000000 )
-#define SEC_GENERIC_WRITE	( 0x40000000 )
-#define SEC_GENERIC_READ	( 0x80000000 )
-#define SEC_FLAG_SYSTEM_SECURITY	( 0x01000000 )
-#define SEC_FLAG_MAXIMUM_ALLOWED	( 0x02000000 )
-#define SEC_STD_DELETE	( 0x00010000 )
-#define SEC_STD_READ_CONTROL	( 0x00020000 )
-#define SEC_STD_WRITE_DAC	( 0x00040000 )
-#define SEC_STD_WRITE_OWNER	( 0x00080000 )
-#define SEC_STD_SYNCHRONIZE	( 0x00100000 )
-#define SEC_STD_REQUIRED	( 0x000F0000 )
-#define SEC_STD_ALL	( 0x001F0000 )
-#define SEC_FILE_READ_DATA	( 0x00000001 )
-#define SEC_FILE_WRITE_DATA	( 0x00000002 )
-#define SEC_FILE_APPEND_DATA	( 0x00000004 )
-#define SEC_FILE_READ_EA	( 0x00000008 )
-#define SEC_FILE_WRITE_EA	( 0x00000010 )
-#define SEC_FILE_EXECUTE	( 0x00000020 )
-#define SEC_FILE_READ_ATTRIBUTE	( 0x00000080 )
-#define SEC_FILE_WRITE_ATTRIBUTE	( 0x00000100 )
-#define SEC_FILE_ALL	( 0x000001ff )
-#define SEC_DIR_LIST	( 0x00000001 )
-#define SEC_DIR_ADD_FILE	( 0x00000002 )
-#define SEC_DIR_ADD_SUBDIR	( 0x00000004 )
-#define SEC_DIR_READ_EA	( 0x00000008 )
-#define SEC_DIR_WRITE_EA	( 0x00000010 )
-#define SEC_DIR_TRAVERSE	( 0x00000020 )
-#define SEC_DIR_DELETE_CHILD	( 0x00000040 )
-#define SEC_DIR_READ_ATTRIBUTE	( 0x00000080 )
-#define SEC_DIR_WRITE_ATTRIBUTE	( 0x00000100 )
-#define SEC_REG_QUERY_VALUE	( 0x00000001 )
-#define SEC_REG_SET_VALUE	( 0x00000002 )
-#define SEC_REG_CREATE_SUBKEY	( 0x00000004 )
-#define SEC_REG_ENUM_SUBKEYS	( 0x00000008 )
-#define SEC_REG_NOTIFY	( 0x00000010 )
-#define SEC_REG_CREATE_LINK	( 0x00000020 )
-#define SEC_ADS_CREATE_CHILD	( 0x00000001 )
-#define SEC_ADS_DELETE_CHILD	( 0x00000002 )
-#define SEC_ADS_LIST	( 0x00000004 )
-#define SEC_ADS_SELF_WRITE	( 0x00000008 )
-#define SEC_ADS_READ_PROP	( 0x00000010 )
-#define SEC_ADS_WRITE_PROP	( 0x00000020 )
-#define SEC_ADS_DELETE_TREE	( 0x00000040 )
-#define SEC_ADS_LIST_OBJECT	( 0x00000080 )
-#define SEC_ADS_CONTROL_ACCESS	( 0x00000100 )
-#define SEC_RIGHTS_FILE_READ	( SEC_STD_READ_CONTROL|SEC_STD_SYNCHRONIZE|SEC_FILE_READ_DATA|SEC_FILE_READ_ATTRIBUTE|SEC_FILE_READ_EA )
-#define SEC_RIGHTS_FILE_WRITE	( SEC_STD_READ_CONTROL|SEC_STD_SYNCHRONIZE|SEC_FILE_WRITE_DATA|SEC_FILE_WRITE_ATTRIBUTE|SEC_FILE_WRITE_EA|SEC_FILE_APPEND_DATA )
-#define SEC_RIGHTS_FILE_EXECUTE	( SEC_STD_SYNCHRONIZE|SEC_STD_READ_CONTROL|SEC_FILE_READ_ATTRIBUTE|SEC_FILE_EXECUTE )
-#define SEC_RIGHTS_FILE_ALL	( SEC_STD_ALL|SEC_FILE_ALL )
-#define SEC_RIGHTS_DIR_READ	( SEC_RIGHTS_FILE_READ )
-#define SEC_RIGHTS_DIR_WRITE	( SEC_RIGHTS_FILE_WRITE )
-#define SEC_RIGHTS_DIR_EXECUTE	( SEC_RIGHTS_FILE_EXECUTE )
-#define SEC_RIGHTS_DIR_ALL	( SEC_RIGHTS_FILE_ALL )
-#define SID_NULL	( "S-1-0-0" )
-#define SID_WORLD_DOMAIN	( "S-1-1" )
-#define SID_WORLD	( "S-1-1-0" )
-#define SID_CREATOR_OWNER_DOMAIN	( "S-1-3" )
-#define SID_CREATOR_OWNER	( "S-1-3-0" )
-#define SID_CREATOR_GROUP	( "S-1-3-1" )
-#define SID_NT_AUTHORITY	( "S-1-5" )
-#define SID_NT_DIALUP	( "S-1-5-1" )
-#define SID_NT_NETWORK	( "S-1-5-2" )
-#define SID_NT_BATCH	( "S-1-5-3" )
-#define SID_NT_INTERACTIVE	( "S-1-5-4" )
-#define SID_NT_SERVICE	( "S-1-5-6" )
-#define SID_NT_ANONYMOUS	( "S-1-5-7" )
-#define SID_NT_PROXY	( "S-1-5-8" )
-#define SID_NT_ENTERPRISE_DCS	( "S-1-5-9" )
-#define SID_NT_SELF	( "S-1-5-10" )
-#define SID_NT_AUTHENTICATED_USERS	( "S-1-5-11" )
-#define SID_NT_RESTRICTED	( "S-1-5-12" )
-#define SID_NT_TERMINAL_SERVER_USERS	( "S-1-5-13" )
-#define SID_NT_REMOTE_INTERACTIVE	( "S-1-5-14" )
-#define SID_NT_THIS_ORGANISATION	( "S-1-5-15" )
-#define SID_NT_SYSTEM	( "S-1-5-18" )
-#define SID_NT_LOCAL_SERVICE	( "S-1-5-19" )
-#define SID_NT_NETWORK_SERVICE	( "S-1-5-20" )
-#define SID_BUILTIN	( "S-1-5-32" )
-#define SID_BUILTIN_ADMINISTRATORS	( "S-1-5-32-544" )
-#define SID_BUILTIN_USERS	( "S-1-5-32-545" )
-#define SID_BUILTIN_GUESTS	( "S-1-5-32-546" )
-#define SID_BUILTIN_POWER_USERS	( "S-1-5-32-547" )
-#define SID_BUILTIN_ACCOUNT_OPERATORS	( "S-1-5-32-548" )
-#define SID_BUILTIN_SERVER_OPERATORS	( "S-1-5-32-549" )
-#define SID_BUILTIN_PRINT_OPERATORS	( "S-1-5-32-550" )
-#define SID_BUILTIN_BACKUP_OPERATORS	( "S-1-5-32-551" )
-#define SID_BUILTIN_REPLICATOR	( "S-1-5-32-552" )
-#define SID_BUILTIN_RAS_SERVERS	( "S-1-5-32-553" )
-#define SID_BUILTIN_PREW2K	( "S-1-5-32-554" )
-#define DOMAIN_RID_LOGON	( 9 )
-#define DOMAIN_RID_ADMINISTRATOR	( 500 )
-#define DOMAIN_RID_GUEST	( 501 )
-#define DOMAIN_RID_ADMINS	( 512 )
-#define DOMAIN_RID_USERS	( 513 )
-#define DOMAIN_RID_DCS	( 516 )
-#define DOMAIN_RID_CERT_ADMINS	( 517 )
-#define DOMAIN_RID_SCHEMA_ADMINS	( 518 )
-#define DOMAIN_RID_ENTERPRISE_ADMINS	( 519 )
-#define NT4_ACL_REVISION	( SECURITY_ACL_REVISION_NT4 )
-#define SD_REVISION	( SECURITY_DESCRIPTOR_REVISION_1 )
-enum sec_privilege {
-	SEC_PRIV_SECURITY=1,
-	SEC_PRIV_BACKUP=2,
-	SEC_PRIV_RESTORE=3,
-	SEC_PRIV_SYSTEMTIME=4,
-	SEC_PRIV_SHUTDOWN=5,
-	SEC_PRIV_REMOTE_SHUTDOWN=6,
-	SEC_PRIV_TAKE_OWNERSHIP=7,
-	SEC_PRIV_DEBUG=8,
-	SEC_PRIV_SYSTEM_ENVIRONMENT=9,
-	SEC_PRIV_SYSTEM_PROFILE=10,
-	SEC_PRIV_PROFILE_SINGLE_PROCESS=11,
-	SEC_PRIV_INCREASE_BASE_PRIORITY=12,
-	SEC_PRIV_LOAD_DRIVER=13,
-	SEC_PRIV_CREATE_PAGEFILE=14,
-	SEC_PRIV_INCREASE_QUOTA=15,
-	SEC_PRIV_CHANGE_NOTIFY=16,
-	SEC_PRIV_UNDOCK=17,
-	SEC_PRIV_MANAGE_VOLUME=18,
-	SEC_PRIV_IMPERSONATE=19,
-	SEC_PRIV_CREATE_GLOBAL=20,
-	SEC_PRIV_ENABLE_DELEGATION=21,
-	SEC_PRIV_INTERACTIVE_LOGON=22,
-	SEC_PRIV_NETWORK_LOGON=23,
-	SEC_PRIV_REMOTE_INTERACTIVE_LOGON=24
-};
-
-/* bitmap security_ace_flags */
-#define SEC_ACE_FLAG_OBJECT_INHERIT ( 0x01 )
-#define SEC_ACE_FLAG_CONTAINER_INHERIT ( 0x02 )
-#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT ( 0x04 )
-#define SEC_ACE_FLAG_INHERIT_ONLY ( 0x08 )
-#define SEC_ACE_FLAG_INHERITED_ACE ( 0x10 )
-#define SEC_ACE_FLAG_VALID_INHERIT ( 0x0f )
-#define SEC_ACE_FLAG_SUCCESSFUL_ACCESS ( 0x40 )
-#define SEC_ACE_FLAG_FAILED_ACCESS ( 0x80 )
-
-enum security_ace_type {
-	SEC_ACE_TYPE_ACCESS_ALLOWED=0,
-	SEC_ACE_TYPE_ACCESS_DENIED=1,
-	SEC_ACE_TYPE_SYSTEM_AUDIT=2,
-	SEC_ACE_TYPE_SYSTEM_ALARM=3,
-	SEC_ACE_TYPE_ALLOWED_COMPOUND=4,
-	SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT=5,
-	SEC_ACE_TYPE_ACCESS_DENIED_OBJECT=6,
-	SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT=7,
-	SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT=8
-};
-
-/* bitmap security_ace_object_flags */
-#define SEC_ACE_OBJECT_TYPE_PRESENT ( 0x00000001 )
-#define SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT ( 0x00000002 )
-
-union security_ace_object_type {
-	struct GUID type;/* [case(SEC_ACE_OBJECT_TYPE_PRESENT)] */
-}/* [nodiscriminant] */;
-
-union security_ace_object_inherited_type {
-	struct GUID inherited_type;/* [case(SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT)] */
-}/* [nodiscriminant] */;
-
-struct security_ace_object {
-	uint32_t flags;
-	union security_ace_object_type type;/* [switch_is(flags&SEC_ACE_OBJECT_TYPE_PRESENT)] */
-	union security_ace_object_inherited_type inherited_type;/* [switch_is(flags&SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT)] */
-};
-
-union security_ace_object_ctr {
-	struct security_ace_object object;/* [case(SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT)] */
-}/* [nodiscriminant] */;
-
-struct security_ace {
-	enum security_ace_type type;
-	uint8_t flags;
-	uint16_t size;/* [value(ndr_size_security_ace(r,ndr->flags))] */
-	uint32_t access_mask;
-	union security_ace_object_ctr object;/* [switch_is(type)] */
-	struct dom_sid trustee;
-}/* [gensize,public,nosize] */;
-
-enum security_acl_revision {
-	SECURITY_ACL_REVISION_NT4=2,
-	SECURITY_ACL_REVISION_ADS=4
-};
-
-struct security_acl {
-	enum security_acl_revision revision;
-	uint16_t size;/* [value(ndr_size_security_acl(r,ndr->flags))] */
-	uint32_t num_aces;/* [range(0 1000)] */
-	struct security_ace *aces;
-}/* [gensize,public,nosize] */;
-
-enum security_descriptor_revision {
-	SECURITY_DESCRIPTOR_REVISION_1=1
-};
-
-/* bitmap security_descriptor_type */
-#define SEC_DESC_OWNER_DEFAULTED ( 0x0001 )
-#define SEC_DESC_GROUP_DEFAULTED ( 0x0002 )
-#define SEC_DESC_DACL_PRESENT ( 0x0004 )
-#define SEC_DESC_DACL_DEFAULTED ( 0x0008 )
-#define SEC_DESC_SACL_PRESENT ( 0x0010 )
-#define SEC_DESC_SACL_DEFAULTED ( 0x0020 )
-#define SEC_DESC_DACL_TRUSTED ( 0x0040 )
-#define SEC_DESC_SERVER_SECURITY ( 0x0080 )
-#define SEC_DESC_DACL_AUTO_INHERIT_REQ ( 0x0100 )
-#define SEC_DESC_SACL_AUTO_INHERIT_REQ ( 0x0200 )
-#define SEC_DESC_DACL_AUTO_INHERITED ( 0x0400 )
-#define SEC_DESC_SACL_AUTO_INHERITED ( 0x0800 )
-#define SEC_DESC_DACL_PROTECTED ( 0x1000 )
-#define SEC_DESC_SACL_PROTECTED ( 0x2000 )
-#define SEC_DESC_RM_CONTROL_VALID ( 0x4000 )
-#define SEC_DESC_SELF_RELATIVE ( 0x8000 )
-
-struct security_descriptor {
-	enum security_descriptor_revision revision;
-	uint16_t type;
-	struct dom_sid *owner_sid;/* [relative] */
-	struct dom_sid *group_sid;/* [relative] */
-	struct security_acl *sacl;/* [relative] */
-	struct security_acl *dacl;/* [relative] */
-}/* [gensize,public,flag(LIBNDR_FLAG_LITTLE_ENDIAN),nosize] */;
-
-struct sec_desc_buf {
-	uint32_t sd_size;/* [value(ndr_size_security_descriptor(sd,ndr->flags)),range(0 0x40000)] */
-	struct security_descriptor *sd;/* [unique,subcontext(4)] */
-}/* [public] */;
-
-struct security_token {
-	struct dom_sid *user_sid;/* [unique] */
-	struct dom_sid *group_sid;/* [unique] */
-	uint32_t num_sids;
-	struct dom_sid **sids;/* [unique,size_is(num_sids)] */
-	uint64_t privilege_mask;
-}/* [public] */;
-
-/* bitmap security_secinfo */
-#define SECINFO_OWNER ( 0x00000001 )
-#define SECINFO_GROUP ( 0x00000002 )
-#define SECINFO_DACL ( 0x00000004 )
-#define SECINFO_SACL ( 0x00000008 )
-#define SECINFO_UNPROTECTED_SACL ( 0x10000000 )
-#define SECINFO_UNPROTECTED_DACL ( 0x20000000 )
-#define SECINFO_PROTECTED_SACL ( 0x40000000 )
-#define SECINFO_PROTECTED_DACL ( 0x80000000 )
-
-#endif /* _HEADER_security */
diff --git a/source3/librpc/ndr/sid.c b/source3/librpc/ndr/sid.c
index 89ab2b8ea5..b6ec045806 100644
--- a/source3/librpc/ndr/sid.c
+++ b/source3/librpc/ndr/sid.c
@@ -187,70 +187,3 @@ enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const
 
 	return NDR_ERR_SUCCESS;
 }
-
-enum ndr_err_code ndr_push_sec_desc_buf(struct ndr_push *ndr, int ndr_flags, const struct sec_desc_buf *r)
-{
-	if (ndr_flags & NDR_SCALARS) {
-		NDR_CHECK(ndr_push_align(ndr, 4));
-		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_size_security_descriptor(r->sd,ndr->flags)));
-		NDR_CHECK(ndr_push_unique_ptr(ndr, r->sd));
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-		if (r->sd) {
-			{
-				struct ndr_push *_ndr_sd;
-				NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_sd, 4, -1));
-				NDR_CHECK(ndr_push_security_descriptor(_ndr_sd, NDR_SCALARS|NDR_BUFFERS, r->sd));
-				NDR_CHECK(ndr_push_subcontext_end(ndr, _ndr_sd, 4, -1));
-			}
-		}
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-enum ndr_err_code ndr_pull_sec_desc_buf(struct ndr_pull *ndr, int ndr_flags, struct sec_desc_buf *r)
-{
-	uint32_t _ptr_sd;
-	TALLOC_CTX *_mem_save_sd_0;
-	if (ndr_flags & NDR_SCALARS) {
-		NDR_CHECK(ndr_pull_align(ndr, 4));
-		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sd_size));
-		if (r->sd_size > 0x40000) { /* sd_size is unsigned */
-			return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
-		}
-		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sd));
-		if (_ptr_sd) {
-			NDR_PULL_ALLOC(ndr, r->sd);
-		} else {
-			r->sd = NULL;
-		}
-	}
-	if (ndr_flags & NDR_BUFFERS) {
-		if (r->sd) {
-			_mem_save_sd_0 = NDR_PULL_GET_MEM_CTX(ndr);
-			NDR_PULL_SET_MEM_CTX(ndr, r->sd, 0);
-			{
-				struct ndr_pull *_ndr_sd;
-				NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_sd, 4, -1));
-				NDR_CHECK(ndr_pull_security_descriptor(_ndr_sd, NDR_SCALARS|NDR_BUFFERS, r->sd));
-				NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_sd, 4, -1));
-			}
-			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sd_0, 0);
-		}
-	}
-	return NDR_ERR_SUCCESS;
-}
-
-void ndr_print_sec_desc_buf(struct ndr_print *ndr, const char *name, const struct sec_desc_buf *r)
-{
-	ndr_print_struct(ndr, name, "sec_desc_buf");
-	ndr->depth++;
-	ndr_print_uint32(ndr, "sd_size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?ndr_size_security_descriptor(r->sd,ndr->flags):r->sd_size);
-	ndr_print_ptr(ndr, "sd", r->sd);
-	ndr->depth++;
-	if (r->sd) {
-		ndr_print_security_descriptor(ndr, "sd", r->sd);
-	}
-	ndr->depth--;
-	ndr->depth--;
-}
diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c
new file mode 100644
index 0000000000..21bcd5b9b1
--- /dev/null
+++ b/source3/libsmb/async_smb.c
@@ -0,0 +1,483 @@
+/*
+   Unix SMB/CIFS implementation.
+   Infrastructure for async SMB client requests
+   Copyright (C) Volker Lendecke 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+
+/*
+ * Fetch an error out of a NBT packet
+ */
+
+NTSTATUS cli_pull_error(char *buf)
+{
+	uint32_t flags2 = SVAL(buf, smb_flg2);
+
+	if (flags2 & FLAGS2_32_BIT_ERROR_CODES) {
+		return NT_STATUS(IVAL(buf, smb_rcls));
+	}
+
+	return NT_STATUS_DOS(CVAL(buf, smb_rcls), SVAL(buf,smb_err));
+}
+
+/*
+ * Compatibility helper for the sync APIs: Fake NTSTATUS in cli->inbuf
+ */
+
+void cli_set_error(struct cli_state *cli, NTSTATUS status)
+{
+	uint32_t flags2 = SVAL(cli->inbuf, smb_flg2);
+
+	if (NT_STATUS_IS_DOS(status)) {
+		SSVAL(cli->inbuf, smb_flg2,
+		      flags2 & ~FLAGS2_32_BIT_ERROR_CODES);
+		SCVAL(cli->inbuf, smb_rcls, NT_STATUS_DOS_CLASS(status));
+		SSVAL(cli->inbuf, smb_err, NT_STATUS_DOS_CODE(status));
+		return;
+	}
+
+	SSVAL(cli->inbuf, smb_flg2, flags2 | FLAGS2_32_BIT_ERROR_CODES);
+	SIVAL(cli->inbuf, smb_rcls, NT_STATUS_V(status));
+	return;
+}
+
+/*
+ * Allocate a new mid
+ */
+
+static uint16_t cli_new_mid(struct cli_state *cli)
+{
+	uint16_t result;
+	struct cli_request *req;
+
+	while (true) {
+		result = cli->mid++;
+		if (result == 0) {
+			continue;
+		}
+
+		for (req = cli->outstanding_requests; req; req = req->next) {
+			if (result == req->mid) {
+				break;
+			}
+		}
+
+		if (req == NULL) {
+			return result;
+		}
+	}
+}
+
+static char *cli_request_print(TALLOC_CTX *mem_ctx, struct async_req *req)
+{
+	char *result = async_req_print(mem_ctx, req);
+	struct cli_request *cli_req = cli_request_get(req);
+
+	if (result == NULL) {
+		return NULL;
+	}
+
+	return talloc_asprintf_append_buffer(
+		result, "mid=%d\n", cli_req->mid);
+}
+
+static int cli_request_destructor(struct cli_request *req)
+{
+	if (req->enc_state != NULL) {
+		common_free_enc_buffer(req->enc_state, req->outbuf);
+	}
+	DLIST_REMOVE(req->cli->outstanding_requests, req);
+	return 0;
+}
+
+/*
+ * Create a fresh async smb request
+ */
+
+struct async_req *cli_request_new(TALLOC_CTX *mem_ctx,
+				  struct event_context *ev,
+				  struct cli_state *cli,
+				  uint8_t num_words, size_t num_bytes,
+				  struct cli_request **preq)
+{
+	struct async_req *result;
+	struct cli_request *cli_req;
+	size_t bufsize = smb_size + num_words * 2 + num_bytes;
+
+	result = async_req_new(mem_ctx, ev);
+	if (result == NULL) {
+		return NULL;
+	}
+
+	cli_req = (struct cli_request *)talloc_size(
+		result, sizeof(*cli_req) + bufsize);
+	if (cli_req == NULL) {
+		TALLOC_FREE(result);
+		return NULL;
+	}
+	talloc_set_name_const(cli_req, "struct cli_request");
+	result->private_data = cli_req;
+	result->print = cli_request_print;
+
+	cli_req->async = result;
+	cli_req->cli = cli;
+	cli_req->outbuf = ((char *)cli_req + sizeof(*cli_req));
+	cli_req->sent = 0;
+	cli_req->mid = cli_new_mid(cli);
+	cli_req->inbuf = NULL;
+	cli_req->enc_state = NULL;
+
+	SCVAL(cli_req->outbuf, smb_wct, num_words);
+	SSVAL(cli_req->outbuf, smb_vwv + num_words * 2, num_bytes);
+
+	DLIST_ADD_END(cli->outstanding_requests, cli_req,
+		      struct cli_request *);
+	talloc_set_destructor(cli_req, cli_request_destructor);
+
+	DEBUG(10, ("cli_request_new: mid=%d\n", cli_req->mid));
+
+	*preq = cli_req;
+	return result;
+}
+
+/*
+ * Convenience function to get the SMB part out of an async_req
+ */
+
+struct cli_request *cli_request_get(struct async_req *req)
+{
+	if (req == NULL) {
+		return NULL;
+	}
+	return talloc_get_type_abort(req->private_data, struct cli_request);
+}
+
+/*
+ * A PDU has arrived on cli->evt_inbuf
+ */
+
+static void handle_incoming_pdu(struct cli_state *cli)
+{
+	struct cli_request *req;
+	uint16_t mid;
+	size_t raw_pdu_len, buf_len, pdu_len;
+	size_t rest_len;
+	NTSTATUS status;
+
+	/*
+	 * The encrypted PDU len might differ from the unencrypted one
+	 */
+	raw_pdu_len = smb_len(cli->evt_inbuf) + 4;
+
+	/*
+	 * TODO: Handle oplock break requests
+	 */
+
+	if (cli_encryption_on(cli) && CVAL(cli->evt_inbuf, 0) == 0) {
+		uint16_t enc_ctx_num;
+
+		status = get_enc_ctx_num((uint8_t *)cli->evt_inbuf,
+					 &enc_ctx_num);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(10, ("get_enc_ctx_num returned %s\n",
+				   nt_errstr(status)));
+			goto invalidate_requests;
+		}
+
+		if (enc_ctx_num != cli->trans_enc_state->enc_ctx_num) {
+			DEBUG(10, ("wrong enc_ctx %d, expected %d\n",
+				   enc_ctx_num,
+				   cli->trans_enc_state->enc_ctx_num));
+			status = NT_STATUS_INVALID_HANDLE;
+			goto invalidate_requests;
+		}
+
+		status = common_decrypt_buffer(cli->trans_enc_state,
+					       cli->evt_inbuf);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(10, ("common_decrypt_buffer returned %s\n",
+				   nt_errstr(status)));
+			goto invalidate_requests;
+		}
+	}
+
+	if (!cli_check_sign_mac(cli, cli->evt_inbuf)) {
+		DEBUG(10, ("cli_check_sign_mac failed\n"));
+		status = NT_STATUS_ACCESS_DENIED;
+		goto invalidate_requests;
+	}
+
+	mid = SVAL(cli->evt_inbuf, smb_mid);
+
+	DEBUG(10, ("handle_incoming_pdu: got mid %d\n", mid));
+
+	for (req = cli->outstanding_requests; req; req = req->next) {
+		if (req->mid == mid) {
+			break;
+		}
+	}
+
+	buf_len = talloc_get_size(cli->evt_inbuf);
+	pdu_len = smb_len(cli->evt_inbuf) + 4;
+	rest_len = buf_len - raw_pdu_len;
+
+	if (req == NULL) {
+		DEBUG(3, ("Request for mid %d not found, dumping PDU\n", mid));
+
+		memmove(cli->evt_inbuf,	cli->evt_inbuf + raw_pdu_len,
+			buf_len - raw_pdu_len);
+
+		cli->evt_inbuf = TALLOC_REALLOC_ARRAY(NULL, cli->evt_inbuf,
+						      char, rest_len);
+		return;
+	}
+
+	if (buf_len == pdu_len) {
+		/*
+		 * Optimal case: Exactly one PDU was in the socket buffer
+		 */
+		req->inbuf = talloc_move(req, &cli->evt_inbuf);
+		goto done;
+	}
+
+	DEBUG(11, ("buf_len = %d, pdu_len = %d, splitting buffer\n",
+		   (int)buf_len, (int)pdu_len));
+
+	if (pdu_len < rest_len) {
+		/*
+		 * The PDU is shorter, talloc_memdup that one.
+		 */
+		req->inbuf = (char *)talloc_memdup(
+			req, cli->evt_inbuf, pdu_len);
+
+		memmove(cli->evt_inbuf,
+			cli->evt_inbuf + raw_pdu_len,
+			buf_len - raw_pdu_len);
+
+		cli->evt_inbuf = TALLOC_REALLOC_ARRAY(
+			NULL, cli->evt_inbuf, char, rest_len);
+	}
+	else {
+		/*
+		 * The PDU is larger than the rest,
+		 * talloc_memdup the rest
+		 */
+		req->inbuf = talloc_move(req, &cli->evt_inbuf);
+
+		cli->evt_inbuf = (char *)talloc_memdup(
+			cli, req->inbuf + raw_pdu_len,
+			rest_len);
+	}
+
+	if ((req->inbuf == NULL) || (cli->evt_inbuf == NULL)) {
+		status = NT_STATUS_NO_MEMORY;
+		goto invalidate_requests;
+	}
+
+ done:
+	async_req_done(req->async);
+	return;
+
+ invalidate_requests:
+
+	DEBUG(10, ("handle_incoming_pdu: Aborting with %s\n",
+		   nt_errstr(status)));
+
+	for (req = cli->outstanding_requests; req; req = req->next) {
+		async_req_error(req->async, status);
+	}
+	return;
+}
+
+/*
+ * fd event callback. This is the basic connection to the socket
+ */
+
+static void cli_state_handler(struct event_context *event_ctx,
+			      struct fd_event *event, uint16 flags, void *p)
+{
+	struct cli_state *cli = (struct cli_state *)p;
+	struct cli_request *req;
+
+	DEBUG(11, ("cli_state_handler called with flags %d\n", flags));
+
+	if (flags & EVENT_FD_READ) {
+		int res, available;
+		size_t old_size, new_size;
+		char *tmp;
+
+		res = ioctl(cli->fd, FIONREAD, &available);
+		if (res == -1) {
+			DEBUG(10, ("ioctl(FIONREAD) failed: %s\n",
+				   strerror(errno)));
+			goto sock_error;
+		}
+
+		if (available == 0) {
+			/* EOF */
+			goto sock_error;
+		}
+
+		old_size = talloc_get_size(cli->evt_inbuf);
+		new_size = old_size + available;
+
+		if (new_size < old_size) {
+			/* wrap */
+			goto sock_error;
+		}
+
+		tmp = TALLOC_REALLOC_ARRAY(cli, cli->evt_inbuf, char,
+					   new_size);
+		if (tmp == NULL) {
+			/* nomem */
+			goto sock_error;
+		}
+		cli->evt_inbuf = tmp;
+
+		res = recv(cli->fd, cli->evt_inbuf + old_size, available, 0);
+		if (res == -1) {
+			DEBUG(10, ("recv failed: %s\n", strerror(errno)));
+			goto sock_error;
+		}
+
+		DEBUG(11, ("cli_state_handler: received %d bytes, "
+			   "smb_len(evt_inbuf) = %d\n", (int)res,
+			   smb_len(cli->evt_inbuf)));
+
+		/* recv *might* have returned less than announced */
+		new_size = old_size + res;
+
+		/* shrink, so I don't expect errors here */
+		cli->evt_inbuf = TALLOC_REALLOC_ARRAY(cli, cli->evt_inbuf,
+						      char, new_size);
+
+		while ((cli->evt_inbuf != NULL)
+		       && ((smb_len(cli->evt_inbuf) + 4) <= new_size)) {
+			/*
+			 * we've got a complete NBT level PDU in evt_inbuf
+			 */
+			handle_incoming_pdu(cli);
+			new_size = talloc_get_size(cli->evt_inbuf);
+		}
+	}
+
+	if (flags & EVENT_FD_WRITE) {
+		size_t to_send;
+		ssize_t sent;
+
+		for (req = cli->outstanding_requests; req; req = req->next) {
+			to_send = smb_len(req->outbuf)+4;
+			if (to_send > req->sent) {
+				break;
+			}
+		}
+
+		if (req == NULL) {
+			event_fd_set_not_writeable(event);
+			return;
+		}
+
+		sent = send(cli->fd, req->outbuf + req->sent,
+			    to_send - req->sent, 0);
+
+		if (sent < 0) {
+			goto sock_error;
+		}
+
+		req->sent += sent;
+
+		if (req->sent == to_send) {
+			return;
+		}
+	}
+	return;
+
+ sock_error:
+	for (req = cli->outstanding_requests; req; req = req->next) {
+		req->async->state = ASYNC_REQ_ERROR;
+		req->async->status = map_nt_error_from_unix(errno);
+	}
+	TALLOC_FREE(cli->fd_event);
+	close(cli->fd);
+	cli->fd = -1;
+}
+
+/*
+ * Holder for a talloc_destructor, we need to zero out the pointers in cli
+ * when deleting
+ */
+struct cli_tmp_event {
+	struct cli_state *cli;
+};
+
+static int cli_tmp_event_destructor(struct cli_tmp_event *e)
+{
+	TALLOC_FREE(e->cli->fd_event);
+	TALLOC_FREE(e->cli->event_ctx);
+	return 0;
+}
+
+/*
+ * Create a temporary event context for use in the sync helper functions
+ */
+
+struct cli_tmp_event *cli_tmp_event_ctx(TALLOC_CTX *mem_ctx,
+					struct cli_state *cli)
+{
+	struct cli_tmp_event *state;
+
+	if (cli->event_ctx != NULL) {
+		return NULL;
+	}
+
+	state = talloc(mem_ctx, struct cli_tmp_event);
+	if (state == NULL) {
+		return NULL;
+	}
+	state->cli = cli;
+	talloc_set_destructor(state, cli_tmp_event_destructor);
+
+	cli->event_ctx = event_context_init(state);
+	if (cli->event_ctx == NULL) {
+		TALLOC_FREE(state);
+		return NULL;
+	}
+
+	cli->fd_event = event_add_fd(cli->event_ctx, state, cli->fd,
+				     EVENT_FD_READ, cli_state_handler, cli);
+	if (cli->fd_event == NULL) {
+		TALLOC_FREE(state);
+		return NULL;
+	}
+	return state;
+}
+
+/*
+ * Attach an event context permanently to a cli_struct
+ */
+
+NTSTATUS cli_add_event_ctx(struct cli_state *cli,
+			   struct event_context *event_ctx)
+{
+	cli->event_ctx = event_ctx;
+	cli->fd_event = event_add_fd(event_ctx, cli, cli->fd, EVENT_FD_READ,
+				     cli_state_handler, cli);
+	if (cli->fd_event == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	return NT_STATUS_OK;
+}
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 4560521d4a..912b841d5e 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -581,8 +581,8 @@ static bool cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob, DATA_B
 		if (cli_is_error(cli) &&
 				!NT_STATUS_EQUAL( cli_get_nt_error(cli), 
 					NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-			DEBUG(0, ("cli_session_setup_blob: recieve failed (%s)\n",
-				nt_errstr(cli_get_nt_error(cli)) ));
+			DEBUG(0, ("cli_session_setup_blob: receive failed "
+				  "(%s)\n", nt_errstr(cli_get_nt_error(cli))));
 			cli->vuid = 0;
 			return False;
 		}
@@ -627,7 +627,7 @@ static ADS_STATUS cli_session_setup_kerberos(struct cli_state *cli, const char *
 	if (!cli_session_setup_blob(cli, negTokenTarg, session_key_krb5)) {
 		data_blob_free(&negTokenTarg);
 		data_blob_free(&session_key_krb5);
-		ADS_ERROR_NT(cli_nt_error(cli));
+		return ADS_ERROR_NT(cli_nt_error(cli));
 	}
 
 	cli_set_session_key(cli, session_key_krb5);
@@ -757,9 +757,9 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use
 			
 			/* 'resign' the last message, so we get the right sequence numbers
 			   for checking the first reply from the server */
-			cli_calculate_sign_mac(cli);
+			cli_calculate_sign_mac(cli, cli->outbuf);
 			
-			if (!cli_check_sign_mac(cli)) {
+			if (!cli_check_sign_mac(cli, cli->inbuf)) {
 				nt_status = NT_STATUS_ACCESS_DENIED;
 			}
 		}
@@ -872,13 +872,27 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
 			!strequal(star_smbserver_name,
 				cli->desthost)) {
 			char *realm = NULL;
+			char *machine = NULL;
+			char *host = NULL;
 			DEBUG(3,("cli_session_setup_spnego: got a "
 				"bad server principal, trying to guess ...\n"));
 
+			host = strchr_m(cli->desthost, '.');
+			if (host) {
+				machine = SMB_STRNDUP(cli->desthost,
+					host - cli->desthost);
+			} else {
+				machine = SMB_STRDUP(cli->desthost);
+			}
+			if (machine == NULL) {
+				return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+			}
+
 			realm = kerberos_get_default_realm_from_ccache();
 			if (realm && *realm) {
 				if (asprintf(&principal, "%s$@%s",
-						cli->desthost, realm) < 0) {
+						machine, realm) < 0) {
+					SAFE_FREE(machine);
 					SAFE_FREE(realm);
 					return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
 				}
@@ -886,6 +900,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user,
 					"server principal=%s\n",
 					principal ? principal : "<null>"));
 			}
+			SAFE_FREE(machine);
 			SAFE_FREE(realm);
 		}
 
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index ecef293d07..64191239d3 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -69,15 +69,36 @@ int cli_set_port(struct cli_state *cli, int port)
 
 static ssize_t client_receive_smb(struct cli_state *cli, size_t maxlen)
 {
-	ssize_t len;
+	size_t len;
 
 	for(;;) {
-		len = receive_smb_raw(cli->fd, cli->inbuf, cli->timeout,
-				maxlen, &cli->smb_rw_error);
+		NTSTATUS status;
 
-		if (len < 0) {
+		set_smb_read_error(&cli->smb_rw_error, SMB_READ_OK);
+
+		status = receive_smb_raw(cli->fd, cli->inbuf, cli->timeout,
+					 maxlen, &len);
+		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(10,("client_receive_smb failed\n"));
 			show_msg(cli->inbuf);
+
+			if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)) {
+				set_smb_read_error(&cli->smb_rw_error,
+						   SMB_READ_EOF);
+				return -1;
+			}
+
+			if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+				set_smb_read_error(&cli->smb_rw_error,
+						   SMB_READ_TIMEOUT);
+				return -1;
+			}
+
+			set_smb_read_error(&cli->smb_rw_error, SMB_READ_ERROR);
+			return -1;
+		}
+
+		if (len < 0) {
 			return len;
 		}
 
@@ -143,7 +164,7 @@ bool cli_receive_smb(struct cli_state *cli)
 		return false;
 	}
 
-	if (!cli_check_sign_mac(cli)) {
+	if (!cli_check_sign_mac(cli, cli->inbuf)) {
 		/*
 		 * If we get a signature failure in sessionsetup, then
 		 * the server sometimes just reflects the sent signature
@@ -180,12 +201,28 @@ bool cli_receive_smb(struct cli_state *cli)
 
 ssize_t cli_receive_smb_data(struct cli_state *cli, char *buffer, size_t len)
 {
-	if (cli->timeout > 0) {
-		return read_socket_with_timeout(cli->fd, buffer, len,
-						len, cli->timeout, &cli->smb_rw_error);
-	} else {
-		return read_data(cli->fd, buffer, len, &cli->smb_rw_error);
+	NTSTATUS status;
+
+	set_smb_read_error(&cli->smb_rw_error, SMB_READ_OK);
+
+	status = read_socket_with_timeout(
+		cli->fd, buffer, len, len, cli->timeout, NULL);
+	if (NT_STATUS_IS_OK(status)) {
+		return len;
 	}
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)) {
+		set_smb_read_error(&cli->smb_rw_error, SMB_READ_EOF);
+		return -1;
+	}
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+		set_smb_read_error(&cli->smb_rw_error, SMB_READ_TIMEOUT);
+		return -1;
+	}
+
+	set_smb_read_error(&cli->smb_rw_error, SMB_READ_ERROR);
+	return -1;
 }
 
 /****************************************************************************
@@ -306,10 +343,11 @@ bool cli_send_smb(struct cli_state *cli)
 	if (cli->fd == -1)
 		return false;
 
-	cli_calculate_sign_mac(cli);
+	cli_calculate_sign_mac(cli, cli->outbuf);
 
 	if (enc_on) {
-		NTSTATUS status = cli_encrypt_message(cli, &buf_out);
+		NTSTATUS status = cli_encrypt_message(cli, cli->outbuf,
+						      &buf_out);
 		if (!NT_STATUS_IS_OK(status)) {
 			close(cli->fd);
 			cli->fd = -1;
@@ -412,31 +450,41 @@ bool cli_send_smb_direct_writeX(struct cli_state *cli,
  Setup basics in a outgoing packet.
 ****************************************************************************/
 
-void cli_setup_packet(struct cli_state *cli)
+void cli_setup_packet_buf(struct cli_state *cli, char *buf)
 {
+	uint16 flags2;
 	cli->rap_error = 0;
-	SSVAL(cli->outbuf,smb_pid,cli->pid);
-	SSVAL(cli->outbuf,smb_uid,cli->vuid);
-	SSVAL(cli->outbuf,smb_mid,cli->mid);
-	if (cli->protocol > PROTOCOL_CORE) {
-		uint16 flags2;
-		if (cli->case_sensitive) {
-			SCVAL(cli->outbuf,smb_flg,0x0);
-		} else {
-			/* Default setting, case insensitive. */
-			SCVAL(cli->outbuf,smb_flg,0x8);
-		}
-		flags2 = FLAGS2_LONG_PATH_COMPONENTS;
-		if (cli->capabilities & CAP_UNICODE)
-			flags2 |= FLAGS2_UNICODE_STRINGS;
-		if ((cli->capabilities & CAP_DFS) && cli->dfsroot)
-			flags2 |= FLAGS2_DFS_PATHNAMES;
-		if (cli->capabilities & CAP_STATUS32)
-			flags2 |= FLAGS2_32_BIT_ERROR_CODES;
-		if (cli->use_spnego)
-			flags2 |= FLAGS2_EXTENDED_SECURITY;
-		SSVAL(cli->outbuf,smb_flg2, flags2);
+	SIVAL(buf,smb_rcls,0);
+	SSVAL(buf,smb_pid,cli->pid);
+	memset(buf+smb_pidhigh, 0, 12);
+	SSVAL(buf,smb_uid,cli->vuid);
+	SSVAL(buf,smb_mid,cli->mid);
+
+	if (cli->protocol <= PROTOCOL_CORE) {
+		return;
 	}
+
+	if (cli->case_sensitive) {
+		SCVAL(buf,smb_flg,0x0);
+	} else {
+		/* Default setting, case insensitive. */
+		SCVAL(buf,smb_flg,0x8);
+	}
+	flags2 = FLAGS2_LONG_PATH_COMPONENTS;
+	if (cli->capabilities & CAP_UNICODE)
+		flags2 |= FLAGS2_UNICODE_STRINGS;
+	if ((cli->capabilities & CAP_DFS) && cli->dfsroot)
+		flags2 |= FLAGS2_DFS_PATHNAMES;
+	if (cli->capabilities & CAP_STATUS32)
+		flags2 |= FLAGS2_32_BIT_ERROR_CODES;
+	if (cli->use_spnego)
+		flags2 |= FLAGS2_EXTENDED_SECURITY;
+	SSVAL(buf,smb_flg2, flags2);
+}
+
+void cli_setup_packet(struct cli_state *cli)
+{
+	cli_setup_packet_buf(cli, cli->outbuf);
 }
 
 /****************************************************************************
@@ -499,7 +547,7 @@ struct cli_state *cli_initialise(void)
 		return NULL;
 	}
 
-	cli = SMB_MALLOC_P(struct cli_state);
+	cli = talloc(NULL, struct cli_state);
 	if (!cli) {
 		return NULL;
 	}
@@ -657,7 +705,7 @@ void cli_shutdown(struct cli_state *cli)
 	cli->fd = -1;
 	cli->smb_rw_error = SMB_READ_OK;
 
-	SAFE_FREE(cli);
+	TALLOC_FREE(cli);
 }
 
 /****************************************************************************
diff --git a/source3/libsmb/clierror.c b/source3/libsmb/clierror.c
index 587abade59..36746419f7 100644
--- a/source3/libsmb/clierror.c
+++ b/source3/libsmb/clierror.c
@@ -483,3 +483,15 @@ void cli_set_nt_error(struct cli_state *cli, NTSTATUS status)
 	SSVAL(cli->inbuf,smb_flg2, SVAL(cli->inbuf,smb_flg2)|FLAGS2_32_BIT_ERROR_CODES);
 	SIVAL(cli->inbuf, smb_rcls, NT_STATUS_V(status));
 }
+
+/* Reset an error. */
+
+void cli_reset_error(struct cli_state *cli)
+{
+        if (SVAL(cli->inbuf,smb_flg2) & FLAGS2_32_BIT_ERROR_CODES) {
+		SIVAL(cli->inbuf, smb_rcls, NT_STATUS_V(NT_STATUS_OK));
+	} else {
+		SCVAL(cli->inbuf,smb_rcls,0);
+		SSVAL(cli->inbuf,smb_err,0);
+	}
+}
diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c
index 9b4c380d40..12c427a6fa 100644
--- a/source3/libsmb/clifile.c
+++ b/source3/libsmb/clifile.c
@@ -38,8 +38,15 @@ static bool cli_link_internal(struct cli_state *cli, const char *oldname, const
 	size_t newlen = 2*(strlen(newname)+1);
 
 	param = SMB_MALLOC_ARRAY(char, 6+newlen+2);
+
+	if (!param) {
+		return false;
+	}
+
 	data = SMB_MALLOC_ARRAY(char, oldlen+2);
-	if (!param || !data) {
+
+	if (!data) {
+		SAFE_FREE(param);
 		return false;
 	}
 
@@ -882,6 +889,55 @@ bool cli_close(struct cli_state *cli, int fnum)
 
 
 /****************************************************************************
+ Truncate a file to a specified size
+****************************************************************************/
+
+bool cli_ftruncate(struct cli_state *cli, int fnum, uint64_t size)
+{
+	unsigned int param_len = 6;
+	unsigned int data_len = 8;
+	uint16 setup = TRANSACT2_SETFILEINFO;
+	char param[6];
+	unsigned char data[8];
+	char *rparam=NULL, *rdata=NULL;
+	int saved_timeout = cli->timeout;
+
+	SSVAL(param,0,fnum);
+	SSVAL(param,2,SMB_SET_FILE_END_OF_FILE_INFO);
+	SSVAL(param,4,0);
+
+        SBVAL(data, 0, size);
+
+	if (!cli_send_trans(cli, SMBtrans2,
+                            NULL,                    /* name */
+                            -1, 0,                   /* fid, flags */
+                            &setup, 1, 0,            /* setup, length, max */
+                            param, param_len, 2,     /* param, length, max */
+                            (char *)&data,  data_len,/* data, length, ... */
+                            cli->max_xmit)) {        /* ... max */
+		cli->timeout = saved_timeout;
+		return False;
+	}
+
+	if (!cli_receive_trans(cli, SMBtrans2,
+				&rparam, &param_len,
+				&rdata, &data_len)) {
+		cli->timeout = saved_timeout;
+		SAFE_FREE(rdata);
+		SAFE_FREE(rparam);
+		return False;
+	}
+
+	cli->timeout = saved_timeout;
+
+	SAFE_FREE(rdata);
+	SAFE_FREE(rparam);
+
+	return True;
+}
+
+
+/****************************************************************************
  send a lock with a specified locktype
  this is used for testing LOCKING_ANDX_CANCEL_LOCK
 ****************************************************************************/
diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c
index fb923378ab..0005c3908a 100644
--- a/source3/libsmb/clifsinfo.c
+++ b/source3/libsmb/clifsinfo.c
@@ -368,20 +368,16 @@ static struct smb_trans_enc_state *make_cli_enc_state(enum smb_trans_enc_type sm
 	ZERO_STRUCTP(es);
 	es->smb_enc_type = smb_enc_type;
 
-	if (smb_enc_type == SMB_TRANS_ENC_GSS) {
 #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
+	if (smb_enc_type == SMB_TRANS_ENC_GSS) {
 		es->s.gss_state = SMB_MALLOC_P(struct smb_tran_enc_state_gss);
 		if (!es->s.gss_state) {
 			SAFE_FREE(es);
 			return NULL;
 		}
 		ZERO_STRUCTP(es->s.gss_state);
-#else
-		DEBUG(0,("make_cli_enc_state: no krb5 compiled.\n"));
-		SAFE_FREE(es);
-		return NULL;
-#endif
 	}
+#endif
 	return es;
 }
 
@@ -497,8 +493,7 @@ static NTSTATUS make_cli_gss_blob(struct smb_trans_enc_state *es,
 	memset(&tok_out, '\0', sizeof(tok_out));
 
 	/* Get a ticket for the service@host */
-	asprintf(&host_princ_s, "%s@%s", service, host);
-	if (host_princ_s == NULL) {
+	if (asprintf(&host_princ_s, "%s@%s", service, host) == -1) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 844a3b35c0..c289740ab2 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -835,22 +835,22 @@ failed:
 #endif
 }
 
- void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum, 
-				    PAC_SIGNATURE_DATA *sig)
+ void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum,
+				     struct PAC_SIGNATURE_DATA *sig)
 {
 #ifdef HAVE_CHECKSUM_IN_KRB5_CHECKSUM
 	cksum->cksumtype	= (krb5_cksumtype)sig->type;
-	cksum->checksum.length	= sig->signature.buf_len;
-	cksum->checksum.data	= sig->signature.buffer;
+	cksum->checksum.length	= sig->signature.length;
+	cksum->checksum.data	= sig->signature.data;
 #else
 	cksum->checksum_type	= (krb5_cksumtype)sig->type;
-	cksum->length		= sig->signature.buf_len;
-	cksum->contents		= sig->signature.buffer;
+	cksum->length		= sig->signature.length;
+	cksum->contents		= sig->signature.data;
 #endif
 }
 
  krb5_error_code smb_krb5_verify_checksum(krb5_context context,
-					 krb5_keyblock *keyblock,
+					  const krb5_keyblock *keyblock,
 					 krb5_keyusage usage,
 					 krb5_checksum *cksum,
 					 uint8 *data,
diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c
index d5c7db09e9..50918458b0 100644
--- a/source3/libsmb/clilist.c
+++ b/source3/libsmb/clilist.c
@@ -78,9 +78,20 @@ static size_t interpret_long_filename(TALLOC_CTX *ctx,
 			len = CVAL(p, 26);
 			p += 27;
 			p += clistr_align_in(cli, p, 0);
-			if (p + len + 2 > pdata_end) {
+
+			/* We can safely use +1 here (which is required by OS/2)
+			 * instead of +2 as the STR_TERMINATE flag below is
+			 * actually used as the length calculation.
+			 * The len+2 is merely an upper bound.
+			 * Due to the explicit 2 byte null termination
+			 * in cli_receive_trans/cli_receive_nt_trans
+			 * we know this is safe. JRA + kukks
+			 */
+
+			if (p + len + 1 > pdata_end) {
 				return pdata_end - base;
 			}
+
 			/* the len+2 below looks strange but it is
 			   important to cope with the differences
 			   between win2000 and win9x for this call
@@ -317,7 +328,7 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
 				       &rparam, &param_len,
 				       &rdata, &data_len) &&
                     cli_is_dos_error(cli)) {
-			/* we need to work around a Win95 bug - sometimes
+			/* We need to work around a Win95 bug - sometimes
 			   it gives ERRSRV/ERRerror temprarily */
 			uint8 eclass;
 			uint32 ecode;
@@ -326,6 +337,20 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
 			SAFE_FREE(rparam);
 
 			cli_dos_error(cli, &eclass, &ecode);
+
+			/*
+			 * OS/2 might return "no more files",
+			 * which just tells us, that searchcount is zero
+			 * in this search.
+			 * Guenter Kukkukk <linux@kukkukk.com>
+			 */
+
+			if (eclass == ERRDOS && ecode == ERRnofiles) {
+				ff_searchcount = 0;
+				cli_reset_error(cli);
+				break;
+			}
+
 			if (eclass != ERRSRV || ecode != ERRerror)
 				break;
 			smb_msleep(100);
@@ -377,6 +402,12 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
 							&resume_key,
 							&last_name_raw);
 
+			if (!finfo.name) {
+				DEBUG(0,("cli_list_new: Error: unable to parse name from info level %d\n",
+					info_level));
+				ff_eos = 1;
+				break;
+			}
 			if (!First && *mask && strcsequal(finfo.name, mask)) {
 				DEBUG(0,("Error: Looping in FIND_NEXT as name %s has already been seen?\n",
 					finfo.name));
@@ -442,6 +473,11 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
 							&finfo,
 							NULL,
 							NULL);
+			if (!finfo.name) {
+				DEBUG(0,("cli_list_new: unable to parse name from info level %d\n",
+					info_level));
+				break;
+			}
                         fn(mnt,&finfo, Mask, state);
                 }
         }
@@ -459,11 +495,12 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
  The length of the structure is returned.
 ****************************************************************************/
 
-static int interpret_short_filename(TALLOC_CTX *ctx,
+static bool interpret_short_filename(TALLOC_CTX *ctx,
 				struct cli_state *cli,
 				char *p,
 				file_info *finfo)
 {
+	size_t ret;
 	ZERO_STRUCTP(finfo);
 
 	finfo->cli = cli;
@@ -475,18 +512,22 @@ static int interpret_short_filename(TALLOC_CTX *ctx,
 	finfo->mtime_ts.tv_sec = finfo->atime_ts.tv_sec = finfo->ctime_ts.tv_sec;
 	finfo->mtime_ts.tv_nsec = finfo->atime_ts.tv_nsec = 0;
 	finfo->size = IVAL(p,26);
-	clistr_pull_talloc(ctx,
+	ret = clistr_pull_talloc(ctx,
 			cli,
 			&finfo->name,
 			p+30,
 			12,
 			STR_ASCII);
-	if (!finfo->name) {
-		finfo->name = talloc_strdup(ctx, finfo->short_name);
-	} else if (strcmp(finfo->name, "..") && strcmp(finfo->name, ".")) {
-		finfo->name = talloc_strdup(ctx, finfo->short_name);
+	if (ret == (size_t)-1) {
+		return false;
 	}
 
+	if (finfo->name) {
+		strlcpy(finfo->short_name,
+			finfo->name,
+			sizeof(finfo->short_name));
+	}
+	return true;
 	return(DIR_STRUCT_SIZE);
 }
 
@@ -555,6 +596,12 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
 		received = SVAL(cli->inbuf,smb_vwv0);
 		if (received <= 0) break;
 
+		/* Ensure we received enough data. */
+		if ((cli->inbuf+4+smb_len(cli->inbuf) - (smb_buf(cli->inbuf)+3)) <
+				received*DIR_STRUCT_SIZE) {
+			break;
+		}
+
 		first = False;
 
 		dirlist = (char *)SMB_REALLOC(
@@ -609,7 +656,10 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
 	frame = talloc_stackframe();
 	for (p=dirlist,i=0;i<num_received;i++) {
 		file_info finfo;
-		p += interpret_short_filename(frame,cli, p,&finfo);
+		if (!interpret_short_filename(frame, cli, p, &finfo)) {
+			break;
+		}
+		p += DIR_STRUCT_SIZE;
 		fn("\\", &finfo, Mask, state);
 	}
 	TALLOC_FREE(frame);
diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c
index aab77a3d54..8c167e1257 100644
--- a/source3/libsmb/clirap.c
+++ b/source3/libsmb/clirap.c
@@ -191,12 +191,13 @@ int cli_RNetShareEnum(struct cli_state *cli, void (*fn)(const char *, uint32, co
 
 					sname = p;
 					type = SVAL(p,14);
-					comment_offset = IVAL(p,16) & 0xFFFF;
-					if (comment_offset < 0 || comment_offset > (int)rdrcnt) {
+					comment_offset = (IVAL(p,16) & 0xFFFF) - converter;
+					if (comment_offset < 0 ||
+							comment_offset > (int)rdrcnt) {
 						TALLOC_FREE(frame);
 						break;
 					}
-					cmnt = comment_offset?(rdata+comment_offset-converter):"";
+					cmnt = comment_offset?(rdata+comment_offset):"";
 
 					/* Work out the comment length. */
 					for (p1 = cmnt, len = 0; *p1 &&
@@ -806,6 +807,137 @@ bool cli_qpathinfo2(struct cli_state *cli, const char *fname,
 }
 
 /****************************************************************************
+ Get the stream info
+****************************************************************************/
+
+bool cli_qpathinfo_streams(struct cli_state *cli, const char *fname,
+			   TALLOC_CTX *mem_ctx,
+			   unsigned int *pnum_streams,
+			   struct stream_struct **pstreams)
+{
+	unsigned int data_len = 0;
+	unsigned int param_len = 0;
+	uint16 setup = TRANSACT2_QPATHINFO;
+	char *param;
+	char *rparam=NULL, *rdata=NULL;
+	char *p;
+	unsigned int num_streams;
+	struct stream_struct *streams;
+	unsigned int ofs;
+	size_t namelen = 2*(strlen(fname)+1);
+
+	param = SMB_MALLOC_ARRAY(char, 6+namelen+2);
+	if (param == NULL) {
+		return false;
+	}
+	p = param;
+	memset(p, 0, 6);
+	SSVAL(p, 0, SMB_FILE_STREAM_INFORMATION);
+	p += 6;
+	p += clistr_push(cli, p, fname, namelen, STR_TERMINATE);
+
+	param_len = PTR_DIFF(p, param);
+
+	if (!cli_send_trans(cli, SMBtrans2,
+                            NULL,                     /* name */
+                            -1, 0,                    /* fid, flags */
+                            &setup, 1, 0,             /* setup, len, max */
+                            param, param_len, 10,     /* param, len, max */
+                            NULL, data_len, cli->max_xmit /* data, len, max */
+                           )) {
+		return false;
+	}
+
+	if (!cli_receive_trans(cli, SMBtrans2,
+                               &rparam, &param_len,
+                               &rdata, &data_len)) {
+		return false;
+	}
+
+	if (!rdata) {
+		SAFE_FREE(rparam);
+		return false;
+	}
+
+	num_streams = 0;
+	streams = NULL;
+	ofs = 0;
+
+	while ((data_len > ofs) && (data_len - ofs >= 24)) {
+		uint32_t nlen, len;
+		ssize_t size;
+		void *vstr;
+		struct stream_struct *tmp;
+		uint8_t *tmp_buf;
+
+		tmp = TALLOC_REALLOC_ARRAY(mem_ctx, streams,
+					   struct stream_struct,
+					   num_streams+1);
+
+		if (tmp == NULL) {
+			goto fail;
+		}
+		streams = tmp;
+
+		nlen                      = IVAL(rdata, ofs + 0x04);
+
+		streams[num_streams].size = IVAL_TO_SMB_OFF_T(
+			rdata, ofs + 0x08);
+		streams[num_streams].alloc_size = IVAL_TO_SMB_OFF_T(
+			rdata, ofs + 0x10);
+
+		if (nlen > data_len - (ofs + 24)) {
+			goto fail;
+		}
+
+		/*
+		 * We need to null-terminate src, how do I do this with
+		 * convert_string_talloc??
+		 */
+
+		tmp_buf = TALLOC_ARRAY(streams, uint8_t, nlen+2);
+		if (tmp_buf == NULL) {
+			goto fail;
+		}
+
+		memcpy(tmp_buf, rdata+ofs+24, nlen);
+		tmp_buf[nlen] = 0;
+		tmp_buf[nlen+1] = 0;
+
+		size = convert_string_talloc(streams, CH_UTF16, CH_UNIX,
+					     tmp_buf, nlen+2, &vstr,
+					     false);
+		TALLOC_FREE(tmp_buf);
+
+		if (size == -1) {
+			goto fail;
+		}
+		streams[num_streams].name = (char *)vstr;
+		num_streams++;
+
+		len = IVAL(rdata, ofs);
+		if (len > data_len - ofs) {
+			goto fail;
+		}
+		if (len == 0) break;
+		ofs += len;
+	}
+
+	SAFE_FREE(rdata);
+	SAFE_FREE(rparam);
+
+	*pnum_streams = num_streams;
+	*pstreams = streams;
+	return true;
+
+ fail:
+	TALLOC_FREE(streams);
+	SAFE_FREE(rdata);
+	SAFE_FREE(rparam);
+	return false;
+}
+
+/****************************************************************************
  Send a qfileinfo QUERY_FILE_NAME_INFO call.
 ****************************************************************************/
 
diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c
index 6b39a885f0..c618509f01 100644
--- a/source3/libsmb/clireadwrite.c
+++ b/source3/libsmb/clireadwrite.c
@@ -20,167 +20,451 @@
 #include "includes.h"
 
 /****************************************************************************
-Issue a single SMBread and don't wait for a reply.
+  Calculate the recommended read buffer size
 ****************************************************************************/
+static size_t cli_read_max_bufsize(struct cli_state *cli)
+{
+	if (!client_is_signing_on(cli) && !cli_encryption_on(cli) == false
+	    && (cli->posix_capabilities & CIFS_UNIX_LARGE_READ_CAP)) {
+		return CLI_SAMBA_MAX_POSIX_LARGE_READX_SIZE;
+	}
+	if (cli->capabilities & CAP_LARGE_READX) {
+		return cli->is_samba
+			? CLI_SAMBA_MAX_LARGE_READX_SIZE
+			: CLI_WINDOWS_MAX_LARGE_READX_SIZE;
+	}
+	return (cli->max_xmit - (smb_size+32)) & ~1023;
+}
 
-static bool cli_issue_read(struct cli_state *cli, int fnum, off_t offset,
-			   size_t size, int i)
+/*
+ * Send a read&x request
+ */
+
+struct async_req *cli_read_andx_send(TALLOC_CTX *mem_ctx,
+				     struct cli_state *cli, int fnum,
+				     off_t offset, size_t size)
 {
+	struct async_req *result;
+	struct cli_request *req;
 	bool bigoffset = False;
+	char *enc_buf;
 
-	memset(cli->outbuf,'\0',smb_size);
-	memset(cli->inbuf,'\0',smb_size);
+	if (size > cli_read_max_bufsize(cli)) {
+		DEBUG(0, ("cli_read_andx_send got size=%d, can only handle "
+			  "size=%d\n", (int)size,
+			  (int)cli_read_max_bufsize(cli)));
+		return NULL;
+	}
+
+	result = cli_request_new(mem_ctx, cli->event_ctx, cli, 12, 0, &req);
+	if (result == NULL) {
+		DEBUG(0, ("cli_request_new failed\n"));
+		return NULL;
+	}
+
+	req = cli_request_get(result);
+
+	req->data.read.ofs = offset;
+	req->data.read.size = size;
+	req->data.read.received = 0;
+	req->data.read.rcvbuf = NULL;
 
 	if ((SMB_BIG_UINT)offset >> 32)
 		bigoffset = True;
 
-	cli_set_message(cli->outbuf,bigoffset ? 12 : 10,0,True);
+	cli_set_message(req->outbuf, bigoffset ? 12 : 10, 0, False);
 
-	SCVAL(cli->outbuf,smb_com,SMBreadX);
-	SSVAL(cli->outbuf,smb_tid,cli->cnum);
-	cli_setup_packet(cli);
+	SCVAL(req->outbuf,smb_com,SMBreadX);
+	SSVAL(req->outbuf,smb_tid,cli->cnum);
+	cli_setup_packet_buf(cli, req->outbuf);
 
-	SCVAL(cli->outbuf,smb_vwv0,0xFF);
-	SSVAL(cli->outbuf,smb_vwv2,fnum);
-	SIVAL(cli->outbuf,smb_vwv3,offset);
-	SSVAL(cli->outbuf,smb_vwv5,size);
-	SSVAL(cli->outbuf,smb_vwv6,size);
-	SSVAL(cli->outbuf,smb_vwv7,(size >> 16));
-	SSVAL(cli->outbuf,smb_mid,cli->mid + i);
+	SCVAL(req->outbuf,smb_vwv0,0xFF);
+	SCVAL(req->outbuf,smb_vwv0+1,0);
+	SSVAL(req->outbuf,smb_vwv1,0);
+	SSVAL(req->outbuf,smb_vwv2,fnum);
+	SIVAL(req->outbuf,smb_vwv3,offset);
+	SSVAL(req->outbuf,smb_vwv5,size);
+	SSVAL(req->outbuf,smb_vwv6,size);
+	SSVAL(req->outbuf,smb_vwv7,(size >> 16));
+	SSVAL(req->outbuf,smb_vwv8,0);
+	SSVAL(req->outbuf,smb_vwv9,0);
+	SSVAL(req->outbuf,smb_mid,req->mid);
 
 	if (bigoffset) {
-		SIVAL(cli->outbuf,smb_vwv10,(((SMB_BIG_UINT)offset)>>32) & 0xffffffff);
+		SIVAL(req->outbuf, smb_vwv10,
+		      (((SMB_BIG_UINT)offset)>>32) & 0xffffffff);
 	}
 
-	return cli_send_smb(cli);
-}
+	cli_calculate_sign_mac(cli, req->outbuf);
 
-/****************************************************************************
-  Read size bytes at offset offset using SMBreadX.
-****************************************************************************/
+	event_fd_set_writeable(cli->fd_event);
+
+	if (cli_encryption_on(cli)) {
+		NTSTATUS status;
+		status = cli_encrypt_message(cli, req->outbuf, &enc_buf);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(0, ("Error in encrypting client message. "
+				  "Error %s\n",	nt_errstr(status)));
+			TALLOC_FREE(req);
+			return NULL;
+		}
+		req->outbuf = enc_buf;
+		req->enc_state = cli->trans_enc_state;
+	}
 
-ssize_t cli_read(struct cli_state *cli, int fnum, char *buf, off_t offset, size_t size)
+	return result;
+}
+
+/*
+ * Pull the data out of a finished async read_and_x request. rcvbuf is
+ * talloced from the request, so better make sure that you copy it away before
+ * you talloc_free(req). "rcvbuf" is NOT a talloc_ctx of its own, so do not
+ * talloc_move it!
+ */
+
+NTSTATUS cli_read_andx_recv(struct async_req *req, ssize_t *received,
+			    uint8_t **rcvbuf)
 {
-	char *p;
-	size_t size2;
-	size_t readsize;
-	ssize_t total = 0;
-	/* We can only do direct reads if not signing or encrypting. */
-	bool direct_reads = !client_is_signing_on(cli) && !cli_encryption_on(cli);
+	struct cli_request *cli_req = cli_request_get(req);
+	NTSTATUS status;
+	size_t size;
 
-	if (size == 0)
-		return 0;
+	SMB_ASSERT(req->state >= ASYNC_REQ_DONE);
+	if (req->state == ASYNC_REQ_ERROR) {
+		return req->status;
+	}
+
+	status = cli_pull_error(cli_req->inbuf);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	/* size is the number of bytes the server returned.
+	 * Might be zero. */
+	size = SVAL(cli_req->inbuf, smb_vwv5);
+	size |= (((unsigned int)(SVAL(cli_req->inbuf, smb_vwv7))) << 16);
+
+	if (size > cli_req->data.read.size) {
+		DEBUG(5,("server returned more than we wanted!\n"));
+		return NT_STATUS_UNEXPECTED_IO_ERROR;
+	}
+
+	if (size < 0) {
+		DEBUG(5,("read return < 0!\n"));
+		return NT_STATUS_UNEXPECTED_IO_ERROR;
+	}
+
+	*rcvbuf = (uint8_t *)
+		(smb_base(cli_req->inbuf) + SVAL(cli_req->inbuf, smb_vwv6));
+	*received = size;
+	return NT_STATUS_OK;
+}
+
+/*
+ * Parallel read support.
+ *
+ * cli_pull sends as many read&x requests as the server would allow via
+ * max_mux at a time. When replies flow back in, the data is written into
+ * the callback function "sink" in the right order.
+ */
+
+struct cli_pull_state {
+	struct async_req *req;
+
+	struct cli_state *cli;
+	uint16_t fnum;
+	off_t start_offset;
+	size_t size;
+
+	NTSTATUS (*sink)(char *buf, size_t n, void *priv);
+	void *priv;
+
+	size_t chunk_size;
 
 	/*
-	 * Set readsize to the maximum size we can handle in one readX,
-	 * rounded down to a multiple of 1024.
+	 * Outstanding requests
 	 */
+	int num_reqs;
+	struct async_req **reqs;
 
-	if (client_is_signing_on(cli) == false &&
-			cli_encryption_on(cli) == false &&
-			(cli->posix_capabilities & CIFS_UNIX_LARGE_READ_CAP)) {
-		readsize = CLI_SAMBA_MAX_POSIX_LARGE_READX_SIZE;
-	} else if (cli->capabilities & CAP_LARGE_READX) {
-		if (cli->is_samba) {
-			readsize = CLI_SAMBA_MAX_LARGE_READX_SIZE;
-		} else {
-			readsize = CLI_WINDOWS_MAX_LARGE_READX_SIZE;
-		}
-	} else {
-		readsize = (cli->max_xmit - (smb_size+32)) & ~1023;
+	/*
+	 * For how many bytes did we send requests already?
+	 */
+	off_t requested;
+
+	/*
+	 * Next request index to push into "sink". This walks around the "req"
+	 * array, taking care that the requests are pushed to "sink" in the
+	 * right order. If necessary (i.e. replies don't come in in the right
+	 * order), replies are held back in "reqs".
+	 */
+	int top_req;
+
+	/*
+	 * How many bytes did we push into "sink"?
+	 */
+
+	off_t pushed;
+};
+
+static char *cli_pull_print(TALLOC_CTX *mem_ctx, struct async_req *req)
+{
+	struct cli_pull_state *state = talloc_get_type_abort(
+		req->private_data, struct cli_pull_state);
+	char *result;
+
+	result = async_req_print(mem_ctx, req);
+	if (result == NULL) {
+		return NULL;
 	}
 
-	while (total < size) {
-		readsize = MIN(readsize, size-total);
+	return talloc_asprintf_append_buffer(
+		result, "num_reqs=%d, top_req=%d",
+		state->num_reqs, state->top_req);
+}
 
-		/* Issue a read and receive a reply */
+static void cli_pull_read_done(struct async_req *read_req);
 
-		if (!cli_issue_read(cli, fnum, offset, readsize, 0))
-			return -1;
+/*
+ * Prepare an async pull request
+ */
+
+struct async_req *cli_pull_send(TALLOC_CTX *mem_ctx, struct cli_state *cli,
+				uint16_t fnum, off_t start_offset,
+				size_t size, size_t window_size,
+				NTSTATUS (*sink)(char *buf, size_t n,
+						 void *priv),
+				void *priv)
+{
+	struct async_req *result;
+	struct cli_pull_state *state;
+	int i;
 
-		if (direct_reads) {
-			if (!cli_receive_smb_readX_header(cli))
-				return -1;
-		} else {
-			if (!cli_receive_smb(cli))
-				return -1;
+	result = async_req_new(mem_ctx, cli->event_ctx);
+	if (result == NULL) {
+		goto failed;
+	}
+	state = talloc(result, struct cli_pull_state);
+	if (state == NULL) {
+		goto failed;
+	}
+	result->private_data = state;
+	result->print = cli_pull_print;
+	state->req = result;
+
+	state->cli = cli;
+	state->fnum = fnum;
+	state->start_offset = start_offset;
+	state->size = size;
+	state->sink = sink;
+	state->priv = priv;
+
+	state->pushed = 0;
+	state->top_req = 0;
+	state->chunk_size = cli_read_max_bufsize(cli);
+
+	state->num_reqs = MAX(window_size/state->chunk_size, 1);
+	state->num_reqs = MIN(state->num_reqs, cli->max_mux);
+
+	state->reqs = TALLOC_ZERO_ARRAY(state, struct async_req *,
+					state->num_reqs);
+	if (state->reqs == NULL) {
+		goto failed;
+	}
+
+	state->requested = 0;
+
+	for (i=0; i<state->num_reqs; i++) {
+		size_t size_left, request_thistime;
+
+		if (state->requested >= size) {
+			state->num_reqs = i;
+			break;
 		}
 
-		/* Check for error.  Make sure to check for DOS and NT
-                   errors. */
+		size_left = size - state->requested;
+		request_thistime = MIN(size_left, state->chunk_size);
 
-                if (cli_is_error(cli)) {
-			bool recoverable_error = False;
-                        NTSTATUS status = NT_STATUS_OK;
-                        uint8 eclass = 0;
-			uint32 ecode = 0;
+		state->reqs[i] = cli_read_andx_send(
+			state->reqs, cli, fnum,
+			state->start_offset + state->requested,
+			request_thistime);
 
-                        if (cli_is_nt_error(cli))
-                                status = cli_nt_error(cli);
-                        else
-                                cli_dos_error(cli, &eclass, &ecode);
+		if (state->reqs[i] == NULL) {
+			goto failed;
+		}
 
-			/*
-			 * ERRDOS ERRmoredata or STATUS_MORE_ENRTIES is a
-			 * recoverable error, plus we have valid data in the
-			 * packet so don't error out here.
-			 */
+		state->reqs[i]->async.fn = cli_pull_read_done;
+		state->reqs[i]->async.priv = result;
 
-                        if ((eclass == ERRDOS && ecode == ERRmoredata) ||
-                            NT_STATUS_V(status) == NT_STATUS_V(STATUS_MORE_ENTRIES))
-				recoverable_error = True;
+		state->requested += request_thistime;
+	}
+	return result;
 
-			if (!recoverable_error)
-                                return -1;
+failed:
+	TALLOC_FREE(result);
+	return NULL;
+}
+
+/*
+ * Handle incoming read replies, push the data into sink and send out new
+ * requests if necessary.
+ */
+
+static void cli_pull_read_done(struct async_req *read_req)
+{
+	struct async_req *pull_req = talloc_get_type_abort(
+		read_req->async.priv, struct async_req);
+	struct cli_pull_state *state = talloc_get_type_abort(
+		pull_req->private_data, struct cli_pull_state);
+	struct cli_request *read_state = cli_request_get(read_req);
+	NTSTATUS status;
+
+	status = cli_read_andx_recv(read_req, &read_state->data.read.received,
+				    &read_state->data.read.rcvbuf);
+	if (!NT_STATUS_IS_OK(status)) {
+		async_req_error(state->req, status);
+		return;
+	}
+
+	/*
+	 * This loop is the one to take care of out-of-order replies. All
+	 * pending requests are in state->reqs, state->reqs[top_req] is the
+	 * one that is to be pushed next. If however a request later than
+	 * top_req is replied to, then we can't push yet. If top_req is
+	 * replied to at a later point then, we need to push all the finished
+	 * requests.
+	 */
+
+	while (state->reqs[state->top_req] != NULL) {
+		struct cli_request *top_read;
+
+		DEBUG(11, ("cli_pull_read_done: top_req = %d\n",
+			   state->top_req));
+
+		if (state->reqs[state->top_req]->state < ASYNC_REQ_DONE) {
+			DEBUG(11, ("cli_pull_read_done: top request not yet "
+				   "done\n"));
+			return;
 		}
 
-		size2 = SVAL(cli->inbuf, smb_vwv5);
-		size2 |= (((unsigned int)(SVAL(cli->inbuf, smb_vwv7))) << 16);
+		top_read = cli_request_get(state->reqs[state->top_req]);
 
-		if (size2 > readsize) {
-			DEBUG(5,("server returned more than we wanted!\n"));
-			return -1;
-		} else if (size2 < 0) {
-			DEBUG(5,("read return < 0!\n"));
-			return -1;
+		DEBUG(10, ("cli_pull_read_done: Pushing %d bytes, %d already "
+			   "pushed\n", (int)top_read->data.read.received,
+			   (int)state->pushed));
+
+		status = state->sink((char *)top_read->data.read.rcvbuf,
+				     top_read->data.read.received,
+				     state->priv);
+		if (!NT_STATUS_IS_OK(status)) {
+			async_req_error(state->req, status);
+			return;
 		}
+		state->pushed += top_read->data.read.received;
 
-		if (!direct_reads) {
-			/* Copy data into buffer */
-			p = smb_base(cli->inbuf) + SVAL(cli->inbuf,smb_vwv6);
-			memcpy(buf + total, p, size2);
-		} else {
-			/* Ensure the remaining data matches the return size. */
-			ssize_t toread = smb_len_large(cli->inbuf) - SVAL(cli->inbuf,smb_vwv6);
-
-			/* Ensure the size is correct. */
-			if (toread != size2) {
-				DEBUG(5,("direct read logic fail toread (%d) != size2 (%u)\n",
-					(int)toread, (unsigned int)size2 ));
-				return -1;
-			}
+		TALLOC_FREE(state->reqs[state->top_req]);
 
-			/* Read data directly into buffer */
-			toread = cli_receive_smb_data(cli,buf+total,size2);
-			if (toread != size2) {
-				DEBUG(5,("direct read read failure toread (%d) != size2 (%u)\n",
-					(int)toread, (unsigned int)size2 ));
-				return -1;
+		if (state->requested < state->size) {
+			struct async_req *new_req;
+			size_t size_left, request_thistime;
+
+			size_left = state->size - state->requested;
+			request_thistime = MIN(size_left, state->chunk_size);
+
+			DEBUG(10, ("cli_pull_read_done: Requesting %d bytes "
+				   "at %d, position %d\n",
+				   (int)request_thistime,
+				   (int)(state->start_offset
+					 + state->requested),
+				   state->top_req));
+
+			new_req = cli_read_andx_send(
+				state->reqs, state->cli, state->fnum,
+				state->start_offset + state->requested,
+				request_thistime);
+
+			if (async_req_nomem(new_req, state->req)) {
+				return;
 			}
+
+			new_req->async.fn = cli_pull_read_done;
+			new_req->async.priv = pull_req;
+
+			state->reqs[state->top_req] = new_req;
+			state->requested += request_thistime;
 		}
 
-		total += size2;
-		offset += size2;
+		state->top_req = (state->top_req+1) % state->num_reqs;
+	}
 
-		/*
-		 * If the server returned less than we asked for we're at EOF.
-		 */
+	async_req_done(pull_req);
+}
 
-		if (size2 < readsize)
-			break;
+NTSTATUS cli_pull_recv(struct async_req *req, ssize_t *received)
+{
+	struct cli_pull_state *state = talloc_get_type_abort(
+		req->private_data, struct cli_pull_state);
+
+	SMB_ASSERT(req->state >= ASYNC_REQ_DONE);
+	if (req->state == ASYNC_REQ_ERROR) {
+		return req->status;
 	}
+	*received = state->pushed;
+	return NT_STATUS_OK;
+}
 
-	return total;
+NTSTATUS cli_pull(struct cli_state *cli, uint16_t fnum,
+		  off_t start_offset, size_t size, size_t window_size,
+		  NTSTATUS (*sink)(char *buf, size_t n, void *priv),
+		  void *priv, ssize_t *received)
+{
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct async_req *req;
+	NTSTATUS result = NT_STATUS_NO_MEMORY;
+
+	if (cli_tmp_event_ctx(frame, cli) == NULL) {
+		goto nomem;
+	}
+
+	req = cli_pull_send(frame, cli, fnum, start_offset, size, window_size,
+			    sink, priv);
+	if (req == NULL) {
+		goto nomem;
+	}
+
+	while (req->state < ASYNC_REQ_DONE) {
+		event_loop_once(cli->event_ctx);
+	}
+
+	result = cli_pull_recv(req, received);
+ nomem:
+	TALLOC_FREE(frame);
+	return result;
+}
+
+static NTSTATUS cli_read_sink(char *buf, size_t n, void *priv)
+{
+	char **pbuf = (char **)priv;
+	memcpy(*pbuf, buf, n);
+	*pbuf += n;
+	return NT_STATUS_OK;
+}
+
+ssize_t cli_read(struct cli_state *cli, int fnum, char *buf,
+		 off_t offset, size_t size)
+{
+	NTSTATUS status;
+	ssize_t ret;
+
+	status = cli_pull(cli, fnum, offset, size, size,
+			  cli_read_sink, &buf, &ret);
+	if (!NT_STATUS_IS_OK(status)) {
+		cli_set_error(cli, status);
+		return -1;
+	}
+	return ret;
 }
 
 #if 0  /* relies on client_receive_smb(), now a static in libsmb/clientgen.c */
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index f95b11e4cd..a75032a47d 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -498,11 +498,13 @@ DATA_BLOB spnego_gen_auth_response(DATA_BLOB *reply, NTSTATUS nt_status,
 	asn1_write_enumerated(&data, negResult);
 	asn1_pop_tag(&data);
 
-	if (reply->data != NULL) {
+	if (mechOID) {
 		asn1_push_tag(&data,ASN1_CONTEXT(1));
 		asn1_write_OID(&data, mechOID);
 		asn1_pop_tag(&data);
-		
+	}
+
+	if (reply && reply->data != NULL) {
 		asn1_push_tag(&data,ASN1_CONTEXT(2));
 		asn1_write_OctetString(&data, reply->data, reply->length);
 		asn1_pop_tag(&data);
diff --git a/source3/libsmb/credentials.c b/source3/libsmb/credentials.c
index 1256a6210e..9d33e6d93d 100644
--- a/source3/libsmb/credentials.c
+++ b/source3/libsmb/credentials.c
@@ -42,9 +42,9 @@ char *credstr(const unsigned char *cred)
 ****************************************************************************/
 
 static void creds_init_128(struct dcinfo *dc,
-				const DOM_CHAL *clnt_chal_in,
-				const DOM_CHAL *srv_chal_in,
-				const unsigned char mach_pw[16])
+			   const struct netr_Credential *clnt_chal_in,
+			   const struct netr_Credential *srv_chal_in,
+			   const unsigned char mach_pw[16])
 {
 	unsigned char zero[4], tmp[16];
 	HMACMD5Context ctx;
@@ -94,9 +94,9 @@ static void creds_init_128(struct dcinfo *dc,
 ****************************************************************************/
 
 static void creds_init_64(struct dcinfo *dc,
-			const DOM_CHAL *clnt_chal_in,
-			const DOM_CHAL *srv_chal_in,
-			const unsigned char mach_pw[16])
+			  const struct netr_Credential *clnt_chal_in,
+			  const struct netr_Credential *srv_chal_in,
+			  const unsigned char mach_pw[16])
 {
 	uint32 sum[2];
 	unsigned char sum2[8];
@@ -177,10 +177,10 @@ static void creds_step(struct dcinfo *dc)
 
 void creds_server_init(uint32 neg_flags,
 			struct dcinfo *dc,
-			DOM_CHAL *clnt_chal,
-			DOM_CHAL *srv_chal,
+			struct netr_Credential *clnt_chal,
+			struct netr_Credential *srv_chal,
 			const unsigned char mach_pw[16],
-			DOM_CHAL *init_chal_out)
+			struct netr_Credential *init_chal_out)
 {
 	DEBUG(10,("creds_server_init: neg_flags : %x\n", (unsigned int)neg_flags));
 	DEBUG(10,("creds_server_init: client chal : %s\n", credstr(clnt_chal->data) ));
@@ -213,25 +213,28 @@ void creds_server_init(uint32 neg_flags,
  Check a credential sent by the client.
 ****************************************************************************/
 
-bool creds_server_check(const struct dcinfo *dc, const DOM_CHAL *rcv_cli_chal_in)
+bool netlogon_creds_server_check(const struct dcinfo *dc,
+				 const struct netr_Credential *rcv_cli_chal_in)
 {
 	if (memcmp(dc->clnt_chal.data, rcv_cli_chal_in->data, 8)) {
-		DEBUG(5,("creds_server_check: challenge : %s\n", credstr(rcv_cli_chal_in->data)));
+		DEBUG(5,("netlogon_creds_server_check: challenge : %s\n",
+			credstr(rcv_cli_chal_in->data)));
 		DEBUG(5,("calculated: %s\n", credstr(dc->clnt_chal.data)));
-		DEBUG(2,("creds_server_check: credentials check failed.\n"));
-		return False;
+		DEBUG(2,("netlogon_creds_server_check: credentials check failed.\n"));
+		return false;
 	}
-	DEBUG(10,("creds_server_check: credentials check OK.\n"));
-	return True;
-}
 
+	DEBUG(10,("netlogon_creds_server_check: credentials check OK.\n"));
+
+	return true;
+}
 /****************************************************************************
  Replace current seed chal. Internal function - due to split server step below.
 ****************************************************************************/
 
 static void creds_reseed(struct dcinfo *dc)
 {
-	DOM_CHAL time_chal;
+	struct netr_Credential time_chal;
 
 	SIVAL(time_chal.data, 0, IVAL(dc->seed_chal.data, 0) + dc->sequence + 1);
 	SIVAL(time_chal.data, 4, IVAL(dc->seed_chal.data, 4));
@@ -245,7 +248,9 @@ static void creds_reseed(struct dcinfo *dc)
  Step the server credential chain one forward. 
 ****************************************************************************/
 
-bool creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRED *cred_out)
+bool netlogon_creds_server_step(struct dcinfo *dc,
+				const struct netr_Authenticator *received_cred,
+				struct netr_Authenticator *cred_out)
 {
 	bool ret;
 	struct dcinfo tmp_dc = *dc;
@@ -253,24 +258,24 @@ bool creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRE
 	/* Do all operations on a temporary copy of the dc,
 	   which we throw away if the checks fail. */
 
-	tmp_dc.sequence = received_cred->timestamp.time;
+	tmp_dc.sequence = received_cred->timestamp;
 
 	creds_step(&tmp_dc);
 
 	/* Create the outgoing credentials */
-	cred_out->timestamp.time = tmp_dc.sequence + 1;
-	cred_out->challenge = tmp_dc.srv_chal;
+	cred_out->timestamp = tmp_dc.sequence + 1;
+	memcpy(&cred_out->cred, &tmp_dc.srv_chal, sizeof(cred_out->cred));
 
 	creds_reseed(&tmp_dc);
 
-	ret = creds_server_check(&tmp_dc, &received_cred->challenge);
+	ret = netlogon_creds_server_check(&tmp_dc, &received_cred->cred);
 	if (!ret) {
-		return False;
+		return false;
 	}
 
 	/* creds step succeeded - replace the current creds. */
 	*dc = tmp_dc;
-	return True;
+	return true;
 }
 
 /****************************************************************************
@@ -279,10 +284,10 @@ bool creds_server_step(struct dcinfo *dc, const DOM_CRED *received_cred, DOM_CRE
 
 void creds_client_init(uint32 neg_flags,
 			struct dcinfo *dc,
-			DOM_CHAL *clnt_chal,
-			DOM_CHAL *srv_chal,
+			struct netr_Credential *clnt_chal,
+			struct netr_Credential *srv_chal,
 			const unsigned char mach_pw[16],
-			DOM_CHAL *init_chal_out)
+			struct netr_Credential *init_chal_out)
 {
 	dc->sequence = time(NULL);
 
@@ -317,18 +322,25 @@ void creds_client_init(uint32 neg_flags,
  Check a credential returned by the server.
 ****************************************************************************/
 
-bool creds_client_check(const struct dcinfo *dc, const DOM_CHAL *rcv_srv_chal_in)
+bool netlogon_creds_client_check(const struct dcinfo *dc,
+				 const struct netr_Credential *rcv_srv_chal_in)
 {
-	if (memcmp(dc->srv_chal.data, rcv_srv_chal_in->data, 8)) {
-		DEBUG(5,("creds_client_check: challenge : %s\n", credstr(rcv_srv_chal_in->data)));
-		DEBUG(5,("calculated: %s\n", credstr(dc->srv_chal.data)));
-		DEBUG(0,("creds_client_check: credentials check failed.\n"));
-		return False;
+	if (memcmp(dc->srv_chal.data, rcv_srv_chal_in->data,
+		   sizeof(dc->srv_chal.data))) {
+
+		DEBUG(0,("netlogon_creds_client_check: credentials check failed.\n"));
+		DEBUGADD(5,("netlogon_creds_client_check: challenge : %s\n",
+			credstr(rcv_srv_chal_in->data)));
+		DEBUGADD(5,("calculated: %s\n", credstr(dc->srv_chal.data)));
+		return false;
 	}
-	DEBUG(10,("creds_client_check: credentials check OK.\n"));
-	return True;
+
+	DEBUG(10,("netlogon_creds_client_check: credentials check OK.\n"));
+
+	return true;
 }
 
+
 /****************************************************************************
   Step the client credentials to the next element in the chain, updating the
   current client and server credentials and the seed
@@ -336,12 +348,14 @@ bool creds_client_check(const struct dcinfo *dc, const DOM_CHAL *rcv_srv_chal_in
   the server
 ****************************************************************************/
 
-void creds_client_step(struct dcinfo *dc, DOM_CRED *next_cred_out)
+void netlogon_creds_client_step(struct dcinfo *dc,
+				struct netr_Authenticator *next_cred_out)
 {
-        dc->sequence += 2;
+	dc->sequence += 2;
 	creds_step(dc);
 	creds_reseed(dc);
 
-	next_cred_out->challenge = dc->clnt_chal;
-	next_cred_out->timestamp.time = dc->sequence;
+	memcpy(&next_cred_out->cred.data, &dc->clnt_chal.data,
+		sizeof(next_cred_out->cred.data));
+	next_cred_out->timestamp = dc->sequence;
 }
diff --git a/source3/libsmb/doserr.c b/source3/libsmb/doserr.c
index 79445a2410..203f682599 100644
--- a/source3/libsmb/doserr.c
+++ b/source3/libsmb/doserr.c
@@ -73,8 +73,9 @@ werror_code_struct dos_errs[] =
 	{ "WERR_DFS_NO_SUCH_SERVER", WERR_DFS_NO_SUCH_SERVER },
 	{ "WERR_DFS_INTERNAL_ERROR", WERR_DFS_INTERNAL_ERROR },
 	{ "WERR_DFS_CANT_CREATE_JUNCT", WERR_DFS_CANT_CREATE_JUNCT },
+	{ "WERR_INVALID_COMPUTER_NAME", WERR_INVALID_COMPUTER_NAME },
 	{ "WERR_MACHINE_LOCKED", WERR_MACHINE_LOCKED },
-	{ "WERR_DOMAIN_CONTROLLER_NOT_FOUND", WERR_DOMAIN_CONTROLLER_NOT_FOUND },
+	{ "WERR_DC_NOT_FOUND", WERR_DC_NOT_FOUND },
 	{ "WERR_SETUP_NOT_JOINED", WERR_SETUP_NOT_JOINED },
 	{ "WERR_SETUP_ALREADY_JOINED", WERR_SETUP_ALREADY_JOINED },
 	{ "WERR_SETUP_DOMAIN_CONTROLLER", WERR_SETUP_DOMAIN_CONTROLLER },
@@ -83,6 +84,7 @@ werror_code_struct dos_errs[] =
 	{ "WERR_LOGON_FAILURE", WERR_LOGON_FAILURE },
 	{ "WERR_NO_SUCH_DOMAIN", WERR_NO_SUCH_DOMAIN },
 	{ "WERR_INVALID_SECURITY_DESCRIPTOR", WERR_INVALID_SECURITY_DESCRIPTOR },
+	{ "WERR_TIME_SKEW", WERR_TIME_SKEW },
 	{ "WERR_INVALID_OWNER", WERR_INVALID_OWNER },
 	{ "WERR_SERVER_UNAVAILABLE", WERR_SERVER_UNAVAILABLE },
 	{ "WERR_IO_PENDING", WERR_IO_PENDING },
@@ -96,6 +98,9 @@ werror_code_struct dos_errs[] =
 	{ "WERR_SERVICE_DISABLED", WERR_SERVICE_DISABLED },
 	{ "WERR_CAN_NOT_COMPLETE", WERR_CAN_NOT_COMPLETE},
 	{ "WERR_INVALID_FLAGS", WERR_INVALID_FLAGS},
+	{ "WERR_PASSWORD_MUST_CHANGE", WERR_PASSWORD_MUST_CHANGE },
+	{ "WERR_DOMAIN_CONTROLLER_NOT_FOUND", WERR_DOMAIN_CONTROLLER_NOT_FOUND },
+	{ "WERR_ACCOUNT_LOCKED_OUT", WERR_ACCOUNT_LOCKED_OUT },
 	{ NULL, W_ERROR(0) }
 };
 
@@ -109,11 +114,15 @@ werror_str_struct dos_err_strs[] = {
 	{ WERR_NO_LOGON_SERVERS, "No logon servers found" },
 	{ WERR_NO_SUCH_LOGON_SESSION, "No such logon session" },
 	{ WERR_DOMAIN_CONTROLLER_NOT_FOUND, "A domain controller could not be found" },
+	{ WERR_DC_NOT_FOUND, "A domain controller could not be found" },
 	{ WERR_SETUP_NOT_JOINED, "Join failed" },
 	{ WERR_SETUP_ALREADY_JOINED, "Machine is already joined" },
 	{ WERR_SETUP_DOMAIN_CONTROLLER, "Machine is a Domain Controller" },
 	{ WERR_LOGON_FAILURE, "Invalid logon credentials" },
 	{ WERR_USER_EXISTS, "User account already exists" },
+	{ WERR_PASSWORD_MUST_CHANGE, "The password must be changed" },
+	{ WERR_ACCOUNT_LOCKED_OUT, "Account locked out" },
+	{ WERR_TIME_SKEW, "Time difference between client and server" },
 };
 
 /*****************************************************************************
diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c
index 2a66d51400..bc9f4b92c8 100644
--- a/source3/libsmb/dsgetdcname.c
+++ b/source3/libsmb/dsgetdcname.c
@@ -110,7 +110,7 @@ void debug_dsdcinfo_flags(int lvl, uint32_t flags)
 /*********************************************************************
  ********************************************************************/
 
-static int pack_dsdcinfo(struct DS_DOMAIN_CONTROLLER_INFO *info,
+static int pack_dsdcinfo(struct netr_DsRGetDCNameInfo *info,
 			 unsigned char **buf)
 {
 	unsigned char *buffer = NULL;
@@ -122,9 +122,8 @@ static int pack_dsdcinfo(struct DS_DOMAIN_CONTROLLER_INFO *info,
 
 	ZERO_STRUCT(guid_flat);
 
-	if (info->domain_guid) {
-		const struct GUID *guid = info->domain_guid;
-		smb_uuid_pack(*guid, &guid_flat);
+	if (!GUID_all_zero(&info->domain_guid)) {
+		smb_uuid_pack(info->domain_guid, &guid_flat);
 	}
 
  again:
@@ -132,17 +131,17 @@ static int pack_dsdcinfo(struct DS_DOMAIN_CONTROLLER_INFO *info,
 
 	if (buflen > 0) {
 		DEBUG(10,("pack_dsdcinfo: Packing domain %s (%s)\n",
-			  info->domain_name, info->domain_controller_name));
+			  info->domain_name, info->dc_unc));
 	}
 
 	len += tdb_pack(buffer+len, buflen-len, "ffdBffdff",
-			info->domain_controller_name,
-			info->domain_controller_address,
-			info->domain_controller_address_type,
+			info->dc_unc,
+			info->dc_address,
+			info->dc_address_type,
 			UUID_FLAT_SIZE, guid_flat.info,
 			info->domain_name,
-			info->dns_forest_name,
-			info->flags,
+			info->forest_name,
+			info->dc_flags,
 			info->dc_site_name,
 			info->client_site_name);
 
@@ -169,33 +168,33 @@ static int pack_dsdcinfo(struct DS_DOMAIN_CONTROLLER_INFO *info,
 static NTSTATUS unpack_dsdcinfo(TALLOC_CTX *mem_ctx,
 				unsigned char *buf,
 				int buflen,
-				struct DS_DOMAIN_CONTROLLER_INFO **info_ret)
+				struct netr_DsRGetDCNameInfo **info_ret)
 {
 	int len = 0;
-	struct DS_DOMAIN_CONTROLLER_INFO *info = NULL;
+	struct netr_DsRGetDCNameInfo *info = NULL;
 	uint32_t guid_len = 0;
 	unsigned char *guid_buf = NULL;
 	UUID_FLAT guid_flat;
 
 	/* forgive me 6 times */
-	fstring domain_controller_name;
-	fstring domain_controller_address;
+	fstring dc_unc;
+	fstring dc_address;
 	fstring domain_name;
-	fstring dns_forest_name;
+	fstring forest_name;
 	fstring dc_site_name;
 	fstring client_site_name;
 
-	info = TALLOC_ZERO_P(mem_ctx, struct DS_DOMAIN_CONTROLLER_INFO);
+	info = TALLOC_ZERO_P(mem_ctx, struct netr_DsRGetDCNameInfo);
 	NT_STATUS_HAVE_NO_MEMORY(info);
 
 	len += tdb_unpack(buf+len, buflen-len, "ffdBffdff",
-			  &domain_controller_name,
-			  &domain_controller_address,
-			  &info->domain_controller_address_type,
+			  &dc_unc,
+			  &dc_address,
+			  &info->dc_address_type,
 			  &guid_len, &guid_buf,
 			  &domain_name,
-			  &dns_forest_name,
-			  &info->flags,
+			  &forest_name,
+			  &info->dc_flags,
 			  &dc_site_name,
 			  &client_site_name);
 	if (len == -1) {
@@ -203,23 +202,23 @@ static NTSTATUS unpack_dsdcinfo(TALLOC_CTX *mem_ctx,
 		goto failed;
 	}
 
-	info->domain_controller_name =
-		talloc_strdup(mem_ctx, domain_controller_name);
-	info->domain_controller_address =
-		talloc_strdup(mem_ctx, domain_controller_address);
+	info->dc_unc =
+		talloc_strdup(mem_ctx, dc_unc);
+	info->dc_address =
+		talloc_strdup(mem_ctx, dc_address);
 	info->domain_name =
 		talloc_strdup(mem_ctx, domain_name);
-	info->dns_forest_name =
-		talloc_strdup(mem_ctx, dns_forest_name);
+	info->forest_name =
+		talloc_strdup(mem_ctx, forest_name);
 	info->dc_site_name =
 		talloc_strdup(mem_ctx, dc_site_name);
 	info->client_site_name =
 		talloc_strdup(mem_ctx, client_site_name);
 
-	if (!info->domain_controller_name ||
-	    !info->domain_controller_address ||
+	if (!info->dc_unc ||
+	    !info->dc_address ||
 	    !info->domain_name ||
-	    !info->dns_forest_name ||
+	    !info->forest_name ||
 	    !info->dc_site_name ||
 	    !info->client_site_name) {
 		goto failed;
@@ -235,16 +234,12 @@ static NTSTATUS unpack_dsdcinfo(TALLOC_CTX *mem_ctx,
 		memcpy(&guid_flat.info, guid_buf, guid_len);
 		smb_uuid_unpack(guid_flat, &guid);
 
-		info->domain_guid = (struct GUID *)talloc_memdup(
-			mem_ctx, &guid, sizeof(guid));
-		if (!info->domain_guid) {
-			goto failed;
-		}
+		info->domain_guid = guid;
 		SAFE_FREE(guid_buf);
 	}
 
 	DEBUG(10,("unpack_dcscinfo: Unpacked domain %s (%s)\n",
-		  info->domain_name, info->domain_controller_name));
+		  info->domain_name, info->dc_unc));
 
 	*info_ret = info;
 
@@ -297,7 +292,7 @@ static NTSTATUS dsgetdcname_cache_delete(TALLOC_CTX *mem_ctx,
 
 static NTSTATUS dsgetdcname_cache_store(TALLOC_CTX *mem_ctx,
 					const char *domain_name,
-					struct DS_DOMAIN_CONTROLLER_INFO *info)
+					struct netr_DsRGetDCNameInfo *info)
 {
 	time_t expire_time;
 	char *key;
@@ -346,7 +341,7 @@ static NTSTATUS dsgetdcname_cache_refresh(TALLOC_CTX *mem_ctx,
 					  struct GUID *domain_guid,
 					  uint32_t flags,
 					  const char *site_name,
-					  struct DS_DOMAIN_CONTROLLER_INFO *info)
+					  struct netr_DsRGetDCNameInfo *info)
 {
 	struct cldap_netlogon_reply r;
 
@@ -355,7 +350,7 @@ static NTSTATUS dsgetdcname_cache_refresh(TALLOC_CTX *mem_ctx,
 
 	ZERO_STRUCT(r);
 
-	if (ads_cldap_netlogon(info->domain_controller_name,
+	if (ads_cldap_netlogon(info->dc_unc,
 			       info->domain_name, &r)) {
 
 		dsgetdcname_cache_delete(mem_ctx, domain_name);
@@ -409,7 +404,7 @@ static NTSTATUS dsgetdcname_cache_fetch(TALLOC_CTX *mem_ctx,
 					struct GUID *domain_guid,
 					uint32_t flags,
 					const char *site_name,
-					struct DS_DOMAIN_CONTROLLER_INFO **info,
+					struct netr_DsRGetDCNameInfo **info,
 					bool *expired)
 {
 	char *key;
@@ -438,13 +433,13 @@ static NTSTATUS dsgetdcname_cache_fetch(TALLOC_CTX *mem_ctx,
 	data_blob_free(&blob);
 
 	/* check flags */
-	if (!check_cldap_reply_required_flags((*info)->flags, flags)) {
+	if (!check_cldap_reply_required_flags((*info)->dc_flags, flags)) {
 		DEBUG(10,("invalid flags\n"));
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
 	if ((flags & DS_IP_REQUIRED) &&
-	    ((*info)->domain_controller_address_type != ADS_INET_ADDRESS)) {
+	    ((*info)->dc_address_type != DS_ADDRESS_TYPE_INET)) {
 	    	return NT_STATUS_INVALID_PARAMETER_MIX;
 	}
 
@@ -459,7 +454,7 @@ static NTSTATUS dsgetdcname_cached(TALLOC_CTX *mem_ctx,
 				   struct GUID *domain_guid,
 				   uint32_t flags,
 				   const char *site_name,
-				   struct DS_DOMAIN_CONTROLLER_INFO **info)
+				   struct netr_DsRGetDCNameInfo **info)
 {
 	NTSTATUS status;
 	bool expired = false;
@@ -663,40 +658,36 @@ static NTSTATUS discover_dc_dns(TALLOC_CTX *mem_ctx,
 ****************************************************************/
 
 static NTSTATUS make_domain_controller_info(TALLOC_CTX *mem_ctx,
-					    const char *domain_controller_name,
-					    const char *domain_controller_address,
-					    uint32_t domain_controller_address_type,
+					    const char *dc_unc,
+					    const char *dc_address,
+					    uint32_t dc_address_type,
 					    const struct GUID *domain_guid,
 					    const char *domain_name,
-					    const char *dns_forest_name,
+					    const char *forest_name,
 					    uint32_t flags,
 					    const char *dc_site_name,
 					    const char *client_site_name,
-					    struct DS_DOMAIN_CONTROLLER_INFO **info_out)
+					    struct netr_DsRGetDCNameInfo **info_out)
 {
-	struct DS_DOMAIN_CONTROLLER_INFO *info;
+	struct netr_DsRGetDCNameInfo *info;
 
-	info = TALLOC_ZERO_P(mem_ctx, struct DS_DOMAIN_CONTROLLER_INFO);
+	info = TALLOC_ZERO_P(mem_ctx, struct netr_DsRGetDCNameInfo);
 	NT_STATUS_HAVE_NO_MEMORY(info);
 
-	if (domain_controller_name) {
-		info->domain_controller_name = talloc_strdup(mem_ctx,
-			domain_controller_name);
-		NT_STATUS_HAVE_NO_MEMORY(info->domain_controller_name);
+	if (dc_unc) {
+		info->dc_unc = talloc_strdup(mem_ctx, dc_unc);
+		NT_STATUS_HAVE_NO_MEMORY(info->dc_unc);
 	}
 
-	if (domain_controller_address) {
-		info->domain_controller_address = talloc_strdup(mem_ctx,
-			domain_controller_address);
-		NT_STATUS_HAVE_NO_MEMORY(info->domain_controller_address);
+	if (dc_address) {
+		info->dc_address = talloc_strdup(mem_ctx, dc_address);
+		NT_STATUS_HAVE_NO_MEMORY(info->dc_address);
 	}
 
-	info->domain_controller_address_type = domain_controller_address_type;
+	info->dc_address_type = dc_address_type;
 
 	if (domain_guid) {
-		info->domain_guid = (struct GUID *)talloc_memdup(
-			mem_ctx, domain_guid, sizeof(*domain_guid));
-		NT_STATUS_HAVE_NO_MEMORY(info->domain_guid);
+		info->domain_guid = *domain_guid;
 	}
 
 	if (domain_name) {
@@ -704,13 +695,12 @@ static NTSTATUS make_domain_controller_info(TALLOC_CTX *mem_ctx,
 		NT_STATUS_HAVE_NO_MEMORY(info->domain_name);
 	}
 
-	if (dns_forest_name) {
-		info->dns_forest_name = talloc_strdup(mem_ctx,
-						      dns_forest_name);
-		NT_STATUS_HAVE_NO_MEMORY(info->dns_forest_name);
+	if (forest_name) {
+		info->forest_name = talloc_strdup(mem_ctx, forest_name);
+		NT_STATUS_HAVE_NO_MEMORY(info->forest_name);
 	}
 
-	info->flags = flags;
+	info->dc_flags = flags;
 
 	if (dc_site_name) {
 		info->dc_site_name = talloc_strdup(mem_ctx, dc_site_name);
@@ -736,7 +726,7 @@ static NTSTATUS process_dc_dns(TALLOC_CTX *mem_ctx,
 			       uint32_t flags,
 			       struct ip_service_name **dclist,
 			       int num_dcs,
-			       struct DS_DOMAIN_CONTROLLER_INFO **info)
+			       struct netr_DsRGetDCNameInfo **info)
 {
 	int i = 0;
 	bool valid_dc = false;
@@ -779,12 +769,12 @@ static NTSTATUS process_dc_dns(TALLOC_CTX *mem_ctx,
 		}
 		dc_hostname = r.hostname;
 		dc_domain_name = r.domain;
-		dc_flags |= ADS_DNS_DOMAIN | ADS_DNS_CONTROLLER;
+		dc_flags |= DS_DNS_DOMAIN | DS_DNS_CONTROLLER;
 	} else {
 		/* FIXME */
 		dc_hostname = r.hostname;
 		dc_domain_name = r.domain;
-		dc_flags |= ADS_DNS_DOMAIN | ADS_DNS_CONTROLLER;
+		dc_flags |= DS_DNS_DOMAIN | DS_DNS_CONTROLLER;
 	}
 
 	if (flags & DS_IP_REQUIRED) {
@@ -792,17 +782,17 @@ static NTSTATUS process_dc_dns(TALLOC_CTX *mem_ctx,
 		print_sockaddr(addr, sizeof(addr), &dclist[i]->ss);
 		dc_address = talloc_asprintf(mem_ctx, "\\\\%s",
 						addr);
-		dc_address_type = ADS_INET_ADDRESS;
+		dc_address_type = DS_ADDRESS_TYPE_INET;
 	} else {
 		dc_address = talloc_asprintf(mem_ctx, "\\\\%s",
 					     r.netbios_hostname);
-		dc_address_type = ADS_NETBIOS_ADDRESS;
+		dc_address_type = DS_ADDRESS_TYPE_NETBIOS;
 	}
 	NT_STATUS_HAVE_NO_MEMORY(dc_address);
 	smb_uuid_unpack(r.guid, &dc_guid);
 
 	if (r.forest) {
-		dc_flags |= ADS_DNS_FOREST;
+		dc_flags |= DS_DNS_FOREST;
 	}
 
 	return make_domain_controller_info(mem_ctx,
@@ -827,7 +817,7 @@ static NTSTATUS process_dc_netbios(TALLOC_CTX *mem_ctx,
 				   uint32_t flags,
 				   struct ip_service_name **dclist,
 				   int num_dcs,
-				   struct DS_DOMAIN_CONTROLLER_INFO **info)
+				   struct netr_DsRGetDCNameInfo **info)
 {
 	/* FIXME: code here */
 
@@ -842,7 +832,7 @@ static NTSTATUS dsgetdcname_rediscover(TALLOC_CTX *mem_ctx,
 				       struct GUID *domain_guid,
 				       uint32_t flags,
 				       const char *site_name,
-				       struct DS_DOMAIN_CONTROLLER_INFO **info)
+				       struct netr_DsRGetDCNameInfo **info)
 {
 	NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
 	struct ip_service_name *dclist;
@@ -891,71 +881,26 @@ static NTSTATUS dsgetdcname_rediscover(TALLOC_CTX *mem_ctx,
 }
 
 /********************************************************************
-********************************************************************/
-
-NTSTATUS dsgetdcname_remote(TALLOC_CTX *mem_ctx,
-			    const char *computer_name,
-			    const char *domain_name,
-			    struct GUID *domain_guid,
-			    const char *site_name,
-			    uint32_t flags,
-			    struct DS_DOMAIN_CONTROLLER_INFO **info)
-{
-	WERROR werr;
-	NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
-	struct cli_state *cli = NULL;
-	struct rpc_pipe_client *pipe_cli = NULL;
-
-	status = cli_full_connection(&cli, NULL, computer_name,
-				     NULL, 0,
-				     "IPC$", "IPC",
-				     "",
-				     "",
-				     "",
-				     0, Undefined, NULL);
-
-	if (!NT_STATUS_IS_OK(status)) {
-		goto done;
-	}
-
-	pipe_cli = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON,
-					    &status);
-	if (!pipe_cli) {
-		goto done;
-	}
-
-	werr = rpccli_netlogon_dsr_getdcname(pipe_cli,
-					     mem_ctx,
-					     computer_name,
-					     domain_name,
-					     domain_guid,
-					     NULL,
-					     flags,
-					     info);
-	status = werror_to_ntstatus(werr);
-
- done:
-	cli_rpc_pipe_close(pipe_cli);
-	if (cli) {
-		cli_shutdown(cli);
-	}
-
-	return status;
-}
+ dsgetdcname.
 
-/********************************************************************
+ This will be the only public function here.
 ********************************************************************/
 
-NTSTATUS dsgetdcname_local(TALLOC_CTX *mem_ctx,
-			   const char *computer_name,
-			   const char *domain_name,
-			   struct GUID *domain_guid,
-			   const char *site_name,
-			   uint32_t flags,
-			   struct DS_DOMAIN_CONTROLLER_INFO **info)
+NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx,
+		     const char *domain_name,
+		     struct GUID *domain_guid,
+		     const char *site_name,
+		     uint32_t flags,
+		     struct netr_DsRGetDCNameInfo **info)
 {
 	NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND;
-	struct DS_DOMAIN_CONTROLLER_INFO *myinfo = NULL;
+	struct netr_DsRGetDCNameInfo *myinfo = NULL;
+
+	DEBUG(10,("dsgetdcname: domain_name: %s, "
+		  "domain_guid: %s, site_name: %s, flags: 0x%08x\n",
+		  domain_name,
+		  domain_guid ? GUID_string(mem_ctx, domain_guid) : "(null)",
+		  site_name, flags));
 
 	*info = NULL;
 
@@ -991,44 +936,3 @@ NTSTATUS dsgetdcname_local(TALLOC_CTX *mem_ctx,
 
 	return status;
 }
-
-/********************************************************************
- dsgetdcname.
-
- This will be the only public function here.
-********************************************************************/
-
-NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx,
-		     const char *computer_name,
-		     const char *domain_name,
-		     struct GUID *domain_guid,
-		     const char *site_name,
-		     uint32_t flags,
-		     struct DS_DOMAIN_CONTROLLER_INFO **info)
-{
-	DEBUG(10,("dsgetdcname: computer_name: %s, domain_name: %s, "
-		  "domain_guid: %s, site_name: %s, flags: 0x%08x\n",
-		  computer_name, domain_name,
-		  domain_guid ? GUID_string(mem_ctx, domain_guid) : "(null)",
-		  site_name, flags));
-
-	*info = NULL;
-
-	if (computer_name) {
-		return dsgetdcname_remote(mem_ctx,
-					  computer_name,
-					  domain_name,
-					  domain_guid,
-					  site_name,
-					  flags,
-					  info);
-	}
-
-	return dsgetdcname_local(mem_ctx,
-				 computer_name,
-				 domain_name,
-				 domain_guid,
-				 site_name,
-				 flags,
-				 info);
-}
diff --git a/source3/libsmb/libsmb_compat.c b/source3/libsmb/libsmb_compat.c
index 573d087d6e..6042464fd2 100644
--- a/source3/libsmb/libsmb_compat.c
+++ b/source3/libsmb/libsmb_compat.c
@@ -289,6 +289,12 @@ int smbc_fstat(int fd, struct stat *st)
 	return (statcont->fstat)(statcont, file, st);
 }
 
+int smbc_ftruncate(int fd, off_t size)
+{
+	SMBCFILE * file = find_fd(fd);
+	return (statcont->ftruncate)(statcont, file, size);
+}
+
 int smbc_chmod(const char *url, mode_t mode)
 {
 	return (statcont->chmod)(statcont, url, mode);
diff --git a/source3/libsmb/libsmbclient.c b/source3/libsmb/libsmbclient.c
index fb04d143a5..fe008ed6b6 100644
--- a/source3/libsmb/libsmbclient.c
+++ b/source3/libsmb/libsmbclient.c
@@ -1037,8 +1037,7 @@ smbc_attr_server(TALLOC_CTX *ctx,
 		const char *share,
 		char **pp_workgroup,
 		char **pp_username,
-		char **pp_password,
-		POLICY_HND *pol)
+		char **pp_password)
 {
         int flags;
         struct sockaddr_storage ss;
@@ -1122,36 +1121,34 @@ smbc_attr_server(TALLOC_CTX *ctx,
                 ZERO_STRUCTP(ipc_srv);
                 ipc_srv->cli = ipc_cli;
 
-                if (pol) {
-                        pipe_hnd = cli_rpc_pipe_open_noauth(ipc_srv->cli,
-                                                            PI_LSARPC,
-                                                            &nt_status);
-                        if (!pipe_hnd) {
-                                DEBUG(1, ("cli_nt_session_open fail!\n"));
-                                errno = ENOTSUP;
-                                cli_shutdown(ipc_srv->cli);
-                                free(ipc_srv);
-                                return NULL;
-                        }
-
-                        /*
-                         * Some systems don't support
-                         * SEC_RIGHTS_MAXIMUM_ALLOWED, but NT sends 0x2000000
-                         * so we might as well do it too.
-                         */
+                pipe_hnd = cli_rpc_pipe_open_noauth(ipc_srv->cli,
+                                                    PI_LSARPC,
+                                                    &nt_status);
+                if (!pipe_hnd) {
+                    DEBUG(1, ("cli_nt_session_open fail!\n"));
+                    errno = ENOTSUP;
+                    cli_shutdown(ipc_srv->cli);
+                    free(ipc_srv);
+                    return NULL;
+                }
 
-                        nt_status = rpccli_lsa_open_policy(
-                                pipe_hnd,
-                                talloc_tos(),
-                                True,
-                                GENERIC_EXECUTE_ACCESS,
-                                pol);
+                /*
+                 * Some systems don't support
+                 * SEC_RIGHTS_MAXIMUM_ALLOWED, but NT sends 0x2000000
+                 * so we might as well do it too.
+                 */
 
-                        if (!NT_STATUS_IS_OK(nt_status)) {
-                                errno = smbc_errno(context, ipc_srv->cli);
-                                cli_shutdown(ipc_srv->cli);
-                                return NULL;
-                        }
+                nt_status = rpccli_lsa_open_policy(
+                    pipe_hnd,
+                    talloc_tos(),
+                    True,
+                    GENERIC_EXECUTE_ACCESS,
+                    &ipc_srv->pol);
+
+                if (!NT_STATUS_IS_OK(nt_status)) {
+                    errno = smbc_errno(context, ipc_srv->cli);
+                    cli_shutdown(ipc_srv->cli);
+                    return NULL;
                 }
 
                 /* now add it to the cache (internal or external) */
@@ -2264,6 +2261,9 @@ smbc_setup_stat(SMBCCTX *context,
 #ifdef HAVE_STAT_ST_BLOCKS
 	st->st_blocks = (size+511)/512;
 #endif
+#ifdef HAVE_STRUCT_STAT_ST_RDEV
+	st->st_rdev = 0;
+#endif
 	st->st_uid = getuid();
 	st->st_gid = getgid();
 
@@ -2367,7 +2367,7 @@ smbc_stat_ctx(SMBCCTX *context,
 
 	st->st_ino = ino;
 
-	smbc_setup_stat(context, st, path, size, mode);
+	smbc_setup_stat(context, st, (char *) fname, size, mode);
 
 	set_atimespec(st, access_time_ts);
 	set_ctimespec(st, change_time_ts);
@@ -2483,6 +2483,80 @@ smbc_fstat_ctx(SMBCCTX *context,
 }
 
 /*
+ * Routine to truncate a file given by its file descriptor, to a specified size
+ */
+
+static int
+smbc_ftruncate_ctx(SMBCCTX *context,
+                   SMBCFILE *file,
+                   off_t length)
+{
+	SMB_OFF_T size = length;
+	char *server = NULL;
+	char *share = NULL;
+	char *user = NULL;
+	char *password = NULL;
+	char *path = NULL;
+        char *targetpath = NULL;
+	struct cli_state *targetcli = NULL;
+	TALLOC_CTX *frame = talloc_stackframe();
+
+	if (!context || !context->internal ||
+	    !context->internal->_initialized) {
+		errno = EINVAL;
+		TALLOC_FREE(frame);
+		return -1;
+	}
+
+	if (!file || !DLIST_CONTAINS(context->internal->_files, file)) {
+		errno = EBADF;
+		TALLOC_FREE(frame);
+		return -1;
+	}
+
+	if (!file->file) {
+		errno = EINVAL;
+		TALLOC_FREE(frame);
+		return -1;
+	}
+
+	/*d_printf(">>>fstat: parsing %s\n", file->fname);*/
+	if (smbc_parse_path(frame,
+                            context,
+                            file->fname,
+                            NULL,
+                            &server,
+                            &share,
+                            &path,
+                            &user,
+                            &password,
+                            NULL)) {
+                errno = EINVAL;
+		TALLOC_FREE(frame);
+                return -1;
+        }
+
+	/*d_printf(">>>fstat: resolving %s\n", path);*/
+	if (!cli_resolve_path(frame, "", file->srv->cli, path,
+                              &targetcli, &targetpath)) {
+		d_printf("Could not resolve %s\n", path);
+		TALLOC_FREE(frame);
+		return -1;
+	}
+	/*d_printf(">>>fstat: resolved path as %s\n", targetpath);*/
+
+        if (!cli_ftruncate(targetcli, file->cli_fd, size)) {
+                errno = EINVAL;
+                TALLOC_FREE(frame);
+                return -1;
+        }
+
+	TALLOC_FREE(frame);
+	return 0;
+
+}
+
+/*
  * Routine to open a directory
  * We accept the URL syntax explained in smbc_parse_path(), above.
  */
@@ -4689,7 +4763,15 @@ dos_attr_parse(SMBCCTX *context,
 	frame = talloc_stackframe();
 	while (next_token_talloc(frame, &p, &tok, "\t,\r\n")) {
 		if (StrnCaseCmp(tok, "MODE:", 5) == 0) {
-			dad->mode = strtol(tok+5, NULL, 16);
+                        long request = strtol(tok+5, NULL, 16);
+                        if (request == 0) {
+                                dad->mode = (request |
+                                             (IS_DOS_DIR(dad->mode)
+                                              ? FILE_ATTRIBUTE_DIRECTORY
+                                              : FILE_ATTRIBUTE_NORMAL));
+                        } else {
+                                dad->mode = request;
+                        }
 			continue;
 		}
 
@@ -5725,7 +5807,6 @@ smbc_setxattr_ctx(SMBCCTX *context,
 	char *password = NULL;
 	char *workgroup = NULL;
 	char *path = NULL;
-        POLICY_HND pol;
         DOS_ATTR_DESC *dad = NULL;
         struct {
                 const char * create_time_attr;
@@ -5784,8 +5865,7 @@ smbc_setxattr_ctx(SMBCCTX *context,
 
         if (! srv->no_nt_session) {
                 ipc_srv = smbc_attr_server(frame, context, server, share,
-                                           &workgroup, &user, &password,
-                                           &pol);
+                                           &workgroup, &user, &password);
                 if (! ipc_srv) {
                         srv->no_nt_session = True;
                 }
@@ -5811,7 +5891,7 @@ smbc_setxattr_ctx(SMBCCTX *context,
 
                 if (ipc_srv) {
                         ret = cacl_set(talloc_tos(), srv->cli,
-                                       ipc_srv->cli, &pol, path,
+                                       ipc_srv->cli, &ipc_srv->pol, path,
                                        namevalue,
                                        (*namevalue == '*'
                                         ? SMBC_XATTR_MODE_SET
@@ -5875,7 +5955,7 @@ smbc_setxattr_ctx(SMBCCTX *context,
                         ret = -1;
                 } else {
                         ret = cacl_set(talloc_tos(), srv->cli,
-                                       ipc_srv->cli, &pol, path,
+                                       ipc_srv->cli, &ipc_srv->pol, path,
                                        namevalue,
                                        (*namevalue == '*'
                                         ? SMBC_XATTR_MODE_SET
@@ -5905,7 +5985,7 @@ smbc_setxattr_ctx(SMBCCTX *context,
                         ret = -1;
                 } else {
                         ret = cacl_set(talloc_tos(), srv->cli,
-                                       ipc_srv->cli, &pol, path,
+                                       ipc_srv->cli, &ipc_srv->pol, path,
                                        namevalue, SMBC_XATTR_MODE_CHOWN, 0);
                 }
 		TALLOC_FREE(frame);
@@ -5932,8 +6012,8 @@ smbc_setxattr_ctx(SMBCCTX *context,
                         ret = -1;
                 } else {
                         ret = cacl_set(talloc_tos(), srv->cli,
-                                       ipc_srv->cli, &pol, path,
-                                       namevalue, SMBC_XATTR_MODE_CHOWN, 0);
+                                       ipc_srv->cli, &ipc_srv->pol, path,
+                                       namevalue, SMBC_XATTR_MODE_CHGRP, 0);
                 }
 		TALLOC_FREE(frame);
                 return ret;
@@ -6023,7 +6103,6 @@ smbc_getxattr_ctx(SMBCCTX *context,
 	char *password = NULL;
 	char *workgroup = NULL;
 	char *path = NULL;
-        POLICY_HND pol;
         struct {
                 const char * create_time_attr;
                 const char * access_time_attr;
@@ -6080,8 +6159,7 @@ smbc_getxattr_ctx(SMBCCTX *context,
 
         if (! srv->no_nt_session) {
                 ipc_srv = smbc_attr_server(frame, context, server, share,
-                                           &workgroup, &user, &password,
-                                           &pol);
+                                           &workgroup, &user, &password);
                 if (! ipc_srv) {
                         srv->no_nt_session = True;
                 }
@@ -6134,7 +6212,7 @@ smbc_getxattr_ctx(SMBCCTX *context,
                 /* Yup. */
                 ret = cacl_get(context, talloc_tos(), srv,
                                ipc_srv == NULL ? NULL : ipc_srv->cli, 
-                               &pol, path,
+                               &ipc_srv->pol, path,
                                CONST_DISCARD(char *, name),
                                CONST_DISCARD(char *, value), size);
                 if (ret < 0 && errno == 0) {
@@ -6165,7 +6243,6 @@ smbc_removexattr_ctx(SMBCCTX *context,
 	char *password = NULL;
 	char *workgroup = NULL;
 	char *path = NULL;
-        POLICY_HND pol;
 	TALLOC_CTX *frame = talloc_stackframe();
 
         if (!context || !context->internal ||
@@ -6216,8 +6293,7 @@ smbc_removexattr_ctx(SMBCCTX *context,
 
         if (! srv->no_nt_session) {
                 ipc_srv = smbc_attr_server(frame, context, server, share,
-                                           &workgroup, &user, &password,
-                                           &pol);
+                                           &workgroup, &user, &password);
                 if (! ipc_srv) {
                         srv->no_nt_session = True;
                 }
@@ -6236,7 +6312,7 @@ smbc_removexattr_ctx(SMBCCTX *context,
 
                 /* Yup. */
                 ret = cacl_set(talloc_tos(), srv->cli,
-                               ipc_srv->cli, &pol, path,
+                               ipc_srv->cli, &ipc_srv->pol, path,
                                NULL, SMBC_XATTR_MODE_REMOVE_ALL, 0);
 		TALLOC_FREE(frame);
                 return ret;
@@ -6256,7 +6332,7 @@ smbc_removexattr_ctx(SMBCCTX *context,
 
                 /* Yup. */
                 ret = cacl_set(talloc_tos(), srv->cli,
-                               ipc_srv->cli, &pol, path,
+                               ipc_srv->cli, &ipc_srv->pol, path,
                                name + 19, SMBC_XATTR_MODE_REMOVE, 0);
 		TALLOC_FREE(frame);
                 return ret;
@@ -6701,6 +6777,7 @@ smbc_new_context(void)
         context->telldir                           = smbc_telldir_ctx;
         context->lseekdir                          = smbc_lseekdir_ctx;
         context->fstatdir                          = smbc_fstatdir_ctx;
+        context->ftruncate                         = smbc_ftruncate_ctx;
         context->chmod                             = smbc_chmod_ctx;
         context->utimes                            = smbc_utimes_ctx;
         context->setxattr                          = smbc_setxattr_ctx;
@@ -6795,7 +6872,7 @@ smbc_free_context(SMBCCTX *context,
         SAFE_FREE(context->netbios_name);
         SAFE_FREE(context->user);
 
-        DEBUG(3, ("Context %p succesfully freed\n", context));
+        DEBUG(3, ("Context %p successfully freed\n", context));
         SAFE_FREE(context->internal);
         SAFE_FREE(context);
         return 0;
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index ad999b34b4..ad16452e3e 100644
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -1299,11 +1299,11 @@ static NTSTATUS resolve_hosts(const char *name, int name_type,
  Resolve via "ADS" method.
 *********************************************************/
 
-NTSTATUS resolve_ads(const char *name,
-			int name_type,
-			const char *sitename,
-			struct ip_service **return_iplist,
-			int *return_count)
+static NTSTATUS resolve_ads(const char *name,
+			    int name_type,
+			    const char *sitename,
+			    struct ip_service **return_iplist,
+			    int *return_count)
 {
 	int 			i, j;
 	NTSTATUS  		status;
diff --git a/source3/libsmb/ntlmssp_parse.c b/source3/libsmb/ntlmssp_parse.c
index ac8846ad1e..70377cba7d 100644
--- a/source3/libsmb/ntlmssp_parse.c
+++ b/source3/libsmb/ntlmssp_parse.c
@@ -170,6 +170,7 @@ bool msrpc_gen(DATA_BLOB *blob,
 /* a helpful macro to avoid running over the end of our blob */
 #define NEED_DATA(amount) \
 if ((head_ofs + amount) > blob->length) { \
+        va_end(ap); \
         return False; \
 }
 
@@ -216,16 +217,20 @@ bool msrpc_parse(const DATA_BLOB *blob,
 				if ((len1 != len2) || (ptr + len1 < ptr) ||
 						(ptr + len1 < len1) ||
 						(ptr + len1 > blob->length)) {
+					va_end(ap);
 					return false;
 				}
 				if (len1 & 1) {
 					/* if odd length and unicode */
+					va_end(ap);
 					return false;
 				}
 				if (blob->data + ptr <
 						(uint8 *)(unsigned long)ptr ||
-						blob->data + ptr < blob->data)
+				    blob->data + ptr < blob->data) {
+					va_end(ap);
 					return false;
+				}
 
 				if (0 < len1) {
 					char *p = NULL;
@@ -261,13 +266,16 @@ bool msrpc_parse(const DATA_BLOB *blob,
 				if ((len1 != len2) || (ptr + len1 < ptr) ||
 						(ptr + len1 < len1) ||
 						(ptr + len1 > blob->length)) {
+					va_end(ap);
 					return false;
 				}
 
 				if (blob->data + ptr <
 						(uint8 *)(unsigned long)ptr ||
-						blob->data + ptr < blob->data)
+				    blob->data + ptr < blob->data) {
+					va_end(ap);
 					return false;
+				}
 
 				if (0 < len1) {
 					char *p = NULL;
@@ -304,13 +312,16 @@ bool msrpc_parse(const DATA_BLOB *blob,
 				if ((len1 != len2) || (ptr + len1 < ptr) ||
 						(ptr + len1 < len1) ||
 						(ptr + len1 > blob->length)) {
+					va_end(ap);
 					return false;
 				}
 
 				if (blob->data + ptr <
 						(uint8 *)(unsigned long)ptr ||
-						blob->data + ptr < blob->data)
+				    blob->data + ptr < blob->data) {
+					va_end(ap);
 					return false;
+				}
 
 				*b = data_blob(blob->data + ptr, len1);
 			}
@@ -322,6 +333,7 @@ bool msrpc_parse(const DATA_BLOB *blob,
 			NEED_DATA(len1);
 			if (blob->data + head_ofs < (uint8 *)head_ofs ||
 					blob->data + head_ofs < blob->data) {
+				va_end(ap);
 				return false;
 			}
 
@@ -337,7 +349,8 @@ bool msrpc_parse(const DATA_BLOB *blob,
 			s = va_arg(ap, char *);
 
 			if (blob->data + head_ofs < (uint8 *)head_ofs ||
-					blob->data + head_ofs < blob->data) {
+			    blob->data + head_ofs < blob->data) {
+				va_end(ap);
 				return false;
 			}
 
@@ -351,11 +364,13 @@ bool msrpc_parse(const DATA_BLOB *blob,
 						blob->length - head_ofs,
 						STR_ASCII|STR_TERMINATE);
 				if (ret == (size_t)-1 || p == NULL) {
+					va_end(ap);
 					return false;
 				}
 				head_ofs += ret;
 				if (strcmp(s, p) != 0) {
 					TALLOC_FREE(p);
+					va_end(ap);
 					return false;
 				}
 				TALLOC_FREE(p);
diff --git a/source3/libsmb/samlogon_cache.c b/source3/libsmb/samlogon_cache.c
index 4f791f66f6..73b570c383 100644
--- a/source3/libsmb/samlogon_cache.c
+++ b/source3/libsmb/samlogon_cache.c
@@ -1,21 +1,22 @@
-/* 
+/*
    Unix SMB/CIFS implementation.
    Net_sam_logon info3 helpers
    Copyright (C) Alexander Bokovoy              2002.
    Copyright (C) Andrew Bartlett                2002.
    Copyright (C) Gerald Carter			2003.
    Copyright (C) Tim Potter			2003.
-   
+   Copyright (C) Guenther Deschner		2008.
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -29,12 +30,12 @@ static TDB_CONTEXT *netsamlogon_tdb = NULL;
 /***********************************************************************
  open the tdb
  ***********************************************************************/
- 
+
 bool netsamlogon_cache_init(void)
 {
 	if (!netsamlogon_tdb) {
 		netsamlogon_tdb = tdb_open_log(lock_path(NETSAMLOGON_TDB), 0,
-						   TDB_DEFAULT, O_RDWR | O_CREAT, 0600);
+					       TDB_DEFAULT, O_RDWR | O_CREAT, 0600);
 	}
 
 	return (netsamlogon_tdb != NULL);
@@ -47,37 +48,39 @@ bool netsamlogon_cache_init(void)
 
 bool netsamlogon_cache_shutdown(void)
 {
-	if(netsamlogon_tdb)
+	if (netsamlogon_tdb) {
 		return (tdb_close(netsamlogon_tdb) == 0);
-		
-	return True;
+	}
+
+	return true;
 }
 
 /***********************************************************************
  Clear cache getpwnam and getgroups entries from the winbindd cache
 ***********************************************************************/
-void netsamlogon_clear_cached_user(TDB_CONTEXT *tdb, NET_USER_INFO_3 *user)
+
+void netsamlogon_clear_cached_user(TDB_CONTEXT *tdb, struct netr_SamInfo3 *info3)
 {
-	bool got_tdb = False;
+	bool got_tdb = false;
 	DOM_SID sid;
 	fstring key_str, sid_string;
 
 	/* We may need to call this function from smbd which will not have
-           winbindd_cache.tdb open.  Open the tdb if a NULL is passed. */
+	   winbindd_cache.tdb open.  Open the tdb if a NULL is passed. */
 
 	if (!tdb) {
-		tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 
+		tdb = tdb_open_log(lock_path("winbindd_cache.tdb"),
 				   WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
 				   TDB_DEFAULT, O_RDWR, 0600);
 		if (!tdb) {
 			DEBUG(5, ("netsamlogon_clear_cached_user: failed to open cache\n"));
 			return;
 		}
-		got_tdb = True;
+		got_tdb = true;
 	}
 
-	sid_copy(&sid, &user->dom_sid.sid);
-	sid_append_rid(&sid, user->user_rid);
+	sid_copy(&sid, info3->base.domain_sid);
+	sid_append_rid(&sid, info3->base.rid);
 
 	/* Clear U/SID cache entry */
 
@@ -95,157 +98,178 @@ void netsamlogon_clear_cached_user(TDB_CONTEXT *tdb, NET_USER_INFO_3 *user)
 
 	tdb_delete(tdb, string_tdb_data(key_str));
 
-	if (got_tdb)
+	if (got_tdb) {
 		tdb_close(tdb);
+	}
 }
 
 /***********************************************************************
- Store a NET_USER_INFO_3 structure in a tdb for later user 
+ Store a netr_SamInfo3 structure in a tdb for later user
  username should be in UTF-8 format
 ***********************************************************************/
 
-bool netsamlogon_cache_store( const char *username, NET_USER_INFO_3 *user )
+bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3)
 {
-	TDB_DATA 	data;
-        fstring 	keystr, tmp;
-	prs_struct 	ps;
-	bool 		result = False;
-	DOM_SID		user_sid;
-	time_t		t = time(NULL);
-	TALLOC_CTX 	*mem_ctx;
-	
+	TDB_DATA data;
+	fstring keystr, tmp;
+	bool result = false;
+	DOM_SID	user_sid;
+	time_t t = time(NULL);
+	TALLOC_CTX *mem_ctx;
+	DATA_BLOB blob;
+	enum ndr_err_code ndr_err;
+	struct netsamlogoncache_entry r;
+
+	if (!info3) {
+		return false;
+	}
 
 	if (!netsamlogon_cache_init()) {
-		DEBUG(0,("netsamlogon_cache_store: cannot open %s for write!\n", NETSAMLOGON_TDB));
-		return False;
+		DEBUG(0,("netsamlogon_cache_store: cannot open %s for write!\n",
+			NETSAMLOGON_TDB));
+		return false;
 	}
 
-	sid_copy( &user_sid, &user->dom_sid.sid );
-	sid_append_rid( &user_sid, user->user_rid );
+	sid_copy(&user_sid, info3->base.domain_sid);
+	sid_append_rid(&user_sid, info3->base.rid);
 
 	/* Prepare key as DOMAIN-SID/USER-RID string */
 	slprintf(keystr, sizeof(keystr), "%s", sid_to_fstring(tmp, &user_sid));
 
 	DEBUG(10,("netsamlogon_cache_store: SID [%s]\n", keystr));
-	
+
+	/* Prepare data */
+
+	if (!(mem_ctx = TALLOC_P( NULL, int))) {
+		DEBUG(0,("netsamlogon_cache_store: talloc() failed!\n"));
+		return false;
+	}
+
 	/* only Samba fills in the username, not sure why NT doesn't */
 	/* so we fill it in since winbindd_getpwnam() makes use of it */
-	
-	if ( !user->uni_user_name.buffer ) {
-		init_unistr2( &user->uni_user_name, username, UNI_STR_TERMINATE );
-		init_uni_hdr( &user->hdr_user_name, &user->uni_user_name );
+
+	if (!info3->base.account_name.string) {
+		info3->base.account_name.string = talloc_strdup(mem_ctx, username);
 	}
-		
-	/* Prepare data */
-	
-	if ( !(mem_ctx = TALLOC_P( NULL, int )) ) {
-		DEBUG(0,("netsamlogon_cache_store: talloc() failed!\n"));
-		return False;
+
+	r.timestamp = t;
+	r.info3 = *info3;
+
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_DEBUG(netsamlogoncache_entry, &r);
 	}
 
-	prs_init( &ps, RPC_MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
-	
-	{
-		uint32 ts = (uint32)t;
-		if ( !prs_uint32( "timestamp", &ps, 0, &ts ) )
-			return False;
+	ndr_err = ndr_push_struct_blob(&blob, mem_ctx, &r,
+				       (ndr_push_flags_fn_t)ndr_push_netsamlogoncache_entry);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DEBUG(0,("netsamlogon_cache_store: failed to push entry to cache\n"));
+		TALLOC_FREE(mem_ctx);
+		return false;
 	}
-	
-	if ( net_io_user_info3("", user, &ps, 0, 3, 0) ) 
-	{
-		data.dsize = prs_offset( &ps );
-		data.dptr = (uint8 *)prs_data_p( &ps );
 
-		if (tdb_store_bystring(netsamlogon_tdb, keystr, data, TDB_REPLACE) != -1)
-			result = True;
-		
-		prs_mem_free( &ps );
+	data.dsize = blob.length;
+	data.dptr = blob.data;
+
+	if (tdb_store_bystring(netsamlogon_tdb, keystr, data, TDB_REPLACE) != -1) {
+		result = true;
 	}
 
-	TALLOC_FREE( mem_ctx );
-		
+	TALLOC_FREE(mem_ctx);
+
 	return result;
 }
 
 /***********************************************************************
- Retrieves a NET_USER_INFO_3 structure from a tdb.  Caller must 
+ Retrieves a netr_SamInfo3 structure from a tdb.  Caller must
  free the user_info struct (malloc()'d memory)
 ***********************************************************************/
 
-NET_USER_INFO_3* netsamlogon_cache_get( TALLOC_CTX *mem_ctx, const DOM_SID *user_sid)
+struct netr_SamInfo3 *netsamlogon_cache_get(TALLOC_CTX *mem_ctx, const DOM_SID *user_sid)
 {
-	NET_USER_INFO_3	*user = NULL;
-	TDB_DATA 	data;
-	prs_struct	ps;
-        fstring 	keystr, tmp;
-	uint32		t;
-	
+	struct netr_SamInfo3 *info3 = NULL;
+	TDB_DATA data;
+	fstring keystr, tmp;
+	enum ndr_err_code ndr_err;
+	DATA_BLOB blob;
+	struct netsamlogoncache_entry r;
+
 	if (!netsamlogon_cache_init()) {
-		DEBUG(0,("netsamlogon_cache_get: cannot open %s for write!\n", NETSAMLOGON_TDB));
-		return False;
+		DEBUG(0,("netsamlogon_cache_get: cannot open %s for write!\n",
+			NETSAMLOGON_TDB));
+		return false;
 	}
 
 	/* Prepare key as DOMAIN-SID/USER-RID string */
 	slprintf(keystr, sizeof(keystr), "%s", sid_to_fstring(tmp, user_sid));
 	DEBUG(10,("netsamlogon_cache_get: SID [%s]\n", keystr));
 	data = tdb_fetch_bystring( netsamlogon_tdb, keystr );
-	
-	if ( data.dptr ) {
 
-		user = TALLOC_ZERO_P(mem_ctx, NET_USER_INFO_3);
-		if (user == NULL) {
-			return NULL;
-		}
+	if (!data.dptr) {
+		return NULL;
+	}
 
-		prs_init( &ps, 0, mem_ctx, UNMARSHALL );
-		prs_give_memory( &ps, (char *)data.dptr, data.dsize, True );
-		
-		if ( !prs_uint32( "timestamp", &ps, 0, &t ) ) {
-			prs_mem_free( &ps );
-			TALLOC_FREE(user);
-			return False;
-		}
-		
-		if ( !net_io_user_info3("", user, &ps, 0, 3, 0) ) {
-			TALLOC_FREE( user );
-		}
-			
-		prs_mem_free( &ps );
+	info3 = TALLOC_ZERO_P(mem_ctx, struct netr_SamInfo3);
+	if (!info3) {
+		goto done;
+	}
+
+	blob.data = (uint8 *)data.dptr;
+	blob.length = data.dsize;
+
+	ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, &r,
+				      (ndr_pull_flags_fn_t)ndr_pull_netsamlogoncache_entry);
 
-#if 0	/* The netsamlogon cache needs to hang around.  Something about 
+	if (DEBUGLEVEL >= 10) {
+		NDR_PRINT_DEBUG(netsamlogoncache_entry, &r);
+	}
+
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DEBUG(0,("netsamlogon_cache_get: failed to pull entry from cache\n"));
+		tdb_delete(netsamlogon_tdb, data);
+		TALLOC_FREE(info3);
+		goto done;
+	}
+
+	info3 = (struct netr_SamInfo3 *)talloc_memdup(mem_ctx, &r.info3,
+						      sizeof(r.info3));
+
+ done:
+	SAFE_FREE(data.dptr);
+
+	return info3;
+
+#if 0	/* The netsamlogon cache needs to hang around.  Something about
 	   this feels wrong, but it is the only way we can get all of the
 	   groups.  The old universal groups cache didn't expire either.
 	   --jerry */
 	{
 		time_t		now = time(NULL);
 		uint32		time_diff;
-	   
+
 		/* is the entry expired? */
 		time_diff = now - t;
-		
+
 		if ( (time_diff < 0 ) || (time_diff > lp_winbind_cache_time()) ) {
 			DEBUG(10,("netsamlogon_cache_get: cache entry expired \n"));
 			tdb_delete( netsamlogon_tdb, key );
 			TALLOC_FREE( user );
 		}
-#endif
 	}
-	
-	return user;
+#endif
 }
 
 bool netsamlogon_cache_have(const DOM_SID *user_sid)
 {
 	TALLOC_CTX *mem_ctx = talloc_init("netsamlogon_cache_have");
-	NET_USER_INFO_3 *user = NULL;
+	struct netr_SamInfo3 *info3 = NULL;
 	bool result;
 
 	if (!mem_ctx)
 		return False;
 
-	user = netsamlogon_cache_get(mem_ctx, user_sid);
+	info3 = netsamlogon_cache_get(mem_ctx, user_sid);
 
-	result = (user != NULL);
+	result = (info3 != NULL);
 
 	talloc_destroy(mem_ctx);
 
diff --git a/source3/libsmb/smb_seal.c b/source3/libsmb/smb_seal.c
index b5befbf7cd..a81ae9afd5 100644
--- a/source3/libsmb/smb_seal.c
+++ b/source3/libsmb/smb_seal.c
@@ -483,15 +483,15 @@ NTSTATUS cli_decrypt_message(struct cli_state *cli)
  Encrypt an outgoing buffer. Return the encrypted pointer in buf_out.
 ******************************************************************************/
 
-NTSTATUS cli_encrypt_message(struct cli_state *cli, char **buf_out)
+NTSTATUS cli_encrypt_message(struct cli_state *cli, char *buf, char **buf_out)
 {
 	/* Ignore non-session messages. */
-	if(CVAL(cli->outbuf,0)) {
+	if (CVAL(buf,0)) {
 		return NT_STATUS_OK;
 	}
 
 	/* If we supported multiple encrytion contexts
 	 * here we'd look up based on tid.
 	 */
-	return common_encrypt_buffer(cli->trans_enc_state, cli->outbuf, buf_out);
+	return common_encrypt_buffer(cli->trans_enc_state, buf, buf_out);
 }
diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c
index f03c21bd0e..bd6d97123d 100644
--- a/source3/libsmb/smb_signing.c
+++ b/source3/libsmb/smb_signing.c
@@ -573,9 +573,9 @@ void cli_free_signing_context(struct cli_state *cli)
  * Sign a packet with the current mechanism
  */
  
-void cli_calculate_sign_mac(struct cli_state *cli)
+void cli_calculate_sign_mac(struct cli_state *cli, char *buf)
 {
-	cli->sign_info.sign_outgoing_message(cli->outbuf, &cli->sign_info);
+	cli->sign_info.sign_outgoing_message(buf, &cli->sign_info);
 }
 
 /**
@@ -584,9 +584,9 @@ void cli_calculate_sign_mac(struct cli_state *cli)
  *         which had a bad checksum, True otherwise.
  */
  
-bool cli_check_sign_mac(struct cli_state *cli) 
+bool cli_check_sign_mac(struct cli_state *cli, char *buf)
 {
-	if (!cli->sign_info.check_incoming_message(cli->inbuf, &cli->sign_info, True)) {
+	if (!cli->sign_info.check_incoming_message(buf, &cli->sign_info, True)) {
 		free_signing_context(&cli->sign_info);	
 		return False;
 	}
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index 732dc78c75..c079fb149a 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -40,7 +40,7 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX
 	   already have valid creds. If not we must set them up. */
 
 	if (cli->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
-		uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+		uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
 
 		result = rpccli_netlogon_setup_creds(cli, 
 					cli->cli->desthost, /* server name */
@@ -58,7 +58,32 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX
 		}
 	}
 
-	result = rpccli_net_srv_pwset(cli, mem_ctx, global_myname(), new_trust_passwd_hash);
+	{
+		struct netr_Authenticator clnt_creds, srv_cred;
+		struct samr_Password new_password;
+
+		netlogon_creds_client_step(cli->dc, &clnt_creds);
+
+		cred_hash3(new_password.hash,
+			   new_trust_passwd_hash,
+			   cli->dc->sess_key, 1);
+
+		result = rpccli_netr_ServerPasswordSet(cli, mem_ctx,
+						       cli->dc->remote_machine,
+						       cli->dc->mach_acct,
+						       sec_channel_type,
+						       global_myname(),
+						       &clnt_creds,
+						       &srv_cred,
+						       &new_password);
+
+		/* Always check returned credentials. */
+		if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) {
+			DEBUG(0,("rpccli_netr_ServerPasswordSet: "
+				"credentials chain check failed\n"));
+			return NT_STATUS_ACCESS_DENIED;
+		}
+	}
 
 	if (!NT_STATUS_IS_OK(result)) {
 		DEBUG(0,("just_change_the_password: unable to change password (%s)!\n",
@@ -152,6 +177,8 @@ bool enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain,
 	struct cli_state *cli = NULL;
 	struct rpc_pipe_client *lsa_pipe;
 	bool 		retry;
+	struct lsa_DomainList dom_list;
+	int i;
 
 	*domain_names = NULL;
 	*num_domains = 0;
@@ -182,17 +209,39 @@ bool enumerate_domain_trusts( TALLOC_CTX *mem_ctx, const char *domain,
 	/* get a handle */
 
 	result = rpccli_lsa_open_policy(lsa_pipe, mem_ctx, True,
-		POLICY_VIEW_LOCAL_INFORMATION, &pol);
+		LSA_POLICY_VIEW_LOCAL_INFORMATION, &pol);
 	if ( !NT_STATUS_IS_OK(result) )
 		goto done;
 
 	/* Lookup list of trusted domains */
 
-	result = rpccli_lsa_enum_trust_dom(lsa_pipe, mem_ctx, &pol, &enum_ctx,
-		num_domains, domain_names, sids);
+	result = rpccli_lsa_EnumTrustDom(lsa_pipe, mem_ctx,
+					 &pol,
+					 &enum_ctx,
+					 &dom_list,
+					 (uint32_t)-1);
 	if ( !NT_STATUS_IS_OK(result) )
 		goto done;
 
+	*num_domains = dom_list.count;
+
+	*domain_names = TALLOC_ZERO_ARRAY(mem_ctx, char *, *num_domains);
+	if (!*domain_names) {
+		result = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	*sids = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, *num_domains);
+	if (!*sids) {
+		result = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	for (i=0; i< *num_domains; i++) {
+		(*domain_names)[i] = CONST_DISCARD(char *, dom_list.domains[i].name.string);
+		(*sids)[i] = *dom_list.domains[i].sid;
+	}
+
 done:
 	/* cleanup */
 	if (cli) {
diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c
index eb42d081fe..341d00f3fe 100644
--- a/source3/locking/brlock.c
+++ b/source3/locking/brlock.c
@@ -41,11 +41,11 @@ static struct db_context *brlock_db;
 
 static void print_lock_struct(unsigned int i, struct lock_struct *pls)
 {
-	DEBUG(10,("[%u]: smbpid = %u, tid = %u, pid = %s, ",
+	DEBUG(10,("[%u]: smbpid = %u, tid = %u, pid = %u, ",
 			i,
 			(unsigned int)pls->context.smbpid,
 			(unsigned int)pls->context.tid,
-			procid_str_static(&pls->context.pid) ));
+			(unsigned int)procid_to_pid(&pls->context.pid) ));
 	
 	DEBUG(10,("start = %.0f, size = %.0f, fnum = %d, %s %s\n",
 		(double)pls->start,
@@ -263,10 +263,9 @@ void brl_init(bool read_only)
 	if (brlock_db) {
 		return;
 	}
-	brlock_db = db_open(NULL, lock_path("brlock.tdb"), 0,
-			    TDB_DEFAULT
-			    |TDB_VOLATILE
-			    |(read_only?0x0:TDB_CLEAR_IF_FIRST),
+	brlock_db = db_open(NULL, lock_path("brlock.tdb"),
+			    lp_open_files_db_hash_size(),
+			    TDB_DEFAULT | TDB_CLEAR_IF_FIRST,
 			    read_only?O_RDONLY:(O_RDWR|O_CREAT), 0644 );
 	if (!brlock_db) {
 		DEBUG(0,("Failed to open byte range locking database %s\n",
@@ -1495,14 +1494,16 @@ static int traverse_fn(struct db_record *rec, void *state)
 		}
 	}
 
-	for ( i=0; i<num_locks; i++) {
-		cb->fn(*key,
-		       locks[i].context.pid,
-		       locks[i].lock_type,
-		       locks[i].lock_flav,
-		       locks[i].start,
-		       locks[i].size,
-		       cb->private_data);
+	if (cb->fn) {
+		for ( i=0; i<num_locks; i++) {
+			cb->fn(*key,
+				locks[i].context.pid,
+				locks[i].lock_type,
+				locks[i].lock_flav,
+				locks[i].start,
+				locks[i].size,
+				cb->private_data);
+		}
 	}
 
 	SAFE_FREE(locks);
@@ -1538,11 +1539,6 @@ int brl_forall(void (*fn)(struct file_id id, struct server_id pid,
 
 static int byte_range_lock_destructor(struct byte_range_lock *br_lck)
 {
-	TDB_DATA key;
-
-	key.dptr = (uint8 *)&br_lck->key;
-	key.dsize = sizeof(struct file_id);
-
 	if (br_lck->read_only) {
 		SMB_ASSERT(!br_lck->modified);
 	}
diff --git a/source3/m4/aclocal.m4 b/source3/m4/aclocal.m4
index fd9efb60e6..888c49db37 100644
--- a/source3/m4/aclocal.m4
+++ b/source3/m4/aclocal.m4
@@ -53,6 +53,73 @@ AC_DEFUN(SMB_SUBSYSTEM,
     	ifelse([$2], , :, [rm -f $2])
 ])
 
+
+dnl SMB_LIBRARY(name)
+dnl
+dnl configure build and use of an (internal) shared library
+dnl
+AC_DEFUN([SMB_LIBRARY],
+[
+m4_pushdef([LIBNAME], [lib$1])
+m4_pushdef([LIBUC], [m4_toupper(LIBNAME)])
+m4_pushdef([LIBLIBS], [-l$1])
+
+LIBUC[_SHARED_TARGET]=bin/LIBNAME.$SHLIBEXT
+LIBUC[_STATIC_TARGET]=bin/LIBNAME.a
+LIBUC[_SHARED]=
+LIBUC[_STATIC]=
+LIBUC[_LIBS]=
+
+AC_SUBST(LIBUC[_SHARED_TARGET])
+AC_SUBST(LIBUC[_STATIC_TARGET])
+AC_SUBST(LIBUC[_SHARED])
+AC_SUBST(LIBUC[_STATIC])
+AC_SUBST(LIBUC[_LIBS])
+
+AC_MSG_CHECKING([whether to build the LIBNAME shared library])
+AC_ARG_WITH(LIBNAME,
+[AS_HELP_STRING([--with-LIBNAME],
+	[Build the LIBNAME shared library (default=yes if shared libs supported)])],
+[
+case "$withval" in
+	*)
+		AC_MSG_RESULT(no)
+		build_lib=no
+		;;
+	yes)
+		build_lib=yes
+		;;
+esac
+],
+[
+# if unspecified, default is to build it if possible.
+build_lib=yes
+]
+)
+
+if eval test x"$build_lib" = "xyes" -a $BLDSHARED = true; then
+	LIBUC[_SHARED]=$LIBUC[_SHARED_TARGET]
+	AC_MSG_RESULT(yes)
+	if test x"$USESHARED" != x"true" -o x"$LINK_LIBUC" = "xSTATIC" ; then
+		LIBUC[_STATIC]=$LIBUC[_STATIC_TARGET]
+	else
+		LIBUC[_LIBS]=LIBLIBS
+	fi
+else
+	enable_static=yes
+	AC_MSG_RESULT(no shared library support -- will supply static library)
+fi
+if test $enable_static = yes; then
+	LIBUC[_STATIC]=$LIBUC[_STATIC_TARGET]
+fi
+
+m4_popdef([LIBNAME])
+m4_popdef([LIBUC])
+m4_popdef([LIBLIBS])
+
+])
+
+
 dnl AC_LIBTESTFUNC(lib, function, [actions if found], [actions if not found])
 dnl Check for a function in a library, but don't keep adding the same library
 dnl to the LIBS variable.  Check whether the function is available in the
diff --git a/source3/m4/check_gnu_make.m4 b/source3/m4/check_gnu_make.m4
deleted file mode 100644
index 44e1d9aa20..0000000000
--- a/source3/m4/check_gnu_make.m4
+++ /dev/null
@@ -1,78 +0,0 @@
-##### http://autoconf-archive.cryp.to/check_gnu_make.html
-#
-# SYNOPSIS
-#
-#   CHECK_GNU_MAKE()
-#
-# DESCRIPTION
-#
-#   This macro searches for a GNU version of make. If a match is found,
-#   the makefile variable `ifGNUmake' is set to the empty string,
-#   otherwise it is set to "#". This is useful for including a special
-#   features in a Makefile, which cannot be handled by other versions
-#   of make. The variable _cv_gnu_make_command is set to the command to
-#   invoke GNU make if it exists, the empty string otherwise.
-#
-#   Here is an example of its use:
-#
-#   Makefile.in might contain:
-#
-#       # A failsafe way of putting a dependency rule into a makefile
-#       $(DEPEND):
-#               $(CC) -MM $(srcdir)/*.c > $(DEPEND)
-#
-#       @ifGNUmake@ ifeq ($(DEPEND),$(wildcard $(DEPEND)))
-#       @ifGNUmake@ include $(DEPEND)
-#       @ifGNUmake@ endif
-#
-#   Then configure.in would normally contain:
-#
-#       CHECK_GNU_MAKE()
-#       AC_OUTPUT(Makefile)
-#
-#   Then perhaps to cause gnu make to override any other make, we could
-#   do something like this (note that GNU make always looks for
-#   GNUmakefile first):
-#
-#       if  ! test x$_cv_gnu_make_command = x ; then
-#               mv Makefile GNUmakefile
-#               echo .DEFAULT: > Makefile ;
-#               echo \  $_cv_gnu_make_command \$@ >> Makefile;
-#       fi
-#
-#   Then, if any (well almost any) other make is called, and GNU make
-#   also exists, then the other make wraps the GNU make.
-#
-# LAST MODIFICATION
-#
-#   2002-01-04
-#
-# COPYLEFT
-#
-#   Copyright (c) 2002 John Darrington <j.darrington@elvis.murdoch.edu.au>
-#
-#   Copying and distribution of this file, with or without
-#   modification, are permitted in any medium without royalty provided
-#   the copyright notice and this notice are preserved.
-
-AC_DEFUN(
-        [CHECK_GNU_MAKE], [ AC_CACHE_CHECK( for GNU make,_cv_gnu_make_command,
-                _cv_gnu_make_command='' ;
-dnl Search all the common names for GNU make
-                for a in "$MAKE" make gmake gnumake ; do
-                        if test -z "$a" ; then continue ; fi ;
-                        if  ( sh -c "$a --version" 2> /dev/null | grep GNU  2>&1 > /dev/null ) ;  then
-                                _cv_gnu_make_command=$a ;
-                                break;
-                        fi
-                done ;
-        ) ;
-dnl If there was a GNU version, then set @ifGNUmake@ to the empty string, '#' otherwise
-        if test  "x$_cv_gnu_make_command" != "x"  ; then
-                ifGNUmake='' ;
-        else
-                ifGNUmake='#' ;
-                AC_MSG_RESULT("Not found");
-        fi
-        AC_SUBST(ifGNUmake)
-] )
diff --git a/source3/m4/check_path.m4 b/source3/m4/check_path.m4
new file mode 100644
index 0000000000..ccf21271c8
--- /dev/null
+++ b/source3/m4/check_path.m4
@@ -0,0 +1,316 @@
+dnl
+dnl Samba3 build environment path checks
+dnl
+dnl Copyright (C) Michael Adam 2008
+dnl
+dnl Released under the GNU General Public License
+dnl http://www.gnu.org/licenses/
+dnl
+
+AC_LIBREPLACE_LOCATION_CHECKS
+
+#################################################
+# Directory handling stuff to support both the
+# legacy SAMBA directories and FHS compliant
+# ones...
+AC_PREFIX_DEFAULT(/usr/local/samba)
+
+rootsbindir="\${SBINDIR}"
+lockdir="\${VARDIR}/locks"
+piddir="\${VARDIR}/locks"
+test "${mandir}" || mandir="\${prefix}/man"
+logfilebase="\${VARDIR}"
+privatedir="\${prefix}/private"
+test "${libdir}" || libdir="\${prefix}/lib"
+pammodulesdir="\${LIBDIR}/security"
+configdir="\${LIBDIR}"
+swatdir="\${prefix}/swat"
+codepagedir="\${LIBDIR}"
+statedir="\${LOCKDIR}"
+cachedir="\${LOCKDIR}"
+
+AC_ARG_WITH(fhs,
+[AS_HELP_STRING([--with-fhs],[Use FHS-compliant paths (default=no)])],
+[ case "$withval" in
+  yes)
+    lockdir="\${VARDIR}/lib/samba"
+    piddir="\${VARDIR}/run"
+    mandir="\${prefix}/share/man"
+    logfilebase="\${VARDIR}/log/samba"
+    privatedir="\${CONFIGDIR}/private"
+    test "${libdir}" || libdir="\${prefix}/lib/samba"
+    configdir="\${sysconfdir}/samba"
+    swatdir="\${DATADIR}/samba/swat"
+    codepagedir="\${LIBDIR}"
+    statedir="\${VARDIR}/lib/samba"
+    cachedir="\${VARDIR}/lib/samba"
+    AC_DEFINE(FHS_COMPATIBLE, 1, [Whether to use fully FHS-compatible paths])
+    ;;
+  esac])
+
+#################################################
+# set private directory location
+AC_ARG_WITH(privatedir,
+[AS_HELP_STRING([--with-privatedir=DIR], [Where to put smbpasswd ($ac_default_prefix/private)])],
+[ case "$withval" in
+  yes|no)
+  #
+  # Just in case anybody calls it without argument
+  #
+    AC_MSG_WARN([--with-privatedir called without argument - will use default])
+  ;;
+  * )
+    privatedir="$withval"
+    ;;
+  esac])
+
+#################################################
+# set root sbin directory location
+AC_ARG_WITH(rootsbindir,
+[AS_HELP_STRING([--with-rootsbindir=DIR], [Which directory to use for root sbin ($ac_default_prefix/sbin)])],
+[ case "$withval" in
+  yes|no)
+  #
+  # Just in case anybody calls it without argument
+  #
+    AC_MSG_WARN([--with-rootsbindir called without argument - will use default])
+  ;;
+  * )
+    rootsbindir="$withval"
+    ;;
+  esac])
+
+#################################################
+# set lock directory location
+AC_ARG_WITH(lockdir,
+[AS_HELP_STRING([--with-lockdir=DIR], [Where to put lock files ($ac_default_prefix/var/locks)])],
+[ case "$withval" in
+  yes|no)
+  #
+  # Just in case anybody calls it without argument
+  #
+    AC_MSG_WARN([--with-lockdir called without argument - will use default])
+  ;;
+  * )
+    lockdir="$withval"
+    ;;
+  esac])
+
+#################################################
+# set pid directory location
+AC_ARG_WITH(piddir,
+[AS_HELP_STRING([--with-piddir=DIR], [Where to put pid files ($ac_default_prefix/var/locks)])],
+[ case "$withval" in
+  yes|no)
+  #
+  # Just in case anybody calls it without argument
+  #
+    AC_MSG_WARN([--with-piddir called without argument - will use default])
+  ;;
+  * )
+    piddir="$withval"
+    ;;
+  esac])
+
+#################################################
+# set SWAT directory location
+AC_ARG_WITH(swatdir,
+[AS_HELP_STRING([--with-swatdir=DIR], [Where to put SWAT files ($ac_default_prefix/swat)])],
+[ case "$withval" in
+  yes|no)
+  #
+  # Just in case anybody does it
+  #
+    AC_MSG_WARN([--with-swatdir called without argument - will use default])
+  ;;
+  * )
+    swatdir="$withval"
+    ;;
+  esac])
+
+#################################################
+# set configuration directory location
+AC_ARG_WITH(configdir,
+[AS_HELP_STRING([--with-configdir=DIR], [Where to put configuration files ($libdir)])],
+[ case "$withval" in
+  yes|no)
+  #
+  # Just in case anybody does it
+  #
+    AC_MSG_WARN([--with-configdir called without argument - will use default])
+  ;;
+  * )
+    configdir="$withval"
+    ;;
+  esac])
+
+#################################################
+# set log directory location
+AC_ARG_WITH(logfilebase,
+[AS_HELP_STRING([--with-logfilebase=DIR], [Where to put log files ($VARDIR)])],
+[ case "$withval" in
+  yes|no)
+  #
+  # Just in case anybody does it
+  #
+    AC_MSG_WARN([--with-logfilebase called without argument - will use default])
+  ;;
+  * )
+    logfilebase="$withval"
+    ;;
+  esac])
+
+
+#################################################
+# set ctdb source directory location
+AC_ARG_WITH(ctdb,
+[AS_HELP_STRING([--with-ctdb=DIR], [Where to find ctdb sources])],
+[ case "$withval" in
+  yes|no)
+    AC_MSG_WARN([--with-ctdb called without argument])
+  ;;
+  * )
+    ctdbdir="$withval"
+    ;;
+  esac])
+
+#################################################
+# set lib directory location
+AC_ARG_WITH(libdir,
+[AS_HELP_STRING([--with-libdir=DIR], [Where to put libdir ($libdir)])],
+[ case "$withval" in
+  yes|no)
+  #
+  # Just in case anybody does it
+  #
+    AC_MSG_WARN([--with-libdir without argument - will use default])
+  ;;
+  * )
+    libdir="$withval"
+    ;;
+  esac])
+
+#################################################
+# set PAM modules directory location
+AC_ARG_WITH(pammodulesdir,
+[AS_HELP_STRING([--with-pammodulesdir=DIR], [Which directory to use for PAM modules ($ac_default_prefix/$libdir/security)])],
+[ case "$withval" in
+  yes|no)
+  #
+  # Just in case anybody calls it without argument
+  #
+    AC_MSG_WARN([--with-pammodulesdir called without argument - will use default])
+  ;;
+  * )
+    pammodulesdir="$withval"
+    ;;
+  esac])
+
+#################################################
+# set man directory location
+AC_ARG_WITH(mandir,
+[AS_HELP_STRING([--with-mandir=DIR], [Where to put man pages ($mandir)])],
+[ case "$withval" in
+  yes|no)
+  #
+  # Just in case anybody does it
+  #
+    AC_MSG_WARN([--with-mandir without argument - will use default])
+  ;;
+  * )
+    mandir="$withval"
+    ;;
+  esac])
+
+AC_SUBST(configdir)
+AC_SUBST(lockdir)
+AC_SUBST(piddir)
+AC_SUBST(logfilebase)
+AC_SUBST(ctdbdir)
+AC_SUBST(privatedir)
+AC_SUBST(swatdir)
+AC_SUBST(bindir)
+AC_SUBST(sbindir)
+AC_SUBST(codepagedir)
+AC_SUBST(statedir)
+AC_SUBST(cachedir)
+AC_SUBST(rootsbindir)
+AC_SUBST(pammodulesdir)
+
+#################################################
+# set prefix for 'make test'
+selftest_prefix="./st"
+AC_SUBST(selftest_prefix)
+AC_ARG_WITH(selftest-prefix,
+[AS_HELP_STRING([--with-selftest-prefix=DIR], [The prefix where make test will be run ($selftest_prefix)])],
+[ case "$withval" in
+  yes|no)
+    AC_MSG_WARN([--with-selftest-prefix called without argument - will use default])
+  ;;
+  * )
+    selftest_prefix="$withval"
+    ;;
+  esac
+])
+
+#################################################
+# set path of samba4's smbtorture
+smbtorture4_path=""
+AC_SUBST(smbtorture4_path)
+AC_ARG_WITH(smbtorture4_path,
+[AS_HELP_STRING([--with-smbtorture4-path=PATH], [The path to a samba4 smbtorture for make test (none)])],
+[ case "$withval" in
+  yes|no)
+    AC_MSG_ERROR([--with-smbtorture4-path should take a path])
+  ;;
+  * )
+    smbtorture4_path="$withval"
+    if test -z "$smbtorture4_path" -a ! -f $smbtorture4_path; then
+    	AC_MSG_ERROR(['$smbtorture_path' does not  exist!])
+    fi
+  ;;
+ esac
+])
+
+## check for --enable-debug first before checking CFLAGS before
+## so that we don't mix -O and -g
+debug=no
+AC_ARG_ENABLE(debug,
+[AS_HELP_STRING([--enable-debug], [Turn on compiler debugging information (default=no)])],
+    [if eval "test x$enable_debug = xyes"; then
+	debug=yes
+    fi])
+
+developer=no
+AC_ARG_ENABLE(developer, [AS_HELP_STRING([--enable-developer], [Turn on developer warnings and debugging (default=no)])],
+    [if eval "test x$enable_developer = xyes"; then
+        debug=yes
+        developer=yes
+    fi])
+
+krb5developer=no
+AC_ARG_ENABLE(krb5developer, [AS_HELP_STRING([--enable-krb5developer], [Turn on developer warnings and debugging, except -Wstrict-prototypes (default=no)])],
+    [if eval "test x$enable_krb5developer = xyes"; then
+        debug=yes
+        developer=yes
+	krb5_developer=yes
+    fi])
+
+AC_ARG_WITH(cfenc,
+[AS_HELP_STRING([--with-cfenc=HEADERDIR], [Use internal CoreFoundation encoding API for optimization (Mac OS X/Darwin only)])],
+[
+# May be in source $withval/CoreFoundation/StringEncodings.subproj.
+# Should have been in framework $withval/CoreFoundation.framework/Headers.
+for d in \
+    $withval/CoreFoundation/StringEncodings.subproj \
+    $withval/StringEncodings.subproj \
+    $withval/CoreFoundation.framework/Headers \
+    $withval/Headers \
+    $withval
+do
+    if test -r $d/CFStringEncodingConverter.h; then
+        ln -sfh $d include/CoreFoundation
+    fi
+done
+])
+
diff --git a/source3/m4/cond.m4 b/source3/m4/cond.m4
deleted file mode 100644
index d9a58d2f39..0000000000
--- a/source3/m4/cond.m4
+++ /dev/null
@@ -1,34 +0,0 @@
-# AM_CONDITIONAL                                            -*- Autoconf -*-
-
-# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006
-# Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 8
-
-# AM_CONDITIONAL(NAME, SHELL-CONDITION)
-# -------------------------------------
-# Define a conditional.
-AC_DEFUN([AM_CONDITIONAL],
-[AC_PREREQ(2.52)dnl
- ifelse([$1], [TRUE],  [AC_FATAL([$0: invalid condition: $1])],
-	[$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
-AC_SUBST([$1_TRUE])dnl
-AC_SUBST([$1_FALSE])dnl
-_AM_SUBST_NOTMAKE([$1_TRUE])dnl
-_AM_SUBST_NOTMAKE([$1_FALSE])dnl
-if $2; then
-  $1_TRUE=
-  $1_FALSE='#'
-else
-  $1_TRUE='#'
-  $1_FALSE=
-fi
-AC_CONFIG_COMMANDS_PRE(
-[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
-  AC_MSG_ERROR([[conditional "$1" was never defined.
-Usually this means the macro was only invoked conditionally.]])
-fi])])
diff --git a/source3/m4/depend.m4 b/source3/m4/depend.m4
deleted file mode 100644
index fd0937330d..0000000000
--- a/source3/m4/depend.m4
+++ /dev/null
@@ -1,158 +0,0 @@
-##                                                          -*- Autoconf -*-
-# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006
-# Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 9
-
-# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
-# written in clear, in which case automake, when reading aclocal.m4,
-# will think it sees a *use*, and therefore will trigger all it's
-# C support machinery.  Also note that it means that autoscan, seeing
-# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
-
-
-# _AM_DEPENDENCIES(NAME)
-# ----------------------
-# See how the compiler implements dependency checking.
-# NAME is "CC", "CXX", "GCJ", or "OBJC".
-# We try a few techniques and use that to set a single cache variable.
-#
-# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
-# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
-# dependency, and given that the user is not expected to run this macro,
-# just rely on AC_PROG_CC.
-AC_DEFUN([_AM_DEPENDENCIES],
-[AC_REQUIRE([AM_SET_DEPDIR])dnl
-AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
-AC_REQUIRE([AM_MAKE_INCLUDE])dnl
-AC_REQUIRE([AM_DEP_TRACK])dnl
-
-ifelse([$1], CC,   [depcc="$CC"   am_compiler_list=],
-       [$1], CXX,  [depcc="$CXX"  am_compiler_list=],
-       [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
-       [$1], UPC,  [depcc="$UPC"  am_compiler_list=],
-       [$1], GCJ,  [depcc="$GCJ"  am_compiler_list='gcc3 gcc'],
-                   [depcc="$$1"   am_compiler_list=])
-
-AC_CACHE_CHECK([dependency style of $depcc],
-               [am_cv_$1_dependencies_compiler_type],
-[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
-  # We make a subdir and do the tests there.  Otherwise we can end up
-  # making bogus files that we don't know about and never remove.  For
-  # instance it was reported that on HP-UX the gcc test will end up
-  # making a dummy file named `D' -- because `-MD' means `put the output
-  # in D'.
-  mkdir conftest.dir
-  # Copy depcomp to subdir because otherwise we won't find it if we're
-  # using a relative directory.
-  cp "$am_depcomp" conftest.dir
-  cd conftest.dir
-  # We will build objects and dependencies in a subdirectory because
-  # it helps to detect inapplicable dependency modes.  For instance
-  # both Tru64's cc and ICC support -MD to output dependencies as a
-  # side effect of compilation, but ICC will put the dependencies in
-  # the current directory while Tru64 will put them in the object
-  # directory.
-  mkdir sub
-
-  am_cv_$1_dependencies_compiler_type=none
-  if test "$am_compiler_list" = ""; then
-     am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
-  fi
-  for depmode in $am_compiler_list; do
-    # Setup a source with many dependencies, because some compilers
-    # like to wrap large dependency lists on column 80 (with \), and
-    # we should not choose a depcomp mode which is confused by this.
-    #
-    # We need to recreate these files for each test, as the compiler may
-    # overwrite some of them when testing with obscure command lines.
-    # This happens at least with the AIX C compiler.
-    : > sub/conftest.c
-    for i in 1 2 3 4 5 6; do
-      echo '#include "conftst'$i'.h"' >> sub/conftest.c
-      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
-      # Solaris 8's {/usr,}/bin/sh.
-      touch sub/conftst$i.h
-    done
-    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
-
-    case $depmode in
-    nosideeffect)
-      # after this tag, mechanisms are not by side-effect, so they'll
-      # only be used when explicitly requested
-      if test "x$enable_dependency_tracking" = xyes; then
-	continue
-      else
-	break
-      fi
-      ;;
-    none) break ;;
-    esac
-    # We check with `-c' and `-o' for the sake of the "dashmstdout"
-    # mode.  It turns out that the SunPro C++ compiler does not properly
-    # handle `-M -o', and we need to detect this.
-    if depmode=$depmode \
-       source=sub/conftest.c object=sub/conftest.${OBJEXT-o} \
-       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
-       $SHELL ./depcomp $depcc -c -o sub/conftest.${OBJEXT-o} sub/conftest.c \
-         >/dev/null 2>conftest.err &&
-       grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
-       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
-       grep sub/conftest.${OBJEXT-o} sub/conftest.Po > /dev/null 2>&1 &&
-       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
-      # icc doesn't choke on unknown options, it will just issue warnings
-      # or remarks (even with -Werror).  So we grep stderr for any message
-      # that says an option was ignored or not supported.
-      # When given -MP, icc 7.0 and 7.1 complain thusly:
-      #   icc: Command line warning: ignoring option '-M'; no argument required
-      # The diagnosis changed in icc 8.0:
-      #   icc: Command line remark: option '-MP' not supported
-      if (grep 'ignoring option' conftest.err ||
-          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
-        am_cv_$1_dependencies_compiler_type=$depmode
-        break
-      fi
-    fi
-  done
-
-  cd ..
-  rm -rf conftest.dir
-else
-  am_cv_$1_dependencies_compiler_type=none
-fi
-])
-AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
-AM_CONDITIONAL([am__fastdep$1], [
-  test "x$enable_dependency_tracking" != xno \
-  && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
-])
-
-
-# AM_SET_DEPDIR
-# -------------
-# Choose a directory name for dependency files.
-# This macro is AC_REQUIREd in _AM_DEPENDENCIES
-AC_DEFUN([AM_SET_DEPDIR],
-[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
-AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
-])
-
-
-# AM_DEP_TRACK
-# ------------
-AC_DEFUN([AM_DEP_TRACK],
-[AC_ARG_ENABLE(dependency-tracking,
-[  --disable-dependency-tracking  speeds up one-time build
-  --enable-dependency-tracking   do not reject slow dependency extractors])
-if test "x$enable_dependency_tracking" != xno; then
-  am_depcomp="$ac_aux_dir/depcomp"
-  AMDEPBACKSLASH='\'
-fi
-AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
-AC_SUBST([AMDEPBACKSLASH])dnl
-_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
-])
diff --git a/source3/m4/depout.m4 b/source3/m4/depout.m4
deleted file mode 100644
index 0d9717a100..0000000000
--- a/source3/m4/depout.m4
+++ /dev/null
@@ -1,68 +0,0 @@
-# Generate code to set up dependency tracking.              -*- Autoconf -*-
-
-# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005
-# Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-#serial 3
-
-# _AM_OUTPUT_DEPENDENCY_COMMANDS
-# ------------------------------
-AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
-[for mf in $CONFIG_FILES; do
-  # Strip MF so we end up with the name of the file.
-  mf=`echo "$mf" | sed -e 's/:.*$//'`
-  # Check whether this is an Automake generated Makefile or not.
-  # We used to match only the files named `Makefile.in', but
-  # some people rename them; so instead we look at the file content.
-  # Grep'ing the first line is not enough: some people post-process
-  # each Makefile.in and add a new line on top of each file to say so.
-  # Grep'ing the whole file is not good either: AIX grep has a line
-  # limit of 2048, but all sed's we know have understand at least 4000.
-  if sed 10q "$mf" | grep '^#.*generated by automake' > /dev/null 2>&1; then
-    dirpart=`AS_DIRNAME("$mf")`
-  else
-    continue
-  fi
-  # Extract the definition of DEPDIR, am__include, and am__quote
-  # from the Makefile without running `make'.
-  DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
-  test -z "$DEPDIR" && continue
-  am__include=`sed -n 's/^am__include = //p' < "$mf"`
-  test -z "am__include" && continue
-  am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
-  # When using ansi2knr, U may be empty or an underscore; expand it
-  U=`sed -n 's/^U = //p' < "$mf"`
-  # Find all dependency output files, they are included files with
-  # $(DEPDIR) in their names.  We invoke sed twice because it is the
-  # simplest approach to changing $(DEPDIR) to its actual value in the
-  # expansion.
-  for file in `sed -n "
-    s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
-       sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
-    # Make sure the directory exists.
-    test -f "$dirpart/$file" && continue
-    fdir=`AS_DIRNAME(["$file"])`
-    AS_MKDIR_P([$dirpart/$fdir])
-    # echo "creating $dirpart/$file"
-    echo '# dummy' > "$dirpart/$file"
-  done
-done
-])# _AM_OUTPUT_DEPENDENCY_COMMANDS
-
-
-# AM_OUTPUT_DEPENDENCY_COMMANDS
-# -----------------------------
-# This macro should only be invoked once -- use via AC_REQUIRE.
-#
-# This code is only required when automatic dependency tracking
-# is enabled.  FIXME.  This creates each `.P' file that we will
-# need in order to bootstrap the dependency handling code.
-AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
-[AC_CONFIG_COMMANDS([depfiles],
-     [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
-     [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
-])
diff --git a/source3/m4/lead-dot.m4 b/source3/m4/lead-dot.m4
deleted file mode 100644
index d83bfa0b08..0000000000
--- a/source3/m4/lead-dot.m4
+++ /dev/null
@@ -1,21 +0,0 @@
-##                                                          -*- Autoconf -*-
-# Copyright (C) 2003, 2005  Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 2
-
-# Check whether the underlying file-system supports filenames
-# with a leading dot.  For instance MS-DOS doesn't.
-AC_DEFUN([AM_SET_LEADING_DOT],
-[rm -rf .tst 2>/dev/null
-mkdir .tst 2>/dev/null
-if test -d .tst; then
-  am__leading_dot=.
-else
-  am__leading_dot=_
-fi
-rmdir .tst 2>/dev/null
-AC_SUBST([am__leading_dot])])
diff --git a/source3/m4/make.m4 b/source3/m4/make.m4
deleted file mode 100644
index 0969d9a795..0000000000
--- a/source3/m4/make.m4
+++ /dev/null
@@ -1,51 +0,0 @@
-# Check to see how 'make' treats includes.	            -*- Autoconf -*-
-
-# Copyright (C) 2001, 2002, 2003, 2005  Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# serial 3
-
-# AM_MAKE_INCLUDE()
-# -----------------
-# Check to see how make treats includes.
-AC_DEFUN([AM_MAKE_INCLUDE],
-[am_make=${MAKE-make}
-cat > confinc << 'END'
-am__doit:
-	@echo done
-.PHONY: am__doit
-END
-# If we don't find an include directive, just comment out the code.
-AC_MSG_CHECKING([for style of include used by $am_make])
-am__include="#"
-am__quote=
-_am_result=none
-# First try GNU make style include.
-echo "include confinc" > confmf
-# We grep out `Entering directory' and `Leaving directory'
-# messages which can occur if `w' ends up in MAKEFLAGS.
-# In particular we don't look at `^make:' because GNU make might
-# be invoked under some other name (usually "gmake"), in which
-# case it prints its new name instead of `make'.
-if test "`$am_make -s -f confmf 2> /dev/null | grep -v 'ing directory'`" = "done"; then
-   am__include=include
-   am__quote=
-   _am_result=GNU
-fi
-# Now try BSD make style include.
-if test "$am__include" = "#"; then
-   echo '.include "confinc"' > confmf
-   if test "`$am_make -s -f confmf 2> /dev/null`" = "done"; then
-      am__include=.include
-      am__quote="\""
-      _am_result=BSD
-   fi
-fi
-AC_SUBST([am__include])
-AC_SUBST([am__quote])
-AC_MSG_RESULT([$_am_result])
-rm -f confinc confmf
-])
diff --git a/source3/m4/samba_version.m4 b/source3/m4/samba_version.m4
new file mode 100644
index 0000000000..4d749e9bb9
--- /dev/null
+++ b/source3/m4/samba_version.m4
@@ -0,0 +1,29 @@
+dnl
+dnl Samba3 build environment - Samba version variables
+dnl
+dnl Copyright (C) Michael Adam 2008
+dnl
+dnl Released under the GNU General Public License
+dnl http://www.gnu.org/licenses/
+dnl
+dnl
+
+SMB_VERSION_STRING=`cat $srcdir/include/version.h | grep 'SAMBA_VERSION_OFFICIAL_STRING' | cut -d '"' -f2`
+echo "SAMBA VERSION: ${SMB_VERSION_STRING}"
+
+SAMBA_VERSION_GIT_COMMIT_FULLREV=`cat $srcdir/include/version.h | grep 'SAMBA_VERSION_GIT_COMMIT_FULLREV' | cut -d ' ' -f3- | cut -d '"' -f2`
+if test -n "${SAMBA_VERSION_GIT_COMMIT_FULLREV}";then
+	echo "BUILD COMMIT REVISION: ${SAMBA_VERSION_GIT_COMMIT_FULLREV}"
+fi
+SAMBA_VERSION_GIT_COMMIT_DATE=`cat $srcdir/include/version.h | grep 'SAMBA_VERSION_GIT_COMMIT_DATE' | cut -d ' ' -f3-`
+if test -n "${SAMBA_VERSION_GIT_COMMIT_DATE}";then
+	echo "BUILD COMMIT DATE: ${SAMBA_VERSION_GIT_COMMIT_DATE}"
+fi
+SAMBA_VERSION_GIT_COMMIT_TIME=`cat $srcdir/include/version.h | grep 'SAMBA_VERSION_GIT_COMMIT_TIME' | cut -d ' ' -f3-`
+if test -n "${SAMBA_VERSION_GIT_COMMIT_TIME}";then
+	echo "BUILD COMMIT TIME: ${SAMBA_VERSION_GIT_COMMIT_TIME}"
+
+	# just to keep the build-farm gui happy for now...
+	echo "BUILD REVISION: ${SAMBA_VERSION_GIT_COMMIT_TIME}"
+fi
+
diff --git a/source3/m4/substnot.m4 b/source3/m4/substnot.m4
deleted file mode 100644
index 27d3f1fbef..0000000000
--- a/source3/m4/substnot.m4
+++ /dev/null
@@ -1,12 +0,0 @@
-##                                                          -*- Autoconf -*-
-# Copyright (C) 2006  Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# _AM_SUBST_NOTMAKE(VARIABLE)
-# ---------------------------
-# Prevent Automake from outputing VARIABLE = @VARIABLE@ in Makefile.in.
-# This macro is traced by Automake.
-AC_DEFUN([_AM_SUBST_NOTMAKE])
diff --git a/source3/m4/swat.m4 b/source3/m4/swat.m4
new file mode 100644
index 0000000000..2fdd82eda2
--- /dev/null
+++ b/source3/m4/swat.m4
@@ -0,0 +1,27 @@
+dnl
+dnl Samba3 build environment SWAT configuration
+dnl
+dnl Copyright (C) Michael Adam 2008
+dnl
+dnl Released under the GNU General Public License
+dnl http://www.gnu.org/licenses/
+dnl
+
+
+SWAT_SBIN_TARGETS='bin/swat$(EXEEXT)'
+SWAT_INSTALL_TARGETS=installswat
+
+AC_ARG_ENABLE(swat,
+[AS_HELP_STRING([--enable-swat], [Build the SWAT tool (default=yes)])],
+[
+    case "$enable_swat" in
+	no)
+	    SWAT_SBIN_TARGETS=''
+	    SWAT_INSTALL_TARGETS=''
+	    ;;
+    esac
+])
+
+AC_SUBST(SWAT_SBIN_TARGETS)
+AC_SUBST(SWAT_INSTALL_TARGETS)
+
diff --git a/source3/modules/gpfs.c b/source3/modules/gpfs.c
index 300e90fa69..590dbac26f 100644
--- a/source3/modules/gpfs.c
+++ b/source3/modules/gpfs.c
@@ -22,9 +22,11 @@
 #ifdef HAVE_GPFS
 
 #include "gpfs_gpl.h"
+#include "vfs_gpfs.h"
 
 static void *libgpfs_handle = NULL;
 static bool gpfs_share_modes;
+static bool gpfs_leases;
 
 static int (*gpfs_set_share_fn)(int fd, unsigned int allow, unsigned int deny);
 static int (*gpfs_set_lease_fn)(int fd, unsigned int leaseType);
@@ -42,7 +44,7 @@ bool set_gpfs_sharemode(files_struct *fsp, uint32 access_mask,
 	if (!gpfs_share_modes) {
 		return True;
 	}
-
+	
 	if (gpfs_set_share_fn == NULL) {
 		return False;
 	}
@@ -88,7 +90,7 @@ int set_gpfs_lease(int fd, int leasetype)
 {
 	int gpfs_type = GPFS_LEASE_NONE;
 
-	if (!gpfs_share_modes) {
+	if (!gpfs_leases) {
 		return True;
 	}
 
@@ -103,6 +105,13 @@ int set_gpfs_lease(int fd, int leasetype)
 	if (leasetype == F_WRLCK) {
 		gpfs_type = GPFS_LEASE_WRITE;
 	}
+	
+	/* we unconditionally set CAP_LEASE, rather than looking for
+	   -1/EACCES as there is a bug in some versions of
+	   libgpfs_gpl.so which results in a leaked fd on /dev/ss0
+	   each time we try this with the wrong capabilities set
+	*/
+	linux_set_lease_capability();
 	return gpfs_set_lease_fn(fd, gpfs_type);
 }
 
@@ -172,11 +181,8 @@ void init_gpfs(void)
 		goto failed;
 	}
 
-	if (lp_parm_bool(-1, "gpfs", "sharemodes", True)) {
-		gpfs_share_modes = True;
-	} else {
-		gpfs_share_modes = False;
-	}
+	gpfs_share_modes = lp_parm_bool(-1, "gpfs", "sharemodes", True);
+	gpfs_leases      = lp_parm_bool(-1, "gpfs", "leases", True);
 
 	return;
 
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 52d3983fff..0c3d010dcd 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -20,6 +20,9 @@
 #include "includes.h"
 #include "nfs4_acls.h"
 
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_ACLS
+
 #define SMBACL4_PARAM_TYPE_NAME "nfs4"
 
 #define SMB_ACE4_INT_MAGIC 0x76F8A967
@@ -352,6 +355,7 @@ typedef struct _smbacl4_vfs_params {
 	enum smbacl4_mode_enum mode;
 	bool do_chown;
 	enum smbacl4_acedup_enum acedup;
+	struct db_context *sid_mapping_table;
 } smbacl4_vfs_params;
 
 /*
@@ -451,8 +455,65 @@ static SMB_ACE4PROP_T *smbacl4_find_equal_special(
 	return NULL;
 }
 
-static int smbacl4_fill_ace4(
+static bool nfs4_map_sid(smbacl4_vfs_params *params, const DOM_SID *src,
+			 DOM_SID *dst)
+{
+	static struct db_context *mapping_db = NULL;
+	TDB_DATA data;
+	
+	if (mapping_db == NULL) {
+		const char *dbname = lp_parm_const_string(
+			-1, SMBACL4_PARAM_TYPE_NAME, "sidmap", NULL);
+		
+		if (dbname == NULL) {
+			DEBUG(10, ("%s:sidmap not defined\n",
+				   SMBACL4_PARAM_TYPE_NAME));
+			return False;
+		}
+		
+		become_root();
+		mapping_db = db_open(NULL, dbname, 0, TDB_DEFAULT,
+				     O_RDONLY, 0600);
+		unbecome_root();
+		
+		if (mapping_db == NULL) {
+			DEBUG(1, ("could not open sidmap: %s\n",
+				  strerror(errno)));
+			return False;
+		}
+	}
+	
+	if (mapping_db->fetch(mapping_db, NULL,
+			      string_term_tdb_data(sid_string_tos(src)),
+			      &data) == -1) {
+		DEBUG(10, ("could not find mapping for SID %s\n",
+			   sid_string_dbg(src)));
+		return False;
+	}
+	
+	if ((data.dptr == NULL) || (data.dsize <= 0)
+	    || (data.dptr[data.dsize-1] != '\0')) {
+		DEBUG(5, ("invalid mapping for SID %s\n",
+			  sid_string_dbg(src)));
+		TALLOC_FREE(data.dptr);
+		return False;
+	}
+	
+	if (!string_to_sid(dst, (char *)data.dptr)) {
+		DEBUG(1, ("invalid mapping %s for SID %s\n",
+			  (char *)data.dptr, sid_string_dbg(src)));
+		TALLOC_FREE(data.dptr);
+		return False;
+	}
+
+	TALLOC_FREE(data.dptr);
+	
+	return True;
+}
+
+static bool smbacl4_fill_ace4(
 	TALLOC_CTX *mem_ctx,
+	const char *filename,
 	smbacl4_vfs_params *params,
 	uid_t ownerUID,
 	gid_t ownerGID,
@@ -460,11 +521,6 @@ static int smbacl4_fill_ace4(
 	SMB_ACE4PROP_T *ace_v4 /* output */
 )
 {
-	const char *dom, *name;
-	enum lsa_SidType type;
-	uid_t uid;
-	gid_t gid;
-
 	DEBUG(10, ("got ace for %s\n", sid_string_dbg(&ace_nt->trustee)));
 
 	memset(ace_v4, 0, sizeof(SMB_ACE4PROP_T));
@@ -485,18 +541,46 @@ static int smbacl4_fill_ace4(
 		ace_v4->who.special_id = SMB_ACE4_WHO_EVERYONE;
 		ace_v4->flags |= SMB_ACE4_ID_SPECIAL;
 	} else {
-		if (!lookup_sid(mem_ctx, &ace_nt->trustee, &dom, &name, &type)) {
-			DEBUG(8, ("Could not find %s' type\n",
-				  sid_string_dbg(&ace_nt->trustee)));
-			errno = EINVAL;
-			return -1;
+		const char *dom, *name;
+		enum lsa_SidType type;
+		uid_t uid;
+		gid_t gid;
+		DOM_SID sid;
+		
+		sid_copy(&sid, &ace_nt->trustee);
+		
+		if (!lookup_sid(mem_ctx, &sid, &dom, &name, &type)) {
+			
+			DOM_SID mapped;
+			
+			if (!nfs4_map_sid(params, &sid, &mapped)) {
+				DEBUG(1, ("nfs4_acls.c: file [%s]: SID %s "
+					  "unknown\n", filename, sid_string_dbg(&sid)));
+				errno = EINVAL;
+				return False;
+			}
+			
+			DEBUG(2, ("nfs4_acls.c: file [%s]: mapped SID %s "
+				  "to %s\n", filename, sid_string_dbg(&sid), sid_string_dbg(&mapped)));
+			
+			if (!lookup_sid(mem_ctx, &mapped, &dom,
+					&name, &type)) {
+				DEBUG(1, ("nfs4_acls.c: file [%s]: SID %s "
+					  "mapped from %s is unknown\n",
+					  filename, sid_string_dbg(&mapped), sid_string_dbg(&sid)));
+				errno = EINVAL;
+				return False;
+			}
+			
+			sid_copy(&sid, &mapped);
 		}
-
+		
 		if (type == SID_NAME_USER) {
-			if (!sid_to_uid(&ace_nt->trustee, &uid)) {
-				DEBUG(2, ("Could not convert %s to uid\n",
-					  sid_string_dbg(&ace_nt->trustee)));
-				return -1;
+			if (!sid_to_uid(&sid, &uid)) {
+				DEBUG(1, ("nfs4_acls.c: file [%s]: could not "
+					  "convert %s to uid\n", filename,
+					  sid_string_dbg(&sid)));
+				return False;
 			}
 
 			if (params->mode==e_special && uid==ownerUID) {
@@ -506,11 +590,13 @@ static int smbacl4_fill_ace4(
 				ace_v4->who.uid = uid;
 			}
 		} else { /* else group? - TODO check it... */
-			if (!sid_to_gid(&ace_nt->trustee, &gid)) {
-				DEBUG(2, ("Could not convert %s to gid\n",
-					  sid_string_dbg(&ace_nt->trustee)));
-				return -1;
+			if (!sid_to_gid(&sid, &gid)) {
+				DEBUG(1, ("nfs4_acls.c: file [%s]: could not "
+					  "convert %s to gid\n", filename,
+					  sid_string_dbg(&sid)));
+				return False;
 			}
+				
 			ace_v4->aceFlags |= SMB_ACE4_IDENTIFIER_GROUP;
 
 			if (params->mode==e_special && gid==ownerGID) {
@@ -522,7 +608,7 @@ static int smbacl4_fill_ace4(
 		}
 	}
 
-	return 0; /* OK */
+	return True; /* OK */
 }
 
 static int smbacl4_MergeIgnoreReject(
@@ -560,6 +646,7 @@ static int smbacl4_MergeIgnoreReject(
 }
 
 static SMB4ACL_T *smbacl4_win2nfs4(
+	const char *filename,
 	SEC_ACL *dacl,
 	smbacl4_vfs_params *pparams,
 	uid_t ownerUID,
@@ -580,9 +667,14 @@ static SMB4ACL_T *smbacl4_win2nfs4(
 		SMB_ACE4PROP_T	ace_v4;
 		bool	addNewACE = True;
 
-		if (smbacl4_fill_ace4(mem_ctx, pparams, ownerUID, ownerGID,
-			dacl->aces + i, &ace_v4))
-			return NULL;
+		if (!smbacl4_fill_ace4(mem_ctx, filename, pparams,
+				       ownerUID, ownerGID,
+				       dacl->aces + i, &ace_v4)) {
+			DEBUG(3, ("Could not fill ace for file %s, SID %s\n",
+				  filename,
+				  sid_string_dbg(&((dacl->aces+i)->trustee))));
+			continue;
+		}
 
 		if (pparams->acedup!=e_dontcare) {
 			if (smbacl4_MergeIgnoreReject(pparams->acedup, acl,
@@ -607,6 +699,7 @@ NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
 	bool	result;
 
 	SMB_STRUCT_STAT sbuf;
+	bool need_chown = False;
 	uid_t newUID = (uid_t)-1;
 	gid_t newGID = (gid_t)-1;
 
@@ -635,25 +728,33 @@ NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
 			return status;
 		}
 		if (((newUID != (uid_t)-1) && (sbuf.st_uid != newUID)) ||
-				((newGID != (gid_t)-1) && (sbuf.st_gid != newGID))) {
-			if(try_chown(fsp->conn, fsp->fsp_name, newUID, newGID)) {
-				DEBUG(3,("chown %s, %u, %u failed. Error = %s.\n",
-					fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID, strerror(errno) ));
-				if (errno == EPERM) {
-					return NT_STATUS_INVALID_OWNER;
+		    ((newGID != (gid_t)-1) && (sbuf.st_gid != newGID))) {
+			need_chown = True;
+		}
+		if (need_chown) {
+			if ((newUID == (uid_t)-1 || newUID == current_user.ut.uid)) {
+				if(try_chown(fsp->conn, fsp->fsp_name, newUID, newGID)) {
+					DEBUG(3,("chown %s, %u, %u failed. Error = %s.\n",
+						 fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID, 
+						 strerror(errno)));
+					return map_nt_error_from_unix(errno);
 				}
-				return map_nt_error_from_unix(errno);
+
+				DEBUG(10,("chown %s, %u, %u succeeded.\n",
+					  fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID));
+				if (smbacl4_GetFileOwner(fsp->conn, fsp->fsp_name, &sbuf))
+					return map_nt_error_from_unix(errno);
+				need_chown = False;
+			} else { /* chown is needed, but _after_ changing acl */
+				sbuf.st_uid = newUID; /* OWNER@ in case of e_special */
+				sbuf.st_gid = newGID; /* GROUP@ in case of e_special */
 			}
-			DEBUG(10,("chown %s, %u, %u succeeded.\n",
-				fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID));
-			if (smbacl4_fGetFileOwner(fsp, &sbuf))
-				return map_nt_error_from_unix(errno);
 		}
 	}
 
 	if ((security_info_sent & DACL_SECURITY_INFORMATION)!=0 && psd->dacl!=NULL)
 	{
-		acl = smbacl4_win2nfs4(psd->dacl, &params, sbuf.st_uid, sbuf.st_gid);
+		acl = smbacl4_win2nfs4(fsp->fsp_name, psd->dacl, &params, sbuf.st_uid, sbuf.st_gid);
 		if (!acl)
 			return map_nt_error_from_unix(errno);
 
@@ -668,6 +769,20 @@ NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
 	} else
 		DEBUG(10, ("no dacl found; security_info_sent = 0x%x\n", security_info_sent));
 
+	/* Any chown pending? */
+	if (need_chown) {
+		DEBUG(3,("chown#2 %s. uid = %u, gid = %u.\n",
+			 fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID));
+		if (try_chown(fsp->conn, fsp->fsp_name, newUID, newGID)) {
+			DEBUG(2,("chown#2 %s, %u, %u failed. Error = %s.\n",
+				 fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID,
+				 strerror(errno)));
+			return map_nt_error_from_unix(errno);
+		}
+		DEBUG(10,("chown#2 %s, %u, %u succeeded.\n",
+			  fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID));
+	}
+
 	DEBUG(10, ("smb_set_nt_acl_nfs4 succeeded\n"));
 	return NT_STATUS_OK;
 }
diff --git a/source3/modules/vfs_aio_fork.c b/source3/modules/vfs_aio_fork.c
new file mode 100644
index 0000000000..21f63d0b87
--- /dev/null
+++ b/source3/modules/vfs_aio_fork.c
@@ -0,0 +1,728 @@
+/*
+ * Simulate the Posix AIO using mmap/fork
+ *
+ * Copyright (C) Volker Lendecke 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+struct mmap_area {
+	size_t size;
+	volatile void *ptr;
+};
+
+static int mmap_area_destructor(struct mmap_area *area)
+{
+	munmap((void *)area->ptr, area->size);
+	return 0;
+}
+
+static struct mmap_area *mmap_area_init(TALLOC_CTX *mem_ctx, size_t size)
+{
+	struct mmap_area *result;
+	int fd;
+
+	result = talloc(mem_ctx, struct mmap_area);
+	if (result == NULL) {
+		DEBUG(0, ("talloc failed\n"));
+		goto fail;
+	}
+
+	fd = open("/dev/zero", O_RDWR);
+	if (fd == -1) {
+		DEBUG(3, ("open(\"/dev/zero\") failed: %s\n",
+			  strerror(errno)));
+		goto fail;
+	}
+
+	result->ptr = mmap(NULL, size, PROT_READ|PROT_WRITE,
+			   MAP_SHARED|MAP_FILE, fd, 0);
+	if (result->ptr == MAP_FAILED) {
+		DEBUG(1, ("mmap failed: %s\n", strerror(errno)));
+		goto fail;
+	}
+
+	result->size = size;
+	talloc_set_destructor(result, mmap_area_destructor);
+
+	return result;
+
+fail:
+	TALLOC_FREE(result);
+	return NULL;
+}
+
+struct rw_cmd {
+	size_t n;
+	SMB_OFF_T offset;
+	bool read_cmd;
+};
+
+struct rw_ret {
+	ssize_t size;
+	int ret_errno;
+};
+
+struct aio_child_list;
+
+struct aio_child {
+	struct aio_child *prev, *next;
+	struct aio_child_list *list;
+	SMB_STRUCT_AIOCB *aiocb;
+	pid_t pid;
+	int sockfd;
+	struct fd_event *sock_event;
+	struct rw_ret retval;
+	struct mmap_area *map;	/* ==NULL means write request */
+	bool dont_delete;	/* Marked as in use since last cleanup */
+	bool cancelled;
+	bool read_cmd;
+};
+
+struct aio_child_list {
+	struct aio_child *children;
+	struct timed_event *cleanup_event;
+};
+
+static void free_aio_children(void **p)
+{
+	TALLOC_FREE(*p);
+}
+
+static ssize_t read_fd(int fd, void *ptr, size_t nbytes, int *recvfd)
+{
+	struct msghdr msg;
+	struct iovec iov[1];
+	ssize_t n;
+#ifndef HAVE_MSGHDR_MSG_CONTROL
+	int newfd;
+#endif
+
+#ifdef	HAVE_MSGHDR_MSG_CONTROL
+	union {
+	  struct cmsghdr	cm;
+	  char				control[CMSG_SPACE(sizeof(int))];
+	} control_un;
+	struct cmsghdr	*cmptr;
+
+	msg.msg_control = control_un.control;
+	msg.msg_controllen = sizeof(control_un.control);
+#else
+#if HAVE_MSGHDR_MSG_ACCTRIGHTS
+	msg.msg_accrights = (caddr_t) &newfd;
+	msg.msg_accrightslen = sizeof(int);
+#else
+#error Can not pass file descriptors
+#endif
+#endif
+
+	msg.msg_name = NULL;
+	msg.msg_namelen = 0;
+
+	iov[0].iov_base = ptr;
+	iov[0].iov_len = nbytes;
+	msg.msg_iov = iov;
+	msg.msg_iovlen = 1;
+
+	if ( (n = recvmsg(fd, &msg, 0)) <= 0) {
+		return(n);
+	}
+
+#ifdef	HAVE_MSGHDR_MSG_CONTROL
+	if ((cmptr = CMSG_FIRSTHDR(&msg)) != NULL
+	    && cmptr->cmsg_len == CMSG_LEN(sizeof(int))) {
+		if (cmptr->cmsg_level != SOL_SOCKET) {
+			DEBUG(10, ("control level != SOL_SOCKET"));
+			errno = EINVAL;
+			return -1;
+		}
+		if (cmptr->cmsg_type != SCM_RIGHTS) {
+			DEBUG(10, ("control type != SCM_RIGHTS"));
+			errno = EINVAL;
+			return -1;
+		}
+		*recvfd = *((int *) CMSG_DATA(cmptr));
+	} else {
+		*recvfd = -1;		/* descriptor was not passed */
+	}
+#else
+	if (msg.msg_accrightslen == sizeof(int)) {
+		*recvfd = newfd;
+	}
+	else {
+		*recvfd = -1;		/* descriptor was not passed */
+	}
+#endif
+
+	return(n);
+}
+
+static ssize_t write_fd(int fd, void *ptr, size_t nbytes, int sendfd)
+{
+	struct msghdr	msg;
+	struct iovec	iov[1];
+
+#ifdef	HAVE_MSGHDR_MSG_CONTROL
+	union {
+		struct cmsghdr	cm;
+		char control[CMSG_SPACE(sizeof(int))];
+	} control_un;
+	struct cmsghdr	*cmptr;
+
+	ZERO_STRUCT(msg);
+	ZERO_STRUCT(control_un);
+
+	msg.msg_control = control_un.control;
+	msg.msg_controllen = sizeof(control_un.control);
+
+	cmptr = CMSG_FIRSTHDR(&msg);
+	cmptr->cmsg_len = CMSG_LEN(sizeof(int));
+	cmptr->cmsg_level = SOL_SOCKET;
+	cmptr->cmsg_type = SCM_RIGHTS;
+	*((int *) CMSG_DATA(cmptr)) = sendfd;
+#else
+	ZERO_STRUCT(msg);
+	msg.msg_accrights = (caddr_t) &sendfd;
+	msg.msg_accrightslen = sizeof(int);
+#endif
+
+	msg.msg_name = NULL;
+	msg.msg_namelen = 0;
+
+	ZERO_STRUCT(iov);
+	iov[0].iov_base = ptr;
+	iov[0].iov_len = nbytes;
+	msg.msg_iov = iov;
+	msg.msg_iovlen = 1;
+
+	return (sendmsg(fd, &msg, 0));
+}
+
+static void aio_child_cleanup(struct event_context *event_ctx,
+			      struct timed_event *te,
+			      const struct timeval *now,
+			      void *private_data)
+{
+	struct aio_child_list *list = talloc_get_type_abort(
+		private_data, struct aio_child_list);
+	struct aio_child *child, *next;
+
+	TALLOC_FREE(list->cleanup_event);
+
+	for (child = list->children; child != NULL; child = next) {
+		next = child->next;
+
+		if (child->aiocb != NULL) {
+			DEBUG(10, ("child %d currently active\n",
+				   (int)child->pid));
+			continue;
+		}
+
+		if (child->dont_delete) {
+			DEBUG(10, ("Child %d was active since last cleanup\n",
+				   (int)child->pid));
+			child->dont_delete = false;
+			continue;
+		}
+
+		DEBUG(10, ("Child %d idle for more than 30 seconds, "
+			   "deleting\n", (int)child->pid));
+
+		TALLOC_FREE(child);
+	}
+
+	if (list->children != NULL) {
+		/*
+		 * Re-schedule the next cleanup round
+		 */
+		list->cleanup_event = event_add_timed(smbd_event_context(), list,
+						      timeval_add(now, 30, 0),
+						      "aio_child_cleanup",
+						      aio_child_cleanup, list);
+
+	}
+}
+
+static struct aio_child_list *init_aio_children(struct vfs_handle_struct *handle)
+{
+	struct aio_child_list *data = NULL;
+
+	if (SMB_VFS_HANDLE_TEST_DATA(handle)) {
+		SMB_VFS_HANDLE_GET_DATA(handle, data, struct aio_child_list,
+					return NULL);
+	}
+
+	if (data == NULL) {
+		data = TALLOC_ZERO_P(NULL, struct aio_child_list);
+		if (data == NULL) {
+			return NULL;
+		}
+	}
+
+	/*
+	 * Regardless of whether the child_list had been around or not, make
+	 * sure that we have a cleanup timed event. This timed event will
+	 * delete itself when it finds that no children are around anymore.
+	 */
+
+	if (data->cleanup_event == NULL) {
+		data->cleanup_event = event_add_timed(smbd_event_context(), data,
+						      timeval_current_ofs(30, 0),
+						      "aio_child_cleanup",
+						      aio_child_cleanup, data);
+		if (data->cleanup_event == NULL) {
+			TALLOC_FREE(data);
+			return NULL;
+		}
+	}
+
+	if (!SMB_VFS_HANDLE_TEST_DATA(handle)) {
+		SMB_VFS_HANDLE_SET_DATA(handle, data, free_aio_children,
+					struct aio_child_list, return False);
+	}
+
+	return data;
+}
+
+static void aio_child_loop(int sockfd, struct mmap_area *map)
+{
+	while (true) {
+		int fd = -1;
+		ssize_t ret;
+		struct rw_cmd cmd_struct;
+		struct rw_ret ret_struct;
+
+		ret = read_fd(sockfd, &cmd_struct, sizeof(cmd_struct), &fd);
+		if (ret != sizeof(cmd_struct)) {
+			DEBUG(10, ("read_fd returned %d: %s\n", (int)ret,
+				   strerror(errno)));
+			exit(1);
+		}
+
+		DEBUG(10, ("aio_child_loop: %s %d bytes at %d from fd %d\n",
+			   cmd_struct.read_cmd ? "read" : "write",
+			   (int)cmd_struct.n, (int)cmd_struct.offset, fd));
+
+#ifdef ENABLE_BUILD_FARM_HACKS
+		{
+			/*
+			 * In the build farm, we want erratic behaviour for
+			 * async I/O times
+			 */
+			uint8_t randval;
+			unsigned msecs;
+			/*
+			 * use generate_random_buffer, we just forked from a
+			 * common parent state
+			 */
+			generate_random_buffer(&randval, sizeof(randval));
+			msecs = randval + 20;
+			DEBUG(10, ("delaying for %u msecs\n", msecs));
+			smb_msleep(msecs);
+		}
+#endif
+
+
+		ZERO_STRUCT(ret_struct);
+
+		if (cmd_struct.read_cmd) {
+			ret_struct.size = sys_pread(
+				fd, (void *)map->ptr, cmd_struct.n,
+				cmd_struct.offset);
+		}
+		else {
+			ret_struct.size = sys_pwrite(
+				fd, (void *)map->ptr, cmd_struct.n,
+				cmd_struct.offset);
+		}
+
+		DEBUG(10, ("aio_child_loop: syscall returned %d\n",
+			   (int)ret_struct.size));
+
+		if (ret_struct.size == -1) {
+			ret_struct.ret_errno = errno;
+		}
+
+		ret = write_data(sockfd, (char *)&ret_struct,
+				 sizeof(ret_struct));
+		if (ret != sizeof(ret_struct)) {
+			DEBUG(10, ("could not write ret_struct: %s\n",
+				   strerror(errno)));
+			exit(2);
+		}
+
+		close(fd);
+	}
+}
+
+static void handle_aio_completion(struct event_context *event_ctx,
+				  struct fd_event *event, uint16 flags,
+				  void *p)
+{
+	struct aio_child *child = (struct aio_child *)p;
+	uint16 mid;
+
+	DEBUG(10, ("handle_aio_completion called with flags=%d\n", flags));
+
+	if ((flags & EVENT_FD_READ) == 0) {
+		return;
+	}
+
+	if (!NT_STATUS_IS_OK(read_data(child->sockfd,
+				       (char *)&child->retval,
+				       sizeof(child->retval)))) {
+		DEBUG(0, ("aio child %d died\n", (int)child->pid));
+		child->retval.size = -1;
+		child->retval.ret_errno = EIO;
+	}
+
+	if (child->cancelled) {
+		child->aiocb = NULL;
+		child->cancelled = false;
+		return;
+	}
+
+	if (child->read_cmd && (child->retval.size > 0)) {
+		SMB_ASSERT(child->retval.size <= child->aiocb->aio_nbytes);
+		memcpy((void *)child->aiocb->aio_buf, (void *)child->map->ptr,
+		       child->retval.size);
+	}
+
+	mid = child->aiocb->aio_sigevent.sigev_value.sival_int;
+
+	DEBUG(10, ("mid %d finished\n", (int)mid));
+
+	aio_request_done(mid);
+	process_aio_queue();
+}
+
+static int aio_child_destructor(struct aio_child *child)
+{
+	SMB_ASSERT((child->aiocb == NULL) || child->cancelled);
+	close(child->sockfd);
+	DLIST_REMOVE(child->list->children, child);
+	return 0;
+}
+
+static NTSTATUS create_aio_child(struct aio_child_list *children,
+				 size_t map_size,
+				 struct aio_child **presult)
+{
+	struct aio_child *result;
+	int fdpair[2];
+	NTSTATUS status;
+
+	fdpair[0] = fdpair[1] = -1;
+
+	result = TALLOC_ZERO_P(children, struct aio_child);
+	NT_STATUS_HAVE_NO_MEMORY(result);
+
+	if (socketpair(AF_UNIX, SOCK_STREAM, 0, fdpair) == -1) {
+		status = map_nt_error_from_unix(errno);
+		DEBUG(10, ("socketpair() failed: %s\n", strerror(errno)));
+		TALLOC_FREE(result);
+		goto fail;
+	}
+
+	DEBUG(10, ("fdpair = %d/%d\n", fdpair[0], fdpair[1]));
+
+	result->map = mmap_area_init(result, map_size);
+	if (result->map == NULL) {
+		status = map_nt_error_from_unix(errno);
+		DEBUG(0, ("Could not create mmap area\n"));
+		goto fail;
+	}
+
+	result->pid = sys_fork();
+	if (result->pid == -1) {
+		status = map_nt_error_from_unix(errno);
+		DEBUG(0, ("fork failed: %s\n", strerror(errno)));
+		goto fail;
+	}
+
+	if (result->pid == 0) {
+		close(fdpair[0]);
+		result->sockfd = fdpair[1];
+		aio_child_loop(result->sockfd, result->map);
+	}
+
+	DEBUG(10, ("Child %d created\n", result->pid));
+
+	result->sockfd = fdpair[0];
+	close(fdpair[1]);
+
+	result->sock_event = event_add_fd(smbd_event_context(), result,
+					  result->sockfd, EVENT_FD_READ,
+					  handle_aio_completion,
+					  result);
+	if (result->sock_event == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		DEBUG(0, ("event_add_fd failed\n"));
+		goto fail;
+	}
+
+	result->list = children;
+	DLIST_ADD(children->children, result);
+
+	talloc_set_destructor(result, aio_child_destructor);
+
+	*presult = result;
+
+	return NT_STATUS_OK;
+
+ fail:
+	if (fdpair[0] != -1) close(fdpair[0]);
+	if (fdpair[1] != -1) close(fdpair[1]);
+	TALLOC_FREE(result);
+
+	return status;
+}
+
+static NTSTATUS get_idle_child(struct vfs_handle_struct *handle,
+			       struct aio_child **pchild)
+{
+	struct aio_child_list *children;
+	struct aio_child *child;
+	NTSTATUS status;
+
+	children = init_aio_children(handle);
+	if (children == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (child = children->children; child != NULL; child = child->next) {
+		if (child->aiocb == NULL) {
+			/* idle */
+			break;
+		}
+	}
+
+	if (child == NULL) {
+		DEBUG(10, ("no idle child found, creating new one\n"));
+
+		status = create_aio_child(children, 128*1024, &child);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(10, ("create_aio_child failed: %s\n",
+				   nt_errstr(status)));
+			return status;
+		}
+	}
+
+	child->dont_delete = true;
+
+	*pchild = child;
+	return NT_STATUS_OK;
+}
+
+static int aio_fork_read(struct vfs_handle_struct *handle,
+			 struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
+{
+	struct aio_child *child;
+	struct rw_cmd cmd;
+	ssize_t ret;
+	NTSTATUS status;
+
+	if (aiocb->aio_nbytes > 128*1024) {
+		/* TODO: support variable buffers */
+		errno = EINVAL;
+		return -1;
+	}
+
+	status = get_idle_child(handle, &child);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(10, ("Could not get an idle child\n"));
+		return -1;
+	}
+
+	child->read_cmd = true;
+	child->aiocb = aiocb;
+	child->retval.ret_errno = EINPROGRESS;
+
+	ZERO_STRUCT(cmd);
+	cmd.n = aiocb->aio_nbytes;
+	cmd.offset = aiocb->aio_offset;
+	cmd.read_cmd = child->read_cmd;
+
+	DEBUG(10, ("sending fd %d to child %d\n", fsp->fh->fd,
+		   (int)child->pid));
+
+	ret = write_fd(child->sockfd, &cmd, sizeof(cmd), fsp->fh->fd);
+	if (ret == -1) {
+		DEBUG(10, ("write_fd failed: %s\n", strerror(errno)));
+		return -1;
+	}
+
+	return 0;
+}
+
+static int aio_fork_write(struct vfs_handle_struct *handle,
+			  struct files_struct *fsp, SMB_STRUCT_AIOCB *aiocb)
+{
+	struct aio_child *child;
+	struct rw_cmd cmd;
+	ssize_t ret;
+	NTSTATUS status;
+
+	if (aiocb->aio_nbytes > 128*1024) {
+		/* TODO: support variable buffers */
+		errno = EINVAL;
+		return -1;
+	}
+
+	status = get_idle_child(handle, &child);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(10, ("Could not get an idle child\n"));
+		return -1;
+	}
+
+	child->read_cmd = false;
+	child->aiocb = aiocb;
+	child->retval.ret_errno = EINPROGRESS;
+
+	memcpy((void *)child->map->ptr, (void *)aiocb->aio_buf,
+	       aiocb->aio_nbytes);
+
+	ZERO_STRUCT(cmd);
+	cmd.n = aiocb->aio_nbytes;
+	cmd.offset = aiocb->aio_offset;
+	cmd.read_cmd = child->read_cmd;
+
+	DEBUG(10, ("sending fd %d to child %d\n", fsp->fh->fd,
+		   (int)child->pid));
+
+	ret = write_fd(child->sockfd, &cmd, sizeof(cmd), fsp->fh->fd);
+	if (ret == -1) {
+		DEBUG(10, ("write_fd failed: %s\n", strerror(errno)));
+		return -1;
+	}
+
+	return 0;
+}
+
+static struct aio_child *aio_fork_find_child(struct vfs_handle_struct *handle,
+					     SMB_STRUCT_AIOCB *aiocb)
+{
+	struct aio_child_list *children;
+	struct aio_child *child;
+
+	children = init_aio_children(handle);
+	if (children == NULL) {
+		return NULL;
+	}
+
+	for (child = children->children; child != NULL; child = child->next) {
+		if (child->aiocb == aiocb) {
+			return child;
+		}
+	}
+
+	return NULL;
+}
+
+static ssize_t aio_fork_return_fn(struct vfs_handle_struct *handle,
+				  struct files_struct *fsp,
+				  SMB_STRUCT_AIOCB *aiocb)
+{
+	struct aio_child *child = aio_fork_find_child(handle, aiocb);
+
+	if (child == NULL) {
+		errno = EINVAL;
+		DEBUG(0, ("returning EINVAL\n"));
+		return -1;
+	}
+
+	child->aiocb = NULL;
+
+	if (child->retval.size == -1) {
+		errno = child->retval.ret_errno;
+	}
+
+	return child->retval.size;
+}
+
+static int aio_fork_cancel(struct vfs_handle_struct *handle,
+			   struct files_struct *fsp,
+			   SMB_STRUCT_AIOCB *aiocb)
+{
+	struct aio_child_list *children;
+	struct aio_child *child;
+
+	children = init_aio_children(handle);
+	if (children == NULL) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	for (child = children->children; child != NULL; child = child->next) {
+		if (child->aiocb == NULL) {
+			continue;
+		}
+		if (child->aiocb->aio_fildes != fsp->fh->fd) {
+			continue;
+		}
+		if ((aiocb != NULL) && (child->aiocb != aiocb)) {
+			continue;
+		}
+
+		/*
+		 * We let the child do its job, but we discard the result when
+		 * it's finished.
+		 */
+
+		child->cancelled = true;
+	}
+
+	return AIO_CANCELED;
+}
+
+static int aio_fork_error_fn(struct vfs_handle_struct *handle,
+			     struct files_struct *fsp,
+			     SMB_STRUCT_AIOCB *aiocb)
+{
+	struct aio_child *child = aio_fork_find_child(handle, aiocb);
+
+	if (child == NULL) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	return child->retval.ret_errno;
+}
+
+/* VFS operations structure */
+
+static vfs_op_tuple aio_fork_ops[] = {
+	{SMB_VFS_OP(aio_fork_read),	SMB_VFS_OP_AIO_READ,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(aio_fork_write),	SMB_VFS_OP_AIO_WRITE,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(aio_fork_return_fn), SMB_VFS_OP_AIO_RETURN,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(aio_fork_cancel),	SMB_VFS_OP_AIO_CANCEL,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(aio_fork_error_fn),	SMB_VFS_OP_AIO_ERROR,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(NULL),		SMB_VFS_OP_NOOP,
+	 SMB_VFS_LAYER_NOOP}
+};
+
+NTSTATUS vfs_aio_fork_init(void);
+NTSTATUS vfs_aio_fork_init(void)
+{
+	return smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
+				"aio_fork", aio_fork_ops);
+}
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index e21136ccee..31ebb6352a 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -90,6 +90,17 @@ static int vfswrap_statvfs(struct vfs_handle_struct *handle,  const char *path,
 	return sys_statvfs(path, statbuf);
 }
 
+static uint32_t vfswrap_fs_capabilities(struct vfs_handle_struct *handle)
+{
+#if defined(DARWINOS)
+	struct vfs_statvfs_struct statbuf;
+	ZERO_STRUCT(statbuf);
+	sys_statvfs(handle->conn->connectpath, &statbuf);
+	return statbuf.FsCapabilities;
+#endif
+	return FILE_CASE_SENSITIVE_SEARCH | FILE_CASE_PRESERVED_NAMES;
+}
+
 /* Directory operations */
 
 static SMB_STRUCT_DIR *vfswrap_opendir(vfs_handle_struct *handle,  const char *fname, const char *mask, uint32 attr)
@@ -457,7 +468,7 @@ static int vfswrap_rename(vfs_handle_struct *handle,  const char *oldname, const
 
 	START_PROFILE(syscall_rename);
 	result = rename(oldname, newname);
-	if (errno == EXDEV) {
+	if ((result == -1) && (errno == EXDEV)) {
 		/* Rename across filesystems needed. */
 		result = copy_reg(oldname, newname);
 	}
@@ -942,6 +953,62 @@ static struct file_id vfswrap_file_id_create(struct vfs_handle_struct *handle, S
 	return file_id_create_dev(dev, inode);
 }
 
+static NTSTATUS vfswrap_streaminfo(vfs_handle_struct *handle,
+				   struct files_struct *fsp,
+				   const char *fname,
+				   TALLOC_CTX *mem_ctx,
+				   unsigned int *pnum_streams,
+				   struct stream_struct **pstreams)
+{
+	SMB_STRUCT_STAT sbuf;
+	unsigned int num_streams = 0;
+	struct stream_struct *streams = NULL;
+	int ret;
+
+	if ((fsp != NULL) && (fsp->is_directory)) {
+		/*
+		 * No default streams on directories
+		 */
+		goto done;
+	}
+
+	if ((fsp != NULL) && (fsp->fh->fd != -1)) {
+		ret = SMB_VFS_FSTAT(fsp, &sbuf);
+	}
+	else {
+		ret = SMB_VFS_STAT(handle->conn, fname, &sbuf);
+	}
+
+	if (ret == -1) {
+		return map_nt_error_from_unix(errno);
+	}
+
+	if (S_ISDIR(sbuf.st_mode)) {
+		goto done;
+	}
+
+	streams = talloc(mem_ctx, struct stream_struct);
+
+	if (streams == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	streams->size = sbuf.st_size;
+	streams->alloc_size = get_allocation_size(handle->conn, fsp, &sbuf);
+
+	streams->name = talloc_strdup(streams, "::$DATA");
+	if (streams->name == NULL) {
+		TALLOC_FREE(streams);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	num_streams = 1;
+ done:
+	*pnum_streams = num_streams;
+	*pstreams = streams;
+	return NT_STATUS_OK;
+}
+
 static NTSTATUS vfswrap_fget_nt_acl(vfs_handle_struct *handle,
 				    files_struct *fsp,
 				    uint32 security_info, SEC_DESC **ppdesc)
@@ -1225,6 +1292,36 @@ static int vfswrap_aio_suspend(struct vfs_handle_struct *handle, struct files_st
 	return sys_aio_suspend(aiocb, n, timeout);
 }
 
+static bool vfswrap_aio_force(struct vfs_handle_struct *handle, struct files_struct *fsp)
+{
+	return false;
+}
+
+static bool vfswrap_is_offline(struct vfs_handle_struct *handle, const char *path, SMB_STRUCT_STAT *sbuf)
+{
+	if (ISDOT(path) || ISDOTDOT(path)) {
+		return false;
+	}
+
+	if (!lp_dmapi_support(SNUM(handle->conn)) || !dmapi_have_session()) {
+#if defined(ENOTSUP)
+		errno = ENOTSUP;
+#endif
+		return false;
+	}
+
+	return (dmapi_file_flags(path) & FILE_ATTRIBUTE_OFFLINE) != 0;
+}
+
+static int vfswrap_set_offline(struct vfs_handle_struct *handle, const char *path)
+{
+	/* We don't know how to set offline bit by default, needs to be overriden in the vfs modules */
+#if defined(ENOTSUP)
+	errno = ENOTSUP;
+#endif
+	return -1;
+}
+
 static vfs_op_tuple vfs_default_ops[] = {
 
 	/* Disk operations */
@@ -1243,6 +1340,8 @@ static vfs_op_tuple vfs_default_ops[] = {
 	 SMB_VFS_LAYER_OPAQUE},
 	{SMB_VFS_OP(vfswrap_statvfs),	SMB_VFS_OP_STATVFS,
 	 SMB_VFS_LAYER_OPAQUE},
+	{SMB_VFS_OP(vfswrap_fs_capabilities), SMB_VFS_OP_FS_CAPABILITIES,
+	 SMB_VFS_LAYER_OPAQUE},
 
 	/* Directory operations */
 
@@ -1337,6 +1436,8 @@ static vfs_op_tuple vfs_default_ops[] = {
 	 SMB_VFS_LAYER_OPAQUE},
 	{SMB_VFS_OP(vfswrap_file_id_create),	SMB_VFS_OP_FILE_ID_CREATE,
 	 SMB_VFS_LAYER_OPAQUE},
+	{SMB_VFS_OP(vfswrap_streaminfo),	SMB_VFS_OP_STREAMINFO,
+	 SMB_VFS_LAYER_OPAQUE},
 
 	/* NT ACL operations. */
 
@@ -1442,6 +1543,14 @@ static vfs_op_tuple vfs_default_ops[] = {
 	{SMB_VFS_OP(vfswrap_aio_suspend),SMB_VFS_OP_AIO_SUSPEND,
 	 SMB_VFS_LAYER_OPAQUE},
 
+	{SMB_VFS_OP(vfswrap_aio_force), SMB_VFS_OP_AIO_FORCE,
+	 SMB_VFS_LAYER_OPAQUE},
+
+	{SMB_VFS_OP(vfswrap_is_offline),SMB_VFS_OP_IS_OFFLINE,
+	 SMB_VFS_LAYER_OPAQUE},
+	{SMB_VFS_OP(vfswrap_set_offline),SMB_VFS_OP_SET_OFFLINE,
+	 SMB_VFS_LAYER_OPAQUE},
+
 	/* Finish VFS operations definition */
 
 	{SMB_VFS_OP(NULL),		SMB_VFS_OP_NOOP,
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index bcf61f3bc7..d10906dfb1 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -30,7 +30,7 @@
 
 #include <gpfs_gpl.h>
 #include "nfs4_acls.h"
-
+#include "vfs_gpfs.h"
 
 static int vfs_gpfs_kernel_flock(vfs_handle_struct *handle, files_struct *fsp, 
 				 uint32 share_mode)
@@ -153,7 +153,7 @@ static int gpfs_get_nfs4_acl(const char *fname, SMB4ACL_T **ppacl)
 	DEBUG(10, ("gpfs_get_nfs4_acl invoked for %s\n", fname));
 
 	/* First get the real acl length */
-	gacl = gpfs_getacl_alloc(fname, GPFS_ACL_TYPE_NFS4);
+	gacl = gpfs_getacl_alloc(fname, 0);
 	if (gacl == NULL) {
 		DEBUG(9, ("gpfs_getacl failed for %s with %s\n",
 			   fname, strerror(errno)));
@@ -208,10 +208,10 @@ static int gpfs_get_nfs4_acl(const char *fname, SMB4ACL_T **ppacl)
 		if (i > 0 && gace->aceType == SMB_ACE4_ACCESS_DENIED_ACE_TYPE) {
 			struct gpfs_ace_v4 *prev = &gacl->ace_v4[i-1];
 			if (prev->aceType == SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE &&
-					prev->aceFlags == gace->aceFlags &&
-					prev->aceIFlags == gace->aceIFlags &&
-					(gace->aceMask & prev->aceMask) == 0 &&
-					gace->aceWho == prev->aceWho) {
+			    prev->aceFlags == gace->aceFlags &&
+			    prev->aceIFlags == gace->aceIFlags &&
+			    (gace->aceMask & prev->aceMask) == 0 &&
+			    gace->aceWho == prev->aceWho) {
 				/* its redundent - skip it */
 				continue;
 			}                                                
@@ -256,7 +256,7 @@ static NTSTATUS gpfsacl_get_nt_acl(vfs_handle_struct *handle,
 	int	result;
 
 	*ppdesc = NULL;
-	result = gpfs_get_nfs4_acl(fsp->fsp_name, &pacl);
+	result = gpfs_get_nfs4_acl(name, &pacl);
 
 	if (result == 0)
 		return smb_get_nt_acl_nfs4(handle->conn, name, security_info, ppdesc, pacl);
@@ -301,8 +301,31 @@ static bool gpfsacl_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
 		gace->aceType = aceprop->aceType;
 		gace->aceFlags = aceprop->aceFlags;
 		gace->aceMask = aceprop->aceMask;
+		
+		/*
+		 * GPFS can't distinguish between WRITE and APPEND on
+		 * files, so one being set without the other is an
+		 * error. Sorry for the many ()'s :-)
+		 */
+		
+		if (!fsp->is_directory
+		    &&
+		    ((((gace->aceMask & ACE4_MASK_WRITE) == 0)
+		      && ((gace->aceMask & ACE4_MASK_APPEND) != 0))
+		     ||
+		     (((gace->aceMask & ACE4_MASK_WRITE) != 0)
+		      && ((gace->aceMask & ACE4_MASK_APPEND) == 0)))
+		    &&
+		    lp_parm_bool(fsp->conn->params->service, "gpfs",
+				 "merge_writeappend", True)) {
+			DEBUG(2, ("vfs_gpfs.c: file [%s]: ACE contains "
+				  "WRITE^APPEND, setting WRITE|APPEND\n",
+				  fsp->fsp_name));
+			gace->aceMask |= ACE4_MASK_WRITE|ACE4_MASK_APPEND;
+		}
+		
 		gace->aceIFlags = (aceprop->flags&SMB_ACE4_ID_SPECIAL) ? ACE4_IFLAG_SPECIAL_ID : 0;
-
+		
 		if (aceprop->flags&SMB_ACE4_ID_SPECIAL)
 		{
 			switch(aceprop->who.special_id)
@@ -347,7 +370,7 @@ static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_i
 	struct gpfs_acl *acl;
 	NTSTATUS result = NT_STATUS_ACCESS_DENIED;
 
-	acl = gpfs_getacl_alloc(fsp->fsp_name, GPFS_ACL_TYPE_ACCESS);
+	acl = gpfs_getacl_alloc(fsp->fsp_name, 0);
 	if (acl == NULL)
 		return result;
 
@@ -628,75 +651,225 @@ int gpfsacl_sys_acl_delete_def_file(vfs_handle_struct *handle,
 	return -1;
 }
 
+/*
+ * Assumed: mode bits are shiftable and standard
+ * Output: the new aceMask field for an smb nfs4 ace
+ */
+static uint32 gpfsacl_mask_filter(uint32 aceType, uint32 aceMask, uint32 rwx)
+{
+	const uint32 posix_nfs4map[3] = {
+                SMB_ACE4_EXECUTE, /* execute */
+		SMB_ACE4_WRITE_DATA | SMB_ACE4_APPEND_DATA, /* write; GPFS specific */
+                SMB_ACE4_READ_DATA /* read */
+	};
+	int     i;
+	uint32_t        posix_mask = 0x01;
+	uint32_t        posix_bit;
+	uint32_t        nfs4_bits;
+	
+	for(i=0; i<3; i++) {
+		nfs4_bits = posix_nfs4map[i];
+		posix_bit = rwx & posix_mask;
+		
+		if (aceType==SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE) {
+			if (posix_bit)
+				aceMask |= nfs4_bits;
+			else
+				aceMask &= ~nfs4_bits;
+		} else {
+			/* add deny bits when suitable */
+			if (!posix_bit)
+				aceMask |= nfs4_bits;
+			else
+				aceMask &= ~nfs4_bits;
+		} /* other ace types are unexpected */
+		
+		posix_mask <<= 1;
+	}
+	
+	return aceMask;
+}
+
+static int gpfsacl_emu_chmod(const char *path, mode_t mode)
+{
+	SMB4ACL_T *pacl = NULL;
+	int     result;
+	bool    haveAllowEntry[SMB_ACE4_WHO_EVERYONE + 1] = {False, False, False, False};
+	int     i;
+	files_struct    fake_fsp; /* TODO: rationalize parametrization */
+	SMB4ACE_T       *smbace;
+	
+	DEBUG(10, ("gpfsacl_emu_chmod invoked for %s mode %o\n", path, mode));
+	
+	result = gpfs_get_nfs4_acl(path, &pacl);
+	if (result)
+		return result;
+	
+	if (mode & ~(S_IRWXU | S_IRWXG | S_IRWXO)) {
+		DEBUG(2, ("WARNING: cutting extra mode bits %o on %s\n", mode, path));
+	}
+	
+	for (smbace=smb_first_ace4(pacl); smbace!=NULL; smbace = smb_next_ace4(smbace)) {
+		SMB_ACE4PROP_T  *ace = smb_get_ace4(smbace);
+		uint32_t        specid = ace->who.special_id;
+		
+		if (ace->flags&SMB_ACE4_ID_SPECIAL &&
+		    ace->aceType<=SMB_ACE4_ACCESS_DENIED_ACE_TYPE &&
+		    specid <= SMB_ACE4_WHO_EVERYONE) {
+			
+			uint32_t newMask;
+			
+			if (ace->aceType==SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE)
+				haveAllowEntry[specid] = True;
+			
+			/* mode >> 6 for @owner, mode >> 3 for @group,
+			 * mode >> 0 for @everyone */
+			newMask = gpfsacl_mask_filter(ace->aceType, ace->aceMask,
+						      mode >> ((SMB_ACE4_WHO_EVERYONE - specid) * 3));
+			if (ace->aceMask!=newMask) {
+				DEBUG(10, ("ace changed for %s (%o -> %o) id=%d\n",
+					   path, ace->aceMask, newMask, specid));
+			}
+			ace->aceMask = newMask;
+		}
+	}
+
+	/* make sure we have at least ALLOW entries
+	 * for all the 3 special ids (@EVERYONE, @OWNER, @GROUP)
+	 * - if necessary
+	 */
+	for(i = SMB_ACE4_WHO_OWNER; i<=SMB_ACE4_WHO_EVERYONE; i++) {
+		SMB_ACE4PROP_T  ace;
+		
+		if (haveAllowEntry[i]==True)
+			continue;
+		
+		memset(&ace, 0, sizeof(SMB_ACE4PROP_T));
+		ace.aceType = SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE;
+		ace.flags |= SMB_ACE4_ID_SPECIAL;
+		ace.who.special_id = i;
+		
+		if (i==SMB_ACE4_WHO_GROUP) /* not sure it's necessary... */
+			ace.aceFlags |= SMB_ACE4_IDENTIFIER_GROUP;
+		
+		ace.aceMask = gpfsacl_mask_filter(ace.aceType, ace.aceMask,
+						  mode >> ((SMB_ACE4_WHO_EVERYONE - i) * 3));
+		
+		/* don't add unnecessary aces */
+		if (!ace.aceMask)
+			continue;
+		
+		/* we add it to the END - as windows expects allow aces */
+		smb_add_ace4(pacl, &ace);
+		DEBUG(10, ("Added ALLOW ace for %s, mode=%o, id=%d, aceMask=%x\n",
+			   path, mode, i, ace.aceMask));
+	}
+	
+	/* don't add complementary DENY ACEs here */
+	memset(&fake_fsp, 0, sizeof(struct files_struct));
+	fake_fsp.fsp_name = (char *)path; /* no file_new is needed here */
+	
+	/* put the acl */
+	if (gpfsacl_process_smbacl(&fake_fsp, pacl) == False)
+		return -1;
+	return 0; /* ok for [f]chmod */
+}
+
 static int vfs_gpfs_chmod(vfs_handle_struct *handle, const char *path, mode_t mode)
 {
 		 SMB_STRUCT_STAT st;
+		 int rc;
+		 
 		 if (SMB_VFS_NEXT_STAT(handle, path, &st) != 0) {
-		 		 return -1;
+			 return -1;
 		 }
+		 
 		 /* avoid chmod() if possible, to preserve acls */
 		 if ((st.st_mode & ~S_IFMT) == mode) {
-		 		 return 0;
+			 return 0;
 		 }
-		 return SMB_VFS_NEXT_CHMOD(handle, path, mode);
+
+		 rc = gpfsacl_emu_chmod(path, mode);
+		 if (rc == 1)
+			 return SMB_VFS_NEXT_CHMOD(handle, path, mode);
+		 return rc;
 }
 
 static int vfs_gpfs_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
 {
 		 SMB_STRUCT_STAT st;
+		 int rc;
+		 
 		 if (SMB_VFS_NEXT_FSTAT(handle, fsp, &st) != 0) {
-		 		 return -1;
+			 return -1;
 		 }
+
 		 /* avoid chmod() if possible, to preserve acls */
 		 if ((st.st_mode & ~S_IFMT) == mode) {
-		 		 return 0;
+			 return 0;
 		 }
-		 return SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
+
+		 rc = gpfsacl_emu_chmod(fsp->fsp_name, mode);
+		 if (rc == 1)
+			 return SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
+		 return rc;
 }
 
 /* VFS operations structure */
 
 static vfs_op_tuple gpfs_op_tuples[] = {
-
-		{ SMB_VFS_OP(vfs_gpfs_kernel_flock), SMB_VFS_OP_KERNEL_FLOCK,
-				SMB_VFS_LAYER_OPAQUE },
-
-        { SMB_VFS_OP(vfs_gpfs_setlease), SMB_VFS_OP_LINUX_SETLEASE,
-        		SMB_VFS_LAYER_OPAQUE },
-
-        { SMB_VFS_OP(gpfsacl_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL,
-        		SMB_VFS_LAYER_TRANSPARENT },
-
-        { SMB_VFS_OP(gpfsacl_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
-        		SMB_VFS_LAYER_TRANSPARENT },
-
-        { SMB_VFS_OP(gpfsacl_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL,
-        		SMB_VFS_LAYER_TRANSPARENT },
-
-        { SMB_VFS_OP(gpfsacl_set_nt_acl), SMB_VFS_OP_SET_NT_ACL,
-        		SMB_VFS_LAYER_TRANSPARENT },
-
-        { SMB_VFS_OP(gpfsacl_sys_acl_get_file), SMB_VFS_OP_SYS_ACL_GET_FILE,
-        		SMB_VFS_LAYER_TRANSPARENT },
-
-        { SMB_VFS_OP(gpfsacl_sys_acl_get_fd), SMB_VFS_OP_SYS_ACL_GET_FD,
-        		SMB_VFS_LAYER_TRANSPARENT },
-
-        { SMB_VFS_OP(gpfsacl_sys_acl_set_file), SMB_VFS_OP_SYS_ACL_SET_FILE,
-        		SMB_VFS_LAYER_TRANSPARENT },
-
-        { SMB_VFS_OP(gpfsacl_sys_acl_set_fd), SMB_VFS_OP_SYS_ACL_SET_FD,
-        		SMB_VFS_LAYER_TRANSPARENT },
-
+	
+	{ SMB_VFS_OP(vfs_gpfs_kernel_flock), 
+	  SMB_VFS_OP_KERNEL_FLOCK,
+	  SMB_VFS_LAYER_OPAQUE },
+	
+        { SMB_VFS_OP(vfs_gpfs_setlease), 
+	  SMB_VFS_OP_LINUX_SETLEASE,
+	  SMB_VFS_LAYER_OPAQUE },
+	
+        { SMB_VFS_OP(gpfsacl_fget_nt_acl), 
+	  SMB_VFS_OP_FGET_NT_ACL,
+	  SMB_VFS_LAYER_TRANSPARENT },
+	
+        { SMB_VFS_OP(gpfsacl_get_nt_acl), 
+	  SMB_VFS_OP_GET_NT_ACL,
+	  SMB_VFS_LAYER_TRANSPARENT },
+	
+        { SMB_VFS_OP(gpfsacl_fset_nt_acl), 
+	  SMB_VFS_OP_FSET_NT_ACL,
+	  SMB_VFS_LAYER_TRANSPARENT },
+	
+        { SMB_VFS_OP(gpfsacl_set_nt_acl), 
+	  SMB_VFS_OP_SET_NT_ACL,
+	  SMB_VFS_LAYER_TRANSPARENT },
+	
+        { SMB_VFS_OP(gpfsacl_sys_acl_get_file), 
+	  SMB_VFS_OP_SYS_ACL_GET_FILE,
+	  SMB_VFS_LAYER_TRANSPARENT },
+	
+        { SMB_VFS_OP(gpfsacl_sys_acl_get_fd), 
+	  SMB_VFS_OP_SYS_ACL_GET_FD,
+	  SMB_VFS_LAYER_TRANSPARENT },
+	
+        { SMB_VFS_OP(gpfsacl_sys_acl_set_file), 
+	  SMB_VFS_OP_SYS_ACL_SET_FILE,
+	  SMB_VFS_LAYER_TRANSPARENT },
+	
+        { SMB_VFS_OP(gpfsacl_sys_acl_set_fd), 
+	  SMB_VFS_OP_SYS_ACL_SET_FD,
+	  SMB_VFS_LAYER_TRANSPARENT },
+	
         { SMB_VFS_OP(gpfsacl_sys_acl_delete_def_file),
-                SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
-                SMB_VFS_LAYER_TRANSPARENT },
-
-        { SMB_VFS_OP(vfs_gpfs_chmod), SMB_VFS_OP_CHMOD,
-                SMB_VFS_LAYER_TRANSPARENT },
-
-        { SMB_VFS_OP(vfs_gpfs_fchmod), SMB_VFS_OP_FCHMOD,
-                SMB_VFS_LAYER_TRANSPARENT },
+	  SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
+	  SMB_VFS_LAYER_TRANSPARENT },
+	
+        { SMB_VFS_OP(vfs_gpfs_chmod), 
+	  SMB_VFS_OP_CHMOD,
+	  SMB_VFS_LAYER_TRANSPARENT },
+	
+        { SMB_VFS_OP(vfs_gpfs_fchmod), 
+	  SMB_VFS_OP_FCHMOD,
+	  SMB_VFS_LAYER_TRANSPARENT },
 
         { SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP }
 
diff --git a/source3/modules/vfs_gpfs.h b/source3/modules/vfs_gpfs.h
new file mode 100644
index 0000000000..3c499b0850
--- /dev/null
+++ b/source3/modules/vfs_gpfs.h
@@ -0,0 +1,32 @@
+/*
+   Unix SMB/CIFS implementation.
+   Wrap gpfs calls in vfs functions.
+ 
+   Copyright (C) Christian Ambach <cambach1@de.ibm.com> 2006
+   
+   Major code contributions by Chetan Shringarpure <chetan.sh@in.ibm.com>
+                            and Gomati Mohanan <gomati.mohanan@in.ibm.com>
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+  
+
+*/
+
+bool set_gpfs_sharemode(files_struct *fsp, uint32 access_mask,
+			uint32 share_access);
+int set_gpfs_lease(int fd, int leasetype);
+int smbd_gpfs_getacl(char *pathname, int flags, void *acl);
+int smbd_gpfs_putacl(char *pathname, int flags, void *acl);
+void init_gpfs(void);
diff --git a/source3/modules/vfs_hpuxacl.c b/source3/modules/vfs_hpuxacl.c
index e101886450..f9293405fb 100644
--- a/source3/modules/vfs_hpuxacl.c
+++ b/source3/modules/vfs_hpuxacl.c
@@ -140,7 +140,7 @@ SMB_ACL_T hpuxacl_sys_acl_get_file(vfs_handle_struct *handle,
 {
 	SMB_ACL_T result = NULL;
 	int count;
-	HPUX_ACL_T hpux_acl;
+	HPUX_ACL_T hpux_acl = NULL;
 	
 	DEBUG(10, ("hpuxacl_sys_acl_get_file called for file '%s'.\n", 
 		   path_p));
@@ -213,7 +213,7 @@ int hpuxacl_sys_acl_set_file(vfs_handle_struct *handle,
 {
 	int ret = -1;
 	SMB_STRUCT_STAT s;
-	HPUX_ACL_T hpux_acl;
+	HPUX_ACL_T hpux_acl = NULL;
 	int count;
 	
 	DEBUG(10, ("hpuxacl_sys_acl_set_file called for file '%s'\n",
diff --git a/source3/modules/vfs_prealloc.c b/source3/modules/vfs_prealloc.c
index 2d64bc0184..2a06e3d81b 100644
--- a/source3/modules/vfs_prealloc.c
+++ b/source3/modules/vfs_prealloc.c
@@ -47,11 +47,16 @@
 #define lock_type struct flock64
 #endif
 
+#ifdef HAVE_GPFS
+#include "gpfs_gpl.h"
+#endif
+
 #define MODULE "prealloc"
 static int module_debug;
 
 static int preallocate_space(int fd, SMB_OFF_T size)
 {
+#ifndef HAVE_GPFS
 	lock_type fl = {0};
 	int err;
 
@@ -78,6 +83,9 @@ static int preallocate_space(int fd, SMB_OFF_T size)
 	err = -1;
 	errno = ENOSYS;
 #endif
+#else /* GPFS uses completely different interface */
+       err = gpfs_prealloc(fd, (gpfs_off64_t)0, (gpfs_off64_t)size);
+#endif
 
 	if (err) {
 		DEBUG(module_debug,
@@ -191,7 +199,7 @@ static int prealloc_ftruncate(vfs_handle_struct * handle,
 
 	/* Maintain the allocated space even in the face of truncates. */
 	if ((psize = VFS_FETCH_FSP_EXTENSION(handle, fsp))) {
-		preallocate_space(fd, *psize);
+		preallocate_space(fsp->fh->fd, *psize);
 	}
 
 	return ret;
@@ -210,4 +218,3 @@ NTSTATUS vfs_prealloc_init(void)
 	return smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
 		MODULE, prealloc_op_tuples);
 }
-
diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c
index fef65efa77..da1716719a 100644
--- a/source3/modules/vfs_recycle.c
+++ b/source3/modules/vfs_recycle.c
@@ -269,6 +269,7 @@ static bool recycle_create_dir(vfs_handle_struct *handle, const char *dname)
 	char *token;
 	char *tok_str;
 	bool ret = False;
+	char *saveptr;
 
 	mode = recycle_directory_mode(handle);
 
@@ -286,7 +287,8 @@ static bool recycle_create_dir(vfs_handle_struct *handle, const char *dname)
 	}
 
 	/* Create directory tree if neccessary */
-	for(token = strtok(tok_str, "/"); token; token = strtok(NULL, "/")) {
+	for(token = strtok_r(tok_str, "/", &saveptr); token;
+	    token = strtok_r(NULL, "/", &saveptr)) {
 		safe_strcat(new_dir, token, len);
 		if (recycle_directory_exist(handle, new_dir))
 			DEBUG(10, ("recycle: dir %s already exists\n", new_dir));
diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c
new file mode 100644
index 0000000000..ddbc5aab18
--- /dev/null
+++ b/source3/modules/vfs_shadow_copy2.c
@@ -0,0 +1,637 @@
+/* 
+ * implementation of an Shadow Copy module - version 2
+ *
+ * Copyright (C) Andrew Tridgell     2007
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *  
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *  
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include "includes.h"
+
+/*
+
+  This is a 2nd implemetation of a shadow copy module for exposing
+  snapshots to windows clients as shadow copies. This version has the
+  following features:
+
+     1) you don't need to populate your shares with symlinks to the
+     snapshots. This can be very important when you have thousands of
+     shares, or use [homes]
+
+     2) the inode number of the files is altered so it is different
+     from the original. This allows the 'restore' button to work
+     without a sharing violation
+
+  Module options:
+
+      shadow:snapdir = <directory where snapshots are kept>
+
+      This is the directory containing the @GMT-* snapshot directories. If it is an absolute
+      path it is used as-is. If it is a relative path, then it is taken relative to the mount
+      point of the filesystem that the root of this share is on
+
+      shadow:basedir = <base directory that snapshots are from>
+
+      This is an optional parameter that specifies the directory that
+      the snapshots are relative to. It defaults to the filesystem
+      mount point
+
+      shadow:fixinodes = yes/no
+
+      If you enable shadow:fixinodes then this module will modify the
+      apparent inode number of files in the snapshot directories using
+      a hash of the files path. This is needed for snapshot systems
+      where the snapshots have the same device:inode number as the
+      original files (such as happens with GPFS snapshots). If you
+      don't set this option then the 'restore' button in the shadow
+      copy UI will fail with a sharing violation.
+
+  Note that the directory names in the snapshot directory must take the form
+  @GMT-YYYY.MM.DD-HH.MM.SS
+  
+  The following command would generate a correctly formatted directory name:
+     date -u +@GMT-%Y.%m.%d-%H.%M.%S
+  
+ */
+
+static int vfs_shadow_copy2_debug_level = DBGC_VFS;
+
+#undef DBGC_CLASS
+#define DBGC_CLASS vfs_shadow_copy2_debug_level
+
+#define GMT_NAME_LEN 24 /* length of a @GMT- name */
+
+/*
+  make very sure it is one of our special names 
+ */
+static inline bool shadow_copy2_match_name(const char *name)
+{
+	unsigned year, month, day, hr, min, sec;
+	if (name[0] != '@') return False;
+	if (strncmp(name, "@GMT-", 5) != 0) return False;
+	if (sscanf(name, "@GMT-%04u.%02u.%02u-%02u.%02u.%02u", &year, &month,
+		   &day, &hr, &min, &sec) != 6) {
+		return False;
+	}
+	if (name[24] != 0 && name[24] != '/') {
+		return False;
+	}
+	return True;
+}
+
+/*
+  convert a name to the shadow directory
+ */
+
+#define _SHADOW2_NEXT(op, args, rtype, eret, extra) do { \
+	const char *name = fname; \
+	if (shadow_copy2_match_name(fname)) { \
+		char *name2; \
+		rtype ret; \
+		name2 = convert_shadow2_name(handle, fname); \
+		if (name2 == NULL) { \
+			errno = EINVAL; \
+			return eret; \
+		} \
+		name = name2; \
+		ret = SMB_VFS_NEXT_ ## op args; \
+		talloc_free(name2); \
+		if (ret != eret) extra; \
+		return ret; \
+	} else { \
+		return SMB_VFS_NEXT_ ## op args; \
+	} \
+} while (0)
+
+/*
+  convert a name to the shadow directory: NTSTATUS-specific handling
+ */
+
+#define _SHADOW2_NTSTATUS_NEXT(op, args, eret, extra) do { \
+        const char *name = fname; \
+        if (shadow_copy2_match_name(fname)) { \
+                char *name2; \
+                NTSTATUS ret; \
+                name2 = convert_shadow2_name(handle, fname); \
+                if (name2 == NULL) { \
+                        errno = EINVAL; \
+                        return eret; \
+                } \
+                name = name2; \
+                ret = SMB_VFS_NEXT_ ## op args; \
+                talloc_free(name2); \
+                if (!NT_STATUS_EQUAL(ret, eret)) extra; \
+                return ret; \
+        } else { \
+                return SMB_VFS_NEXT_ ## op args; \
+        } \
+} while (0)
+
+#define SHADOW2_NTSTATUS_NEXT(op, args, eret) _SHADOW2_NTSTATUS_NEXT(op, args, eret, )
+
+#define SHADOW2_NEXT(op, args, rtype, eret) _SHADOW2_NEXT(op, args, rtype, eret, )
+
+#define SHADOW2_NEXT2(op, args) do { \
+	if (shadow_copy2_match_name(oldname) || shadow_copy2_match_name(newname)) { \
+		errno = EROFS; \
+		return -1; \
+	} else { \
+		return SMB_VFS_NEXT_ ## op args; \
+	} \
+} while (0)
+
+
+/*
+  find the mount point of a filesystem
+ */
+static char *find_mount_point(TALLOC_CTX *mem_ctx, vfs_handle_struct *handle)
+{
+	char *path = talloc_strdup(mem_ctx, handle->conn->connectpath);
+	dev_t dev;
+	struct stat st;
+	char *p;
+
+	if (stat(path, &st) != 0) {
+		talloc_free(path);
+		return NULL;
+	}
+
+	dev = st.st_dev;
+
+	while ((p = strrchr(path, '/')) && p > path) {
+		*p = 0;
+		if (stat(path, &st) != 0) {
+			talloc_free(path);
+			return NULL;
+		}
+		if (st.st_dev != dev) {
+			*p = '/';
+			break;
+		}
+	}
+
+	return path;	
+}
+
+/*
+  work out the location of the snapshot for this share
+ */
+static const char *shadow_copy2_find_snapdir(TALLOC_CTX *mem_ctx, vfs_handle_struct *handle)
+{
+	const char *snapdir;
+	char *mount_point;
+	const char *ret;
+
+	snapdir = lp_parm_const_string(SNUM(handle->conn), "shadow", "snapdir", NULL);
+	if (snapdir == NULL) {
+		return NULL;
+	}
+	/* if its an absolute path, we're done */
+	if (*snapdir == '/') {
+		return snapdir;
+	}
+
+	/* other its relative to the filesystem mount point */
+	mount_point = find_mount_point(mem_ctx, handle);
+	if (mount_point == NULL) {
+		return NULL;
+	}
+
+	ret = talloc_asprintf(mem_ctx, "%s/%s", mount_point, snapdir);
+	talloc_free(mount_point);
+	return ret;
+}
+
+/*
+  work out the location of the base directory for snapshots of this share
+ */
+static const char *shadow_copy2_find_basedir(TALLOC_CTX *mem_ctx, vfs_handle_struct *handle)
+{
+	const char *basedir = lp_parm_const_string(SNUM(handle->conn), "shadow", "basedir", NULL);
+
+	/* other its the filesystem mount point */
+	if (basedir == NULL) {
+		basedir = find_mount_point(mem_ctx, handle);
+	}
+
+	return basedir;
+}
+
+/*
+  convert a filename from a share relative path, to a path in the
+  snapshot directory
+ */
+static char *convert_shadow2_name(vfs_handle_struct *handle, const char *fname)
+{
+	TALLOC_CTX *tmp_ctx = talloc_new(handle->data);
+	const char *snapdir, *relpath, *baseoffset, *basedir;
+	size_t baselen;
+	char *ret;
+
+	snapdir = shadow_copy2_find_snapdir(tmp_ctx, handle);
+	if (snapdir == NULL) {
+		DEBUG(2,("no snapdir found for share at %s\n", handle->conn->connectpath));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	basedir = shadow_copy2_find_basedir(tmp_ctx, handle);
+	if (basedir == NULL) {
+		DEBUG(2,("no basedir found for share at %s\n", handle->conn->connectpath));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	relpath = fname + GMT_NAME_LEN;
+	baselen = strlen(basedir);
+	baseoffset = handle->conn->connectpath + baselen;
+
+	/* some sanity checks */
+	if (strncmp(basedir, handle->conn->connectpath, baselen) != 0 ||
+	    (handle->conn->connectpath[baselen] != 0 && handle->conn->connectpath[baselen] != '/')) {
+		DEBUG(0,("convert_shadow2_name: basedir %s is not a parent of %s\n",
+			 basedir, handle->conn->connectpath));
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
+
+	if (*relpath == '/') relpath++;
+	if (*baseoffset == '/') baseoffset++;
+
+	ret = talloc_asprintf(handle->data, "%s/%.*s/%s/%s", 
+			      snapdir, 
+			      GMT_NAME_LEN, fname, 
+			      baseoffset, 
+			      relpath);
+	DEBUG(6,("convert_shadow2_name: '%s' -> '%s'\n", fname, ret));
+	talloc_free(tmp_ctx);
+	return ret;
+}
+
+
+/*
+  simple string hash
+ */
+static uint32 string_hash(const char *s)
+{
+        uint32 n = 0;
+	while (*s) {
+                n = ((n << 5) + n) ^ (uint32)(*s++);
+        }
+        return n;
+}
+
+/*
+  modify a sbuf return to ensure that inodes in the shadow directory
+  are different from those in the main directory
+ */
+static void convert_sbuf(vfs_handle_struct *handle, const char *fname, SMB_STRUCT_STAT *sbuf)
+{
+	if (lp_parm_bool(SNUM(handle->conn), "shadow", "fixinodes", False)) {		
+		/* some snapshot systems, like GPFS, return the name
+		   device:inode for the snapshot files as the current
+		   files. That breaks the 'restore' button in the shadow copy
+		   GUI, as the client gets a sharing violation.
+
+		   This is a crude way of allowing both files to be
+		   open at once. It has a slight chance of inode
+		   number collision, but I can't see a better approach
+		   without significant VFS changes
+		*/
+		uint32_t shash = string_hash(fname) & 0xFF000000;
+		if (shash == 0) {
+			shash = 1;
+		}
+		sbuf->st_ino ^= shash;
+	}
+}
+
+static int shadow_copy2_rename(vfs_handle_struct *handle,
+			const char *oldname, const char *newname)
+{
+	SHADOW2_NEXT2(RENAME, (handle, oldname, newname));
+}
+
+static int shadow_copy2_symlink(vfs_handle_struct *handle,
+				const char *oldname, const char *newname)
+{
+	SHADOW2_NEXT2(SYMLINK, (handle, oldname, newname));
+}
+
+static int shadow_copy2_link(vfs_handle_struct *handle,
+			  const char *oldname, const char *newname)
+{
+	SHADOW2_NEXT2(LINK, (handle, oldname, newname));
+}
+
+static int shadow_copy2_open(vfs_handle_struct *handle,
+			     const char *fname, files_struct *fsp, int flags, mode_t mode)
+{
+	SHADOW2_NEXT(OPEN, (handle, name, fsp, flags, mode), int, -1);
+}
+
+static SMB_STRUCT_DIR *shadow_copy2_opendir(vfs_handle_struct *handle,
+			  const char *fname, const char *mask, uint32 attr)
+{
+        SHADOW2_NEXT(OPENDIR, (handle, name, mask, attr), SMB_STRUCT_DIR *, NULL);
+}
+
+static int shadow_copy2_stat(vfs_handle_struct *handle,
+		      const char *fname, SMB_STRUCT_STAT *sbuf)
+{
+        _SHADOW2_NEXT(STAT, (handle, name, sbuf), int, -1, convert_sbuf(handle, fname, sbuf));
+}
+
+static int shadow_copy2_lstat(vfs_handle_struct *handle,
+		       const char *fname, SMB_STRUCT_STAT *sbuf)
+{
+        _SHADOW2_NEXT(LSTAT, (handle, name, sbuf), int, -1, convert_sbuf(handle, fname, sbuf));
+}
+
+static int shadow_copy2_fstat(vfs_handle_struct *handle, files_struct *fsp, SMB_STRUCT_STAT *sbuf)
+{
+	int ret = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
+	if (ret == 0 && shadow_copy2_match_name(fsp->fsp_name)) {
+		convert_sbuf(handle, fsp->fsp_name, sbuf);
+	}
+	return ret;
+}
+
+static int shadow_copy2_unlink(vfs_handle_struct *handle, const char *fname)
+{
+        SHADOW2_NEXT(UNLINK, (handle, name), int, -1);
+}
+
+static int shadow_copy2_chmod(vfs_handle_struct *handle,
+		       const char *fname, mode_t mode)
+{
+        SHADOW2_NEXT(CHMOD, (handle, name, mode), int, -1);
+}
+
+static int shadow_copy2_chown(vfs_handle_struct *handle,
+		       const char *fname, uid_t uid, gid_t gid)
+{
+        SHADOW2_NEXT(CHOWN, (handle, name, uid, gid), int, -1);
+}
+
+static int shadow_copy2_chdir(vfs_handle_struct *handle,
+		       const char *fname)
+{
+	SHADOW2_NEXT(CHDIR, (handle, name), int, -1);
+}
+
+static int shadow_copy2_ntimes(vfs_handle_struct *handle,
+		       const char *fname, const struct timespec ts[2])
+{
+        SHADOW2_NEXT(NTIMES, (handle, name, ts), int, -1);
+}
+
+static int shadow_copy2_readlink(vfs_handle_struct *handle,
+				 const char *fname, char *buf, size_t bufsiz)
+{
+        SHADOW2_NEXT(READLINK, (handle, name, buf, bufsiz), int, -1);
+}
+
+static int shadow_copy2_mknod(vfs_handle_struct *handle,
+		       const char *fname, mode_t mode, SMB_DEV_T dev)
+{
+        SHADOW2_NEXT(MKNOD, (handle, name, mode, dev), int, -1);
+}
+
+static char *shadow_copy2_realpath(vfs_handle_struct *handle,
+			    const char *fname, char *resolved_path)
+{
+        SHADOW2_NEXT(REALPATH, (handle, name, resolved_path), char *, NULL);
+}
+
+static NTSTATUS shadow_copy2_get_nt_acl(vfs_handle_struct *handle,
+			       const char *fname, uint32 security_info,
+			       struct security_descriptor **ppdesc)
+{
+        SHADOW2_NTSTATUS_NEXT(GET_NT_ACL, (handle, name, security_info, ppdesc), NT_STATUS_ACCESS_DENIED);
+}
+
+static NTSTATUS shadow_copy2_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+			     const char *fname, uint32 security_info_sent,
+			     struct security_descriptor *psd)
+{
+        SHADOW2_NTSTATUS_NEXT(SET_NT_ACL, (handle, fsp, name, security_info_sent, psd), NT_STATUS_ACCESS_DENIED);
+}
+
+static int shadow_copy2_mkdir(vfs_handle_struct *handle,  const char *fname, mode_t mode)
+{
+        SHADOW2_NEXT(MKDIR, (handle, name, mode), int, -1);
+}
+
+static int shadow_copy2_rmdir(vfs_handle_struct *handle,  const char *fname)
+{
+        SHADOW2_NEXT(RMDIR, (handle, name), int, -1);
+}
+
+static int shadow_copy2_chflags(vfs_handle_struct *handle, const char *fname, int flags)
+{
+        SHADOW2_NEXT(CHFLAGS, (handle, name, flags), int, -1);
+}
+
+static ssize_t shadow_copy2_getxattr(vfs_handle_struct *handle,
+				  const char *fname, const char *aname, void *value, size_t size)
+{
+        SHADOW2_NEXT(GETXATTR, (handle, name, aname, value, size), ssize_t, -1);
+}
+
+static ssize_t shadow_copy2_lgetxattr(vfs_handle_struct *handle,
+				      const char *fname, const char *aname, void *value, size_t size)
+{
+        SHADOW2_NEXT(LGETXATTR, (handle, name, aname, value, size), ssize_t, -1);
+}
+
+static ssize_t shadow_copy2_listxattr(struct vfs_handle_struct *handle, const char *fname, 
+				      char *list, size_t size)
+{
+	SHADOW2_NEXT(LISTXATTR, (handle, name, list, size), ssize_t, -1);
+}
+
+static int shadow_copy2_removexattr(struct vfs_handle_struct *handle, const char *fname, 
+				    const char *aname)
+{
+	SHADOW2_NEXT(REMOVEXATTR, (handle, name, aname), int, -1);
+}
+
+static int shadow_copy2_lremovexattr(struct vfs_handle_struct *handle, const char *fname, 
+				     const char *aname)
+{
+	SHADOW2_NEXT(LREMOVEXATTR, (handle, name, aname), int, -1);
+}
+
+static int shadow_copy2_setxattr(struct vfs_handle_struct *handle, const char *fname, 
+				 const char *aname, const void *value, size_t size, int flags)
+{
+	SHADOW2_NEXT(SETXATTR, (handle, name, aname, value, size, flags), int, -1);
+}
+
+static int shadow_copy2_lsetxattr(struct vfs_handle_struct *handle, const char *fname, 
+				  const char *aname, const void *value, size_t size, int flags)
+{
+	SHADOW2_NEXT(LSETXATTR, (handle, name, aname, value, size, flags), int, -1);
+}
+
+static int shadow_copy2_chmod_acl(vfs_handle_struct *handle,
+			   const char *fname, mode_t mode)
+{
+        /* If the underlying VFS doesn't have ACL support... */
+        if (!handle->vfs_next.ops.chmod_acl) {
+                errno = ENOSYS;
+                return -1;
+        }
+        SHADOW2_NEXT(CHMOD_ACL, (handle, name, mode), int, -1);
+}
+
+static int shadow_copy2_get_shadow_copy2_data(vfs_handle_struct *handle, 
+					      files_struct *fsp, 
+					      SHADOW_COPY_DATA *shadow_copy2_data, 
+					      bool labels)
+{
+	SMB_STRUCT_DIR *p;
+	const char *snapdir;
+	SMB_STRUCT_DIRENT *d;
+	TALLOC_CTX *tmp_ctx = talloc_new(handle->data);
+
+	snapdir = shadow_copy2_find_snapdir(tmp_ctx, handle);
+	if (snapdir == NULL) {
+		DEBUG(0,("shadow:snapdir not found for %s in get_shadow_copy_data\n",
+			 handle->conn->connectpath));
+		errno = EINVAL;
+		talloc_free(tmp_ctx);
+		return -1;
+	}
+
+	p = SMB_VFS_NEXT_OPENDIR(handle, snapdir, NULL, 0);
+
+	if (!p) {
+		DEBUG(0,("shadow_copy2: SMB_VFS_NEXT_OPENDIR() failed for '%s' - %s\n", 
+			 snapdir, strerror(errno)));
+		talloc_free(tmp_ctx);
+		return -1;
+	}
+
+	talloc_free(tmp_ctx);
+
+	shadow_copy2_data->num_volumes = 0;
+	shadow_copy2_data->labels      = NULL;
+
+	while ((d = SMB_VFS_NEXT_READDIR(handle, p))) {
+		SHADOW_COPY_LABEL *tlabels;
+
+		/* ignore names not of the right form in the snapshot directory */
+		if (!shadow_copy2_match_name(d->d_name)) {
+			continue;
+		}
+
+		if (!labels) {
+			/* the caller doesn't want the labels */
+			shadow_copy2_data->num_volumes++;
+			continue;
+		}
+
+		tlabels = talloc_realloc(shadow_copy2_data->mem_ctx,
+					 shadow_copy2_data->labels,
+					 SHADOW_COPY_LABEL, shadow_copy2_data->num_volumes+1);
+		if (tlabels == NULL) {
+			DEBUG(0,("shadow_copy2: out of memory\n"));
+			SMB_VFS_NEXT_CLOSEDIR(handle, p);
+			return -1;
+		}
+
+		strlcpy(tlabels[shadow_copy2_data->num_volumes], d->d_name, sizeof(*tlabels));
+		shadow_copy2_data->num_volumes++;
+		shadow_copy2_data->labels = tlabels;
+	}
+
+	SMB_VFS_NEXT_CLOSEDIR(handle,p);
+	return 0;
+}
+
+/* VFS operations structure */
+
+static vfs_op_tuple shadow_copy2_ops[] = {
+        {SMB_VFS_OP(shadow_copy2_opendir),  SMB_VFS_OP_OPENDIR,  SMB_VFS_LAYER_TRANSPARENT},
+
+	/* directory operations */
+        {SMB_VFS_OP(shadow_copy2_mkdir),       SMB_VFS_OP_MKDIR,       SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_rmdir),       SMB_VFS_OP_RMDIR,       SMB_VFS_LAYER_TRANSPARENT},
+
+	/* xattr and flags operations */
+        {SMB_VFS_OP(shadow_copy2_chflags),     SMB_VFS_OP_CHFLAGS,     SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_getxattr),    SMB_VFS_OP_GETXATTR,    SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_lgetxattr),   SMB_VFS_OP_LGETXATTR,   SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_listxattr),   SMB_VFS_OP_LISTXATTR,   SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_removexattr), SMB_VFS_OP_REMOVEXATTR, SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_lremovexattr),SMB_VFS_OP_LREMOVEXATTR,SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_setxattr),    SMB_VFS_OP_SETXATTR,    SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_lsetxattr),   SMB_VFS_OP_LSETXATTR,   SMB_VFS_LAYER_TRANSPARENT},
+
+        /* File operations */
+        {SMB_VFS_OP(shadow_copy2_open),       SMB_VFS_OP_OPEN,     SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_rename),     SMB_VFS_OP_RENAME,   SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_stat),       SMB_VFS_OP_STAT,     SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_lstat),      SMB_VFS_OP_LSTAT,    SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_fstat),      SMB_VFS_OP_FSTAT,    SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_unlink),     SMB_VFS_OP_UNLINK,   SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_chmod),      SMB_VFS_OP_CHMOD,    SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_chown),      SMB_VFS_OP_CHOWN,    SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_chdir),      SMB_VFS_OP_CHDIR,    SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_ntimes),     SMB_VFS_OP_NTIMES,   SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_symlink),    SMB_VFS_OP_SYMLINK,  SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_readlink),   SMB_VFS_OP_READLINK, SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_link),       SMB_VFS_OP_LINK,     SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_mknod),      SMB_VFS_OP_MKNOD,    SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_realpath),   SMB_VFS_OP_REALPATH, SMB_VFS_LAYER_TRANSPARENT},
+
+        /* NT File ACL operations */
+        {SMB_VFS_OP(shadow_copy2_get_nt_acl), SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT},
+        {SMB_VFS_OP(shadow_copy2_set_nt_acl), SMB_VFS_OP_SET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT},
+
+        /* POSIX ACL operations */
+        {SMB_VFS_OP(shadow_copy2_chmod_acl), SMB_VFS_OP_CHMOD_ACL, SMB_VFS_LAYER_TRANSPARENT},
+
+	/* special shadown copy op */
+	{SMB_VFS_OP(shadow_copy2_get_shadow_copy2_data), 
+	 SMB_VFS_OP_GET_SHADOW_COPY_DATA,SMB_VFS_LAYER_OPAQUE},
+
+	{SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
+};
+
+NTSTATUS vfs_shadow_copy2_init(void);
+NTSTATUS vfs_shadow_copy2_init(void)
+{
+	NTSTATUS ret;
+
+	ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "shadow_copy2", shadow_copy2_ops);
+
+	if (!NT_STATUS_IS_OK(ret))
+		return ret;
+
+	vfs_shadow_copy2_debug_level = debug_add_class("shadow_copy2");
+	if (vfs_shadow_copy2_debug_level == -1) {
+		vfs_shadow_copy2_debug_level = DBGC_VFS;
+		DEBUG(0, ("%s: Couldn't register custom debugging class!\n",
+			"vfs_shadow_copy2_init"));
+	} else {
+		DEBUG(10, ("%s: Debug class number of '%s': %d\n", 
+			"vfs_shadow_copy2_init","shadow_copy2",vfs_shadow_copy2_debug_level));
+	}
+
+	return ret;
+}
diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c
new file mode 100644
index 0000000000..fa85ea4a57
--- /dev/null
+++ b/source3/modules/vfs_streams_depot.c
@@ -0,0 +1,641 @@
+/*
+ * Store streams in a separate subdirectory
+ *
+ * Copyright (C) Volker Lendecke, 2007
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_VFS
+
+/*
+ * Excerpt from a mail from tridge:
+ *
+ * Volker, what I'm thinking of is this:
+ * /mount-point/.streams/XX/YY/aaaa.bbbb/namedstream1
+ * /mount-point/.streams/XX/YY/aaaa.bbbb/namedstream2
+ *
+ * where XX/YY is a 2 level hash based on the fsid/inode. "aaaa.bbbb"
+ * is the fsid/inode. "namedstreamX" is a file named after the stream
+ * name.
+ */
+
+static uint32_t hash_fn(DATA_BLOB key)
+{
+	uint32_t value;	/* Used to compute the hash value.  */
+	uint32_t i;	/* Used to cycle through random values. */
+
+	/* Set the initial value from the key size. */
+	for (value = 0x238F13AF * key.length, i=0; i < key.length; i++)
+		value = (value + (key.data[i] << (i*5 % 24)));
+
+	return (1103515243 * value + 12345);
+}
+
+/*
+ * With the hashing scheme based on the inode we need to protect against
+ * streams showing up on files with re-used inodes. This can happen if we
+ * create a stream directory from within Samba, and a local process or NFS
+ * client deletes the file without deleting the streams directory. When the
+ * inode is re-used and the stream directory is still around, the streams in
+ * there would be show up as belonging to the new file.
+ *
+ * There are several workarounds for this, probably the easiest one is on
+ * systems which have a true birthtime stat element: When the file has a later
+ * birthtime than the streams directory, then we have to recreate the
+ * directory.
+ *
+ * The other workaround is to somehow mark the file as generated by Samba with
+ * something that a NFS client would not do. The closest one is a special
+ * xattr value being set. On systems which do not support xattrs, it might be
+ * an option to put in a special ACL entry for a non-existing group.
+ */
+
+#define SAMBA_XATTR_MARKER "user.SAMBA_STREAMS"
+
+static bool file_is_valid(vfs_handle_struct *handle, const char *path)
+{
+	char buf;
+
+	DEBUG(10, ("file_is_valid (%s) called\n", path));
+
+	if (SMB_VFS_NEXT_GETXATTR(handle, path, SAMBA_XATTR_MARKER,
+				  &buf, sizeof(buf)) != sizeof(buf)) {
+		DEBUG(10, ("GETXATTR failed: %s\n", strerror(errno)));
+		return false;
+	}
+
+	if (buf != '1') {
+		DEBUG(10, ("got wrong buffer content: '%c'\n", buf));
+		return false;
+	}
+
+	return true;
+}
+
+static bool mark_file_valid(vfs_handle_struct *handle, const char *path)
+{
+	char buf = '1';
+	int ret;
+
+	DEBUG(10, ("marking file %s as valid\n", path));
+
+	ret = SMB_VFS_NEXT_SETXATTR(handle, path, SAMBA_XATTR_MARKER,
+				    &buf, sizeof(buf), 0);
+
+	if (ret == -1) {
+		DEBUG(10, ("SETXATTR failed: %s\n", strerror(errno)));
+		return false;
+	}
+
+	return true;
+}
+
+static char *stream_dir(vfs_handle_struct *handle, const char *base_path,
+			const SMB_STRUCT_STAT *base_sbuf, bool create_it)
+{
+	uint32_t hash;
+	char *result = NULL;
+	SMB_STRUCT_STAT sbuf;
+	uint8_t first, second;
+	char *tmp;
+	char *id_hex;
+	struct file_id id;
+	uint8 id_buf[16];
+
+	const char *rootdir = lp_parm_const_string(
+		SNUM(handle->conn), "streams", "directory",
+		handle->conn->connectpath);
+
+	if (base_sbuf == NULL) {
+		if (SMB_VFS_NEXT_STAT(handle, base_path, &sbuf) == -1) {
+			/*
+			 * base file is not there
+			 */
+			goto fail;
+		}
+		base_sbuf = &sbuf;
+	}
+
+	id = SMB_VFS_FILE_ID_CREATE(handle->conn, base_sbuf->st_dev,
+				    base_sbuf->st_ino);
+
+	push_file_id_16((char *)id_buf, &id);
+
+	hash = hash_fn(data_blob_const(id_buf, sizeof(id_buf)));
+
+	first = hash & 0xff;
+	second = (hash >> 8) & 0xff;
+
+	id_hex = hex_encode(talloc_tos(), id_buf, sizeof(id_buf));
+
+	if (id_hex == NULL) {
+		errno = ENOMEM;
+		goto fail;
+	}
+
+	result = talloc_asprintf(talloc_tos(), "%s/%2.2X/%2.2X/%s", rootdir,
+				 first, second, id_hex);
+
+	TALLOC_FREE(id_hex);
+
+	if (result == NULL) {
+		errno = ENOMEM;
+		return NULL;
+	}
+
+	if (SMB_VFS_NEXT_STAT(handle, result, &sbuf) == 0) {
+		char *newname;
+
+		if (!S_ISDIR(sbuf.st_mode)) {
+			errno = EINVAL;
+			goto fail;
+		}
+
+		if (file_is_valid(handle, base_path)) {
+			return result;
+		}
+
+		/*
+		 * Someone has recreated a file under an existing inode
+		 * without deleting the streams directory. For now, just move
+		 * it away.
+		 */
+
+	again:
+		newname = talloc_asprintf(talloc_tos(), "lost-%lu", random());
+		if (newname == NULL) {
+			errno = ENOMEM;
+			goto fail;
+		}
+
+		if (SMB_VFS_NEXT_RENAME(handle, result, newname) == -1) {
+			if ((errno == EEXIST) || (errno == ENOTEMPTY)) {
+				TALLOC_FREE(newname);
+				goto again;
+			}
+			goto fail;
+		}
+
+		TALLOC_FREE(newname);
+	}
+
+	if (!create_it) {
+		errno = ENOENT;
+		goto fail;
+	}
+
+	if ((SMB_VFS_NEXT_MKDIR(handle, rootdir, 0755) != 0)
+	    && (errno != EEXIST)) {
+		goto fail;
+	}
+
+	tmp = talloc_asprintf(result, "%s/%2.2X", rootdir, first);
+	if (tmp == NULL) {
+		errno = ENOMEM;
+		goto fail;
+	}
+
+	if ((SMB_VFS_NEXT_MKDIR(handle, tmp, 0755) != 0)
+	    && (errno != EEXIST)) {
+		goto fail;
+	}
+
+	TALLOC_FREE(tmp);
+
+	tmp = talloc_asprintf(result, "%s/%2.2X/%2.2X", rootdir, first,
+			      second);
+	if (tmp == NULL) {
+		errno = ENOMEM;
+		goto fail;
+	}
+
+	if ((SMB_VFS_NEXT_MKDIR(handle, tmp, 0755) != 0)
+	    && (errno != EEXIST)) {
+		goto fail;
+	}
+
+	TALLOC_FREE(tmp);
+
+	if ((SMB_VFS_NEXT_MKDIR(handle, result, 0755) != 0)
+	    && (errno != EEXIST)) {
+		goto fail;
+	}
+
+	if (!mark_file_valid(handle, base_path)) {
+		goto fail;
+	}
+
+	return result;
+
+ fail:
+	TALLOC_FREE(result);
+	return NULL;
+}
+
+static char *stream_name(vfs_handle_struct *handle, const char *fname,
+			 bool create_dir)
+{
+	char *base = NULL;
+	char *sname = NULL;
+	char *id_hex = NULL;
+	char *dirname, *stream_fname;
+
+	if (!NT_STATUS_IS_OK(split_ntfs_stream_name(talloc_tos(), fname,
+						    &base, &sname))) {
+		DEBUG(10, ("split_ntfs_stream_name failed\n"));
+		errno = ENOMEM;
+		goto fail;
+	}
+
+	dirname = stream_dir(handle, base, NULL, create_dir);
+
+	if (dirname == NULL) {
+		goto fail;
+	}
+
+	stream_fname = talloc_asprintf(talloc_tos(), "%s/:%s", dirname, sname);
+
+	if (stream_fname == NULL) {
+		errno = ENOMEM;
+		goto fail;
+	}
+
+	DEBUG(10, ("stream filename = %s\n", stream_fname));
+
+	TALLOC_FREE(base);
+	TALLOC_FREE(sname);
+	TALLOC_FREE(id_hex);
+
+	return stream_fname;
+
+ fail:
+	DEBUG(5, ("stream_name failed: %s\n", strerror(errno)));
+	TALLOC_FREE(base);
+	TALLOC_FREE(sname);
+	TALLOC_FREE(id_hex);
+	return NULL;
+}
+
+static NTSTATUS walk_streams(vfs_handle_struct *handle,
+			     const char *fname,
+			     const SMB_STRUCT_STAT *sbuf,
+			     char **pdirname,
+			     bool (*fn)(const char *dirname,
+					const char *dirent,
+					void *private_data),
+			     void *private_data)
+{
+	char *dirname;
+	SMB_STRUCT_DIR *dirhandle = NULL;
+	char *dirent;
+
+	dirname = stream_dir(handle, fname, sbuf, false);
+
+	if (dirname == NULL) {
+		if (errno == ENOENT) {
+			/*
+			 * no stream around
+			 */
+			return NT_STATUS_OK;
+		}
+		return map_nt_error_from_unix(errno);
+	}
+
+	DEBUG(10, ("walk_streams: dirname=%s\n", dirname));
+
+	dirhandle = SMB_VFS_NEXT_OPENDIR(handle, dirname, NULL, 0);
+
+	if (dirhandle == NULL) {
+		TALLOC_FREE(dirname);
+		return map_nt_error_from_unix(errno);
+	}
+
+	while ((dirent = vfs_readdirname(handle->conn, dirhandle)) != NULL) {
+
+		if (ISDOT(dirent) || ISDOTDOT(dirent)) {
+			continue;
+		}
+
+		DEBUG(10, ("walk_streams: dirent=%s\n", dirent));
+
+		if (!fn(dirname, dirent, private_data)) {
+			break;
+		}
+	}
+
+	SMB_VFS_NEXT_CLOSEDIR(handle, dirhandle);
+
+	if (pdirname != NULL) {
+		*pdirname = dirname;
+	}
+	else {
+		TALLOC_FREE(dirname);
+	}
+
+	return NT_STATUS_OK;
+}
+
+static int streams_depot_stat(vfs_handle_struct *handle, const char *fname,
+			      SMB_STRUCT_STAT *sbuf)
+{
+	char *stream_fname;
+	int ret = -1;
+
+	DEBUG(10, ("streams_depot_stat called for [%s]\n", fname));
+
+	if (!is_ntfs_stream_name(fname)) {
+		return SMB_VFS_NEXT_STAT(handle, fname, sbuf);
+	}
+
+	stream_fname = stream_name(handle, fname, false);
+	if (stream_fname == NULL) {
+		goto done;
+	}
+
+	ret = SMB_VFS_NEXT_STAT(handle, stream_fname, sbuf);
+
+ done:
+	TALLOC_FREE(stream_fname);
+	return ret;
+}
+
+static int streams_depot_lstat(vfs_handle_struct *handle, const char *fname,
+			       SMB_STRUCT_STAT *sbuf)
+{
+	char *stream_fname;
+	int ret = -1;
+
+	if (!is_ntfs_stream_name(fname)) {
+		return SMB_VFS_NEXT_LSTAT(handle, fname, sbuf);
+	}
+
+	stream_fname = stream_name(handle, fname, false);
+	if (stream_fname == NULL) {
+		goto done;
+	}
+
+	ret = SMB_VFS_NEXT_LSTAT(handle, stream_fname, sbuf);
+
+ done:
+	TALLOC_FREE(stream_fname);
+	return ret;
+}
+
+static int streams_depot_open(vfs_handle_struct *handle,  const char *fname,
+			      files_struct *fsp, int flags, mode_t mode)
+{
+	TALLOC_CTX *frame;
+	char *base = NULL;
+	SMB_STRUCT_STAT base_sbuf;
+	char *stream_fname;
+	int ret = -1;
+
+	if (!is_ntfs_stream_name(fname)) {
+		return SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode);
+	}
+
+	frame = talloc_stackframe();
+
+	if (!NT_STATUS_IS_OK(split_ntfs_stream_name(talloc_tos(), fname,
+						    &base, NULL))) {
+		errno = ENOMEM;
+		goto done;
+	}
+
+	ret = SMB_VFS_NEXT_STAT(handle, base, &base_sbuf);
+
+	if (ret == -1) {
+		goto done;
+	}
+
+	TALLOC_FREE(base);
+
+	stream_fname = stream_name(handle, fname, true);
+	if (stream_fname == NULL) {
+		goto done;
+	}
+
+	ret = SMB_VFS_NEXT_OPEN(handle, stream_fname, fsp, flags, mode);
+
+ done:
+	TALLOC_FREE(frame);
+	return ret;
+}
+
+static int streams_depot_unlink(vfs_handle_struct *handle,  const char *fname)
+{
+	int ret = -1;
+	SMB_STRUCT_STAT sbuf;
+
+	DEBUG(10, ("streams_depot_unlink called for %s\n", fname));
+
+	if (is_ntfs_stream_name(fname)) {
+		char *stream_fname;
+
+		stream_fname = stream_name(handle, fname, false);
+		if (stream_fname == NULL) {
+			return -1;
+		}
+
+		ret = SMB_VFS_NEXT_UNLINK(handle, stream_fname);
+
+		TALLOC_FREE(stream_fname);
+		return ret;
+	}
+
+	/*
+	 * We potentially need to delete the per-inode streams directory
+	 */
+
+	if (SMB_VFS_NEXT_STAT(handle, fname, &sbuf) == -1) {
+		return -1;
+	}
+
+	if (sbuf.st_nlink == 1) {
+		char *dirname = stream_dir(handle, fname, &sbuf, false);
+
+		if (dirname != NULL) {
+			SMB_VFS_NEXT_RMDIR(handle, dirname);
+		}
+		TALLOC_FREE(dirname);
+	}
+
+	return SMB_VFS_NEXT_UNLINK(handle, fname);
+}
+
+static bool add_one_stream(TALLOC_CTX *mem_ctx, unsigned int *num_streams,
+			   struct stream_struct **streams,
+			   const char *name, SMB_OFF_T size,
+			   SMB_OFF_T alloc_size)
+{
+	struct stream_struct *tmp;
+
+	tmp = TALLOC_REALLOC_ARRAY(mem_ctx, *streams, struct stream_struct,
+				   (*num_streams)+1);
+	if (tmp == NULL) {
+		return false;
+	}
+
+	tmp[*num_streams].name = talloc_strdup(tmp, name);
+	if (tmp[*num_streams].name == NULL) {
+		return false;
+	}
+
+	tmp[*num_streams].size = size;
+	tmp[*num_streams].alloc_size = alloc_size;
+
+	*streams = tmp;
+	*num_streams += 1;
+	return true;
+}
+
+struct streaminfo_state {
+	TALLOC_CTX *mem_ctx;
+	vfs_handle_struct *handle;
+	unsigned int num_streams;
+	struct stream_struct *streams;
+	NTSTATUS status;
+};
+
+static bool collect_one_stream(const char *dirname,
+			       const char *dirent,
+			       void *private_data)
+{
+	struct streaminfo_state *state =
+		(struct streaminfo_state *)private_data;
+	char *full_sname;
+	SMB_STRUCT_STAT sbuf;
+
+	if (asprintf(&full_sname, "%s/%s", dirname, dirent) == -1) {
+		state->status = NT_STATUS_NO_MEMORY;
+		return false;
+	}
+	if (SMB_VFS_NEXT_STAT(state->handle, full_sname, &sbuf) == -1) {
+		DEBUG(10, ("Could not stat %s: %s\n", full_sname,
+			   strerror(errno)));
+		SAFE_FREE(full_sname);
+		return true;
+	}
+
+	SAFE_FREE(full_sname);
+
+	if (!add_one_stream(state->mem_ctx,
+			    &state->num_streams, &state->streams,
+			    dirent, sbuf.st_size,
+			    get_allocation_size(
+				    state->handle->conn, NULL, &sbuf))) {
+		state->status = NT_STATUS_NO_MEMORY;
+		return false;
+	}
+
+	return true;
+}
+
+static NTSTATUS streams_depot_streaminfo(vfs_handle_struct *handle,
+					 struct files_struct *fsp,
+					 const char *fname,
+					 TALLOC_CTX *mem_ctx,
+					 unsigned int *pnum_streams,
+					 struct stream_struct **pstreams)
+{
+	SMB_STRUCT_STAT sbuf;
+	int ret;
+	NTSTATUS status;
+	struct streaminfo_state state;
+
+	if ((fsp != NULL) && (fsp->fh->fd != -1)) {
+		if (is_ntfs_stream_name(fsp->fsp_name)) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		ret = SMB_VFS_NEXT_FSTAT(handle, fsp, &sbuf);
+	}
+	else {
+		if (is_ntfs_stream_name(fname)) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		ret = SMB_VFS_NEXT_STAT(handle, fname, &sbuf);
+	}
+
+	if (ret == -1) {
+		return map_nt_error_from_unix(errno);
+	}
+
+	state.streams = NULL;
+	state.num_streams = 0;
+
+	if (!S_ISDIR(sbuf.st_mode)) {
+		if (!add_one_stream(mem_ctx,
+				    &state.num_streams, &state.streams,
+				    "::$DATA", sbuf.st_size,
+				    get_allocation_size(handle->conn, fsp,
+							&sbuf))) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	state.mem_ctx = mem_ctx;
+	state.handle = handle;
+	state.status = NT_STATUS_OK;
+
+	status = walk_streams(handle, fname, &sbuf, NULL, collect_one_stream,
+			      &state);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(state.streams);
+		return status;
+	}
+
+	if (!NT_STATUS_IS_OK(state.status)) {
+		TALLOC_FREE(state.streams);
+		return state.status;
+	}
+
+	*pnum_streams = state.num_streams;
+	*pstreams = state.streams;
+	return NT_STATUS_OK;
+}
+
+static uint32_t streams_depot_fs_capabilities(struct vfs_handle_struct *handle)
+{
+	return SMB_VFS_NEXT_FS_CAPABILITIES(handle) | FILE_NAMED_STREAMS;
+}
+
+/* VFS operations structure */
+
+static vfs_op_tuple streams_depot_ops[] = {
+	{SMB_VFS_OP(streams_depot_fs_capabilities), SMB_VFS_OP_FS_CAPABILITIES,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(streams_depot_open), SMB_VFS_OP_OPEN,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(streams_depot_stat), SMB_VFS_OP_STAT,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(streams_depot_lstat), SMB_VFS_OP_LSTAT,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(streams_depot_unlink), SMB_VFS_OP_UNLINK,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(streams_depot_streaminfo), SMB_VFS_OP_STREAMINFO,
+	 SMB_VFS_LAYER_OPAQUE},
+	{SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
+};
+
+NTSTATUS vfs_streams_depot_init(void);
+NTSTATUS vfs_streams_depot_init(void)
+{
+	return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "streams_depot",
+				streams_depot_ops);
+}
diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
new file mode 100644
index 0000000000..766e7d10ab
--- /dev/null
+++ b/source3/modules/vfs_streams_xattr.c
@@ -0,0 +1,685 @@
+/*
+ * Store streams in xattrs
+ *
+ * Copyright (C) Volker Lendecke, 2008
+ *
+ * Partly based on James Peach's Darwin module, which is
+ *
+ * Copyright (C) James Peach 2006-2007
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_VFS
+
+struct stream_io {
+	char *base;
+	char *xattr_name;
+};
+
+static SMB_INO_T stream_inode(const SMB_STRUCT_STAT *sbuf, const char *sname)
+{
+	struct MD5Context ctx;
+        unsigned char hash[16];
+	SMB_INO_T result;
+	char *upper_sname;
+
+	DEBUG(10, ("stream_inode called for %lu/%lu [%s]\n",
+		   (unsigned long)sbuf->st_dev,
+		   (unsigned long)sbuf->st_ino, sname));
+
+	upper_sname = talloc_strdup_upper(talloc_tos(), sname);
+	SMB_ASSERT(upper_sname != NULL);
+
+        MD5Init(&ctx);
+        MD5Update(&ctx, (unsigned char *)&(sbuf->st_dev),
+		  sizeof(sbuf->st_dev));
+        MD5Update(&ctx, (unsigned char *)&(sbuf->st_ino),
+		  sizeof(sbuf->st_ino));
+        MD5Update(&ctx, (unsigned char *)upper_sname,
+		  talloc_get_size(upper_sname)-1);
+        MD5Final(hash, &ctx);
+
+	TALLOC_FREE(upper_sname);
+
+        /* Hopefully all the variation is in the lower 4 (or 8) bytes! */
+	memcpy(&result, hash, sizeof(result));
+
+	DEBUG(10, ("stream_inode returns %lu\n", (unsigned long)result));
+
+	return result;
+}
+
+static ssize_t get_xattr_size(connection_struct *conn, const char *fname,
+			      const char *xattr_name)
+{
+	NTSTATUS status;
+	struct ea_struct ea;
+	ssize_t result;
+
+	status = get_ea_value(talloc_tos(), conn, NULL, fname,
+			      xattr_name, &ea);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return -1;
+	}
+
+	result = ea.value.length-1;
+	TALLOC_FREE(ea.value.data);
+	return result;
+}
+
+
+static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp,
+			       SMB_STRUCT_STAT *sbuf)
+{
+	struct stream_io *io = (struct stream_io *)
+		VFS_FETCH_FSP_EXTENSION(handle, fsp);
+
+	DEBUG(10, ("streams_xattr_fstat called for %d\n", fsp->fh->fd));
+
+	if (io == NULL) {
+		return SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
+	}
+
+	if (SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf) == -1) {
+		return -1;
+	}
+
+	sbuf->st_size = get_xattr_size(handle->conn, io->base, io->xattr_name);
+	if (sbuf->st_size == -1) {
+		return -1;
+	}
+
+	DEBUG(10, ("sbuf->st_size = %d\n", (int)sbuf->st_size));
+
+	sbuf->st_ino = stream_inode(sbuf, io->xattr_name);
+	sbuf->st_mode &= ~S_IFMT;
+        sbuf->st_mode |= S_IFREG;
+        sbuf->st_blocks = sbuf->st_size % STAT_ST_BLOCKSIZE + 1;
+
+	return 0;
+}
+
+static int streams_xattr_stat(vfs_handle_struct *handle, const char *fname,
+			      SMB_STRUCT_STAT *sbuf)
+{
+	NTSTATUS status;
+	char *base = NULL, *sname = NULL;
+	int result = -1;
+	char *xattr_name;
+
+	if (!is_ntfs_stream_name(fname)) {
+		return SMB_VFS_NEXT_STAT(handle, fname, sbuf);
+	}
+
+	status = split_ntfs_stream_name(talloc_tos(), fname, &base, &sname);
+	if (!NT_STATUS_IS_OK(status)) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (SMB_VFS_STAT(handle->conn, base, sbuf) == -1) {
+		goto fail;
+	}
+
+	xattr_name = talloc_asprintf(talloc_tos(), "%s%s",
+				     SAMBA_XATTR_DOSSTREAM_PREFIX, sname);
+	if (xattr_name == NULL) {
+		errno = ENOMEM;
+		goto fail;
+	}
+
+	sbuf->st_size = get_xattr_size(handle->conn, base, xattr_name);
+	if (sbuf->st_size == -1) {
+		errno = ENOENT;
+		goto fail;
+	}
+
+	sbuf->st_ino = stream_inode(sbuf, xattr_name);
+	sbuf->st_mode &= ~S_IFMT;
+        sbuf->st_mode |= S_IFREG;
+        sbuf->st_blocks = sbuf->st_size % STAT_ST_BLOCKSIZE + 1;
+
+	result = 0;
+ fail:
+	TALLOC_FREE(base);
+	TALLOC_FREE(sname);
+	return result;
+}
+
+static int streams_xattr_lstat(vfs_handle_struct *handle, const char *fname,
+			       SMB_STRUCT_STAT *sbuf)
+{
+	NTSTATUS status;
+	char *base, *sname;
+	int result = -1;
+	char *xattr_name;
+
+	if (!is_ntfs_stream_name(fname)) {
+		return SMB_VFS_NEXT_LSTAT(handle, fname, sbuf);
+	}
+
+	status = split_ntfs_stream_name(talloc_tos(), fname, &base, &sname);
+	if (!NT_STATUS_IS_OK(status)) {
+		errno = EINVAL;
+		goto fail;
+	}
+
+	if (SMB_VFS_LSTAT(handle->conn, base, sbuf) == -1) {
+		goto fail;
+	}
+
+	xattr_name = talloc_asprintf(talloc_tos(), "%s%s",
+				     SAMBA_XATTR_DOSSTREAM_PREFIX, sname);
+	if (xattr_name == NULL) {
+		errno = ENOMEM;
+		goto fail;
+	}
+
+	sbuf->st_size = get_xattr_size(handle->conn, base, xattr_name);
+	if (sbuf->st_size == -1) {
+		errno = ENOENT;
+		goto fail;
+	}
+
+	sbuf->st_ino = stream_inode(sbuf, xattr_name);
+	sbuf->st_mode &= ~S_IFMT;
+        sbuf->st_mode |= S_IFREG;
+        sbuf->st_blocks = sbuf->st_size % STAT_ST_BLOCKSIZE + 1;
+
+	result = 0;
+ fail:
+	TALLOC_FREE(base);
+	TALLOC_FREE(sname);
+	return result;
+}
+
+static int streams_xattr_open(vfs_handle_struct *handle,  const char *fname,
+			      files_struct *fsp, int flags, mode_t mode)
+{
+	TALLOC_CTX *frame;
+	NTSTATUS status;
+	struct stream_io *sio;
+	char *base, *sname;
+	struct ea_struct ea;
+	char *xattr_name;
+	int baseflags;
+	int hostfd = -1;
+
+	DEBUG(10, ("streams_xattr_open called for %s\n", fname));
+
+	if (!is_ntfs_stream_name(fname)) {
+		return SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode);
+	}
+
+	frame = talloc_stackframe();
+
+	status = split_ntfs_stream_name(talloc_tos(), fname,
+					&base, &sname);
+	if (!NT_STATUS_IS_OK(status)) {
+		errno = EINVAL;
+		goto fail;
+	}
+
+	xattr_name = talloc_asprintf(talloc_tos(), "%s%s",
+				     SAMBA_XATTR_DOSSTREAM_PREFIX, sname);
+	if (xattr_name == NULL) {
+		errno = ENOMEM;
+		goto fail;
+	}
+
+	/*
+	 * We use baseflags to turn off nasty side-effects when opening the
+	 * underlying file.
+         */
+        baseflags = flags;
+        baseflags &= ~O_TRUNC;
+        baseflags &= ~O_EXCL;
+        baseflags &= ~O_CREAT;
+
+        hostfd = SMB_VFS_OPEN(handle->conn, base, fsp, baseflags, mode);
+
+        /* It is legit to open a stream on a directory, but the base
+         * fd has to be read-only.
+         */
+        if ((hostfd == -1) && (errno == EISDIR)) {
+                baseflags &= ~O_ACCMODE;
+                baseflags |= O_RDONLY;
+                hostfd = SMB_VFS_OPEN(handle->conn, fname, fsp, baseflags,
+				      mode);
+        }
+
+        if (hostfd == -1) {
+		goto fail;
+        }
+
+	status = get_ea_value(talloc_tos(), handle->conn, NULL, base,
+			      xattr_name, &ea);
+
+	DEBUG(10, ("get_ea_value returned %s\n", nt_errstr(status)));
+
+	if (!NT_STATUS_IS_OK(status)
+	    && !NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+		/*
+		 * The base file is not there. This is an error even if we got
+		 * O_CREAT, the higher levels should have created the base
+		 * file for us.
+		 */
+		DEBUG(10, ("streams_xattr_open: base file %s not around, "
+			   "returning ENOENT\n", base));
+		errno = ENOENT;
+		goto fail;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		/*
+		 * The attribute does not exist
+		 */
+
+                if (flags & O_CREAT) {
+			/*
+			 * Darn, xattrs need at least 1 byte
+			 */
+                        char null = '\0';
+
+			DEBUG(10, ("creating attribute %s on file %s\n",
+				   xattr_name, base));
+
+                        if (SMB_VFS_SETXATTR(
+				handle->conn, base, xattr_name,
+				&null, sizeof(null),
+				flags & O_EXCL ? XATTR_CREATE : 0) == -1) {
+				goto fail;
+			}
+		}
+	}
+
+	if (flags & O_TRUNC) {
+		char null = '\0';
+		if (SMB_VFS_SETXATTR(
+			    handle->conn, base, xattr_name,
+			    &null, sizeof(null),
+			    flags & O_EXCL ? XATTR_CREATE : 0) == -1) {
+			goto fail;
+		}
+	}
+
+        sio = (struct stream_io *)VFS_ADD_FSP_EXTENSION(handle, fsp,
+							struct stream_io);
+        if (sio == NULL) {
+                errno = ENOMEM;
+                goto fail;
+        }
+
+        sio->xattr_name = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp),
+					xattr_name);
+        sio->base = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp),
+				  base);
+
+	if ((sio->xattr_name == NULL) || (sio->base == NULL)) {
+		errno = ENOMEM;
+		goto fail;
+	}
+
+	TALLOC_FREE(frame);
+	return hostfd;
+
+ fail:
+	if (hostfd >= 0) {
+		/*
+		 * BUGBUGBUG -- we would need to call fd_close_posix here, but
+		 * we don't have a full fsp yet
+		 */
+		SMB_VFS_CLOSE(fsp, hostfd);
+	}
+
+	TALLOC_FREE(frame);
+	return -1;
+}
+
+static int streams_xattr_unlink(vfs_handle_struct *handle,  const char *fname)
+{
+	NTSTATUS status;
+	char *base = NULL;
+	char *sname = NULL;
+	int ret = -1;
+	char *xattr_name;
+
+	if (!is_ntfs_stream_name(fname)) {
+		return SMB_VFS_NEXT_UNLINK(handle, fname);
+	}
+
+	status = split_ntfs_stream_name(talloc_tos(), fname, &base, &sname);
+	if (!NT_STATUS_IS_OK(status)) {
+		errno = EINVAL;
+		goto fail;
+	}
+
+	xattr_name = talloc_asprintf(talloc_tos(), "%s%s",
+				     SAMBA_XATTR_DOSSTREAM_PREFIX, sname);
+	if (xattr_name == NULL) {
+		errno = ENOMEM;
+		goto fail;
+	}
+
+	ret = SMB_VFS_REMOVEXATTR(handle->conn, base, xattr_name);
+
+	if ((ret == -1) && (errno == ENOATTR)) {
+		errno = ENOENT;
+		goto fail;
+	}
+
+	ret = 0;
+
+ fail:
+	TALLOC_FREE(base);
+	TALLOC_FREE(sname);
+	return ret;
+}
+
+static NTSTATUS walk_xattr_streams(connection_struct *conn, files_struct *fsp,
+				   const char *fname,
+				   bool (*fn)(struct ea_struct *ea,
+					      void *private_data),
+				   void *private_data)
+{
+	NTSTATUS status;
+	char **names;
+	size_t i, num_names;
+	size_t prefix_len = strlen(SAMBA_XATTR_DOSSTREAM_PREFIX);
+
+	status = get_ea_names_from_file(talloc_tos(), conn, fsp, fname,
+					&names, &num_names);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	for (i=0; i<num_names; i++) {
+		struct ea_struct ea;
+
+		if (strncmp(names[i], SAMBA_XATTR_DOSSTREAM_PREFIX,
+			    prefix_len) != 0) {
+			continue;
+		}
+
+		status = get_ea_value(names, conn, fsp, fname, names[i], &ea);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(10, ("Could not get ea %s for file %s: %s\n",
+				   names[i], fname, nt_errstr(status)));
+			continue;
+		}
+
+		ea.name = talloc_asprintf(ea.value.data, ":%s",
+					  names[i] + prefix_len);
+		if (ea.name == NULL) {
+			DEBUG(0, ("talloc failed\n"));
+			continue;
+		}
+
+		if (!fn(&ea, private_data)) {
+			TALLOC_FREE(ea.value.data);
+			return NT_STATUS_OK;
+		}
+
+		TALLOC_FREE(ea.value.data);
+	}
+
+	TALLOC_FREE(names);
+	return NT_STATUS_OK;
+}
+
+static bool add_one_stream(TALLOC_CTX *mem_ctx, unsigned int *num_streams,
+			   struct stream_struct **streams,
+			   const char *name, SMB_OFF_T size,
+			   SMB_OFF_T alloc_size)
+{
+	struct stream_struct *tmp;
+
+	tmp = TALLOC_REALLOC_ARRAY(mem_ctx, *streams, struct stream_struct,
+				   (*num_streams)+1);
+	if (tmp == NULL) {
+		return false;
+	}
+
+	tmp[*num_streams].name = talloc_strdup(tmp, name);
+	if (tmp[*num_streams].name == NULL) {
+		return false;
+	}
+
+	tmp[*num_streams].size = size;
+	tmp[*num_streams].alloc_size = alloc_size;
+
+	*streams = tmp;
+	*num_streams += 1;
+	return true;
+}
+
+struct streaminfo_state {
+	TALLOC_CTX *mem_ctx;
+	vfs_handle_struct *handle;
+	unsigned int num_streams;
+	struct stream_struct *streams;
+	NTSTATUS status;
+};
+
+static bool collect_one_stream(struct ea_struct *ea, void *private_data)
+{
+	struct streaminfo_state *state =
+		(struct streaminfo_state *)private_data;
+
+	if (!add_one_stream(state->mem_ctx,
+			    &state->num_streams, &state->streams,
+			    ea->name, ea->value.length-1,
+			    smb_roundup(state->handle->conn,
+					ea->value.length-1))) {
+		state->status = NT_STATUS_NO_MEMORY;
+		return false;
+	}
+
+	return true;
+}
+
+static NTSTATUS streams_xattr_streaminfo(vfs_handle_struct *handle,
+					 struct files_struct *fsp,
+					 const char *fname,
+					 TALLOC_CTX *mem_ctx,
+					 unsigned int *pnum_streams,
+					 struct stream_struct **pstreams)
+{
+	SMB_STRUCT_STAT sbuf;
+	int ret;
+	NTSTATUS status;
+	struct streaminfo_state state;
+
+	if ((fsp != NULL) && (fsp->fh->fd != -1)) {
+		if (is_ntfs_stream_name(fsp->fsp_name)) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		ret = SMB_VFS_FSTAT(fsp, &sbuf);
+	}
+	else {
+		if (is_ntfs_stream_name(fname)) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+		ret = SMB_VFS_STAT(handle->conn, fname, &sbuf);
+	}
+
+	if (ret == -1) {
+		return map_nt_error_from_unix(errno);
+	}
+
+	state.streams = NULL;
+	state.num_streams = 0;
+
+	if (!S_ISDIR(sbuf.st_mode)) {
+		if (!add_one_stream(mem_ctx,
+				    &state.num_streams, &state.streams,
+				    "::$DATA", sbuf.st_size,
+				    get_allocation_size(handle->conn, fsp,
+							&sbuf))) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+	state.mem_ctx = mem_ctx;
+	state.handle = handle;
+	state.status = NT_STATUS_OK;
+
+	status = walk_xattr_streams(handle->conn, fsp, fname,
+				    collect_one_stream, &state);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(state.streams);
+		return status;
+	}
+
+	if (!NT_STATUS_IS_OK(state.status)) {
+		TALLOC_FREE(state.streams);
+		return state.status;
+	}
+
+	*pnum_streams = state.num_streams;
+	*pstreams = state.streams;
+	return NT_STATUS_OK;
+}
+
+static uint32_t streams_xattr_fs_capabilities(struct vfs_handle_struct *handle)
+{
+	return SMB_VFS_NEXT_FS_CAPABILITIES(handle) | FILE_NAMED_STREAMS;
+}
+
+static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle,
+				    files_struct *fsp, const void *data,
+				    size_t n, SMB_OFF_T offset)
+{
+        struct stream_io *sio =
+		(struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
+	struct ea_struct ea;
+	NTSTATUS status;
+	int ret;
+
+	DEBUG(10, ("streams_xattr_pwrite called for %d bytes\n", (int)n));
+
+	if (sio == NULL) {
+		return SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
+	}
+
+	status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp,
+			      sio->base, sio->xattr_name, &ea);
+	if (!NT_STATUS_IS_OK(status)) {
+		return -1;
+	}
+
+        if ((offset + n) > ea.value.length-1) {
+		uint8 *tmp;
+
+		tmp = TALLOC_REALLOC_ARRAY(talloc_tos(), ea.value.data, uint8,
+					   offset + n + 1);
+
+		if (tmp == NULL) {
+			TALLOC_FREE(ea.value.data);
+                        errno = ENOMEM;
+                        return -1;
+                }
+		ea.value.data = tmp;
+		ea.value.length = offset + n + 1;
+		ea.value.data[offset+n] = 0;
+        }
+
+        memcpy(ea.value.data + offset, data, n);
+
+	ret = SMB_VFS_SETXATTR(fsp->conn, fsp->base_fsp->fsp_name,
+				sio->xattr_name,
+				ea.value.data, ea.value.length, 0);
+
+	TALLOC_FREE(ea.value.data);
+
+	if (ret == -1) {
+		return -1;
+	}
+
+	return n;
+}
+
+static ssize_t streams_xattr_pread(vfs_handle_struct *handle,
+				   files_struct *fsp, void *data,
+				   size_t n, SMB_OFF_T offset)
+{
+        struct stream_io *sio =
+		(struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
+	struct ea_struct ea;
+	NTSTATUS status;
+        size_t length, overlap;
+
+	if (sio == NULL) {
+		return SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
+	}
+
+	status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp,
+			      sio->base, sio->xattr_name, &ea);
+	if (!NT_STATUS_IS_OK(status)) {
+		return -1;
+	}
+
+	length = ea.value.length-1;
+
+        /* Attempt to read past EOF. */
+        if (length <= offset) {
+                errno = EINVAL;
+                return -1;
+        }
+
+        overlap = (offset + n) > length ? (length - offset) : n;
+        memcpy(data, ea.value.data + offset, overlap);
+
+	TALLOC_FREE(ea.value.data);
+        return overlap;
+}
+
+/* VFS operations structure */
+
+static vfs_op_tuple streams_xattr_ops[] = {
+	{SMB_VFS_OP(streams_xattr_fs_capabilities), SMB_VFS_OP_FS_CAPABILITIES,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(streams_xattr_open), SMB_VFS_OP_OPEN,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(streams_xattr_stat), SMB_VFS_OP_STAT,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(streams_xattr_fstat), SMB_VFS_OP_FSTAT,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(streams_xattr_lstat), SMB_VFS_OP_LSTAT,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(streams_xattr_pread), SMB_VFS_OP_PREAD,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(streams_xattr_pwrite), SMB_VFS_OP_PWRITE,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(streams_xattr_lstat), SMB_VFS_OP_LSTAT,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(streams_xattr_unlink), SMB_VFS_OP_UNLINK,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(streams_xattr_streaminfo), SMB_VFS_OP_STREAMINFO,
+	 SMB_VFS_LAYER_OPAQUE},
+	{SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
+};
+
+NTSTATUS vfs_streams_xattr_init(void);
+NTSTATUS vfs_streams_xattr_init(void)
+{
+	return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "streams_xattr",
+				streams_xattr_ops);
+}
diff --git a/source3/modules/vfs_tsmsm.c b/source3/modules/vfs_tsmsm.c
new file mode 100644
index 0000000000..791e8cfcd0
--- /dev/null
+++ b/source3/modules/vfs_tsmsm.c
@@ -0,0 +1,365 @@
+/*
+  Unix SMB/CIFS implementation.
+  Samba VFS module for handling offline files
+  with Tivoli Storage Manager Space Management
+
+  (c) Alexander Bokovoy, 2007, 2008
+  (c) Andrew Tridgell, 2007, 2008
+  
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+/*
+  This VFS module accepts following options:
+  tsmsm: hsm script = <path to hsm script> (default does nothing)
+         hsm script should point to a shell script which accepts two arguments:
+	 <operation> <filepath>
+	 where <operation> is currently 'offline' to set offline status of the <filepath>
+
+  tsmsm: online ratio = ratio to check reported size against actual file size (0.5 by default)
+  tsmsm: attribute name = name of DMAPI attribute that is present when a file is offline. 
+  Default is "IBMobj" (which is what GPFS uses)
+
+  The TSMSM VFS module tries to avoid calling expensive DMAPI calls with some heuristics
+  based on the fact that number of blocks reported of a file multiplied by 512 will be
+  bigger than 'online ratio' of actual size for online (non-migrated) files.
+
+  If checks fail, we call DMAPI and ask for specific attribute which present for
+  offline (migrated) files. If this attribute presents, we consider file offline.
+ */
+
+#include "includes.h"
+
+#ifndef USE_DMAPI
+#error "This module requires DMAPI support!"
+#endif
+
+#ifdef HAVE_XFS_DMAPI_H
+#include <xfs/dmapi.h>
+#elif defined(HAVE_SYS_DMI_H)
+#include <sys/dmi.h>
+#elif defined(HAVE_SYS_JFSDMAPI_H)
+#include <sys/jfsdmapi.h>
+#elif defined(HAVE_SYS_DMAPI_H)
+#include <sys/dmapi.h>
+#elif defined(HAVE_DMAPI_H)
+#include <dmapi.h>
+#endif
+
+#ifndef _ISOC99_SOURCE
+#define _ISOC99_SOURCE 
+#endif
+
+#include <math.h> 
+
+/* optimisation tunables - used to avoid the DMAPI slow path */
+#define FILE_IS_ONLINE_RATIO      0.5
+
+/* default attribute name to look for */
+#define DM_ATTRIB_OBJECT "IBMObj"
+
+struct tsmsm_struct {
+	float online_ratio;
+	char *hsmscript;
+	const char *attrib_name;
+};
+
+static void tsmsm_free_data(void **pptr) {
+	struct tsmsm_struct **tsmd = (struct tsmsm_struct **)pptr;
+	if(!tsmd) return;
+	TALLOC_FREE(*tsmd);
+}
+
+/* 
+   called when a client connects to a share
+*/
+static int tsmsm_connect(struct vfs_handle_struct *handle,
+			 const char *service,
+			 const char *user) {
+	struct tsmsm_struct *tsmd = TALLOC_ZERO_P(handle, struct tsmsm_struct);
+	const char *fres;
+	const char *tsmname;
+	
+	if (!tsmd) {
+		DEBUG(0,("tsmsm_connect: out of memory!\n"));
+		return -1;
+	}
+
+	if (!dmapi_have_session()) {
+		DEBUG(0,("tsmsm_connect: no DMAPI session for Samba is available!\n"));
+		TALLOC_FREE(tsmd);
+		return -1;
+	}
+
+	tsmname = (handle->param ? handle->param : "tsmsm");
+	
+	/* Get 'hsm script' and 'dmapi attribute' parameters to tsmd context */
+	tsmd->hsmscript = lp_parm_talloc_string(SNUM(handle->conn), tsmname,
+						"hsm script", NULL);
+	talloc_steal(tsmd, tsmd->hsmscript);
+	
+	tsmd->attrib_name = lp_parm_talloc_string(SNUM(handle->conn), tsmname, 
+						  "dmapi attribute", DM_ATTRIB_OBJECT);
+	talloc_steal(tsmd, tsmd->attrib_name);
+
+	/* retrieve 'online ratio'. In case of error default to FILE_IS_ONLINE_RATIO */
+	fres = lp_parm_const_string(SNUM(handle->conn), tsmname, 
+				    "online ratio", NULL);
+	if (fres == NULL) {
+		tsmd->online_ratio = FILE_IS_ONLINE_RATIO;
+	} else {
+		tsmd->online_ratio = strtof(fres, NULL);
+		if (tsmd->online_ratio > 1.0 ||
+		    tsmd->online_ratio <= 0.0) {
+			DEBUG(1, ("tsmsm_connect: invalid online ration %f - using %f.\n",
+				  tsmd->online_ratio, (float)FILE_IS_ONLINE_RATIO));
+		}
+	}
+
+        /* Store the private data. */
+        SMB_VFS_HANDLE_SET_DATA(handle, tsmd, tsmsm_free_data,
+                                struct tsmsm_struct, return -1);
+        return SMB_VFS_NEXT_CONNECT(handle, service, user); 
+}
+
+static bool tsmsm_is_offline(struct vfs_handle_struct *handle, 
+			    const char *path,
+			    SMB_STRUCT_STAT *stbuf) {
+	struct tsmsm_struct *tsmd = (struct tsmsm_struct *) handle->data;
+	const dm_sessid_t *dmsession_id;
+	void *dmhandle = NULL;
+	size_t dmhandle_len = 0;
+	size_t rlen;
+	dm_attrname_t dmname;
+	int ret, lerrno;
+	bool offline;
+	char buf[1];
+
+        /* if the file has more than FILE_IS_ONLINE_RATIO of blocks available,
+	   then assume it is not offline (it may not be 100%, as it could be sparse) */
+	if (512 * (off_t)stbuf->st_blocks >= stbuf->st_size * tsmd->online_ratio) {
+		DEBUG(10,("%s not offline: st_blocks=%ld st_size=%ld online_ratio=%.2f\n", 
+			  path, stbuf->st_blocks, stbuf->st_size, tsmd->online_ratio));
+		return false;
+	}
+
+	dmsession_id = dmapi_get_current_session();
+	if (dmsession_id == NULL) {
+		DEBUG(2, ("tsmsm_is_offline: no DMAPI session available? "
+			  "Assume file is online.\n"));
+		return false;
+	}
+
+        /* using POSIX capabilities does not work here. It's a slow path, so 
+	 * become_root() is just as good anyway (tridge) 
+	 */
+
+	/* Also, AIX has DMAPI but no POSIX capablities support. In this case,
+	 * we need to be root to do DMAPI manipulations.
+	 */
+	become_root();
+
+	/* go the slow DMAPI route */
+	if (dm_path_to_handle((char*)path, &dmhandle, &dmhandle_len) != 0) {
+		DEBUG(2,("dm_path_to_handle failed - assuming offline (%s) - %s\n", 
+			 path, strerror(errno)));
+		offline = true;
+		goto done;
+	}
+
+	memset(&dmname, 0, sizeof(dmname));
+	strlcpy((char *)&dmname.an_chars[0], tsmd->attrib_name, sizeof(dmname.an_chars));
+
+	lerrno = 0;
+
+	do {
+		ret = dm_get_dmattr(*dmsession_id, dmhandle, dmhandle_len, 
+				    DM_NO_TOKEN, &dmname, sizeof(buf), buf, &rlen);
+		if (ret == -1 && errno == EINVAL) {
+			DEBUG(0, ("Stale DMAPI session, re-creating it.\n"));
+			lerrno = EINVAL;
+			if (dmapi_new_session()) {
+				dmsession_id = dmapi_get_current_session();
+			} else {
+				DEBUG(0, 
+				      ("Unable to re-create DMAPI session, assuming offline (%s) - %s\n", 
+				       path, strerror(errno)));
+				offline = true;
+				dm_handle_free(dmhandle, dmhandle_len);
+				goto done;
+			}
+		}
+	} while (ret == -1 && lerrno == EINVAL);
+
+	/* its offline if the specified DMAPI attribute exists */
+	offline = (ret == 0 || (ret == -1 && errno == E2BIG));
+
+	DEBUG(10,("dm_get_dmattr %s ret=%d (%s)\n", path, ret, strerror(errno)));
+
+	ret = 0;
+
+	dm_handle_free(dmhandle, dmhandle_len);	
+
+done:
+	unbecome_root();
+	return offline;
+}
+
+
+static bool tsmsm_aio_force(struct vfs_handle_struct *handle, struct files_struct *fsp)
+{
+	SMB_STRUCT_STAT sbuf;
+	struct tsmsm_struct *tsmd = (struct tsmsm_struct *) handle->data;
+	/* see if the file might be offline. This is called before each IO
+	   to ensure we use AIO if the file is offline. We don't do the full dmapi
+	   call as that would be too slow, instead we err on the side of using AIO
+	   if the file might be offline
+	*/
+	if(SMB_VFS_FSTAT(fsp, &sbuf) == 0) {
+		DEBUG(10,("tsmsm_aio_force st_blocks=%ld st_size=%ld online_ratio=%.2f\n", 
+			  sbuf.st_blocks, sbuf.st_size, tsmd->online_ratio));
+		return !(512 * (off_t)sbuf.st_blocks >= sbuf.st_size * tsmd->online_ratio);
+	}
+	return false;
+}
+
+static ssize_t tsmsm_aio_return(struct vfs_handle_struct *handle, struct files_struct *fsp, 
+				SMB_STRUCT_AIOCB *aiocb)
+{
+	ssize_t result;
+
+	result = SMB_VFS_NEXT_AIO_RETURN(handle, fsp, aiocb);
+	if(result >= 0) {
+		notify_fname(handle->conn, NOTIFY_ACTION_MODIFIED,
+			     FILE_NOTIFY_CHANGE_ATTRIBUTES,
+			     fsp->fsp_name);
+	}
+
+	return result;
+}
+
+static ssize_t tsmsm_sendfile(vfs_handle_struct *handle, int tofd, files_struct *fsp, const DATA_BLOB *hdr,
+			      SMB_OFF_T offset, size_t n)
+{
+	bool file_online = tsmsm_aio_force(handle, fsp);
+
+	if(!file_online) 
+	    return ENOSYS;
+	    
+	return SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, hdr, offset, n);
+}
+
+/* We do overload pread to allow notification when file becomes online after offline status */
+/* We don't intercept SMB_VFS_READ here because all file I/O now goes through SMB_VFS_PREAD instead */
+static ssize_t tsmsm_pread(struct vfs_handle_struct *handle, struct files_struct *fsp, 
+			   void *data, size_t n, SMB_OFF_T offset) {
+	ssize_t result;
+	bool notify_online = tsmsm_aio_force(handle, fsp);
+
+	result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
+	if((result != -1) && notify_online) {
+	    /* We can't actually force AIO at this point (came here not from reply_read_and_X) 
+	       what we can do is to send notification that file became online
+	    */
+		notify_fname(handle->conn, NOTIFY_ACTION_MODIFIED,
+			     FILE_NOTIFY_CHANGE_ATTRIBUTES,
+			     fsp->fsp_name);
+	}
+
+	return result;
+}
+
+static ssize_t tsmsm_pwrite(struct vfs_handle_struct *handle, struct files_struct *fsp, 
+			   void *data, size_t n, SMB_OFF_T offset) {
+	ssize_t result;
+	bool notify_online = tsmsm_aio_force(handle, fsp);
+
+	result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
+	if((result != -1) && notify_online) {
+	    /* We can't actually force AIO at this point (came here not from reply_read_and_X) 
+	       what we can do is to send notification that file became online
+	    */
+		notify_fname(handle->conn, NOTIFY_ACTION_MODIFIED,
+			     FILE_NOTIFY_CHANGE_ATTRIBUTES,
+			     fsp->fsp_name);
+	}
+
+	return result;
+}
+
+static int tsmsm_set_offline(struct vfs_handle_struct *handle, 
+			     const char *path) {
+	struct tsmsm_struct *tsmd = (struct tsmsm_struct *) handle->data;
+	int result = 0;
+	char *command;
+
+	if (tsmd->hsmscript == NULL) {
+		/* no script enabled */
+		DEBUG(1, ("tsmsm_set_offline: No tsmsm:hsmscript configured\n"));
+		return 0;
+	}
+
+	/* Now, call the script */
+	command = talloc_asprintf(tsmd, "%s offline \"%s\"", tsmd->hsmscript, path);
+	if(!command) {
+		DEBUG(1, ("tsmsm_set_offline: can't allocate memory to run hsm script"));
+		return -1;
+	}
+	DEBUG(10, ("tsmsm_set_offline: Running [%s]\n", command));
+	if((result = smbrun(command, NULL)) != 0) {
+		DEBUG(1,("tsmsm_set_offline: Running [%s] returned %d\n", command, result));
+	}
+	TALLOC_FREE(command);
+	return result;
+}
+
+static uint32_t tsmsm_fs_capabilities(struct vfs_handle_struct *handle)
+{
+	return SMB_VFS_NEXT_FS_CAPABILITIES(handle) | FILE_SUPPORTS_REMOTE_STORAGE | FILE_SUPPORTS_REPARSE_POINTS;
+}
+
+static vfs_op_tuple vfs_tsmsm_ops[] = {
+
+	/* Disk operations */
+
+	{SMB_VFS_OP(tsmsm_connect),	SMB_VFS_OP_CONNECT,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(tsmsm_fs_capabilities),	SMB_VFS_OP_FS_CAPABILITIES,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(tsmsm_aio_force),	SMB_VFS_OP_AIO_FORCE,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(tsmsm_aio_return),	SMB_VFS_OP_AIO_RETURN,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(tsmsm_pread),	SMB_VFS_OP_PREAD,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(tsmsm_pwrite),	SMB_VFS_OP_PWRITE,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(tsmsm_sendfile),	SMB_VFS_OP_SENDFILE,
+	 SMB_VFS_LAYER_TRANSPARENT},
+	{SMB_VFS_OP(tsmsm_is_offline),	SMB_VFS_OP_IS_OFFLINE,
+	 SMB_VFS_LAYER_OPAQUE},
+	{SMB_VFS_OP(tsmsm_set_offline),	SMB_VFS_OP_SET_OFFLINE,
+	 SMB_VFS_LAYER_OPAQUE},
+
+	/* Finish VFS operations definition */
+
+	{SMB_VFS_OP(NULL),		SMB_VFS_OP_NOOP,
+	 SMB_VFS_LAYER_NOOP}
+};
+
+NTSTATUS vfs_tsmsm_init(void);
+NTSTATUS vfs_tsmsm_init(void)
+{
+	return smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
+				"tsmsm", vfs_tsmsm_ops);
+}
diff --git a/source3/modules/vfs_xattr_tdb.c b/source3/modules/vfs_xattr_tdb.c
index 3a72831b5b..7b5e510747 100644
--- a/source3/modules/vfs_xattr_tdb.c
+++ b/source3/modules/vfs_xattr_tdb.c
@@ -110,7 +110,7 @@ static NTSTATUS xattr_tdb_load_attrs(TALLOC_CTX *mem_ctx,
 
 	status = xattr_tdb_pull_attrs(mem_ctx, &data, presult);
 	TALLOC_FREE(data.dptr);
-	return NT_STATUS_OK;
+	return status;
 }
 
 /*
@@ -134,7 +134,7 @@ static struct db_record *xattr_tdb_lock_attrs(TALLOC_CTX *mem_ctx,
 static NTSTATUS xattr_tdb_save_attrs(struct db_record *rec,
 				     const struct tdb_xattrs *attribs)
 {
-	TDB_DATA data;
+	TDB_DATA data = tdb_null;
 	NTSTATUS status;
 
 	status = xattr_tdb_push_attrs(talloc_tos(), attribs, &data);
@@ -165,6 +165,9 @@ static ssize_t xattr_tdb_getattr(struct db_context *db_ctx,
 	ssize_t result = -1;
 	NTSTATUS status;
 
+	DEBUG(10, ("xattr_tdb_getattr called for file %s, name %s\n",
+		   file_id_string_tos(id), name));
+
 	status = xattr_tdb_load_attrs(talloc_tos(), db_ctx, id, &attribs);
 
 	if (!NT_STATUS_IS_OK(status)) {
@@ -250,6 +253,9 @@ static int xattr_tdb_setattr(struct db_context *db_ctx,
 	struct tdb_xattrs *attribs;
 	uint32_t i;
 
+	DEBUG(10, ("xattr_tdb_setattr called for file %s, name %s\n",
+		   file_id_string_tos(id), name));
+
 	rec = xattr_tdb_lock_attrs(talloc_tos(), db_ctx, id);
 
 	if (rec == NULL) {
@@ -269,6 +275,11 @@ static int xattr_tdb_setattr(struct db_context *db_ctx,
 
 	for (i=0; i<attribs->num_xattrs; i++) {
 		if (strcmp(attribs->xattrs[i].name, name) == 0) {
+			if (flags & XATTR_CREATE) {
+				TALLOC_FREE(rec);
+				errno = EEXIST;
+				return -1;
+			}
 			break;
 		}
 	}
@@ -276,6 +287,12 @@ static int xattr_tdb_setattr(struct db_context *db_ctx,
 	if (i == attribs->num_xattrs) {
 		struct tdb_xattr *tmp;
 
+		if (flags & XATTR_REPLACE) {
+			TALLOC_FREE(rec);
+			errno = ENOATTR;
+			return -1;
+		}
+
 		tmp = TALLOC_REALLOC_ARRAY(
 			attribs, attribs->xattrs, struct tdb_xattr,
 			attribs->num_xattrs + 1);
@@ -558,10 +575,11 @@ static bool xattr_tdb_init(int snum, struct db_context **p_db)
 	struct db_context *db;
 	const char *dbname;
 
-	dbname = lp_parm_const_string(snum, "ea", "tdb", lock_path("eas.tdb"));
+	dbname = lp_parm_const_string(snum, "xattr_tdb", "file",
+				      lock_path("xattr.tdb"));
 
 	if (dbname == NULL) {
-		errno = ENOTSUP;
+		errno = ENOSYS;
 		return false;
 	}
 
@@ -570,7 +588,11 @@ static bool xattr_tdb_init(int snum, struct db_context **p_db)
 	unbecome_root();
 
 	if (db == NULL) {
+#if defined(ENOTSUP)
 		errno = ENOTSUP;
+#else
+		errno = ENOSYS;
+#endif
 		return false;
 	}
 
@@ -660,7 +682,7 @@ static int xattr_tdb_rmdir(vfs_handle_struct *handle, const char *path)
  * Destructor for the VFS private data
  */
 
-static void close_ea_db(void **data)
+static void close_xattr_db(void **data)
 {
 	struct db_context **p_db = (struct db_context **)data;
 	TALLOC_FREE(*p_db);
@@ -688,14 +710,14 @@ static int xattr_tdb_connect(vfs_handle_struct *handle, const char *service,
 	}
 
 	if (!xattr_tdb_init(snum, &db)) {
-		DEBUG(5, ("Could not init ea tdb\n"));
+		DEBUG(5, ("Could not init xattr tdb\n"));
 		lp_do_parameter(snum, "ea support", "False");
 		return 0;
 	}
 
 	lp_do_parameter(snum, "ea support", "True");
 
-	SMB_VFS_HANDLE_SET_DATA(handle, db, close_ea_db,
+	SMB_VFS_HANDLE_SET_DATA(handle, db, close_xattr_db,
 				struct db_context, return -1);
 
 	return 0;
diff --git a/source3/nmbd/asyncdns.c b/source3/nmbd/asyncdns.c
index 33c1cb6cb1..5e5565991e 100644
--- a/source3/nmbd/asyncdns.c
+++ b/source3/nmbd/asyncdns.c
@@ -87,8 +87,13 @@ static void asyncdns_process(void)
 	DEBUGLEVEL = -1;
 
 	while (1) {
-		if (read_data(fd_in, (char *)&r, sizeof(r), NULL) != sizeof(r)) 
+		NTSTATUS status;
+
+		status = read_data(fd_in, (char *)&r, sizeof(r));
+
+		if (!NT_STATUS_IS_OK(status)) {
 			break;
+		}
 
 		pull_ascii_nstring( qname, sizeof(qname), r.name.name);
 		r.result.s_addr = interpret_addr(qname);
@@ -194,7 +199,7 @@ void run_dns_queue(void)
 	struct query_record r;
 	struct packet_struct *p, *p2;
 	struct name_record *namerec;
-	int size;
+	NTSTATUS status;
 
 	if (fd_in == -1)
 		return;
@@ -208,11 +213,11 @@ void run_dns_queue(void)
 		start_async_dns();
 	}
 
-	if ((size=read_data(fd_in, (char *)&r, sizeof(r), NULL)) != sizeof(r)) {
-		if (size) {
-			DEBUG(0,("Incomplete DNS answer from child!\n"));
-			fd_in = -1;
-		}
+	status = read_data(fd_in, (char *)&r, sizeof(r));
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("read from child failed: %s\n", nt_errstr(status)));
+		fd_in = -1;
                 BlockSignals(True, SIGTERM);
 		return;
 	}
diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
index 344831ddca..378b6f3dbe 100644
--- a/source3/nmbd/nmbd.c
+++ b/source3/nmbd/nmbd.c
@@ -676,11 +676,18 @@ static bool open_sockets(bool isdaemon, int port)
 		ClientNMB = 0;
 	}
 
+	if (ClientNMB == -1) {
+		return false;
+	}
+
 	ClientDGRAM = open_socket_in(SOCK_DGRAM, DGRAM_PORT,
 					   3, &ss,
 					   true);
 
-	if (ClientNMB == -1) {
+	if (ClientDGRAM == -1) {
+		if (ClientNMB != 0) {
+			close(ClientNMB);
+		}
 		return false;
 	}
 
diff --git a/source3/nmbd/nmbd_processlogon.c b/source3/nmbd/nmbd_processlogon.c
index 0ff0afd12d..10833e8089 100644
--- a/source3/nmbd/nmbd_processlogon.c
+++ b/source3/nmbd/nmbd_processlogon.c
@@ -399,6 +399,7 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
 					char *component, *dc, *q1;
 					char *q_orig = q;
 					int str_offset;
+					char *saveptr;
 
 					domain = get_mydnsdomname(talloc_tos());
 					if (!domain) {
@@ -444,7 +445,7 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
 					str_offset = q - q_orig;
 					dc = domain;
 					q1 = q;
-					while ((component = strtok(dc, "."))) {
+					while ((component = strtok_r(dc, ".", &saveptr)) != NULL) {
 						dc = NULL;
 						if (sizeof(outbuf) - PTR_DIFF(q, outbuf) < 1) {
 							return;
diff --git a/source3/nmbd/nmbd_synclists.c b/source3/nmbd/nmbd_synclists.c
index 147df68a69..5a2f5c46b4 100644
--- a/source3/nmbd/nmbd_synclists.c
+++ b/source3/nmbd/nmbd_synclists.c
@@ -81,12 +81,14 @@ static void sync_child(char *name, int nm_type,
 	}
 
 	if (!cli_set_port(cli, 139)) {
+		cli_shutdown(cli);
 		return;
 	}
 
 	in_addr_to_sockaddr_storage(&ss, ip);
 	status = cli_connect(cli, name, &ss);
 	if (!NT_STATUS_IS_OK(status)) {
+		cli_shutdown(cli);
 		return;
 	}
 
diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c
index 7f7c7b8140..1164ab173a 100644
--- a/source3/nsswitch/libwbclient/wbc_pam.c
+++ b/source3/nsswitch/libwbclient/wbc_pam.c
@@ -34,32 +34,389 @@
 wbcErr wbcAuthenticateUser(const char *username,
 			   const char *password)
 {
+	wbcErr wbc_status = WBC_ERR_SUCCESS;
+	struct wbcAuthUserParams params;
+
+	ZERO_STRUCT(params);
+
+	params.account_name		= username;
+	params.level			= WBC_AUTH_USER_LEVEL_PLAIN;
+	params.password.plaintext	= password;
+
+	wbc_status = wbcAuthenticateUserEx(&params, NULL, NULL);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+done:
+	return wbc_status;
+}
+
+static wbcErr wbc_create_auth_info(TALLOC_CTX *mem_ctx,
+				   const struct winbindd_response *resp,
+				   struct wbcAuthUserInfo **_i)
+{
+	wbcErr wbc_status = WBC_ERR_SUCCESS;
+	struct wbcAuthUserInfo *i;
+	struct wbcDomainSid domain_sid;
+	char *p;
+	uint32_t sn = 0;
+	uint32_t j;
+
+	i = talloc(mem_ctx, struct wbcAuthUserInfo);
+	BAIL_ON_PTR_ERROR(i, wbc_status);
+
+	i->user_flags	= resp->data.auth.info3.user_flgs;
+
+	i->account_name	= talloc_strdup(i, resp->data.auth.info3.user_name);
+	BAIL_ON_PTR_ERROR(i->account_name, wbc_status);
+	i->user_principal= NULL;
+	i->full_name	= talloc_strdup(i, resp->data.auth.info3.full_name);
+	BAIL_ON_PTR_ERROR(i->full_name, wbc_status);
+	i->domain_name	= talloc_strdup(i, resp->data.auth.info3.logon_dom);
+	BAIL_ON_PTR_ERROR(i->domain_name, wbc_status);
+	i->dns_domain_name= NULL;
+
+	i->acct_flags	= resp->data.auth.info3.acct_flags;
+	memcpy(i->user_session_key,
+	       resp->data.auth.user_session_key,
+	       sizeof(i->user_session_key));
+	memcpy(i->lm_session_key,
+	       resp->data.auth.first_8_lm_hash,
+	       sizeof(i->lm_session_key));
+
+	i->logon_count		= resp->data.auth.info3.logon_count;
+	i->bad_password_count	= resp->data.auth.info3.bad_pw_count;
+
+	i->logon_time		= resp->data.auth.info3.logon_time;
+	i->logoff_time		= resp->data.auth.info3.logoff_time;
+	i->kickoff_time		= resp->data.auth.info3.kickoff_time;
+	i->pass_last_set_time	= resp->data.auth.info3.pass_last_set_time;
+	i->pass_can_change_time	= resp->data.auth.info3.pass_can_change_time;
+	i->pass_must_change_time= resp->data.auth.info3.pass_must_change_time;
+
+	i->logon_server	= talloc_strdup(i, resp->data.auth.info3.logon_srv);
+	BAIL_ON_PTR_ERROR(i->logon_server, wbc_status);
+	i->logon_script	= talloc_strdup(i, resp->data.auth.info3.logon_script);
+	BAIL_ON_PTR_ERROR(i->logon_script, wbc_status);
+	i->profile_path	= talloc_strdup(i, resp->data.auth.info3.profile_path);
+	BAIL_ON_PTR_ERROR(i->profile_path, wbc_status);
+	i->home_directory= talloc_strdup(i, resp->data.auth.info3.home_dir);
+	BAIL_ON_PTR_ERROR(i->home_directory, wbc_status);
+	i->home_drive	= talloc_strdup(i, resp->data.auth.info3.dir_drive);
+	BAIL_ON_PTR_ERROR(i->home_drive, wbc_status);
+
+	i->num_sids	= 2;
+	i->num_sids 	+= resp->data.auth.info3.num_groups;
+	i->num_sids	+= resp->data.auth.info3.num_other_sids;
+
+	i->sids	= talloc_array(i, struct wbcSidWithAttr, i->num_sids);
+	BAIL_ON_PTR_ERROR(i->sids, wbc_status);
+
+	wbc_status = wbcStringToSid(resp->data.auth.info3.dom_sid,
+				    &domain_sid);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+#define _SID_COMPOSE(s, d, r, a) { \
+	(s).sid = d; \
+	if ((s).sid.num_auths < MAXSUBAUTHS) { \
+		(s).sid.sub_auths[(s).sid.num_auths++] = r; \
+	} else { \
+		wbc_status = WBC_ERR_INVALID_SID; \
+		BAIL_ON_WBC_ERROR(wbc_status); \
+	} \
+	(s).attributes = a; \
+} while (0)
+
+	sn = 0;
+	_SID_COMPOSE(i->sids[sn], domain_sid,
+		     resp->data.auth.info3.user_rid,
+		     0);
+	sn++;
+	_SID_COMPOSE(i->sids[sn], domain_sid,
+		     resp->data.auth.info3.group_rid,
+		     0);
+	sn++;
+
+	p = (char *)resp->extra_data.data;
+	if (!p) {
+		wbc_status = WBC_INVALID_RESPONSE;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	for (j=0; j < resp->data.auth.info3.num_groups; j++) {
+		uint32_t rid;
+		uint32_t attrs;
+		int ret;
+		char *s = p;
+		char *e = strchr(p, '\n');
+		if (!e) {
+			wbc_status = WBC_INVALID_RESPONSE;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+		e[0] = '\0';
+		p = &e[1];
+
+		ret = sscanf(s, "0x%08X:0x%08X", &rid, &attrs);
+		if (ret != 2) {
+			wbc_status = WBC_INVALID_RESPONSE;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+
+		_SID_COMPOSE(i->sids[sn], domain_sid,
+			     rid, attrs);
+		sn++;
+	}
+
+	for (j=0; j < resp->data.auth.info3.num_other_sids; j++) {
+		uint32_t attrs;
+		int ret;
+		char *s = p;
+		char *a;
+		char *e = strchr(p, '\n');
+		if (!e) {
+			wbc_status = WBC_INVALID_RESPONSE;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+		e[0] = '\0';
+		p = &e[1];
+
+		e = strchr(s, ':');
+		if (!e) {
+			wbc_status = WBC_INVALID_RESPONSE;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+		e[0] = '\0';
+		a = &e[1];
+
+		ret = sscanf(a, "0x%08X",
+			     &attrs);
+		if (ret != 1) {
+			wbc_status = WBC_INVALID_RESPONSE;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+
+		wbc_status = wbcStringToSid(s, &i->sids[sn].sid);
+		BAIL_ON_WBC_ERROR(wbc_status);
+
+		i->sids[sn].attributes = attrs;
+		sn++;
+	}
+
+	i->num_sids = sn;
+
+	*_i = i;
+	i = NULL;
+done:
+	talloc_free(i);
+	return wbc_status;
+}
+
+static wbcErr wbc_create_error_info(TALLOC_CTX *mem_ctx,
+				  const struct winbindd_response *resp,
+				  struct wbcAuthErrorInfo **_e)
+{
+	wbcErr wbc_status = WBC_ERR_SUCCESS;
+	struct wbcAuthErrorInfo *e;
+
+	e = talloc(mem_ctx, struct wbcAuthErrorInfo);
+	BAIL_ON_PTR_ERROR(e, wbc_status);
+
+	e->nt_status = resp->data.auth.nt_status;
+	e->pam_error = resp->data.auth.pam_error;
+	e->nt_string = talloc_strdup(e, resp->data.auth.nt_status_string);
+	BAIL_ON_PTR_ERROR(e->nt_string, wbc_status);
+
+	e->display_string = talloc_strdup(e, resp->data.auth.error_string);
+	BAIL_ON_PTR_ERROR(e->display_string, wbc_status);
+
+	*_e = e;
+	e = NULL;
+
+done:
+	talloc_free(e);
+	return wbc_status;
+}
+
+/** @brief Authenticate with more detailed information
+ *
+ * @param params       Input parameters, WBC_AUTH_USER_LEVEL_HASH
+ *                     is not supported yet
+ * @param info         Output details on WBC_ERR_SUCCESS
+ * @param error        Output details on WBC_ERR_AUTH_ERROR
+ *
+ * @return #wbcErr
+ **/
+
+wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
+			     struct wbcAuthUserInfo **info,
+			     struct wbcAuthErrorInfo **error)
+{
 	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	int cmd = 0;
 	struct winbindd_request request;
 	struct winbindd_response response;
 
-	if (!username) {
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	if (error) {
+		*error = NULL;
+	}
+
+	if (!params) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	if (!params->account_name) {
 		wbc_status = WBC_ERR_INVALID_PARAM;
 		BAIL_ON_WBC_ERROR(wbc_status);
 	}
 
 	/* Initialize request */
 
-	ZERO_STRUCT(request);
-	ZERO_STRUCT(response);
+	switch (params->level) {
+	case WBC_AUTH_USER_LEVEL_PLAIN:
+		cmd = WINBINDD_PAM_AUTH;
+		request.flags = WBFLAG_PAM_INFO3_TEXT |
+				WBFLAG_PAM_USER_SESSION_KEY |
+				WBFLAG_PAM_LMKEY;
+
+		if (!params->password.plaintext) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+
+		if (params->domain_name && params->domain_name[0]) {
+			/* We need to get the winbind separator :-( */
+			struct winbindd_response sep_response;
 
-	/* dst is already null terminated from the memset above */
+			ZERO_STRUCT(sep_response);
 
-	strncpy(request.data.auth.user,	username,
-		sizeof(request.data.auth.user)-1);
-	strncpy(request.data.auth.pass,	password,
-		sizeof(request.data.auth.user)-1);
+			wbc_status = wbcRequestResponse(WINBINDD_INFO,
+							NULL, &sep_response);
+			BAIL_ON_WBC_ERROR(wbc_status);
 
-	wbc_status = wbcRequestResponse(WINBINDD_PAM_AUTH,
+			snprintf(request.data.auth.user,
+				 sizeof(request.data.auth.user)-1,
+				 "%s%c%s",
+				 params->domain_name,
+				 sep_response.data.info.winbind_separator,
+				 params->account_name);
+		} else {
+			strncpy(request.data.auth.user,
+				params->account_name,
+				sizeof(request.data.auth.user)-1);
+		}
+		strncpy(request.data.auth.pass,
+			params->password.plaintext,
+			sizeof(request.data.auth.user)-1);
+		break;
+
+	case WBC_AUTH_USER_LEVEL_HASH:
+		wbc_status = WBC_ERR_NOT_IMPLEMENTED;
+		BAIL_ON_WBC_ERROR(wbc_status);
+		break;
+
+	case WBC_AUTH_USER_LEVEL_RESPONSE:
+		cmd = WINBINDD_PAM_AUTH_CRAP;
+		request.flags = WBFLAG_PAM_INFO3_TEXT |
+				WBFLAG_PAM_USER_SESSION_KEY |
+				WBFLAG_PAM_LMKEY;
+
+		if (params->password.response.lm_length &&
+		    params->password.response.lm_data) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+		if (params->password.response.lm_length == 0 &&
+		    params->password.response.lm_data) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+
+		if (params->password.response.nt_length &&
+		    !params->password.response.nt_data) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+		if (params->password.response.nt_length == 0&&
+		    params->password.response.nt_data) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+
+		strncpy(request.data.auth_crap.user,
+			params->account_name,
+			sizeof(request.data.auth_crap.user)-1);
+		if (params->domain_name) {
+			strncpy(request.data.auth_crap.domain,
+				params->domain_name,
+				sizeof(request.data.auth_crap.domain)-1);
+		}
+		if (params->workstation_name) {
+			strncpy(request.data.auth_crap.workstation,
+				params->workstation_name,
+				sizeof(request.data.auth_crap.workstation)-1);
+		}
+
+		request.data.auth_crap.logon_parameters =
+				params->parameter_control;
+
+		memcpy(request.data.auth_crap.chal,
+		       params->password.response.challenge,
+		       sizeof(request.data.auth_crap.chal));
+
+		request.data.auth_crap.lm_resp_len =
+				MIN(params->password.response.lm_length,
+				    sizeof(request.data.auth_crap.lm_resp));
+		request.data.auth_crap.nt_resp_len =
+				MIN(params->password.response.nt_length,
+				    sizeof(request.data.auth_crap.nt_resp));
+		if (params->password.response.lm_data) {
+			memcpy(request.data.auth_crap.lm_resp,
+			       params->password.response.lm_data,
+			       request.data.auth_crap.lm_resp_len);
+		}
+		if (params->password.response.nt_data) {
+			memcpy(request.data.auth_crap.nt_resp,
+			       params->password.response.nt_data,
+			       request.data.auth_crap.nt_resp_len);
+		}
+		break;
+	default:
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	if (cmd == 0) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	wbc_status = wbcRequestResponse(cmd,
 					&request,
 					&response);
+	if (response.data.auth.nt_status != 0) {
+		if (error) {
+			wbc_status = wbc_create_error_info(NULL,
+							   &response,
+							   error);
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+
+		wbc_status = WBC_ERR_AUTH_ERROR;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
 	BAIL_ON_WBC_ERROR(wbc_status);
 
+	if (info) {
+		wbc_status = wbc_create_auth_info(NULL,
+						  &response,
+						  info);
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
 done:
+
 	return wbc_status;
 }
diff --git a/source3/nsswitch/libwbclient/wbc_pwd.c b/source3/nsswitch/libwbclient/wbc_pwd.c
index b24e198bc5..b7febcce0c 100644
--- a/source3/nsswitch/libwbclient/wbc_pwd.c
+++ b/source3/nsswitch/libwbclient/wbc_pwd.c
@@ -209,16 +209,16 @@ wbcErr wbcGetgrnam(const char *name, struct group **grp)
 	struct winbindd_request request;
 	struct winbindd_response response;
 
-	if (!name || !grp) {
-		wbc_status = WBC_ERR_INVALID_PARAM;
-		BAIL_ON_WBC_ERROR(wbc_status);
-	}
-
 	/* Initialize request */
 
 	ZERO_STRUCT(request);
 	ZERO_STRUCT(response);
 
+	if (!name || !grp) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
 	/* dst is already null terminated from the memset above */
 
 	strncpy(request.data.groupname, name, sizeof(request.data.groupname)-1);
@@ -254,16 +254,16 @@ wbcErr wbcGetgrgid(gid_t gid, struct group **grp)
 	struct winbindd_request request;
 	struct winbindd_response response;
 
-	if (!grp) {
-		wbc_status = WBC_ERR_INVALID_PARAM;
-		BAIL_ON_WBC_ERROR(wbc_status);
-	}
-
 	/* Initialize request */
 
 	ZERO_STRUCT(request);
 	ZERO_STRUCT(response);
 
+	if (!grp) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
 	request.data.gid = gid;
 
 	wbc_status = wbcRequestResponse(WINBINDD_GETGRGID,
diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c
index abe1457cc1..0519d8bf9f 100644
--- a/source3/nsswitch/libwbclient/wbc_sid.c
+++ b/source3/nsswitch/libwbclient/wbc_sid.c
@@ -311,16 +311,16 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
 	char *domain_name = NULL;
 	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 
-	if (!dom_sid || (num_rids == 0)) {
-		wbc_status = WBC_ERR_INVALID_PARAM;
-		BAIL_ON_WBC_ERROR(wbc_status);
-	}
-
 	/* Initialise request */
 
 	ZERO_STRUCT(request);
 	ZERO_STRUCT(response);
 
+	if (!dom_sid || (num_rids == 0)) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
 	wbc_status = wbcSidToString(dom_sid, &sid_string);
 	BAIL_ON_WBC_ERROR(wbc_status);
 
@@ -355,6 +355,7 @@ wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
 					&request,
 					&response);
 	talloc_free(ridlist);
+	BAIL_ON_WBC_ERROR(wbc_status);
 
 	domain_name = talloc_strdup(NULL, response.data.domain_name);
 	BAIL_ON_PTR_ERROR(domain_name, wbc_status);
diff --git a/source3/nsswitch/libwbclient/wbclient.c b/source3/nsswitch/libwbclient/wbclient.c
index 321a7db669..e17296283f 100644
--- a/source3/nsswitch/libwbclient/wbclient.c
+++ b/source3/nsswitch/libwbclient/wbclient.c
@@ -59,11 +59,7 @@ wbcErr wbcRequestResponse(int cmd,
 	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 	NSS_STATUS nss_status;
 
-	if (!request || !response) {
-		wbc_status = WBC_ERR_INVALID_PARAM;
-		BAIL_ON_WBC_ERROR(wbc_status);
-	}
-
+	/* for some calls the request and/or response cna be NULL */
 
 	nss_status = winbindd_request_response(cmd, request, response);
 
@@ -72,20 +68,55 @@ wbcErr wbcRequestResponse(int cmd,
 		wbc_status = WBC_ERR_SUCCESS;
 		break;
 	case NSS_STATUS_UNAVAIL:
-		return WBC_ERR_WINBIND_NOT_AVAILABLE;
+		wbc_status = WBC_ERR_WINBIND_NOT_AVAILABLE;
 		break;
 	case NSS_STATUS_NOTFOUND:
-		return WBC_ERR_DOMAIN_NOT_FOUND;
+		wbc_status = WBC_ERR_DOMAIN_NOT_FOUND;
 		break;
 	default:
 		wbc_status = WBC_ERR_NSS_ERROR;
 		break;
 	}
 
-done:
 	return wbc_status;
 }
 
+/** @brief Translate an error value into a string
+ *
+ * @param error
+ *
+ * @return a pointer to a static string
+ **/
+const char *wbcErrorString(wbcErr error)
+{
+	switch (error) {
+	case WBC_ERR_SUCCESS:
+		return "WBC_ERR_SUCCESS";
+	case WBC_ERR_NOT_IMPLEMENTED:
+		return "WBC_ERR_NOT_IMPLEMENTED";
+	case WBC_ERR_UNKNOWN_FAILURE:
+		return "WBC_ERR_UNKNOWN_FAILURE";
+	case WBC_ERR_NO_MEMORY:
+		return "WBC_ERR_NO_MEMORY";
+	case WBC_ERR_INVALID_SID:
+		return "WBC_ERR_INVALID_SID";
+	case WBC_ERR_INVALID_PARAM:
+		return "WBC_ERR_INVALID_PARAM";
+	case WBC_ERR_WINBIND_NOT_AVAILABLE:
+		return "WBC_ERR_WINBIND_NOT_AVAILABLE";
+	case WBC_ERR_DOMAIN_NOT_FOUND:
+		return "WBC_ERR_DOMAIN_NOT_FOUND";
+	case WBC_INVALID_RESPONSE:
+		return "WBC_INVALID_RESPONSE";
+	case WBC_ERR_NSS_ERROR:
+		return "WBC_ERR_NSS_ERROR";
+	case WBC_ERR_AUTH_ERROR:
+		return "WBC_ERR_AUTH_ERROR";
+	}
+
+	return "unknown wbcErr value";
+};
+
 /** @brief Free library allocated memory
  *
  * @param *p Pointer to free
diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h
index 0b256d343f..c01db9618d 100644
--- a/source3/nsswitch/libwbclient/wbclient.h
+++ b/source3/nsswitch/libwbclient/wbclient.h
@@ -41,14 +41,15 @@ enum _wbcErrType {
 	WBC_ERR_WINBIND_NOT_AVAILABLE,   /**< Winbind daemon is not available **/
 	WBC_ERR_DOMAIN_NOT_FOUND,        /**< Domain is not trusted or cannot be found **/
 	WBC_INVALID_RESPONSE,        /**< Winbind returned an invalid response **/
-	WBC_ERR_NSS_ERROR            /**< NSS_STATUS error **/
+	WBC_ERR_NSS_ERROR,            /**< NSS_STATUS error **/
+	WBC_ERR_AUTH_ERROR        /**< Authentication failed **/
 };
 
 typedef enum _wbcErrType wbcErr;
 
 #define WBC_ERROR_IS_OK(x) ((x) == WBC_ERR_SUCCESS)
 
-char *wbcErrorString(wbcErr error);
+const char *wbcErrorString(wbcErr error);
 
 /*
  * Data types used by the Winbind Client API
@@ -88,6 +89,25 @@ enum wbcSidType {
 };
 
 /**
+ * @brief Security Identifier with attributes
+ **/
+
+struct wbcSidWithAttr {
+	struct wbcDomainSid sid;
+	uint32_t attributes;
+};
+
+/* wbcSidWithAttr->attributes */
+
+#define WBC_SID_ATTR_GROUP_MANDATORY		0x00000001
+#define WBC_SID_ATTR_GROUP_ENABLED_BY_DEFAULT	0x00000002
+#define WBC_SID_ATTR_GROUP_ENABLED 		0x00000004
+#define WBC_SID_ATTR_GROUP_OWNER 		0x00000008
+#define WBC_SID_ATTR_GROUP_USEFOR_DENY_ONLY 	0x00000010
+#define WBC_SID_ATTR_GROUP_RESOURCE 		0x20000000
+#define WBC_SID_ATTR_GROUP_LOGON_ID 		0xC0000000
+
+/**
  * @brief Domain Information
  **/
 
@@ -104,6 +124,140 @@ struct wbcDomainInfo {
 #define WBC_DOMINFO_AD                0x00000002
 #define WBC_DOMINFO_PRIMARY           0x00000004
 
+/**
+ * @brief Auth User Parameters
+ **/
+
+struct wbcAuthUserParams {
+	const char *account_name;
+	const char *domain_name;
+	const char *workstation_name;
+
+	uint32_t flags;
+
+	uint32_t parameter_control;
+
+	enum wbcAuthUserLevel {
+		WBC_AUTH_USER_LEVEL_PLAIN = 1,
+		WBC_AUTH_USER_LEVEL_HASH = 2,
+		WBC_AUTH_USER_LEVEL_RESPONSE = 3
+	} level;
+	union {
+		const char *plaintext;
+		struct {
+			uint8_t nt_hash[16];
+			uint8_t lm_hash[16];
+		} hash;
+		struct {
+			uint8_t challenge[8];
+			uint32_t nt_length;
+			uint8_t *nt_data;
+			uint32_t lm_length;
+			uint8_t *lm_data;
+		} response;
+	} password;
+};
+
+/* wbcAuthUserParams->parameter_control */
+
+#define WBC_MSV1_0_CLEARTEXT_PASSWORD_ALLOWED		0x00000002
+#define WBC_MSV1_0_UPDATE_LOGON_STATISTICS		0x00000004
+#define WBC_MSV1_0_RETURN_USER_PARAMETERS		0x00000008
+#define WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT		0x00000020
+#define WBC_MSV1_0_RETURN_PROFILE_PATH			0x00000200
+#define WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT	0x00000800
+
+/* wbcAuthUserParams->flags */
+
+#define WBC_AUTH_PARAM_FLAGS_INTERACTIVE_LOGON		0x00000001
+
+/**
+ * @brief Auth User Information
+ *
+ * Some of the strings are maybe NULL
+ **/
+
+struct wbcAuthUserInfo {
+	uint32_t user_flags;
+
+	char *account_name;
+	char *user_principal;
+	char *full_name;
+	char *domain_name;
+	char *dns_domain_name;
+
+	uint32_t acct_flags;
+	uint8_t user_session_key[16];
+	uint8_t lm_session_key[8];
+
+	uint16_t logon_count;
+	uint16_t bad_password_count;
+
+	uint64_t logon_time;
+	uint64_t logoff_time;
+	uint64_t kickoff_time;
+	uint64_t pass_last_set_time;
+	uint64_t pass_can_change_time;
+	uint64_t pass_must_change_time;
+
+	char *logon_server;
+	char *logon_script;
+	char *profile_path;
+	char *home_directory;
+	char *home_drive;
+
+	/*
+	 * the 1st one is the account sid
+	 * the 2nd one is the primary_group sid
+	 * followed by the rest of the groups
+	 */
+	uint32_t num_sids;
+	struct wbcSidWithAttr *sids;
+};
+
+/* wbcAuthUserInfo->user_flags */
+
+#define WBC_AUTH_USER_INFO_GUEST			0x00000001
+#define WBC_AUTH_USER_INFO_NOENCRYPTION			0x00000002
+#define WBC_AUTH_USER_INFO_CACHED_ACCOUNT		0x00000004
+#define WBC_AUTH_USER_INFO_USED_LM_PASSWORD		0x00000008
+#define WBC_AUTH_USER_INFO_EXTRA_SIDS 			0x00000020
+#define WBC_AUTH_USER_INFO_SUBAUTH_SESSION_KEY		0x00000040
+#define WBC_AUTH_USER_INFO_SERVER_TRUST_ACCOUNT		0x00000080
+#define WBC_AUTH_USER_INFO_NTLMV2_ENABLED		0x00000100
+#define WBC_AUTH_USER_INFO_RESOURCE_GROUPS		0x00000200
+#define WBC_AUTH_USER_INFO_PROFILE_PATH_RETURNED	0x00000400
+#define WBC_AUTH_USER_INFO_GRACE_LOGON			0x01000000
+
+/* wbcAuthUserInfo->acct_flags */
+
+#define WBC_ACB_DISABLED			0x00000001 /* 1 User account disabled */
+#define WBC_ACB_HOMDIRREQ			0x00000002 /* 1 Home directory required */
+#define WBC_ACB_PWNOTREQ			0x00000004 /* 1 User password not required */
+#define WBC_ACB_TEMPDUP				0x00000008 /* 1 Temporary duplicate account */
+#define WBC_ACB_NORMAL				0x00000010 /* 1 Normal user account */
+#define WBC_ACB_MNS				0x00000020 /* 1 MNS logon user account */
+#define WBC_ACB_DOMTRUST			0x00000040 /* 1 Interdomain trust account */
+#define WBC_ACB_WSTRUST				0x00000080 /* 1 Workstation trust account */
+#define WBC_ACB_SVRTRUST			0x00000100 /* 1 Server trust account */
+#define WBC_ACB_PWNOEXP				0x00000200 /* 1 User password does not expire */
+#define WBC_ACB_AUTOLOCK			0x00000400 /* 1 Account auto locked */
+#define WBC_ACB_ENC_TXT_PWD_ALLOWED		0x00000800 /* 1 Encryped text password is allowed */
+#define WBC_ACB_SMARTCARD_REQUIRED		0x00001000 /* 1 Smart Card required */
+#define WBC_ACB_TRUSTED_FOR_DELEGATION		0x00002000 /* 1 Trusted for Delegation */
+#define WBC_ACB_NOT_DELEGATED			0x00004000 /* 1 Not delegated */
+#define WBC_ACB_USE_DES_KEY_ONLY		0x00008000 /* 1 Use DES key only */
+#define WBC_ACB_DONT_REQUIRE_PREAUTH		0x00010000 /* 1 Preauth not required */
+#define WBC_ACB_PW_EXPIRED              	0x00020000 /* 1 Password Expired */
+#define WBC_ACB_NO_AUTH_DATA_REQD		0x00080000   /* 1 = No authorization data required */
+
+struct wbcAuthErrorInfo {
+	uint32_t nt_status;
+	char *nt_string;
+	int32_t pam_error;
+	char *display_string;
+};
+
 /*
  * Memory Management
  */
@@ -205,5 +359,8 @@ wbcErr wbcDomainSequenceNumbers(void);
 wbcErr wbcAuthenticateUser(const char *username,
 			   const char *password);
 
+wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
+			     struct wbcAuthUserInfo **info,
+			     struct wbcAuthErrorInfo **error);
 
 #endif      /* _WBCLIENT_H */
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index 4d019072ac..81f5227410 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -1341,9 +1341,10 @@ static int winbind_auth_request(pam_handle_t * pamh,
 
 		/* If winbindd returned a username, return the pointer to it
 		 * here. */
-		if (user_ret && response.extra_data.data) {
+		if (user_ret && response.data.auth.unix_username[0]) {
 			/* We have to trust it's a null terminated string. */
-			*user_ret = (char *)response.extra_data.data;
+			*user_ret = strndup(response.data.auth.unix_username,
+				    sizeof(response.data.auth.unix_username) - 1);
 		}
 	}
 
@@ -1431,22 +1432,22 @@ static int winbind_chauthtok_request(pam_handle_t * pamh,
 		switch (reject_reason) {
 			case -1:
 				break;
-			case REJECT_REASON_OTHER:
+			case SAMR_REJECT_OTHER:
 				if ((min_pwd_age > 0) &&
 				    (pwd_last_set + min_pwd_age > time(NULL))) {
 					PAM_WB_REMARK_DIRECT(pamh, ctrl,
 					     "NT_STATUS_PWD_TOO_RECENT");
 				}
 				break;
-			case REJECT_REASON_TOO_SHORT:
+			case SAMR_REJECT_TOO_SHORT:
 				PAM_WB_REMARK_DIRECT(pamh, ctrl,
 					"NT_STATUS_PWD_TOO_SHORT");
 				break;
-			case REJECT_REASON_IN_HISTORY:
+			case SAMR_REJECT_IN_HISTORY:
 				PAM_WB_REMARK_DIRECT(pamh, ctrl,
 					"NT_STATUS_PWD_HISTORY_CONFLICT");
 				break;
-			case REJECT_REASON_NOT_COMPLEX:
+			case SAMR_REJECT_COMPLEXITY:
 				_make_remark(pamh, ctrl, PAM_ERROR_MSG,
 					     "Password does not meet "
 					     "complexity requirements");
diff --git a/source3/nsswitch/pam_winbind.h b/source3/nsswitch/pam_winbind.h
index 59a2f39584..a1d32726f5 100644
--- a/source3/nsswitch/pam_winbind.h
+++ b/source3/nsswitch/pam_winbind.h
@@ -12,6 +12,7 @@
 #define PAM_SM_AUTH
 #define PAM_SM_ACCOUNT
 #define PAM_SM_PASSWORD
+#define PAM_SM_SESSION
 
 #ifndef PAM_WINBIND_CONFIG_FILE
 #define PAM_WINBIND_CONFIG_FILE "/etc/security/pam_winbind.conf"
@@ -179,22 +180,23 @@ do {                             \
 	};\
 };
 
-/* from include/rpc_samr.h */
-#define DOMAIN_PASSWORD_COMPLEX            0x00000001
+/* from samr.idl */
+#define DOMAIN_PASSWORD_COMPLEX		0x00000001
 
-#define REJECT_REASON_OTHER		0x00000000
-#define REJECT_REASON_TOO_SHORT		0x00000001
-#define REJECT_REASON_IN_HISTORY	0x00000002
-#define REJECT_REASON_NOT_COMPLEX	0x00000005
+#define SAMR_REJECT_OTHER		0x00000000
+#define SAMR_REJECT_TOO_SHORT		0x00000001
+#define SAMR_REJECT_IN_HISTORY		0x00000002
+#define SAMR_REJECT_COMPLEXITY		0x00000005
 
-/* from include/smb.h */
 #define ACB_PWNOEXP			0x00000200
 
+/* from netlogon.idl */
+#define NETLOGON_CACHED_ACCOUNT		0x00000004
+#define NETLOGON_GRACE_LOGON		0x01000000
+
 /* from include/rpc_netlogon.h */
-#define LOGON_CACHED_ACCOUNT		0x00000004
-#define LOGON_GRACE_LOGON		0x01000000
 #define LOGON_KRB5_FAIL_CLOCK_SKEW	0x02000000
 
-#define PAM_WB_CACHED_LOGON(x) (x & LOGON_CACHED_ACCOUNT)
+#define PAM_WB_CACHED_LOGON(x) (x & NETLOGON_CACHED_ACCOUNT)
 #define PAM_WB_KRB5_CLOCK_SKEW(x) (x & LOGON_KRB5_FAIL_CLOCK_SKEW)
-#define PAM_WB_GRACE_LOGON(x)  ((LOGON_CACHED_ACCOUNT|LOGON_GRACE_LOGON) == ( x & (LOGON_CACHED_ACCOUNT|LOGON_GRACE_LOGON)))
+#define PAM_WB_GRACE_LOGON(x)  ((NETLOGON_CACHED_ACCOUNT|NETLOGON_GRACE_LOGON) == ( x & (NETLOGON_CACHED_ACCOUNT|NETLOGON_GRACE_LOGON)))
diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c
index 49a2935bff..b113fc3336 100644
--- a/source3/nsswitch/wb_common.c
+++ b/source3/nsswitch/wb_common.c
@@ -538,18 +538,6 @@ int winbindd_read_reply(struct winbindd_response *response)
 	return result1 + result2;
 }
 
-bool winbind_env_set(void)
-{
-	char *env;
-	
-	if ((env=getenv(WINBINDD_DONT_ENV)) != NULL) {
-		if(strcmp(env, "1") == 0) {
-			return true;
-		}
-	}
-	return false;
-}
-
 /* 
  * send simple types of requests 
  */
@@ -663,21 +651,6 @@ NSS_STATUS winbindd_priv_request_response(int req_type,
 }
 
 /*************************************************************************
- A couple of simple functions to disable winbindd lookups and re-
- enable them
- ************************************************************************/
- 
-bool winbind_off(void)
-{
-	return setenv(WINBINDD_DONT_ENV, "1", 1) != -1;
-}
-
-bool winbind_on(void)
-{
-	return setenv(WINBINDD_DONT_ENV, "0", 1) != -1;
-}
-
-/*************************************************************************
  ************************************************************************/
 
 const char *nss_err_str(NSS_STATUS ret)
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
index c8f8398c6f..ee51cce835 100644
--- a/source3/nsswitch/wbinfo.c
+++ b/source3/nsswitch/wbinfo.c
@@ -53,7 +53,7 @@ static char winbind_separator_int(bool strict)
 	}
 
 	sep = response.data.info.winbind_separator;
-	got_sep = True;
+	got_sep = true;
 
 	if (!sep) {
 		d_fprintf(stderr, "winbind separator was NULL!\n");
@@ -69,27 +69,27 @@ static char winbind_separator_int(bool strict)
 
 static char winbind_separator(void)
 {
-	return winbind_separator_int(False);
+	return winbind_separator_int(false);
 }
 
 static const char *get_winbind_domain(void)
 {
-	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;	
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 	struct wbcDomainInfo *dinfo = NULL;
 	static fstring winbind_domain;
 
 	ZERO_STRUCT(dinfo);
-	
+
 	wbc_status = wbcDomainInfo(".", &dinfo);
 
 	if (!WBC_ERROR_IS_OK(wbc_status)) {
 		d_fprintf(stderr, "could not obtain winbind domain name!\n");
-		
+
 		/* HACK: (this module should not call lp_ funtions) */
 		return lp_workgroup();
 	}
 
-	fstrcpy(winbind_domain, dinfo->short_name);	
+	fstrcpy(winbind_domain, dinfo->short_name);
 
 	wbcFreeMemory(dinfo);
 
@@ -99,7 +99,7 @@ static const char *get_winbind_domain(void)
 /* Copy of parse_domain_user from winbindd_util.c.  Parse a string of the
    form DOMAIN/user into a domain and a user */
 
-static bool parse_wbinfo_domain_user(const char *domuser, fstring domain, 
+static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
 				     fstring user)
 {
 
@@ -110,20 +110,20 @@ static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
 		if ((p = strchr(domuser, '@')) != NULL) {
 			fstrcpy(domain, "");
 			fstrcpy(user, domuser);
-			return True;
+			return true;
 		}
-		
+
 		fstrcpy(user, domuser);
 		fstrcpy(domain, get_winbind_domain());
-		return True;
+		return true;
 	}
-        
+
 	fstrcpy(user, p+1);
 	fstrcpy(domain, domuser);
 	domain[PTR_DIFF(p, domuser)] = 0;
 	strupper_m(domain);
 
-	return True;
+	return true;
 }
 
 /* pull pwent info for a given user */
@@ -131,13 +131,13 @@ static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
 static bool wbinfo_get_userinfo(char *user)
 {
 	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
-	struct passwd *pwd = NULL;	
+	struct passwd *pwd = NULL;
 
 	wbc_status = wbcGetpwnam(user, &pwd);
 	if (!WBC_ERROR_IS_OK(wbc_status)) {
 		return false;
 	}
-	
+
 	d_printf("%s:%s:%d:%d:%s:%s:%s\n",
 		 pwd->pw_name,
 		 pwd->pw_passwd,
@@ -146,7 +146,7 @@ static bool wbinfo_get_userinfo(char *user)
 		 pwd->pw_gecos,
 		 pwd->pw_dir,
 		 pwd->pw_shell);
-	
+
 	return true;
 }
 
@@ -154,13 +154,13 @@ static bool wbinfo_get_userinfo(char *user)
 static bool wbinfo_get_uidinfo(int uid)
 {
 	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
-	struct passwd *pwd = NULL;	
+	struct passwd *pwd = NULL;
 
 	wbc_status = wbcGetpwuid(uid, &pwd);
 	if (!WBC_ERROR_IS_OK(wbc_status)) {
 		return false;
 	}
-	
+
 	d_printf("%s:%s:%d:%d:%s:%s:%s\n",
 		 pwd->pw_name,
 		 pwd->pw_passwd,
@@ -169,7 +169,7 @@ static bool wbinfo_get_uidinfo(int uid)
 		 pwd->pw_gecos,
 		 pwd->pw_dir,
 		 pwd->pw_shell);
-	
+
 	return true;
 }
 
@@ -191,14 +191,14 @@ static bool wbinfo_get_groupinfo(char *group)
 					   &response);
 
 	if ( result != NSS_STATUS_SUCCESS)
-		return False;
+		return false;
 
-  	d_printf( "%s:%s:%d\n",
+	d_printf( "%s:%s:%d\n",
 		  response.data.gr.gr_name,
 		  response.data.gr.gr_passwd,
 		  response.data.gr.gr_gid );
-	
-	return True;
+
+	return true;
 }
 
 /* List groups a user is a member of */
@@ -209,7 +209,7 @@ static bool wbinfo_get_usergroups(char *user)
 	struct winbindd_response response;
 	NSS_STATUS result;
 	int i;
-	
+
 	ZERO_STRUCT(request);
 	ZERO_STRUCT(response);
 
@@ -220,14 +220,14 @@ static bool wbinfo_get_usergroups(char *user)
 	result = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
 
 	if (result != NSS_STATUS_SUCCESS)
-		return False;
+		return false;
 
 	for (i = 0; i < response.data.num_entries; i++)
 		d_printf("%d\n", (int)((gid_t *)response.extra_data.data)[i]);
 
 	SAFE_FREE(response.extra_data.data);
 
-	return True;
+	return true;
 }
 
 
@@ -249,7 +249,7 @@ static bool wbinfo_get_usersids(char *user_sid)
 	result = winbindd_request_response(WINBINDD_GETUSERSIDS, &request, &response);
 
 	if (result != NSS_STATUS_SUCCESS)
-		return False;
+		return false;
 
 	s = (const char *)response.extra_data.data;
 	for (i = 0; i < response.data.num_entries; i++) {
@@ -259,7 +259,7 @@ static bool wbinfo_get_usersids(char *user_sid)
 
 	SAFE_FREE(response.extra_data.data);
 
-	return True;
+	return true;
 }
 
 static bool wbinfo_get_userdomgroups(const char *user_sid)
@@ -275,17 +275,17 @@ static bool wbinfo_get_userdomgroups(const char *user_sid)
 	fstrcpy(request.data.sid, user_sid);
 
 	result = winbindd_request_response(WINBINDD_GETUSERDOMGROUPS, &request,
-				  &response);
+					   &response);
 
 	if (result != NSS_STATUS_SUCCESS)
-		return False;
+		return false;
 
 	if (response.data.num_entries != 0)
 		printf("%s", (char *)response.extra_data.data);
-	
+
 	SAFE_FREE(response.extra_data.data);
 
-	return True;
+	return true;
 }
 
 /* Convert NetBIOS name to IP */
@@ -304,14 +304,14 @@ static bool wbinfo_wins_byname(char *name)
 
 	if (winbindd_request_response(WINBINDD_WINS_BYNAME, &request, &response) !=
 	    NSS_STATUS_SUCCESS) {
-		return False;
+		return false;
 	}
 
 	/* Display response */
 
 	d_printf("%s\n", response.data.winsresp);
 
-	return True;
+	return true;
 }
 
 /* Convert IP to NetBIOS name */
@@ -330,14 +330,14 @@ static bool wbinfo_wins_byip(char *ip)
 
 	if (winbindd_request_response(WINBINDD_WINS_BYIP, &request, &response) !=
 	    NSS_STATUS_SUCCESS) {
-		return False;
+		return false;
 	}
 
 	/* Display response */
 
 	d_printf("%s\n", response.data.winsresp);
 
-	return True;
+	return true;
 }
 
 /* List trusted domains */
@@ -356,7 +356,7 @@ static bool wbinfo_list_domains(bool list_all_domains)
 
 	if (winbindd_request_response(WINBINDD_LIST_TRUSTDOM, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
-		return False;
+		return false;
 
 	/* Display response */
 
@@ -373,7 +373,7 @@ static bool wbinfo_list_domains(bool list_all_domains)
 					 extra_data);
 				TALLOC_FREE(frame);
 				SAFE_FREE(response.extra_data.data);
-				return False;
+				return false;
 			}
 			*p = 0;
 			d_printf("%s\n", name);
@@ -382,7 +382,7 @@ static bool wbinfo_list_domains(bool list_all_domains)
 		SAFE_FREE(response.extra_data.data);
 	}
 
-	return True;
+	return true;
 }
 
 /* List own domain */
@@ -391,7 +391,7 @@ static bool wbinfo_list_own_domain(void)
 {
 	d_printf("%s\n", get_winbind_domain());
 
-	return True;
+	return true;
 }
 
 /* show sequence numbers */
@@ -410,7 +410,7 @@ static bool wbinfo_show_sequence(const char *domain)
 
 	if (winbindd_request_response(WINBINDD_SHOW_SEQUENCE, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
-		return False;
+		return false;
 
 	/* Display response */
 
@@ -427,7 +427,7 @@ static bool wbinfo_show_sequence(const char *domain)
 		SAFE_FREE(response.extra_data.data);
 	}
 
-	return True;
+	return true;
 }
 
 /* Show domain info */
@@ -449,7 +449,7 @@ static bool wbinfo_domain_info(const char *domain_name)
 
 	if (winbindd_request_response(WINBINDD_DOMAIN_INFO, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
-		return False;
+		return false;
 
 	/* Display response */
 
@@ -466,7 +466,7 @@ static bool wbinfo_domain_info(const char *domain_name)
 	d_printf("Primary           : %s\n",
 		 response.data.domain_info.primary ? "Yes" : "No");
 
-	return True;
+	return true;
 }
 
 /* Get a foreign DC's name */
@@ -485,14 +485,14 @@ static bool wbinfo_getdcname(const char *domain_name)
 	if (winbindd_request_response(WINBINDD_GETDCNAME, &request, &response) !=
 	    NSS_STATUS_SUCCESS) {
 		d_fprintf(stderr, "Could not get dc name for %s\n", domain_name);
-		return False;
+		return false;
 	}
 
 	/* Display response */
 
 	d_printf("%s\n", response.data.dc_name);
 
-	return True;
+	return true;
 }
 
 /* Find a DC */
@@ -514,35 +514,35 @@ static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags)
 	if (winbindd_request_response(WINBINDD_DSGETDCNAME, &request, &response) !=
 	    NSS_STATUS_SUCCESS) {
 		d_fprintf(stderr, "Could not find dc for %s\n", domain_name);
-		return False;
+		return false;
 	}
 
 	/* Display response */
 
 	d_printf("%s\n", response.data.dc_name);
 
-	return True;
+	return true;
 }
 
 /* Check trust account password */
 
 static bool wbinfo_check_secret(void)
 {
-        struct winbindd_response response;
-        NSS_STATUS result;
+	struct winbindd_response response;
+	NSS_STATUS result;
 
-        ZERO_STRUCT(response);
+	ZERO_STRUCT(response);
 
-        result = winbindd_request_response(WINBINDD_CHECK_MACHACC, NULL, &response);
-		
-	d_printf("checking the trust secret via RPC calls %s\n", 
+	result = winbindd_request_response(WINBINDD_CHECK_MACHACC, NULL, &response);
+
+	d_printf("checking the trust secret via RPC calls %s\n",
 		 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
 
-	if (result != NSS_STATUS_SUCCESS)	
-		d_fprintf(stderr, "error code was %s (0x%x)\n", 
-		 	 response.data.auth.nt_status_string, 
+	if (result != NSS_STATUS_SUCCESS)
+		d_fprintf(stderr, "error code was %s (0x%x)\n",
+		 	 response.data.auth.nt_status_string,
 		 	 response.data.auth.nt_status);
-	
+
 	return result == NSS_STATUS_SUCCESS;	
 }
 
@@ -562,13 +562,13 @@ static bool wbinfo_uid_to_sid(uid_t uid)
 
 	if (winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
-		return False;
+		return false;
 
 	/* Display response */
 
 	d_printf("%s\n", response.data.sid.sid);
 
-	return True;
+	return true;
 }
 
 /* Convert gid to sid */
@@ -587,13 +587,13 @@ static bool wbinfo_gid_to_sid(gid_t gid)
 
 	if (winbindd_request_response(WINBINDD_GID_TO_SID, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
-		return False;
+		return false;
 
 	/* Display response */
 
 	d_printf("%s\n", response.data.sid.sid);
 
-	return True;
+	return true;
 }
 
 /* Convert sid to uid */
@@ -612,13 +612,13 @@ static bool wbinfo_sid_to_uid(char *sid)
 
 	if (winbindd_request_response(WINBINDD_SID_TO_UID, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
-		return False;
+		return false;
 
 	/* Display response */
 
 	d_printf("%d\n", (int)response.data.uid);
 
-	return True;
+	return true;
 }
 
 static bool wbinfo_sid_to_gid(char *sid)
@@ -635,13 +635,13 @@ static bool wbinfo_sid_to_gid(char *sid)
 
 	if (winbindd_request_response(WINBINDD_SID_TO_GID, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
-		return False;
+		return false;
 
 	/* Display response */
 
 	d_printf("%d\n", (int)response.data.gid);
 
-	return True;
+	return true;
 }
 
 static bool wbinfo_allocate_uid(void)
@@ -649,11 +649,11 @@ static bool wbinfo_allocate_uid(void)
 	uid_t uid;
 
 	if (!winbind_allocate_uid(&uid))
-		return False;
+		return false;
 
 	d_printf("New uid: %d\n", uid);
 
-	return True;
+	return true;
 }
 
 static bool wbinfo_allocate_gid(void)
@@ -661,11 +661,11 @@ static bool wbinfo_allocate_gid(void)
 	gid_t gid;
 
 	if (!winbind_allocate_gid(&gid))
-		return False;
+		return false;
 
 	d_printf("New gid: %d\n", gid);
 
-	return True;
+	return true;
 }
 
 /* Convert sid to string */
@@ -684,15 +684,15 @@ static bool wbinfo_lookupsid(char *sid)
 
 	if (winbindd_request_response(WINBINDD_LOOKUPSID, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
-		return False;
+		return false;
 
 	/* Display response */
 
-	d_printf("%s%c%s %d\n", response.data.name.dom_name, 
-		 winbind_separator(), response.data.name.name, 
+	d_printf("%s%c%s %d\n", response.data.name.dom_name,
+		 winbind_separator(), response.data.name.name,
 		 response.data.name.type);
 
-	return True;
+	return true;
 }
 
 /* Lookup a list of RIDs */
@@ -725,18 +725,18 @@ static bool wbinfo_lookuprids(char *domain, char *arg)
 	if (winbindd_request_response(WINBINDD_DOMAIN_INFO, &request, &response) !=
 	    NSS_STATUS_SUCCESS) {
 		d_printf("Could not get domain sid for %s\n", request.domain_name);
-		return False;
+		return false;
 	}
 
 	if (!string_to_sid(&sid, response.data.domain_info.sid)) {
 		d_printf("Could not convert %s to sid\n", response.data.domain_info.sid);
-		return False;
+		return false;
 	}
 
 	mem_ctx = talloc_new(NULL);
 	if (mem_ctx == NULL) {
 		d_printf("talloc_new failed\n");
-		return False;
+		return false;
 	}
 
 	num_rids = 0;
@@ -750,14 +750,14 @@ static bool wbinfo_lookuprids(char *domain, char *arg)
 
 	if (rids == NULL) {
 		TALLOC_FREE(mem_ctx);
-		return False;
+		return false;
 	}
 
 	if (!winbind_lookup_rids(mem_ctx, &sid, num_rids, rids,
 				 &domain_name, &names, &types)) {
 		d_printf("winbind_lookup_rids failed\n");
 		TALLOC_FREE(mem_ctx);
-		return False;
+		return false;
 	}
 
 	d_printf("Domain: %s\n", domain_name);
@@ -768,7 +768,7 @@ static bool wbinfo_lookuprids(char *domain, char *arg)
 	}
 
 	TALLOC_FREE(mem_ctx);
-	return True;
+	return true;
 }
 
 /* Convert string to sid */
@@ -783,18 +783,18 @@ static bool wbinfo_lookupname(char *name)
 	ZERO_STRUCT(request);
 	ZERO_STRUCT(response);
 
-	parse_wbinfo_domain_user(name, request.data.name.dom_name, 
+	parse_wbinfo_domain_user(name, request.data.name.dom_name,
 				 request.data.name.name);
 
 	if (winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
-		return False;
+		return false;
 
 	/* Display response */
 
 	d_printf("%s %s (%d)\n", response.data.sid.sid, sid_type_lookup(response.data.sid.type), response.data.sid.type);
 
-	return True;
+	return true;
 }
 
 /* Authenticate a user with a plaintext password */
@@ -843,8 +843,8 @@ static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
 	if (result == NSS_STATUS_SUCCESS) {
 
 		if (request.flags & WBFLAG_PAM_INFO3_TEXT) {
-			if (response.data.auth.info3.user_flgs & LOGON_CACHED_ACCOUNT) {
-				d_printf("user_flgs: LOGON_CACHED_ACCOUNT\n");
+			if (response.data.auth.info3.user_flgs & NETLOGON_CACHED_ACCOUNT) {
+				d_printf("user_flgs: NETLOGON_CACHED_ACCOUNT\n");
 			}
 		}
 
@@ -863,139 +863,139 @@ static bool wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
 static bool wbinfo_auth(char *username)
 {
 	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
-	char *s = NULL;	
-        char *p = NULL;	
-	char *password = NULL;
-	char *name = NULL;	
+	char *s = NULL;
+	char *p = NULL;
+	const char *password = NULL;
+	char *name = NULL;
 
 	if ((s = SMB_STRDUP(username)) == NULL) {
 		return false;
 	}
 
 	if ((p = strchr(s, '%')) != NULL) {
-                *p = 0;
+		*p = 0;
 		p++;
+		password = p;
+	} else {
+		password = "";
 	}
 
 	name = s;
-	password = p;	
 
 	wbc_status = wbcAuthenticateUser(name, password);
 
-        d_printf("plaintext password authentication %s\n", 
+	d_printf("plaintext password authentication %s\n",
 		 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
 
 #if 0
 	if (response.data.auth.nt_status)
 		d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", 
-			 response.data.auth.nt_status_string, 
+			 response.data.auth.nt_status_string,
 			 response.data.auth.nt_status,
 			 response.data.auth.error_string);
 #endif
 
 	SAFE_FREE(s);
 
-        return WBC_ERROR_IS_OK(wbc_status);
+	return WBC_ERROR_IS_OK(wbc_status);
 }
 
 /* Authenticate a user with a challenge/response */
 
 static bool wbinfo_auth_crap(char *username)
 {
-	struct winbindd_request request;
-	struct winbindd_response response;
-        NSS_STATUS result;
-        fstring name_user;
-        fstring name_domain;
-        fstring pass;
-        char *p;
-
-	/* Send off request */
-
-	ZERO_STRUCT(request);
-	ZERO_STRUCT(response);
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct wbcAuthUserParams params;
+	struct wbcAuthUserInfo *info = NULL;
+	struct wbcAuthErrorInfo *err = NULL;
+	DATA_BLOB lm = data_blob_null;
+	DATA_BLOB nt = data_blob_null;
+	fstring name_user;
+	fstring name_domain;
+	fstring pass;
+	char *p;
 
-        p = strchr(username, '%');
+	p = strchr(username, '%');
 
-        if (p) {
-                *p = 0;
-                fstrcpy(pass, p + 1);
+	if (p) {
+		*p = 0;
+		fstrcpy(pass, p + 1);
 	}
 		
 	parse_wbinfo_domain_user(username, name_domain, name_user);
 
-	request.data.auth_crap.logon_parameters = MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT | MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
+	params.account_name	= name_user;
+	params.domain_name	= name_domain;
+	params.workstation_name	= NULL;
 
-	fstrcpy(request.data.auth_crap.user, name_user);
+	params.flags		= 0;
+	params.parameter_control= WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT |
+				  WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
 
-	fstrcpy(request.data.auth_crap.domain, 
-			      name_domain);
+	params.level		= WBC_AUTH_USER_LEVEL_RESPONSE;
+
+	generate_random_buffer(params.password.response.challenge, 8);
 
-	generate_random_buffer(request.data.auth_crap.chal, 8);
-        
 	if (lp_client_ntlmv2_auth()) {
 		DATA_BLOB server_chal;
-		DATA_BLOB names_blob;	
+		DATA_BLOB names_blob;
 
-		DATA_BLOB lm_response;
-		DATA_BLOB nt_response;
+		server_chal = data_blob(params.password.response.challenge, 8);
 
-		server_chal = data_blob(request.data.auth_crap.chal, 8); 
-		
 		/* Pretend this is a login to 'us', for blob purposes */
 		names_blob = NTLMv2_generate_names_blob(global_myname(), lp_workgroup());
-		
-		if (!SMBNTLMv2encrypt(name_user, name_domain, pass, &server_chal, 
+
+		if (!SMBNTLMv2encrypt(name_user, name_domain, pass, &server_chal,
 				      &names_blob,
-				      &lm_response, &nt_response, NULL)) {
+				      &lm, &nt, NULL)) {
 			data_blob_free(&names_blob);
 			data_blob_free(&server_chal);
-			return False;
+			return false;
 		}
 		data_blob_free(&names_blob);
 		data_blob_free(&server_chal);
 
-		memcpy(request.data.auth_crap.nt_resp, nt_response.data, 
-		       MIN(nt_response.length, 
-			   sizeof(request.data.auth_crap.nt_resp)));
-		request.data.auth_crap.nt_resp_len = nt_response.length;
-
-		memcpy(request.data.auth_crap.lm_resp, lm_response.data, 
-		       MIN(lm_response.length, 
-			   sizeof(request.data.auth_crap.lm_resp)));
-		request.data.auth_crap.lm_resp_len = lm_response.length;
-		       
-		data_blob_free(&nt_response);
-		data_blob_free(&lm_response);
-
 	} else {
-		if (lp_client_lanman_auth() 
-		    && SMBencrypt(pass, request.data.auth_crap.chal, 
-			       (uchar *)request.data.auth_crap.lm_resp)) {
-			request.data.auth_crap.lm_resp_len = 24;
-		} else {
-			request.data.auth_crap.lm_resp_len = 0;
+		if (lp_client_lanman_auth()) {
+			bool ok;
+			lm = data_blob(NULL, 24);
+			ok = SMBencrypt(pass, params.password.response.challenge,
+					lm.data);
+			if (!ok) {
+				data_blob_free(&lm);
+			}
 		}
-		SMBNTencrypt(pass, request.data.auth_crap.chal,
-			     (uchar *)request.data.auth_crap.nt_resp);
-
-		request.data.auth_crap.nt_resp_len = 24;
+		nt = data_blob(NULL, 24);
+		SMBNTencrypt(pass, params.password.response.challenge,
+			     nt.data);
 	}
 
-	result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response);
+	params.password.response.nt_length	= nt.length;
+	params.password.response.nt_data	= nt.data;
+	params.password.response.lm_length	= lm.length;
+	params.password.response.lm_data	= lm.data;
+
+	wbc_status = wbcAuthenticateUserEx(&params, &info, &err);
 
 	/* Display response */
 
-        d_printf("challenge/response password authentication %s\n", 
-               (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
+	d_printf("challenge/response password authentication %s\n",
+		 WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
 
-	if (response.data.auth.nt_status)
+	if (wbc_status == WBC_ERR_AUTH_ERROR) {
 		d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", 
-			 response.data.auth.nt_status_string, 
-			 response.data.auth.nt_status,
-			 response.data.auth.error_string);
+			 err->nt_string,
+			 err->nt_status,
+			 err->display_string);
+		wbcFreeMemory(err);
+	} else if (WBC_ERROR_IS_OK(wbc_status)) {
+		wbcFreeMemory(info);
+	}
+
+	data_blob_free(&nt);
+	data_blob_free(&lm);
 
-        return result == NSS_STATUS_SUCCESS;
+	return WBC_ERROR_IS_OK(wbc_status);
 }
 
 /* Authenticate a user with a plaintext password and set a token */
@@ -1004,23 +1004,23 @@ static bool wbinfo_klog(char *username)
 {
 	struct winbindd_request request;
 	struct winbindd_response response;
-        NSS_STATUS result;
-        char *p;
+	NSS_STATUS result;
+	char *p;
 
 	/* Send off request */
 
 	ZERO_STRUCT(request);
 	ZERO_STRUCT(response);
 
-        p = strchr(username, '%');
+	p = strchr(username, '%');
 
-        if (p) {
-                *p = 0;
-                fstrcpy(request.data.auth.user, username);
-                fstrcpy(request.data.auth.pass, p + 1);
-                *p = '%';
-        } else {
-                fstrcpy(request.data.auth.user, username);
+	if (p) {
+		*p = 0;
+		fstrcpy(request.data.auth.user, username);
+		fstrcpy(request.data.auth.pass, p + 1);
+		*p = '%';
+	} else {
+		fstrcpy(request.data.auth.user, username);
 		fstrcpy(request.data.auth.pass, getpass("Password: "));
 	}
 
@@ -1030,30 +1030,30 @@ static bool wbinfo_klog(char *username)
 
 	/* Display response */
 
-        d_printf("plaintext password authentication %s\n", 
-               (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
+	d_printf("plaintext password authentication %s\n",
+		 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
 
 	if (response.data.auth.nt_status)
 		d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n", 
-			 response.data.auth.nt_status_string, 
+			 response.data.auth.nt_status_string,
 			 response.data.auth.nt_status,
 			 response.data.auth.error_string);
 
 	if (result != NSS_STATUS_SUCCESS)
-		return False;
+		return false;
 
 	if (response.extra_data.data == NULL) {
 		d_fprintf(stderr, "Did not get token data\n");
-		return False;
+		return false;
 	}
 
 	if (!afs_settoken_str((char *)response.extra_data.data)) {
 		d_fprintf(stderr, "Could not set token\n");
-		return False;
+		return false;
 	}
 
 	d_printf("Successfully created AFS token\n");
-	return True;
+	return true;
 }
 
 /* Print domain users */
@@ -1081,12 +1081,12 @@ static bool print_domain_users(const char *domain)
 
 	if (winbindd_request_response(WINBINDD_LIST_USERS, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
-		return False;
+		return false;
 
 	/* Look through extra data */
 
 	if (!response.extra_data.data)
-		return False;
+		return false;
 
 	extra_data = (const char *)response.extra_data.data;
 
@@ -1097,7 +1097,7 @@ static bool print_domain_users(const char *domain)
 
 	SAFE_FREE(response.extra_data.data);
 
-	return True;
+	return true;
 }
 
 /* Print domain groups */
@@ -1122,12 +1122,12 @@ static bool print_domain_groups(const char *domain)
 
 	if (winbindd_request_response(WINBINDD_LIST_GROUPS, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
-		return False;
+		return false;
 
 	/* Look through extra data */
 
 	if (!response.extra_data.data)
-		return False;
+		return false;
 
 	extra_data = (const char *)response.extra_data.data;
 
@@ -1138,7 +1138,7 @@ static bool print_domain_groups(const char *domain)
 
 	SAFE_FREE(response.extra_data.data);
 
-	return True;
+	return true;
 }
 
 /* Set the authorised user for winbindd access in secrets.tdb */
@@ -1161,7 +1161,7 @@ static bool wbinfo_set_auth_user(char *username)
 	} else {
 		char *thepass = getpass("Password: ");
 		if (thepass) {
-			password = thepass;	
+			password = thepass;
 		} else
 			password = "";
 	}
@@ -1175,7 +1175,7 @@ static bool wbinfo_set_auth_user(char *username)
 		if (!secrets_store(SECRETS_AUTH_USER, user,
 				   strlen(user) + 1)) {
 			d_fprintf(stderr, "error storing username\n");
-			return False;
+			return false;
 		}
 
 		/* We always have a domain name added by the
@@ -1184,7 +1184,7 @@ static bool wbinfo_set_auth_user(char *username)
 		if (!secrets_store(SECRETS_AUTH_DOMAIN, domain,
 				   strlen(domain) + 1)) {
 			d_fprintf(stderr, "error storing domain name\n");
-			return False;
+			return false;
 		}
 
 	} else {
@@ -1197,13 +1197,13 @@ static bool wbinfo_set_auth_user(char *username)
 		if (!secrets_store(SECRETS_AUTH_PASSWORD, password,
 				   strlen(password) + 1)) {
 			d_fprintf(stderr, "error storing password\n");
-			return False;
+			return false;
 		}
 
 	} else
 		secrets_delete(SECRETS_AUTH_PASSWORD);
 
-	return True;
+	return true;
 }
 
 static void wbinfo_get_auth_user(void)
@@ -1211,7 +1211,7 @@ static void wbinfo_get_auth_user(void)
 	char *user, *domain, *password;
 
 	/* Lift data from secrets file */
-	
+
 	secrets_fetch_ipc_userpass(&user, &domain, &password);
 
 	if ((!user || !*user) && (!domain || !*domain ) && (!password || !*password)){
@@ -1241,10 +1241,10 @@ static bool wbinfo_ping(void)
 
 	/* Display response */
 
-        d_printf("Ping to winbindd %s on fd %d\n", 
-               (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd);
+	d_printf("Ping to winbindd %s on fd %d\n",
+		 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed", winbindd_fd);
 
-        return result == NSS_STATUS_SUCCESS;
+	return result == NSS_STATUS_SUCCESS;
 }
 
 /* Main program */
@@ -1270,7 +1270,7 @@ enum {
 int main(int argc, char **argv, char **envp)
 {
 	int opt;
-	TALLOC_CTX *frame = talloc_stackframe();	
+	TALLOC_CTX *frame = talloc_stackframe();
 	poptContext pc;
 	static char *string_arg;
 	static char *opt_domain_name;
@@ -1280,7 +1280,7 @@ int main(int argc, char **argv, char **envp)
 	struct poptOption long_options[] = {
 		POPT_AUTOHELP
 
-		/* longName, shortName, argInfo, argPtr, value, descrip, 
+		/* longName, shortName, argInfo, argPtr, value, descrip,
 		   argDesc */
 
 		{ "domain-users", 'u', POPT_ARG_NONE, 0, 'u', "Lists all domain users", "domain"},
@@ -1354,7 +1354,7 @@ int main(int argc, char **argv, char **envp)
 
 	poptFreeContext(pc);
 
-	if (!lp_load(get_dyn_CONFIGFILE(), True, False, False, True)) {
+	if (!lp_load(get_dyn_CONFIGFILE(), true, false, false, true)) {
 		d_fprintf(stderr, "wbinfo: error opening config file %s. Error was %s\n",
 			get_dyn_CONFIGFILE(), strerror(errno));
 		exit(1);
@@ -1458,7 +1458,7 @@ int main(int argc, char **argv, char **envp)
 			}
 			break;
 		case 'm':
-			if (!wbinfo_list_domains(False)) {
+			if (!wbinfo_list_domains(false)) {
 				d_fprintf(stderr, "Could not list trusted domains\n");
 				goto done;
 			}
@@ -1518,18 +1518,18 @@ int main(int argc, char **argv, char **envp)
 			}
 			break;
 		case 'a': {
-				bool got_error = False;
+				bool got_error = false;
 
 				if (!wbinfo_auth(string_arg)) {
 					d_fprintf(stderr, "Could not authenticate user %s with "
 						"plaintext password\n", string_arg);
-					got_error = True;
+					got_error = true;
 				}
 
 				if (!wbinfo_auth_crap(string_arg)) {
 					d_fprintf(stderr, "Could not authenticate user %s with "
 						"challenge/response\n", string_arg);
-					got_error = True;
+					got_error = true;
 				}
 
 				if (got_error)
@@ -1580,7 +1580,7 @@ int main(int argc, char **argv, char **envp)
 			}
 			break;
 		case OPT_SEPARATOR: {
-			const char sep = winbind_separator_int(True);
+			const char sep = winbind_separator_int(true);
 			if ( !sep ) {
 				goto done;
 			}
@@ -1588,7 +1588,7 @@ int main(int argc, char **argv, char **envp)
 			break;
 		}
 		case OPT_LIST_ALL_DOMAINS:
-			if (!wbinfo_list_domains(True)) {
+			if (!wbinfo_list_domains(true)) {
 				goto done;
 			}
 			break;
diff --git a/source3/nsswitch/winbind_client.h b/source3/nsswitch/winbind_client.h
index 2a3956e1fd..757f5869e9 100644
--- a/source3/nsswitch/winbind_client.h
+++ b/source3/nsswitch/winbind_client.h
@@ -14,9 +14,14 @@ NSS_STATUS winbindd_priv_request_response(int req_type,
 					  struct winbindd_response *response);
 int winbindd_read_reply(struct winbindd_response *response);
 
-bool winbind_env_set(void);
-bool winbind_off(void);
-bool winbind_on(void);
+#define winbind_env_set() \
+	(strcmp(getenv(WINBINDD_DONT_ENV)?getenv(WINBINDD_DONT_ENV):"0","1") == 0)
+
+#define winbind_off() \
+	(setenv(WINBINDD_DONT_ENV, "1", 1) == 0)
+
+#define winbind_on() \
+	(setenv(WINBINDD_DONT_ENV, "0", 1) == 0)
 
 int winbind_write_sock(void *buffer, int count, int recursing, int need_priv);
 int winbind_read_sock(void *buffer, int count);
diff --git a/source3/nsswitch/winbind_krb5_locator.c b/source3/nsswitch/winbind_krb5_locator.c
index eef57ca2c0..33a68f0cdc 100644
--- a/source3/nsswitch/winbind_krb5_locator.c
+++ b/source3/nsswitch/winbind_krb5_locator.c
@@ -90,7 +90,7 @@ static const char *family_name(int family)
 			return "AF_UNSPEC";
 		case AF_INET:
 			return "AF_INET";
-#if defined(HAVE_IPv6)
+#if defined(HAVE_IPV6)
 		case AF_INET6:
 			return "AF_INET6";
 #endif
@@ -137,9 +137,9 @@ static int smb_krb5_locator_lookup_sanity_check(enum locate_service_type svc,
 		case AF_UNSPEC:
 		case AF_INET:
 			break;
-#if defined(HAVE_IPv6)
-		case AF_INET6: /* not yet */
-			return KRB5_PLUGIN_NO_HANDLE;
+#if defined(HAVE_IPV6)
+		case AF_INET6:
+			break;
 #endif
 		default:
 			return EINVAL;
diff --git a/source3/nsswitch/winbind_struct_protocol.h b/source3/nsswitch/winbind_struct_protocol.h
index 12ca1e55c8..e81813c77b 100644
--- a/source3/nsswitch/winbind_struct_protocol.h
+++ b/source3/nsswitch/winbind_struct_protocol.h
@@ -431,6 +431,7 @@ struct winbindd_response {
 				fstring logon_srv;
 				fstring logon_dom;
 			} info3;
+			fstring unix_username;
 		} auth;
 		struct {
 			fstring name;
diff --git a/source3/nsswitch/wins.c b/source3/nsswitch/wins.c
index c822fc78b9..35649dfda2 100644
--- a/source3/nsswitch/wins.c
+++ b/source3/nsswitch/wins.c
@@ -147,7 +147,7 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count)
 static NODE_STATUS_STRUCT *lookup_byaddr_backend(char *addr, int *count)
 {
 	int fd;
-	struct in_addr  ip;
+	struct sockaddr_storage ss;
 	struct nmb_name nname;
 	NODE_STATUS_STRUCT *status;
 
@@ -160,8 +160,10 @@ static NODE_STATUS_STRUCT *lookup_byaddr_backend(char *addr, int *count)
 		return NULL;
 
 	make_nmb_name(&nname, "*", 0);
-	(void)interpret_addr2(&ip,addr);
-	status = node_status_query(fd,&nname,ip, count, NULL);
+	if (!interpret_string_addr(&ss, addr, AI_NUMERICHOST)) {
+		return NULL;
+	}
+	status = node_status_query(fd, &nname, &ss, count, NULL);
 
 	close(fd);
 	return status;
diff --git a/source3/pam_smbpass/pam_smb_acct.c b/source3/pam_smbpass/pam_smb_acct.c
index 59ed4eee8b..b9bcb31091 100644
--- a/source3/pam_smbpass/pam_smb_acct.c
+++ b/source3/pam_smbpass/pam_smb_acct.c
@@ -78,7 +78,7 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags,
 	}
 
 	if (geteuid() != 0) {
-		_log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
+		_log_err( LOG_DEBUG, "Cannot access samba password database, not running as root.");
 		return PAM_AUTHINFO_UNAVAIL;
 	}
 
diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c
index de5310761f..326a0b59e7 100644
--- a/source3/pam_smbpass/pam_smb_passwd.c
+++ b/source3/pam_smbpass/pam_smb_passwd.c
@@ -130,7 +130,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
     }
 
     if (geteuid() != 0) {
-	_log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
+	_log_err( LOG_DEBUG, "Cannot access samba password database, not running as root.");
 	return PAM_AUTHINFO_UNAVAIL;
     }
 
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index eaf19b746a..e23c30789a 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -9,6 +9,7 @@
    Copyright (C) Alexander Bokovoy 2002
    Copyright (C) Stefan (metze) Metzmacher 2002
    Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
+   Copyright (C) Michael Adam 2008
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -51,6 +52,7 @@
  */
 
 #include "includes.h"
+#include "libnet/libnet.h"
 
 bool in_client = False;		/* Not in the client by default */
 bool bLoaded = False;
@@ -70,16 +72,13 @@ extern userdom_struct current_user_info;
 #define HOMES_NAME "homes"
 #endif
 
-/* the special value for the include parameter
- * to be interpreted not as a file name but to
- * trigger loading of the global smb.conf options
- * from registry. */
-#ifndef INCLUDE_REGISTRY_NAME
-#define INCLUDE_REGISTRY_NAME "registry"
-#endif
+static uint64_t conf_last_seqnum = 0;
+static struct libnet_conf_ctx *conf_ctx = NULL;
+
+#define CONFIG_BACKEND_FILE 0
+#define CONFIG_BACKEND_REGISTRY 1
 
-static int regdb_last_seqnum = 0;
-static bool include_registry_globals = False;
+static int config_backend = CONFIG_BACKEND_FILE;
 
 /* some helpful bits */
 #define LP_SNUM_OK(i) (((i) >= 0) && ((i) < iNumServices) && (ServicePtrs != NULL) && ServicePtrs[(i)]->valid)
@@ -104,6 +103,7 @@ struct _param_opt_struct {
  * This structure describes global (ie., server-wide) parameters.
  */
 typedef struct {
+	int ConfigBackend;
 	char *smb_ports;
 	char *dos_charset;
 	char *unix_charset;
@@ -246,6 +246,8 @@ typedef struct {
 	int ldap_ssl;
 	char *szLdapSuffix;
 	char *szLdapAdminDn;
+	int ldap_debug_level;
+	int ldap_debug_threshold;
 	int iAclCompat;
 	char *szCupsServer;
 	char *szIPrintServer;
@@ -418,6 +420,7 @@ typedef struct {
 	bool bRead_only;
 	bool bNo_set_dir;
 	bool bGuest_only;
+	bool bHidden;
 	bool bGuest_ok;
 	bool bPrint_ok;
 	bool bMap_system;
@@ -560,6 +563,7 @@ static service sDefault = {
 	True,			/* bRead_only */
 	True,			/* bNo_set_dir */
 	False,			/* bGuest_only */
+	False,			/* bHidden */
 	False,			/* bGuest_ok */
 	False,			/* bPrint_ok */
 	False,			/* bMap_system */
@@ -650,6 +654,7 @@ static bool handle_netbios_aliases( int snum, const char *pszParmValue, char **p
 static bool handle_netbios_scope( int snum, const char *pszParmValue, char **ptr );
 static bool handle_charset( int snum, const char *pszParmValue, char **ptr );
 static bool handle_printing( int snum, const char *pszParmValue, char **ptr);
+static bool handle_ldap_debug_level( int snum, const char *pszParmValue, char **ptr);
 
 static void set_server_role(void);
 static void set_default_server_announce_type(void);
@@ -842,6 +847,14 @@ static const struct enum_list enum_map_to_guest[] = {
 	{-1, NULL}
 };
 
+/* Config backend options */
+
+static const struct enum_list enum_config_backend[] = {
+	{CONFIG_BACKEND_FILE, "file"},
+	{CONFIG_BACKEND_REGISTRY, "registry"},
+	{-1, NULL}
+};
+
 /* Note: We do not initialise the defaults union - it is not allowed in ANSI C
  *
  * The FLAG_HIDE is explicit. Paramters set this way do NOT appear in any edit
@@ -880,6 +893,8 @@ static struct parm_struct parm_table[] = {
 	{"interfaces", P_LIST, P_GLOBAL, &Globals.szInterfaces, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD}, 
 	{"bind interfaces only", P_BOOL, P_GLOBAL, &Globals.bBindInterfacesOnly, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD}, 
 
+	{"config backend", P_ENUM, P_GLOBAL, &Globals.ConfigBackend, NULL, enum_config_backend, FLAG_ADVANCED},
+
 	{N_("Security Options"), P_SEP, P_SEPARATOR}, 
 
 	{"security", P_ENUM, P_GLOBAL, &Globals.security, NULL, enum_security, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD}, 
@@ -958,6 +973,7 @@ static struct parm_struct parm_table[] = {
 	{"inherit owner", P_BOOL, P_LOCAL, &sDefault.bInheritOwner, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE}, 
 	{"guest only", P_BOOL, P_LOCAL, &sDefault.bGuest_only, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE}, 
 	{"only guest", P_BOOL, P_LOCAL, &sDefault.bGuest_only, NULL, NULL, FLAG_HIDE}, 
+	{"hidden", P_BOOL, P_LOCAL, &sDefault.bHidden, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT},
 
 	{"guest ok", P_BOOL, P_LOCAL, &sDefault.bGuest_ok, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT}, 
 	{"public", P_BOOL, P_LOCAL, &sDefault.bGuest_ok, NULL, NULL, FLAG_HIDE}, 
@@ -1215,14 +1231,18 @@ static struct parm_struct parm_table[] = {
 	{"ldap page size", P_INTEGER, P_GLOBAL, &Globals.ldap_page_size, NULL, NULL, FLAG_ADVANCED},
 	{"ldap user suffix", P_STRING, P_GLOBAL, &Globals.szLdapUserSuffix, NULL, NULL, FLAG_ADVANCED}, 
 
+	{"ldap debug level", P_INTEGER, P_GLOBAL, &Globals.ldap_debug_level, handle_ldap_debug_level, NULL, FLAG_ADVANCED},
+	{"ldap debug threshold", P_INTEGER, P_GLOBAL, &Globals.ldap_debug_threshold, NULL, NULL, FLAG_ADVANCED},
+
+
+	{N_("EventLog Options"), P_SEP, P_SEPARATOR}, 
+	{"eventlog list",  P_LIST, P_GLOBAL, &Globals.szEventLogs, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE}, 
+
 	{N_("Miscellaneous Options"), P_SEP, P_SEPARATOR}, 
 	{"add share command", P_STRING, P_GLOBAL, &Globals.szAddShareCommand, NULL, NULL, FLAG_ADVANCED}, 
 	{"change share command", P_STRING, P_GLOBAL, &Globals.szChangeShareCommand, NULL, NULL, FLAG_ADVANCED}, 
 	{"delete share command", P_STRING, P_GLOBAL, &Globals.szDeleteShareCommand, NULL, NULL, FLAG_ADVANCED}, 
 
-	{N_("EventLog Options"), P_SEP, P_SEPARATOR}, 
-	{"eventlog list",  P_LIST, P_GLOBAL, &Globals.szEventLogs, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE}, 
-	
 	{"config file", P_STRING, P_GLOBAL, &Globals.szConfigFile, NULL, NULL, FLAG_HIDE}, 
 	{"preload", P_STRING, P_GLOBAL, &Globals.szAutoServices, NULL, NULL, FLAG_ADVANCED}, 
 	{"auto services", P_STRING, P_GLOBAL, &Globals.szAutoServices, NULL, NULL, FLAG_ADVANCED}, 
@@ -1294,6 +1314,8 @@ static struct parm_struct parm_table[] = {
 	{"vfs object", P_LIST, P_LOCAL, &sDefault.szVfsObjects, NULL, NULL, FLAG_HIDE}, 
 
 
+	{N_("MSDFS options"), P_SEP, P_SEPARATOR},
+
 	{"msdfs root", P_BOOL, P_LOCAL, &sDefault.bMSDfsRoot, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE}, 
 	{"msdfs proxy", P_STRING, P_LOCAL, &sDefault.szMSDfsProxy, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE}, 
 	{"host msdfs", P_BOOL, P_GLOBAL, &Globals.bHostMSDfs, NULL, NULL, FLAG_ADVANCED}, 
@@ -1527,6 +1549,8 @@ static void init_globals(bool first_time_only)
 	Globals.bLoadPrinters = True;
 	Globals.PrintcapCacheTime = 750; 	/* 12.5 minutes */
 
+	Globals.ConfigBackend = config_backend;
+
 	/* Was 65535 (0xFFFF). 0x4101 matches W2K and causes major speed improvements... */
 	/* Discovered by 2 days of pain by Don McCall @ HP :-). */
 	Globals.max_xmit = 0x4104;
@@ -1628,6 +1652,9 @@ static void init_globals(bool first_time_only)
 	Globals.ldap_timeout = LDAP_CONNECT_DEFAULT_TIMEOUT;
 	Globals.ldap_page_size = LDAP_PAGE_SIZE;
 
+	Globals.ldap_debug_level = 0;
+	Globals.ldap_debug_threshold = 10;
+
 	/* This is what we tell the afs client. in reality we set the token 
 	 * to never expire, though, when this runs out the afs client will 
 	 * forget the token. Set to 0 to get NEVERDATE.*/
@@ -1679,7 +1706,7 @@ static void init_globals(bool first_time_only)
 	Globals.bWinbindTrustedDomainsOnly = False;
 	Globals.bWinbindNestedGroups = True;
 	Globals.winbind_expand_groups = 1;
-	Globals.szWinbindNssInfo = str_list_make("template", NULL);
+	Globals.szWinbindNssInfo = str_list_make(NULL, "template", NULL);
 	Globals.bWinbindRefreshTickets = False;
 	Globals.bWinbindOfflineLogon = False;
 
@@ -1942,6 +1969,8 @@ FN_GLOBAL_BOOL(lp_ldap_delete_dn, &Globals.ldap_delete_dn)
 FN_GLOBAL_INTEGER(lp_ldap_replication_sleep, &Globals.ldap_replication_sleep)
 FN_GLOBAL_INTEGER(lp_ldap_timeout, &Globals.ldap_timeout)
 FN_GLOBAL_INTEGER(lp_ldap_page_size, &Globals.ldap_page_size)
+FN_GLOBAL_INTEGER(lp_ldap_debug_level, &Globals.ldap_debug_level)
+FN_GLOBAL_INTEGER(lp_ldap_debug_threshold, &Globals.ldap_debug_threshold)
 FN_GLOBAL_STRING(lp_add_share_cmd, &Globals.szAddShareCommand)
 FN_GLOBAL_STRING(lp_change_share_cmd, &Globals.szChangeShareCommand)
 FN_GLOBAL_STRING(lp_delete_share_cmd, &Globals.szDeleteShareCommand)
@@ -2046,6 +2075,7 @@ FN_GLOBAL_INTEGER(lp_oplock_break_wait_time, &Globals.oplock_break_wait_time)
 FN_GLOBAL_INTEGER(lp_lock_spin_time, &Globals.iLockSpinTime)
 FN_GLOBAL_INTEGER(lp_usershare_max_shares, &Globals.iUsershareMaxShares)
 FN_GLOBAL_CONST_STRING(lp_socket_options, &Globals.szSocketOptions)
+FN_GLOBAL_INTEGER(lp_config_backend, &Globals.ConfigBackend);
 
 FN_LOCAL_STRING(lp_preexec, szPreExec)
 FN_LOCAL_STRING(lp_postexec, szPostExec)
@@ -2110,6 +2140,7 @@ FN_LOCAL_BOOL(lp_readonly, bRead_only)
 FN_LOCAL_BOOL(lp_no_set_dir, bNo_set_dir)
 FN_LOCAL_BOOL(lp_guest_ok, bGuest_ok)
 FN_LOCAL_BOOL(lp_guest_only, bGuest_only)
+FN_LOCAL_BOOL(lp_hidden, bHidden)
 FN_LOCAL_BOOL(lp_print_ok, bPrint_ok)
 FN_LOCAL_BOOL(lp_map_hidden, bMap_hidden)
 FN_LOCAL_BOOL(lp_map_archive, bMap_archive)
@@ -2224,8 +2255,7 @@ static param_opt_struct *get_parametrics(int snum, const char *type, const char
 		data = ServicePtrs[snum]->param_opt;
 	}
     
-	asprintf(&param_key, "%s:%s", type, option);
-	if (!param_key) {
+	if (asprintf(&param_key, "%s:%s", type, option) == -1) {
 		DEBUG(0,("asprintf failed!\n"));
 		return NULL;
 	}
@@ -2384,7 +2414,7 @@ const char **lp_parm_string_list(int snum, const char *type, const char *option,
 		return (const char **)def;
 		
 	if (data->list==NULL) {
-		data->list = str_list_make(data->value, NULL);
+		data->list = str_list_make(NULL, data->value, NULL);
 	}
 
 	return (const char **)data->list;
@@ -2481,9 +2511,10 @@ static void free_service(service *pservice)
 				     PTR_DIFF(parm_table[i].ptr, &sDefault)));
 		else if (parm_table[i].type == P_LIST &&
 			 parm_table[i].p_class == P_LOCAL)
-			     str_list_free((char ***)
-			     		    (((char *)pservice) +
-					     PTR_DIFF(parm_table[i].ptr, &sDefault)));
+			     TALLOC_FREE(*((char ***)
+					   (((char *)pservice) +
+					    PTR_DIFF(parm_table[i].ptr,
+						     &sDefault))));
 	}
 
 	data = pservice->param_opt;
@@ -2493,7 +2524,7 @@ static void free_service(service *pservice)
 		DEBUG(5,("[%s = %s]\n", data->key, data->value));
 		string_free(&data->key);
 		string_free(&data->value);
-		str_list_free(&data->list);
+		TALLOC_FREE(data->list);
 		pdata = data->next;
 		SAFE_FREE(data);
 		data = pdata;
@@ -2553,7 +2584,7 @@ static int add_a_service(const service *pservice, const char *name)
 			while (data) {
 				string_free(&data->key);
 				string_free(&data->value);
-				str_list_free(&data->list);
+				TALLOC_FREE(data->list);
 				pdata = data->next;
 				SAFE_FREE(data);
 				data = pdata;
@@ -2747,6 +2778,7 @@ static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
 	ServicePtrs[i]->bAvailable = True;
 	ServicePtrs[i]->bRead_only = True;
 	ServicePtrs[i]->bGuest_only = False;
+	ServicePtrs[i]->bHidden = True;
 	ServicePtrs[i]->bGuest_ok = guest_ok;
 	ServicePtrs[i]->bPrint_ok = False;
 	ServicePtrs[i]->bBrowseable = sDefault.bBrowseable;
@@ -3262,8 +3294,9 @@ static void copy_service(service * pserviceDest, service * pserviceSource,
 					strupper_m(*(char **)dest_ptr);
 					break;
 				case P_LIST:
-					str_list_free((char ***)dest_ptr);
-					str_list_copy((char ***)dest_ptr, *(const char ***)src_ptr);
+					TALLOC_FREE(*((char ***)dest_ptr));
+					str_list_copy(NULL, (char ***)dest_ptr,
+						      *(const char ***)src_ptr);
 					break;
 				default:
 					break;
@@ -3286,7 +3319,7 @@ static void copy_service(service * pserviceDest, service * pserviceSource,
 			/* If we already have same option, override it */
 			if (strcmp(pdata->key, data->key) == 0) {
 				string_free(&pdata->value);
-				str_list_free(&data->list);
+				TALLOC_FREE(data->list);
 				pdata->value = SMB_STRDUP(data->value);
 				not_added = False;
 				break;
@@ -3351,245 +3384,46 @@ bool service_ok(int iService)
 }
 
 /*
- * lp_regdb_open - regdb helper function 
- *
- * this should be considered an interim solution that becomes
- * superfluous once the registry code has been rewritten
- * do allow use of the tdb portion of the registry alone.
- *
- * in the meanwhile this provides a lean access
- * to the registry globals.
- */
-
-static struct tdb_wrap *lp_regdb_open(void)
-{
-	struct tdb_wrap *reg_tdb = NULL;
-	const char *vstring = "INFO/version";
-	uint32 vers_id;
-
-	become_root();
-	reg_tdb = tdb_wrap_open(NULL, state_path("registry.tdb"), 0, 
-				REG_TDB_FLAGS, O_RDWR, 0600);
-	unbecome_root();
-	if (!reg_tdb) {
-		DEBUG(1, ("lp_regdb_open: failed to open %s: %s\n",
-			 state_path("registry.tdb"), strerror(errno)));
-		goto done;
-	}
-	else {
-		DEBUG(10, ("lp_regdb_open: reg tdb opened.\n"));
-	}
-
-	vers_id = tdb_fetch_int32(reg_tdb->tdb, vstring);
-	if (vers_id != REGVER_V1) {
-		DEBUG(10, ("lp_regdb_open: INFO: registry tdb %s has wrong "
-			  "INFO/version (got %d, expected %d)\n",
-			  state_path("registry.tdb"), vers_id, REGVER_V1));
-		/* this is apparently not implemented in the tdb */
-	}
-
-done:
-	return reg_tdb;
-}
-
-/*
  * process_registry_globals
- *
- * this is the interim version of process_registry globals
- *
- * until we can do it as we would like using the api and only
- * using the tdb portion of the registry (see below),
- * this just provides the needed functionality of regdb_fetch_values
- * and regdb_unpack_values, circumventing any fancy stuff, to
- * give us access to the registry globals.
  */
 static bool process_registry_globals(bool (*pfunc)(const char *, const char *))
 {
-	bool ret = False;
-	struct tdb_wrap *reg_tdb = NULL;
-	WERROR err;
-	char *keystr;
-	TDB_DATA data;
-	/* vars for the tdb unpack loop */
-	int len = 0;
-	int i;
-	int buflen;
-	uint8 *buf;
-	uint32 type;
-	uint32 size;
-	uint32 num_values = 0;
-	uint8 *data_p;
-	char * valstr;
-	struct registry_value *value = NULL;
-
-	include_registry_globals = True;
-
-	ZERO_STRUCT(data);
-
-	reg_tdb = lp_regdb_open();
-	if (!reg_tdb) {
-		DEBUG(1, ("Error opening the registry!\n"));
-		goto done;
-	}
-
-	/* reg_tdb is from now on used as talloc ctx.
-	 * freeing it closes the tdb (if refcount is 0) */
-
-	keystr = talloc_asprintf(reg_tdb,"%s/%s/%s", REG_VALUE_PREFIX,
-				 KEY_SMBCONF, GLOBAL_NAME);
-	normalize_dbkey(keystr);
-
-	DEBUG(10, ("process_registry_globals: fetching key '%s'\n",
-		   keystr));
-
-	data = tdb_fetch_bystring(reg_tdb->tdb, keystr);
-	if (!data.dptr) {
-		ret = True;
-		goto done;
-	}
-
-	buf = data.dptr;
-	buflen = data.dsize;
-
-	/* unpack number of values */
-	len = tdb_unpack(buf, buflen, "d", &num_values);
-	DEBUG(10, ("process_registry_globals: got %d values from tdb\n",
-		   num_values));
-
-	/* unpack the values */
-	for (i=0; i < num_values; i++) {
-		fstring valname;
-		type = REG_NONE;
-		size = 0;
-		data_p = NULL;
-		len += tdb_unpack(buf+len, buflen-len, "fdB",
-				  valname,
-				  &type,
-				  &size,
-				  &data_p);
-		if (registry_smbconf_valname_forbidden(valname)) {
-			DEBUG(10, ("process_registry_globals: Ignoring "
-				   "parameter '%s' in registry.\n", valname));
-			continue;
-		}
-		DEBUG(10, ("process_registry_globals: got value '%s'\n",
-			   valname));
-		if (size && data_p) {
-			err = registry_pull_value(reg_tdb,
-						  &value,
-						  (enum winreg_Type)type,
-						  data_p,
-						  size,
-						  size);
-			SAFE_FREE(data_p);
-			if (!W_ERROR_IS_OK(err)) {
-				goto done;
-			}
-			switch(type) {
-			case REG_DWORD:
-				valstr = talloc_asprintf(reg_tdb, "%d",
-							 value->v.dword);
-				pfunc(valname, valstr);
-				break;
-			case REG_SZ:
-				pfunc(valname, value->v.sz.str);
-				break;
-			default:
-				/* ignore other types */
-				break;
-			}
+	WERROR werr;
+	char **param_names;
+	char **param_values;
+	uint32_t num_params;
+	uint32_t count;
+	TALLOC_CTX *mem_ctx = talloc_stackframe();
+	bool ret = false;
+
+	if (conf_ctx == NULL) {
+		/* first time */
+		werr = libnet_conf_open(NULL, &conf_ctx);
+		if (!W_ERROR_IS_OK(werr)) {
+			goto done;
 		}
 	}
 
-	ret = pfunc("registry shares", "yes");
-	regdb_last_seqnum = tdb_get_seqnum(reg_tdb->tdb);
-
-done:
-	TALLOC_FREE(reg_tdb);
-	SAFE_FREE(data.dptr);
-	return ret;
-}
-
-#if 0
-/*
- * this is process_registry_globals as it _should_ be (roughly)
- * using the reg_api functions...
- *
- * We are *not* currently doing it like this due to the large
- * linker dependecies of the registry code (see above).
- */
-static bool process_registry_globals(bool (*pfunc)(const char *, const char *))
-{
-	bool ret = False;
-	TALLOC_CTX *ctx = NULL;
-	char *regpath = NULL;
-	WERROR werr = WERR_OK;
-	struct registry_key *key = NULL;
-	struct registry_value *value = NULL;
-	char *valname = NULL;
-	char *valstr = NULL;
-	uint32 idx = 0;
-	NT_USER_TOKEN *token = NULL;
-
-	ctx = talloc_init("process_registry_globals");
-	if (!ctx) {
-		smb_panic("Failed to create talloc context!");
-	}
-
-	include_registry_globals = True;
-
-	if (!registry_init_regdb()) {
-		DEBUG(1, ("Error initializing the registry.\n"));
-		goto done;
-	}
-
-	werr = ntstatus_to_werror(registry_create_admin_token(ctx, &token));
-	if (!W_ERROR_IS_OK(werr)) {
-		DEBUG(1, ("Error creating admin token: %s\n",dos_errstr(werr)));
-		goto done;
-	}
-
-	regpath = talloc_asprintf(ctx,"%s\\%s", KEY_SMBCONF, GLOBAL_NAME);
-	werr = reg_open_path(ctx, regpath, REG_KEY_READ, token, &key);
+	werr = libnet_conf_get_share(mem_ctx, conf_ctx, GLOBAL_NAME,
+				     &num_params, &param_names, &param_values);
 	if (!W_ERROR_IS_OK(werr)) {
-		DEBUG(1, ("Registry smbconf global section does not exist.\n"));
-		DEBUGADD(1, ("Error opening registry path '%s\\%s: %s\n",
-			     KEY_SMBCONF, GLOBAL_NAME, dos_errstr(werr)));
 		goto done;
 	}
 
-	for (idx = 0;
-	     W_ERROR_IS_OK(werr = reg_enumvalue(ctx, key, idx, &valname,
-			     			&value));
-	     idx++)
-	{
-		DEBUG(5, ("got global registry parameter '%s'\n", valname));
-		switch(value->type) {
-		case REG_DWORD:
-			valstr = talloc_asprintf(ctx, "%d", value->v.dword);
-			pfunc(valname, valstr);
-			TALLOC_FREE(valstr);
-			break;
-		case REG_SZ:
-			pfunc(valname, value->v.sz.str);
-			break;
-		default:
-			/* ignore other types */
-			break;
+	for (count = 0; count < num_params; count++) {
+		ret = pfunc(param_names[count], param_values[count]);
+		if (ret != true) {
+			goto done;
 		}
-		TALLOC_FREE(value);
-		TALLOC_FREE(valstr);
 	}
 
 	ret = pfunc("registry shares", "yes");
-
-	regdb_last_seqnum = regdb_get_seqnum();
+	conf_last_seqnum = libnet_conf_get_seqnum(conf_ctx, NULL, NULL);
 
 done:
-	talloc_destroy(ctx);
+	TALLOC_FREE(mem_ctx);
 	return ret;
 }
-#endif /* if 0 */
 
 static struct file_lists {
 	struct file_lists *next;
@@ -3637,9 +3471,12 @@ static void add_to_file_list(const char *fname, const char *subfname)
 	}
 }
 
-bool lp_include_registry_globals(void)
+/**
+ * Utility function for outsiders to check if we're running on registry.
+ */
+bool lp_config_backend_is_registry(void)
 {
-	return include_registry_globals;
+	return (lp_config_backend() == CONFIG_BACKEND_REGISTRY);
 }
 
 /*******************************************************************
@@ -3649,18 +3486,36 @@ bool lp_include_registry_globals(void)
 bool lp_file_list_changed(void)
 {
 	struct file_lists *f = file_lists;
-	struct tdb_wrap *reg_tdb = NULL;
 
  	DEBUG(6, ("lp_file_list_changed()\n"));
 
-	if (include_registry_globals) {
-		reg_tdb = lp_regdb_open();
-		if (reg_tdb && (regdb_last_seqnum != tdb_get_seqnum(reg_tdb->tdb)))
-		{
-			DEBUGADD(6, ("regdb seqnum changed: old = %d, new = %d\n",
-				    regdb_last_seqnum, tdb_get_seqnum(reg_tdb->tdb)));
-			TALLOC_FREE(reg_tdb);
+	if (lp_config_backend() == CONFIG_BACKEND_REGISTRY) {
+		uint64_t conf_cur_seqnum;
+		if (conf_ctx == NULL) {
+			WERROR werr;
+			werr = libnet_conf_open(NULL, &conf_ctx);
+			if (!W_ERROR_IS_OK(werr)) {
+				DEBUG(0, ("error opening configuration: %s\n",
+					  dos_errstr(werr)));
+				return false;
+			}
+		}
+		conf_cur_seqnum = libnet_conf_get_seqnum(conf_ctx, NULL, NULL);
+		if (conf_last_seqnum != conf_cur_seqnum) {
+			DEBUGADD(6, ("regdb seqnum changed: old = %llu, "
+				     "new = %llu\n",
+				     (unsigned long long)conf_last_seqnum,
+				     (unsigned long long)conf_cur_seqnum));
 			return true;
+		} else {
+			/*
+			 * Don't check files when config_backend is registry.
+			 * Remove this to obtain checking of files even with
+			 * registry config backend. That would enable switching
+			 * off registry configuration by changing smb.conf even
+			 * without restarting smbd.
+			 */
+			return false;
 		}
 	}
 
@@ -3696,6 +3551,7 @@ bool lp_file_list_changed(void)
 	return (False);
 }
 
+
 /***************************************************************************
  Run standard_sub_basic on netbios name... needed because global_myname
  is not accessed through any lp_ macro.
@@ -3752,8 +3608,8 @@ static bool handle_netbios_scope(int snum, const char *pszParmValue, char **ptr)
 
 static bool handle_netbios_aliases(int snum, const char *pszParmValue, char **ptr)
 {
-	str_list_free(&Globals.szNetbiosAliases);
-	Globals.szNetbiosAliases = str_list_make(pszParmValue, NULL);
+	TALLOC_FREE(Globals.szNetbiosAliases);
+	Globals.szNetbiosAliases = str_list_make(NULL, pszParmValue, NULL);
 	return set_netbios_aliases((const char **)Globals.szNetbiosAliases);
 }
 
@@ -3765,17 +3621,6 @@ static bool handle_include(int snum, const char *pszParmValue, char **ptr)
 {
 	char *fname;
 
-	if (strequal(pszParmValue, INCLUDE_REGISTRY_NAME)) {
-		if (bInGlobalSection) {
-			return process_registry_globals(do_parameter);
-		}
-		else {
-			DEBUG(1, ("\"include = registry\" only effective "
-				  "in %s section\n", GLOBAL_NAME));
-			return false;
-		}
-	}
-
 	fname = alloc_sub_basic(get_current_username(),
 				current_user_info.domain,
 				pszParmValue);
@@ -3831,6 +3676,13 @@ static bool handle_copy(int snum, const char *pszParmValue, char **ptr)
 	return (bRetval);
 }
 
+static bool handle_ldap_debug_level(int snum, const char *pszParmValue, char **ptr)
+{
+	Globals.ldap_debug_level = lp_int(pszParmValue);
+	init_ldap_debugging();
+	return true;
+}
+
 /***************************************************************************
  Handle idmap/non unix account uid and gid allocation parameters.  The format of these
  parameters is:
@@ -4088,7 +3940,7 @@ bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue
 				/* If we already have same option, override it */
 				if (strcmp(data->key, param_key) == 0) {
 					string_free(&data->value);
-					str_list_free(&data->list);
+					TALLOC_FREE(data->list);
 					data->value = SMB_STRDUP(pszParmValue);
 					not_added = False;
 					break;
@@ -4181,8 +4033,9 @@ bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue
 			break;
 
 		case P_LIST:
-			str_list_free((char ***)parm_ptr);
-			*(char ***)parm_ptr = str_list_make(pszParmValue, NULL);
+			TALLOC_FREE(*((char ***)parm_ptr));
+			*(char ***)parm_ptr = str_list_make(
+				NULL, pszParmValue, NULL);
 			break;
 
 		case P_STRING:
@@ -4698,6 +4551,7 @@ static void lp_add_auto_services(char *str)
 	char *s;
 	char *p;
 	int homes;
+	char *saveptr;
 
 	if (!str)
 		return;
@@ -4708,7 +4562,8 @@ static void lp_add_auto_services(char *str)
 
 	homes = lp_servicenumber(HOMES_NAME);
 
-	for (p = strtok(s, LIST_SEP); p; p = strtok(NULL, LIST_SEP)) {
+	for (p = strtok_r(s, LIST_SEP, &saveptr); p;
+	     p = strtok_r(NULL, LIST_SEP, &saveptr)) {
 		char *home;
 
 		if (lp_servicenumber(p) >= 0)
@@ -4799,8 +4654,9 @@ static void lp_save_defaults(void)
 			continue;
 		switch (parm_table[i].type) {
 			case P_LIST:
-				str_list_copy(&(parm_table[i].def.lvalue),
-					    *(const char ***)parm_table[i].ptr);
+				str_list_copy(
+					NULL, &(parm_table[i].def.lvalue),
+					*(const char ***)parm_table[i].ptr);
 				break;
 			case P_STRING:
 			case P_USTRING:
@@ -5634,7 +5490,7 @@ void gfree_loadparm(void)
 			string_free( (char**)parm_table[i].ptr );
 		}
 		else if (parm_table[i].type == P_LIST) {
-			str_list_free( (char***)parm_table[i].ptr );
+			TALLOC_FREE( *((char***)parm_table[i].ptr) );
 		}
 	}
 }
@@ -5654,15 +5510,6 @@ bool lp_load(const char *pszFname,
 	bool bRetval;
 	param_opt_struct *data, *pdata;
 
-	n2 = alloc_sub_basic(get_current_username(),
-				current_user_info.domain,
-				pszFname);
-	if (!n2) {
-		smb_panic("lp_load: out of memory");
-	}
-
-	add_to_file_list(pszFname, n2);
-
 	bRetval = False;
 
 	DEBUG(3, ("lp_load: refreshing parameters\n"));
@@ -5683,7 +5530,7 @@ bool lp_load(const char *pszFname,
 		while (data) {
 			string_free(&data->key);
 			string_free(&data->value);
-			str_list_free(&data->list);
+			TALLOC_FREE(data->list);
 			pdata = data->next;
 			SAFE_FREE(data);
 			data = pdata;
@@ -5691,17 +5538,48 @@ bool lp_load(const char *pszFname,
 		Globals.param_opt = NULL;
 	}
 
-	/* We get sections first, so have to start 'behind' to make up */
-	iServiceIndex = -1;
-	bRetval = pm_process(n2, do_section, do_parameter);
-	SAFE_FREE(n2);
+	if (lp_config_backend() == CONFIG_BACKEND_FILE) {
+		n2 = alloc_sub_basic(get_current_username(),
+					current_user_info.domain,
+					pszFname);
+		if (!n2) {
+			smb_panic("lp_load: out of memory");
+		}
+
+		add_to_file_list(pszFname, n2);
 
-	/* finish up the last section */
-	DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
-	if (bRetval) {
-		if (iServiceIndex >= 0) {
-			bRetval = service_ok(iServiceIndex);
+		/* We get sections first, so have to start 'behind' to make up */
+		iServiceIndex = -1;
+		bRetval = pm_process(n2, do_section, do_parameter);
+		SAFE_FREE(n2);
+
+		/* finish up the last section */
+		DEBUG(4, ("pm_process() returned %s\n", BOOLSTR(bRetval)));
+		if (bRetval) {
+			if (iServiceIndex >= 0) {
+				bRetval = service_ok(iServiceIndex);
+			}
 		}
+
+		if (lp_config_backend() == CONFIG_BACKEND_REGISTRY) {
+			/*
+			 * We need to use this extra global variable here to
+			 * survive restart: init_globals usese this as a default
+			 * for ConfigBackend. Otherwise, init_globals would
+			 *  send us into an endless loop here.
+			 */
+			config_backend = CONFIG_BACKEND_REGISTRY;
+			/* start over */
+			init_globals(false);
+			return lp_load(pszFname, global_only, save_defaults,
+				       add_ipc, initialize_globals);
+		}
+	} else if (lp_config_backend() == CONFIG_BACKEND_REGISTRY) {
+		bRetval = process_registry_globals(do_parameter);
+	} else {
+		DEBUG(0, ("Illegal config  backend given: %d\n",
+			  lp_config_backend()));
+		bRetval = false;
 	}
 
 	lp_add_auto_services(lp_auto_services());
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index 55dd654131..4341bc02cc 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -464,6 +464,9 @@ static bool lookup_rids(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid,
 {
 	int i;
 
+	DEBUG(10, ("lookup_rids called for domain sid '%s'\n",
+		   sid_string_dbg(domain_sid)));
+
 	if (num_rids) {
 		*names = TALLOC_ARRAY(mem_ctx, const char *, num_rids);
 		*types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_rids);
@@ -545,10 +548,16 @@ static bool lookup_rids(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid,
 		if (*domain_name == NULL) {
 			*domain_name = talloc_strdup(
 				mem_ctx, unix_users_domain_name());
+			if (*domain_name == NULL) {
+				return false;
+			}
 		}
 		for (i=0; i<num_rids; i++) {
 			(*names)[i] = talloc_strdup(
 				(*names), uidtoname(rids[i]));
+			if ((*names)[i] == NULL) {
+				return false;
+			}
 			(*types)[i] = SID_NAME_USER;
 		}
 		return true;
@@ -558,10 +567,16 @@ static bool lookup_rids(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid,
 		if (*domain_name == NULL) {
 			*domain_name = talloc_strdup(
 				mem_ctx, unix_groups_domain_name());
+			if (*domain_name == NULL) {
+				return false;
+			}
 		}
 		for (i=0; i<num_rids; i++) {
 			(*names)[i] = talloc_strdup(
 				(*names), gidtoname(rids[i]));
+			if ((*names)[i] == NULL) {
+				return false;
+			}
 			(*types)[i] = SID_NAME_DOM_GRP;
 		}
 		return true;
@@ -596,6 +611,16 @@ static bool lookup_as_domain(const DOM_SID *sid, TALLOC_CTX *mem_ctx,
 		return true;
 	}
 
+	if (sid_check_is_unix_users(sid)) {
+		*name = talloc_strdup(mem_ctx, unix_users_domain_name());
+		return true;
+	}
+
+	if (sid_check_is_unix_groups(sid)) {
+		*name = talloc_strdup(mem_ctx, unix_groups_domain_name());
+		return true;
+	}
+
 	if (sid->num_auths != 4) {
 		/* This can't be a domain */
 		return false;
@@ -922,6 +947,8 @@ bool lookup_sid(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
 	TALLOC_CTX *tmp_ctx;
 	bool ret = false;
 
+	DEBUG(10, ("lookup_sid called for SID '%s'\n", sid_string_dbg(sid)));
+
 	if (!(tmp_ctx = talloc_new(mem_ctx))) {
 		DEBUG(0, ("talloc_new failed\n"));
 		return false;
diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c
index d1599047a7..8fafcbbbd4 100644
--- a/source3/passdb/machine_sid.c
+++ b/source3/passdb/machine_sid.c
@@ -128,7 +128,10 @@ static DOM_SID *pdb_generate_sam_sid(void)
 	}
 
 	/* check for an old MACHINE.SID file for backwards compatibility */
-	asprintf(&fname, "%s/MACHINE.SID", lp_private_dir());
+	if (asprintf(&fname, "%s/MACHINE.SID", lp_private_dir()) == -1) {
+		SAFE_FREE(sam_sid);
+		return NULL;
+	}
 
 	if (read_sid_from_file(fname, sam_sid)) {
 		/* remember it for future reference and unlink the old MACHINE.SID */
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 4228f6c32f..46dab156ee 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -206,7 +206,7 @@ static NTSTATUS samu_set_unix_internal(struct samu *user, const struct passwd *p
 	/* Now deal with the user SID.  If we have a backend that can generate 
 	   RIDs, then do so.  But sometimes the caller just wanted a structure 
 	   initialized and will fill in these fields later (such as from a 
-	   NET_USER_INFO_3 structure) */
+	   netr_SamInfo3 structure) */
 
 	if ( create && !pdb_rid_algorithm() ) {
 		uint32 user_rid;
@@ -443,10 +443,7 @@ bool pdb_gethexhours(const char *p, unsigned char *hours)
 
 int algorithmic_rid_base(void)
 {
-	static int rid_offset = 0;
-
-	if (rid_offset != 0)
-		return rid_offset;
+	int rid_offset;
 
 	rid_offset = lp_algorithmic_rid_base();
 
@@ -1619,3 +1616,26 @@ bool get_trust_pw_hash(const char *domain, uint8 ret_pwd[16],
 	return False;
 }
 
+struct samr_LogonHours get_logon_hours_from_pdb(TALLOC_CTX *mem_ctx,
+						struct samu *pw)
+{
+	struct samr_LogonHours hours;
+	const int units_per_week = 168;
+
+	ZERO_STRUCT(hours);
+	hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week);
+	if (!hours.bits) {
+		return hours;
+	}
+
+	hours.units_per_week = units_per_week;
+	memset(hours.bits, 0xFF, units_per_week);
+
+	if (pdb_get_hours(pw)) {
+		memcpy(hours.bits, pdb_get_hours(pw),
+		       MIN(pdb_get_hours_len(pw), units_per_week));
+	}
+
+	return hours;
+}
+
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index 3b55dd478f..c427d41e23 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -538,7 +538,7 @@ bool pdb_set_user_sid_from_string(struct samu *sampass, fstring u_sid, enum pdb_
  We never fill this in from a passdb backend but rather set is 
  based on the user's primary group membership.  However, the 
  struct samu* is overloaded and reused in domain memship code 
- as well and built from the NET_USER_INFO_3 or PAC so we 
+ as well and built from the netr_SamInfo3 or PAC so we
  have to allow the explicitly setting of a group SID here.
 ********************************************************************/
 
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 0ab45bafc3..cd34c89bfc 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -168,7 +168,7 @@ NTSTATUS make_pdb_method_name(struct pdb_methods **methods, const char *selected
 }
 
 /******************************************************************
- Return an already initialised pdn_methods structure
+ Return an already initialized pdb_methods structure
 *******************************************************************/
 
 static struct pdb_methods *pdb_get_methods_reload( bool reload ) 
@@ -1349,7 +1349,7 @@ static bool get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size
 
 	/* We only look at our own sam, so don't care about imported stuff */
 	winbind_env = winbind_env_set();
-	winbind_off();
+	(void)winbind_off();
 
 	if ((grp = getgrgid(gid)) == NULL) {
 		/* allow winbindd lookups, but only if they weren't already disabled */
@@ -1385,7 +1385,7 @@ static bool get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size
 
 	/* allow winbindd lookups, but only if they weren't already disabled */
 	if (!winbind_env) {
-		winbind_on();
+		(void)winbind_on();
 	}
 	
 	return ret;
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 90a6ff011b..ce79dce668 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -2683,7 +2683,7 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
 			goto done;
 		}
 
-		rc = smbldap_search(conn, lp_ldap_user_suffix(),
+		rc = smbldap_search(conn, lp_ldap_suffix(),
 				    LDAP_SCOPE_SUBTREE, filter, sid_attrs, 0,
 				    &result);
 
@@ -2739,7 +2739,7 @@ static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods,
 				 LDAP_OBJ_SAMBASAMACCOUNT,
 				 gidstr);
 
-	rc = smbldap_search(conn, lp_ldap_user_suffix(),
+	rc = smbldap_search(conn, lp_ldap_suffix(),
 			    LDAP_SCOPE_SUBTREE, filter, sid_attrs, 0,
 			    &result);
 
@@ -2823,7 +2823,7 @@ static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods,
 		goto done;
 	}
 
-	rc = smbldap_search(conn, lp_ldap_user_suffix(),
+	rc = smbldap_search(conn, lp_ldap_suffix(),
 			    LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result);
 
 	if (rc != LDAP_SUCCESS)
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 6cf54fbdf6..70944a9596 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -1559,8 +1559,24 @@ static bool smbpasswd_search_next_entry(struct pdb_search *search,
 		return false;
 	}
 
-	*entry = state->entries[state->current++];
+	entry->idx = state->entries[state->current].idx;
+	entry->rid = state->entries[state->current].rid;
+	entry->acct_flags = state->entries[state->current].acct_flags;
+
+	entry->account_name = talloc_strdup(
+		search->mem_ctx, state->entries[state->current].account_name);
+	entry->fullname = talloc_strdup(
+		search->mem_ctx, state->entries[state->current].fullname);
+	entry->description = talloc_strdup(
+		search->mem_ctx, state->entries[state->current].description);
+
+	if ((entry->account_name == NULL) || (entry->fullname == NULL)
+	    || (entry->description == NULL)) {
+		DEBUG(0, ("talloc_strdup failed\n"));
+		return false;
+	}
 
+	state->current += 1;
 	return true;
 }
 
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 330ffbc853..6c5375e7de 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -113,12 +113,20 @@ void secrets_shutdown(void)
 void *secrets_fetch(const char *key, size_t *size)
 {
 	TDB_DATA dbuf;
-	secrets_init();
-	if (!tdb)
+
+	if (!secrets_init()) {
 		return NULL;
+	}
+
+	if (!tdb) {
+		return NULL;
+	}
+
 	dbuf = tdb_fetch(tdb, string_tdb_data(key));
-	if (size)
+	if (size) {
 		*size = dbuf.dsize;
+	}
+
 	return dbuf.dptr;
 }
 
@@ -126,9 +134,14 @@ void *secrets_fetch(const char *key, size_t *size)
  */
 bool secrets_store(const char *key, const void *data, size_t size)
 {
-	secrets_init();
-	if (!tdb)
-		return False;
+	if (!secrets_init()) {
+		return false;
+	}
+
+	if (!tdb) {
+		return false;
+	}
+
 	return tdb_trans_store(tdb, string_tdb_data(key),
 			       make_tdb_data((const uint8 *)data, size),
 			       TDB_REPLACE) == 0;
@@ -139,9 +152,14 @@ bool secrets_store(const char *key, const void *data, size_t size)
  */
 bool secrets_delete(const char *key)
 {
-	secrets_init();
-	if (!tdb)
-		return False;
+	if (!secrets_init()) {
+		return false;
+	}
+
+	if (!tdb) {
+		return false;
+	}
+
 	return tdb_trans_delete(tdb, string_tdb_data(key)) == 0;
 }
 
@@ -923,7 +941,9 @@ NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (!secrets_init()) return NT_STATUS_ACCESS_DENIED;
+	if (!secrets_init()) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
 
 	/* generate searching pattern */
 	pattern = talloc_asprintf(tmp_ctx, "%s/*", SECRETS_DOMTRUST_ACCT_PASS);
@@ -1034,12 +1054,14 @@ bool secrets_named_mutex(const char *name, unsigned int timeout)
 {
 	int ret = 0;
 
-	if (!secrets_init())
-		return False;
+	if (!secrets_init()) {
+		return false;
+	}
 
 	ret = tdb_lock_bystring_with_timeout(tdb, name, timeout);
-	if (ret == 0)
+	if (ret == 0) {
 		DEBUG(10,("secrets_named_mutex: got mutex for %s\n", name ));
+	}
 
 	return (ret == 0);
 }
diff --git a/source3/printing/load.c b/source3/printing/load.c
index f8aba3996d..23144d5a95 100644
--- a/source3/printing/load.c
+++ b/source3/printing/load.c
@@ -28,6 +28,7 @@ static void add_auto_printers(void)
 	const char *p;
 	int pnum = lp_servicenumber(PRINTERS_NAME);
 	char *str;
+	char *saveptr;
 
 	if (pnum < 0)
 		return;
@@ -35,7 +36,8 @@ static void add_auto_printers(void)
 	if ((str = SMB_STRDUP(lp_auto_services())) == NULL)
 		return;
 
-	for (p = strtok(str, LIST_SEP); p; p = strtok(NULL, LIST_SEP)) {
+	for (p = strtok_r(str, LIST_SEP, &saveptr); p;
+	     p = strtok_r(NULL, LIST_SEP, &saveptr)) {
 		if (lp_servicenumber(p) >= 0)
 			continue;
 		
diff --git a/source3/printing/lpq_parse.c b/source3/printing/lpq_parse.c
index 6dcddb6f1b..afa3b4850a 100644
--- a/source3/printing/lpq_parse.c
+++ b/source3/printing/lpq_parse.c
@@ -127,6 +127,7 @@ static bool parse_lpq_bsd(char *line,print_queue_struct *buf,bool first)
 	int  count = 0;
 	TALLOC_CTX *ctx = talloc_tos();
 	char *line2 = NULL;
+	char *saveptr;
 
 	line2 = talloc_strdup(ctx, line);
 	if (!line2) {
@@ -144,10 +145,11 @@ static bool parse_lpq_bsd(char *line,print_queue_struct *buf,bool first)
 #endif	/* OSF1 */
 
 	/* FIXME: Use next_token_talloc rather than strtok! */
-	tok[0] = strtok(line2," \t");
+	tok[0] = strtok_r(line2," \t", &saveptr);
 	count++;
 
-	while ((count < MAXTOK) && ((tok[count] = strtok(NULL," \t")) != NULL)) {
+	while ((count < MAXTOK)
+	       && ((tok[count] = strtok_r(NULL, " \t", &saveptr)) != NULL)) {
 		count++;
 	}
 
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index bba55c0e4a..d5803b711b 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -3315,8 +3315,13 @@ static WERROR nt_printer_publish_ads(ADS_STRUCT *ads,
 
 	/* publish it */
 	ads_rc = ads_mod_printer_entry(ads, prt_dn, ctx, &mods);
-	if (ads_rc.err.rc == LDAP_NO_SUCH_OBJECT)
+	if (ads_rc.err.rc == LDAP_NO_SUCH_OBJECT) {
+		int i;
+		for (i=0; mods[i] != 0; i++)
+			;
+		mods[i] = (LDAPMod *)-1;
 		ads_rc = ads_add_printer_entry(ads, prt_dn, ctx, &mods);
+	}
 
 	if (!ADS_ERR_OK(ads_rc))
 		DEBUG(3, ("error publishing %s: %s\n", printer->info_2->sharename, ads_errstr(ads_rc)));
diff --git a/source3/printing/print_aix.c b/source3/printing/print_aix.c
index fd85ca0833..57590cc39e 100644
--- a/source3/printing/print_aix.c
+++ b/source3/printing/print_aix.c
@@ -59,8 +59,9 @@ bool aix_cache_reload(void)
 				continue;
 
 			if ((p = strchr_m(line, ':'))) {
+				char *saveptr;
 				*p = '\0';
-				p = strtok(line, ":");
+				p = strtok_r(line, ":", &saveptr);
 				if (strcmp(p, "bsh") != 0) {
 					name = talloc_strdup(ctx, p);
 					if (!name) {
diff --git a/source3/printing/print_generic.c b/source3/printing/print_generic.c
index cc4b744a11..2a324fdd5c 100644
--- a/source3/printing/print_generic.c
+++ b/source3/printing/print_generic.c
@@ -41,15 +41,18 @@ static int print_run_command(int snum, const char* printername, bool do_sub,
 	/* check for a valid system printername and valid command to run */
 
 	if ( !printername || !*printername ) {
+		va_end(ap);
 		return -1;
 	}
 
 	if (!command || !*command) {
+		va_end(ap);
 		return -1;
 	}
 
 	syscmd = talloc_strdup(ctx, command);
 	if (!syscmd) {
+		va_end(ap);
 		return -1;
 	}
 
@@ -57,6 +60,7 @@ static int print_run_command(int snum, const char* printername, bool do_sub,
 		char *value = va_arg(ap,char *);
 		syscmd = talloc_string_sub(ctx, syscmd, arg, value);
 		if (!syscmd) {
+			va_end(ap);
 			return -1;
 		}
 	}
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index 9f2c08629d..221e79b337 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -2575,7 +2575,7 @@ bool print_job_end(int snum, uint32 jobid, enum file_close_type close_type)
 
 fail:
 
-	/* The print job was not succesfully started. Cleanup */
+	/* The print job was not successfully started. Cleanup */
 	/* Still need to add proper error return propagation! 010122:JRR */
 	unlink(pjob->filename);
 	pjob_delete(sharename, jobid);
diff --git a/source3/registry/reg_api.c b/source3/registry/reg_api.c
index d1657c8cf6..e52aaacb4d 100644
--- a/source3/registry/reg_api.c
+++ b/source3/registry/reg_api.c
@@ -2,6 +2,7 @@
  *  Unix SMB/CIFS implementation.
  *  Virtual Windows Registry Layer
  *  Copyright (C) Volker Lendecke 2006
+ *  Copyright (C) Michael Adam 2007-2008
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -19,11 +20,59 @@
 
 /* Attempt to wrap the existing API in a more winreg.idl-like way */
 
+/*
+ * Here is a list of winreg.idl functions and corresponding implementations
+ * provided here:
+ *
+ * 0x00		winreg_OpenHKCR
+ * 0x01		winreg_OpenHKCU
+ * 0x02		winreg_OpenHKLM
+ * 0x03		winreg_OpenHKPD
+ * 0x04		winreg_OpenHKU
+ * 0x05		winreg_CloseKey
+ * 0x06		winreg_CreateKey			reg_createkey
+ * 0x07		winreg_DeleteKey			reg_deletekey
+ * 0x08		winreg_DeleteValue			reg_deletevalue
+ * 0x09		winreg_EnumKey				reg_enumkey
+ * 0x0a		winreg_EnumValue			reg_enumvalue
+ * 0x0b		winreg_FlushKey
+ * 0x0c		winreg_GetKeySecurity			reg_getkeysecurity
+ * 0x0d		winreg_LoadKey
+ * 0x0e		winreg_NotifyChangeKeyValue
+ * 0x0f		winreg_OpenKey				reg_openkey
+ * 0x10		winreg_QueryInfoKey			reg_queryinfokey
+ * 0x11		winreg_QueryValue			reg_queryvalue
+ * 0x12		winreg_ReplaceKey
+ * 0x13		winreg_RestoreKey			reg_restorekey
+ * 0x14		winreg_SaveKey				reg_savekey
+ * 0x15		winreg_SetKeySecurity			reg_setkeysecurity
+ * 0x16		winreg_SetValue				reg_setvalue
+ * 0x17		winreg_UnLoadKey
+ * 0x18		winreg_InitiateSystemShutdown
+ * 0x19		winreg_AbortSystemShutdown
+ * 0x1a		winreg_GetVersion			reg_getversion
+ * 0x1b		winreg_OpenHKCC
+ * 0x1c		winreg_OpenHKDD
+ * 0x1d		winreg_QueryMultipleValues
+ * 0x1e		winreg_InitiateSystemShutdownEx
+ * 0x1f		winreg_SaveKeyEx
+ * 0x20		winreg_OpenHKPT
+ * 0x21		winreg_OpenHKPN
+ * 0x22		winreg_QueryMultipleValues2
+ *
+ */
+
 #include "includes.h"
+#include "regfio.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_REGISTRY
 
+
+/**********************************************************************
+ * Helper functions
+ **********************************************************************/
+
 static WERROR fill_value_cache(struct registry_key *key)
 {
 	if (key->values != NULL) {
@@ -135,7 +184,7 @@ static WERROR regkey_open_onelevel(TALLOC_CTX *mem_ctx,
 	/* Look up the table of registry I/O operations */
 
 	if ( !(key->hook = reghook_cache_find( key->name )) ) {
-		DEBUG(0,("reg_open_onelevel: Failed to assigned a "
+		DEBUG(0,("reg_open_onelevel: Failed to assign a "
 			 "REGISTRY_HOOK to [%s]\n", key->name ));
 		result = WERR_BADFILE;
 		goto done;
@@ -186,6 +235,11 @@ WERROR reg_openhive(TALLOC_CTX *mem_ctx, const char *hive,
 				    pkey);
 }
 
+
+/**********************************************************************
+ * The API functions
+ **********************************************************************/
+
 WERROR reg_openkey(TALLOC_CTX *mem_ctx, struct registry_key *parent,
 		   const char *name, uint32 desired_access,
 		   struct registry_key **pkey)
@@ -400,7 +454,6 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent,
 	TALLOC_CTX *mem_ctx;
 	char *path, *end;
 	WERROR err;
-	REGSUBKEY_CTR *subkeys;
 
 	if (!(mem_ctx = talloc_new(ctx))) return WERR_NOMEM;
 
@@ -464,11 +517,6 @@ WERROR reg_createkey(TALLOC_CTX *ctx, struct registry_key *parent,
 	 * Actually create the subkey
 	 */
 
-	if (!(subkeys = TALLOC_ZERO_P(mem_ctx, REGSUBKEY_CTR))) {
-		err = WERR_NOMEM;
-		goto done;
-	}
-
 	err = fill_subkey_cache(create_parent);
 	if (!W_ERROR_IS_OK(err)) goto done;
 
@@ -627,6 +675,305 @@ WERROR reg_deletevalue(struct registry_key *key, const char *name)
 	return WERR_OK;
 }
 
+WERROR reg_getkeysecurity(TALLOC_CTX *mem_ctx, struct registry_key *key,
+			  struct security_descriptor **psecdesc)
+{
+	return regkey_get_secdesc(mem_ctx, key->key, psecdesc);
+}
+
+WERROR reg_setkeysecurity(struct registry_key *key,
+			  struct security_descriptor *psecdesc)
+{
+	return regkey_set_secdesc(key->key, psecdesc);
+}
+
+WERROR reg_getversion(uint32_t *version)
+{
+	if (version == NULL) {
+		return WERR_INVALID_PARAM;
+	}
+
+	*version = 0x00000005; /* Windows 2000 registry API version */
+	return WERR_OK;
+}
+
+/*******************************************************************
+ Note: topkeypat is the *full* path that this *key will be
+ loaded into (including the name of the key)
+ ********************************************************************/
+
+static WERROR reg_load_tree(REGF_FILE *regfile, const char *topkeypath,
+			    REGF_NK_REC *key)
+{
+	REGF_NK_REC *subkey;
+	REGISTRY_KEY registry_key;
+	REGVAL_CTR *values;
+	REGSUBKEY_CTR *subkeys;
+	int i;
+	char *path = NULL;
+	WERROR result = WERR_OK;
+
+	/* initialize the REGISTRY_KEY structure */
+
+	registry_key.hook = reghook_cache_find(topkeypath);
+	if (!registry_key.hook) {
+		DEBUG(0, ("reg_load_tree: Failed to assigned a REGISTRY_HOOK "
+			  "to [%s]\n", topkeypath));
+		return WERR_BADFILE;
+	}
+
+	registry_key.name = talloc_strdup(regfile->mem_ctx, topkeypath);
+	if (!registry_key.name) {
+		DEBUG(0, ("reg_load_tree: Talloc failed for reg_key.name!\n"));
+		return WERR_NOMEM;
+	}
+
+	/* now start parsing the values and subkeys */
+
+	subkeys = TALLOC_ZERO_P(regfile->mem_ctx, REGSUBKEY_CTR);
+	if (subkeys == NULL) {
+		return WERR_NOMEM;
+	}
+
+	values = TALLOC_ZERO_P(subkeys, REGVAL_CTR);
+	if (values == NULL) {
+		return WERR_NOMEM;
+	}
+
+	/* copy values into the REGVAL_CTR */
+
+	for (i=0; i<key->num_values; i++) {
+		regval_ctr_addvalue(values, key->values[i].valuename,
+				    key->values[i].type,
+				    (char*)key->values[i].data,
+				    (key->values[i].data_size & ~VK_DATA_IN_OFFSET));
+	}
+
+	/* copy subkeys into the REGSUBKEY_CTR */
+
+	key->subkey_index = 0;
+	while ((subkey = regfio_fetch_subkey( regfile, key ))) {
+		regsubkey_ctr_addkey(subkeys, subkey->keyname);
+	}
+
+	/* write this key and values out */
+
+	if (!store_reg_values(&registry_key, values)
+	    || !store_reg_keys(&registry_key, subkeys))
+	{
+		DEBUG(0,("reg_load_tree: Failed to load %s!\n", topkeypath));
+		result = WERR_REG_IO_FAILURE;
+	}
+
+	TALLOC_FREE(subkeys);
+
+	if (!W_ERROR_IS_OK(result)) {
+		return result;
+	}
+
+	/* now continue to load each subkey registry tree */
+
+	key->subkey_index = 0;
+	while ((subkey = regfio_fetch_subkey(regfile, key))) {
+		path = talloc_asprintf(regfile->mem_ctx,
+				       "%s\\%s",
+				       topkeypath,
+				       subkey->keyname);
+		if (path == NULL) {
+			return WERR_NOMEM;
+		}
+		result = reg_load_tree(regfile, path, subkey);
+		if (!W_ERROR_IS_OK(result)) {
+			break;
+		}
+	}
+
+	return result;
+}
+
+/*******************************************************************
+ ********************************************************************/
+
+static WERROR restore_registry_key(REGISTRY_KEY *krecord, const char *fname)
+{
+	REGF_FILE *regfile;
+	REGF_NK_REC *rootkey;
+	WERROR result;
+
+	/* open the registry file....fail if the file already exists */
+
+	regfile = regfio_open(fname, (O_RDONLY), 0);
+	if (regfile == NULL) {
+		DEBUG(0, ("restore_registry_key: failed to open \"%s\" (%s)\n",
+			  fname, strerror(errno)));
+		return ntstatus_to_werror(map_nt_error_from_unix(errno));
+	}
+
+	/* get the rootkey from the regf file and then load the tree
+	   via recursive calls */
+
+	if (!(rootkey = regfio_rootkey(regfile))) {
+		regfio_close(regfile);
+		return WERR_REG_FILE_INVALID;
+	}
+
+	result = reg_load_tree(regfile, krecord->name, rootkey);
+
+	/* cleanup */
+
+	regfio_close(regfile);
+
+	return result;
+}
+
+WERROR reg_restorekey(struct registry_key *key, const char *fname)
+{
+	return restore_registry_key(key->key, fname);
+}
+
+/********************************************************************
+********************************************************************/
+
+static WERROR reg_write_tree(REGF_FILE *regfile, const char *keypath,
+			     REGF_NK_REC *parent)
+{
+	REGF_NK_REC *key;
+	REGVAL_CTR *values;
+	REGSUBKEY_CTR *subkeys;
+	int i, num_subkeys;
+	char *key_tmp = NULL;
+	char *keyname, *parentpath;
+	char *subkeypath = NULL;
+	char *subkeyname;
+	REGISTRY_KEY registry_key;
+	WERROR result = WERR_OK;
+	SEC_DESC *sec_desc = NULL;
+
+	if (!regfile) {
+		return WERR_GENERAL_FAILURE;
+	}
+
+	if (!keypath) {
+		return WERR_OBJECT_PATH_INVALID;
+	}
+
+	/* split up the registry key path */
+
+	key_tmp = talloc_strdup(regfile->mem_ctx, keypath);
+	if (!key_tmp) {
+		return WERR_NOMEM;
+	}
+	if (!reg_split_key(key_tmp, &parentpath, &keyname)) {
+		return WERR_OBJECT_PATH_INVALID;
+	}
+
+	if (!keyname) {
+		keyname = parentpath;
+	}
+
+	/* we need a REGISTRY_KEY object here to enumerate subkeys and values */
+
+	ZERO_STRUCT(registry_key);
+
+	registry_key.name = talloc_strdup(regfile->mem_ctx, keypath);
+	if (registry_key.name == NULL) {
+		return WERR_NOMEM;
+	}
+
+	registry_key.hook = reghook_cache_find(registry_key.name);
+	if (registry_key.hook == NULL) {
+		return WERR_BADFILE;
+	}
+
+	/* lookup the values and subkeys */
+
+	subkeys = TALLOC_ZERO_P(regfile->mem_ctx, REGSUBKEY_CTR);
+	if (subkeys == NULL) {
+		return WERR_NOMEM;
+	}
+
+	values = TALLOC_ZERO_P(subkeys, REGVAL_CTR);
+	if (values == NULL) {
+		return WERR_NOMEM;
+	}
+
+	fetch_reg_keys(&registry_key, subkeys);
+	fetch_reg_values(&registry_key, values);
+
+	result = regkey_get_secdesc(regfile->mem_ctx, &registry_key, &sec_desc);
+	if (!W_ERROR_IS_OK(result)) {
+		goto done;
+	}
+
+	/* write out this key */
+
+	key = regfio_write_key(regfile, keyname, values, subkeys, sec_desc,
+			       parent);
+	if (key == NULL) {
+		result = WERR_CAN_NOT_COMPLETE;
+		goto done;
+	}
+
+	/* write each one of the subkeys out */
+
+	num_subkeys = regsubkey_ctr_numkeys(subkeys);
+	for (i=0; i<num_subkeys; i++) {
+		subkeyname = regsubkey_ctr_specific_key(subkeys, i);
+		subkeypath = talloc_asprintf(regfile->mem_ctx, "%s\\%s",
+					     keypath, subkeyname);
+		if (subkeypath == NULL) {
+			result = WERR_NOMEM;
+			goto done;
+		}
+		result = reg_write_tree(regfile, subkeypath, key);
+		if (!W_ERROR_IS_OK(result))
+			goto done;
+	}
+
+	DEBUG(6, ("reg_write_tree: wrote key [%s]\n", keypath));
+
+done:
+	TALLOC_FREE(subkeys);
+	TALLOC_FREE(registry_key.name);
+
+	return result;
+}
+
+static WERROR backup_registry_key(REGISTRY_KEY *krecord, const char *fname)
+{
+	REGF_FILE *regfile;
+	WERROR result;
+
+	/* open the registry file....fail if the file already exists */
+
+	regfile = regfio_open(fname, (O_RDWR|O_CREAT|O_EXCL),
+			      (S_IREAD|S_IWRITE));
+	if (regfile == NULL) {
+		DEBUG(0,("backup_registry_key: failed to open \"%s\" (%s)\n",
+			 fname, strerror(errno) ));
+		return ntstatus_to_werror(map_nt_error_from_unix(errno));
+	}
+
+	/* write the registry tree to the file  */
+
+	result = reg_write_tree(regfile, krecord->name, NULL);
+
+	/* cleanup */
+
+	regfio_close(regfile);
+
+	return result;
+}
+
+WERROR reg_savekey(struct registry_key *key, const char *fname)
+{
+	return backup_registry_key(key->key, fname);
+}
+
+/**********************************************************************
+ * Higher level utility functions
+ **********************************************************************/
+
 WERROR reg_deleteallvalues(struct registry_key *key)
 {
 	WERROR err;
@@ -653,9 +1000,7 @@ WERROR reg_deleteallvalues(struct registry_key *key)
 }
 
 /*
- * Utility function to open a complete registry path including the hive
- * prefix. This should become the replacement function for
- * regkey_open_internal.
+ * Utility function to open a complete registry path including the hive prefix.
  */
 
 WERROR reg_open_path(TALLOC_CTX *mem_ctx, const char *orig_path,
@@ -715,10 +1060,10 @@ WERROR reg_open_path(TALLOC_CTX *mem_ctx, const char *orig_path,
  * Note that reg_deletekey returns ACCESS_DENIED when called on a
  * key that has subkeys.
  */
-WERROR reg_deletekey_recursive_internal(TALLOC_CTX *ctx,
-					struct registry_key *parent,
-					const char *path,
-					bool del_key)
+static WERROR reg_deletekey_recursive_internal(TALLOC_CTX *ctx,
+					       struct registry_key *parent,
+					       const char *path,
+					       bool del_key)
 {
 	TALLOC_CTX *mem_ctx = NULL;
 	WERROR werr = WERR_OK;
@@ -779,3 +1124,102 @@ WERROR reg_deletesubkeys_recursive(TALLOC_CTX *ctx,
 {
 	return reg_deletekey_recursive_internal(ctx, parent, path, false);
 }
+
+#if 0
+/* these two functions are unused. */
+
+/**
+ * Utility function to create a registry key without opening the hive
+ * before. Assumes the hive already exists.
+ */
+
+WERROR reg_create_path(TALLOC_CTX *mem_ctx, const char *orig_path,
+		       uint32 desired_access,
+		       const struct nt_user_token *token,
+		       enum winreg_CreateAction *paction,
+		       struct registry_key **pkey)
+{
+	struct registry_key *hive;
+	char *path, *p;
+	WERROR err;
+
+	if (!(path = SMB_STRDUP(orig_path))) {
+		return WERR_NOMEM;
+	}
+
+	p = strchr(path, '\\');
+
+	if ((p == NULL) || (p[1] == '\0')) {
+		/*
+		 * No key behind the hive, just return the hive
+		 */
+
+		err = reg_openhive(mem_ctx, path, desired_access, token,
+				   &hive);
+		if (!W_ERROR_IS_OK(err)) {
+			SAFE_FREE(path);
+			return err;
+		}
+		SAFE_FREE(path);
+		*pkey = hive;
+		*paction = REG_OPENED_EXISTING_KEY;
+		return WERR_OK;
+	}
+
+	*p = '\0';
+
+	err = reg_openhive(mem_ctx, path,
+			   (strchr(p+1, '\\') != NULL) ?
+			   SEC_RIGHTS_ENUM_SUBKEYS : SEC_RIGHTS_CREATE_SUBKEY,
+			   token, &hive);
+	if (!W_ERROR_IS_OK(err)) {
+		SAFE_FREE(path);
+		return err;
+	}
+
+	err = reg_createkey(mem_ctx, hive, p+1, desired_access, pkey, paction);
+	SAFE_FREE(path);
+	TALLOC_FREE(hive);
+	return err;
+}
+
+/*
+ * Utility function to create a registry key without opening the hive
+ * before. Will not delete a hive.
+ */
+
+WERROR reg_delete_path(const struct nt_user_token *token,
+		       const char *orig_path)
+{
+	struct registry_key *hive;
+	char *path, *p;
+	WERROR err;
+
+	if (!(path = SMB_STRDUP(orig_path))) {
+		return WERR_NOMEM;
+	}
+
+	p = strchr(path, '\\');
+
+	if ((p == NULL) || (p[1] == '\0')) {
+		SAFE_FREE(path);
+		return WERR_INVALID_PARAM;
+	}
+
+	*p = '\0';
+
+	err = reg_openhive(NULL, path,
+			   (strchr(p+1, '\\') != NULL) ?
+			   SEC_RIGHTS_ENUM_SUBKEYS : SEC_RIGHTS_CREATE_SUBKEY,
+			   token, &hive);
+	if (!W_ERROR_IS_OK(err)) {
+		SAFE_FREE(path);
+		return err;
+	}
+
+	err = reg_deletekey(hive, p+1);
+	SAFE_FREE(path);
+	TALLOC_FREE(hive);
+	return err;
+}
+#endif /* #if 0 */
diff --git a/source3/registry/reg_backend_current_version.c b/source3/registry/reg_backend_current_version.c
new file mode 100644
index 0000000000..a9d281c522
--- /dev/null
+++ b/source3/registry/reg_backend_current_version.c
@@ -0,0 +1,81 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  Virtual Windows Registry Layer
+ *  Copyright (C) Gerald Carter     2002-2005
+ *  Copyright (C) Michael Adam      2008
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * CurrentVersion registry backend.
+ *
+ * This is a virtual overlay, dynamically presenting version information.
+ */
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_REGISTRY
+
+extern REGISTRY_OPS regdb_ops;
+
+#define KEY_CURRENT_VERSION_NORM "HKLM/SOFTWARE/MICROSOFT/WINDOWS NT/CURRENTVERSION"
+
+static int current_version_fetch_values(const char *key, REGVAL_CTR *values)
+{
+	const char *sysroot_string = "c:\\Windows";
+	fstring sysversion;
+	fstring value;
+	uint32 value_length;
+	char *path = NULL;
+	TALLOC_CTX *ctx = talloc_tos();
+
+	path = talloc_strdup(ctx, key);
+	if (path == NULL) {
+		return -1;
+	}
+	path = normalize_reg_path(ctx, path);
+	if (path == NULL) {
+		return -1;
+	}
+
+	if (strncmp(path, KEY_CURRENT_VERSION_NORM, strlen(path)) != 0) {
+		return 0;
+	}
+
+	value_length = push_ucs2(value, value, sysroot_string, sizeof(value),
+				 STR_TERMINATE|STR_NOALIGN );
+	regval_ctr_addvalue(values, "SystemRoot", REG_SZ, value, value_length);
+
+	fstr_sprintf(sysversion, "%d.%d", lp_major_announce_version(),
+		     lp_minor_announce_version());
+	value_length = push_ucs2(value, value, sysversion, sizeof(value),
+				 STR_TERMINATE|STR_NOALIGN);
+	regval_ctr_addvalue(values, "CurrentVersion", REG_SZ, value,
+			    value_length);
+
+	return regval_ctr_numvals(values);
+}
+
+static int current_version_fetch_subkeys(const char *key,
+					 REGSUBKEY_CTR *subkey_ctr)
+{
+	return regdb_ops.fetch_subkeys(key, subkey_ctr);
+}
+
+REGISTRY_OPS current_version_reg_ops = {
+	.fetch_values = current_version_fetch_values,
+	.fetch_subkeys = current_version_fetch_subkeys,
+};
diff --git a/source3/registry/reg_db.c b/source3/registry/reg_backend_db.c
index c4bfc2b6c9..52e0fd4289 100644
--- a/source3/registry/reg_db.c
+++ b/source3/registry/reg_backend_db.c
@@ -44,17 +44,17 @@ static const char *builtin_registry_paths[] = {
 	KEY_SHARES,
 	KEY_EVENTLOG,
 	KEY_SMBCONF,
-	"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib",
-	"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib\\009",
+	KEY_PERFLIB,
+	KEY_PERFLIB_009,
 	"HKLM\\SYSTEM\\CurrentControlSet\\Control\\Print\\Monitors",
-	"HKLM\\SYSTEM\\CurrentControlSet\\Control\\ProductOptions",
+	KEY_PROD_OPTIONS,
 	"HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\DefaultUserConfiguration",
-	"HKLM\\SYSTEM\\CurrentControlSet\\Services\\TcpIp\\Parameters",
-	"HKLM\\SYSTEM\\CurrentControlSet\\Services\\Netlogon\\Parameters",
-	"HKU",
-	"HKCR",
-	"HKPD",
-	"HKPT",
+	KEY_TCPIP_PARAMS,
+	KEY_NETLOGON_PARAMS,
+	KEY_HKU,
+	KEY_HKCR,
+	KEY_HKPD,
+	KEY_HKPT,
 	 NULL };
 
 struct builtin_regkey_value {
@@ -258,8 +258,11 @@ bool regdb_init( void )
 	const char *vstring = "INFO/version";
 	uint32 vers_id;
 
-	if ( tdb_reg )
+	if ( tdb_reg ) {
+		DEBUG(10,("regdb_init: incrementing refcount (%d)\n", tdb_refcount));
+		tdb_refcount++;
 		return true;
+	}
 
 	if ( !(tdb_reg = tdb_wrap_open(NULL, state_path("registry.tdb"), 0, REG_TDB_FLAGS, O_RDWR, 0600)) )
 	{
diff --git a/source3/registry/reg_backend_hkpt_params.c b/source3/registry/reg_backend_hkpt_params.c
new file mode 100644
index 0000000000..2ed5e78e1c
--- /dev/null
+++ b/source3/registry/reg_backend_hkpt_params.c
@@ -0,0 +1,70 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  Virtual Windows Registry Layer
+ *  Copyright (C) Gerald Carter     2002-2005
+ *  Copyright (C) Michael Adam      2008
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * HKPT parameters registry backend.
+ *
+ * This replaces the former dynamic hkpt parameters overlay.
+ */
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_REGISTRY
+
+extern REGISTRY_OPS regdb_ops;
+
+static int hkpt_params_fetch_values(const char *key, REGVAL_CTR *regvals)
+{
+	uint32 base_index;
+	uint32 buffer_size;
+	char *buffer = NULL;
+
+	/* This is ALMOST the same as perflib_009_params, but HKPT has
+	   a "Counters" entry instead of a "Counter" key. <Grrrr> */
+
+	base_index = reg_perfcount_get_base_index();
+	buffer_size = reg_perfcount_get_counter_names(base_index, &buffer);
+	regval_ctr_addvalue(regvals, "Counters", REG_MULTI_SZ, buffer,
+			    buffer_size);
+
+	if(buffer_size > 0) {
+		SAFE_FREE(buffer);
+	}
+
+	buffer_size = reg_perfcount_get_counter_help(base_index, &buffer);
+	regval_ctr_addvalue(regvals, "Help", REG_MULTI_SZ, buffer, buffer_size);
+	if(buffer_size > 0) {
+		SAFE_FREE(buffer);
+	}
+
+	return regval_ctr_numvals( regvals );
+}
+
+static int hkpt_params_fetch_subkeys(const char *key,
+					 REGSUBKEY_CTR *subkey_ctr)
+{
+	return regdb_ops.fetch_subkeys(key, subkey_ctr);
+}
+
+REGISTRY_OPS hkpt_params_reg_ops = {
+	.fetch_values = hkpt_params_fetch_values,
+	.fetch_subkeys = hkpt_params_fetch_subkeys,
+};
diff --git a/source3/registry/reg_backend_netlogon_params.c b/source3/registry/reg_backend_netlogon_params.c
new file mode 100644
index 0000000000..71f88144c8
--- /dev/null
+++ b/source3/registry/reg_backend_netlogon_params.c
@@ -0,0 +1,57 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  Virtual Windows Registry Layer
+ *  Copyright (C) Gerald Carter     2002-2005
+ *  Copyright (C) Michael Adam      2008
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * Netlogon parameters registry backend.
+ *
+ * This replaces the former dynamic netlogon parameters overlay.
+ */
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_REGISTRY
+
+extern REGISTRY_OPS regdb_ops;
+
+static int netlogon_params_fetch_values(const char *key, REGVAL_CTR *regvals)
+{
+	uint32 dwValue;
+
+	if (!pdb_get_account_policy(AP_REFUSE_MACHINE_PW_CHANGE, &dwValue)) {
+		dwValue = 0;
+	}
+
+	regval_ctr_addvalue(regvals, "RefusePasswordChange", REG_DWORD,
+			    (char*)&dwValue, sizeof(dwValue));
+
+	return regval_ctr_numvals(regvals);
+}
+
+static int netlogon_params_fetch_subkeys(const char *key,
+					 REGSUBKEY_CTR *subkey_ctr)
+{
+	return regdb_ops.fetch_subkeys(key, subkey_ctr);
+}
+
+REGISTRY_OPS netlogon_params_reg_ops = {
+	.fetch_values = netlogon_params_fetch_values,
+	.fetch_subkeys = netlogon_params_fetch_subkeys,
+};
diff --git a/source3/registry/reg_backend_perflib.c b/source3/registry/reg_backend_perflib.c
new file mode 100644
index 0000000000..999bca2682
--- /dev/null
+++ b/source3/registry/reg_backend_perflib.c
@@ -0,0 +1,106 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  Virtual Windows Registry Layer
+ *  Copyright (C) Gerald Carter     2002-2005
+ *  Copyright (C) Michael Adam      2008
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * perflib registry backend.
+ *
+ * This is a virtual overlay, dynamically presenting perflib values.
+ */
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_REGISTRY
+
+extern REGISTRY_OPS regdb_ops;
+
+#define KEY_PERFLIB_NORM	"HKLM/SOFTWARE/MICROSOFT/WINDOWS NT/CURRENTVERSION/PERFLIB"
+#define KEY_PERFLIB_009_NORM	"HKLM/SOFTWARE/MICROSOFT/WINDOWS NT/CURRENTVERSION/PERFLIB/009"
+
+static int perflib_params( REGVAL_CTR *regvals )
+{
+	int base_index = -1;
+	int last_counter = -1;
+	int last_help = -1;
+	int version = 0x00010001;
+	
+	base_index = reg_perfcount_get_base_index();
+	regval_ctr_addvalue(regvals, "Base Index", REG_DWORD, (char *)&base_index, sizeof(base_index));
+	last_counter = reg_perfcount_get_last_counter(base_index);
+	regval_ctr_addvalue(regvals, "Last Counter", REG_DWORD, (char *)&last_counter, sizeof(last_counter));
+	last_help = reg_perfcount_get_last_help(last_counter);
+	regval_ctr_addvalue(regvals, "Last Help", REG_DWORD, (char *)&last_help, sizeof(last_help));
+	regval_ctr_addvalue(regvals, "Version", REG_DWORD, (char *)&version, sizeof(version));
+
+	return regval_ctr_numvals( regvals );
+}
+
+static int perflib_009_params( REGVAL_CTR *regvals )
+{
+	int base_index;
+	int buffer_size;
+	char *buffer = NULL;
+
+	base_index = reg_perfcount_get_base_index();
+	buffer_size = reg_perfcount_get_counter_names(base_index, &buffer);
+	regval_ctr_addvalue(regvals, "Counter", REG_MULTI_SZ, buffer, buffer_size);
+	if(buffer_size > 0)
+		SAFE_FREE(buffer);
+	buffer_size = reg_perfcount_get_counter_help(base_index, &buffer);
+	regval_ctr_addvalue(regvals, "Help", REG_MULTI_SZ, buffer, buffer_size);
+	if(buffer_size > 0)
+		SAFE_FREE(buffer);
+	
+	return regval_ctr_numvals( regvals );
+}
+
+static int perflib_fetch_values(const char *key, REGVAL_CTR *regvals)
+{
+	char *path = NULL;
+	TALLOC_CTX *ctx = talloc_tos();
+
+	path = talloc_strdup(ctx, key);
+	if (path == NULL) {
+		return -1;
+	}
+	path = normalize_reg_path(ctx, path);
+	if (path == NULL) {
+		return -1;
+	}
+
+	if (strncmp(path, KEY_PERFLIB_NORM, strlen(path)) == 0) {
+		return perflib_params(regvals);
+	} else if (strncmp(path, KEY_PERFLIB_009_NORM, strlen(path)) == 0) {
+		return perflib_009_params(regvals);
+	} else {
+		return 0;
+	}
+}
+
+static int perflib_fetch_subkeys(const char *key,
+					 REGSUBKEY_CTR *subkey_ctr)
+{
+	return regdb_ops.fetch_subkeys(key, subkey_ctr);
+}
+
+REGISTRY_OPS perflib_reg_ops = {
+	.fetch_values = perflib_fetch_values,
+	.fetch_subkeys = perflib_fetch_subkeys,
+};
diff --git a/source3/registry/reg_printing.c b/source3/registry/reg_backend_printing.c
index 5be0796002..a4da103d40 100644
--- a/source3/registry/reg_printing.c
+++ b/source3/registry/reg_backend_printing.c
@@ -1262,9 +1262,8 @@ static bool regprint_store_reg_values( const char *key, REGVAL_CTR *values )
  */
 
 REGISTRY_OPS printing_ops = {
-	regprint_fetch_reg_keys,
-	regprint_fetch_reg_values,
-	regprint_store_reg_keys,
-	regprint_store_reg_values,
-	NULL, NULL, NULL, NULL, NULL
+	.fetch_subkeys = regprint_fetch_reg_keys,
+	.fetch_values = regprint_fetch_reg_values,
+	.store_subkeys = regprint_store_reg_keys,
+	.store_values = regprint_store_reg_values,
 };
diff --git a/source3/registry/reg_backend_prod_options.c b/source3/registry/reg_backend_prod_options.c
new file mode 100644
index 0000000000..7ac5c5b4b9
--- /dev/null
+++ b/source3/registry/reg_backend_prod_options.c
@@ -0,0 +1,70 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  Virtual Windows Registry Layer
+ *  Copyright (C) Gerald Carter     2002-2005
+ *  Copyright (C) Michael Adam      2008
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * Product options registry backend.
+ *
+ * This replaces the former dynamic product options overlay.
+ */
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_REGISTRY
+
+extern REGISTRY_OPS regdb_ops;
+
+static int prod_options_fetch_values(const char *key, REGVAL_CTR *regvals)
+{
+	const char *value_ascii = "";
+	fstring value;
+	int value_length;
+
+	switch (lp_server_role()) {
+		case ROLE_DOMAIN_PDC:
+		case ROLE_DOMAIN_BDC:
+			value_ascii = "LanmanNT";
+			break;
+		case ROLE_STANDALONE:
+			value_ascii = "ServerNT";
+			break;
+		case ROLE_DOMAIN_MEMBER:
+			value_ascii = "WinNT";
+			break;
+	}
+
+	value_length = push_ucs2(value, value, value_ascii, sizeof(value),
+				 STR_TERMINATE|STR_NOALIGN );
+	regval_ctr_addvalue(regvals, "ProductType", REG_SZ, value,
+			    value_length);
+
+	return regval_ctr_numvals( regvals );
+}
+
+static int prod_options_fetch_subkeys(const char *key,
+				      REGSUBKEY_CTR *subkey_ctr)
+{
+	return regdb_ops.fetch_subkeys(key, subkey_ctr);
+}
+
+REGISTRY_OPS prod_options_reg_ops = {
+	.fetch_values = prod_options_fetch_values,
+	.fetch_subkeys = prod_options_fetch_subkeys,
+};
diff --git a/source3/registry/reg_shares.c b/source3/registry/reg_backend_shares.c
index 4ac6e1d151..ee9e5dc5a1 100644
--- a/source3/registry/reg_shares.c
+++ b/source3/registry/reg_backend_shares.c
@@ -155,11 +155,10 @@ static bool shares_store_value( const char *key, REGVAL_CTR *val )
  */
  
 REGISTRY_OPS shares_reg_ops = {
-	shares_subkey_info,
-	shares_value_info,
-	shares_store_subkey,
-	shares_store_value,
-	NULL, NULL, NULL, NULL, NULL
+	.fetch_subkeys = shares_subkey_info,
+	.fetch_values = shares_value_info,
+	.store_subkeys = shares_store_subkey,
+	.store_values = shares_store_value,
 };
 
 
diff --git a/source3/registry/reg_smbconf.c b/source3/registry/reg_backend_smbconf.c
index 8dfb745a7e..a6e478200f 100644
--- a/source3/registry/reg_smbconf.c
+++ b/source3/registry/reg_backend_smbconf.c
@@ -265,13 +265,11 @@ static WERROR smbconf_set_secdesc(const char *key,
  */
 
 REGISTRY_OPS smbconf_reg_ops = {
-	smbconf_fetch_keys,
-	smbconf_fetch_values,
-	smbconf_store_keys,
-	smbconf_store_values,
-	smbconf_reg_access_check,
-	smbconf_get_secdesc,
-	smbconf_set_secdesc,
-	NULL,
-	NULL
+	.fetch_subkeys = smbconf_fetch_keys,
+	.fetch_values = smbconf_fetch_values,
+	.store_subkeys = smbconf_store_keys,
+	.store_values = smbconf_store_values,
+	.reg_access_check = smbconf_reg_access_check,
+	.get_secdesc = smbconf_get_secdesc,
+	.set_secdesc = smbconf_set_secdesc,
 };
diff --git a/source3/registry/reg_backend_tcpip_params.c b/source3/registry/reg_backend_tcpip_params.c
new file mode 100644
index 0000000000..db7df5dd8f
--- /dev/null
+++ b/source3/registry/reg_backend_tcpip_params.c
@@ -0,0 +1,67 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  Virtual Windows Registry Layer
+ *  Copyright (C) Gerald Carter     2002-2005
+ *  Copyright (C) Michael Adam      2008
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * TCP/IP parameters registry backend.
+ *
+ * This replaces the former dynamic tcpip parameters overlay.
+ */
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_REGISTRY
+
+extern REGISTRY_OPS regdb_ops;
+
+static int tcpip_params_fetch_values(const char *key, REGVAL_CTR *regvals)
+{
+	fstring value;
+	int value_length;
+	char *hname;
+	char *mydomainname = NULL;
+
+	hname = myhostname();
+	value_length = push_ucs2(value, value, hname, sizeof(value),
+				 STR_TERMINATE|STR_NOALIGN);
+	regval_ctr_addvalue(regvals, "Hostname",REG_SZ, value, value_length);
+
+	mydomainname = get_mydnsdomname(talloc_tos());
+	if (!mydomainname) {
+		return -1;
+	}
+
+	value_length = push_ucs2(value, value, mydomainname, sizeof(value),
+				 STR_TERMINATE|STR_NOALIGN);
+	regval_ctr_addvalue(regvals, "Domain", REG_SZ, value, value_length);
+
+	return regval_ctr_numvals(regvals);
+}
+
+static int tcpip_params_fetch_subkeys(const char *key,
+					 REGSUBKEY_CTR *subkey_ctr)
+{
+	return regdb_ops.fetch_subkeys(key, subkey_ctr);
+}
+
+REGISTRY_OPS tcpip_params_reg_ops = {
+	.fetch_values = tcpip_params_fetch_values,
+	.fetch_subkeys = tcpip_params_fetch_subkeys,
+};
diff --git a/source3/registry/reg_cachehook.c b/source3/registry/reg_cachehook.c
index 74670aac30..f9851c7810 100644
--- a/source3/registry/reg_cachehook.c
+++ b/source3/registry/reg_cachehook.c
@@ -37,6 +37,11 @@ bool reghook_cache_init( void )
 {
 	if (cache_tree == NULL) {
 		cache_tree = pathtree_init(&default_hook, NULL);
+		if (cache_tree !=0) {
+			DEBUG(10, ("reghook_cache_init: new tree with default "
+				   "ops %p for key [%s]\n", (void *)&regdb_ops,
+				   KEY_TREE_ROOT));
+		}
 	}
 
 	return (cache_tree != NULL);
@@ -56,7 +61,7 @@ bool reghook_cache_add( REGISTRY_HOOK *hook )
 		return false;
 	}
 
-	key = talloc_asprintf(ctx, "//%s", hook->keyname);
+	key = talloc_asprintf(ctx, "\\%s", hook->keyname);
 	if (!key) {
 		return false;
 	}
@@ -65,7 +70,8 @@ bool reghook_cache_add( REGISTRY_HOOK *hook )
 		return false;
 	}
 
-	DEBUG(10,("reghook_cache_add: Adding key [%s]\n", key));
+	DEBUG(10, ("reghook_cache_add: Adding ops %p for key [%s]\n",
+		   (void *)hook->ops, key));
 
 	return pathtree_add( cache_tree, key, hook );
 }
@@ -102,6 +108,9 @@ REGISTRY_HOOK* reghook_cache_find( const char *keyname )
 	DEBUG(10,("reghook_cache_find: Searching for keyname [%s]\n", key));
 	
 	hook = (REGISTRY_HOOK *)pathtree_find( cache_tree, key ) ;
+
+	DEBUG(10, ("reghook_cache_find: found ops %p for key [%s]\n",
+		   hook ? (void *)hook->ops : 0, key));
 	
 	SAFE_FREE( key );
 	
diff --git a/source3/registry/reg_frontend_hilvl.c b/source3/registry/reg_dispatcher.c
index 73fcf87e17..cdcd045904 100644
--- a/source3/registry/reg_frontend_hilvl.c
+++ b/source3/registry/reg_dispatcher.c
@@ -1,25 +1,25 @@
-/* 
+/*
  *  Unix SMB/CIFS implementation.
  *  Virtual Windows Registry Layer
  *  Copyright (C) Gerald Carter                     2002-2005
- *  Copyright (C) Michael Adam 2006
+ *  Copyright (C) Michael Adam                      2006-2008
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
  *  the Free Software Foundation; either version 3 of the License, or
  *  (at your option) any later version.
- *  
+ *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
- *  
+ *
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  */
 
-/* 
- * Implementation of registry frontend view functions. 
+/*
+ * Implementation of registry frontend view functions.
  * Functions moved from reg_frontend.c to minimize linker deps.
  */
 
@@ -34,7 +34,7 @@ static const struct generic_mapping reg_generic_map =
 /********************************************************************
 ********************************************************************/
 
-static SEC_DESC* construct_registry_sd( TALLOC_CTX *ctx )
+static WERROR construct_registry_sd(TALLOC_CTX *ctx, SEC_DESC **psd)
 {
 	SEC_ACE ace[3];
 	SEC_ACCESS mask;
@@ -44,58 +44,64 @@ static SEC_DESC* construct_registry_sd( TALLOC_CTX *ctx )
 	size_t sd_size;
 
 	/* basic access for Everyone */
-	
-	init_sec_access(&mask, REG_KEY_READ );
-	init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
-	
+
+	init_sec_access(&mask, REG_KEY_READ);
+	init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
+		     mask, 0);
+
 	/* Full Access 'BUILTIN\Administrators' */
-	
-	init_sec_access(&mask, REG_KEY_ALL );
-	init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+	init_sec_access(&mask, REG_KEY_ALL);
+	init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators,
+		     SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
 
 	/* Full Access 'NT Authority\System' */
 
 	init_sec_access(&mask, REG_KEY_ALL );
-	init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED,
+		     mask, 0);
 
-	
 	/* create the security descriptor */
-	
-	if ( !(acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
-		return NULL;
 
-	if ( !(sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, acl, &sd_size)) )
-		return NULL;
+	acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace);
+	if (acl == NULL) {
+		return WERR_NOMEM;
+	}
+
+	sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
+			   &global_sid_Builtin_Administrators,
+			   &global_sid_System, NULL, acl,
+			   &sd_size);
+	if (sd == NULL) {
+		return WERR_NOMEM;
+	}
 
-	return sd;
+	*psd = sd;
+	return WERR_OK;
 }
 
 /***********************************************************************
  High level wrapper function for storing registry subkeys
  ***********************************************************************/
- 
+
 bool store_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkeys )
 {
 	if ( key->hook && key->hook->ops && key->hook->ops->store_subkeys )
 		return key->hook->ops->store_subkeys( key->name, subkeys );
-		
-	return False;
 
+	return false;
 }
 
 /***********************************************************************
  High level wrapper function for storing registry values
  ***********************************************************************/
- 
+
 bool store_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val )
 {
-	if ( check_dynamic_reg_values( key ) )
-		return False;
-
 	if ( key->hook && key->hook->ops && key->hook->ops->store_values )
 		return key->hook->ops->store_values( key->name, val );
 
-	return False;
+	return false;
 }
 
 /***********************************************************************
@@ -106,7 +112,7 @@ bool store_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val )
 int fetch_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkey_ctr )
 {
 	int result = -1;
-	
+
 	if ( key->hook && key->hook->ops && key->hook->ops->fetch_subkeys )
 		result = key->hook->ops->fetch_subkeys( key->name, subkey_ctr );
 
@@ -120,23 +126,18 @@ int fetch_reg_keys( REGISTRY_KEY *key, REGSUBKEY_CTR *subkey_ctr )
 int fetch_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val )
 {
 	int result = -1;
-	
+
+	DEBUG(10, ("fetch_reg_values called for key '%s' (ops %p)\n", key->name,
+		   (key->hook && key->hook->ops) ? (void *)key->hook->ops : NULL));
+
 	if ( key->hook && key->hook->ops && key->hook->ops->fetch_values )
 		result = key->hook->ops->fetch_values( key->name, val );
-	
-	/* if the backend lookup returned no data, try the dynamic overlay */
-	
-	if ( result == 0 ) {
-		result = fetch_dynamic_reg_values( key, val );
 
-		return ( result != -1 ) ? result : 0;
-	}
-	
 	return result;
 }
 
 /***********************************************************************
- High level access check for passing the required access mask to the 
+ High level access check for passing the required access mask to the
  underlying registry backend
  ***********************************************************************/
 
@@ -161,21 +162,21 @@ bool regkey_access_check( REGISTRY_KEY *key, uint32 requested, uint32 *granted,
 	 */
 
 	if (!(mem_ctx = talloc_init("regkey_access_check"))) {
-		return False;
+		return false;
 	}
 
 	err = regkey_get_secdesc(mem_ctx, key, &sec_desc);
 
 	if (!W_ERROR_IS_OK(err)) {
 		TALLOC_FREE(mem_ctx);
-		return False;
+		return false;
 	}
 
 	se_map_generic( &requested, &reg_generic_map );
 
 	if (!se_access_check(sec_desc, token, requested, granted, &status)) {
 		TALLOC_FREE(mem_ctx);
-		return False;
+		return false;
 	}
 
 	TALLOC_FREE(mem_ctx);
@@ -186,19 +187,19 @@ WERROR regkey_get_secdesc(TALLOC_CTX *mem_ctx, REGISTRY_KEY *key,
 			  struct security_descriptor **psecdesc)
 {
 	struct security_descriptor *secdesc;
+	WERROR werr;
 
 	if (key->hook && key->hook->ops && key->hook->ops->get_secdesc) {
-		WERROR err;
-
-		err = key->hook->ops->get_secdesc(mem_ctx, key->name,
-						  psecdesc);
-		if (W_ERROR_IS_OK(err)) {
+		werr = key->hook->ops->get_secdesc(mem_ctx, key->name,
+						   psecdesc);
+		if (W_ERROR_IS_OK(werr)) {
 			return WERR_OK;
 		}
 	}
 
-	if (!(secdesc = construct_registry_sd(mem_ctx))) {
-		return WERR_NOMEM;
+	werr = construct_registry_sd(mem_ctx, &secdesc);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
 	}
 
 	*psecdesc = secdesc;
diff --git a/source3/registry/reg_dynamic.c b/source3/registry/reg_dynamic.c
deleted file mode 100644
index e70bd178f9..0000000000
--- a/source3/registry/reg_dynamic.c
+++ /dev/null
@@ -1,264 +0,0 @@
-/* 
- *  Unix SMB/CIFS implementation.
- *  Virtual Windows Registry Layer
- *  Copyright (C) Gerald Carter                     2002-2005
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 3 of the License, or
- *  (at your option) any later version.
- *  
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *  
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/* Implementation of registry frontend view functions. */
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_REGISTRY
-
-struct reg_dyn_values {
-	const char *path;
-	int (*fetch_values) ( REGVAL_CTR *val );
-};
-
-/***********************************************************************
-***********************************************************************/
-
-static int netlogon_params( REGVAL_CTR *regvals )
-{
-	uint32 dwValue;
-	
-	if ( !pdb_get_account_policy(AP_REFUSE_MACHINE_PW_CHANGE, &dwValue) )
-		dwValue = 0;
-		
-	regval_ctr_addvalue( regvals, "RefusePasswordChange", REG_DWORD,
-		(char*)&dwValue, sizeof(dwValue) );
-
-	return regval_ctr_numvals( regvals );
-}
-
-/***********************************************************************
-***********************************************************************/
-
-static int prod_options( REGVAL_CTR *regvals )
-{
-	const char              *value_ascii = "";
-	fstring                 value;
-	int                     value_length;
-	
-	switch (lp_server_role()) {
-		case ROLE_DOMAIN_PDC:
-		case ROLE_DOMAIN_BDC:
-			value_ascii = "LanmanNT";
-			break;
-		case ROLE_STANDALONE:
-			value_ascii = "ServerNT";
-			break;
-		case ROLE_DOMAIN_MEMBER:
-			value_ascii = "WinNT";
-			break;
-	}
-		
-	value_length = push_ucs2( value, value, value_ascii, sizeof(value), 
-		STR_TERMINATE|STR_NOALIGN );
-	regval_ctr_addvalue( regvals, "ProductType", REG_SZ, value, 
-		value_length );
-	
-	return regval_ctr_numvals( regvals );
-}
-
-/***********************************************************************
-***********************************************************************/
-
-static int tcpip_params( REGVAL_CTR *regvals )
-{
-	fstring                 value;
-	int                     value_length;
-	char   			*hname;
-	char *mydomainname = NULL;
-
-	hname = myhostname();
-	value_length = push_ucs2( value, value, hname, sizeof(value), STR_TERMINATE|STR_NOALIGN);		
-	regval_ctr_addvalue( regvals, "Hostname",REG_SZ, value, value_length );
-
-	mydomainname = get_mydnsdomname(talloc_tos());
-	if (!mydomainname) {
-		return -1;
-	}
-
-	value_length = push_ucs2( value, value, mydomainname, sizeof(value), STR_TERMINATE|STR_NOALIGN);		
-	regval_ctr_addvalue( regvals, "Domain", REG_SZ, value, value_length );
-
-	return regval_ctr_numvals( regvals );
-}
-
-/***********************************************************************
-***********************************************************************/
-
-static int perflib_params( REGVAL_CTR *regvals )
-{
-	int base_index = -1;
-	int last_counter = -1;
-	int last_help = -1;
-	int version = 0x00010001;
-	
-	base_index = reg_perfcount_get_base_index();
-	regval_ctr_addvalue(regvals, "Base Index", REG_DWORD, (char *)&base_index, sizeof(base_index));
-	last_counter = reg_perfcount_get_last_counter(base_index);
-	regval_ctr_addvalue(regvals, "Last Counter", REG_DWORD, (char *)&last_counter, sizeof(last_counter));
-	last_help = reg_perfcount_get_last_help(last_counter);
-	regval_ctr_addvalue(regvals, "Last Help", REG_DWORD, (char *)&last_help, sizeof(last_help));
-	regval_ctr_addvalue(regvals, "Version", REG_DWORD, (char *)&version, sizeof(version));
-
-	return regval_ctr_numvals( regvals );
-}
-
-/***********************************************************************
-***********************************************************************/
-
-static int perflib_009_params( REGVAL_CTR *regvals )
-{
-	int base_index;
-	int buffer_size;
-	char *buffer = NULL;
-
-	base_index = reg_perfcount_get_base_index();
-	buffer_size = reg_perfcount_get_counter_names(base_index, &buffer);
-	regval_ctr_addvalue(regvals, "Counter", REG_MULTI_SZ, buffer, buffer_size);
-	if(buffer_size > 0)
-		SAFE_FREE(buffer);
-	buffer_size = reg_perfcount_get_counter_help(base_index, &buffer);
-	regval_ctr_addvalue(regvals, "Help", REG_MULTI_SZ, buffer, buffer_size);
-	if(buffer_size > 0)
-		SAFE_FREE(buffer);
-	
-	return regval_ctr_numvals( regvals );
-}
-
-/***********************************************************************
-***********************************************************************/
-
-static int hkpt_params( REGVAL_CTR *regvals )
-{
-	uint32 base_index;
-	uint32 buffer_size;
-	char *buffer = NULL;
-
-	/* This is ALMOST the same as perflib_009_params, but HKPT has
-	   a "Counters" entry instead of a "Counter" key. <Grrrr> */
-	   
-	base_index = reg_perfcount_get_base_index();
-	buffer_size = reg_perfcount_get_counter_names(base_index, &buffer);
-	regval_ctr_addvalue(regvals, "Counters", REG_MULTI_SZ, buffer, buffer_size);
-	
-	if(buffer_size > 0)
-		SAFE_FREE(buffer);
-		
-	buffer_size = reg_perfcount_get_counter_help(base_index, &buffer);
-	regval_ctr_addvalue(regvals, "Help", REG_MULTI_SZ, buffer, buffer_size);
-	if(buffer_size > 0)
-		SAFE_FREE(buffer);
-	
-	return regval_ctr_numvals( regvals );
-}
-
-/***********************************************************************
-***********************************************************************/
-
-static int current_version( REGVAL_CTR *values )
-{
-	const char *sysroot_string = "c:\\Windows";
-	fstring sysversion;
-	fstring value;
-	uint32 value_length;
-	
-	value_length = push_ucs2( value, value, sysroot_string, sizeof(value), 
-		STR_TERMINATE|STR_NOALIGN );
-	regval_ctr_addvalue( values, "SystemRoot", REG_SZ, value, value_length );
-	
-	fstr_sprintf( sysversion, "%d.%d", lp_major_announce_version(), lp_minor_announce_version() );
-	value_length = push_ucs2( value, value, sysversion, sizeof(value), 
-		STR_TERMINATE|STR_NOALIGN );
-	regval_ctr_addvalue( values, "CurrentVersion", REG_SZ, value, value_length );
-	
-		
-	return regval_ctr_numvals( values );
-}
-
-
-/***********************************************************************
- Structure holding the registry paths and pointers to the value 
- enumeration functions
-***********************************************************************/
-
-static struct reg_dyn_values dynamic_values[] = {
-	{ "HKLM/SYSTEM/CURRENTCONTROLSET/SERVICES/NETLOGON/PARAMETERS", &netlogon_params  },
-	{ "HKLM/SYSTEM/CURRENTCONTROLSET/CONTROL/PRODUCTOPTIONS",       &prod_options     },
-	{ "HKLM/SYSTEM/CURRENTCONTROLSET/SERVICES/TCPIP/PARAMETERS",    &tcpip_params     },
-	{ "HKLM/SOFTWARE/MICROSOFT/WINDOWS NT/CURRENTVERSION/PERFLIB",  &perflib_params   }, 
-	{ "HKLM/SOFTWARE/MICROSOFT/WINDOWS NT/CURRENTVERSION/PERFLIB/009", &perflib_009_params }, 
-	{ "HKLM/SOFTWARE/MICROSOFT/WINDOWS NT/CURRENTVERSION",          &current_version }, 
-	{ "HKPT", &hkpt_params },
-	{ NULL, NULL }
-};
-
-/***********************************************************************
-***********************************************************************/
-
-int fetch_dynamic_reg_values( REGISTRY_KEY *key, REGVAL_CTR *val )
-{
-	int i;
-	char *path = NULL;
-	TALLOC_CTX *ctx = talloc_tos();
-
-	path = talloc_strdup(ctx, key->name);
-	if (!path) {
-		return -1;
-	}
-	path = normalize_reg_path(ctx, path);
-	if (!path) {
-		return -1;
-	}
-
-	for ( i=0; dynamic_values[i].path; i++ ) {
-		if ( strcmp( path, dynamic_values[i].path ) == 0 )
-			return dynamic_values[i].fetch_values( val );
-	}
-
-	return -1;
-}
-
-/***********************************************************************
-***********************************************************************/
-
-bool check_dynamic_reg_values( REGISTRY_KEY *key )
-{
-	int i;
-	char *path = NULL;
-	TALLOC_CTX *ctx = talloc_tos();
-
-	path = talloc_strdup(ctx, key->name);
-	if (!path) {
-		return false;
-	}
-	path = normalize_reg_path(ctx, path);
-	if (!path) {
-		return false;
-	}
-
-	for ( i=0; dynamic_values[i].path; i++ ) {
-		/* can't write to dynamic keys */
-		if ( strcmp( path, dynamic_values[i].path ) == 0 )
-			return true;
-	}
-
-	return false;
-}
diff --git a/source3/registry/reg_frontend.c b/source3/registry/reg_frontend.c
deleted file mode 100644
index 40d9192b08..0000000000
--- a/source3/registry/reg_frontend.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/* 
- *  Unix SMB/CIFS implementation.
- *  Virtual Windows Registry Layer
- *  Copyright (C) Gerald Carter                     2002-2005
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 3 of the License, or
- *  (at your option) any later version.
- *  
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *  
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/* Implementation of registry frontend view functions. */
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_REGISTRY
-
-extern REGISTRY_OPS printing_ops;
-extern REGISTRY_OPS eventlog_ops;
-extern REGISTRY_OPS shares_reg_ops;
-extern REGISTRY_OPS smbconf_reg_ops;
-extern REGISTRY_OPS regdb_ops;		/* these are the default */
-
-/* array of REGISTRY_HOOK's which are read into a tree for easy access */
-/* #define REG_TDB_ONLY		1 */
-
-REGISTRY_HOOK reg_hooks[] = {
-#ifndef REG_TDB_ONLY 
-  { KEY_PRINTING,    		&printing_ops },
-  { KEY_PRINTING_2K, 		&printing_ops },
-  { KEY_PRINTING_PORTS, 	&printing_ops },
-  { KEY_SHARES,      		&shares_reg_ops },
-  { KEY_SMBCONF,      		&smbconf_reg_ops },
-#endif
-  { NULL, NULL }
-};
-
-/***********************************************************************
- Open the registry database and initialize the REGISTRY_HOOK cache
- ***********************************************************************/
- 
-bool init_registry( void )
-{
-	int i;
-	bool ret = false;
-	TALLOC_CTX *frame = talloc_stackframe();
-	
-	
-	if ( !regdb_init() ) {
-		DEBUG(0,("init_registry: failed to initialize the registry tdb!\n"));
-		goto fail;
-	}
-
-	/* build the cache tree of registry hooks */
-	
-	reghook_cache_init();
-	
-	for ( i=0; reg_hooks[i].keyname; i++ ) {
-		if ( !reghook_cache_add(&reg_hooks[i]) )
-			goto fail;
-	}
-
-	if ( DEBUGLEVEL >= 20 )
-		reghook_dump_cache(20);
-
-	/* add any keys for other services */
-
-	svcctl_init_keys();
-	eventlog_init_keys();
-	perfcount_init_keys();
-
-	/* close and let each smbd open up as necessary */
-
-	regdb_close();
-
-	ret = true;
- fail:
-	TALLOC_FREE(frame);
-	return ret;
-}
-
-WERROR regkey_open_internal( TALLOC_CTX *ctx, REGISTRY_KEY **regkey,
-			     const char *path,
-                             const struct nt_user_token *token,
-			     uint32 access_desired )
-{
-	struct registry_key *key;
-	WERROR err;
-
-	err = reg_open_path(NULL, path, access_desired, token, &key);
-	if (!W_ERROR_IS_OK(err)) {
-		return err;
-	}
-
-	*regkey = talloc_move(ctx, &key->key);
-	TALLOC_FREE(key);
-	return WERR_OK;
-}
-
-/*
- * Utility function to create a registry key without opening the hive
- * before. Assumes the hive already exists.
- */
-
-WERROR reg_create_path(TALLOC_CTX *mem_ctx, const char *orig_path,
-		       uint32 desired_access,
-		       const struct nt_user_token *token,
-		       enum winreg_CreateAction *paction,
-		       struct registry_key **pkey)
-{
-	struct registry_key *hive;
-	char *path, *p;
-	WERROR err;
-
-	if (!(path = SMB_STRDUP(orig_path))) {
-		return WERR_NOMEM;
-	}
-
-	p = strchr(path, '\\');
-
-	if ((p == NULL) || (p[1] == '\0')) {
-		/*
-		 * No key behind the hive, just return the hive
-		 */
-
-		err = reg_openhive(mem_ctx, path, desired_access, token,
-				   &hive);
-		if (!W_ERROR_IS_OK(err)) {
-			SAFE_FREE(path);
-			return err;
-		}
-		SAFE_FREE(path);
-		*pkey = hive;
-		*paction = REG_OPENED_EXISTING_KEY;
-		return WERR_OK;
-	}
-
-	*p = '\0';
-
-	err = reg_openhive(mem_ctx, path,
-			   (strchr(p+1, '\\') != NULL) ?
-			   SEC_RIGHTS_ENUM_SUBKEYS : SEC_RIGHTS_CREATE_SUBKEY,
-			   token, &hive);
-	if (!W_ERROR_IS_OK(err)) {
-		SAFE_FREE(path);
-		return err;
-	}
-
-	err = reg_createkey(mem_ctx, hive, p+1, desired_access, pkey, paction);
-	SAFE_FREE(path);
-	TALLOC_FREE(hive);
-	return err;
-}
-
-/*
- * Utility function to create a registry key without opening the hive
- * before. Will not delete a hive.
- */
-
-WERROR reg_delete_path(const struct nt_user_token *token,
-		       const char *orig_path)
-{
-	struct registry_key *hive;
-	char *path, *p;
-	WERROR err;
-
-	if (!(path = SMB_STRDUP(orig_path))) {
-		return WERR_NOMEM;
-	}
-
-	p = strchr(path, '\\');
-
-	if ((p == NULL) || (p[1] == '\0')) {
-		SAFE_FREE(path);
-		return WERR_INVALID_PARAM;
-	}
-
-	*p = '\0';
-
-	err = reg_openhive(NULL, path,
-			   (strchr(p+1, '\\') != NULL) ?
-			   SEC_RIGHTS_ENUM_SUBKEYS : SEC_RIGHTS_CREATE_SUBKEY,
-			   token, &hive);
-	if (!W_ERROR_IS_OK(err)) {
-		SAFE_FREE(path);
-		return err;
-	}
-
-	err = reg_deletekey(hive, p+1);
-	SAFE_FREE(path);
-	TALLOC_FREE(hive);
-	return err;
-}
diff --git a/source3/registry/reg_init_full.c b/source3/registry/reg_init_full.c
new file mode 100644
index 0000000000..b6a644bb11
--- /dev/null
+++ b/source3/registry/reg_init_full.c
@@ -0,0 +1,103 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  Virtual Windows Registry Layer
+ *  Copyright (C) Gerald Carter                     2002-2005
+ *  Copyright (C) Michael Adam                      2008
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* Initialize the registry with all available backends. */
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_REGISTRY
+
+extern REGISTRY_OPS printing_ops;
+extern REGISTRY_OPS eventlog_ops;
+extern REGISTRY_OPS shares_reg_ops;
+extern REGISTRY_OPS smbconf_reg_ops;
+extern REGISTRY_OPS netlogon_params_reg_ops;
+extern REGISTRY_OPS prod_options_reg_ops;
+extern REGISTRY_OPS tcpip_params_reg_ops;
+extern REGISTRY_OPS hkpt_params_reg_ops;
+extern REGISTRY_OPS current_version_reg_ops;
+extern REGISTRY_OPS perflib_reg_ops;
+extern REGISTRY_OPS regdb_ops;		/* these are the default */
+
+/* array of REGISTRY_HOOK's which are read into a tree for easy access */
+/* #define REG_TDB_ONLY		1 */
+
+REGISTRY_HOOK reg_hooks[] = {
+#ifndef REG_TDB_ONLY 
+  { KEY_PRINTING,    		&printing_ops },
+  { KEY_PRINTING_2K, 		&printing_ops },
+  { KEY_PRINTING_PORTS, 	&printing_ops },
+  { KEY_SHARES,      		&shares_reg_ops },
+  { KEY_SMBCONF,      		&smbconf_reg_ops },
+  { KEY_NETLOGON_PARAMS,	&netlogon_params_reg_ops },
+  { KEY_PROD_OPTIONS,		&prod_options_reg_ops },
+  { KEY_TCPIP_PARAMS,		&tcpip_params_reg_ops },
+  { KEY_HKPT,			&hkpt_params_reg_ops },
+  { KEY_CURRENT_VERSION,	&current_version_reg_ops },
+  { KEY_PERFLIB,		&perflib_reg_ops },
+#endif
+  { NULL, NULL }
+};
+
+/***********************************************************************
+ Open the registry database and initialize the REGISTRY_HOOK cache
+ with all available backens.
+ ***********************************************************************/
+ 
+bool init_registry( void )
+{
+	int i;
+	bool ret = false;
+	TALLOC_CTX *frame = talloc_stackframe();
+	
+	
+	if ( !regdb_init() ) {
+		DEBUG(0,("init_registry: failed to initialize the registry tdb!\n"));
+		goto fail;
+	}
+
+	/* build the cache tree of registry hooks */
+	
+	reghook_cache_init();
+	
+	for ( i=0; reg_hooks[i].keyname; i++ ) {
+		if ( !reghook_cache_add(&reg_hooks[i]) )
+			goto fail;
+	}
+
+	if ( DEBUGLEVEL >= 20 )
+		reghook_dump_cache(20);
+
+	/* add any keys for other services */
+
+	svcctl_init_keys();
+	eventlog_init_keys();
+	perfcount_init_keys();
+
+	/* close and let each smbd open up as necessary */
+
+	regdb_close();
+
+	ret = true;
+ fail:
+	TALLOC_FREE(frame);
+	return ret;
+}
diff --git a/source3/lib/util_reg_smbconf.c b/source3/registry/reg_init_smbconf.c
index 6452b0b15b..b7e6add112 100644
--- a/source3/lib/util_reg_smbconf.c
+++ b/source3/registry/reg_init_smbconf.c
@@ -67,13 +67,13 @@ done:
  * for use in places where not the whole registry is needed,
  * e.g. utils/net_conf.c and loadparm.c
  */
-bool registry_init_regdb(void)
+bool registry_init_smbconf(void)
 {
 	bool ret = false;
 	int saved_errno = 0;
 	static REGISTRY_HOOK smbconf_reg_hook = {KEY_SMBCONF, &smbconf_reg_ops};
 
-	DEBUG(10, ("registry_init_regdb called\n"));
+	DEBUG(10, ("registry_init_smbconf called\n"));
 
 	if (!regdb_init()) {
 		saved_errno = errno;
diff --git a/source3/registry/reg_util_legacy.c b/source3/registry/reg_util_legacy.c
new file mode 100644
index 0000000000..3e68025ae9
--- /dev/null
+++ b/source3/registry/reg_util_legacy.c
@@ -0,0 +1,47 @@
+/* 
+ *  Unix SMB/CIFS implementation.
+ *  Virtual Windows Registry Layer
+ *  Copyright (C) Gerald Carter                     2002-2005
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *  
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *  
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* Implementation of registry frontend view functions. */
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_REGISTRY
+
+/**
+ * legacy open key function that should be replaced by uses of
+ * reg_open_path
+ */
+WERROR regkey_open_internal( TALLOC_CTX *ctx, REGISTRY_KEY **regkey,
+			     const char *path,
+                             const struct nt_user_token *token,
+			     uint32 access_desired )
+{
+	struct registry_key *key;
+	WERROR err;
+
+	err = reg_open_path(NULL, path, access_desired, token, &key);
+	if (!W_ERROR_IS_OK(err)) {
+		return err;
+	}
+
+	*regkey = talloc_move(ctx, &key->key);
+	TALLOC_FREE(key);
+	return WERR_OK;
+}
diff --git a/source3/registry/regfio.c b/source3/registry/regfio.c
index 92077aa847..1c3aad7a25 100644
--- a/source3/registry/regfio.c
+++ b/source3/registry/regfio.c
@@ -1171,7 +1171,6 @@ out:
 	
 	if ( !(rb->mem_ctx = talloc_init( "read_regf_block" )) ) {
 		regfio_close( rb );
-		SAFE_FREE(rb);
 		return NULL;
 	}
 
@@ -1182,7 +1181,6 @@ out:
 	if ( (rb->fd = open(filename, flags, mode)) == -1 ) {
 		DEBUG(0,("regfio_open: failure to open %s (%s)\n", filename, strerror(errno)));
 		regfio_close( rb );
-		SAFE_FREE(rb);
 		return NULL;
 	}
 	
@@ -1192,7 +1190,6 @@ out:
 		if ( !init_regf_block( rb ) ) {
 			DEBUG(0,("regfio_open: Failed to read initial REGF block\n"));
 			regfio_close( rb );
-			SAFE_FREE(rb);
 			return NULL;
 		}
 		
@@ -1205,7 +1202,6 @@ out:
 	if ( !read_regf_block( rb ) ) {
 		DEBUG(0,("regfio_open: Failed to read initial REGF block\n"));
 		regfio_close( rb );
-		SAFE_FREE(rb);
 		return NULL;
 	}
 	
@@ -1234,7 +1230,7 @@ static void regfio_mem_free( REGF_FILE *file )
 
 	/* cleanup for a file opened for write */
 
-	if ( file->open_flags & (O_WRONLY|O_RDWR) ) {
+	if ((file->fd != -1) && (file->open_flags & (O_WRONLY|O_RDWR))) {
 		prs_struct ps;
 		REGF_SK_REC *sk;
 
diff --git a/source3/rpc_client/cli_ds.c b/source3/rpc_client/cli_ds.c
deleted file mode 100644
index 71516b89f2..0000000000
--- a/source3/rpc_client/cli_ds.c
+++ /dev/null
@@ -1,138 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   RPC pipe client
-   Copyright (C) Gerald Carter                        2002,
-   Copyright (C) Jeremy Allison				2005.
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-
-/* implementations of client side DsXXX() functions */
-
-/********************************************************************
- Get information about the server and directory services
-********************************************************************/
-
-NTSTATUS rpccli_ds_getprimarydominfo(struct rpc_pipe_client *cli,
-				     TALLOC_CTX *mem_ctx, 
-				     uint16 level, DS_DOMINFO_CTR *ctr)
-{
-	prs_struct qbuf, rbuf;
-	DS_Q_GETPRIMDOMINFO q;
-	DS_R_GETPRIMDOMINFO r;
-	NTSTATUS result;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	q.level = level;
-	
-	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC_DS, DS_GETPRIMDOMINFO,
-		q, r,
-		qbuf, rbuf,
-		ds_io_q_getprimdominfo,
-		ds_io_r_getprimdominfo,
-		NT_STATUS_UNSUCCESSFUL);
-	
-	/* Return basic info - if we are requesting at info != 1 then
-	   there could be trouble. */ 
-
-	result = r.status;
-
-	if ( r.ptr && ctr ) {
-		ctr->basic = TALLOC_P(mem_ctx, DSROLE_PRIMARY_DOMAIN_INFO_BASIC);
-		if (!ctr->basic)
-			goto done;
-		memcpy(ctr->basic, r.info.basic, sizeof(DSROLE_PRIMARY_DOMAIN_INFO_BASIC));
-	}
-	
-done:
-
-	return result;
-}
-
-/********************************************************************
- Enumerate trusted domains in an AD forest
-********************************************************************/
-
-NTSTATUS rpccli_ds_enum_domain_trusts(struct rpc_pipe_client *cli,
-				      TALLOC_CTX *mem_ctx, 
-				      const char *server, uint32 flags, 
-				      struct ds_domain_trust **trusts,
-				      uint32 *num_domains)
-{
-	prs_struct qbuf, rbuf;
-	DS_Q_ENUM_DOM_TRUSTS q;
-	DS_R_ENUM_DOM_TRUSTS r;
-	NTSTATUS result;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	init_q_ds_enum_domain_trusts( &q, server, flags );
-		
-	CLI_DO_RPC( cli, mem_ctx, PI_NETLOGON, DS_ENUM_DOM_TRUSTS,
-		q, r,
-		qbuf, rbuf,
-		ds_io_q_enum_domain_trusts,
-		ds_io_r_enum_domain_trusts,
-		NT_STATUS_UNSUCCESSFUL);
-	
-	result = r.status;
-	
-	if ( NT_STATUS_IS_OK(result) ) {
-		int i;
-	
-		*num_domains = r.num_domains;
-		if (r.num_domains) {
-			*trusts = TALLOC_ARRAY(mem_ctx, struct ds_domain_trust, r.num_domains);
-
-			if (*trusts == NULL) {
-				return NT_STATUS_NO_MEMORY;
-			}
-		} else {
-			*trusts = NULL;
-		}
-
-		for ( i=0; i< *num_domains; i++ ) {
-			(*trusts)[i].flags = r.domains.trusts[i].flags;
-			(*trusts)[i].parent_index = r.domains.trusts[i].parent_index;
-			(*trusts)[i].trust_type = r.domains.trusts[i].trust_type;
-			(*trusts)[i].trust_attributes = r.domains.trusts[i].trust_attributes;
-			(*trusts)[i].guid = r.domains.trusts[i].guid;
-
-			if (r.domains.trusts[i].sid_ptr) {
-				sid_copy(&(*trusts)[i].sid, &r.domains.trusts[i].sid.sid);
-			} else {
-				ZERO_STRUCT((*trusts)[i].sid);
-			}
-
-			if (r.domains.trusts[i].netbios_ptr) {
-				(*trusts)[i].netbios_domain = unistr2_to_ascii_talloc( mem_ctx, &r.domains.trusts[i].netbios_domain );
-			} else {
-				(*trusts)[i].netbios_domain = NULL;
-			}
-
-			if (r.domains.trusts[i].dns_ptr) {
-				(*trusts)[i].dns_domain = unistr2_to_ascii_talloc( mem_ctx, &r.domains.trusts[i].dns_domain );
-			} else {
-				(*trusts)[i].dns_domain = NULL;
-			}
-		}
-	}
-	
-	return result;
-}
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index 286cc210e2..2759881dd3 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -6,6 +6,7 @@
    Copyright (C) Rafal Szczesniak                       2002
    Copyright (C) Jeremy Allison				2005.
    Copyright (C) Michael Adam				2007.
+   Copyright (C) Guenther Deschner			2008.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -45,42 +46,34 @@ NTSTATUS rpccli_lsa_open_policy(struct rpc_pipe_client *cli,
 				bool sec_qos, uint32 des_access,
 				POLICY_HND *pol)
 {
-	prs_struct qbuf, rbuf;
-	LSA_Q_OPEN_POL q;
-	LSA_R_OPEN_POL r;
-	LSA_SEC_QOS qos;
-	NTSTATUS result;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Initialise input parameters */
+	struct lsa_ObjectAttribute attr;
+	struct lsa_QosInfo qos;
+	uint16_t system_name = '\\';
 
 	if (sec_qos) {
-		init_lsa_sec_qos(&qos, 2, 1, 0);
-		init_q_open_pol(&q, '\\', 0, des_access, &qos);
+		init_lsa_sec_qos(&qos, 0xc, 2, 1, 0);
+		init_lsa_obj_attr(&attr,
+				  0x18,
+				  NULL,
+				  NULL,
+				  0,
+				  NULL,
+				  &qos);
 	} else {
-		init_q_open_pol(&q, '\\', 0, des_access, NULL);
-	}
-
-	/* Marshall data and send request */
-
-	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENPOLICY,
-			q, r,
-			qbuf, rbuf,
-			lsa_io_q_open_pol,
-			lsa_io_r_open_pol,
-			NT_STATUS_UNSUCCESSFUL );
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	if (NT_STATUS_IS_OK(result)) {
-		*pol = r.pol;
-	}
-
-	return result;
+		init_lsa_obj_attr(&attr,
+				  0x18,
+				  NULL,
+				  NULL,
+				  0,
+				  NULL,
+				  NULL);
+	}
+
+	return rpccli_lsa_OpenPolicy(cli, mem_ctx,
+				     &system_name,
+				     &attr,
+				     des_access,
+				     pol);
 }
 
 /** Open a LSA policy handle
@@ -92,39 +85,34 @@ NTSTATUS rpccli_lsa_open_policy2(struct rpc_pipe_client *cli,
 				 TALLOC_CTX *mem_ctx, bool sec_qos,
 				 uint32 des_access, POLICY_HND *pol)
 {
-	prs_struct qbuf, rbuf;
-	LSA_Q_OPEN_POL2 q;
-	LSA_R_OPEN_POL2 r;
-	LSA_SEC_QOS qos;
-	NTSTATUS result;
+	struct lsa_ObjectAttribute attr;
+	struct lsa_QosInfo qos;
 	char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
 
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
 	if (sec_qos) {
-		init_lsa_sec_qos(&qos, 2, 1, 0);
-		init_q_open_pol2(&q, srv_name_slash, 0, des_access, &qos);
+		init_lsa_sec_qos(&qos, 0xc, 2, 1, 0);
+		init_lsa_obj_attr(&attr,
+				  0x18,
+				  NULL,
+				  NULL,
+				  0,
+				  NULL,
+				  &qos);
 	} else {
-		init_q_open_pol2(&q, srv_name_slash, 0, des_access, NULL);
-	}
-
-	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENPOLICY2,
-			q, r,
-			qbuf, rbuf,
-			lsa_io_q_open_pol2,
-			lsa_io_r_open_pol2,
-			NT_STATUS_UNSUCCESSFUL );
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	if (NT_STATUS_IS_OK(result)) {
-		*pol = r.pol;
-	}
-
-	return result;
+		init_lsa_obj_attr(&attr,
+				  0x18,
+				  NULL,
+				  NULL,
+				  0,
+				  NULL,
+				  NULL);
+	}
+
+	return rpccli_lsa_OpenPolicy2(cli, mem_ctx,
+				      srv_name_slash,
+				      &attr,
+				      des_access,
+				      pol);
 }
 
 /* Lookup a list of sids
@@ -141,13 +129,16 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli,
 					       char **names,
 					       enum lsa_SidType *types)
 {
-	prs_struct qbuf, rbuf;
-	LSA_Q_LOOKUP_SIDS q;
-	LSA_R_LOOKUP_SIDS r;
-	DOM_R_REF ref;
 	NTSTATUS result = NT_STATUS_OK;
 	TALLOC_CTX *tmp_ctx = NULL;
 	int i;
+	struct lsa_SidArray sid_array;
+	struct lsa_RefDomainList *ref_domains = NULL;
+	struct lsa_TransNameArray lsa_names;
+	uint32_t count = 0;
+	uint16_t level = 1;
+
+	ZERO_STRUCT(lsa_names);
 
 	tmp_ctx = talloc_new(mem_ctx);
 	if (!tmp_ctx) {
@@ -156,38 +147,42 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli,
 		goto done;
 	}
 
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	init_q_lookup_sids(tmp_ctx, &q, pol, num_sids, sids, 1);
-
-	ZERO_STRUCT(ref);
+	sid_array.num_sids = num_sids;
+	sid_array.sids = TALLOC_ARRAY(mem_ctx, struct lsa_SidPtr, num_sids);
+	if (!sid_array.sids) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
-	r.dom_ref = &ref;
+	for (i = 0; i<num_sids; i++) {
+		sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[i]);
+		if (!sid_array.sids[i].sid) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
 
-	CLI_DO_RPC( cli, tmp_ctx, PI_LSARPC, LSA_LOOKUPSIDS,
-			q, r,
-			qbuf, rbuf,
-			lsa_io_q_lookup_sids,
-			lsa_io_r_lookup_sids,
-			NT_STATUS_UNSUCCESSFUL );
+	result = rpccli_lsa_LookupSids(cli, mem_ctx,
+				       pol,
+				       &sid_array,
+				       &ref_domains,
+				       &lsa_names,
+				       level,
+				       &count);
 
 	DEBUG(10, ("LSA_LOOKUPSIDS returned '%s', mapped count = %d'\n",
-		   nt_errstr(r.status), r.mapped_count));
+		   nt_errstr(result), count));
 
-	if (!NT_STATUS_IS_OK(r.status) &&
-	    !NT_STATUS_EQUAL(r.status, NT_STATUS_NONE_MAPPED) &&
-	    !NT_STATUS_EQUAL(r.status, STATUS_SOME_UNMAPPED))
+	if (!NT_STATUS_IS_OK(result) &&
+	    !NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) &&
+	    !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
 	{
 		/* An actual error occured */
-		result = r.status;
 		goto done;
 	}
 
 	/* Return output parameters */
 
-	if (NT_STATUS_EQUAL(r.status, NT_STATUS_NONE_MAPPED) ||
-	    (r.mapped_count == 0))
+	if (NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) ||
+	    (count == 0))
 	{
 		for (i = 0; i < num_sids; i++) {
 			(names)[i] = NULL;
@@ -199,21 +194,19 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli,
 	}
 
 	for (i = 0; i < num_sids; i++) {
-		fstring name, dom_name;
-		uint32 dom_idx = r.names.name[i].domain_idx;
+		const char *name, *dom_name;
+		uint32_t dom_idx = lsa_names.names[i].sid_index;
 
 		/* Translate optimised name through domain index array */
 
 		if (dom_idx != 0xffffffff) {
 
-			rpcstr_pull_unistr2_fstring(
-                                dom_name, &ref.ref_dom[dom_idx].uni_dom_name);
-			rpcstr_pull_unistr2_fstring(
-                                name, &r.names.uni_name[i]);
+			dom_name = ref_domains->domains[dom_idx].name.string;
+			name = lsa_names.names[i].name.string;
 
 			(names)[i] = talloc_strdup(mem_ctx, name);
 			(domains)[i] = talloc_strdup(mem_ctx, dom_name);
-			(types)[i] = r.names.name[i].sid_name_use;
+			(types)[i] = lsa_names.names[i].sid_type;
 
 			if (((names)[i] == NULL) || ((domains)[i] == NULL)) {
 				DEBUG(0, ("cli_lsa_lookup_sids_noalloc(): out of memory\n"));
@@ -361,29 +354,32 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
 				 DOM_SID **sids,
 				 enum lsa_SidType **types)
 {
-	prs_struct qbuf, rbuf;
-	LSA_Q_LOOKUP_NAMES q;
-	LSA_R_LOOKUP_NAMES r;
-	DOM_R_REF ref;
 	NTSTATUS result;
 	int i;
+	struct lsa_String *lsa_names = NULL;
+	struct lsa_RefDomainList *domains = NULL;
+	struct lsa_TransSidArray sid_array;
+	uint32_t count = 0;
 
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	ZERO_STRUCT(ref);
-	r.dom_ref = &ref;
+	ZERO_STRUCT(sid_array);
 
-	init_q_lookup_names(mem_ctx, &q, pol, num_names, names, level);
+	lsa_names = TALLOC_ARRAY(mem_ctx, struct lsa_String, num_names);
+	if (!lsa_names) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
-	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPNAMES,
-			q, r,
-			qbuf, rbuf,
-			lsa_io_q_lookup_names,
-			lsa_io_r_lookup_names,
-			NT_STATUS_UNSUCCESSFUL);
+	for (i=0; i<num_names; i++) {
+		init_lsa_String(&lsa_names[i], names[i]);
+	}
 
-	result = r.status;
+	result = rpccli_lsa_LookupNames(cli, mem_ctx,
+				        pol,
+					num_names,
+					lsa_names,
+					&domains,
+					&sid_array,
+					level,
+					&count);
 
 	if (!NT_STATUS_IS_OK(result) && NT_STATUS_V(result) !=
 	    NT_STATUS_V(STATUS_SOME_UNMAPPED)) {
@@ -395,7 +391,7 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
 
 	/* Return output parameters */
 
-	if (r.mapped_count == 0) {
+	if (count == 0) {
 		result = NT_STATUS_NONE_MAPPED;
 		goto done;
 	}
@@ -430,9 +426,8 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
 	}
 
 	for (i = 0; i < num_names; i++) {
-		DOM_RID *t_rids = r.dom_rid;
-		uint32 dom_idx = t_rids[i].rid_idx;
-		uint32 dom_rid = t_rids[i].rid;
+		uint32_t dom_idx = sid_array.sids[i].sid_index;
+		uint32_t dom_rid = sid_array.sids[i].rid;
 		DOM_SID *sid = &(*sids)[i];
 
 		/* Translate optimised sid through domain index array */
@@ -444,896 +439,26 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli,
 			continue;
 		}
 
-		sid_copy(sid, &ref.ref_dom[dom_idx].ref_dom.sid);
+		sid_copy(sid, domains->domains[dom_idx].sid);
 
 		if (dom_rid != 0xffffffff) {
 			sid_append_rid(sid, dom_rid);
 		}
 
-		(*types)[i] = t_rids[i].type;
+		(*types)[i] = sid_array.sids[i].sid_type;
 
 		if (dom_names == NULL) {
 			continue;
 		}
 
-		(*dom_names)[i] = rpcstr_pull_unistr2_talloc(
-			*dom_names, &ref.ref_dom[dom_idx].uni_dom_name);
-	}
-
- done:
-
-	return result;
-}
-
-NTSTATUS rpccli_lsa_query_info_policy_new(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-					  POLICY_HND *pol, uint16 info_class,
-					  LSA_INFO_CTR *ctr)
-{
-	prs_struct qbuf, rbuf;
-	LSA_Q_QUERY_INFO q;
-	LSA_R_QUERY_INFO r;
-	NTSTATUS result;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	init_q_query(&q, pol, info_class);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFOPOLICY,
-		q, r,
-		qbuf, rbuf,
-		lsa_io_q_query,
-		lsa_io_r_query,
-		NT_STATUS_UNSUCCESSFUL);
-
-	result = r.status;
-
-	if (!NT_STATUS_IS_OK(result)) {
-		goto done;
-	}
-
- done:
-
-	*ctr = r.ctr;
-
-	return result;
-}
-
-NTSTATUS rpccli_lsa_query_info_policy2_new(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-					  POLICY_HND *pol, uint16 info_class,
-					  LSA_INFO_CTR2 *ctr)
-{
-	prs_struct qbuf, rbuf;
-	LSA_Q_QUERY_INFO2 q;
-	LSA_R_QUERY_INFO2 r;
-	NTSTATUS result;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	init_q_query2(&q, pol, info_class);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFO2,
-		q, r,
-		qbuf, rbuf,
-		lsa_io_q_query_info2,
-		lsa_io_r_query_info2,
-		NT_STATUS_UNSUCCESSFUL);
-
-	result = r.status;
-
-	if (!NT_STATUS_IS_OK(result)) {
-		goto done;
-	}
-
- done:
-
-	*ctr = r.ctr;
-
-	return result;
-}
-
-
-
-/** Query info policy
- *
- *  @param domain_sid - returned remote server's domain sid */
-
-NTSTATUS rpccli_lsa_query_info_policy(struct rpc_pipe_client *cli,
-				      TALLOC_CTX *mem_ctx,
-				      POLICY_HND *pol, uint16 info_class,
-				      const char **domain_name,
-				      DOM_SID **domain_sid)
-{
-	prs_struct qbuf, rbuf;
-	LSA_Q_QUERY_INFO q;
-	LSA_R_QUERY_INFO r;
-	NTSTATUS result;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	init_q_query(&q, pol, info_class);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_LSARPC, LSA_QUERYINFOPOLICY,
-		q, r,
-		qbuf, rbuf,
-		lsa_io_q_query,
-		lsa_io_r_query,
-		NT_STATUS_UNSUCCESSFUL);
-
-	result = r.status;
-
-	if (!NT_STATUS_IS_OK(result)) {
-		goto done;
-	}
-
-	/* Return output parameters */
-
-	switch (info_class) {
-
-	case 3:
-		if (domain_name && (r.ctr.info.id3.buffer_dom_name != 0)) {
-			*domain_name = unistr2_to_ascii_talloc(mem_ctx,
-						   &r.ctr.info.id3.
-						   uni_domain_name);
-			if (!*domain_name) {
-				return NT_STATUS_NO_MEMORY;
-			}
-		}
-
-		if (domain_sid && (r.ctr.info.id3.buffer_dom_sid != 0)) {
-			*domain_sid = TALLOC_P(mem_ctx, DOM_SID);
-			if (!*domain_sid) {
-				return NT_STATUS_NO_MEMORY;
-			}
-			sid_copy(*domain_sid, &r.ctr.info.id3.dom_sid.sid);
-		}
-
-		break;
-
-	case 5:
-
-		if (domain_name && (r.ctr.info.id5.buffer_dom_name != 0)) {
-			*domain_name = unistr2_to_ascii_talloc(mem_ctx,
-						   &r.ctr.info.id5.
-						   uni_domain_name);
-			if (!*domain_name) {
-				return NT_STATUS_NO_MEMORY;
-			}
-		}
-
-		if (domain_sid && (r.ctr.info.id5.buffer_dom_sid != 0)) {
-			*domain_sid = TALLOC_P(mem_ctx, DOM_SID);
-			if (!*domain_sid) {
-				return NT_STATUS_NO_MEMORY;
-			}
-			sid_copy(*domain_sid, &r.ctr.info.id5.dom_sid.sid);
-		}
-		break;
-
-	default:
-		DEBUG(3, ("unknown info class %d\n", info_class));
-		break;
-	}
-
- done:
-
-	return result;
-}
-
-/** Query info policy2
- *
- *  @param domain_name - returned remote server's domain name
- *  @param dns_name - returned remote server's dns domain name
- *  @param forest_name - returned remote server's forest name
- *  @param domain_guid - returned remote server's domain guid
- *  @param domain_sid - returned remote server's domain sid */
-
-NTSTATUS rpccli_lsa_query_info_policy2(struct rpc_pipe_client *cli,
-				       TALLOC_CTX *mem_ctx,
-				       POLICY_HND *pol, uint16 info_class,
-				       const char **domain_name,
-				       const char **dns_name,
-				       const char **forest_name,
-				       struct GUID **domain_guid,
-				       DOM_SID **domain_sid)
-{
-	prs_struct qbuf, rbuf;
-	LSA_Q_QUERY_INFO2 q;
-	LSA_R_QUERY_INFO2 r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	if (info_class != 12)
-		goto done;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	init_q_query2(&q, pol, info_class);
-
-	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYINFO2,
-		q, r,
-		qbuf, rbuf,
-		lsa_io_q_query_info2,
-		lsa_io_r_query_info2,
-		NT_STATUS_UNSUCCESSFUL);
-
-	result = r.status;
-
-	if (!NT_STATUS_IS_OK(result)) {
-		goto done;
-	}
-
-	/* Return output parameters */
-
-	ZERO_STRUCTP(domain_guid);
-
-	if (domain_name && r.ctr.info.id12.hdr_nb_dom_name.buffer) {
-		*domain_name = unistr2_to_ascii_talloc(mem_ctx,
-					    &r.ctr.info.id12
-					    .uni_nb_dom_name);
-		if (!*domain_name) {
-			return NT_STATUS_NO_MEMORY;
-		}
-	}
-	if (dns_name && r.ctr.info.id12.hdr_dns_dom_name.buffer) {
-		*dns_name = unistr2_to_ascii_talloc(mem_ctx,
-					 &r.ctr.info.id12
-					 .uni_dns_dom_name);
-		if (!*dns_name) {
-			return NT_STATUS_NO_MEMORY;
-		}
-	}
-	if (forest_name && r.ctr.info.id12.hdr_forest_name.buffer) {
-		*forest_name = unistr2_to_ascii_talloc(mem_ctx,
-					    &r.ctr.info.id12
-					    .uni_forest_name);
-		if (!*forest_name) {
-			return NT_STATUS_NO_MEMORY;
-		}
-	}
-
-	if (domain_guid) {
-		*domain_guid = TALLOC_P(mem_ctx, struct GUID);
-		if (!*domain_guid) {
-			return NT_STATUS_NO_MEMORY;
-		}
-		memcpy(*domain_guid,
-		       &r.ctr.info.id12.dom_guid,
-		       sizeof(struct GUID));
-	}
-
-	if (domain_sid && r.ctr.info.id12.ptr_dom_sid != 0) {
-		*domain_sid = TALLOC_P(mem_ctx, DOM_SID);
-		if (!*domain_sid) {
-			return NT_STATUS_NO_MEMORY;
-		}
-		sid_copy(*domain_sid,
-			 &r.ctr.info.id12.dom_sid.sid);
-	}
-
- done:
-
-	return result;
-}
-
-/**
- * Enumerate list of trusted domains
- *
- * @param cli client state (cli_state) structure of the connection
- * @param mem_ctx memory context
- * @param pol opened lsa policy handle
- * @param enum_ctx enumeration context ie. index of first returned domain entry
- * @param pref_num_domains preferred max number of entries returned in one response
- * @param num_domains total number of trusted domains returned by response
- * @param domain_names returned trusted domain names
- * @param domain_sids returned trusted domain sids
- *
- * @return nt status code of response
- **/
-
-NTSTATUS rpccli_lsa_enum_trust_dom(struct rpc_pipe_client *cli,
-				   TALLOC_CTX *mem_ctx,
-				   POLICY_HND *pol, uint32 *enum_ctx,
-				   uint32 *num_domains,
-				   char ***domain_names, DOM_SID **domain_sids)
-{
-	prs_struct qbuf, rbuf;
-	LSA_Q_ENUM_TRUST_DOM in;
-	LSA_R_ENUM_TRUST_DOM out;
-	int i;
-	fstring tmp;
-
-	ZERO_STRUCT(in);
-	ZERO_STRUCT(out);
-
-	/* 64k is enough for about 2000 trusted domains */
-
-        init_q_enum_trust_dom(&in, pol, *enum_ctx, 0x10000);
-
-	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMTRUSTDOM,
-	            in, out,
-	            qbuf, rbuf,
-	            lsa_io_q_enum_trust_dom,
-	            lsa_io_r_enum_trust_dom,
-	            NT_STATUS_UNSUCCESSFUL );
-
-
-	/* check for an actual error */
-
-	if ( !NT_STATUS_IS_OK(out.status)
-		&& !NT_STATUS_EQUAL(out.status, NT_STATUS_NO_MORE_ENTRIES)
-		&& !NT_STATUS_EQUAL(out.status, STATUS_MORE_ENTRIES) )
-	{
-		return out.status;
-	}
-
-	/* Return output parameters */
-
-	*num_domains  = out.count;
-	*enum_ctx     = out.enum_context;
-
-	if ( out.count ) {
-
-		/* Allocate memory for trusted domain names and sids */
-
-		if ( !(*domain_names = TALLOC_ARRAY(mem_ctx, char *, out.count)) ) {
-			DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
-			return NT_STATUS_NO_MEMORY;
-		}
-
-		if ( !(*domain_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, out.count)) ) {
-			DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
-			return NT_STATUS_NO_MEMORY;
-		}
-
-		/* Copy across names and sids */
-
-		for (i = 0; i < out.count; i++) {
-
-			rpcstr_pull( tmp, out.domlist->domains[i].name.string->buffer,
-				sizeof(tmp), out.domlist->domains[i].name.length, 0);
-			(*domain_names)[i] = talloc_strdup(mem_ctx, tmp);
-
-			sid_copy(&(*domain_sids)[i], &out.domlist->domains[i].sid->sid );
-		}
-	}
-
-	return out.status;
-}
-
-/** Enumerate privileges*/
-
-NTSTATUS rpccli_lsa_enum_privilege(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-                                POLICY_HND *pol, uint32 *enum_context, uint32 pref_max_length,
-				uint32 *count, char ***privs_name, uint32 **privs_high, uint32 **privs_low)
-{
-	prs_struct qbuf, rbuf;
-	LSA_Q_ENUM_PRIVS q;
-	LSA_R_ENUM_PRIVS r;
-	NTSTATUS result;
-	int i;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	init_q_enum_privs(&q, pol, *enum_context, pref_max_length);
-
-	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUM_PRIVS,
-		q, r,
-		qbuf, rbuf,
-		lsa_io_q_enum_privs,
-		lsa_io_r_enum_privs,
-		NT_STATUS_UNSUCCESSFUL);
-
-	result = r.status;
-
-	if (!NT_STATUS_IS_OK(result)) {
-		goto done;
-	}
-
-	/* Return output parameters */
-
-	*enum_context = r.enum_context;
-	*count = r.count;
-
-	if (r.count) {
-		if (!((*privs_name = TALLOC_ARRAY(mem_ctx, char *, r.count)))) {
-			DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
-			result = NT_STATUS_UNSUCCESSFUL;
-			goto done;
-		}
-
-		if (!((*privs_high = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) {
-			DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
-			result = NT_STATUS_UNSUCCESSFUL;
-			goto done;
-		}
-
-		if (!((*privs_low = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) {
-			DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
-			result = NT_STATUS_UNSUCCESSFUL;
-			goto done;
-		}
-	} else {
-		*privs_name = NULL;
-		*privs_high = NULL;
-		*privs_low = NULL;
-	}
-
-	for (i = 0; i < r.count; i++) {
-		fstring name;
-
-		rpcstr_pull_unistr2_fstring( name, &r.privs[i].name);
-
-		(*privs_name)[i] = talloc_strdup(mem_ctx, name);
-
-		(*privs_high)[i] = r.privs[i].luid_high;
-		(*privs_low)[i] = r.privs[i].luid_low;
-	}
-
- done:
-
-	return result;
-}
-
-/** Get privilege name */
-
-NTSTATUS rpccli_lsa_get_dispname(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-			      POLICY_HND *pol, const char *name,
-			      uint16 lang_id, uint16 lang_id_sys,
-			      fstring description, uint16 *lang_id_desc)
-{
-	prs_struct qbuf, rbuf;
-	LSA_Q_PRIV_GET_DISPNAME q;
-	LSA_R_PRIV_GET_DISPNAME r;
-	NTSTATUS result;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	init_lsa_priv_get_dispname(&q, pol, name, lang_id, lang_id_sys);
-
-	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_PRIV_GET_DISPNAME,
-		q, r,
-		qbuf, rbuf,
-		lsa_io_q_priv_get_dispname,
-		lsa_io_r_priv_get_dispname,
-		NT_STATUS_UNSUCCESSFUL);
-
-	result = r.status;
-
-	if (!NT_STATUS_IS_OK(result)) {
-		goto done;
-	}
-
-	/* Return output parameters */
-
-	rpcstr_pull_unistr2_fstring(description , &r.desc);
-	*lang_id_desc = r.lang_id;
-
- done:
-
-	return result;
-}
-
-/** Enumerate list of SIDs  */
-
-NTSTATUS rpccli_lsa_enum_sids(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-                                POLICY_HND *pol, uint32 *enum_ctx, uint32 pref_max_length,
-                                uint32 *num_sids, DOM_SID **sids)
-{
-	prs_struct qbuf, rbuf;
-	LSA_Q_ENUM_ACCOUNTS q;
-	LSA_R_ENUM_ACCOUNTS r;
-	NTSTATUS result;
-	int i;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-        init_lsa_q_enum_accounts(&q, pol, *enum_ctx, pref_max_length);
-
-	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUM_ACCOUNTS,
-		q, r,
-		qbuf, rbuf,
-		lsa_io_q_enum_accounts,
-		lsa_io_r_enum_accounts,
-		NT_STATUS_UNSUCCESSFUL);
-
-	result = r.status;
-
-	if (!NT_STATUS_IS_OK(result)) {
-		goto done;
-	}
-
-	if (r.sids.num_entries==0)
-		goto done;
-
-	/* Return output parameters */
-
-	*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, r.sids.num_entries);
-	if (!*sids) {
-		DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n"));
-		result = NT_STATUS_UNSUCCESSFUL;
-		goto done;
-	}
-
-	/* Copy across names and sids */
-
-	for (i = 0; i < r.sids.num_entries; i++) {
-		sid_copy(&(*sids)[i], &r.sids.sid[i].sid);
-	}
-
-	*num_sids= r.sids.num_entries;
-	*enum_ctx = r.enum_context;
-
- done:
-
-	return result;
-}
-
-/** Create a LSA user handle
- *
- * @param cli Handle on an initialised SMB connection
- *
- * FIXME: The code is actually identical to open account
- * TODO: Check and code what the function should exactly do
- *
- * */
-
-NTSTATUS rpccli_lsa_create_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-                             POLICY_HND *dom_pol, DOM_SID *sid, uint32 desired_access,
-			     POLICY_HND *user_pol)
-{
-	prs_struct qbuf, rbuf;
-	LSA_Q_CREATEACCOUNT q;
-	LSA_R_CREATEACCOUNT r;
-	NTSTATUS result;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Initialise input parameters */
-
-	init_lsa_q_create_account(&q, dom_pol, sid, desired_access);
-
-	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_CREATEACCOUNT,
-		q, r,
-		qbuf, rbuf,
-		lsa_io_q_create_account,
-		lsa_io_r_create_account,
-		NT_STATUS_UNSUCCESSFUL);
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	if (NT_STATUS_IS_OK(result)) {
-		*user_pol = r.pol;
-	}
-
-	return result;
-}
-
-/** Open a LSA user handle
- *
- * @param cli Handle on an initialised SMB connection */
-
-NTSTATUS rpccli_lsa_open_account(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-                             POLICY_HND *dom_pol, DOM_SID *sid, uint32 des_access,
-			     POLICY_HND *user_pol)
-{
-	prs_struct qbuf, rbuf;
-	LSA_Q_OPENACCOUNT q;
-	LSA_R_OPENACCOUNT r;
-	NTSTATUS result;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Initialise input parameters */
-
-	init_lsa_q_open_account(&q, dom_pol, sid, des_access);
-
-	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_OPENACCOUNT,
-		q, r,
-		qbuf, rbuf,
-		lsa_io_q_open_account,
-		lsa_io_r_open_account,
-		NT_STATUS_UNSUCCESSFUL);
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	if (NT_STATUS_IS_OK(result)) {
-		*user_pol = r.pol;
-	}
-
-	return result;
-}
-
-/** Enumerate user privileges
- *
- * @param cli Handle on an initialised SMB connection */
-
-NTSTATUS rpccli_lsa_enum_privsaccount(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-                             POLICY_HND *pol, uint32 *count, LUID_ATTR **set)
-{
-	prs_struct qbuf, rbuf;
-	LSA_Q_ENUMPRIVSACCOUNT q;
-	LSA_R_ENUMPRIVSACCOUNT r;
-	NTSTATUS result;
-	int i;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Initialise input parameters */
-
-	init_lsa_q_enum_privsaccount(&q, pol);
-
-	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMPRIVSACCOUNT,
-		q, r,
-		qbuf, rbuf,
-		lsa_io_q_enum_privsaccount,
-		lsa_io_r_enum_privsaccount,
-		NT_STATUS_UNSUCCESSFUL);
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	if (!NT_STATUS_IS_OK(result)) {
-		goto done;
-	}
-
-	if (r.count == 0)
-		goto done;
-
-	if (!((*set = TALLOC_ARRAY(mem_ctx, LUID_ATTR, r.count)))) {
-		DEBUG(0, ("(cli_lsa_enum_privsaccount): out of memory\n"));
-		result = NT_STATUS_UNSUCCESSFUL;
-		goto done;
-	}
-
-	for (i=0; i<r.count; i++) {
-		(*set)[i].luid.low = r.set.set[i].luid.low;
-		(*set)[i].luid.high = r.set.set[i].luid.high;
-		(*set)[i].attr = r.set.set[i].attr;
+		(*dom_names)[i] = domains->domains[dom_idx].name.string;
 	}
 
-	*count=r.count;
  done:
 
 	return result;
 }
 
-/** Get a privilege value given its name */
-
-NTSTATUS rpccli_lsa_lookup_priv_value(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-				 POLICY_HND *pol, const char *name, LUID *luid)
-{
-	prs_struct qbuf, rbuf;
-	LSA_Q_LOOKUP_PRIV_VALUE q;
-	LSA_R_LOOKUP_PRIV_VALUE r;
-	NTSTATUS result;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_lsa_q_lookup_priv_value(&q, pol, name);
-
-	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPPRIVVALUE,
-		q, r,
-		qbuf, rbuf,
-		lsa_io_q_lookup_priv_value,
-		lsa_io_r_lookup_priv_value,
-		NT_STATUS_UNSUCCESSFUL);
-
-	result = r.status;
-
-	if (!NT_STATUS_IS_OK(result)) {
-		goto done;
-	}
-
-	/* Return output parameters */
-
-	(*luid).low=r.luid.low;
-	(*luid).high=r.luid.high;
-
- done:
-
-	return result;
-}
-
-/** Query LSA security object */
-
-NTSTATUS rpccli_lsa_query_secobj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-			      POLICY_HND *pol, uint32 sec_info,
-			      SEC_DESC_BUF **psdb)
-{
-	prs_struct qbuf, rbuf;
-	LSA_Q_QUERY_SEC_OBJ q;
-	LSA_R_QUERY_SEC_OBJ r;
-	NTSTATUS result;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_q_query_sec_obj(&q, pol, sec_info);
-
-	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_QUERYSECOBJ,
-		q, r,
-		qbuf, rbuf,
-		lsa_io_q_query_sec_obj,
-		lsa_io_r_query_sec_obj,
-		NT_STATUS_UNSUCCESSFUL);
-
-	result = r.status;
-
-	if (!NT_STATUS_IS_OK(result)) {
-		goto done;
-	}
-
-	/* Return output parameters */
-
-	if (psdb)
-		*psdb = r.buf;
-
- done:
-
-	return result;
-}
-
-
-/* Enumerate account rights This is similar to enum_privileges but
-   takes a SID directly, avoiding the open_account call.
-*/
-
-NTSTATUS rpccli_lsa_enum_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-				     POLICY_HND *pol, DOM_SID *sid,
-				     uint32 *count, char ***priv_names)
-{
-	prs_struct qbuf, rbuf;
-	LSA_Q_ENUM_ACCT_RIGHTS q;
-	LSA_R_ENUM_ACCT_RIGHTS r;
-	NTSTATUS result;
-	int i;
-	fstring *privileges;
-	char **names;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-	init_q_enum_acct_rights(&q, pol, 2, sid);
-
-	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ENUMACCTRIGHTS,
-		q, r,
-		qbuf, rbuf,
-		lsa_io_q_enum_acct_rights,
-		lsa_io_r_enum_acct_rights,
-		NT_STATUS_UNSUCCESSFUL);
-
-	result = r.status;
-
-	if (!NT_STATUS_IS_OK(result)) {
-		goto done;
-	}
-
-	*count = r.count;
-	if (! *count) {
-		goto done;
-	}
-
-
-	privileges = TALLOC_ARRAY( mem_ctx, fstring, *count );
-	names      = TALLOC_ARRAY( mem_ctx, char *, *count );
-
-	if ((privileges == NULL) || (names == NULL)) {
-		TALLOC_FREE(privileges);
-		TALLOC_FREE(names);
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	for ( i=0; i<*count; i++ ) {
-		UNISTR4 *uni_string = &r.rights->strings[i];
-
-		if ( !uni_string->string )
-			continue;
-
-		rpcstr_pull( privileges[i], uni_string->string->buffer, sizeof(privileges[i]), -1, STR_TERMINATE );
-
-		/* now copy to the return array */
-		names[i] = talloc_strdup( mem_ctx, privileges[i] );
-	}
-
-	*priv_names = names;
-
-done:
-
-	return result;
-}
-
-
-
-/* add account rights to an account. */
-
-NTSTATUS rpccli_lsa_add_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-				    POLICY_HND *pol, DOM_SID sid,
-					uint32 count, const char **privs_name)
-{
-	prs_struct qbuf, rbuf;
-	LSA_Q_ADD_ACCT_RIGHTS q;
-	LSA_R_ADD_ACCT_RIGHTS r;
-	NTSTATUS result;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-	init_q_add_acct_rights(&q, pol, &sid, count, privs_name);
-
-	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_ADDACCTRIGHTS,
-		q, r,
-		qbuf, rbuf,
-		lsa_io_q_add_acct_rights,
-		lsa_io_r_add_acct_rights,
-		NT_STATUS_UNSUCCESSFUL);
-
-	result = r.status;
-
-	if (!NT_STATUS_IS_OK(result)) {
-		goto done;
-	}
-done:
-
-	return result;
-}
-
-
-/* remove account rights for an account. */
-
-NTSTATUS rpccli_lsa_remove_account_rights(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-				       POLICY_HND *pol, DOM_SID sid, bool removeall,
-				       uint32 count, const char **privs_name)
-{
-	prs_struct qbuf, rbuf;
-	LSA_Q_REMOVE_ACCT_RIGHTS q;
-	LSA_R_REMOVE_ACCT_RIGHTS r;
-	NTSTATUS result;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-	init_q_remove_acct_rights(&q, pol, &sid, removeall?1:0, count, privs_name);
-
-	CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_REMOVEACCTRIGHTS,
-		q, r,
-		qbuf, rbuf,
-		lsa_io_q_remove_acct_rights,
-		lsa_io_r_remove_acct_rights,
-		NT_STATUS_UNSUCCESSFUL);
-
-	result = r.status;
-
-	if (!NT_STATUS_IS_OK(result)) {
-		goto done;
-	}
-done:
-
-	return result;
-}
-
-
 #if 0
 
 /** An example of how to use the routines in this file.  Fetch a DOMAIN
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index e192e4ca26..2af514320e 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -1,20 +1,21 @@
-/* 
+/*
    Unix SMB/CIFS implementation.
    NT Domain Authentication SMB / MSRPC client
    Copyright (C) Andrew Tridgell 1992-2000
    Copyright (C) Jeremy Allison                    1998.
    Largely re-written by Jeremy Allison (C)	   2005.
+   Copyright (C) Guenther Deschner                 2008.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -27,57 +28,19 @@
  private data. Only call this via rpccli_netlogon_setup_creds(). JRA.
 */
 
-static NTSTATUS rpccli_net_req_chal(struct rpc_pipe_client *cli,
-				TALLOC_CTX *mem_ctx,
-				const char *server_name,
-				const char *clnt_name,
-				const DOM_CHAL *clnt_chal_in,
-				DOM_CHAL *srv_chal_out)
-{
-	prs_struct qbuf, rbuf;
-	NET_Q_REQ_CHAL q;
-	NET_R_REQ_CHAL r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	/* create and send a MSRPC command with api NET_REQCHAL */
-
-	DEBUG(4,("cli_net_req_chal: LSA Request Challenge from %s to %s\n",
-		clnt_name, server_name));
-        
-	/* store the parameters */
-	init_q_req_chal(&q, server_name, clnt_name, clnt_chal_in);
-
-	/* Marshall data and send request */
-	CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_REQCHAL,
-		q, r,
-		qbuf, rbuf,
-		net_io_q_req_chal,
-		net_io_r_req_chal,
-		NT_STATUS_UNSUCCESSFUL);
-
-	result = r.status;
-
-	/* Return result */
-
-	if (NT_STATUS_IS_OK(result)) {
-		/* Store the returned server challenge. */
-		*srv_chal_out = r.srv_chal;
-	}
-
-	return result;
-}
+/* instead of rpccli_net_req_chal() we use rpccli_netr_ServerReqChallenge() now - gd */
 
 #if 0
 /****************************************************************************
 LSA Authenticate 2
 
 Send the client credential, receive back a server credential.
-Ensure that the server credential returned matches the session key 
+Ensure that the server credential returned matches the session key
 encrypt of the server challenge originally received. JRA.
 ****************************************************************************/
 
-  NTSTATUS rpccli_net_auth2(struct rpc_pipe_client *cli, 
-		       uint16 sec_chan, 
+  NTSTATUS rpccli_net_auth2(struct rpc_pipe_client *cli,
+		       uint16 sec_chan,
 		       uint32 *neg_flags, DOM_CHAL *srv_chal)
 {
         prs_struct qbuf, rbuf;
@@ -90,7 +53,7 @@ encrypt of the server challenge originally received. JRA.
 		fstr_sprintf( machine_acct, "%s$", lp_workgroup() );
 	else
 		fstrcpy( machine_acct, cli->mach_acct );
-	
+
         /* create and send a MSRPC command with api NET_AUTH2 */
 
         DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
@@ -99,8 +62,8 @@ encrypt of the server challenge originally received. JRA.
 
         /* store the parameters */
 
-        init_q_auth_2(&q, cli->srv_name_slash, machine_acct, 
-                      sec_chan, global_myname(), &cli->clnt_cred.challenge, 
+        init_q_auth_2(&q, cli->srv_name_slash, machine_acct,
+                      sec_chan, global_myname(), &cli->clnt_cred.challenge,
                       *neg_flags);
 
         /* turn parameters into data stream */
@@ -116,7 +79,7 @@ encrypt of the server challenge originally received. JRA.
 
         if (NT_STATUS_IS_OK(result)) {
                 UTIME zerotime;
-                
+
                 /*
                  * Check the returned value using the initial
                  * server received challenge.
@@ -143,106 +106,12 @@ password ?).\n", cli->cli->desthost ));
  LSA Authenticate 2
 
  Send the client credential, receive back a server credential.
- The caller *must* ensure that the server credential returned matches the session key 
- encrypt of the server challenge originally received. JRA.
-****************************************************************************/
-
-static NTSTATUS rpccli_net_auth2(struct rpc_pipe_client *cli,
-			TALLOC_CTX *mem_ctx,
-			const char *server_name,
-			const char *account_name,
-			uint16 sec_chan_type,
-			const char *computer_name,
-			uint32 *neg_flags_inout,
-			const DOM_CHAL *clnt_chal_in,
-			DOM_CHAL *srv_chal_out)
-{
-        prs_struct qbuf, rbuf;
-        NET_Q_AUTH_2 q;
-        NET_R_AUTH_2 r;
-        NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-        /* create and send a MSRPC command with api NET_AUTH2 */
-
-        DEBUG(4,("cli_net_auth2: srv:%s acct:%s sc:%x mc: %s neg: %x\n",
-                 server_name, account_name, sec_chan_type, computer_name,
-                 *neg_flags_inout));
-
-        /* store the parameters */
-
-        init_q_auth_2(&q, server_name, account_name, sec_chan_type,
-		      computer_name, clnt_chal_in, *neg_flags_inout);
-
-        /* turn parameters into data stream */
-
-	CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_AUTH2,
-		q, r,
-		qbuf, rbuf,
-		net_io_q_auth_2,
-		net_io_r_auth_2,
-		NT_STATUS_UNSUCCESSFUL);
-
-        result = r.status;
-
-        if (NT_STATUS_IS_OK(result)) {
-		*srv_chal_out = r.srv_chal;
-		*neg_flags_inout = r.srv_flgs.neg_flags;
-        }
-
-        return result;
-}
-
-#if 0	/* not currebntly used */
-/****************************************************************************
- LSA Authenticate 3
-
- Send the client credential, receive back a server credential.
- The caller *must* ensure that the server credential returned matches the session key 
+ The caller *must* ensure that the server credential returned matches the session key
  encrypt of the server challenge originally received. JRA.
 ****************************************************************************/
 
-static NTSTATUS rpccli_net_auth3(struct rpc_pipe_client *cli, 
-			TALLOC_CTX *mem_ctx,
-			const char *server_name,
-			const char *account_name,
-			uint16 sec_chan_type,
-			const char *computer_name,
-			uint32 *neg_flags_inout,
-			const DOM_CHAL *clnt_chal_in,
-			DOM_CHAL *srv_chal_out)
-{
-        prs_struct qbuf, rbuf;
-        NET_Q_AUTH_3 q;
-        NET_R_AUTH_3 r;
-        NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-        /* create and send a MSRPC command with api NET_AUTH2 */
-
-        DEBUG(4,("cli_net_auth3: srv:%s acct:%s sc:%x mc: %s chal %s neg: %x\n",
-		server_name, account_name, sec_chan_type, computer_name,
-		credstr(clnt_chal_in->data), *neg_flags_inout));
-
-        /* store the parameters */
-        init_q_auth_3(&q, server_name, account_name, sec_chan_type,
-			computer_name, clnt_chal_in, *neg_flags_inout);
-
-        /* turn parameters into data stream */
+/* instead of rpccli_net_auth2() we use rpccli_netr_ServerAuthenticate2() now -  gd */
 
-	CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_AUTH3,
-		q, r,
-		qbuf, rbuf,
-		net_io_q_auth_3,
-		net_io_r_auth_3,
-		NT_STATUS_UNSUCCESSFUL);
-
-        if (NT_STATUS_IS_OK(result)) {
-		*srv_chal_out = r.srv_chal;
-		*neg_flags_inout = r.srv_flgs.neg_flags;
-        }
-
-        return result;
-}
-#endif 	/* not currebntly used */
 
 /****************************************************************************
  Wrapper function that uses the auth and auth2 calls to set up a NETLOGON
@@ -251,17 +120,17 @@ static NTSTATUS rpccli_net_auth3(struct rpc_pipe_client *cli,
 ****************************************************************************/
 
 NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
-				const char *server_name,
-				const char *domain,
-				const char *clnt_name,
-				const char *machine_account,
-				const unsigned char machine_pwd[16],
-				uint32 sec_chan_type,
-				uint32 *neg_flags_inout)
+				     const char *server_name,
+				     const char *domain,
+				     const char *clnt_name,
+				     const char *machine_account,
+				     const unsigned char machine_pwd[16],
+				     enum netr_SchannelType sec_chan_type,
+				     uint32_t *neg_flags_inout)
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	DOM_CHAL clnt_chal_send;
-	DOM_CHAL srv_chal_recv;
+	struct netr_Credential clnt_chal_send;
+	struct netr_Credential srv_chal_recv;
 	struct dcinfo *dc;
 
 	SMB_ASSERT(cli->pipe_idx == PI_NETLOGON);
@@ -288,13 +157,11 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
 	generate_random_buffer(clnt_chal_send.data, 8);
 
 	/* Get the server challenge. */
-	result = rpccli_net_req_chal(cli,
-				cli->mem_ctx,
-				dc->remote_machine,
-				clnt_name,
-				&clnt_chal_send,
-				&srv_chal_recv);
-
+	result = rpccli_netr_ServerReqChallenge(cli, cli->mem_ctx,
+						dc->remote_machine,
+						clnt_name,
+						&clnt_chal_send,
+						&srv_chal_recv);
 	if (!NT_STATUS_IS_OK(result)) {
 		return result;
 	}
@@ -307,20 +174,18 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
 			machine_pwd,
 			&clnt_chal_send);
 
-        /*  
-         * Send client auth-2 challenge and receive server repy.
-         */
-
-	result = rpccli_net_auth2(cli,
-			cli->mem_ctx,
-			dc->remote_machine,
-			dc->mach_acct,
-			sec_chan_type,
-			clnt_name,
-			neg_flags_inout,
-			&clnt_chal_send, /* input. */
-			&srv_chal_recv); /* output */
+	/*
+	 * Send client auth-2 challenge and receive server repy.
+	 */
 
+	result = rpccli_netr_ServerAuthenticate2(cli, cli->mem_ctx,
+						 dc->remote_machine,
+						 dc->mach_acct,
+						 sec_chan_type,
+						 clnt_name,
+						 &clnt_chal_send, /* input. */
+						 &srv_chal_recv, /* output. */
+						 neg_flags_inout);
 	if (!NT_STATUS_IS_OK(result)) {
 		return result;
 	}
@@ -330,7 +195,7 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
 	 * server received challenge.
 	 */
 
-	if (!creds_client_check(dc, &srv_chal_recv)) {
+	if (!netlogon_creds_client_check(dc, &srv_chal_recv)) {
 		/*
 		 * Server replied with bad credential. Fail.
 		 */
@@ -347,502 +212,6 @@ NTSTATUS rpccli_netlogon_setup_creds(struct rpc_pipe_client *cli,
 	return NT_STATUS_OK;
 }
 
-/* Logon Control 2 */
-
-NTSTATUS rpccli_netlogon_logon_ctrl2(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-                                  uint32 query_level)
-{
-	prs_struct qbuf, rbuf;
-	NET_Q_LOGON_CTRL2 q;
-	NET_R_LOGON_CTRL2 r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	fstring server;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Initialise input parameters */
-
-	slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
-	init_net_q_logon_ctrl2(&q, server, query_level);
-
-	/* Marshall data and send request */
-
-	CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_LOGON_CTRL2,
-		q, r,
-		qbuf, rbuf,
-		net_io_q_logon_ctrl2,
-		net_io_r_logon_ctrl2,
-		NT_STATUS_UNSUCCESSFUL);
-
-	result = r.status;
-	return result;
-}
-
-/* GetAnyDCName */
-
-WERROR rpccli_netlogon_getanydcname(struct rpc_pipe_client *cli,
-				    TALLOC_CTX *mem_ctx, const char *mydcname,
-				    const char *domainname, char **newdcname)
-{
-	prs_struct qbuf, rbuf;
-	NET_Q_GETANYDCNAME q;
-	NET_R_GETANYDCNAME r;
-	WERROR result;
-	fstring mydcname_slash;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Initialise input parameters */
-
-	slprintf(mydcname_slash, sizeof(fstring)-1, "\\\\%s", mydcname);
-	init_net_q_getanydcname(&q, mydcname_slash, domainname);
-
-	/* Marshall data and send request */
-
-	CLI_DO_RPC_WERR(cli, mem_ctx, PI_NETLOGON, NET_GETANYDCNAME,
-		q, r,
-		qbuf, rbuf,
-		net_io_q_getanydcname,
-		net_io_r_getanydcname,
-		WERR_GENERAL_FAILURE);
-
-	result = r.status;
-
-	if (W_ERROR_IS_OK(result) && newdcname) {
-		*newdcname = rpcstr_pull_unistr2_talloc(mem_ctx, &r.uni_dcname);
-		W_ERROR_HAVE_NO_MEMORY(*newdcname);
-	}
-
-	return result;
-}
-
-/* GetDCName */
-
-WERROR rpccli_netlogon_getdcname(struct rpc_pipe_client *cli,
-				 TALLOC_CTX *mem_ctx, const char *mydcname,
-				 const char *domainname, char **newdcname)
-{
-	prs_struct qbuf, rbuf;
-	NET_Q_GETDCNAME q;
-	NET_R_GETDCNAME r;
-	WERROR result;
-	fstring mydcname_slash;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Initialise input parameters */
-
-	slprintf(mydcname_slash, sizeof(fstring)-1, "\\\\%s", mydcname);
-	init_net_q_getdcname(&q, mydcname_slash, domainname);
-
-	/* Marshall data and send request */
-
-	CLI_DO_RPC_WERR(cli, mem_ctx, PI_NETLOGON, NET_GETDCNAME,
-		q, r,
-		qbuf, rbuf,
-		net_io_q_getdcname,
-		net_io_r_getdcname,
-		WERR_GENERAL_FAILURE);
-
-	result = r.status;
-
-	if (W_ERROR_IS_OK(result) && newdcname) {
-		*newdcname = rpcstr_pull_unistr2_talloc(mem_ctx, &r.uni_dcname);
-		W_ERROR_HAVE_NO_MEMORY(*newdcname);
-	}
-
-	return result;
-}
-
-static WERROR pull_domain_controller_info_from_getdcname_reply(TALLOC_CTX *mem_ctx,
-							       struct DS_DOMAIN_CONTROLLER_INFO **info_out, 
-							       NET_R_DSR_GETDCNAME *r)
-{
-	struct DS_DOMAIN_CONTROLLER_INFO *info;
-
-	info = TALLOC_ZERO_P(mem_ctx, struct DS_DOMAIN_CONTROLLER_INFO);
-	if (!info) {
-		return WERR_NOMEM;
-	}
-
-	if (&r->uni_dc_unc) {
-
-		char *tmp;
-		tmp = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_dc_unc);
-		if (tmp == NULL) {
-			return WERR_GENERAL_FAILURE;
-		}
-		if (*tmp == '\\') tmp += 1;
-		if (*tmp == '\\') tmp += 1;
-
-		info->domain_controller_name = talloc_strdup(mem_ctx, tmp);
-		if (info->domain_controller_name == NULL) {
-			return WERR_GENERAL_FAILURE;
-		}
-	}
-
-	if (&r->uni_dc_address) {
-
-		char *tmp;
-		tmp = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_dc_address);
-		if (tmp == NULL) {
-			return WERR_GENERAL_FAILURE;
-		}
-		if (*tmp == '\\') tmp += 1;
-		if (*tmp == '\\') tmp += 1;
-
-		info->domain_controller_address = talloc_strdup(mem_ctx, tmp);
-		if (info->domain_controller_address == NULL) {
-			return WERR_GENERAL_FAILURE;
-		}
-	}
-
-	info->domain_controller_address_type = r->dc_address_type;
-
-	info->domain_guid = (struct GUID *)talloc_memdup(
-		mem_ctx, &r->domain_guid, sizeof(struct GUID));
-	if (!info->domain_guid) {
-		return WERR_GENERAL_FAILURE;
-	}
-
-	if (&r->uni_domain_name) {
-		info->domain_name = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_domain_name);
-		if (!info->domain_name) {
-			return WERR_GENERAL_FAILURE;
-		}
-	}
-
-	if (&r->uni_forest_name) {
-		info->dns_forest_name = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_forest_name);
-		if (!info->dns_forest_name) {
-			return WERR_GENERAL_FAILURE;
-		}
-	}
-
-	info->flags = r->dc_flags;
-
-	if (&r->uni_dc_site_name) {
-		info->dc_site_name = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_dc_site_name);
-		if (!info->dc_site_name) {
-			return WERR_GENERAL_FAILURE;
-		}
-	}
-
-	if (&r->uni_client_site_name) {
-		info->client_site_name = rpcstr_pull_unistr2_talloc(mem_ctx, &r->uni_client_site_name);
-		if (!info->client_site_name) {
-			return WERR_GENERAL_FAILURE;
-		}
-	}
-
-	*info_out = info;
-
-	return WERR_OK;
-}
-
-/* Dsr_GetDCName */
-
-WERROR rpccli_netlogon_dsr_getdcname(struct rpc_pipe_client *cli,
-				     TALLOC_CTX *mem_ctx,
-				     const char *server_name,
-				     const char *domain_name,
-				     struct GUID *domain_guid,
-				     struct GUID *site_guid,
-				     uint32_t flags,
-				     struct DS_DOMAIN_CONTROLLER_INFO **info_out)
-{
-	prs_struct qbuf, rbuf;
-	NET_Q_DSR_GETDCNAME q;
-	NET_R_DSR_GETDCNAME r;
-	char *tmp_str;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Initialize input parameters */
-
-	tmp_str = talloc_asprintf(mem_ctx, "\\\\%s", server_name);
-	if (tmp_str == NULL) {
-		return WERR_NOMEM;
-	}
-
-	init_net_q_dsr_getdcname(&q, tmp_str, domain_name, domain_guid,
-				 site_guid, flags);
-
-	/* Marshall data and send request */
-
-	CLI_DO_RPC_WERR(cli, mem_ctx, PI_NETLOGON, NET_DSR_GETDCNAME,
-			q, r,
-			qbuf, rbuf,
-			net_io_q_dsr_getdcname,
-			net_io_r_dsr_getdcname,
-			WERR_GENERAL_FAILURE);
-
-	if (!W_ERROR_IS_OK(r.result)) {
-		return r.result;
-	}
-
-	r.result = pull_domain_controller_info_from_getdcname_reply(mem_ctx, info_out, &r);
-	if (!W_ERROR_IS_OK(r.result)) {
-		return r.result;
-	}
-
-	return WERR_OK;
-}
-
-/* Dsr_GetDCNameEx */
-
-WERROR rpccli_netlogon_dsr_getdcnameex(struct rpc_pipe_client *cli,
-				       TALLOC_CTX *mem_ctx,
-				       const char *server_name,
-				       const char *domain_name,
-				       struct GUID *domain_guid,
-				       const char *site_name,
-				       uint32_t flags,
-				       struct DS_DOMAIN_CONTROLLER_INFO **info_out)
-{
-	prs_struct qbuf, rbuf;
-	NET_Q_DSR_GETDCNAMEEX q;
-	NET_R_DSR_GETDCNAME r;
-	char *tmp_str;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Initialize input parameters */
-
-	tmp_str = talloc_asprintf(mem_ctx, "\\\\%s", server_name);
-	if (tmp_str == NULL) {
-		return WERR_NOMEM;
-	}
-
-	init_net_q_dsr_getdcnameex(&q, server_name, domain_name, domain_guid,
-				   site_name, flags);
-
-	/* Marshall data and send request */
-
-	CLI_DO_RPC_WERR(cli, mem_ctx, PI_NETLOGON, NET_DSR_GETDCNAMEEX,
-			q, r,
-			qbuf, rbuf,
-			net_io_q_dsr_getdcnameex,
-			net_io_r_dsr_getdcname,
-			WERR_GENERAL_FAILURE);
-
-	if (!W_ERROR_IS_OK(r.result)) {
-		return r.result;
-	}
-
-	r.result = pull_domain_controller_info_from_getdcname_reply(mem_ctx, info_out, &r);
-	if (!W_ERROR_IS_OK(r.result)) {
-		return r.result;
-	}
-
-	return WERR_OK;
-}
-
-/* Dsr_GetDCNameEx */
-
-WERROR rpccli_netlogon_dsr_getdcnameex2(struct rpc_pipe_client *cli,
-					TALLOC_CTX *mem_ctx,
-					const char *server_name,
-					const char *client_account,
-					uint32 mask,
-					const char *domain_name,
-					struct GUID *domain_guid,
-					const char *site_name,
-					uint32_t flags,
-					struct DS_DOMAIN_CONTROLLER_INFO **info_out)
-{
-	prs_struct qbuf, rbuf;
-	NET_Q_DSR_GETDCNAMEEX2 q;
-	NET_R_DSR_GETDCNAME r;
-	char *tmp_str;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Initialize input parameters */
-
-	tmp_str = talloc_asprintf(mem_ctx, "\\\\%s", server_name);
-	if (tmp_str == NULL) {
-		return WERR_NOMEM;
-	}
-
-	init_net_q_dsr_getdcnameex2(&q, server_name, domain_name, client_account,
-				    mask, domain_guid, site_name, flags);
-
-	/* Marshall data and send request */
-
-	CLI_DO_RPC_WERR(cli, mem_ctx, PI_NETLOGON, NET_DSR_GETDCNAMEEX2,
-			q, r,
-			qbuf, rbuf,
-			net_io_q_dsr_getdcnameex2,
-			net_io_r_dsr_getdcname,
-			WERR_GENERAL_FAILURE);
-
-	if (!W_ERROR_IS_OK(r.result)) {
-		return r.result;
-	}
-
-	r.result = pull_domain_controller_info_from_getdcname_reply(mem_ctx, info_out, &r);
-	if (!W_ERROR_IS_OK(r.result)) {
-		return r.result;
-	}
-
-	return WERR_OK;
-}
-
-
-/* Dsr_GetSiteName */
-
-WERROR rpccli_netlogon_dsr_getsitename(struct rpc_pipe_client *cli,
-				       TALLOC_CTX *mem_ctx,
-				       const char *computer_name,
-				       char **site_name)
-{
-	prs_struct qbuf, rbuf;
-	NET_Q_DSR_GETSITENAME q;
-	NET_R_DSR_GETSITENAME r;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Initialize input parameters */
-
-	init_net_q_dsr_getsitename(&q, computer_name);
-
-	/* Marshall data and send request */
-
-	CLI_DO_RPC_WERR(cli, mem_ctx, PI_NETLOGON, NET_DSR_GETSITENAME,
-			q, r,
-			qbuf, rbuf,
-			net_io_q_dsr_getsitename,
-			net_io_r_dsr_getsitename,
-			WERR_GENERAL_FAILURE);
-
-	if (!W_ERROR_IS_OK(r.result)) {
-		return r.result;
-	}
-
-	if ((site_name != NULL) &&
-	    ((*site_name = rpcstr_pull_unistr2_talloc(
-		      mem_ctx, &r.uni_site_name)) == NULL)) {
-		return WERR_GENERAL_FAILURE;
-	}
-
-	return WERR_OK;
-}
-
-
-
-/* Sam synchronisation */
-
-NTSTATUS rpccli_netlogon_sam_sync(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-                               uint32 database_id, uint32 next_rid, uint32 *num_deltas,
-                               SAM_DELTA_HDR **hdr_deltas, 
-                               SAM_DELTA_CTR **deltas)
-{
-	prs_struct qbuf, rbuf;
-	NET_Q_SAM_SYNC q;
-	NET_R_SAM_SYNC r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-        DOM_CRED clnt_creds;
-        DOM_CRED ret_creds;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	ZERO_STRUCT(ret_creds);
-
-	/* Initialise input parameters */
-
-	creds_client_step(cli->dc, &clnt_creds);
-
-	init_net_q_sam_sync(&q, cli->dc->remote_machine, global_myname(),
-                            &clnt_creds, &ret_creds, database_id, next_rid);
-
-	/* Marshall data and send request */
-
-	CLI_DO_RPC_COPY_SESS_KEY(cli, mem_ctx, PI_NETLOGON, NET_SAM_SYNC,
-		q, r,
-		qbuf, rbuf,
-		net_io_q_sam_sync,
-		net_io_r_sam_sync,
-		NT_STATUS_UNSUCCESSFUL);
-
-        /* Return results */
-
-	result = r.status;
-        *num_deltas = r.num_deltas2;
-        *hdr_deltas = r.hdr_deltas;
-        *deltas = r.deltas;
-
-	if (!NT_STATUS_IS_ERR(result)) {
-		/* Check returned credentials. */
-		if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) {
-			DEBUG(0,("cli_netlogon_sam_sync: credentials chain check failed\n"));
-			return NT_STATUS_ACCESS_DENIED;
-		}
-	}
-
-	return result;
-}
-
-/* Sam synchronisation */
-
-NTSTATUS rpccli_netlogon_sam_deltas(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-                                 uint32 database_id, uint64 seqnum,
-                                 uint32 *num_deltas, 
-                                 SAM_DELTA_HDR **hdr_deltas, 
-                                 SAM_DELTA_CTR **deltas)
-{
-	prs_struct qbuf, rbuf;
-	NET_Q_SAM_DELTAS q;
-	NET_R_SAM_DELTAS r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-        DOM_CRED clnt_creds;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Initialise input parameters */
-
-	creds_client_step(cli->dc, &clnt_creds);
-
-	init_net_q_sam_deltas(&q, cli->dc->remote_machine,
-                              global_myname(), &clnt_creds, 
-                              database_id, seqnum);
-
-	/* Marshall data and send request */
-
-	CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAM_DELTAS,
-		q, r,
-		qbuf, rbuf,
-		net_io_q_sam_deltas,
-		net_io_r_sam_deltas,
-		NT_STATUS_UNSUCCESSFUL);
-
-        /* Return results */
-
-	result = r.status;
-        *num_deltas = r.num_deltas2;
-        *hdr_deltas = r.hdr_deltas;
-        *deltas = r.deltas;
-
-	if (!NT_STATUS_IS_ERR(result)) {
-		/* Check returned credentials. */
-		if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) {
-			DEBUG(0,("cli_netlogon_sam_sync: credentials chain check failed\n"));
-			return NT_STATUS_ACCESS_DENIED;
-		}
-	}
-
-	return result;
-}
-
 /* Logon domain user */
 
 NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
@@ -854,20 +223,23 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
 				   const char *workstation,
 				   int logon_type)
 {
-	prs_struct qbuf, rbuf;
-	NET_Q_SAM_LOGON q;
-	NET_R_SAM_LOGON r;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	DOM_CRED clnt_creds;
-	DOM_CRED ret_creds;
-        NET_ID_INFO_CTR ctr;
-        NET_USER_INFO_3 user;
-        int validation_level = 3;
+	struct netr_Authenticator clnt_creds;
+	struct netr_Authenticator ret_creds;
+	union netr_LogonLevel *logon;
+	union netr_Validation validation;
+	uint8_t authoritative;
+	int validation_level = 3;
 	fstring clnt_name_slash;
+	uint8 zeros[16];
 
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
 	ZERO_STRUCT(ret_creds);
+	ZERO_STRUCT(zeros);
+
+	logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonLevel);
+	if (!logon) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	if (workstation) {
 		fstr_sprintf( clnt_name_slash, "\\\\%s", workstation );
@@ -875,85 +247,143 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
 		fstr_sprintf( clnt_name_slash, "\\\\%s", global_myname() );
 	}
 
-        /* Initialise input parameters */
+	/* Initialise input parameters */
 
-	creds_client_step(cli->dc, &clnt_creds);
+	netlogon_creds_client_step(cli->dc, &clnt_creds);
 
-        q.validation_level = validation_level;
+	switch (logon_type) {
+	case INTERACTIVE_LOGON_TYPE: {
 
-        ctr.switch_value = logon_type;
+		struct netr_PasswordInfo *password_info;
 
-        switch (logon_type) {
-        case INTERACTIVE_LOGON_TYPE: {
-                unsigned char lm_owf_user_pwd[16], nt_owf_user_pwd[16];
+		struct samr_Password lmpassword;
+		struct samr_Password ntpassword;
 
-                nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd);
+		unsigned char lm_owf_user_pwd[16], nt_owf_user_pwd[16];
 
-                init_id_info1(&ctr.auth.id1, domain, 
-			      logon_parameters, /* param_ctrl */
-                              0xdead, 0xbeef, /* LUID? */
-                              username, clnt_name_slash,
-                              (const char *)cli->dc->sess_key, lm_owf_user_pwd,
-                              nt_owf_user_pwd);
+		unsigned char lm_owf[16];
+		unsigned char nt_owf[16];
+		unsigned char key[16];
 
-                break;
-        }
-        case NET_LOGON_TYPE: {
-                uint8 chal[8];
-                unsigned char local_lm_response[24];
-                unsigned char local_nt_response[24];
-
-                generate_random_buffer(chal, 8);
-
-                SMBencrypt(password, chal, local_lm_response);
-                SMBNTencrypt(password, chal, local_nt_response);
-
-                init_id_info2(&ctr.auth.id2, domain, 
-			      logon_parameters, /* param_ctrl */
-                              0xdead, 0xbeef, /* LUID? */
-                              username, clnt_name_slash, chal,
-                              local_lm_response, 24, local_nt_response, 24);
-                break;
-        }
-        default:
-                DEBUG(0, ("switch value %d not supported\n", 
-                          ctr.switch_value));
-                return NT_STATUS_INVALID_INFO_CLASS;
-        }
+		password_info = TALLOC_ZERO_P(mem_ctx, struct netr_PasswordInfo);
+		if (!password_info) {
+			return NT_STATUS_NO_MEMORY;
+		}
 
-        r.user = &user;
+		nt_lm_owf_gen(password, nt_owf_user_pwd, lm_owf_user_pwd);
 
-        init_sam_info(&q.sam_id, cli->dc->remote_machine, global_myname(),
-                      &clnt_creds, &ret_creds, logon_type,
-                      &ctr);
+#ifdef DEBUG_PASSWORD
+		DEBUG(100,("lm cypher:"));
+		dump_data(100, lm_owf_user_pwd, 16);
 
-        /* Marshall data and send request */
+		DEBUG(100,("nt cypher:"));
+		dump_data(100, nt_owf_user_pwd, 16);
+#endif
+		memset(key, 0, 16);
+		memcpy(key, cli->dc->sess_key, 8);
 
-	CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAMLOGON,
-		q, r,
-		qbuf, rbuf,
-		net_io_q_sam_logon,
-		net_io_r_sam_logon,
-		NT_STATUS_UNSUCCESSFUL);
+		memcpy(lm_owf, lm_owf_user_pwd, 16);
+		SamOEMhash(lm_owf, key, 16);
+		memcpy(nt_owf, nt_owf_user_pwd, 16);
+		SamOEMhash(nt_owf, key, 16);
 
-        /* Return results */
+#ifdef DEBUG_PASSWORD
+		DEBUG(100,("encrypt of lm owf password:"));
+		dump_data(100, lm_owf, 16);
 
-	result = r.status;
+		DEBUG(100,("encrypt of nt owf password:"));
+		dump_data(100, nt_owf, 16);
+#endif
+		memcpy(lmpassword.hash, lm_owf, 16);
+		memcpy(ntpassword.hash, nt_owf, 16);
+
+		init_netr_PasswordInfo(password_info,
+				       domain,
+				       logon_parameters,
+				       0xdead,
+				       0xbeef,
+				       username,
+				       clnt_name_slash,
+				       lmpassword,
+				       ntpassword);
+
+		logon->password = password_info;
+
+		break;
+	}
+	case NET_LOGON_TYPE: {
+		struct netr_NetworkInfo *network_info;
+		uint8 chal[8];
+		unsigned char local_lm_response[24];
+		unsigned char local_nt_response[24];
+		struct netr_ChallengeResponse lm;
+		struct netr_ChallengeResponse nt;
+
+		ZERO_STRUCT(lm);
+		ZERO_STRUCT(nt);
+
+		network_info = TALLOC_ZERO_P(mem_ctx, struct netr_NetworkInfo);
+		if (!network_info) {
+			return NT_STATUS_NO_MEMORY;
+		}
 
-	if (r.buffer_creds) {
+		generate_random_buffer(chal, 8);
+
+		SMBencrypt(password, chal, local_lm_response);
+		SMBNTencrypt(password, chal, local_nt_response);
+
+		lm.length = 24;
+		lm.data = local_lm_response;
+
+		nt.length = 24;
+		nt.data = local_nt_response;
+
+		init_netr_NetworkInfo(network_info,
+				      domain,
+				      logon_parameters,
+				      0xdead,
+				      0xbeef,
+				      username,
+				      clnt_name_slash,
+				      chal,
+				      nt,
+				      lm);
+
+		logon->network = network_info;
+
+		break;
+	}
+	default:
+		DEBUG(0, ("switch value %d not supported\n",
+			logon_type));
+		return NT_STATUS_INVALID_INFO_CLASS;
+	}
+
+	result = rpccli_netr_LogonSamLogon(cli, mem_ctx,
+					   cli->dc->remote_machine,
+					   global_myname(),
+					   &clnt_creds,
+					   &ret_creds,
+					   logon_type,
+					   logon,
+					   validation_level,
+					   &validation,
+					   &authoritative);
+
+	if (memcmp(zeros, &ret_creds.cred.data, sizeof(ret_creds.cred.data)) != 0) {
 		/* Check returned credentials if present. */
-		if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) {
+		if (!netlogon_creds_client_check(cli->dc, &ret_creds.cred)) {
 			DEBUG(0,("rpccli_netlogon_sam_logon: credentials chain check failed\n"));
 			return NT_STATUS_ACCESS_DENIED;
 		}
 	}
 
-        return result;
+	return result;
 }
 
 
-/** 
- * Logon domain user with an 'network' SAM logon 
+/**
+ * Logon domain user with an 'network' SAM logon
  *
  * @param info3 Pointer to a NET_USER_INFO_3 already allocated by the caller.
  **/
@@ -964,31 +394,47 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli,
 					   const char *server,
 					   const char *username,
 					   const char *domain,
-					   const char *workstation, 
-					   const uint8 chal[8], 
+					   const char *workstation,
+					   const uint8 chal[8],
 					   DATA_BLOB lm_response,
 					   DATA_BLOB nt_response,
-					   NET_USER_INFO_3 *info3)
+					   struct netr_SamInfo3 **info3)
 {
-	prs_struct qbuf, rbuf;
-	NET_Q_SAM_LOGON q;
-	NET_R_SAM_LOGON r;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	NET_ID_INFO_CTR ctr;
 	int validation_level = 3;
 	const char *workstation_name_slash;
 	const char *server_name_slash;
 	uint8 zeros[16];
-	DOM_CRED clnt_creds;
-	DOM_CRED ret_creds;
-	int i;
+	struct netr_Authenticator clnt_creds;
+	struct netr_Authenticator ret_creds;
+	union netr_LogonLevel *logon = NULL;
+	struct netr_NetworkInfo *network_info;
+	uint8_t authoritative;
+	union netr_Validation validation;
+	struct netr_ChallengeResponse lm;
+	struct netr_ChallengeResponse nt;
+	struct netr_UserSessionKey user_session_key;
+	struct netr_LMSessionKey lmsesskey;
+
+	*info3 = NULL;
 
 	ZERO_STRUCT(zeros);
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
 	ZERO_STRUCT(ret_creds);
 
-	creds_client_step(cli->dc, &clnt_creds);
+	ZERO_STRUCT(lm);
+	ZERO_STRUCT(nt);
+
+	logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonLevel);
+	if (!logon) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	network_info = TALLOC_ZERO_P(mem_ctx, struct netr_NetworkInfo);
+	if (!network_info) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	netlogon_creds_client_step(cli->dc, &clnt_creds);
 
 	if (server[0] != '\\' && server[1] != '\\') {
 		server_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", server);
@@ -1009,60 +455,62 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli,
 
 	/* Initialise input parameters */
 
-	q.validation_level = validation_level;
-
-        ctr.switch_value = NET_LOGON_TYPE;
+	lm.data = lm_response.data;
+	lm.length = lm_response.length;
+	nt.data = nt_response.data;
+	nt.length = nt_response.length;
 
-	init_id_info2(&ctr.auth.id2, domain,
-		      logon_parameters, /* param_ctrl */
-		      0xdead, 0xbeef, /* LUID? */
-		      username, workstation_name_slash, (const uchar*)chal,
-		      lm_response.data, lm_response.length, nt_response.data, nt_response.length);
- 
-        init_sam_info(&q.sam_id, server_name_slash, global_myname(),
-                      &clnt_creds, &ret_creds, NET_LOGON_TYPE,
-                      &ctr);
+	init_netr_NetworkInfo(network_info,
+			      domain,
+			      logon_parameters,
+			      0xdead,
+			      0xbeef,
+			      username,
+			      workstation_name_slash,
+			      (uint8_t *) chal,
+			      nt,
+			      lm);
 
-        r.user = info3;
+	logon->network = network_info;
 
-        /* Marshall data and send request */
-
-	CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAMLOGON,
-		q, r,
-		qbuf, rbuf,
-		net_io_q_sam_logon,
-		net_io_r_sam_logon,
-		NT_STATUS_UNSUCCESSFUL);
+	/* Marshall data and send request */
 
-	if (memcmp(zeros, info3->user_sess_key, 16) != 0) {
-		SamOEMhash(info3->user_sess_key, cli->dc->sess_key, 16);
-	} else {
-		memset(info3->user_sess_key, '\0', 16);
+	result = rpccli_netr_LogonSamLogon(cli, mem_ctx,
+					   server_name_slash,
+					   global_myname(),
+					   &clnt_creds,
+					   &ret_creds,
+					   NET_LOGON_TYPE,
+					   logon,
+					   validation_level,
+					   &validation,
+					   &authoritative);
+	if (!NT_STATUS_IS_OK(result)) {
+		return result;
 	}
 
-	if (memcmp(zeros, info3->lm_sess_key, 8) != 0) {
-		SamOEMhash(info3->lm_sess_key, cli->dc->sess_key, 8);
-	} else {
-		memset(info3->lm_sess_key, '\0', 8);
-	}
+	user_session_key = validation.sam3->base.key;
+	lmsesskey = validation.sam3->base.LMSessKey;
 
-	for (i=0; i < 7; i++) {
-		memset(&info3->unknown[i], '\0', 4);
+	if (memcmp(zeros, user_session_key.key, 16) != 0) {
+		SamOEMhash(user_session_key.key, cli->dc->sess_key, 16);
 	}
 
-        /* Return results */
-
-	result = r.status;
+	if (memcmp(zeros, lmsesskey.key, 8) != 0) {
+		SamOEMhash(lmsesskey.key, cli->dc->sess_key, 8);
+	}
 
-	if (r.buffer_creds) {
+	if (memcmp(zeros, ret_creds.cred.data, sizeof(ret_creds.cred.data)) != 0) {
 		/* Check returned credentials if present. */
-		if (!creds_client_check(cli->dc, &r.srv_creds.challenge)) {
+		if (!netlogon_creds_client_check(cli->dc, &ret_creds.cred)) {
 			DEBUG(0,("rpccli_netlogon_sam_network_logon: credentials chain check failed\n"));
 			return NT_STATUS_ACCESS_DENIED;
 		}
 	}
 
-        return result;
+	*info3 = validation.sam3;
+
+	return result;
 }
 
 NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
@@ -1071,26 +519,43 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
 					      const char *server,
 					      const char *username,
 					      const char *domain,
-					      const char *workstation, 
-					      const uint8 chal[8], 
+					      const char *workstation,
+					      const uint8 chal[8],
 					      DATA_BLOB lm_response,
 					      DATA_BLOB nt_response,
-					      NET_USER_INFO_3 *info3)
+					      struct netr_SamInfo3 **info3)
 {
-	prs_struct qbuf, rbuf;
-	NET_Q_SAM_LOGON_EX q;
-	NET_R_SAM_LOGON_EX r;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	NET_ID_INFO_CTR ctr;
 	int validation_level = 3;
 	const char *workstation_name_slash;
 	const char *server_name_slash;
 	uint8 zeros[16];
-	int i;
+	union netr_LogonLevel *logon = NULL;
+	struct netr_NetworkInfo *network_info;
+	uint8_t authoritative;
+	union netr_Validation validation;
+	struct netr_ChallengeResponse lm;
+	struct netr_ChallengeResponse nt;
+	struct netr_UserSessionKey user_session_key;
+	struct netr_LMSessionKey lmsesskey;
+	uint32_t flags = 0;
+
+	*info3 = NULL;
 
 	ZERO_STRUCT(zeros);
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
+
+	ZERO_STRUCT(lm);
+	ZERO_STRUCT(nt);
+
+	logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonLevel);
+	if (!logon) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	network_info = TALLOC_ZERO_P(mem_ctx, struct netr_NetworkInfo);
+	if (!network_info) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	if (server[0] != '\\' && server[1] != '\\') {
 		server_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", server);
@@ -1111,97 +576,53 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
 
 	/* Initialise input parameters */
 
-	q.validation_level = validation_level;
-
-        ctr.switch_value = NET_LOGON_TYPE;
+	lm.data = lm_response.data;
+	lm.length = lm_response.length;
+	nt.data = nt_response.data;
+	nt.length = nt_response.length;
 
-	init_id_info2(&ctr.auth.id2, domain,
-		      logon_parameters, /* param_ctrl */
-		      0xdead, 0xbeef, /* LUID? */
-		      username, workstation_name_slash, (const uchar*)chal,
-		      lm_response.data, lm_response.length, nt_response.data,
-		      nt_response.length);
- 
-        init_sam_info_ex(&q.sam_id, server_name_slash, global_myname(),
-			 NET_LOGON_TYPE, &ctr);
+	init_netr_NetworkInfo(network_info,
+			      domain,
+			      logon_parameters,
+			      0xdead,
+			      0xbeef,
+			      username,
+			      workstation_name_slash,
+			      (uint8_t *) chal,
+			      nt,
+			      lm);
 
-        r.user = info3;
+	logon->network = network_info;
 
         /* Marshall data and send request */
 
-	CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAMLOGON_EX,
-		   q, r, qbuf, rbuf,
-		   net_io_q_sam_logon_ex,
-		   net_io_r_sam_logon_ex,
-		   NT_STATUS_UNSUCCESSFUL);
-
-	if (memcmp(zeros, info3->user_sess_key, 16) != 0) {
-		SamOEMhash(info3->user_sess_key, cli->dc->sess_key, 16);
-	} else {
-		memset(info3->user_sess_key, '\0', 16);
+	result = rpccli_netr_LogonSamLogonEx(cli, mem_ctx,
+					     server_name_slash,
+					     global_myname(),
+					     NET_LOGON_TYPE,
+					     logon,
+					     validation_level,
+					     &validation,
+					     &authoritative,
+					     &flags);
+	if (!NT_STATUS_IS_OK(result)) {
+		return result;
 	}
 
-	if (memcmp(zeros, info3->lm_sess_key, 8) != 0) {
-		SamOEMhash(info3->lm_sess_key, cli->dc->sess_key, 8);
-	} else {
-		memset(info3->lm_sess_key, '\0', 8);
-	}
+	user_session_key = validation.sam3->base.key;
+	lmsesskey = validation.sam3->base.LMSessKey;
 
-	for (i=0; i < 7; i++) {
-		memset(&info3->unknown[i], '\0', 4);
+	if (memcmp(zeros, user_session_key.key, 16) != 0) {
+		SamOEMhash(user_session_key.key, cli->dc->sess_key, 16);
 	}
 
-        /* Return results */
-
-	result = r.status;
-
-        return result;
-}
-
-/***************************************************************************
-LSA Server Password Set.
-****************************************************************************/
-
-NTSTATUS rpccli_net_srv_pwset(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
-			   const char *machine_name, const uint8 hashed_mach_pwd[16])
-{
-	prs_struct rbuf;
-	prs_struct qbuf; 
-	DOM_CRED clnt_creds;
-	NET_Q_SRV_PWSET q;
-	NET_R_SRV_PWSET r;
-	uint16 sec_chan_type = 2;
-	NTSTATUS result;
-
-	creds_client_step(cli->dc, &clnt_creds);
-	
-	DEBUG(4,("cli_net_srv_pwset: srv:%s acct:%s sc: %d mc: %s\n",
-		 cli->dc->remote_machine, cli->dc->mach_acct, sec_chan_type, machine_name));
-	
-        /* store the parameters */
-	init_q_srv_pwset(&q, cli->dc->remote_machine, (const char *)cli->dc->sess_key,
-			 cli->dc->mach_acct, sec_chan_type, machine_name, 
-			 &clnt_creds, hashed_mach_pwd);
-	
-	CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SRVPWSET,
-		q, r,
-		qbuf, rbuf,
-		net_io_q_srv_pwset,
-		net_io_r_srv_pwset,
-		NT_STATUS_UNSUCCESSFUL);
-
-	result = r.status;
-
-	if (!NT_STATUS_IS_OK(result)) {
-		/* report error code */
-		DEBUG(0,("cli_net_srv_pwset: %s\n", nt_errstr(result)));
+	if (memcmp(zeros, lmsesskey.key, 8) != 0) {
+		SamOEMhash(lmsesskey.key, cli->dc->sess_key, 8);
 	}
 
-	/* Always check returned credentials. */
-	if (!creds_client_check(cli->dc, &r.srv_cred.challenge)) {
-		DEBUG(0,("rpccli_net_srv_pwset: credentials chain check failed\n"));
-		return NT_STATUS_ACCESS_DENIED;
-	}
+	*info3 = validation.sam3;
 
 	return result;
+
+        return result;
 }
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index f4cb424527..c89c5531d7 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -1807,6 +1807,7 @@ static NTSTATUS rpc_finish_auth3_bind(struct rpc_pipe_client *cli,
 	
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(0,("rpc_finish_auth3_bind: NTLMSSP update using server blob failed.\n"));
+		data_blob_free(&server_response);
 		return nt_status;
 	}
 
@@ -2263,7 +2264,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_noauth(struct cli_state *cli, int pipe
 	*perr = rpc_pipe_bind(result, PIPE_AUTH_TYPE_NONE, PIPE_AUTH_LEVEL_NONE);
 	if (!NT_STATUS_IS_OK(*perr)) {
 		int lvl = 0;
-		if (pipe_idx == PI_LSARPC_DS) {
+		if (pipe_idx == PI_DSSETUP) {
 			/* non AD domains just don't have this pipe, avoid
 			 * level 0 statement in that case - gd */
 			lvl = 3;
@@ -2596,7 +2597,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state
 						const char *password,
 						NTSTATUS *perr)
 {
-	uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+	uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
 	struct rpc_pipe_client *netlogon_pipe = NULL;
 	struct rpc_pipe_client *result = NULL;
 
@@ -2630,7 +2631,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_schannel(struct cli_state *cli,
                                                 const char *domain,
 						NTSTATUS *perr)
 {
-	uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+	uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
 	struct rpc_pipe_client *netlogon_pipe = NULL;
 	struct rpc_pipe_client *result = NULL;
 
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index bf8313816c..62a5c72d81 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -5,6 +5,7 @@
    Copyright (C) Andrew Tridgell              1992-1997,2000,
    Copyright (C) Rafal Szczesniak                       2002.
    Copyright (C) Jeremy Allison                         2005.
+   Copyright (C) Guenther Deschner                      2008.
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -22,1272 +23,71 @@
 
 #include "includes.h"
 
-/* Connect to SAMR database */
-
-NTSTATUS rpccli_samr_connect(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
-			     uint32 access_mask, POLICY_HND *connect_pol)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_CONNECT q;
-	SAMR_R_CONNECT r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_connect to %s\n", cli->cli->desthost));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_connect(&q, cli->cli->desthost, access_mask);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CONNECT,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_connect,
-		samr_io_r_connect,
-		NT_STATUS_UNSUCCESSFUL); 
-	/* Return output parameters */
-
-	if (NT_STATUS_IS_OK(result = r.status)) {
-		*connect_pol = r.connect_pol;
-#ifdef __INSURE__
-		connect_pol->marker = malloc(1);
-#endif
-	}
-
-	return result;
-}
-
-/* Connect to SAMR database */
-
-NTSTATUS rpccli_samr_connect4(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
-			   uint32 access_mask, POLICY_HND *connect_pol)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_CONNECT4 q;
-	SAMR_R_CONNECT4 r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_connect4(&q, cli->cli->desthost, access_mask);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CONNECT4,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_connect4,
-		samr_io_r_connect4,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	if (NT_STATUS_IS_OK(result = r.status)) {
-		*connect_pol = r.connect_pol;
-#ifdef __INSURE__
-		connect_pol->marker = malloc(1);
-#endif
-	}
-
-	return result;
-}
-
-/* Close SAMR handle */
-
-NTSTATUS rpccli_samr_close(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-			   POLICY_HND *connect_pol)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_CLOSE_HND q;
-	SAMR_R_CLOSE_HND r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_close\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_close_hnd(&q, connect_pol);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CLOSE_HND,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_close_hnd,
-		samr_io_r_close_hnd,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	if (NT_STATUS_IS_OK(result = r.status)) {
-#ifdef __INSURE__
-		SAFE_FREE(connect_pol->marker);
-#endif
-		*connect_pol = r.pol;
-	}
-
-	return result;
-}
-
-/* Open handle on a domain */
-
-NTSTATUS rpccli_samr_open_domain(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-				 POLICY_HND *connect_pol, uint32 access_mask, 
-				 const DOM_SID *domain_sid,
-				 POLICY_HND *domain_pol)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_OPEN_DOMAIN q;
-	SAMR_R_OPEN_DOMAIN r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_open_domain with sid %s\n",
-		  sid_string_dbg(domain_sid) ));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_open_domain(&q, connect_pol, access_mask, domain_sid);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_OPEN_DOMAIN,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_open_domain,
-		samr_io_r_open_domain,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	if (NT_STATUS_IS_OK(result = r.status)) {
-		*domain_pol = r.domain_pol;
-#ifdef __INSURE__
-		domain_pol->marker = malloc(1);
-#endif
-	}
-
-	return result;
-}
-
-NTSTATUS rpccli_samr_open_user(struct rpc_pipe_client *cli,
-			       TALLOC_CTX *mem_ctx,
-			       POLICY_HND *domain_pol, uint32 access_mask, 
-			       uint32 user_rid, POLICY_HND *user_pol)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_OPEN_USER q;
-	SAMR_R_OPEN_USER r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_open_user with rid 0x%x\n", user_rid ));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_open_user(&q, domain_pol, access_mask, user_rid);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_OPEN_USER,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_open_user,
-		samr_io_r_open_user,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	if (NT_STATUS_IS_OK(result = r.status)) {
-		*user_pol = r.user_pol;
-#ifdef __INSURE__
-		user_pol->marker = malloc(1);
-#endif
-	}
-
-	return result;
-}
-
-/* Open handle on a group */
-
-NTSTATUS rpccli_samr_open_group(struct rpc_pipe_client *cli,
-				TALLOC_CTX *mem_ctx, 
-				POLICY_HND *domain_pol, uint32 access_mask, 
-				uint32 group_rid, POLICY_HND *group_pol)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_OPEN_GROUP q;
-	SAMR_R_OPEN_GROUP r;
-	NTSTATUS result =  NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_open_group with rid 0x%x\n", group_rid ));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_open_group(&q, domain_pol, access_mask, group_rid);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_OPEN_GROUP,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_open_group,
-		samr_io_r_open_group,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	if (NT_STATUS_IS_OK(result = r.status)) {
-		*group_pol = r.pol;
-#ifdef __INSURE__
-		group_pol->marker = malloc(1);
-#endif
-	}
-
-	return result;
-}
-
-/* Create domain group */
-
-NTSTATUS rpccli_samr_create_dom_group(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-				   POLICY_HND *domain_pol,
-				   const char *group_name,
-				   uint32 access_mask, POLICY_HND *group_pol)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_CREATE_DOM_GROUP q;
-	SAMR_R_CREATE_DOM_GROUP r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_create_dom_group\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_create_dom_group(&q, domain_pol, group_name, access_mask);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CREATE_DOM_GROUP,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_create_dom_group,
-		samr_io_r_create_dom_group,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	if (NT_STATUS_IS_OK(result))
-		*group_pol = r.pol;
-
-	return result;
-}
-
-/* Add a domain group member */
-
-NTSTATUS rpccli_samr_add_groupmem(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-			       POLICY_HND *group_pol, uint32 rid)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_ADD_GROUPMEM q;
-	SAMR_R_ADD_GROUPMEM r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_add_groupmem\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_add_groupmem(&q, group_pol, rid);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_ADD_GROUPMEM,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_add_groupmem,
-		samr_io_r_add_groupmem,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	return result;
-}
-
-/* Delete a domain group member */
-
-NTSTATUS rpccli_samr_del_groupmem(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-			       POLICY_HND *group_pol, uint32 rid)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_DEL_GROUPMEM q;
-	SAMR_R_DEL_GROUPMEM r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_del_groupmem\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_del_groupmem(&q, group_pol, rid);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_DEL_GROUPMEM,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_del_groupmem,
-		samr_io_r_del_groupmem,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	return result;
-}
-
-/* Query user info */
-
-NTSTATUS rpccli_samr_query_userinfo(struct rpc_pipe_client *cli,
-				    TALLOC_CTX *mem_ctx,
-				    const POLICY_HND *user_pol,
-				    uint16 switch_value, 
-				    SAM_USERINFO_CTR **ctr)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_QUERY_USERINFO q;
-	SAMR_R_QUERY_USERINFO r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_query_userinfo\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_query_userinfo(&q, user_pol, switch_value);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_USERINFO,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_query_userinfo,
-		samr_io_r_query_userinfo,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	result = r.status;
-	*ctr = r.ctr;
-
-	return result;
-}
-
-/* Set group info */
-
-NTSTATUS rpccli_samr_set_groupinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-				POLICY_HND *group_pol, GROUP_INFO_CTR *ctr)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_SET_GROUPINFO q;
-	SAMR_R_SET_GROUPINFO r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_set_groupinfo\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_set_groupinfo(&q, group_pol, ctr);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_SET_GROUPINFO,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_set_groupinfo,
-		samr_io_r_set_groupinfo,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	return result;
-}
-
-/* Query group info */
-
-NTSTATUS rpccli_samr_query_groupinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-                                  POLICY_HND *group_pol, uint32 info_level, 
-                                  GROUP_INFO_CTR **ctr)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_QUERY_GROUPINFO q;
-	SAMR_R_QUERY_GROUPINFO r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_query_groupinfo\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_query_groupinfo(&q, group_pol, info_level);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_GROUPINFO,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_query_groupinfo,
-		samr_io_r_query_groupinfo,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	*ctr = r.ctr;
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	return result;
-}
-
-/* Query user groups */
-
-NTSTATUS rpccli_samr_query_usergroups(struct rpc_pipe_client *cli,
-				      TALLOC_CTX *mem_ctx, 
-				      POLICY_HND *user_pol,
-				      uint32 *num_groups, 
-				      DOM_GID **gid)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_QUERY_USERGROUPS q;
-	SAMR_R_QUERY_USERGROUPS r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_query_usergroups\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_query_usergroups(&q, user_pol);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_USERGROUPS,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_query_usergroups,
-		samr_io_r_query_usergroups,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	if (NT_STATUS_IS_OK(result = r.status)) {
-		*num_groups = r.num_entries;
-		*gid = r.gid;
-	}
-
-	return result;
-}
-
-/* Set alias info */
-
-NTSTATUS rpccli_samr_set_aliasinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-				POLICY_HND *alias_pol, ALIAS_INFO_CTR *ctr)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_SET_ALIASINFO q;
-	SAMR_R_SET_ALIASINFO r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_set_aliasinfo\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_set_aliasinfo(&q, alias_pol, ctr);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_SET_ALIASINFO,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_set_aliasinfo,
-		samr_io_r_set_aliasinfo,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	return result;
-}
-
-/* Query user aliases */
-
-NTSTATUS rpccli_samr_query_useraliases(struct rpc_pipe_client *cli,
-				       TALLOC_CTX *mem_ctx, 
-				       POLICY_HND *dom_pol, uint32 num_sids,
-				       DOM_SID2 *sid,
-				       uint32 *num_aliases, uint32 **als_rids)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_QUERY_USERALIASES q;
-	SAMR_R_QUERY_USERALIASES r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	int i;
-	uint32 *sid_ptrs;
-	
-	DEBUG(10,("cli_samr_query_useraliases\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	if (num_sids) {
-		sid_ptrs = TALLOC_ARRAY(mem_ctx, uint32, num_sids);
-		if (sid_ptrs == NULL)
-			return NT_STATUS_NO_MEMORY;
-	} else {
-		sid_ptrs = NULL;
-	}
-	
-	for (i=0; i<num_sids; i++)
-		sid_ptrs[i] = 1;
-
-	/* Marshall data and send request */
-
-	init_samr_q_query_useraliases(&q, dom_pol, num_sids, sid_ptrs, sid);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_USERALIASES,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_query_useraliases,
-		samr_io_r_query_useraliases,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	if (NT_STATUS_IS_OK(result = r.status)) {
-		*num_aliases = r.num_entries;
-		*als_rids = r.rid;
-	}
-
-	return result;
-}
-
-/* Query user groups */
-
-NTSTATUS rpccli_samr_query_groupmem(struct rpc_pipe_client *cli,
-				    TALLOC_CTX *mem_ctx,
-				    POLICY_HND *group_pol, uint32 *num_mem, 
-				    uint32 **rid, uint32 **attr)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_QUERY_GROUPMEM q;
-	SAMR_R_QUERY_GROUPMEM r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_query_groupmem\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_query_groupmem(&q, group_pol);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_GROUPMEM,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_query_groupmem,
-		samr_io_r_query_groupmem,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	if (NT_STATUS_IS_OK(result = r.status)) {
-		*num_mem = r.num_entries;
-		*rid = r.rid;
-		*attr = r.attr;
-	}
-
-	return result;
-}
-
-/**
- * Enumerate domain users
- *
- * @param cli client state structure
- * @param mem_ctx talloc context
- * @param pol opened domain policy handle
- * @param start_idx starting index of enumeration, returns context for
-                    next enumeration
- * @param acb_mask account control bit mask (to enumerate some particular
- *                 kind of accounts)
- * @param size max acceptable size of response
- * @param dom_users returned array of domain user names
- * @param rids returned array of domain user RIDs
- * @param num_dom_users numer returned entries
- * 
- * @return NTSTATUS returned in rpc response
- **/
-
-NTSTATUS rpccli_samr_enum_dom_users(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-                                 POLICY_HND *pol, uint32 *start_idx, uint32 acb_mask,
-                                 uint32 size, char ***dom_users, uint32 **rids,
-                                 uint32 *num_dom_users)
-{
-	prs_struct qbuf;
-	prs_struct rbuf;
-	SAMR_Q_ENUM_DOM_USERS q;
-	SAMR_R_ENUM_DOM_USERS r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	int i;
-	
-	DEBUG(10,("cli_samr_enum_dom_users starting at index %u\n", (unsigned int)*start_idx));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-	
-	/* always init this */
-	*num_dom_users = 0;
-	
-	/* Fill query structure with parameters */
-
-	init_samr_q_enum_dom_users(&q, pol, *start_idx, acb_mask, size);
-	
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_ENUM_DOM_USERS,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_enum_dom_users,
-		samr_io_r_enum_dom_users,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	result = r.status;
-
-	if (!NT_STATUS_IS_OK(result) &&
-	    NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES))
-		goto done;
-	
-	*start_idx = r.next_idx;
-	*num_dom_users = r.num_entries2;
-
-	if (r.num_entries2) {
-		/* allocate memory needed to return received data */	
-		*rids = TALLOC_ARRAY(mem_ctx, uint32, r.num_entries2);
-		if (!*rids) {
-			DEBUG(0, ("Error in cli_samr_enum_dom_users(): out of memory\n"));
-			return NT_STATUS_NO_MEMORY;
-		}
-		
-		*dom_users = TALLOC_ARRAY(mem_ctx, char*, r.num_entries2);
-		if (!*dom_users) {
-			DEBUG(0, ("Error in cli_samr_enum_dom_users(): out of memory\n"));
-			return NT_STATUS_NO_MEMORY;
-		}
-		
-		/* fill output buffers with rpc response */
-		for (i = 0; i < r.num_entries2; i++) {
-			fstring conv_buf;
-			
-			(*rids)[i] = r.sam[i].rid;
-			unistr2_to_ascii(conv_buf, &(r.uni_acct_name[i]), sizeof(conv_buf));
-			(*dom_users)[i] = talloc_strdup(mem_ctx, conv_buf);
-		}
-	}
-	
-done:
-	return result;
-}
-
-/* Enumerate domain groups */
-
-NTSTATUS rpccli_samr_enum_dom_groups(struct rpc_pipe_client *cli,
-				     TALLOC_CTX *mem_ctx, 
-				     POLICY_HND *pol, uint32 *start_idx, 
-				     uint32 size, struct acct_info **dom_groups,
-				     uint32 *num_dom_groups)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_ENUM_DOM_GROUPS q;
-	SAMR_R_ENUM_DOM_GROUPS r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	uint32 name_idx, i;
-
-	DEBUG(10,("cli_samr_enum_dom_groups starting at index %u\n", (unsigned int)*start_idx));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_enum_dom_groups(&q, pol, *start_idx, size);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_ENUM_DOM_GROUPS,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_enum_dom_groups,
-		samr_io_r_enum_dom_groups,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	if (!NT_STATUS_IS_OK(result) &&
-	    NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES))
-		goto done;
-
-	*num_dom_groups = r.num_entries2;
-
-	if (*num_dom_groups == 0)
-		goto done;
-
-	if (!((*dom_groups) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_dom_groups))) {
-		result = NT_STATUS_NO_MEMORY;
-		goto done;
-	}
-
-	memset(*dom_groups, 0, sizeof(struct acct_info) * (*num_dom_groups));
-
-	name_idx = 0;
-
-	for (i = 0; i < *num_dom_groups; i++) {
-
-		(*dom_groups)[i].rid = r.sam[i].rid;
-
-		if (r.sam[i].hdr_name.buffer) {
-			unistr2_to_ascii((*dom_groups)[i].acct_name,
-					 &r.uni_grp_name[name_idx],
-					 sizeof((*dom_groups)[i].acct_name));
-			name_idx++;
-		}
-
-		*start_idx = r.next_idx;
-	}
-
- done:
-	return result;
-}
-
-/* Enumerate domain groups */
-
-NTSTATUS rpccli_samr_enum_als_groups(struct rpc_pipe_client *cli,
-				     TALLOC_CTX *mem_ctx, 
-				     POLICY_HND *pol, uint32 *start_idx, 
-				     uint32 size, struct acct_info **dom_aliases,
-				     uint32 *num_dom_aliases)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_ENUM_DOM_ALIASES q;
-	SAMR_R_ENUM_DOM_ALIASES r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	uint32 name_idx, i;
-
-	DEBUG(10,("cli_samr_enum_als_groups starting at index %u\n", (unsigned int)*start_idx));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_enum_dom_aliases(&q, pol, *start_idx, size);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_ENUM_DOM_ALIASES,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_enum_dom_aliases,
-		samr_io_r_enum_dom_aliases,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	if (!NT_STATUS_IS_OK(result) &&
-	    NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES)) {
-		goto done;
-	}
-
-	*num_dom_aliases = r.num_entries2;
-
-	if (*num_dom_aliases == 0)
-		goto done;
-
-	if (!((*dom_aliases) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_dom_aliases))) {
-		result = NT_STATUS_NO_MEMORY;
-		goto done;
-	}
-
-	memset(*dom_aliases, 0, sizeof(struct acct_info) * *num_dom_aliases);
-
-	name_idx = 0;
-
-	for (i = 0; i < *num_dom_aliases; i++) {
-
-		(*dom_aliases)[i].rid = r.sam[i].rid;
-
-		if (r.sam[i].hdr_name.buffer) {
-			unistr2_to_ascii((*dom_aliases)[i].acct_name,
-					 &r.uni_grp_name[name_idx],
-					 sizeof((*dom_aliases)[i].acct_name));
-			name_idx++;
-		}
-
-		*start_idx = r.next_idx;
-	}
-
- done:
-	return result;
-}
-
-/* Query alias members */
-
-NTSTATUS rpccli_samr_query_aliasmem(struct rpc_pipe_client *cli,
-				    TALLOC_CTX *mem_ctx,
-				    POLICY_HND *alias_pol, uint32 *num_mem, 
-				    DOM_SID **sids)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_QUERY_ALIASMEM q;
-	SAMR_R_QUERY_ALIASMEM r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	uint32 i;
-
-	DEBUG(10,("cli_samr_query_aliasmem\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_query_aliasmem(&q, alias_pol);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_ALIASMEM,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_query_aliasmem,
-		samr_io_r_query_aliasmem,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	if (!NT_STATUS_IS_OK(result = r.status)) {
-		goto done;
-	}
-
-	*num_mem = r.num_sids;
-
-	if (*num_mem == 0) {
-		*sids = NULL;
-		result = NT_STATUS_OK;
-		goto done;
-	}
-
-	if (!(*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_mem))) {
-		result = NT_STATUS_UNSUCCESSFUL;
-		goto done;
-	}
-
-	for (i = 0; i < *num_mem; i++) {
-		(*sids)[i] = r.sid[i].sid;
-	}
-
- done:
-	return result;
-}
-
-/* Open handle on an alias */
-
-NTSTATUS rpccli_samr_open_alias(struct rpc_pipe_client *cli,
-				TALLOC_CTX *mem_ctx, 
-				POLICY_HND *domain_pol, uint32 access_mask, 
-				uint32 alias_rid, POLICY_HND *alias_pol)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_OPEN_ALIAS q;
-	SAMR_R_OPEN_ALIAS r;
-	NTSTATUS result;
-
-	DEBUG(10,("cli_samr_open_alias with rid 0x%x\n", alias_rid));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_open_alias(&q, domain_pol, access_mask, alias_rid);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_OPEN_ALIAS,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_open_alias,
-		samr_io_r_open_alias,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	if (NT_STATUS_IS_OK(result = r.status)) {
-		*alias_pol = r.pol;
-#ifdef __INSURE__
-		alias_pol->marker = malloc(1);
-#endif
-	}
-
-	return result;
-}
-
-/* Create an alias */
-
-NTSTATUS rpccli_samr_create_dom_alias(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
-				   POLICY_HND *domain_pol, const char *name,
-				   POLICY_HND *alias_pol)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_CREATE_DOM_ALIAS q;
-	SAMR_R_CREATE_DOM_ALIAS r;
-	NTSTATUS result;
-
-	DEBUG(10,("cli_samr_create_dom_alias named %s\n", name));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_create_dom_alias(&q, domain_pol, name);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CREATE_DOM_ALIAS,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_create_dom_alias,
-		samr_io_r_create_dom_alias,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	if (NT_STATUS_IS_OK(result = r.status)) {
-		*alias_pol = r.alias_pol;
-	}
-
-	return result;
-}
-
-/* Add an alias member */
-
-NTSTATUS rpccli_samr_add_aliasmem(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
-			       POLICY_HND *alias_pol, DOM_SID *member)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_ADD_ALIASMEM q;
-	SAMR_R_ADD_ALIASMEM r;
-	NTSTATUS result;
-
-	DEBUG(10,("cli_samr_add_aliasmem"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_add_aliasmem(&q, alias_pol, member);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_ADD_ALIASMEM,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_add_aliasmem,
-		samr_io_r_add_aliasmem,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	result = r.status;
-
-	return result;
-}
-
-/* Delete an alias member */
-
-NTSTATUS rpccli_samr_del_aliasmem(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
-			       POLICY_HND *alias_pol, DOM_SID *member)
-{
-	prs_struct qbuf, rbuf;
- 	SAMR_Q_DEL_ALIASMEM q;
- 	SAMR_R_DEL_ALIASMEM r;
- 	NTSTATUS result;
-
- 	DEBUG(10,("cli_samr_del_aliasmem"));
-
- 	ZERO_STRUCT(q);
- 	ZERO_STRUCT(r);
-
- 	/* Marshall data and send request */
-
- 	init_samr_q_del_aliasmem(&q, alias_pol, member);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_DEL_ALIASMEM,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_del_aliasmem,
-		samr_io_r_del_aliasmem,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	result = r.status;
-
-	return result;
-}
-
-/* Query alias info */
-
-NTSTATUS rpccli_samr_query_alias_info(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-				   POLICY_HND *alias_pol, uint16 switch_value,
-				   ALIAS_INFO_CTR *ctr)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_QUERY_ALIASINFO q;
-	SAMR_R_QUERY_ALIASINFO r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_query_alias_info\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_query_aliasinfo(&q, alias_pol, switch_value);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_ALIASINFO,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_query_aliasinfo,
-		samr_io_r_query_aliasinfo,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	if (!NT_STATUS_IS_OK(result = r.status)) {
-		goto done;
-	}
-
-	*ctr = *r.ctr;
-
-  done:
-
-	return result;
-}
-
-/* Query domain info */
-
-NTSTATUS rpccli_samr_query_dom_info(struct rpc_pipe_client *cli,
-				    TALLOC_CTX *mem_ctx, 
-				    POLICY_HND *domain_pol,
-				    uint16 switch_value,
-				    SAM_UNK_CTR *ctr)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_QUERY_DOMAIN_INFO q;
-	SAMR_R_QUERY_DOMAIN_INFO r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_query_dom_info\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_query_domain_info(&q, domain_pol, switch_value);
-
-	r.ctr = ctr;
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_DOMAIN_INFO,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_query_domain_info,
-		samr_io_r_query_domain_info,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	if (!NT_STATUS_IS_OK(result = r.status)) {
-		goto done;
-	}
-
- done:
-
-	return result;
-}
-
-/* Query domain info2 */
-
-NTSTATUS rpccli_samr_query_dom_info2(struct rpc_pipe_client *cli,
-				     TALLOC_CTX *mem_ctx, 
-				     POLICY_HND *domain_pol,
-				     uint16 switch_value,
-				     SAM_UNK_CTR *ctr)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_QUERY_DOMAIN_INFO2 q;
-	SAMR_R_QUERY_DOMAIN_INFO2 r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_query_dom_info2\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_query_domain_info2(&q, domain_pol, switch_value);
-
-	r.ctr = ctr;
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_DOMAIN_INFO2,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_query_domain_info2,
-		samr_io_r_query_domain_info2,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	if (!NT_STATUS_IS_OK(result = r.status)) {
-		goto done;
-	}
-
- done:
-
-	return result;
-}
-
-/* Set domain info */
-
-NTSTATUS rpccli_samr_set_domain_info(struct rpc_pipe_client *cli,
-				     TALLOC_CTX *mem_ctx, 
-				     POLICY_HND *domain_pol,
-				     uint16 switch_value,
-				     SAM_UNK_CTR *ctr)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_SET_DOMAIN_INFO q;
-	SAMR_R_SET_DOMAIN_INFO r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_set_domain_info\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_set_domain_info(&q, domain_pol, switch_value, ctr);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_SET_DOMAIN_INFO,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_set_domain_info,
-		samr_io_r_set_domain_info,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	if (!NT_STATUS_IS_OK(result = r.status)) {
-		goto done;
-	}
-
- done:
-
-	return result;
-}
-
 /* User change password */
 
 NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli,
-				    TALLOC_CTX *mem_ctx, 
-				    const char *username, 
-				    const char *newpassword, 
-				    const char *oldpassword )
+				    TALLOC_CTX *mem_ctx,
+				    const char *username,
+				    const char *newpassword,
+				    const char *oldpassword)
 {
-	prs_struct qbuf, rbuf;
-	SAMR_Q_CHGPASSWD_USER q;
-	SAMR_R_CHGPASSWD_USER r;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	struct samr_CryptPassword new_nt_password;
+	struct samr_CryptPassword new_lm_password;
+	struct samr_Password old_nt_hash_enc;
+	struct samr_Password old_lanman_hash_enc;
 
-	uchar new_nt_password[516];
-	uchar new_lm_password[516];
 	uchar old_nt_hash[16];
 	uchar old_lanman_hash[16];
-	uchar old_nt_hash_enc[16];
-	uchar old_lanman_hash_enc[16];
-
 	uchar new_nt_hash[16];
 	uchar new_lanman_hash[16];
-
-	char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
+	struct lsa_String server, account;
+	char *srv_name_slash = NULL;
 
 	DEBUG(10,("rpccli_samr_chgpasswd_user\n"));
 
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
+	init_lsa_String(&server, srv_name_slash);
+	init_lsa_String(&account, username);
+
+	srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
+	if (!srv_name_slash) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	/* Calculate the MD4 hash (NT compatible) of the password */
 	E_md4hash(oldpassword, old_nt_hash);
 	E_md4hash(newpassword, new_nt_hash);
 
-	if (lp_client_lanman_auth() 
-	    && E_deshash(newpassword, new_lanman_hash) 
-	    && E_deshash(oldpassword, old_lanman_hash)) {
+	if (lp_client_lanman_auth() &&
+	    E_deshash(newpassword, new_lanman_hash) &&
+	    E_deshash(oldpassword, old_lanman_hash)) {
 		/* E_deshash returns false for 'long' passwords (> 14
 		   DOS chars).  This allows us to match Win2k, which
 		   does not store a LM hash for these passwords (which
 		   would reduce the effective password length to 14) */
 
-		encode_pw_buffer(new_lm_password, newpassword, STR_UNICODE);
+		encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);
 
-		SamOEMhash( new_lm_password, old_nt_hash, 516);
-		E_old_pw_hash( new_nt_hash, old_lanman_hash, old_lanman_hash_enc);
+		SamOEMhash(new_lm_password.data, old_nt_hash, 516);
+		E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
 	} else {
 		ZERO_STRUCT(new_lm_password);
 		ZERO_STRUCT(old_lanman_hash_enc);
 	}
 
-	encode_pw_buffer(new_nt_password, newpassword, STR_UNICODE);
-	
-	SamOEMhash( new_nt_password, old_nt_hash, 516);
-	E_old_pw_hash( new_nt_hash, old_nt_hash, old_nt_hash_enc);
-
-	/* Marshall data and send request */
-
-	init_samr_q_chgpasswd_user(&q, srv_name_slash, username, 
-				   new_nt_password, 
-				   old_nt_hash_enc, 
-				   new_lm_password,
-				   old_lanman_hash_enc);
+	encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);
 
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CHGPASSWD_USER,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_chgpasswd_user,
-		samr_io_r_chgpasswd_user,
-		NT_STATUS_UNSUCCESSFUL); 
+	SamOEMhash(new_nt_password.data, old_nt_hash, 516);
+	E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
 
-	/* Return output parameters */
-
-	if (!NT_STATUS_IS_OK(result = r.status)) {
-		goto done;
-	}
-
- done:
+	result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx,
+						 &server,
+						 &account,
+						 &new_nt_password,
+						 &old_nt_hash_enc,
+						 true,
+						 &new_lm_password,
+						 &old_lanman_hash_enc);
 
 	return result;
 }
@@ -1295,48 +95,44 @@ NTSTATUS rpccli_samr_chgpasswd_user(struct rpc_pipe_client *cli,
 /* User change password given blobs */
 
 NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli,
-				    TALLOC_CTX *mem_ctx, 
-				    const char *username, 
-				    DATA_BLOB new_nt_password,
-				    DATA_BLOB old_nt_hash_enc,
-				    DATA_BLOB new_lm_password,
-				    DATA_BLOB old_lm_hash_enc)
+					 TALLOC_CTX *mem_ctx,
+					 const char *username,
+					 DATA_BLOB new_nt_password_blob,
+					 DATA_BLOB old_nt_hash_enc_blob,
+					 DATA_BLOB new_lm_password_blob,
+					 DATA_BLOB old_lm_hash_enc_blob)
 {
-	prs_struct qbuf, rbuf;
-	SAMR_Q_CHGPASSWD_USER q;
-	SAMR_R_CHGPASSWD_USER r;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
+	struct samr_CryptPassword new_nt_password;
+	struct samr_CryptPassword new_lm_password;
+	struct samr_Password old_nt_hash_enc;
+	struct samr_Password old_lm_hash_enc;
+	struct lsa_String server, account;
+	char *srv_name_slash = NULL;
 
 	DEBUG(10,("rpccli_samr_chng_pswd_auth_crap\n"));
 
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_chgpasswd_user(&q, srv_name_slash, username, 
-				   new_nt_password.data, 
-				   old_nt_hash_enc.data, 
-				   new_lm_password.data,
-				   old_lm_hash_enc.data);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CHGPASSWD_USER,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_chgpasswd_user,
-		samr_io_r_chgpasswd_user,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	if (!NT_STATUS_IS_OK(result = r.status)) {
-		goto done;
+	srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
+	if (!srv_name_slash) {
+		return NT_STATUS_NO_MEMORY;
 	}
 
- done:
+	init_lsa_String(&server, srv_name_slash);
+	init_lsa_String(&account, username);
+
+	memcpy(&new_nt_password.data, new_nt_password_blob.data, 516);
+	memcpy(&new_lm_password.data, new_lm_password_blob.data, 516);
+	memcpy(&old_nt_hash_enc.hash, old_nt_hash_enc_blob.data, 16);
+	memcpy(&old_lm_hash_enc.hash, old_lm_hash_enc_blob.data, 16);
 
+	result = rpccli_samr_ChangePasswordUser2(cli, mem_ctx,
+						 &server,
+						 &account,
+						 &new_nt_password,
+						 &old_nt_hash_enc,
+						 true,
+						 &new_lm_password,
+						 &old_lm_hash_enc);
 	return result;
 }
 
@@ -1344,80 +140,76 @@ NTSTATUS rpccli_samr_chng_pswd_auth_crap(struct rpc_pipe_client *cli,
 /* change password 3 */
 
 NTSTATUS rpccli_samr_chgpasswd3(struct rpc_pipe_client *cli,
-				TALLOC_CTX *mem_ctx, 
-				const char *username, 
-				const char *newpassword, 
+				TALLOC_CTX *mem_ctx,
+				const char *username,
+				const char *newpassword,
 				const char *oldpassword,
-				SAM_UNK_INFO_1 *info,
-				SAMR_CHANGE_REJECT *reject)
+				struct samr_DomInfo1 **dominfo1,
+				struct samr_ChangeReject **reject)
 {
-	prs_struct qbuf, rbuf;
-	SAMR_Q_CHGPASSWD_USER3 q;
-	SAMR_R_CHGPASSWD_USER3 r;
+	NTSTATUS status;
+
+	struct samr_CryptPassword new_nt_password;
+	struct samr_CryptPassword new_lm_password;
+	struct samr_Password old_nt_hash_enc;
+	struct samr_Password old_lanman_hash_enc;
 
-	uchar new_nt_password[516];
-	uchar new_lm_password[516];
 	uchar old_nt_hash[16];
 	uchar old_lanman_hash[16];
-	uchar old_nt_hash_enc[16];
-	uchar old_lanman_hash_enc[16];
-
 	uchar new_nt_hash[16];
 	uchar new_lanman_hash[16];
 
-	char *srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
+	struct lsa_String server, account;
+	char *srv_name_slash = NULL;
 
 	DEBUG(10,("rpccli_samr_chgpasswd_user3\n"));
 
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
+	srv_name_slash = talloc_asprintf(mem_ctx, "\\\\%s", cli->cli->desthost);
+	if (!srv_name_slash) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	init_lsa_String(&server, srv_name_slash);
+	init_lsa_String(&account, username);
 
 	/* Calculate the MD4 hash (NT compatible) of the password */
 	E_md4hash(oldpassword, old_nt_hash);
 	E_md4hash(newpassword, new_nt_hash);
 
-	if (lp_client_lanman_auth() 
-	    && E_deshash(newpassword, new_lanman_hash) 
-	    && E_deshash(oldpassword, old_lanman_hash)) {
+	if (lp_client_lanman_auth() &&
+	    E_deshash(newpassword, new_lanman_hash) &&
+	    E_deshash(oldpassword, old_lanman_hash)) {
 		/* E_deshash returns false for 'long' passwords (> 14
 		   DOS chars).  This allows us to match Win2k, which
 		   does not store a LM hash for these passwords (which
 		   would reduce the effective password length to 14) */
 
-		encode_pw_buffer(new_lm_password, newpassword, STR_UNICODE);
+		encode_pw_buffer(new_lm_password.data, newpassword, STR_UNICODE);
 
-		SamOEMhash( new_lm_password, old_nt_hash, 516);
-		E_old_pw_hash( new_nt_hash, old_lanman_hash, old_lanman_hash_enc);
+		SamOEMhash(new_lm_password.data, old_nt_hash, 516);
+		E_old_pw_hash(new_nt_hash, old_lanman_hash, old_lanman_hash_enc.hash);
 	} else {
 		ZERO_STRUCT(new_lm_password);
 		ZERO_STRUCT(old_lanman_hash_enc);
 	}
 
-	encode_pw_buffer(new_nt_password, newpassword, STR_UNICODE);
-	
-	SamOEMhash( new_nt_password, old_nt_hash, 516);
-	E_old_pw_hash( new_nt_hash, old_nt_hash, old_nt_hash_enc);
-
-	/* Marshall data and send request */
+	encode_pw_buffer(new_nt_password.data, newpassword, STR_UNICODE);
 
-	init_samr_q_chgpasswd_user3(&q, srv_name_slash, username, 
-				    new_nt_password, 
-				    old_nt_hash_enc, 
-				    new_lm_password,
-				    old_lanman_hash_enc);
-	r.info = info;
-	r.reject = reject;
+	SamOEMhash(new_nt_password.data, old_nt_hash, 516);
+	E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
 
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CHGPASSWD_USER3,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_chgpasswd_user3,
-		samr_io_r_chgpasswd_user3,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	return r.status;
+	status = rpccli_samr_ChangePasswordUser3(cli, mem_ctx,
+						 &server,
+						 &account,
+						 &new_nt_password,
+						 &old_nt_hash_enc,
+						 true,
+						 &new_lm_password,
+						 &old_lanman_hash_enc,
+						 NULL,
+						 dominfo1,
+						 reject);
+	return status;
 }
 
 /* This function returns the bizzare set of (max_entries, max_size) required
@@ -1450,655 +242,4 @@ void get_query_dispinfo_params(int loop_count, uint32 *max_entries,
 		*max_size = 131071;
 		break;
 	}
-}		     
-
-/* Query display info */
-
-NTSTATUS rpccli_samr_query_dispinfo(struct rpc_pipe_client *cli,
-				    TALLOC_CTX *mem_ctx, 
-				    POLICY_HND *domain_pol, uint32 *start_idx,
-				    uint16 switch_value, uint32 *num_entries,
-				    uint32 max_entries, uint32 max_size,
-				    SAM_DISPINFO_CTR *ctr)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_QUERY_DISPINFO q;
-	SAMR_R_QUERY_DISPINFO r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_query_dispinfo for start_idx = %u\n", *start_idx));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	*num_entries = 0;
-
-	/* Marshall data and send request */
-
-	init_samr_q_query_dispinfo(&q, domain_pol, switch_value,
-				   *start_idx, max_entries, max_size);
-
-	r.ctr = ctr;
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_DISPINFO,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_query_dispinfo,
-		samr_io_r_query_dispinfo,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-        result = r.status;
-
-	if (!NT_STATUS_IS_OK(result) &&
-	    NT_STATUS_V(result) != NT_STATUS_V(STATUS_MORE_ENTRIES)) {
-		goto done;
-	}
-
-	*num_entries = r.num_entries;
-	*start_idx += r.num_entries;  /* No next_idx in this structure! */
-
- done:
-	return result;
-}
-
-/* Lookup rids.  Note that NT4 seems to crash if more than ~1000 rids are
-   looked up in one packet. */
-
-NTSTATUS rpccli_samr_lookup_rids(struct rpc_pipe_client *cli,
-				 TALLOC_CTX *mem_ctx, 
-				 POLICY_HND *domain_pol,
-				 uint32 num_rids, uint32 *rids, 
-				 uint32 *num_names, char ***names,
-				 uint32 **name_types)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_LOOKUP_RIDS q;
-	SAMR_R_LOOKUP_RIDS r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	uint32 i;
-
-	DEBUG(10,("cli_samr_lookup_rids\n"));
-
-        if (num_rids > 1000) {
-                DEBUG(2, ("cli_samr_lookup_rids: warning: NT4 can crash if "
-                          "more than ~1000 rids are looked up at once.\n"));
-        }
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_lookup_rids(mem_ctx, &q, domain_pol, 1000, num_rids, rids);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_LOOKUP_RIDS,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_lookup_rids,
-		samr_io_r_lookup_rids,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	if (!NT_STATUS_IS_OK(result) &&
-	    !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
-		goto done;
-
-	if (r.num_names1 == 0) {
-		*num_names = 0;
-		*names = NULL;
-		goto done;
-	}
-
-	*num_names = r.num_names1;
-	*names = TALLOC_ARRAY(mem_ctx, char *, r.num_names1);
-	*name_types = TALLOC_ARRAY(mem_ctx, uint32, r.num_names1);
-
-	if ((*names == NULL) || (*name_types == NULL)) {
-		TALLOC_FREE(*names);
-		TALLOC_FREE(*name_types);
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	for (i = 0; i < r.num_names1; i++) {
-		fstring tmp;
-
-		unistr2_to_ascii(tmp, &r.uni_name[i], sizeof(tmp));
-		(*names)[i] = talloc_strdup(mem_ctx, tmp);
-		(*name_types)[i] = r.type[i];
-	}
-
- done:
-
-	return result;
-}
-
-/* Lookup names */
-
-NTSTATUS rpccli_samr_lookup_names(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
-                               POLICY_HND *domain_pol, uint32 flags,
-                               uint32 num_names, const char **names,
-                               uint32 *num_rids, uint32 **rids,
-                               uint32 **rid_types)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_LOOKUP_NAMES q;
-	SAMR_R_LOOKUP_NAMES r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	uint32 i;
-
-	DEBUG(10,("cli_samr_lookup_names\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_lookup_names(mem_ctx, &q, domain_pol, flags,
-				 num_names, names);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_LOOKUP_NAMES,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_lookup_names,
-		samr_io_r_lookup_names,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	if (!NT_STATUS_IS_OK(result = r.status)) {
-		goto done;
-	}
-
-	if (r.num_rids1 == 0) {
-		*num_rids = 0;
-		goto done;
-	}
-
-	*num_rids = r.num_rids1;
-	*rids = TALLOC_ARRAY(mem_ctx, uint32, r.num_rids1);
-	*rid_types = TALLOC_ARRAY(mem_ctx, uint32, r.num_rids1);
-
-	if ((*rids == NULL) || (*rid_types == NULL)) {
-		TALLOC_FREE(*rids);
-		TALLOC_FREE(*rid_types);
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	for (i = 0; i < r.num_rids1; i++) {
-		(*rids)[i] = r.rids[i];
-		(*rid_types)[i] = r.types[i];
-	}
-
- done:
-
-	return result;
-}
-
-/* Create a domain user */
-
-NTSTATUS rpccli_samr_create_dom_user(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
-                                  POLICY_HND *domain_pol, const char *acct_name,
-                                  uint32 acb_info, uint32 access_mask,
-                                  POLICY_HND *user_pol, uint32 *rid)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_CREATE_USER q;
-	SAMR_R_CREATE_USER r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_create_dom_user %s\n", acct_name));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_create_user(&q, domain_pol, acct_name, acb_info, access_mask);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_CREATE_USER,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_create_user,
-		samr_io_r_create_user,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	if (!NT_STATUS_IS_OK(result = r.status)) {
-		goto done;
-	}
-
-	if (user_pol)
-		*user_pol = r.user_pol;
-
-	if (rid)
-		*rid = r.user_rid;
-
- done:
-
-	return result;
-}
-
-/* Set userinfo */
-
-NTSTATUS rpccli_samr_set_userinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
-                               const POLICY_HND *user_pol, uint16 switch_value,
-                               DATA_BLOB *sess_key, SAM_USERINFO_CTR *ctr)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_SET_USERINFO q;
-	SAMR_R_SET_USERINFO r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_set_userinfo\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	if (!sess_key->length) {
-		DEBUG(1, ("No user session key\n"));
-		return NT_STATUS_NO_USER_SESSION_KEY;
-	}
-
-	/* Initialise parse structures */
-
-	prs_init(&qbuf, RPC_MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
-	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
-
-	/* Marshall data and send request */
-
-	q.ctr = ctr;
-
-	init_samr_q_set_userinfo(&q, user_pol, sess_key, switch_value, 
-				 ctr->info.id);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_SET_USERINFO,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_set_userinfo,
-		samr_io_r_set_userinfo,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	if (!NT_STATUS_IS_OK(result = r.status)) {
-		goto done;
-	}
-
- done:
-
-	return result;
-}
-
-/* Set userinfo2 */
-
-NTSTATUS rpccli_samr_set_userinfo2(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
-				   const POLICY_HND *user_pol, uint16 switch_value,
-                                DATA_BLOB *sess_key, SAM_USERINFO_CTR *ctr)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_SET_USERINFO2 q;
-	SAMR_R_SET_USERINFO2 r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_set_userinfo2\n"));
-
-	if (!sess_key->length) {
-		DEBUG(1, ("No user session key\n"));
-		return NT_STATUS_NO_USER_SESSION_KEY;
-	}
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_set_userinfo2(&q, user_pol, sess_key, switch_value, ctr);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_SET_USERINFO2,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_set_userinfo2,
-		samr_io_r_set_userinfo2,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	if (!NT_STATUS_IS_OK(result = r.status)) {
-		goto done;
-	}
-
- done:
-
-	return result;
-}
-
-/* Delete domain group */
-
-NTSTATUS rpccli_samr_delete_dom_group(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
-                                  POLICY_HND *group_pol)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_DELETE_DOM_GROUP q;
-	SAMR_R_DELETE_DOM_GROUP r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_delete_dom_group\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_delete_dom_group(&q, group_pol);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_DELETE_DOM_GROUP,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_delete_dom_group,
-		samr_io_r_delete_dom_group,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	return result;
-}
-
-/* Delete domain alias */
-
-NTSTATUS rpccli_samr_delete_dom_alias(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
-                                  POLICY_HND *alias_pol)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_DELETE_DOM_ALIAS q;
-	SAMR_R_DELETE_DOM_ALIAS r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_delete_dom_alias\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_delete_dom_alias(&q, alias_pol);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_DELETE_DOM_ALIAS,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_delete_dom_alias,
-		samr_io_r_delete_dom_alias,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	return result;
-}
-
-/* Delete domain user */
-
-NTSTATUS rpccli_samr_delete_dom_user(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
-                                  POLICY_HND *user_pol)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_DELETE_DOM_USER q;
-	SAMR_R_DELETE_DOM_USER r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_delete_dom_user\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_delete_dom_user(&q, user_pol);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_DELETE_DOM_USER,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_delete_dom_user,
-		samr_io_r_delete_dom_user,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	return result;
-}
-
-/* Remove foreign SID */
-
-NTSTATUS rpccli_samr_remove_sid_foreign_domain(struct rpc_pipe_client *cli, 
-					    TALLOC_CTX *mem_ctx, 
-					    POLICY_HND *user_pol,
-					    DOM_SID *sid)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_REMOVE_SID_FOREIGN_DOMAIN q;
-	SAMR_R_REMOVE_SID_FOREIGN_DOMAIN r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_remove_sid_foreign_domain\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_remove_sid_foreign_domain(&q, user_pol, sid);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_REMOVE_SID_FOREIGN_DOMAIN,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_remove_sid_foreign_domain,
-		samr_io_r_remove_sid_foreign_domain,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	return result;
-}
-
-/* Query user security object */
-
-NTSTATUS rpccli_samr_query_sec_obj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-                                 POLICY_HND *user_pol, uint32 sec_info, 
-                                 TALLOC_CTX *ctx, SEC_DESC_BUF **sec_desc_buf)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_QUERY_SEC_OBJ q;
-	SAMR_R_QUERY_SEC_OBJ r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_query_sec_obj\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_query_sec_obj(&q, user_pol, sec_info);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_QUERY_SEC_OBJECT,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_query_sec_obj,
-		samr_io_r_query_sec_obj,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	result = r.status;
-	*sec_desc_buf=dup_sec_desc_buf(ctx, r.buf);
-
-	return result;
-}
-
-/* Set user security object */
-
-NTSTATUS rpccli_samr_set_sec_obj(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-                                 POLICY_HND *user_pol, uint32 sec_info, 
-                                 SEC_DESC_BUF *sec_desc_buf)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_SET_SEC_OBJ q;
-	SAMR_R_SET_SEC_OBJ r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_set_sec_obj\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_set_sec_obj(&q, user_pol, sec_info, sec_desc_buf);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_SET_SEC_OBJECT,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_set_sec_obj,
-		samr_io_r_set_sec_obj,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	return result;
-}
-
-
-/* Get domain password info */
-
-NTSTATUS rpccli_samr_get_dom_pwinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-				 uint16 *min_pwd_length, uint32 *password_properties)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_GET_DOM_PWINFO q;
-	SAMR_R_GET_DOM_PWINFO r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_get_dom_pwinfo\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_get_dom_pwinfo(&q, cli->cli->desthost);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_GET_DOM_PWINFO,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_get_dom_pwinfo,
-		samr_io_r_get_dom_pwinfo,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	if (NT_STATUS_IS_OK(result)) {
-		if (min_pwd_length)
-			*min_pwd_length = r.min_pwd_length;
-		if (password_properties)
-			*password_properties = r.password_properties;
-	}
-
-	return result;
-}
-
-/* Get domain password info */
-
-NTSTATUS rpccli_samr_get_usrdom_pwinfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-				       POLICY_HND *pol, uint16 *min_pwd_length, 
-				       uint32 *password_properties, uint32 *unknown1)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_GET_USRDOM_PWINFO q;
-	SAMR_R_GET_USRDOM_PWINFO r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_get_usrdom_pwinfo\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_get_usrdom_pwinfo(&q, pol);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_GET_USRDOM_PWINFO,
-		   q, r,
-		   qbuf, rbuf,
-		   samr_io_q_get_usrdom_pwinfo,
-		   samr_io_r_get_usrdom_pwinfo,
-		   NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	if (NT_STATUS_IS_OK(result)) {
-		if (min_pwd_length)
-			*min_pwd_length = r.min_pwd_length;
-		if (password_properties)
-			*password_properties = r.password_properties;
-		if (unknown1)
-			*unknown1 = r.unknown_1;
-	}
-
-	return result;
-}
-
-
-/* Lookup Domain Name */
-
-NTSTATUS rpccli_samr_lookup_domain(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-				POLICY_HND *user_pol, char *domain_name, 
-				DOM_SID *sid)
-{
-	prs_struct qbuf, rbuf;
-	SAMR_Q_LOOKUP_DOMAIN q;
-	SAMR_R_LOOKUP_DOMAIN r;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	DEBUG(10,("cli_samr_lookup_domain\n"));
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	/* Marshall data and send request */
-
-	init_samr_q_lookup_domain(&q, user_pol, domain_name);
-
-	CLI_DO_RPC(cli, mem_ctx, PI_SAMR, SAMR_LOOKUP_DOMAIN,
-		q, r,
-		qbuf, rbuf,
-		samr_io_q_lookup_domain,
-		samr_io_r_lookup_domain,
-		NT_STATUS_UNSUCCESSFUL); 
-
-	/* Return output parameters */
-
-	result = r.status;
-
-	if (NT_STATUS_IS_OK(result))
-		sid_copy(sid, &r.dom_sid.sid);
-
-	return result;
 }
diff --git a/source3/rpc_client/cli_svcctl.c b/source3/rpc_client/cli_svcctl.c
index 95673c1565..b21909fd03 100644
--- a/source3/rpc_client/cli_svcctl.c
+++ b/source3/rpc_client/cli_svcctl.c
@@ -57,81 +57,6 @@ const char* svc_status_string( uint32 state )
 	return talloc_strdup(talloc_tos(), msg);
 }
 
-/********************************************************************
-********************************************************************/
-
-WERROR rpccli_svcctl_open_scm(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
-                              POLICY_HND *hSCM, uint32 access_desired )
-{
-	SVCCTL_Q_OPEN_SCMANAGER in;
-	SVCCTL_R_OPEN_SCMANAGER out;
-	prs_struct qbuf, rbuf;
-	fstring server;
-	
-	ZERO_STRUCT(in);
-	ZERO_STRUCT(out);
-	
-	/* leave the database name NULL to get the default service db */
-
-	in.database = NULL;
-
-	/* set the server name */
-
-	if ( !(in.servername = TALLOC_P( mem_ctx, UNISTR2 )) )
-		return WERR_NOMEM;
-	fstr_sprintf( server, "\\\\%s", cli->cli->desthost );
-	init_unistr2( in.servername, server, UNI_STR_TERMINATE );
-
-	in.access = access_desired;
-	
-	CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_OPEN_SCMANAGER_W, 
-	            in, out, 
-	            qbuf, rbuf,
-	            svcctl_io_q_open_scmanager,
-	            svcctl_io_r_open_scmanager, 
-	            WERR_GENERAL_FAILURE );
-	
-	if ( !W_ERROR_IS_OK( out.status ) )
-		return out.status;
-
-	memcpy( hSCM, &out.handle, sizeof(POLICY_HND) );
-	
-	return out.status;
-}
-
-/********************************************************************
-********************************************************************/
-
-WERROR rpccli_svcctl_open_service( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
-                                POLICY_HND *hSCM, POLICY_HND *hService, 
-				const char *servicename, uint32 access_desired )
-{
-	SVCCTL_Q_OPEN_SERVICE in;
-	SVCCTL_R_OPEN_SERVICE out;
-	prs_struct qbuf, rbuf;
-	
-	ZERO_STRUCT(in);
-	ZERO_STRUCT(out);
-	
-	memcpy( &in.handle, hSCM, sizeof(POLICY_HND) );
-	init_unistr2( &in.servicename, servicename, UNI_STR_TERMINATE );
-	in.access = access_desired;
-	
-	CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_OPEN_SERVICE_W, 
-	            in, out, 
-	            qbuf, rbuf,
-	            svcctl_io_q_open_service,
-	            svcctl_io_r_open_service, 
-	            WERR_GENERAL_FAILURE );
-	
-	if ( !W_ERROR_IS_OK( out.status ) )
-		return out.status;
-
-	memcpy( hService, &out.handle, sizeof(POLICY_HND) );
-	
-	return out.status;
-}
-
 /*******************************************************************
 *******************************************************************/
 
@@ -204,36 +129,6 @@ WERROR rpccli_svcctl_enumerate_services( struct rpc_pipe_client *cli, TALLOC_CTX
 /*******************************************************************
 *******************************************************************/
 
-WERROR rpccli_svcctl_query_status( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-                                POLICY_HND *hService, SERVICE_STATUS *status )
-{
-	SVCCTL_Q_QUERY_STATUS in;
-	SVCCTL_R_QUERY_STATUS out;
-	prs_struct qbuf, rbuf;
-	
-	ZERO_STRUCT(in);
-	ZERO_STRUCT(out);
-	
-	memcpy( &in.handle, hService, sizeof(POLICY_HND) );
-	
-	CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_QUERY_STATUS, 
-	            in, out, 
-	            qbuf, rbuf,
-	            svcctl_io_q_query_status,
-	            svcctl_io_r_query_status, 
-	            WERR_GENERAL_FAILURE );
-	
-	if ( !W_ERROR_IS_OK( out.status ) )
-		return out.status;
-
-	memcpy( status, &out.svc_status, sizeof(SERVICE_STATUS) );
-	
-	return out.status;
-}
-
-/*******************************************************************
-*******************************************************************/
-
 WERROR rpccli_svcctl_query_config(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
                                 POLICY_HND *hService, SERVICE_CONFIG *config )
 {
@@ -304,109 +199,3 @@ WERROR rpccli_svcctl_query_config(struct rpc_pipe_client *cli, TALLOC_CTX *mem_c
 	
 	return out.status;
 }
-
-/*******************************************************************
-*******************************************************************/
-
-WERROR rpccli_svcctl_start_service( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-                                 POLICY_HND *hService,
-                                 const char **parm_array, uint32 parmcount )
-{
-	SVCCTL_Q_START_SERVICE in;
-	SVCCTL_R_START_SERVICE out;
-	prs_struct qbuf, rbuf;
-	
-	ZERO_STRUCT(in);
-	ZERO_STRUCT(out);
-	
-	memcpy( &in.handle, hService, sizeof(POLICY_HND) );
-	
-	in.parmcount  = 0;
-	in.parameters = NULL;
-	
-	CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_START_SERVICE_W,
-	            in, out, 
-	            qbuf, rbuf,
-	            svcctl_io_q_start_service,
-	            svcctl_io_r_start_service,
-	            WERR_GENERAL_FAILURE );
-	
-	return out.status;
-}
-
-/*******************************************************************
-*******************************************************************/
-
-WERROR rpccli_svcctl_control_service( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
-                                   POLICY_HND *hService, uint32 control,
-				   SERVICE_STATUS *status )
-{
-	SVCCTL_Q_CONTROL_SERVICE in;
-	SVCCTL_R_CONTROL_SERVICE out;
-	prs_struct qbuf, rbuf;
-	
-	ZERO_STRUCT(in);
-	ZERO_STRUCT(out);
-	
-	memcpy( &in.handle, hService, sizeof(POLICY_HND) );
-	in.control = control;
-	
-	CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_CONTROL_SERVICE, 
-	            in, out, 
-	            qbuf, rbuf,
-	            svcctl_io_q_control_service,
-	            svcctl_io_r_control_service,
-	            WERR_GENERAL_FAILURE );
-	
-	if ( !W_ERROR_IS_OK( out.status ) )
-		return out.status;
-
-	memcpy( status, &out.svc_status, sizeof(SERVICE_STATUS) );
-	
-	return out.status;
-}
-
-
-/*******************************************************************
-*******************************************************************/
-
-WERROR rpccli_svcctl_get_dispname( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
-                                POLICY_HND *hService, fstring displayname )
-{
-	SVCCTL_Q_GET_DISPLAY_NAME in;
-	SVCCTL_R_GET_DISPLAY_NAME out;
-	prs_struct qbuf, rbuf;
-	
-	ZERO_STRUCT(in);
-	ZERO_STRUCT(out);
-	
-	memcpy( &in.handle, hService, sizeof(POLICY_HND) );
-	in.display_name_len = 0;
-	
-	CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_GET_DISPLAY_NAME, 
-	            in, out, 
-	            qbuf, rbuf,
-	            svcctl_io_q_get_display_name,
-	            svcctl_io_r_get_display_name, 
-	            WERR_GENERAL_FAILURE );
-	
-	/* second time with correct buffer size...should be ok */
-	
-	if ( W_ERROR_EQUAL( out.status, WERR_INSUFFICIENT_BUFFER ) ) {
-		in.display_name_len = out.display_name_len;
-
-		CLI_DO_RPC_WERR( cli, mem_ctx, PI_SVCCTL, SVCCTL_GET_DISPLAY_NAME, 
-		            in, out, 
-		            qbuf, rbuf,
-		            svcctl_io_q_get_display_name,
-		            svcctl_io_r_get_display_name, 
-		            WERR_GENERAL_FAILURE );
-	}
-
-	if ( !W_ERROR_IS_OK( out.status ) )
-		return out.status;
-
-	rpcstr_pull( displayname, out.displayname.buffer, sizeof(displayname), -1, STR_TERMINATE );
-	
-	return out.status;
-}
diff --git a/source3/rpc_client/init_lsa.c b/source3/rpc_client/init_lsa.c
new file mode 100644
index 0000000000..2637158fd0
--- /dev/null
+++ b/source3/rpc_client/init_lsa.c
@@ -0,0 +1,126 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Guenther Deschner                  2008.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_lsa_String(struct lsa_String *name, const char *s)
+{
+	name->string = s;
+}
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_lsa_StringLarge(struct lsa_StringLarge *name, const char *s)
+{
+	name->string = s;
+}
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_lsa_AsciiString(struct lsa_AsciiString *name, const char *s)
+{
+	name->string = s;
+}
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_lsa_AsciiStringLarge(struct lsa_AsciiStringLarge *name, const char *s)
+{
+	name->string = s;
+}
+
+/*******************************************************************
+ Inits an lsa_QosInfo structure.
+********************************************************************/
+
+void init_lsa_sec_qos(struct lsa_QosInfo *r,
+		      uint32_t len,
+		      uint16_t impersonation_level,
+		      uint8_t context_mode,
+		      uint8_t effective_only)
+{
+	DEBUG(5, ("init_lsa_sec_qos\n"));
+
+	r->len = len;
+	r->impersonation_level = impersonation_level;
+	r->context_mode = context_mode;
+	r->effective_only = effective_only;
+}
+
+/*******************************************************************
+ Inits an lsa_ObjectAttribute structure.
+********************************************************************/
+
+void init_lsa_obj_attr(struct lsa_ObjectAttribute *r,
+		       uint32_t len,
+		       uint8_t *root_dir,
+		       const char *object_name,
+		       uint32_t attributes,
+		       struct security_descriptor *sec_desc,
+		       struct lsa_QosInfo *sec_qos)
+{
+	DEBUG(5,("init_lsa_obj_attr\n"));
+
+	r->len = len;
+	r->root_dir = root_dir;
+	r->object_name = object_name;
+	r->attributes = attributes;
+	r->sec_desc = sec_desc;
+	r->sec_qos = sec_qos;
+}
+
+/*******************************************************************
+ Inits a lsa_TranslatedSid structure.
+********************************************************************/
+
+void init_lsa_translated_sid(struct lsa_TranslatedSid *r,
+			     enum lsa_SidType sid_type,
+			     uint32_t rid,
+			     uint32_t sid_index)
+{
+	r->sid_type = sid_type;
+	r->rid = rid;
+	r->sid_index = sid_index;
+}
+
+/*******************************************************************
+ Inits a lsa_TranslatedName2 structure.
+********************************************************************/
+
+void init_lsa_translated_name2(struct lsa_TranslatedName2 *r,
+			       enum lsa_SidType sid_type,
+			       const char *name,
+			       uint32_t sid_index,
+			       uint32_t unknown)
+{
+	r->sid_type = sid_type;
+	init_lsa_String(&r->name, name);
+	r->sid_index = sid_index;
+	r->unknown = unknown;
+}
diff --git a/source3/rpc_client/init_netlogon.c b/source3/rpc_client/init_netlogon.c
new file mode 100644
index 0000000000..62f1fac626
--- /dev/null
+++ b/source3/rpc_client/init_netlogon.c
@@ -0,0 +1,220 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Guenther Deschner                  2008.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_netr_SamBaseInfo(struct netr_SamBaseInfo *r,
+			   NTTIME last_logon,
+			   NTTIME last_logoff,
+			   NTTIME acct_expiry,
+			   NTTIME last_password_change,
+			   NTTIME allow_password_change,
+			   NTTIME force_password_change,
+			   const char *account_name,
+			   const char *full_name,
+			   const char *logon_script,
+			   const char *profile_path,
+			   const char *home_directory,
+			   const char *home_drive,
+			   uint16_t logon_count,
+			   uint16_t bad_password_count,
+			   uint32_t rid,
+			   uint32_t primary_gid,
+			   struct samr_RidWithAttributeArray groups,
+			   uint32_t user_flags,
+			   struct netr_UserSessionKey key,
+			   const char *logon_server,
+			   const char *domain,
+			   struct dom_sid2 *domain_sid,
+			   struct netr_LMSessionKey LMSessKey,
+			   uint32_t acct_flags)
+{
+	r->last_logon = last_logon;
+	r->last_logoff = last_logoff;
+	r->acct_expiry = acct_expiry;
+	r->last_password_change = last_password_change;
+	r->allow_password_change = allow_password_change;
+	r->force_password_change = force_password_change;
+	init_lsa_String(&r->account_name, account_name);
+	init_lsa_String(&r->full_name, full_name);
+	init_lsa_String(&r->logon_script, logon_script);
+	init_lsa_String(&r->profile_path, profile_path);
+	init_lsa_String(&r->home_directory, home_directory);
+	init_lsa_String(&r->home_drive, home_drive);
+	r->logon_count = logon_count;
+	r->bad_password_count = bad_password_count;
+	r->rid = rid;
+	r->primary_gid = primary_gid;
+	r->groups = groups;
+	r->user_flags = user_flags;
+	r->key = key;
+	init_lsa_StringLarge(&r->logon_server, logon_server);
+	init_lsa_StringLarge(&r->domain, domain);
+	r->domain_sid = domain_sid;
+	r->LMSessKey = LMSessKey;
+	r->acct_flags = acct_flags;
+}
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_netr_SamInfo3(struct netr_SamInfo3 *r,
+			NTTIME last_logon,
+			NTTIME last_logoff,
+			NTTIME acct_expiry,
+			NTTIME last_password_change,
+			NTTIME allow_password_change,
+			NTTIME force_password_change,
+			const char *account_name,
+			const char *full_name,
+			const char *logon_script,
+			const char *profile_path,
+			const char *home_directory,
+			const char *home_drive,
+			uint16_t logon_count,
+			uint16_t bad_password_count,
+			uint32_t rid,
+			uint32_t primary_gid,
+			struct samr_RidWithAttributeArray groups,
+			uint32_t user_flags,
+			struct netr_UserSessionKey key,
+			const char *logon_server,
+			const char *domain,
+			struct dom_sid2 *domain_sid,
+			struct netr_LMSessionKey LMSessKey,
+			uint32_t acct_flags,
+			uint32_t sidcount,
+			struct netr_SidAttr *sids)
+{
+	init_netr_SamBaseInfo(&r->base,
+			      last_logon,
+			      last_logoff,
+			      acct_expiry,
+			      last_password_change,
+			      allow_password_change,
+			      force_password_change,
+			      account_name,
+			      full_name,
+			      logon_script,
+			      profile_path,
+			      home_directory,
+			      home_drive,
+			      logon_count,
+			      bad_password_count,
+			      rid,
+			      primary_gid,
+			      groups,
+			      user_flags,
+			      key,
+			      logon_server,
+			      domain,
+			      domain_sid,
+			      LMSessKey,
+			      acct_flags);
+	r->sidcount = sidcount;
+	r->sids = sids;
+}
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_netr_IdentityInfo(struct netr_IdentityInfo *r,
+			    const char *domain_name,
+			    uint32_t parameter_control,
+			    uint32_t logon_id_low,
+			    uint32_t logon_id_high,
+			    const char *account_name,
+			    const char *workstation)
+{
+	init_lsa_String(&r->domain_name, domain_name);
+	r->parameter_control = parameter_control;
+	r->logon_id_low = logon_id_low;
+	r->logon_id_high = logon_id_high;
+	init_lsa_String(&r->account_name, account_name);
+	init_lsa_String(&r->workstation, workstation);
+}
+
+/*******************************************************************
+ inits a structure.
+ This is a network logon packet. The log_id parameters
+ are what an NT server would generate for LUID once the
+ user is logged on. I don't think we care about them.
+
+ Note that this has no access to the NT and LM hashed passwords,
+ so it forwards the challenge, and the NT and LM responses (24
+ bytes each) over the secure channel to the Domain controller
+ for it to say yea or nay. This is the preferred method of
+ checking for a logon as it doesn't export the password
+ hashes to anyone who has compromised the secure channel. JRA.
+
+********************************************************************/
+
+void init_netr_NetworkInfo(struct netr_NetworkInfo *r,
+			   const char *domain_name,
+			   uint32_t parameter_control,
+			   uint32_t logon_id_low,
+			   uint32_t logon_id_high,
+			   const char *account_name,
+			   const char *workstation,
+			   uint8_t challenge[8],
+			   struct netr_ChallengeResponse nt,
+			   struct netr_ChallengeResponse lm)
+{
+	init_netr_IdentityInfo(&r->identity_info,
+			       domain_name,
+			       parameter_control,
+			       logon_id_low,
+			       logon_id_high,
+			       account_name,
+			       workstation);
+	memcpy(r->challenge, challenge, 8);
+	r->nt = nt;
+	r->lm = lm;
+}
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_netr_PasswordInfo(struct netr_PasswordInfo *r,
+			    const char *domain_name,
+			    uint32_t parameter_control,
+			    uint32_t logon_id_low,
+			    uint32_t logon_id_high,
+			    const char *account_name,
+			    const char *workstation,
+			    struct samr_Password lmpassword,
+			    struct samr_Password ntpassword)
+{
+	init_netr_IdentityInfo(&r->identity_info,
+			       domain_name,
+			       parameter_control,
+			       logon_id_low,
+			       logon_id_high,
+			       account_name,
+			       workstation);
+	r->lmpassword = lmpassword;
+	r->ntpassword = ntpassword;
+}
diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c
new file mode 100644
index 0000000000..1275fc834b
--- /dev/null
+++ b/source3/rpc_client/init_samr.c
@@ -0,0 +1,461 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Guenther Deschner                  2008.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_samr_DomInfo1(struct samr_DomInfo1 *r,
+			uint16_t min_password_length,
+			uint16_t password_history_length,
+			uint32_t password_properties,
+			int64_t max_password_age,
+			int64_t min_password_age)
+{
+	r->min_password_length = min_password_length;
+	r->password_history_length = password_history_length;
+	r->password_properties = password_properties;
+	r->max_password_age = max_password_age;
+	r->min_password_age = min_password_age;
+}
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_samr_DomInfo2(struct samr_DomInfo2 *r,
+			NTTIME force_logoff_time,
+			const char *comment,
+			const char *domain_name,
+			const char *primary,
+			uint64_t sequence_num,
+			uint32_t unknown2,
+			enum samr_Role role,
+			uint32_t unknown3,
+			uint32_t num_users,
+			uint32_t num_groups,
+			uint32_t num_aliases)
+{
+	r->force_logoff_time = force_logoff_time;
+	init_lsa_String(&r->comment, comment);
+	init_lsa_String(&r->domain_name, domain_name);
+	init_lsa_String(&r->primary, primary);
+	r->sequence_num = sequence_num;
+	r->unknown2 = unknown2;
+	r->role = role;
+	r->unknown3 = unknown3;
+	r->num_users = num_users;
+	r->num_groups = num_groups;
+	r->num_aliases = num_aliases;
+}
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_samr_DomInfo3(struct samr_DomInfo3 *r,
+			NTTIME force_logoff_time)
+{
+	r->force_logoff_time = force_logoff_time;
+}
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_samr_DomInfo4(struct samr_DomInfo4 *r,
+			const char *comment)
+{
+	init_lsa_String(&r->comment, comment);
+}
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_samr_DomInfo5(struct samr_DomInfo5 *r,
+			const char *domain_name)
+{
+	init_lsa_String(&r->domain_name, domain_name);
+}
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_samr_DomInfo6(struct samr_DomInfo6 *r,
+			const char *primary)
+{
+	init_lsa_String(&r->primary, primary);
+}
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_samr_DomInfo7(struct samr_DomInfo7 *r,
+			enum samr_Role role)
+{
+	r->role = role;
+}
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_samr_DomInfo8(struct samr_DomInfo8 *r,
+			uint64_t sequence_num,
+			NTTIME domain_create_time)
+{
+	r->sequence_num = sequence_num;
+	r->domain_create_time = domain_create_time;
+}
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_samr_DomInfo9(struct samr_DomInfo9 *r,
+			uint32_t unknown)
+{
+	r->unknown = unknown;
+}
+
+/*******************************************************************
+ inits a structure.
+********************************************************************/
+
+void init_samr_DomInfo12(struct samr_DomInfo12 *r,
+			 uint64_t lockout_duration,
+			 uint64_t lockout_window,
+			 uint16_t lockout_threshold)
+{
+	r->lockout_duration = lockout_duration;
+	r->lockout_window = lockout_window;
+	r->lockout_threshold = lockout_threshold;
+}
+
+/*******************************************************************
+ inits a samr_GroupInfoAll structure.
+********************************************************************/
+
+void init_samr_group_info1(struct samr_GroupInfoAll *r,
+			   const char *name,
+			   uint32_t attributes,
+			   uint32_t num_members,
+			   const char *description)
+{
+	DEBUG(5, ("init_samr_group_info1\n"));
+
+	init_lsa_String(&r->name, name);
+	r->attributes = attributes;
+	r->num_members = num_members;
+	init_lsa_String(&r->description, description);
+}
+
+/*******************************************************************
+ inits a lsa_String structure
+********************************************************************/
+
+void init_samr_group_info2(struct lsa_String *r, const char *group_name)
+{
+	DEBUG(5, ("init_samr_group_info2\n"));
+
+	init_lsa_String(r, group_name);
+}
+
+/*******************************************************************
+ inits a samr_GroupInfoAttributes structure.
+********************************************************************/
+
+void init_samr_group_info3(struct samr_GroupInfoAttributes *r,
+			   uint32_t attributes)
+{
+	DEBUG(5, ("init_samr_group_info3\n"));
+
+	r->attributes = attributes;
+}
+
+/*******************************************************************
+ inits a lsa_String structure
+********************************************************************/
+
+void init_samr_group_info4(struct lsa_String *r, const char *description)
+{
+	DEBUG(5, ("init_samr_group_info4\n"));
+
+	init_lsa_String(r, description);
+}
+
+/*******************************************************************
+ inits a samr_GroupInfoAll structure.
+********************************************************************/
+
+void init_samr_group_info5(struct samr_GroupInfoAll *r,
+			   const char *name,
+			   uint32_t attributes,
+			   uint32_t num_members,
+			   const char *description)
+{
+	DEBUG(5, ("init_samr_group_info5\n"));
+
+	init_lsa_String(&r->name, name);
+	r->attributes = attributes;
+	r->num_members = num_members;
+	init_lsa_String(&r->description, description);
+}
+
+/*******************************************************************
+ inits a samr_AliasInfoAll structure.
+********************************************************************/
+
+void init_samr_alias_info1(struct samr_AliasInfoAll *r,
+			   const char *name,
+			   uint32_t num_members,
+			   const char *description)
+{
+	DEBUG(5, ("init_samr_alias_info1\n"));
+
+	init_lsa_String(&r->name, name);
+	r->num_members = num_members;
+	init_lsa_String(&r->description, description);
+}
+
+/*******************************************************************
+inits a lsa_String structure.
+********************************************************************/
+
+void init_samr_alias_info3(struct lsa_String *r,
+			   const char *description)
+{
+	DEBUG(5, ("init_samr_alias_info3\n"));
+
+	init_lsa_String(r, description);
+}
+
+/*******************************************************************
+ inits a samr_UserInfo7 structure.
+********************************************************************/
+
+void init_samr_user_info7(struct samr_UserInfo7 *r,
+			  const char *account_name)
+{
+	DEBUG(5, ("init_samr_user_info7\n"));
+
+	init_lsa_String(&r->account_name, account_name);
+}
+
+/*******************************************************************
+ inits a samr_UserInfo9 structure.
+********************************************************************/
+
+void init_samr_user_info9(struct samr_UserInfo9 *r,
+			  uint32_t primary_gid)
+{
+	DEBUG(5, ("init_samr_user_info9\n"));
+
+	r->primary_gid = primary_gid;
+}
+
+/*******************************************************************
+ inits a SAM_USER_INFO_16 structure.
+********************************************************************/
+
+void init_samr_user_info16(struct samr_UserInfo16 *r,
+			   uint32_t acct_flags)
+{
+	DEBUG(5, ("init_samr_user_info16\n"));
+
+	r->acct_flags = acct_flags;
+}
+
+/*******************************************************************
+ inits a samr_UserInfo18 structure.
+********************************************************************/
+
+void init_samr_user_info18(struct samr_UserInfo18 *r,
+			   const uint8 lm_pwd[16],
+			   const uint8 nt_pwd[16])
+{
+	DEBUG(5, ("init_samr_user_info18\n"));
+
+	r->lm_pwd_active =
+		memcpy(r->lm_pwd.hash, lm_pwd, sizeof(r->lm_pwd.hash)) ? true : false;
+	r->nt_pwd_active =
+		memcpy(r->nt_pwd.hash, nt_pwd, sizeof(r->nt_pwd.hash)) ? true : false;
+}
+
+/*******************************************************************
+ inits a samr_UserInfo20 structure.
+********************************************************************/
+
+void init_samr_user_info20(struct samr_UserInfo20 *r,
+			   const char *munged_dial)
+{
+	init_lsa_String(&r->parameters, munged_dial);
+}
+
+/*************************************************************************
+ inits a samr_UserInfo21 structure
+ *************************************************************************/
+
+void init_samr_user_info21(struct samr_UserInfo21 *r,
+			   NTTIME last_logon,
+			   NTTIME last_logoff,
+			   NTTIME last_password_change,
+			   NTTIME acct_expiry,
+			   NTTIME allow_password_change,
+			   NTTIME force_password_change,
+			   const char *account_name,
+			   const char *full_name,
+			   const char *home_directory,
+			   const char *home_drive,
+			   const char *logon_script,
+			   const char *profile_path,
+			   const char *description,
+			   const char *workstations,
+			   const char *comment,
+			   const char *parameters,
+			   uint32_t rid,
+			   uint32_t primary_gid,
+			   uint32_t acct_flags,
+			   uint32_t fields_present,
+			   struct samr_LogonHours logon_hours,
+			   uint16_t bad_password_count,
+			   uint16_t logon_count,
+			   uint16_t country_code,
+			   uint16_t code_page,
+			   uint8_t nt_password_set,
+			   uint8_t lm_password_set,
+			   uint8_t password_expired)
+{
+	r->last_logon = last_logon;
+	r->last_logoff = last_logoff;
+	r->last_password_change = last_password_change;
+	r->acct_expiry = acct_expiry;
+	r->allow_password_change = allow_password_change;
+	r->force_password_change = force_password_change;
+	init_lsa_String(&r->account_name, account_name);
+	init_lsa_String(&r->full_name, full_name);
+	init_lsa_String(&r->home_directory, home_directory);
+	init_lsa_String(&r->home_drive, home_drive);
+	init_lsa_String(&r->logon_script, logon_script);
+	init_lsa_String(&r->profile_path, profile_path);
+	init_lsa_String(&r->description, description);
+	init_lsa_String(&r->workstations, workstations);
+	init_lsa_String(&r->comment, comment);
+	init_lsa_String(&r->parameters, parameters);
+	r->rid = rid;
+	r->primary_gid = primary_gid;
+	r->acct_flags = acct_flags;
+	r->fields_present = fields_present;
+	r->logon_hours = logon_hours;
+	r->bad_password_count = bad_password_count;
+	r->logon_count = logon_count;
+	r->country_code = country_code;
+	r->code_page = code_page;
+	r->nt_password_set = nt_password_set;
+	r->lm_password_set = lm_password_set;
+	r->password_expired = password_expired;
+}
+
+/*************************************************************************
+ init_samr_user_info23
+ *************************************************************************/
+
+void init_samr_user_info23(struct samr_UserInfo23 *r,
+			   NTTIME last_logon,
+			   NTTIME last_logoff,
+			   NTTIME last_password_change,
+			   NTTIME acct_expiry,
+			   NTTIME allow_password_change,
+			   NTTIME force_password_change,
+			   const char *account_name,
+			   const char *full_name,
+			   const char *home_directory,
+			   const char *home_drive,
+			   const char *logon_script,
+			   const char *profile_path,
+			   const char *description,
+			   const char *workstations,
+			   const char *comment,
+			   const char *parameters,
+			   uint32_t rid,
+			   uint32_t primary_gid,
+			   uint32_t acct_flags,
+			   uint32_t fields_present,
+			   struct samr_LogonHours logon_hours,
+			   uint16_t bad_password_count,
+			   uint16_t logon_count,
+			   uint16_t country_code,
+			   uint16_t code_page,
+			   uint8_t nt_password_set,
+			   uint8_t lm_password_set,
+			   uint8_t password_expired,
+			   uint8_t data[516],
+			   uint8_t pw_len)
+{
+	init_samr_user_info21(&r->info,
+			      last_logon,
+			      last_logoff,
+			      last_password_change,
+			      acct_expiry,
+			      allow_password_change,
+			      force_password_change,
+			      account_name,
+			      full_name,
+			      home_directory,
+			      home_drive,
+			      logon_script,
+			      profile_path,
+			      description,
+			      workstations,
+			      comment,
+			      parameters,
+			      rid,
+			      primary_gid,
+			      acct_flags,
+			      fields_present,
+			      logon_hours,
+			      bad_password_count,
+			      logon_count,
+			      country_code,
+			      code_page,
+			      nt_password_set,
+			      lm_password_set,
+			      password_expired);
+
+	memcpy(r->password.data, data, sizeof(r->password.data));
+}
+
+/*************************************************************************
+ init_samr_user_info24
+ *************************************************************************/
+
+void init_samr_user_info24(struct samr_UserInfo24 *r,
+			   uint8_t data[516],
+			   uint8_t pw_len)
+{
+	DEBUG(10, ("init_samr_user_info24:\n"));
+
+	memcpy(r->password.data, data, sizeof(r->password.data));
+	r->pw_len = pw_len;
+}
diff --git a/source3/rpc_parse/parse_ds.c b/source3/rpc_parse/parse_ds.c
deleted file mode 100644
index 8f3ce361e7..0000000000
--- a/source3/rpc_parse/parse_ds.c
+++ /dev/null
@@ -1,299 +0,0 @@
-/* 
- *  Unix SMB/CIFS implementation.
- *  RPC Pipe client / server routines
- 
- *  Copyright (C) Gerald Carter				2002-2003
- *  
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 3 of the License, or
- *  (at your option) any later version.
- *  
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *  
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "includes.h"
-
-/************************************************************************
-************************************************************************/
-
-static bool ds_io_dominfobasic(const char *desc, DSROLE_PRIMARY_DOMAIN_INFO_BASIC **basic, prs_struct *ps, int depth)
-{
-	DSROLE_PRIMARY_DOMAIN_INFO_BASIC *p = *basic;
-	
-	if ( UNMARSHALLING(ps) ) {
-		p = *basic = PRS_ALLOC_MEM(ps, DSROLE_PRIMARY_DOMAIN_INFO_BASIC, 1);
-	}
-		
-	if ( !p )
-		return False;
-		
-	if ( !prs_uint16("machine_role", ps, depth, &p->machine_role) )
-		return False;
-	if ( !prs_align(ps) )
-		return False;
-
-	if ( !prs_uint32("flags", ps, depth, &p->flags) )
-		return False;
-
-	if ( !prs_uint32("netbios_ptr", ps, depth, &p->netbios_ptr) )
-		return False;
-	if ( !prs_uint32("dnsname_ptr", ps, depth, &p->dnsname_ptr) )
-		return False;
-	if ( !prs_uint32("forestname_ptr", ps, depth, &p->forestname_ptr) )
-		return False;
-		
-	if ( !smb_io_uuid("domain_guid", &p->domain_guid, ps, depth) )
-		return False;
-		
-	if ( !smb_io_unistr2( "netbios_domain", &p->netbios_domain, p->netbios_ptr, ps, depth) )
-		return False;
-	if ( !prs_align(ps) )
-		return False;
-	
-	if ( !smb_io_unistr2( "dns_domain", &p->dns_domain, p->dnsname_ptr, ps, depth) )
-		return False;
-	if ( !prs_align(ps) )
-		return False;
-	
-	if ( !smb_io_unistr2( "forest_domain", &p->forest_domain, p->forestname_ptr, ps, depth) )
-		return False;
-	if ( !prs_align(ps) )
-		return False;
-	
-		
-	return True;
-		
-}
-
-/************************************************************************
-************************************************************************/
-
-bool ds_io_q_getprimdominfo( const char *desc, DS_Q_GETPRIMDOMINFO *q_u, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "ds_io_q_getprimdominfo");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if ( !prs_uint16( "level", ps, depth, &q_u->level ) )
-		return False;
-		
-	return True;
-}
-
-/************************************************************************
-************************************************************************/
-
-bool ds_io_r_getprimdominfo( const char *desc, DS_R_GETPRIMDOMINFO *r_u, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "ds_io_r_getprimdominfo");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if ( !prs_uint32( "ptr", ps, depth, &r_u->ptr ) )
-		return False;
-		
-	if ( r_u->ptr )
-	{
-		if ( !prs_uint16( "level", ps, depth, &r_u->level ) )
-			return False;
-	
-		if ( !prs_uint16( "unknown0", ps, depth, &r_u->unknown0 ) )
-			return False;
-		
-		switch ( r_u->level )
-		{
-			case DsRolePrimaryDomainInfoBasic:
-				if ( !ds_io_dominfobasic( "dominfobasic", &r_u->info.basic, ps, depth) )
-					return False;
-				break;
-			default:
-				return False;
-		}
-	}
-
-	if ( !prs_align(ps) )
-		return False;
-	
-	if ( !prs_ntstatus("status", ps, depth, &r_u->status ) )
-		return False;		
-		
-	return True;
-}
-
-/************************************************************************
- initialize a DS_ENUM_DOM_TRUSTS structure
-************************************************************************/
-
-bool init_q_ds_enum_domain_trusts( DS_Q_ENUM_DOM_TRUSTS *q, const char *server, uint32 flags )
-{
-	q->flags = flags;
-	
-	if ( server && *server )
-		q->server_ptr = 1;
-	else
-		q->server_ptr = 0;
-
-	init_unistr2( &q->server, server, UNI_STR_TERMINATE);
-		
-	return True;
-}
-
-/************************************************************************
-************************************************************************/
-
-static bool ds_io_domain_trusts( const char *desc, DS_DOMAIN_TRUSTS *trust, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "ds_io_dom_trusts_ctr");
-	depth++;
-
-	if ( !prs_uint32( "netbios_ptr", ps, depth, &trust->netbios_ptr ) )
-		return False;
-	
-	if ( !prs_uint32( "dns_ptr", ps, depth, &trust->dns_ptr ) )
-		return False;
-	
-	if ( !prs_uint32( "flags", ps, depth, &trust->flags ) )
-		return False;
-	
-	if ( !prs_uint32( "parent_index", ps, depth, &trust->parent_index ) )
-		return False;
-	
-	if ( !prs_uint32( "trust_type", ps, depth, &trust->trust_type ) )
-		return False;
-	
-	if ( !prs_uint32( "trust_attributes", ps, depth, &trust->trust_attributes ) )
-		return False;
-	
-	if ( !prs_uint32( "sid_ptr", ps, depth, &trust->sid_ptr ) )
-		return False;
-	
-	if ( !smb_io_uuid("guid", &trust->guid, ps, depth) )
-		return False;
-	
-	return True;	
-}
-
-/************************************************************************
-************************************************************************/
-
-static bool ds_io_dom_trusts_ctr( const char *desc, DS_DOMAIN_TRUSTS_CTR *ctr, prs_struct *ps, int depth)
-{
-	int i;
-
-	prs_debug(ps, depth, desc, "ds_io_dom_trusts_ctr");
-	depth++;
-	
-	if ( !prs_uint32( "ptr", ps, depth, &ctr->ptr ) )
-		return False;
-	
-	if ( !prs_uint32( "max_count", ps, depth, &ctr->max_count ) )
-		return False;
-	
-	/* are we done? */
-	
-	if ( ctr->max_count == 0 )
-		return True;
-	
-	/* allocate the domain trusts array are parse it */
-	
-	ctr->trusts = TALLOC_ARRAY(ps->mem_ctx, DS_DOMAIN_TRUSTS, ctr->max_count);
-	
-	if ( !ctr->trusts )
-		return False;
-	
-	/* this stinks; the static portion o fthe structure is read here and then
-	   we need another loop to read the UNISTR2's and SID's */
-	   
-	for ( i=0; i<ctr->max_count;i++ ) {
-		if ( !ds_io_domain_trusts("domain_trusts", &ctr->trusts[i], ps, depth) )
-			return False;
-	}
-
-	for ( i=0; i<ctr->max_count; i++ ) {
-	
-		if ( !smb_io_unistr2("netbios_domain", &ctr->trusts[i].netbios_domain, ctr->trusts[i].netbios_ptr, ps, depth) )
-			return False;
-
-		if(!prs_align(ps))
-			return False;
-		
-		if ( !smb_io_unistr2("dns_domain", &ctr->trusts[i].dns_domain, ctr->trusts[i].dns_ptr, ps, depth) )
-			return False;
-
-		if(!prs_align(ps))
-			return False;
-			
-		if ( ctr->trusts[i].sid_ptr ) {
-			if ( !smb_io_dom_sid2("sid", &ctr->trusts[i].sid, ps, depth ) )
-				return False;		
-		}
-	}
-	
-	return True;
-}
-
-/************************************************************************
- initialize a DS_ENUM_DOM_TRUSTS request
-************************************************************************/
-
-bool ds_io_q_enum_domain_trusts( const char *desc, DS_Q_ENUM_DOM_TRUSTS *q_u, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "ds_io_q_enum_domain_trusts");
-	depth++;
-
-	if ( !prs_align(ps) )
-		return False;
-	
-	if ( !prs_uint32( "server_ptr", ps, depth, &q_u->server_ptr ) )
-		return False;
-	
-	if ( !smb_io_unistr2("server", &q_u->server, q_u->server_ptr, ps, depth) )
-			return False;
-	
-	if ( !prs_align(ps) )
-		return False;
-	
-	if ( !prs_uint32( "flags", ps, depth, &q_u->flags ) )
-		return False;
-	
-	return True;
-}
-
-/************************************************************************
-************************************************************************/
-
-bool ds_io_r_enum_domain_trusts( const char *desc, DS_R_ENUM_DOM_TRUSTS *r_u, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "ds_io_r_enum_domain_trusts");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if ( !prs_uint32( "num_domains", ps, depth, &r_u->num_domains ) )
-		return False;
-		
-	if ( r_u->num_domains ) {
-		if ( !ds_io_dom_trusts_ctr("domains", &r_u->domains, ps, depth) )
-			return False;
-	}
-		
-	if(!prs_align(ps))
-		return False;
-			
-	if ( !prs_ntstatus("status", ps, depth, &r_u->status ) )
-		return False;		
-		
-	return True;
-}
diff --git a/source3/rpc_parse/parse_eventlog.c b/source3/rpc_parse/parse_eventlog.c
index 70226bca15..2ff217eb9e 100644
--- a/source3/rpc_parse/parse_eventlog.c
+++ b/source3/rpc_parse/parse_eventlog.c
@@ -25,154 +25,6 @@
 /********************************************************************
 ********************************************************************/
 
-bool prs_ev_open_unknown0( const char *desc, prs_struct *ps, int depth, EVENTLOG_OPEN_UNKNOWN0 *u )
-{
-	if ( !u )
-		return False;
-	
-	if ( !prs_uint16("", ps, depth, &u->unknown1) )
-		return False;
-	if ( !prs_uint16("", ps, depth, &u->unknown2) )
-		return False;
-
-	return True;
-}
-
-/********************************************************************
-********************************************************************/
-
-bool eventlog_io_q_open_eventlog(const char *desc, EVENTLOG_Q_OPEN_EVENTLOG *q_u,
-				 prs_struct *ps, int depth)
-{
-	if(q_u == NULL)
-		return False;
-    
-	prs_debug(ps, depth, desc, "eventlog_io_q_open_eventlog");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if ( !prs_pointer("", ps, depth, (void*)&q_u->unknown0, sizeof(EVENTLOG_OPEN_UNKNOWN0), (PRS_POINTER_CAST)prs_ev_open_unknown0))
-		return False;
-
-	if ( !prs_unistr4("logname", ps, depth, &q_u->logname) )
-		return False;
-	if ( !prs_align(ps) )
-		return False;
-
-	if ( !prs_unistr4("servername", ps, depth, &q_u->servername) )
-		return False;
-	if ( !prs_align(ps) )
-		return False;
-
-	if ( !prs_uint32("unknown1", ps, depth, &q_u->unknown1) )
-		return False;
-	if ( !prs_uint32("unknown2", ps, depth, &q_u->unknown2) )
-		return False;
-
-	return True;
-}
-
-bool eventlog_io_r_open_eventlog(const char *desc, EVENTLOG_R_OPEN_EVENTLOG *r_u,
-				 prs_struct *ps, int depth)
-{
-	if(r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "eventlog_io_r_open_eventlog");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!(smb_io_pol_hnd("log handle", &(r_u->handle), ps, depth)))
-		return False;
-
-	if(!(prs_ntstatus("status code", ps, depth, &r_u->status)))
-		return False;
-
-	return True;
-}
-
-bool eventlog_io_q_get_num_records(const char *desc, EVENTLOG_Q_GET_NUM_RECORDS *q_u,
-				   prs_struct *ps, int depth)
-{
-	if(q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "eventlog_io_q_get_num_records");
-	depth++;
-
-	if(!(prs_align(ps)))
-		return False;
-
-	if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth)))
-		return False;
-    
-	return True;
-}
-
-bool eventlog_io_r_get_num_records(const char *desc, EVENTLOG_R_GET_NUM_RECORDS *r_u,
-				   prs_struct *ps, int depth)
-{
-	if(r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "eventlog_io_r_get_num_records");
-	depth++;
-
-	if(!(prs_align(ps)))
-		return False;
-
-	if(!(prs_uint32("num records", ps, depth, &(r_u->num_records))))
-		return False;
-
-	if(!(prs_ntstatus("status code", ps, depth, &r_u->status)))
-		return False;
-
-	return True;
-}
-
-bool eventlog_io_q_get_oldest_entry(const char *desc, EVENTLOG_Q_GET_OLDEST_ENTRY *q_u,
-				    prs_struct *ps, int depth)
-{
-	if(q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "eventlog_io_q_get_oldest_entry");
-	depth++;
-    
-	if(!(prs_align(ps)))
-		return False;
-
-	if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth)))
-		return False;
-
-	return True;
-}
-
-bool eventlog_io_r_get_oldest_entry(const char *desc, EVENTLOG_R_GET_OLDEST_ENTRY *r_u,
-				    prs_struct *ps, int depth)
-{
-	if(r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "eventlog_io_r_get_oldest_entry");
-	depth++;
-
-	if(!(prs_align(ps)))
-		return False;
-
-	if(!(prs_uint32("oldest entry", ps, depth, &(r_u->oldest_entry))))
-		return False;
-
-	if(!(prs_ntstatus("status code", ps, depth, &r_u->status)))
-		return False;
-
-	return True;
-}
-
 bool eventlog_io_q_read_eventlog(const char *desc, EVENTLOG_Q_READ_EVENTLOG *q_u,
 				 prs_struct *ps, int depth)
 {
@@ -339,55 +191,3 @@ bool eventlog_io_r_read_eventlog(const char *desc,
 
 	return True;
 }
-
-/** The windows client seems to be doing something funny with the file name
-   A call like
-      ClearEventLog(handle, "backup_file")
-   on the client side will result in the backup file name looking like this on the
-   server side:
-      \??\${CWD of client}\backup_file
-   If an absolute path gets specified, such as
-      ClearEventLog(handle, "C:\\temp\\backup_file")
-   then it is still mangled by the client into this:
-      \??\C:\temp\backup_file
-   when it is on the wire.
-   I'm not sure where the \?? is coming from, or why the ${CWD} of the client process
-   would be added in given that the backup file gets written on the server side. */
-
-bool eventlog_io_q_clear_eventlog(const char *desc, EVENTLOG_Q_CLEAR_EVENTLOG *q_u,
-				  prs_struct *ps, int depth)
-{
-	if(q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "eventlog_io_q_clear_eventlog");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	if(!(smb_io_pol_hnd("log handle", &(q_u->handle), ps, depth)))
-		return False;
-
-	if ( !prs_unistr4("backupfile", ps, depth, &q_u->backupfile) )
-		return False;
-
-	return True;
-
-}
-
-bool eventlog_io_r_clear_eventlog(const char *desc, EVENTLOG_R_CLEAR_EVENTLOG *r_u,
-				  prs_struct *ps, int depth)
-{
-	if(r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "eventlog_io_r_clear_eventlog");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	if(!(prs_ntstatus("status code", ps, depth, &r_u->status)))
-		return False;
-
-	return True;
-}
diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c
deleted file mode 100644
index 98c4283347..0000000000
--- a/source3/rpc_parse/parse_lsa.c
+++ /dev/null
@@ -1,3705 +0,0 @@
-/* 
- *  Unix SMB/CIFS implementation.
- *  RPC Pipe client / server routines
- *  Copyright (C) Andrew Tridgell              1992-1997,
- *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
- *  Copyright (C) Paul Ashton                       1997,
- *  Copyright (C) Andrew Bartlett                   2002,
- *  Copyright (C) Jim McDonough <jmcd@us.ibm.com>   2002.
- *  Copyright (C) Gerald )Jerry) Carter             2005
- *  
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 3 of the License, or
- *  (at your option) any later version.
- *  
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *  
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_RPC_PARSE
-
-static bool lsa_io_trans_names(const char *desc, LSA_TRANS_NAME_ENUM *trn, prs_struct *ps, int depth);
-static bool lsa_io_trans_names2(const char *desc, LSA_TRANS_NAME_ENUM2 *trn, prs_struct *ps, int depth);
-
-/*******************************************************************
- Inits a LSA_TRANS_NAME structure.
-********************************************************************/
-
-void init_lsa_trans_name(LSA_TRANS_NAME *trn, UNISTR2 *uni_name,
-			 uint16 sid_name_use, const char *name, uint32 idx)
-{
-	trn->sid_name_use = sid_name_use;
-	init_unistr2(uni_name, name, UNI_FLAGS_NONE);
-	init_uni_hdr(&trn->hdr_name, uni_name);
-	trn->domain_idx = idx;
-}
-
-/*******************************************************************
- Reads or writes a LSA_TRANS_NAME structure.
-********************************************************************/
-
-static bool lsa_io_trans_name(const char *desc, LSA_TRANS_NAME *trn, prs_struct *ps, 
-			      int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_trans_name");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!prs_uint16("sid_name_use", ps, depth, &trn->sid_name_use))
-		return False;
-	if(!prs_align(ps))
-		return False;
-	
-	if(!smb_io_unihdr ("hdr_name", &trn->hdr_name, ps, depth))
-		return False;
-	if(!prs_uint32("domain_idx  ", ps, depth, &trn->domain_idx))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits a LSA_TRANS_NAME2 structure.
-********************************************************************/
-
-void init_lsa_trans_name2(LSA_TRANS_NAME2 *trn, UNISTR2 *uni_name,
-			 uint16 sid_name_use, const char *name, uint32 idx)
-{
-	trn->sid_name_use = sid_name_use;
-	init_unistr2(uni_name, name, UNI_FLAGS_NONE);
-	init_uni_hdr(&trn->hdr_name, uni_name);
-	trn->domain_idx = idx;
-	trn->unknown = 0;
-}
-
-/*******************************************************************
- Reads or writes a LSA_TRANS_NAME2 structure.
-********************************************************************/
-
-static bool lsa_io_trans_name2(const char *desc, LSA_TRANS_NAME2 *trn, prs_struct *ps, 
-			      int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_trans_name2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!prs_uint16("sid_name_use", ps, depth, &trn->sid_name_use))
-		return False;
-	if(!prs_align(ps))
-		return False;
-	
-	if(!smb_io_unihdr ("hdr_name", &trn->hdr_name, ps, depth))
-		return False;
-	if(!prs_uint32("domain_idx  ", ps, depth, &trn->domain_idx))
-		return False;
-	if(!prs_uint32("unknown  ", ps, depth, &trn->unknown))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a DOM_R_REF structure.
-********************************************************************/
-
-static bool lsa_io_dom_r_ref(const char *desc, DOM_R_REF *dom, prs_struct *ps, int depth)
-{
-	unsigned int i;
-
-	prs_debug(ps, depth, desc, "lsa_io_dom_r_ref");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!prs_uint32("num_ref_doms_1", ps, depth, &dom->num_ref_doms_1)) /* num referenced domains? */
-		return False;
-	if(!prs_uint32("ptr_ref_dom   ", ps, depth, &dom->ptr_ref_dom)) /* undocumented buffer pointer. */
-		return False;
-	if(!prs_uint32("max_entries   ", ps, depth, &dom->max_entries)) /* 32 - max number of entries */
-		return False;
-
-	SMB_ASSERT_ARRAY(dom->hdr_ref_dom, dom->num_ref_doms_1);
-
-	if (dom->ptr_ref_dom != 0) {
-
-		if(!prs_uint32("num_ref_doms_2", ps, depth, &dom->num_ref_doms_2)) /* 4 - num referenced domains? */
-			return False;
-
-		SMB_ASSERT_ARRAY(dom->ref_dom, dom->num_ref_doms_2);
-
-		for (i = 0; i < dom->num_ref_doms_1; i++) {
-			fstring t;
-
-			slprintf(t, sizeof(t) - 1, "dom_ref[%d] ", i);
-			if(!smb_io_unihdr(t, &dom->hdr_ref_dom[i].hdr_dom_name, ps, depth))
-				return False;
-
-			slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i);
-			if(!prs_uint32(t, ps, depth, &dom->hdr_ref_dom[i].ptr_dom_sid))
-				return False;
-		}
-
-		for (i = 0; i < dom->num_ref_doms_2; i++) {
-			fstring t;
-
-			if (dom->hdr_ref_dom[i].hdr_dom_name.buffer != 0) {
-				slprintf(t, sizeof(t) - 1, "dom_ref[%d] ", i);
-				if(!smb_io_unistr2(t, &dom->ref_dom[i].uni_dom_name, True, ps, depth)) /* domain name unicode string */
-					return False;
-				if(!prs_align(ps))
-					return False;
-			}
-
-			if (dom->hdr_ref_dom[i].ptr_dom_sid != 0) {
-				slprintf(t, sizeof(t) - 1, "sid_ptr[%d] ", i);
-				if(!smb_io_dom_sid2(t, &dom->ref_dom[i].ref_dom, ps, depth)) /* referenced domain SIDs */
-					return False;
-			}
-		}
-	}
-
-	return True;
-}
-
-/*******************************************************************
- Inits an LSA_SEC_QOS structure.
-********************************************************************/
-
-void init_lsa_sec_qos(LSA_SEC_QOS *qos, uint16 imp_lev, uint8 ctxt, uint8 eff)
-{
-	DEBUG(5, ("init_lsa_sec_qos\n"));
-
-	qos->len = 0x0c; /* length of quality of service block, in bytes */
-	qos->sec_imp_level = imp_lev;
-	qos->sec_ctxt_mode = ctxt;
-	qos->effective_only = eff;
-}
-
-/*******************************************************************
- Reads or writes an LSA_SEC_QOS structure.
-********************************************************************/
-
-static bool lsa_io_sec_qos(const char *desc,  LSA_SEC_QOS *qos, prs_struct *ps, 
-			   int depth)
-{
-	uint32 start;
-
-	prs_debug(ps, depth, desc, "lsa_io_obj_qos");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	start = prs_offset(ps);
-
-	/* these pointers had _better_ be zero, because we don't know
-	   what they point to!
-	 */
-	if(!prs_uint32("len           ", ps, depth, &qos->len)) /* 0x18 - length (in bytes) inc. the length field. */
-		return False;
-	if(!prs_uint16("sec_imp_level ", ps, depth, &qos->sec_imp_level ))
-		return False;
-	if(!prs_uint8 ("sec_ctxt_mode ", ps, depth, &qos->sec_ctxt_mode ))
-		return False;
-	if(!prs_uint8 ("effective_only", ps, depth, &qos->effective_only))
-		return False;
-
-	if (qos->len != prs_offset(ps) - start) {
-		DEBUG(3,("lsa_io_sec_qos: length %x does not match size %x\n",
-		         qos->len, prs_offset(ps) - start));
-	}
-
-	return True;
-}
-
-/*******************************************************************
- Inits an LSA_OBJ_ATTR structure.
-********************************************************************/
-
-static void init_lsa_obj_attr(LSA_OBJ_ATTR *attr, uint32 attributes, LSA_SEC_QOS *qos)
-{
-	DEBUG(5, ("init_lsa_obj_attr\n"));
-
-	attr->len = 0x18; /* length of object attribute block, in bytes */
-	attr->ptr_root_dir = 0;
-	attr->ptr_obj_name = 0;
-	attr->attributes = attributes;
-	attr->ptr_sec_desc = 0;
-	
-	if (qos != NULL) {
-		attr->ptr_sec_qos = 1;
-		attr->sec_qos = qos;
-	} else {
-		attr->ptr_sec_qos = 0;
-		attr->sec_qos = NULL;
-	}
-}
-
-/*******************************************************************
- Reads or writes an LSA_OBJ_ATTR structure.
-********************************************************************/
-
-static bool lsa_io_obj_attr(const char *desc, LSA_OBJ_ATTR *attr, prs_struct *ps, 
-			    int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_obj_attr");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	/* these pointers had _better_ be zero, because we don't know
-	   what they point to!
-	 */
-	if(!prs_uint32("len         ", ps, depth, &attr->len)) /* 0x18 - length (in bytes) inc. the length field. */
-		return False;
-	if(!prs_uint32("ptr_root_dir", ps, depth, &attr->ptr_root_dir)) /* 0 - root directory (pointer) */
-		return False;
-	if(!prs_uint32("ptr_obj_name", ps, depth, &attr->ptr_obj_name)) /* 0 - object name (pointer) */
-		return False;
-	if(!prs_uint32("attributes  ", ps, depth, &attr->attributes)) /* 0 - attributes (undocumented) */
-		return False;
-	if(!prs_uint32("ptr_sec_desc", ps, depth, &attr->ptr_sec_desc)) /* 0 - security descriptior (pointer) */
-		return False;
-	if(!prs_uint32("ptr_sec_qos ", ps, depth, &attr->ptr_sec_qos )) /* security quality of service (pointer) */
-		return False;
-
-	if (attr->ptr_sec_qos != 0) {
-		if (UNMARSHALLING(ps))
-			if (!(attr->sec_qos = PRS_ALLOC_MEM(ps,LSA_SEC_QOS,1)))
-				return False;
-
-		if(!lsa_io_sec_qos("sec_qos", attr->sec_qos, ps, depth))
-			return False;
-	}
-
-	return True;
-}
-
-
-/*******************************************************************
- Inits an LSA_Q_OPEN_POL structure.
-********************************************************************/
-
-void init_q_open_pol(LSA_Q_OPEN_POL *in, uint16 system_name,
-		     uint32 attributes, uint32 desired_access,
-		     LSA_SEC_QOS *qos)
-{
-	DEBUG(5, ("init_open_pol: attr:%d da:%d\n", attributes, 
-		  desired_access));
-
-	in->ptr = 1; /* undocumented pointer */
-
-	in->des_access = desired_access;
-
-	in->system_name = system_name;
-	init_lsa_obj_attr(&in->attr, attributes, qos);
-}
-
-/*******************************************************************
- Reads or writes an LSA_Q_OPEN_POL structure.
-********************************************************************/
-
-bool lsa_io_q_open_pol(const char *desc, LSA_Q_OPEN_POL *in, prs_struct *ps, 
-		       int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_open_pol");
-	depth++;
-
-	if(!prs_uint32("ptr       ", ps, depth, &in->ptr))
-		return False;
-	if(!prs_uint16("system_name", ps, depth, &in->system_name))
-		return False;
-	if(!prs_align( ps ))
-		return False;
-
-	if(!lsa_io_obj_attr("", &in->attr, ps, depth))
-		return False;
-
-	if(!prs_uint32("des_access", ps, depth, &in->des_access))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LSA_R_OPEN_POL structure.
-********************************************************************/
-
-bool lsa_io_r_open_pol(const char *desc, LSA_R_OPEN_POL *out, prs_struct *ps, 
-		       int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_open_pol");
-	depth++;
-
-	if(!smb_io_pol_hnd("", &out->pol, ps, depth))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits an LSA_Q_OPEN_POL2 structure.
-********************************************************************/
-
-void init_q_open_pol2(LSA_Q_OPEN_POL2 *in, const char *server_name,
-			uint32 attributes, uint32 desired_access,
-			LSA_SEC_QOS *qos)
-{
-	DEBUG(5, ("init_q_open_pol2: attr:%d da:%d\n", attributes, 
-		  desired_access));
-
-	in->ptr = 1; /* undocumented pointer */
-
-	in->des_access = desired_access;
-
-	init_unistr2(&in->uni_server_name, server_name, UNI_STR_TERMINATE);
-
-	init_lsa_obj_attr(&in->attr, attributes, qos);
-}
-
-/*******************************************************************
- Reads or writes an LSA_Q_OPEN_POL2 structure.
-********************************************************************/
-
-bool lsa_io_q_open_pol2(const char *desc, LSA_Q_OPEN_POL2 *in, prs_struct *ps, 
-			int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_open_pol2");
-	depth++;
-
-	if(!prs_uint32("ptr       ", ps, depth, &in->ptr))
-		return False;
-
-	if(!smb_io_unistr2 ("", &in->uni_server_name, in->ptr, ps, depth))
-		return False;
-	if(!lsa_io_obj_attr("", &in->attr, ps, depth))
-		return False;
-
-	if(!prs_uint32("des_access", ps, depth, &in->des_access))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LSA_R_OPEN_POL2 structure.
-********************************************************************/
-
-bool lsa_io_r_open_pol2(const char *desc, LSA_R_OPEN_POL2 *out, prs_struct *ps, 
-			int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_open_pol2");
-	depth++;
-
-	if(!smb_io_pol_hnd("", &out->pol, ps, depth))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-makes an LSA_Q_QUERY_SEC_OBJ structure.
-********************************************************************/
-
-void init_q_query_sec_obj(LSA_Q_QUERY_SEC_OBJ *in, const POLICY_HND *hnd, 
-			  uint32 sec_info)
-{
-	DEBUG(5, ("init_q_query_sec_obj\n"));
-
-	in->pol = *hnd;
-	in->sec_info = sec_info;
-
-	return;
-}
-
-/*******************************************************************
- Reads or writes an LSA_Q_QUERY_SEC_OBJ structure.
-********************************************************************/
-
-bool lsa_io_q_query_sec_obj(const char *desc, LSA_Q_QUERY_SEC_OBJ *in, 
-			    prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_query_sec_obj");
-	depth++;
-
-	if (!smb_io_pol_hnd("", &in->pol, ps, depth))
-		return False;
-
-	if (!prs_uint32("sec_info", ps, depth, &in->sec_info))
-		return False;
-
-	return True;
-} 
-
-/*******************************************************************
- Reads or writes a LSA_R_QUERY_SEC_OBJ structure.
-********************************************************************/
-
-bool lsa_io_r_query_sec_obj(const char *desc, LSA_R_QUERY_SEC_OBJ *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_query_sec_obj");
-	depth++;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("ptr", ps, depth, &out->ptr))
-		return False;
-
-	if (out->ptr != 0) {
-		if (!sec_io_desc_buf("sec", &out->buf, ps, depth))
-			return False;
-	}
-
-	if (!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits an LSA_Q_QUERY_INFO structure.
-********************************************************************/
-
-void init_q_query(LSA_Q_QUERY_INFO *in, POLICY_HND *hnd, uint16 info_class)
-{
-	DEBUG(5, ("init_q_query\n"));
-
-	memcpy(&in->pol, hnd, sizeof(in->pol));
-
-	in->info_class = info_class;
-}
-
-/*******************************************************************
- Reads or writes an LSA_Q_QUERY_INFO structure.
-********************************************************************/
-
-bool lsa_io_q_query(const char *desc, LSA_Q_QUERY_INFO *in, prs_struct *ps, 
-		    int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_query");
-	depth++;
-
-	if(!smb_io_pol_hnd("", &in->pol, ps, depth))
-		return False;
-
-	if(!prs_uint16("info_class", ps, depth, &in->info_class))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-makes an LSA_Q_ENUM_TRUST_DOM structure.
-********************************************************************/
-bool init_q_enum_trust_dom(LSA_Q_ENUM_TRUST_DOM * q_e, POLICY_HND *pol,
-			   uint32 enum_context, uint32 preferred_len)
-{
-	DEBUG(5, ("init_q_enum_trust_dom\n"));
-
-	q_e->pol = *pol;
-	q_e->enum_context = enum_context;
-	q_e->preferred_len = preferred_len;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LSA_Q_ENUM_TRUST_DOM structure.
-********************************************************************/
-
-bool lsa_io_q_enum_trust_dom(const char *desc, LSA_Q_ENUM_TRUST_DOM *q_e, 
-			     prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_enum_trust_dom");
-	depth++;
-
-	if(!smb_io_pol_hnd("", &q_e->pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("enum_context ", ps, depth, &q_e->enum_context))
-		return False;
-	if(!prs_uint32("preferred_len", ps, depth, &q_e->preferred_len))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits an LSA_R_ENUM_TRUST_DOM structure.
-********************************************************************/
-
-void init_r_enum_trust_dom(TALLOC_CTX *ctx, LSA_R_ENUM_TRUST_DOM *out,
-			   uint32 enum_context, uint32 num_domains,
-			   struct trustdom_info **td)
-{
-	unsigned int i;
-
-        DEBUG(5, ("init_r_enum_trust_dom\n"));
-	
-        out->enum_context  = enum_context;
-	out->count         = num_domains;
-			
-	if ( num_domains != 0 ) {
-	
-		/* allocate container memory */
-		
-		out->domlist = TALLOC_P( ctx, DOMAIN_LIST );
-
-		if ( !out->domlist ) {
-			out->status = NT_STATUS_NO_MEMORY;
-			return;
-		}
-
-		if (out->count) {
-			out->domlist->domains = TALLOC_ARRAY( ctx, DOMAIN_INFO,
-						      out->count );
-			if ( !out->domlist->domains ) {
-				out->status = NT_STATUS_NO_MEMORY;
-				return;
-			}
-		} else {		
-			out->domlist->domains = NULL;
-		}
-	
-		out->domlist->count = out->count;
-		
-		/* initialize the list of domains and their sid */
-		
-		for (i = 0; i < num_domains; i++) {	
-			smb_ucs2_t *name;
-			if ( !(out->domlist->domains[i].sid =
-			       TALLOC_P(ctx, DOM_SID2)) ) {
-				out->status = NT_STATUS_NO_MEMORY;
-				return;
-			}
-				
-			init_dom_sid2(out->domlist->domains[i].sid,
-				      &(td[i])->sid);
-			if (push_ucs2_talloc(ctx, &name, (td[i])->name) == (size_t)-1){
-				out->status = NT_STATUS_NO_MEMORY;
-				return;
-			}
-			init_unistr4_w(ctx, &out->domlist->domains[i].name,
-				       name);
-		}
-	}
-
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool lsa_io_domain_list( const char *desc, prs_struct *ps, int depth, DOMAIN_LIST *domlist )
-{
-	int i;
-	
-	prs_debug(ps, depth, desc, "lsa_io_domain_list");
-	depth++;
-
-	if(!prs_uint32("count", ps, depth, &domlist->count))
-		return False;
-
-	if ( domlist->count == 0 )
-		return True;
-		
-	if ( UNMARSHALLING(ps) ) {
-		if ( !(domlist->domains = PRS_ALLOC_MEM( ps, DOMAIN_INFO, domlist->count )) )
-			return False;
-	}
-	
-	/* headers */
-	
-	for ( i=0; i<domlist->count; i++ ) {
-		if ( !prs_unistr4_hdr("name_header", ps, depth, &domlist->domains[i].name) )
-			return False;
-		if ( !smb_io_dom_sid2_p("sid_header", ps, depth, &domlist->domains[i].sid) )
-			return False;
-	}
-
-	/* data */
-	
-	for ( i=0; i<domlist->count; i++ ) {
-		if ( !prs_unistr4_str("name", ps, depth, &domlist->domains[i].name) )
-			return False;
-		if( !smb_io_dom_sid2("sid", domlist->domains[i].sid, ps, depth) )
-			return False;
-	}
-	
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LSA_R_ENUM_TRUST_DOM structure.
-********************************************************************/
-
-bool lsa_io_r_enum_trust_dom(const char *desc, LSA_R_ENUM_TRUST_DOM *out, 
-			     prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_enum_trust_dom");
-	depth++;
-
-	if(!prs_uint32("enum_context", ps, depth, &out->enum_context))
-		return False;
-
-	if(!prs_uint32("count", ps, depth, &out->count))
-		return False;
-
-	if ( !prs_pointer("trusted_domains", ps, depth, (void*)&out->domlist, sizeof(DOMAIN_LIST), (PRS_POINTER_CAST)lsa_io_domain_list))
-		return False;
-		
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool lsa_io_dom_query_1(const char *desc, DOM_QUERY_1 *d_q, prs_struct *ps, int depth)
-{
-	if (d_q == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "lsa_io_dom_query_1");
-	depth++;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("percent_full", ps, depth, &d_q->percent_full))
-		return False;
-	if (!prs_uint32("log_size", ps, depth, &d_q->log_size))
-		return False;
-	if (!smb_io_nttime("retention_time", ps, depth, &d_q->retention_time))
-		return False;
-	if (!prs_uint8("shutdown_in_progress", ps, depth, &d_q->shutdown_in_progress))
-		return False;
-	if (!smb_io_nttime("time_to_shutdown", ps, depth, &d_q->time_to_shutdown))
-		return False;
-	if (!prs_uint32("next_audit_record", ps, depth, &d_q->next_audit_record))
-		return False;
-	if (!prs_uint32("unknown", ps, depth, &d_q->unknown))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool lsa_io_dom_query_2(const char *desc, DOM_QUERY_2 *d_q, prs_struct *ps, int depth)
-{
-	if (d_q == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "lsa_io_dom_query_2");
-	depth++;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("auditing_enabled", ps, depth, &d_q->auditing_enabled))
-		return False;
-	if (!prs_uint32("ptr   ", ps, depth, &d_q->ptr))
-		return False;
-	if (!prs_uint32("count1", ps, depth, &d_q->count1))
-		return False;
-
-	if (d_q->ptr) {
-
-		if (!prs_uint32("count2", ps, depth, &d_q->count2))
-			return False;
-
-		if (d_q->count1 != d_q->count2)
-			return False;
-
-		if (UNMARSHALLING(ps)) {
-			if (d_q->count2) {
-				d_q->auditsettings = TALLOC_ZERO_ARRAY(ps->mem_ctx, uint32, d_q->count2);
-				if (!d_q->auditsettings) {
-					return False;
-				}
-			} else {
-				d_q->auditsettings = NULL;
-			}
-		}
-
-		if (!prs_uint32s(False, "auditsettings", ps, depth, d_q->auditsettings, d_q->count2))
-			return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a dom query structure.
-********************************************************************/
-
-static bool lsa_io_dom_query_3(const char *desc, DOM_QUERY_3 *d_q, prs_struct *ps, int depth)
-{
-	if (d_q == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "lsa_io_dom_query_3");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint16("uni_dom_max_len", ps, depth, &d_q->uni_dom_max_len)) /* domain name string length * 2 */
-		return False;
-	if(!prs_uint16("uni_dom_str_len", ps, depth, &d_q->uni_dom_str_len)) /* domain name string length * 2 */
-		return False;
-
-	if(!prs_uint32("buffer_dom_name", ps, depth, &d_q->buffer_dom_name)) /* undocumented domain name string buffer pointer */
-		return False;
-	if(!prs_uint32("buffer_dom_sid ", ps, depth, &d_q->buffer_dom_sid)) /* undocumented domain SID string buffer pointer */
-		return False;
-
-	if(!smb_io_unistr2("unistr2", &d_q->uni_domain_name, d_q->buffer_dom_name, ps, depth)) /* domain name (unicode string) */
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	if (d_q->buffer_dom_sid != 0) {
-		if(!smb_io_dom_sid2("", &d_q->dom_sid, ps, depth)) /* domain SID */
-			return False;
-	} else {
-		memset((char *)&d_q->dom_sid, '\0', sizeof(d_q->dom_sid));
-	}
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a dom query structure.
-********************************************************************/
-
-static bool lsa_io_dom_query_5(const char *desc, DOM_QUERY_5 *d_q, prs_struct *ps, int depth)
-{
-	return lsa_io_dom_query_3("", d_q, ps, depth);
-}
-
-/*******************************************************************
- Reads or writes a dom query structure.
-********************************************************************/
-
-static bool lsa_io_dom_query_6(const char *desc, DOM_QUERY_6 *d_q, prs_struct *ps, int depth)
-{
-	if (d_q == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "lsa_io_dom_query_6");
-	depth++;
-
-	if (!prs_uint16("server_role", ps, depth, &d_q->server_role))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a dom query structure.
-********************************************************************/
-
-static bool lsa_io_dom_query_10(const char *desc, DOM_QUERY_10 *d_q, prs_struct *ps, int depth)
-{
-	if (d_q == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "lsa_io_dom_query_10");
-	depth++;
-
-	if (!prs_uint8("shutdown_on_full", ps, depth, &d_q->shutdown_on_full))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a dom query structure.
-********************************************************************/
-
-static bool lsa_io_dom_query_11(const char *desc, DOM_QUERY_11 *d_q, prs_struct *ps, int depth)
-{
-	if (d_q == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "lsa_io_dom_query_11");
-	depth++;
-
-	if (!prs_uint16("unknown", ps, depth, &d_q->unknown))
-		return False;
-	if (!prs_uint8("shutdown_on_full", ps, depth, &d_q->shutdown_on_full))
-		return False;
-	if (!prs_uint8("log_is_full", ps, depth, &d_q->log_is_full))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LSA_DNS_DOM_INFO structure.
-********************************************************************/
-
-bool lsa_io_dom_query_12(const char *desc, DOM_QUERY_12 *info, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_dom_query_12");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	if(!smb_io_unihdr("nb_name", &info->hdr_nb_dom_name, ps, depth))
-		return False;
-	if(!smb_io_unihdr("dns_name", &info->hdr_dns_dom_name, ps, depth))
-		return False;
-	if(!smb_io_unihdr("forest", &info->hdr_forest_name, ps, depth))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-	if ( !smb_io_uuid("dom_guid", &info->dom_guid, ps, depth) )
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("dom_sid", ps, depth, &info->ptr_dom_sid))
-		return False;
-
-	if(!smb_io_unistr2("nb_name", &info->uni_nb_dom_name,
-			   info->hdr_nb_dom_name.buffer, ps, depth))
-		return False;
-	if(!smb_io_unistr2("dns_name", &info->uni_dns_dom_name, 
-			   info->hdr_dns_dom_name.buffer, ps, depth))
-		return False;
-	if(!smb_io_unistr2("forest", &info->uni_forest_name, 
-			   info->hdr_forest_name.buffer, ps, depth))
-		return False;
-
-	if(!smb_io_dom_sid2("dom_sid", &info->dom_sid, ps, depth))
-		return False;
-
-	return True;
-	
-}
-
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool lsa_io_query_info_ctr2(const char *desc, prs_struct *ps, int depth, LSA_INFO_CTR2 *ctr)
-{
-	prs_debug(ps, depth, desc, "lsa_io_query_info_ctr2");
-	depth++;
-
-	if(!prs_uint16("info_class", ps, depth, &ctr->info_class))
-		return False;
-
-	switch (ctr->info_class) {
-	case 1:
-		if(!lsa_io_dom_query_1("", &ctr->info.id1, ps, depth))
-			return False;
-		break;
-	case 2:
-		if(!lsa_io_dom_query_2("", &ctr->info.id2, ps, depth))
-			return False;
-		break;
-	case 3:
-		if(!lsa_io_dom_query_3("", &ctr->info.id3, ps, depth))
-			return False;
-		break;
-	case 5:
-		if(!lsa_io_dom_query_5("", &ctr->info.id5, ps, depth))
-			return False;
-		break;
-	case 6:
-		if(!lsa_io_dom_query_6("", &ctr->info.id6, ps, depth))
-			return False;
-		break;
-	case 10:
-		if(!lsa_io_dom_query_10("", &ctr->info.id10, ps, depth))
-			return False;
-		break;
-	case 11:
-		if(!lsa_io_dom_query_11("", &ctr->info.id11, ps, depth))
-			return False;
-		break;
-	case 12:
-		if(!lsa_io_dom_query_12("", &ctr->info.id12, ps, depth))
-			return False;
-		break;
-	default:
-		DEBUG(0,("invalid info_class: %d\n", ctr->info_class));
-		return False;
-		break;
-	}
-
-	return True;
-}
-
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool lsa_io_query_info_ctr(const char *desc, prs_struct *ps, int depth, LSA_INFO_CTR *ctr)
-{
-	prs_debug(ps, depth, desc, "lsa_io_query_info_ctr");
-	depth++;
-
-	if(!prs_uint16("info_class", ps, depth, &ctr->info_class))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	switch (ctr->info_class) {
-	case 1:
-		if(!lsa_io_dom_query_1("", &ctr->info.id1, ps, depth))
-			return False;
-		break;
-	case 2:
-		if(!lsa_io_dom_query_2("", &ctr->info.id2, ps, depth))
-			return False;
-		break;
-	case 3:
-		if(!lsa_io_dom_query_3("", &ctr->info.id3, ps, depth))
-			return False;
-		break;
-	case 5:
-		if(!lsa_io_dom_query_5("", &ctr->info.id5, ps, depth))
-			return False;
-		break;
-	case 6:
-		if(!lsa_io_dom_query_6("", &ctr->info.id6, ps, depth))
-			return False;
-		break;
-	case 10:
-		if(!lsa_io_dom_query_10("", &ctr->info.id10, ps, depth))
-			return False;
-		break;
-	case 11:
-		if(!lsa_io_dom_query_11("", &ctr->info.id11, ps, depth))
-			return False;
-		break;
-	default:
-		DEBUG(0,("invalid info_class: %d\n", ctr->info_class));
-		return False;
-		break;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LSA_R_QUERY_INFO structure.
-********************************************************************/
-
-bool lsa_io_r_query(const char *desc, LSA_R_QUERY_INFO *out, prs_struct *ps, int depth)
-{
-
-	prs_debug(ps, depth, desc, "lsa_io_r_query");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("dom_ptr", ps, depth, &out->dom_ptr))
-		return False;
-
-	if (out->dom_ptr) {
-
-		if(!lsa_io_query_info_ctr("", ps, depth, &out->ctr))
-			return False;
-	}
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits a LSA_SID_ENUM structure.
-********************************************************************/
-
-static void init_lsa_sid_enum(TALLOC_CTX *mem_ctx, LSA_SID_ENUM *sen, 
-		       int num_entries, const DOM_SID *sids)
-{
-	int i;
-
-	DEBUG(5, ("init_lsa_sid_enum\n"));
-
-	sen->num_entries  = num_entries;
-	sen->ptr_sid_enum = (num_entries != 0);
-	sen->num_entries2 = num_entries;
-
-	/* Allocate memory for sids and sid pointers */
-
-	if (num_entries) {
-		if ((sen->ptr_sid = TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_entries )) == NULL) {
-			DEBUG(3, ("init_lsa_sid_enum(): out of memory for ptr_sid\n"));
-			return;
-		}
-
-		if ((sen->sid = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID2, num_entries)) == NULL) {
-			DEBUG(3, ("init_lsa_sid_enum(): out of memory for sids\n"));
-			return;
-		}
-	}
-
-	/* Copy across SIDs and SID pointers */
-
-	for (i = 0; i < num_entries; i++) {
-		sen->ptr_sid[i] = 1;
-		init_dom_sid2(&sen->sid[i], &sids[i]);
-	}
-}
-
-/*******************************************************************
- Reads or writes a LSA_SID_ENUM structure.
-********************************************************************/
-
-static bool lsa_io_sid_enum(const char *desc, LSA_SID_ENUM *sen, prs_struct *ps, 
-			    int depth)
-{
-	unsigned int i;
-
-	prs_debug(ps, depth, desc, "lsa_io_sid_enum");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!prs_uint32("num_entries ", ps, depth, &sen->num_entries))
-		return False;
-	if(!prs_uint32("ptr_sid_enum", ps, depth, &sen->ptr_sid_enum))
-		return False;
-
-	/*
-	   if the ptr is NULL, leave here. checked from a real w2k trace.
-	   JFM, 11/23/2001
-	 */
-	
-	if (sen->ptr_sid_enum==0)
-		return True;
-
-	if(!prs_uint32("num_entries2", ps, depth, &sen->num_entries2))
-		return False;
-
-	/* Mallocate memory if we're unpacking from the wire */
-
-	if (UNMARSHALLING(ps) && sen->num_entries) {
-		if ((sen->ptr_sid = PRS_ALLOC_MEM( ps, uint32, sen->num_entries)) == NULL) {
-			DEBUG(3, ("init_lsa_sid_enum(): out of memory for "
-				  "ptr_sid\n"));
-			return False;
-		}
-
-		if ((sen->sid = PRS_ALLOC_MEM( ps, DOM_SID2, sen->num_entries)) == NULL) {
-			DEBUG(3, ("init_lsa_sid_enum(): out of memory for "
-				  "sids\n"));
-			return False;
-		}
-	}
-
-	for (i = 0; i < sen->num_entries; i++) {	
-		fstring temp;
-
-		slprintf(temp, sizeof(temp) - 1, "ptr_sid[%d]", i);
-		if(!prs_uint32(temp, ps, depth, &sen->ptr_sid[i])) {
-			return False;
-		}
-	}
-
-	for (i = 0; i < sen->num_entries; i++) {
-		fstring temp;
-
-		slprintf(temp, sizeof(temp) - 1, "sid[%d]", i);
-		if(!smb_io_dom_sid2(temp, &sen->sid[i], ps, depth)) {
-			return False;
-		}
-	}
-
-	return True;
-}
-
-/*******************************************************************
- Inits an LSA_R_ENUM_TRUST_DOM structure.
-********************************************************************/
-
-void init_q_lookup_sids(TALLOC_CTX *mem_ctx, LSA_Q_LOOKUP_SIDS *q_l, 
-			POLICY_HND *hnd, int num_sids, const DOM_SID *sids,
-			uint16 level)
-{
-	DEBUG(5, ("init_q_lookup_sids\n"));
-
-	ZERO_STRUCTP(q_l);
-
-	memcpy(&q_l->pol, hnd, sizeof(q_l->pol));
-	init_lsa_sid_enum(mem_ctx, &q_l->sids, num_sids, sids);
-	
-	q_l->level = level;
-}
-
-/*******************************************************************
- Reads or writes a LSA_Q_LOOKUP_SIDS structure.
-********************************************************************/
-
-bool lsa_io_q_lookup_sids(const char *desc, LSA_Q_LOOKUP_SIDS *q_s, prs_struct *ps,
-			  int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_lookup_sids");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!smb_io_pol_hnd("pol_hnd", &q_s->pol, ps, depth)) /* policy handle */
-		return False;
-	if(!lsa_io_sid_enum("sids   ", &q_s->sids, ps, depth)) /* sids to be looked up */
-		return False;
-	if(!lsa_io_trans_names("names  ", &q_s->names, ps, depth)) /* translated names */
-		return False;
-
-	if(!prs_uint16("level", ps, depth, &q_s->level)) /* lookup level */
-		return False;
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("mapped_count", ps, depth, &q_s->mapped_count))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a LSA_Q_LOOKUP_SIDS2 structure.
-********************************************************************/
-
-bool lsa_io_q_lookup_sids2(const char *desc, LSA_Q_LOOKUP_SIDS2 *q_s, prs_struct *ps,
-			  int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_lookup_sids2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!smb_io_pol_hnd("pol_hnd", &q_s->pol, ps, depth)) /* policy handle */
-		return False;
-	if(!lsa_io_sid_enum("sids   ", &q_s->sids, ps, depth)) /* sids to be looked up */
-		return False;
-	if(!lsa_io_trans_names2("names  ", &q_s->names, ps, depth)) /* translated names */
-		return False;
-
-	if(!prs_uint16("level", ps, depth, &q_s->level)) /* lookup level */
-		return False;
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("mapped_count", ps, depth, &q_s->mapped_count))
-		return False;
-	if(!prs_uint32("unknown1", ps, depth, &q_s->unknown1))
-		return False;
-	if(!prs_uint32("unknown2", ps, depth, &q_s->unknown2))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a LSA_Q_LOOKUP_SIDS3 structure.
-********************************************************************/
-
-bool lsa_io_q_lookup_sids3(const char *desc, LSA_Q_LOOKUP_SIDS3 *q_s, prs_struct *ps,
-			  int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_lookup_sids3");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!lsa_io_sid_enum("sids   ", &q_s->sids, ps, depth)) /* sids to be looked up */
-		return False;
-	if(!lsa_io_trans_names2("names  ", &q_s->names, ps, depth)) /* translated names */
-		return False;
-
-	if(!prs_uint16("level", ps, depth, &q_s->level)) /* lookup level */
-		return False;
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("mapped_count", ps, depth, &q_s->mapped_count))
-		return False;
-	if(!prs_uint32("unknown1", ps, depth, &q_s->unknown1))
-		return False;
-	if(!prs_uint32("unknown2", ps, depth, &q_s->unknown2))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-static bool lsa_io_trans_names(const char *desc, LSA_TRANS_NAME_ENUM *trn,
-                prs_struct *ps, int depth)
-{
-	unsigned int i;
-
-	prs_debug(ps, depth, desc, "lsa_io_trans_names");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-   
-	if(!prs_uint32("num_entries    ", ps, depth, &trn->num_entries))
-		return False;
-	if(!prs_uint32("ptr_trans_names", ps, depth, &trn->ptr_trans_names))
-		return False;
-
-	if (trn->ptr_trans_names != 0) {
-		if(!prs_uint32("num_entries2   ", ps, depth, 
-			       &trn->num_entries2))
-			return False;
-
-		if (trn->num_entries2 != trn->num_entries) {
-			/* RPC fault */
-			return False;
-		}
-
-		if (UNMARSHALLING(ps) && trn->num_entries2) {
-			if ((trn->name = PRS_ALLOC_MEM(ps, LSA_TRANS_NAME, trn->num_entries2)) == NULL) {
-				return False;
-			}
-
-			if ((trn->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, trn->num_entries2)) == NULL) {
-				return False;
-			}
-		}
-
-		for (i = 0; i < trn->num_entries2; i++) {
-			fstring t;
-			slprintf(t, sizeof(t) - 1, "name[%d] ", i);
-
-			if(!lsa_io_trans_name(t, &trn->name[i], ps, depth)) /* translated name */
-				return False;
-		}
-
-		for (i = 0; i < trn->num_entries2; i++) {
-			fstring t;
-			slprintf(t, sizeof(t) - 1, "name[%d] ", i);
-
-			if(!smb_io_unistr2(t, &trn->uni_name[i], trn->name[i].hdr_name.buffer, ps, depth))
-				return False;
-			if(!prs_align(ps))
-				return False;
-		}
-	}
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-static bool lsa_io_trans_names2(const char *desc, LSA_TRANS_NAME_ENUM2 *trn,
-                prs_struct *ps, int depth)
-{
-	unsigned int i;
-
-	prs_debug(ps, depth, desc, "lsa_io_trans_names2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-   
-	if(!prs_uint32("num_entries    ", ps, depth, &trn->num_entries))
-		return False;
-	if(!prs_uint32("ptr_trans_names", ps, depth, &trn->ptr_trans_names))
-		return False;
-
-	if (trn->ptr_trans_names != 0) {
-		if(!prs_uint32("num_entries2   ", ps, depth, 
-			       &trn->num_entries2))
-			return False;
-
-		if (trn->num_entries2 != trn->num_entries) {
-			/* RPC fault */
-			return False;
-		}
-
-		if (UNMARSHALLING(ps) && trn->num_entries2) {
-			if ((trn->name = PRS_ALLOC_MEM(ps, LSA_TRANS_NAME2, trn->num_entries2)) == NULL) {
-				return False;
-			}
-
-			if ((trn->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, trn->num_entries2)) == NULL) {
-				return False;
-			}
-		}
-
-		for (i = 0; i < trn->num_entries2; i++) {
-			fstring t;
-			slprintf(t, sizeof(t) - 1, "name[%d] ", i);
-
-			if(!lsa_io_trans_name2(t, &trn->name[i], ps, depth)) /* translated name */
-				return False;
-		}
-
-		for (i = 0; i < trn->num_entries2; i++) {
-			fstring t;
-			slprintf(t, sizeof(t) - 1, "name[%d] ", i);
-
-			if(!smb_io_unistr2(t, &trn->uni_name[i], trn->name[i].hdr_name.buffer, ps, depth))
-				return False;
-			if(!prs_align(ps))
-				return False;
-		}
-	}
-
-	return True;
-}
-
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool lsa_io_r_lookup_sids(const char *desc, LSA_R_LOOKUP_SIDS *r_s, 
-			  prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_lookup_sids");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!prs_uint32("ptr_dom_ref", ps, depth, &r_s->ptr_dom_ref))
-		return False;
-
-	if (r_s->ptr_dom_ref != 0)
-		if(!lsa_io_dom_r_ref ("dom_ref", r_s->dom_ref, ps, depth)) /* domain reference info */
-			return False;
-
-	if(!lsa_io_trans_names("names  ", &r_s->names, ps, depth)) /* translated names */
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("mapped_count", ps, depth, &r_s->mapped_count))
-		return False;
-
-	if(!prs_ntstatus("status      ", ps, depth, &r_s->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool lsa_io_r_lookup_sids2(const char *desc, LSA_R_LOOKUP_SIDS2 *r_s, 
-			  prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_lookup_sids2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!prs_uint32("ptr_dom_ref", ps, depth, &r_s->ptr_dom_ref))
-		return False;
-
-	if (r_s->ptr_dom_ref != 0)
-		if(!lsa_io_dom_r_ref ("dom_ref", r_s->dom_ref, ps, depth)) /* domain reference info */
-			return False;
-
-	if(!lsa_io_trans_names2("names  ", &r_s->names, ps, depth)) /* translated names */
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("mapped_count", ps, depth, &r_s->mapped_count))
-		return False;
-
-	if(!prs_ntstatus("status      ", ps, depth, &r_s->status))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool lsa_io_r_lookup_sids3(const char *desc, LSA_R_LOOKUP_SIDS3 *r_s, 
-			  prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_lookup_sids3");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!prs_uint32("ptr_dom_ref", ps, depth, &r_s->ptr_dom_ref))
-		return False;
-
-	if (r_s->ptr_dom_ref != 0)
-		if(!lsa_io_dom_r_ref ("dom_ref", r_s->dom_ref, ps, depth)) /* domain reference info */
-			return False;
-
-	if(!lsa_io_trans_names2("names  ", &r_s->names, ps, depth)) /* translated names */
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("mapped_count", ps, depth, &r_s->mapped_count))
-		return False;
-
-	if(!prs_ntstatus("status      ", ps, depth, &r_s->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-makes a structure.
-********************************************************************/
-
-void init_q_lookup_names(TALLOC_CTX *mem_ctx, LSA_Q_LOOKUP_NAMES *q_l, 
-			 POLICY_HND *hnd, int num_names, const char **names, 
-			 int level)
-{
-	unsigned int i;
-
-	DEBUG(5, ("init_q_lookup_names\n"));
-
-	ZERO_STRUCTP(q_l);
-
-	q_l->pol = *hnd;
-	q_l->num_entries = num_names;
-	q_l->num_entries2 = num_names;
-	q_l->lookup_level = level;
-
-	if (num_names) {
-		if ((q_l->uni_name = TALLOC_ZERO_ARRAY(mem_ctx, UNISTR2, num_names)) == NULL) {
-			DEBUG(3, ("init_q_lookup_names(): out of memory\n"));
-			return;
-		}
-
-		if ((q_l->hdr_name = TALLOC_ZERO_ARRAY(mem_ctx, UNIHDR, num_names)) == NULL) {
-			DEBUG(3, ("init_q_lookup_names(): out of memory\n"));
-			return;
-		}
-	} else {
-		q_l->uni_name = NULL;
-		q_l->hdr_name = NULL;
-	}
-
-	for (i = 0; i < num_names; i++) {
-		init_unistr2(&q_l->uni_name[i], names[i], UNI_FLAGS_NONE);
-		init_uni_hdr(&q_l->hdr_name[i], &q_l->uni_name[i]);
-	}
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool lsa_io_q_lookup_names(const char *desc, LSA_Q_LOOKUP_NAMES *q_r, 
-			   prs_struct *ps, int depth)
-{
-	unsigned int i;
-
-	prs_debug(ps, depth, desc, "lsa_io_q_lookup_names");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("", &q_r->pol, ps, depth)) /* policy handle */
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("num_entries    ", ps, depth, &q_r->num_entries))
-		return False;
-	if(!prs_uint32("num_entries2   ", ps, depth, &q_r->num_entries2))
-		return False;
-
-	if (UNMARSHALLING(ps)) {
-		if (q_r->num_entries) {
-			if ((q_r->hdr_name = PRS_ALLOC_MEM(ps, UNIHDR, q_r->num_entries)) == NULL)
-				return False;
-			if ((q_r->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, q_r->num_entries)) == NULL)
-				return False;
-		}
-	}
-
-	for (i = 0; i < q_r->num_entries; i++) {
-		if(!prs_align(ps))
-			return False;
-		if(!smb_io_unihdr("hdr_name", &q_r->hdr_name[i], ps, depth)) /* pointer names */
-			return False;
-	}
-
-	for (i = 0; i < q_r->num_entries; i++) {
-		if(!prs_align(ps))
-			return False;
-		if(!smb_io_unistr2("dom_name", &q_r->uni_name[i], q_r->hdr_name[i].buffer, ps, depth)) /* names to be looked up */
-			return False;
-	}
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("num_trans_entries ", ps, depth, &q_r->num_trans_entries))
-		return False;
-	if(!prs_uint32("ptr_trans_sids ", ps, depth, &q_r->ptr_trans_sids))
-		return False;
-	if(!prs_uint16("lookup_level   ", ps, depth, &q_r->lookup_level))
-		return False;
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("mapped_count   ", ps, depth, &q_r->mapped_count))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool lsa_io_r_lookup_names(const char *desc, LSA_R_LOOKUP_NAMES *out, prs_struct *ps, int depth)
-{
-	unsigned int i;
-
-	prs_debug(ps, depth, desc, "lsa_io_r_lookup_names");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr_dom_ref", ps, depth, &out->ptr_dom_ref))
-		return False;
-
-	if (out->ptr_dom_ref != 0)
-		if(!lsa_io_dom_r_ref("", out->dom_ref, ps, depth))
-			return False;
-
-	if(!prs_uint32("num_entries", ps, depth, &out->num_entries))
-		return False;
-	if(!prs_uint32("ptr_entries", ps, depth, &out->ptr_entries))
-		return False;
-
-	if (out->ptr_entries != 0) {
-		if(!prs_uint32("num_entries2", ps, depth, &out->num_entries2))
-			return False;
-
-		if (out->num_entries2 != out->num_entries) {
-			/* RPC fault */
-			return False;
-		}
-
-		if (UNMARSHALLING(ps) && out->num_entries2) {
-			if ((out->dom_rid = PRS_ALLOC_MEM(ps, DOM_RID, out->num_entries2))
-			    == NULL) {
-				DEBUG(3, ("lsa_io_r_lookup_names(): out of memory\n"));
-				return False;
-			}
-		}
-
-		for (i = 0; i < out->num_entries2; i++)
-			if(!smb_io_dom_rid("", &out->dom_rid[i], ps, depth)) /* domain RIDs being looked up */
-				return False;
-	}
-
-	if(!prs_uint32("mapped_count", ps, depth, &out->mapped_count))
-		return False;
-
-	if(!prs_ntstatus("status      ", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool lsa_io_q_lookup_names2(const char *desc, LSA_Q_LOOKUP_NAMES2 *q_r, 
-			   prs_struct *ps, int depth)
-{
-	unsigned int i;
-
-	prs_debug(ps, depth, desc, "lsa_io_q_lookup_names2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("", &q_r->pol, ps, depth)) /* policy handle */
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("num_entries    ", ps, depth, &q_r->num_entries))
-		return False;
-	if(!prs_uint32("num_entries2   ", ps, depth, &q_r->num_entries2))
-		return False;
-
-	if (UNMARSHALLING(ps)) {
-		if (q_r->num_entries) {
-			if ((q_r->hdr_name = PRS_ALLOC_MEM(ps, UNIHDR, q_r->num_entries)) == NULL)
-				return False;
-			if ((q_r->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, q_r->num_entries)) == NULL)
-				return False;
-		}
-	}
-
-	for (i = 0; i < q_r->num_entries; i++) {
-		if(!prs_align(ps))
-			return False;
-		if(!smb_io_unihdr("hdr_name", &q_r->hdr_name[i], ps, depth)) /* pointer names */
-			return False;
-	}
-
-	for (i = 0; i < q_r->num_entries; i++) {
-		if(!prs_align(ps))
-			return False;
-		if(!smb_io_unistr2("dom_name", &q_r->uni_name[i], q_r->hdr_name[i].buffer, ps, depth)) /* names to be looked up */
-			return False;
-	}
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("num_trans_entries ", ps, depth, &q_r->num_trans_entries))
-		return False;
-	if(!prs_uint32("ptr_trans_sids ", ps, depth, &q_r->ptr_trans_sids))
-		return False;
-	if(!prs_uint16("lookup_level   ", ps, depth, &q_r->lookup_level))
-		return False;
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("mapped_count   ", ps, depth, &q_r->mapped_count))
-		return False;
-	if(!prs_uint32("unknown1   ", ps, depth, &q_r->unknown1))
-		return False;
-	if(!prs_uint32("unknown2   ", ps, depth, &q_r->unknown2))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool lsa_io_r_lookup_names2(const char *desc, LSA_R_LOOKUP_NAMES2 *out, prs_struct *ps, int depth)
-{
-	unsigned int i;
-
-	prs_debug(ps, depth, desc, "lsa_io_r_lookup_names2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr_dom_ref", ps, depth, &out->ptr_dom_ref))
-		return False;
-
-	if (out->ptr_dom_ref != 0)
-		if(!lsa_io_dom_r_ref("", out->dom_ref, ps, depth))
-			return False;
-
-	if(!prs_uint32("num_entries", ps, depth, &out->num_entries))
-		return False;
-	if(!prs_uint32("ptr_entries", ps, depth, &out->ptr_entries))
-		return False;
-
-	if (out->ptr_entries != 0) {
-		if(!prs_uint32("num_entries2", ps, depth, &out->num_entries2))
-			return False;
-
-		if (out->num_entries2 != out->num_entries) {
-			/* RPC fault */
-			return False;
-		}
-
-		if (UNMARSHALLING(ps) && out->num_entries2) {
-			if ((out->dom_rid = PRS_ALLOC_MEM(ps, DOM_RID2, out->num_entries2))
-			    == NULL) {
-				DEBUG(3, ("lsa_io_r_lookup_names2(): out of memory\n"));
-				return False;
-			}
-		}
-
-		for (i = 0; i < out->num_entries2; i++)
-			if(!smb_io_dom_rid2("", &out->dom_rid[i], ps, depth)) /* domain RIDs being looked up */
-				return False;
-	}
-
-	if(!prs_uint32("mapped_count", ps, depth, &out->mapped_count))
-		return False;
-
-	if(!prs_ntstatus("status      ", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Internal lsa data type io.
- Following pass must read DOM_SID2 types.
-********************************************************************/
-
-bool smb_io_lsa_translated_sids3(const char *desc, LSA_TRANSLATED_SID3 *q_r, 
-			   prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "smb_io_lsa_translated_sids3");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint8 ("sid_type ", ps, depth, &q_r->sid_type ))
-		return False;
-	if(!prs_align(ps))
-		return False;
-	/* Second pass will read/write these. */
-	if (!smb_io_dom_sid2_p("sid_header", ps, depth, &q_r->sid2))
-		return False;
-	if(!prs_uint32("sid_idx ", ps, depth, &q_r->sid_idx ))
-		return False;
-	if(!prs_uint32("unknown ", ps, depth, &q_r->unknown ))
-		return False;
-	
-	return True;
-}
-
-/*******************************************************************
- Identical to lsa_io_q_lookup_names2.
-********************************************************************/
-
-bool lsa_io_q_lookup_names3(const char *desc, LSA_Q_LOOKUP_NAMES3 *q_r, 
-			   prs_struct *ps, int depth)
-{
-	unsigned int i;
-
-	prs_debug(ps, depth, desc, "lsa_io_q_lookup_names3");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("", &q_r->pol, ps, depth)) /* policy handle */
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("num_entries    ", ps, depth, &q_r->num_entries))
-		return False;
-	if(!prs_uint32("num_entries2   ", ps, depth, &q_r->num_entries2))
-		return False;
-
-	if (UNMARSHALLING(ps)) {
-		if (q_r->num_entries) {
-			if ((q_r->hdr_name = PRS_ALLOC_MEM(ps, UNIHDR, q_r->num_entries)) == NULL)
-				return False;
-			if ((q_r->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, q_r->num_entries)) == NULL)
-				return False;
-		}
-	}
-
-	for (i = 0; i < q_r->num_entries; i++) {
-		if(!prs_align(ps))
-			return False;
-		if(!smb_io_unihdr("hdr_name", &q_r->hdr_name[i], ps, depth)) /* pointer names */
-			return False;
-	}
-
-	for (i = 0; i < q_r->num_entries; i++) {
-		if(!prs_align(ps))
-			return False;
-		if(!smb_io_unistr2("dom_name", &q_r->uni_name[i], q_r->hdr_name[i].buffer, ps, depth)) /* names to be looked up */
-			return False;
-	}
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("num_trans_entries ", ps, depth, &q_r->num_trans_entries))
-		return False;
-	if(!prs_uint32("ptr_trans_sids ", ps, depth, &q_r->ptr_trans_sids))
-		return False;
-	if(!prs_uint16("lookup_level   ", ps, depth, &q_r->lookup_level))
-		return False;
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("mapped_count   ", ps, depth, &q_r->mapped_count))
-		return False;
-	if(!prs_uint32("unknown1   ", ps, depth, &q_r->unknown1))
-		return False;
-	if(!prs_uint32("unknown2   ", ps, depth, &q_r->unknown2))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool lsa_io_r_lookup_names3(const char *desc, LSA_R_LOOKUP_NAMES3 *out, prs_struct *ps, int depth)
-{
-	unsigned int i;
-
-	prs_debug(ps, depth, desc, "lsa_io_r_lookup_names3");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr_dom_ref", ps, depth, &out->ptr_dom_ref))
-		return False;
-
-	if (out->ptr_dom_ref != 0)
-		if(!lsa_io_dom_r_ref("", out->dom_ref, ps, depth))
-			return False;
-
-	if(!prs_uint32("num_entries", ps, depth, &out->num_entries))
-		return False;
-	if(!prs_uint32("ptr_entries", ps, depth, &out->ptr_entries))
-		return False;
-
-	if (out->ptr_entries != 0) {
-		if(!prs_uint32("num_entries2", ps, depth, &out->num_entries2))
-			return False;
-
-		if (out->num_entries2 != out->num_entries) {
-			/* RPC fault */
-			return False;
-		}
-
-		if (UNMARSHALLING(ps) && out->num_entries2) {
-			if ((out->trans_sids = PRS_ALLOC_MEM(ps, LSA_TRANSLATED_SID3, out->num_entries2))
-			    == NULL) {
-				DEBUG(3, ("lsa_io_r_lookup_names3(): out of memory\n"));
-				return False;
-			}
-		}
-
-		for (i = 0; i < out->num_entries2; i++) {
-			if(!smb_io_lsa_translated_sids3("", &out->trans_sids[i], ps, depth)) {
-				return False;
-			}
-		}
-		/* Now process the DOM_SID2 entries. */
-		for (i = 0; i < out->num_entries2; i++) {
-			if (out->trans_sids[i].sid2) {
-				if( !smb_io_dom_sid2("sid2", out->trans_sids[i].sid2, ps, depth) ) {
-					return False;
-				}
-			}
-		}
-	}
-
-	if(!prs_uint32("mapped_count", ps, depth, &out->mapped_count))
-		return False;
-
-	if(!prs_ntstatus("status      ", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool lsa_io_q_lookup_names4(const char *desc, LSA_Q_LOOKUP_NAMES4 *q_r, 
-			   prs_struct *ps, int depth)
-{
-	unsigned int i;
-
-	prs_debug(ps, depth, desc, "lsa_io_q_lookup_names4");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("num_entries    ", ps, depth, &q_r->num_entries))
-		return False;
-	if(!prs_uint32("num_entries2   ", ps, depth, &q_r->num_entries2))
-		return False;
-
-	if (UNMARSHALLING(ps)) {
-		if (q_r->num_entries) {
-			if ((q_r->hdr_name = PRS_ALLOC_MEM(ps, UNIHDR, q_r->num_entries)) == NULL)
-				return False;
-			if ((q_r->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, q_r->num_entries)) == NULL)
-				return False;
-		}
-	}
-
-	for (i = 0; i < q_r->num_entries; i++) {
-		if(!prs_align(ps))
-			return False;
-		if(!smb_io_unihdr("hdr_name", &q_r->hdr_name[i], ps, depth)) /* pointer names */
-			return False;
-	}
-
-	for (i = 0; i < q_r->num_entries; i++) {
-		if(!prs_align(ps))
-			return False;
-		if(!smb_io_unistr2("dom_name", &q_r->uni_name[i], q_r->hdr_name[i].buffer, ps, depth)) /* names to be looked up */
-			return False;
-	}
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("num_trans_entries ", ps, depth, &q_r->num_trans_entries))
-		return False;
-	if(!prs_uint32("ptr_trans_sids ", ps, depth, &q_r->ptr_trans_sids))
-		return False;
-	if(!prs_uint16("lookup_level   ", ps, depth, &q_r->lookup_level))
-		return False;
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("mapped_count   ", ps, depth, &q_r->mapped_count))
-		return False;
-	if(!prs_uint32("unknown1   ", ps, depth, &q_r->unknown1))
-		return False;
-	if(!prs_uint32("unknown2   ", ps, depth, &q_r->unknown2))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Identical to lsa_io_r_lookup_names3.
-********************************************************************/
-
-bool lsa_io_r_lookup_names4(const char *desc, LSA_R_LOOKUP_NAMES4 *out, prs_struct *ps, int depth)
-{
-	unsigned int i;
-
-	prs_debug(ps, depth, desc, "lsa_io_r_lookup_names4");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr_dom_ref", ps, depth, &out->ptr_dom_ref))
-		return False;
-
-	if (out->ptr_dom_ref != 0)
-		if(!lsa_io_dom_r_ref("", out->dom_ref, ps, depth))
-			return False;
-
-	if(!prs_uint32("num_entries", ps, depth, &out->num_entries))
-		return False;
-	if(!prs_uint32("ptr_entries", ps, depth, &out->ptr_entries))
-		return False;
-
-	if (out->ptr_entries != 0) {
-		if(!prs_uint32("num_entries2", ps, depth, &out->num_entries2))
-			return False;
-
-		if (out->num_entries2 != out->num_entries) {
-			/* RPC fault */
-			return False;
-		}
-
-		if (UNMARSHALLING(ps) && out->num_entries2) {
-			if ((out->trans_sids = PRS_ALLOC_MEM(ps, LSA_TRANSLATED_SID3, out->num_entries2))
-			    == NULL) {
-				DEBUG(3, ("lsa_io_r_lookup_names4(): out of memory\n"));
-				return False;
-			}
-		}
-
-		for (i = 0; i < out->num_entries2; i++) {
-			if(!smb_io_lsa_translated_sids3("", &out->trans_sids[i], ps, depth)) {
-				return False;
-			}
-		}
-		/* Now process the DOM_SID2 entries. */
-		for (i = 0; i < out->num_entries2; i++) {
-			if (out->trans_sids[i].sid2) {
-				if( !smb_io_dom_sid2("sid2", out->trans_sids[i].sid2, ps, depth) ) {
-					return False;
-				}
-			}
-		}
-	}
-
-	if(!prs_uint32("mapped_count", ps, depth, &out->mapped_count))
-		return False;
-
-	if(!prs_ntstatus("status      ", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LSA_Q_OPEN_SECRET structure.
-********************************************************************/
-
-bool lsa_io_q_open_secret(const char *desc, LSA_Q_OPEN_SECRET *in, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_open_secret");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("", &in->handle, ps, depth))
-		return False;
-
-	if(!prs_unistr4 ("secretname", ps, depth, &in->secretname))
-		return False;
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("access", ps, depth, &in->access))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LSA_R_OPEN_SECRET structure.
-********************************************************************/
-
-bool lsa_io_r_open_secret(const char *desc, LSA_R_OPEN_SECRET *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_open_secret");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-   
-	if(!smb_io_pol_hnd("", &out->handle, ps, depth))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits an LSA_Q_ENUM_PRIVS structure.
-********************************************************************/
-
-void init_q_enum_privs(LSA_Q_ENUM_PRIVS *in, POLICY_HND *hnd, uint32 enum_context, uint32 pref_max_length)
-{
-	DEBUG(5, ("init_q_enum_privs\n"));
-
-	memcpy(&in->pol, hnd, sizeof(in->pol));
-
-	in->enum_context = enum_context;
-	in->pref_max_length = pref_max_length;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-bool lsa_io_q_enum_privs(const char *desc, LSA_Q_ENUM_PRIVS *in, prs_struct *ps, int depth)
-{
-	if (in == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "lsa_io_q_enum_privs");
-	depth++;
-
-	if (!smb_io_pol_hnd("", &in->pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("enum_context   ", ps, depth, &in->enum_context))
-		return False;
-	if(!prs_uint32("pref_max_length", ps, depth, &in->pref_max_length))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-static bool lsa_io_priv_entries(const char *desc, LSA_PRIV_ENTRY *entries, uint32 count, prs_struct *ps, int depth)
-{
-	uint32 i;
-
-	if (entries == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "lsa_io_priv_entries");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	for (i = 0; i < count; i++) {
-		if (!smb_io_unihdr("", &entries[i].hdr_name, ps, depth))
-			return False;
-		if(!prs_uint32("luid_low ", ps, depth, &entries[i].luid_low))
-			return False;
-		if(!prs_uint32("luid_high", ps, depth, &entries[i].luid_high))
-			return False;
-	}
-
-	for (i = 0; i < count; i++)
-		if (!smb_io_unistr2("", &entries[i].name, entries[i].hdr_name.buffer, ps, depth))
-			return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits an LSA_R_ENUM_PRIVS structure.
-********************************************************************/
-
-void init_lsa_r_enum_privs(LSA_R_ENUM_PRIVS *out, uint32 enum_context,
-			  uint32 count, LSA_PRIV_ENTRY *entries)
-{
-	DEBUG(5, ("init_lsa_r_enum_privs\n"));
-
-	out->enum_context=enum_context;
-	out->count=count;
-	
-	if (entries!=NULL) {
-		out->ptr=1;
-		out->count1=count;
-		out->privs=entries;
-	} else {
-		out->ptr=0;
-		out->count1=0;
-		out->privs=NULL;
-	}		
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-bool lsa_io_r_enum_privs(const char *desc, LSA_R_ENUM_PRIVS *out, prs_struct *ps, int depth)
-{
-	if (out == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "lsa_io_r_enum_privs");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("enum_context", ps, depth, &out->enum_context))
-		return False;
-	if(!prs_uint32("count", ps, depth, &out->count))
-		return False;
-	if(!prs_uint32("ptr", ps, depth, &out->ptr))
-		return False;
-
-	if (out->ptr) {
-		if(!prs_uint32("count1", ps, depth, &out->count1))
-			return False;
-
-		if (UNMARSHALLING(ps) && out->count1)
-			if (!(out->privs = PRS_ALLOC_MEM(ps, LSA_PRIV_ENTRY, out->count1)))
-				return False;
-
-		if (!lsa_io_priv_entries("", out->privs, out->count1, ps, depth))
-			return False;
-	}
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-void init_lsa_priv_get_dispname(LSA_Q_PRIV_GET_DISPNAME *trn, POLICY_HND *hnd, const char *name, uint16 lang_id, uint16 lang_id_sys)
-{
-	memcpy(&trn->pol, hnd, sizeof(trn->pol));
-
-	init_unistr2(&trn->name, name, UNI_FLAGS_NONE);
-	init_uni_hdr(&trn->hdr_name, &trn->name);
-	trn->lang_id = lang_id;
-	trn->lang_id_sys = lang_id_sys;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-bool lsa_io_q_priv_get_dispname(const char *desc, LSA_Q_PRIV_GET_DISPNAME *in, prs_struct *ps, int depth)
-{
-	if (in == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "lsa_io_q_priv_get_dispname");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if (!smb_io_pol_hnd("", &in->pol, ps, depth))
-		return False;
-
-	if (!smb_io_unihdr("hdr_name", &in->hdr_name, ps, depth))
-		return False;
-
-	if (!smb_io_unistr2("name", &in->name, in->hdr_name.buffer, ps, depth))
-		return False;
-
-	if(!prs_uint16("lang_id    ", ps, depth, &in->lang_id))
-		return False;
-	if(!prs_uint16("lang_id_sys", ps, depth, &in->lang_id_sys))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-bool lsa_io_r_priv_get_dispname(const char *desc, LSA_R_PRIV_GET_DISPNAME *out, prs_struct *ps, int depth)
-{
-	if (out == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "lsa_io_r_priv_get_dispname");
-	depth++;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("ptr_info", ps, depth, &out->ptr_info))
-		return False;
-
-	if (out->ptr_info){
-		if (!smb_io_unihdr("hdr_name", &out->hdr_desc, ps, depth))
-			return False;
-
-		if (!smb_io_unistr2("desc", &out->desc, out->hdr_desc.buffer, ps, depth))
-			return False;
-	}
-/*
-	if(!prs_align(ps))
-		return False;
-*/
-	if(!prs_uint16("lang_id", ps, depth, &out->lang_id))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-/*
-  initialise a LSA_Q_ENUM_ACCOUNTS structure
-*/
-void init_lsa_q_enum_accounts(LSA_Q_ENUM_ACCOUNTS *trn, POLICY_HND *hnd, uint32 enum_context, uint32 pref_max_length)
-{
-	memcpy(&trn->pol, hnd, sizeof(trn->pol));
-
-	trn->enum_context = enum_context;
-	trn->pref_max_length = pref_max_length;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-bool lsa_io_q_enum_accounts(const char *desc, LSA_Q_ENUM_ACCOUNTS *in, prs_struct *ps, int depth)
-{
-	if (in == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "lsa_io_q_enum_accounts");
-	depth++;
-
-	if (!smb_io_pol_hnd("", &in->pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("enum_context   ", ps, depth, &in->enum_context))
-		return False;
-	if(!prs_uint32("pref_max_length", ps, depth, &in->pref_max_length))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
- Inits an LSA_R_ENUM_PRIVS structure.
-********************************************************************/
-
-void init_lsa_r_enum_accounts(LSA_R_ENUM_ACCOUNTS *out, uint32 enum_context)
-{
-	DEBUG(5, ("init_lsa_r_enum_accounts\n"));
-
-	out->enum_context=enum_context;
-	if (out->enum_context!=0) {
-		out->sids.num_entries=enum_context;
-		out->sids.ptr_sid_enum=1;
-		out->sids.num_entries2=enum_context;
-	} else {
-		out->sids.num_entries=0;
-		out->sids.ptr_sid_enum=0;
-		out->sids.num_entries2=0;
-	}
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-bool lsa_io_r_enum_accounts(const char *desc, LSA_R_ENUM_ACCOUNTS *out, prs_struct *ps, int depth)
-{
-	if (out == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "lsa_io_r_enum_accounts");
-	depth++;
-
-	if (!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("enum_context", ps, depth, &out->enum_context))
-		return False;
-
-	if (!lsa_io_sid_enum("sids", &out->sids, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
- Reads or writes an LSA_Q_UNK_GET_CONNUSER structure.
-********************************************************************/
-
-bool lsa_io_q_unk_get_connuser(const char *desc, LSA_Q_UNK_GET_CONNUSER *in, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_unk_get_connuser");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-   
-	if(!prs_uint32("ptr_srvname", ps, depth, &in->ptr_srvname))
-		return False;
-
-	if(!smb_io_unistr2("uni2_srvname", &in->uni2_srvname, in->ptr_srvname, ps, depth)) /* server name to be looked up */
-		return False;
-
-	if (!prs_align(ps))
-	  return False;
-
-	if(!prs_uint32("unk1", ps, depth, &in->unk1))
-		return False;
-	if(!prs_uint32("unk2", ps, depth, &in->unk2))
-		return False;
-	if(!prs_uint32("unk3", ps, depth, &in->unk3))
-		return False;
-
-	/* Don't bother to read or write at present... */
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LSA_R_UNK_GET_CONNUSER structure.
-********************************************************************/
-
-bool lsa_io_r_unk_get_connuser(const char *desc, LSA_R_UNK_GET_CONNUSER *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_unk_get_connuser");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-   
-	if(!prs_uint32("ptr_user_name", ps, depth, &out->ptr_user_name))
-		return False;
-	if(!smb_io_unihdr("hdr_user_name", &out->hdr_user_name, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni2_user_name", &out->uni2_user_name, out->ptr_user_name, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-	  return False;
-	
-	if(!prs_uint32("unk1", ps, depth, &out->unk1))
-		return False;
-
-	if(!prs_uint32("ptr_dom_name", ps, depth, &out->ptr_dom_name))
-		return False;
-	if(!smb_io_unihdr("hdr_dom_name", &out->hdr_dom_name, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni2_dom_name", &out->uni2_dom_name, out->ptr_dom_name, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-	  return False;
-	
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-void init_lsa_q_create_account(LSA_Q_CREATEACCOUNT *trn, POLICY_HND *hnd, DOM_SID *sid, uint32 desired_access)
-{
-	memcpy(&trn->pol, hnd, sizeof(trn->pol));
-
-	init_dom_sid2(&trn->sid, sid);
-	trn->access = desired_access;
-}
-
-
-/*******************************************************************
- Reads or writes an LSA_Q_CREATEACCOUNT structure.
-********************************************************************/
-
-bool lsa_io_q_create_account(const char *desc, LSA_Q_CREATEACCOUNT *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_create_account");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if(!smb_io_pol_hnd("pol", &out->pol, ps, depth))
-		return False;
-
-	if(!smb_io_dom_sid2("sid", &out->sid, ps, depth)) /* domain SID */
-		return False;
-
- 	if(!prs_uint32("access", ps, depth, &out->access))
-		return False;
-  
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LSA_R_CREATEACCOUNT structure.
-********************************************************************/
-
-bool lsa_io_r_create_account(const char *desc, LSA_R_CREATEACCOUNT  *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_open_account");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if(!smb_io_pol_hnd("pol", &out->pol, ps, depth))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-
-void init_lsa_q_open_account(LSA_Q_OPENACCOUNT *trn, POLICY_HND *hnd, DOM_SID *sid, uint32 desired_access)
-{
-	memcpy(&trn->pol, hnd, sizeof(trn->pol));
-
-	init_dom_sid2(&trn->sid, sid);
-	trn->access = desired_access;
-}
-
-/*******************************************************************
- Reads or writes an LSA_Q_OPENACCOUNT structure.
-********************************************************************/
-
-bool lsa_io_q_open_account(const char *desc, LSA_Q_OPENACCOUNT *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_open_account");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if(!smb_io_pol_hnd("pol", &out->pol, ps, depth))
-		return False;
-
-	if(!smb_io_dom_sid2("sid", &out->sid, ps, depth)) /* domain SID */
-		return False;
-
- 	if(!prs_uint32("access", ps, depth, &out->access))
-		return False;
-  
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LSA_R_OPENACCOUNT structure.
-********************************************************************/
-
-bool lsa_io_r_open_account(const char *desc, LSA_R_OPENACCOUNT  *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_open_account");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if(!smb_io_pol_hnd("pol", &out->pol, ps, depth))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-
-void init_lsa_q_enum_privsaccount(LSA_Q_ENUMPRIVSACCOUNT *trn, POLICY_HND *hnd)
-{
-	memcpy(&trn->pol, hnd, sizeof(trn->pol));
-
-}
-
-/*******************************************************************
- Reads or writes an LSA_Q_ENUMPRIVSACCOUNT structure.
-********************************************************************/
-
-bool lsa_io_q_enum_privsaccount(const char *desc, LSA_Q_ENUMPRIVSACCOUNT *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_enum_privsaccount");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if(!smb_io_pol_hnd("pol", &out->pol, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LUID structure.
-********************************************************************/
-
-static bool lsa_io_luid(const char *desc, LUID *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_luid");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if(!prs_uint32("low", ps, depth, &out->low))
-		return False;
-
-	if(!prs_uint32("high", ps, depth, &out->high))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LUID_ATTR structure.
-********************************************************************/
-
-static bool lsa_io_luid_attr(const char *desc, LUID_ATTR *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_luid_attr");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if (!lsa_io_luid(desc, &out->luid, ps, depth))
-		return False;
-
-	if(!prs_uint32("attr", ps, depth, &out->attr))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an PRIVILEGE_SET structure.
-********************************************************************/
-
-static bool lsa_io_privilege_set(const char *desc, PRIVILEGE_SET *out, prs_struct *ps, int depth)
-{
-	uint32 i, dummy;
-
-	prs_debug(ps, depth, desc, "lsa_io_privilege_set");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if(!prs_uint32("count", ps, depth, &dummy))
-		return False;
-	if(!prs_uint32("control", ps, depth, &out->control))
-		return False;
-
-	for (i=0; i<out->count; i++) {
-		if (!lsa_io_luid_attr(desc, &out->set[i], ps, depth))
-			return False;
-	}
-	
-	return True;
-}
-
-NTSTATUS init_lsa_r_enum_privsaccount(TALLOC_CTX *mem_ctx, LSA_R_ENUMPRIVSACCOUNT *out, LUID_ATTR *set, uint32 count, uint32 control)
-{
-	NTSTATUS ret = NT_STATUS_OK;
-
-	out->ptr = 1;
-	out->count = count;
-
-	if ( !NT_STATUS_IS_OK(ret = privilege_set_init_by_ctx(mem_ctx, &(out->set))) )
-		return ret;
-	
-	out->set.count = count;
-	
-	if (!NT_STATUS_IS_OK(ret = dup_luid_attr(out->set.mem_ctx, &(out->set.set), set, count)))
-		return ret;
-
-	DEBUG(10,("init_lsa_r_enum_privsaccount: %d privileges\n", out->count));
-
-	return ret;
-}
-
-/*******************************************************************
- Reads or writes an LSA_R_ENUMPRIVSACCOUNT structure.
-********************************************************************/
-
-bool lsa_io_r_enum_privsaccount(const char *desc, LSA_R_ENUMPRIVSACCOUNT *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_enum_privsaccount");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if(!prs_uint32("ptr", ps, depth, &out->ptr))
-		return False;
-
-	if (out->ptr!=0) {
-		if(!prs_uint32("count", ps, depth, &out->count))
-			return False;
-
-		/* malloc memory if unmarshalling here */
-
-		if (UNMARSHALLING(ps) && out->count != 0) {
-			if (!NT_STATUS_IS_OK(privilege_set_init_by_ctx(ps->mem_ctx, &(out->set))))
-				return False;
-
-			if (!(out->set.set = PRS_ALLOC_MEM(ps,LUID_ATTR,out->count)))
-				return False;
-
-		}
-		
-		if(!lsa_io_privilege_set(desc, &out->set, ps, depth))
-			return False;
-	}
-
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-
-
-/*******************************************************************
- Reads or writes an  LSA_Q_GETSYSTEMACCOUNTstructure.
-********************************************************************/
-
-bool lsa_io_q_getsystemaccount(const char *desc, LSA_Q_GETSYSTEMACCOUNT  *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_getsystemaccount");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if(!smb_io_pol_hnd("pol", &out->pol, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an  LSA_R_GETSYSTEMACCOUNTstructure.
-********************************************************************/
-
-bool lsa_io_r_getsystemaccount(const char *desc, LSA_R_GETSYSTEMACCOUNT  *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_getsystemaccount");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if(!prs_uint32("access", ps, depth, &out->access))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
- Reads or writes an LSA_Q_SETSYSTEMACCOUNT structure.
-********************************************************************/
-
-bool lsa_io_q_setsystemaccount(const char *desc, LSA_Q_SETSYSTEMACCOUNT  *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_setsystemaccount");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if(!smb_io_pol_hnd("pol", &out->pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("access", ps, depth, &out->access))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LSA_R_SETSYSTEMACCOUNT structure.
-********************************************************************/
-
-bool lsa_io_r_setsystemaccount(const char *desc, LSA_R_SETSYSTEMACCOUNT  *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_setsystemaccount");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-
-void init_lsa_string( LSA_STRING *uni, const char *string )
-{
-	init_unistr2(&uni->unistring, string, UNI_FLAGS_NONE);
-	init_uni_hdr(&uni->hdr, &uni->unistring);
-}
-
-void init_lsa_q_lookup_priv_value(LSA_Q_LOOKUP_PRIV_VALUE *q_u, POLICY_HND *hnd, const char *name)
-{
-	memcpy(&q_u->pol, hnd, sizeof(q_u->pol));
-	init_lsa_string( &q_u->privname, name );
-}
-
-bool smb_io_lsa_string( const char *desc, LSA_STRING *string, prs_struct *ps, int depth )
-{
-	prs_debug(ps, depth, desc, "smb_io_lsa_string");
-	depth++;
-
-	if(!smb_io_unihdr ("hdr", &string->hdr, ps, depth))
-		return False;
-	if(!smb_io_unistr2("unistring", &string->unistring, string->hdr.buffer, ps, depth))
-		return False;
-	
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LSA_Q_LOOKUP_PRIV_VALUE  structure.
-********************************************************************/
-
-bool lsa_io_q_lookup_priv_value(const char *desc, LSA_Q_LOOKUP_PRIV_VALUE  *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_lookup_priv_value");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if(!smb_io_pol_hnd("pol", &out->pol, ps, depth))
-		return False;
-	if(!smb_io_lsa_string("privname", &out->privname, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an  LSA_R_LOOKUP_PRIV_VALUE structure.
-********************************************************************/
-
-bool lsa_io_r_lookup_priv_value(const char *desc, LSA_R_LOOKUP_PRIV_VALUE  *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_lookup_priv_value");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-		
-	if(!lsa_io_luid("luid", &out->luid, ps, depth))
-		return False;
- 
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
- Reads or writes an LSA_Q_ADDPRIVS structure.
-********************************************************************/
-
-bool lsa_io_q_addprivs(const char *desc, LSA_Q_ADDPRIVS *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_addprivs");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if(!smb_io_pol_hnd("pol", &out->pol, ps, depth))
-		return False;
-	
-	if(!prs_uint32("count", ps, depth, &out->count))
-		return False;
-
-	if (UNMARSHALLING(ps) && out->count!=0) {
-		if (!NT_STATUS_IS_OK(privilege_set_init_by_ctx(ps->mem_ctx, &(out->set))))
-			return False;
-		
-		if (!(out->set.set = PRS_ALLOC_MEM(ps, LUID_ATTR, out->count)))
-			return False;
-	}
-	
-	if(!lsa_io_privilege_set(desc, &out->set, ps, depth))
-		return False;
-	
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LSA_R_ADDPRIVS structure.
-********************************************************************/
-
-bool lsa_io_r_addprivs(const char *desc, LSA_R_ADDPRIVS *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_addprivs");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LSA_Q_REMOVEPRIVS structure.
-********************************************************************/
-
-bool lsa_io_q_removeprivs(const char *desc, LSA_Q_REMOVEPRIVS *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_removeprivs");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if(!smb_io_pol_hnd("pol", &out->pol, ps, depth))
-		return False;
-	
-	if(!prs_uint32("allrights", ps, depth, &out->allrights))
-		return False;
-
-	if(!prs_uint32("ptr", ps, depth, &out->ptr))
-		return False;
-
-	/* 
-	 * JFM: I'm not sure at all if the count is inside the ptr
-	 * never seen one with ptr=0
-	 */
-
-	if (out->ptr!=0) {
-		if(!prs_uint32("count", ps, depth, &out->count))
-			return False;
-
-		if (UNMARSHALLING(ps) && out->count!=0) {
-			if (!NT_STATUS_IS_OK(privilege_set_init_by_ctx(ps->mem_ctx, &(out->set))))
-				return False;
-
-			if (!(out->set.set = PRS_ALLOC_MEM(ps, LUID_ATTR, out->count)))
-				return False;
-		}
-
-		if(!lsa_io_privilege_set(desc, &out->set, ps, depth))
-			return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LSA_R_REMOVEPRIVS structure.
-********************************************************************/
-
-bool lsa_io_r_removeprivs(const char *desc, LSA_R_REMOVEPRIVS *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_removeprivs");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-bool policy_handle_is_valid(const POLICY_HND *hnd)
-{
-	POLICY_HND zero_pol;
-
-	ZERO_STRUCT(zero_pol);
-	return ((memcmp(&zero_pol, hnd, sizeof(POLICY_HND)) == 0) ? False : True );
-}
-
-/*******************************************************************
- Inits an LSA_Q_QUERY_INFO2 structure.
-********************************************************************/
-
-void init_q_query2(LSA_Q_QUERY_INFO2 *in, POLICY_HND *hnd, uint16 info_class)
-{
-	DEBUG(5, ("init_q_query2\n"));
-
-	memcpy(&in->pol, hnd, sizeof(in->pol));
-
-	in->info_class = info_class;
-}
-
-/*******************************************************************
- Reads or writes an LSA_Q_QUERY_DNSDOMINFO structure.
-********************************************************************/
-
-bool lsa_io_q_query_info2(const char *desc, LSA_Q_QUERY_INFO2 *in, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_query_info2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if(!smb_io_pol_hnd("pol", &in->pol, ps, depth))
-		return False;
-	
-	if(!prs_uint16("info_class", ps, depth, &in->info_class))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LSA_R_QUERY_DNSDOMINFO structure.
-********************************************************************/
-
-bool lsa_io_r_query_info2(const char *desc, LSA_R_QUERY_INFO2 *out,
-			  prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_query_info2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("dom_ptr", ps, depth, &out->dom_ptr))
-		return False;
-
-	if (out->dom_ptr) {
-
-		if(!lsa_io_query_info_ctr2("", ps, depth, &out->ctr))
-			return False;
-	}
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits an LSA_Q_ENUM_ACCT_RIGHTS structure.
-********************************************************************/
-void init_q_enum_acct_rights(LSA_Q_ENUM_ACCT_RIGHTS *in, 
-			     POLICY_HND *hnd, 
-			     uint32 count, 
-			     DOM_SID *sid)
-{
-	DEBUG(5, ("init_q_enum_acct_rights\n"));
-
-	in->pol = *hnd;
-	init_dom_sid2(&in->sid, sid);
-}
-
-/*******************************************************************
-********************************************************************/
-NTSTATUS init_r_enum_acct_rights( LSA_R_ENUM_ACCT_RIGHTS *out, PRIVILEGE_SET *privileges )
-{
-	uint32 i;
-	const char *privname;
-	const char **privname_array = NULL;
-	int num_priv = 0;
-
-	for ( i=0; i<privileges->count; i++ ) {
-		privname = luid_to_privilege_name( &privileges->set[i].luid );
-		if ( privname ) {
-			if ( !add_string_to_array( talloc_tos(), privname, &privname_array, &num_priv ) )
-				return NT_STATUS_NO_MEMORY;
-		}
-	}
-
-	if ( num_priv ) {
-		out->rights = TALLOC_P( talloc_tos(), UNISTR4_ARRAY );
-		if (!out->rights) {
-			return NT_STATUS_NO_MEMORY;
-		}
-
-		if ( !init_unistr4_array( out->rights, num_priv, privname_array ) ) 
-			return NT_STATUS_NO_MEMORY;
-
-		out->count = num_priv;
-	}
-
-	return NT_STATUS_OK;
-}
-
-/*******************************************************************
-reads or writes a LSA_Q_ENUM_ACCT_RIGHTS structure.
-********************************************************************/
-bool lsa_io_q_enum_acct_rights(const char *desc, LSA_Q_ENUM_ACCT_RIGHTS *in, prs_struct *ps, int depth)
-{
-	
-	if (in == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "lsa_io_q_enum_acct_rights");
-	depth++;
-
-	if (!smb_io_pol_hnd("", &in->pol, ps, depth))
-		return False;
-
-	if(!smb_io_dom_sid2("sid", &in->sid, ps, depth))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
-reads or writes a LSA_R_ENUM_ACCT_RIGHTS structure.
-********************************************************************/
-bool lsa_io_r_enum_acct_rights(const char *desc, LSA_R_ENUM_ACCT_RIGHTS *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_enum_acct_rights");
-	depth++;
-
-	if(!prs_uint32("count   ", ps, depth, &out->count))
-		return False;
-
-	if ( !prs_pointer("rights", ps, depth, (void*)&out->rights, sizeof(UNISTR4_ARRAY), (PRS_POINTER_CAST)prs_unistr4_array) )
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
- Inits an LSA_Q_ADD_ACCT_RIGHTS structure.
-********************************************************************/
-void init_q_add_acct_rights( LSA_Q_ADD_ACCT_RIGHTS *in, POLICY_HND *hnd, 
-                             DOM_SID *sid, uint32 count, const char **rights )
-{
-	DEBUG(5, ("init_q_add_acct_rights\n"));
-
-	in->pol = *hnd;
-	init_dom_sid2(&in->sid, sid);
-	
-	in->rights = TALLOC_P( talloc_tos(), UNISTR4_ARRAY );
-	if (!in->rights) {
-		smb_panic("init_q_add_acct_rights: talloc fail\n");
-		return;
-	}
-	init_unistr4_array( in->rights, count, rights );
-	
-	in->count = count;
-}
-
-
-/*******************************************************************
-reads or writes a LSA_Q_ADD_ACCT_RIGHTS structure.
-********************************************************************/
-bool lsa_io_q_add_acct_rights(const char *desc, LSA_Q_ADD_ACCT_RIGHTS *in, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_add_acct_rights");
-	depth++;
-
-	if (!smb_io_pol_hnd("", &in->pol, ps, depth))
-		return False;
-
-	if(!smb_io_dom_sid2("sid", &in->sid, ps, depth))
-		return False;
-
-	if(!prs_uint32("count", ps, depth, &in->count))
-		return False;
-
-	if ( !prs_pointer("rights", ps, depth, (void*)&in->rights, sizeof(UNISTR4_ARRAY), (PRS_POINTER_CAST)prs_unistr4_array) )
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a LSA_R_ENUM_ACCT_RIGHTS structure.
-********************************************************************/
-bool lsa_io_r_add_acct_rights(const char *desc, LSA_R_ADD_ACCT_RIGHTS *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_add_acct_rights");
-	depth++;
-
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits an LSA_Q_REMOVE_ACCT_RIGHTS structure.
-********************************************************************/
-
-void init_q_remove_acct_rights(LSA_Q_REMOVE_ACCT_RIGHTS *in, 
-			       POLICY_HND *hnd, 
-			       DOM_SID *sid,
-			       uint32 removeall,
-			       uint32 count, 
-			       const char **rights)
-{
-	DEBUG(5, ("init_q_remove_acct_rights\n"));
-
-	in->pol = *hnd;
-
-	init_dom_sid2(&in->sid, sid);
-
-	in->removeall = removeall;
-	in->count = count;
-
-	in->rights = TALLOC_P( talloc_tos(), UNISTR4_ARRAY );
-	if (!in->rights) {
-		smb_panic("init_q_remove_acct_rights: talloc fail\n");
-		return;
-	}
-	init_unistr4_array( in->rights, count, rights );
-}
-
-/*******************************************************************
-reads or writes a LSA_Q_REMOVE_ACCT_RIGHTS structure.
-********************************************************************/
-
-bool lsa_io_q_remove_acct_rights(const char *desc, LSA_Q_REMOVE_ACCT_RIGHTS *in, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_remove_acct_rights");
-	depth++;
-
-	if (!smb_io_pol_hnd("", &in->pol, ps, depth))
-		return False;
-
-	if(!smb_io_dom_sid2("sid", &in->sid, ps, depth))
-		return False;
-
-	if(!prs_uint32("removeall", ps, depth, &in->removeall))
-		return False;
-
-	if(!prs_uint32("count", ps, depth, &in->count))
-		return False;
-
-	if ( !prs_pointer("rights", ps, depth, (void*)&in->rights, sizeof(UNISTR4_ARRAY), (PRS_POINTER_CAST)prs_unistr4_array) )
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a LSA_R_ENUM_ACCT_RIGHTS structure.
-********************************************************************/
-bool lsa_io_r_remove_acct_rights(const char *desc, LSA_R_REMOVE_ACCT_RIGHTS *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_remove_acct_rights");
-	depth++;
-
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits an LSA_Q_OPEN_TRUSTED_DOMAIN structure.
-********************************************************************/
-
-void init_lsa_q_open_trusted_domain(LSA_Q_OPEN_TRUSTED_DOMAIN *q, POLICY_HND *hnd, DOM_SID *sid, uint32 desired_access)
-{
-	memcpy(&q->pol, hnd, sizeof(q->pol));
-
-	init_dom_sid2(&q->sid, sid);
-	q->access_mask = desired_access;
-}
-
-/*******************************************************************
-********************************************************************/
-
-#if 0 /* jerry, I think this not correct - gd */
-bool lsa_io_q_open_trusted_domain(const char *desc, LSA_Q_OPEN_TRUSTED_DOMAIN *in, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_open_trusted_domain");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if (!smb_io_pol_hnd("", &in->handle, ps, depth))
-		return False;
-
-	if(!prs_uint32("count", ps, depth, &in->count))
-		return False;
-
-	if(!smb_io_dom_sid("sid", &in->sid, ps, depth))
-		return False;
-
-	return True;
-}
-#endif
-
-
-/*******************************************************************
-********************************************************************/
-
-bool lsa_io_q_open_trusted_domain(const char *desc, LSA_Q_OPEN_TRUSTED_DOMAIN *q_o, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_open_trusted_domain");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if(!smb_io_pol_hnd("pol", &q_o->pol, ps, depth))
-		return False;
-
-	if(!smb_io_dom_sid2("sid", &q_o->sid, ps, depth))
-		return False;
-
- 	if(!prs_uint32("access", ps, depth, &q_o->access_mask))
-		return False;
-  
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LSA_R_OPEN_TRUSTED_DOMAIN structure.
-********************************************************************/
-
-bool lsa_io_r_open_trusted_domain(const char *desc, LSA_R_OPEN_TRUSTED_DOMAIN *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_open_trusted_domain");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if (!smb_io_pol_hnd("handle", &out->handle, ps, depth))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool lsa_io_q_create_trusted_domain(const char *desc, LSA_Q_CREATE_TRUSTED_DOMAIN *in, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_create_trusted_domain");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("", &in->handle, ps, depth))
-		return False;
-
-	if(!prs_unistr4 ("secretname", ps, depth, &in->secretname))
-		return False;
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("access", ps, depth, &in->access))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool lsa_io_r_create_trusted_domain(const char *desc, LSA_R_CREATE_TRUSTED_DOMAIN *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_create_trusted_domain");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if (!smb_io_pol_hnd("", &out->handle, ps, depth))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool lsa_io_q_create_secret(const char *desc, LSA_Q_CREATE_SECRET *in, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_create_secret");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("", &in->handle, ps, depth))
-		return False;
-
-	if(!prs_unistr4 ("secretname", ps, depth, &in->secretname))
-		return False;
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("access", ps, depth, &in->access))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool lsa_io_r_create_secret(const char *desc, LSA_R_CREATE_SECRET *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_create_secret");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if (!smb_io_pol_hnd("", &out->handle, ps, depth))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-
-
-/*******************************************************************
-********************************************************************/
-
-static bool lsa_io_data_blob( const char *desc, prs_struct *ps, int depth, LSA_DATA_BLOB *blob )
-{
-	prs_debug(ps, depth, desc, "lsa_io_data_blob");
-	depth++;
-
-	if ( !prs_uint32("size", ps, depth, &blob->size) )
-		return False;
-	if ( !prs_uint32("size", ps, depth, &blob->size) )
-		return False;
-
-	if ( !prs_io_unistr2_p(desc, ps, depth, &blob->data) )
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool lsa_io_q_set_secret(const char *desc, LSA_Q_SET_SECRET *in, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_set_secret");
-	depth++;
-
-	if ( !prs_align(ps) )
-		return False;
-
-	if ( !smb_io_pol_hnd("", &in->handle, ps, depth) )
-		return False;
-
-	if ( !prs_pointer( "old_value", ps, depth, (void*)&in->old_value, sizeof(LSA_DATA_BLOB), (PRS_POINTER_CAST)lsa_io_data_blob ))
-		return False;
-
-	if( !prs_align(ps) )
-		return False;
-	if ( !prs_pointer( "old_value", ps, depth, (void*)&in->old_value, sizeof(LSA_DATA_BLOB), (PRS_POINTER_CAST)lsa_io_data_blob ))
-		return False;
-
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool lsa_io_r_set_secret(const char *desc, LSA_R_SET_SECRET *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_set_secret");
-	depth++;
-
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool lsa_io_q_delete_object(const char *desc, LSA_Q_DELETE_OBJECT *in, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_delete_object");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("", &in->handle, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool lsa_io_r_delete_object(const char *desc, LSA_R_DELETE_OBJECT *out, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_delete_object");
-	depth++;
-
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits an LSA_Q_QUERY_DOM_INFO_POLICY structure.
-********************************************************************/
-
-void init_q_query_dom_info(LSA_Q_QUERY_DOM_INFO_POLICY *in, POLICY_HND *hnd, uint16 info_class)
-{
-	DEBUG(5, ("init_q_query_dom_info\n"));
-
-	memcpy(&in->pol, hnd, sizeof(in->pol));
-
-	in->info_class = info_class;
-}
-
-/*******************************************************************
- Reads or writes an LSA_Q_QUERY_DOM_INFO_POLICY structure.
-********************************************************************/
-
-bool lsa_io_q_query_dom_info(const char *desc, LSA_Q_QUERY_DOM_INFO_POLICY *in, prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_q_query_dom_info");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
- 
-	if(!smb_io_pol_hnd("pol", &in->pol, ps, depth))
-		return False;
-	
-	if(!prs_uint16("info_class", ps, depth, &in->info_class))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an LSA_R_QUERY_DOM_INFO_POLICY structure.
-********************************************************************/
-
-static bool lsa_io_dominfo_query_3(const char *desc, LSA_DOM_INFO_POLICY_KERBEROS *krb_policy, 
-				   prs_struct *ps, int depth)
-{
-	if (!prs_align_uint64(ps))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("enforce_restrictions", ps, depth, &krb_policy->enforce_restrictions))
-		return False;
-
-	if (!prs_align_uint64(ps))
-		return False;
-
-	if (!smb_io_nttime("service_tkt_lifetime", ps, depth, &krb_policy->service_tkt_lifetime))
-		return False;
-
-	if (!prs_align_uint64(ps))
-		return False;
-	
-	if (!smb_io_nttime("user_tkt_lifetime", ps, depth, &krb_policy->user_tkt_lifetime))
-		return False;
-
-	if (!prs_align_uint64(ps))
-		return False;
-	
-	if (!smb_io_nttime("user_tkt_renewaltime", ps, depth, &krb_policy->user_tkt_renewaltime))
-		return False;
-
-	if (!prs_align_uint64(ps))
-		return False;
-	
-	if (!smb_io_nttime("clock_skew", ps, depth, &krb_policy->clock_skew))
-		return False;
-
-	if (!prs_align_uint64(ps))
-		return False;
-	
-	if (!smb_io_nttime("unknown6", ps, depth, &krb_policy->unknown6))
-		return False;
-
-	return True;
-}
-
-static bool lsa_io_dom_info_query(const char *desc, prs_struct *ps, int depth, LSA_DOM_INFO_UNION *info)
-{
-	prs_debug(ps, depth, desc, "lsa_io_dom_info_query");
-	depth++;
-
-	if(!prs_align_uint16(ps))
-		return False;
-
-	if(!prs_uint16("info_class", ps, depth, &info->info_class))
-		return False;
-
-	switch (info->info_class) {
-	case 3: 
-		if (!lsa_io_dominfo_query_3("krb_policy", &info->krb_policy, ps, depth))
-			return False;
-		break;
-	default:
-		DEBUG(0,("unsupported info-level: %d\n", info->info_class));
-		return False;
-		break;
-	}
-
-	return True;
-}
-
-
-bool lsa_io_r_query_dom_info(const char *desc, LSA_R_QUERY_DOM_INFO_POLICY *out,
-			     prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "lsa_io_r_query_dom_info");
-	depth++;
-
-	if (!prs_pointer("dominfo", ps, depth, (void*)&out->info, 
-			 sizeof(LSA_DOM_INFO_UNION), 
-			 (PRS_POINTER_CAST)lsa_io_dom_info_query) )
-		return False;
-	
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index 9e1937ea32..418f857df8 100644
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -1859,4 +1859,14 @@ uint32 str_len_uni(UNISTR *source)
 	return i;
 }
 
+/*******************************************************************
+ Verifies policy handle
+********************************************************************/
 
+bool policy_handle_is_valid(const POLICY_HND *hnd)
+{
+	POLICY_HND zero_pol;
+
+	ZERO_STRUCT(zero_pol);
+	return ((memcmp(&zero_pol, hnd, sizeof(POLICY_HND)) == 0) ? false : true );
+}
diff --git a/source3/rpc_parse/parse_net.c b/source3/rpc_parse/parse_net.c
deleted file mode 100644
index 65607a4ac8..0000000000
--- a/source3/rpc_parse/parse_net.c
+++ /dev/null
@@ -1,3930 +0,0 @@
-/* 
- *  Unix SMB/CIFS implementation.
- *  RPC Pipe client / server routines
- *  Copyright (C) Andrew Tridgell              1992-1997,
- *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
- *  Copyright (C) Paul Ashton                       1997.
- *  Copyright (C) Jean Francois Micouleau           2002.
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 3 of the License, or
- *  (at your option) any later version.
- *  
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *  
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_RPC_PARSE
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-static bool net_io_neg_flags(const char *desc, NEG_FLAGS *neg, prs_struct *ps, int depth)
-{
-	if (neg == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_neg_flags");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!prs_uint32("neg_flags", ps, depth, &neg->neg_flags))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits a NETLOGON_INFO_3 structure.
-********************************************************************/
-
-static void init_netinfo_3(NETLOGON_INFO_3 *info, uint32 flags, uint32 logon_attempts)
-{
-	info->flags          = flags;
-	info->logon_attempts = logon_attempts;
-	info->reserved_1     = 0x0;
-	info->reserved_2     = 0x0;
-	info->reserved_3     = 0x0;
-	info->reserved_4     = 0x0;
-	info->reserved_5     = 0x0;
-}
-
-/*******************************************************************
- Reads or writes a NETLOGON_INFO_3 structure.
-********************************************************************/
-
-static bool net_io_netinfo_3(const char *desc,  NETLOGON_INFO_3 *info, prs_struct *ps, int depth)
-{
-	if (info == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_netinfo_3");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("flags         ", ps, depth, &info->flags))
-		return False;
-	if(!prs_uint32("logon_attempts", ps, depth, &info->logon_attempts))
-		return False;
-	if(!prs_uint32("reserved_1    ", ps, depth, &info->reserved_1))
-		return False;
-	if(!prs_uint32("reserved_2    ", ps, depth, &info->reserved_2))
-		return False;
-	if(!prs_uint32("reserved_3    ", ps, depth, &info->reserved_3))
-		return False;
-	if(!prs_uint32("reserved_4    ", ps, depth, &info->reserved_4))
-		return False;
-	if(!prs_uint32("reserved_5    ", ps, depth, &info->reserved_5))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
- Inits a NETLOGON_INFO_1 structure.
-********************************************************************/
-
-static void init_netinfo_1(NETLOGON_INFO_1 *info, uint32 flags, uint32 pdc_status)
-{
-	info->flags      = flags;
-	info->pdc_status = pdc_status;
-}
-
-/*******************************************************************
- Reads or writes a NETLOGON_INFO_1 structure.
-********************************************************************/
-
-static bool net_io_netinfo_1(const char *desc, NETLOGON_INFO_1 *info, prs_struct *ps, int depth)
-{
-	if (info == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_netinfo_1");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!prs_uint32("flags     ", ps, depth, &info->flags))
-		return False;
-	if(!prs_uint32("pdc_status", ps, depth, &info->pdc_status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits a NETLOGON_INFO_2 structure.
-********************************************************************/
-
-static void init_netinfo_2(NETLOGON_INFO_2 *info, uint32 flags, uint32 pdc_status,
-				uint32 tc_status, const char *trusted_dc_name)
-{
-	info->flags      = flags;
-	info->pdc_status = pdc_status;
-	info->ptr_trusted_dc_name = 1;
-	info->tc_status  = tc_status;
-
-	if (trusted_dc_name != NULL)
-		init_unistr2(&info->uni_trusted_dc_name, trusted_dc_name, UNI_STR_TERMINATE);
-	else
-		init_unistr2(&info->uni_trusted_dc_name, "", UNI_STR_TERMINATE);
-}
-
-/*******************************************************************
- Reads or writes a NETLOGON_INFO_2 structure.
-********************************************************************/
-
-static bool net_io_netinfo_2(const char *desc, NETLOGON_INFO_2 *info, prs_struct *ps, int depth)
-{
-	if (info == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_netinfo_2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!prs_uint32("flags              ", ps, depth, &info->flags))
-		return False;
-	if(!prs_uint32("pdc_status         ", ps, depth, &info->pdc_status))
-		return False;
-	if(!prs_uint32("ptr_trusted_dc_name", ps, depth, &info->ptr_trusted_dc_name))
-		return False;
-	if(!prs_uint32("tc_status          ", ps, depth, &info->tc_status))
-		return False;
-
-	if (info->ptr_trusted_dc_name != 0) {
-		if(!smb_io_unistr2("unistr2", &info->uni_trusted_dc_name, info->ptr_trusted_dc_name, ps, depth))
-			return False;
-	}
-
-	if(!prs_align(ps))
-		return False;
-
-	return True;
-}
-
-static bool net_io_ctrl_data_info_5(const char *desc, CTRL_DATA_INFO_5 *info, prs_struct *ps, int depth)
-{
-	if (info == NULL)
-		return False;
-		
-	prs_debug(ps, depth, desc, "net_io_ctrl_data_info_5");
-	depth++;
-	
-	if ( !prs_uint32( "function_code", ps, depth, &info->function_code ) )
-		return False;
-	
-	if(!prs_uint32("ptr_domain", ps, depth, &info->ptr_domain))
-		return False;
-		
-	if ( info->ptr_domain ) {
-		if(!smb_io_unistr2("domain", &info->domain, info->ptr_domain, ps, depth))
-			return False;
-	}
-		
-	return True;
-}
-
-static bool net_io_ctrl_data_info_6(const char *desc, CTRL_DATA_INFO_6 *info, prs_struct *ps, int depth)
-{
-	if (info == NULL)
-		return False;
-		
-	prs_debug(ps, depth, desc, "net_io_ctrl_data_info_6");
-	depth++;
-	
-	if ( !prs_uint32( "function_code", ps, depth, &info->function_code ) )
-		return False;
-	
-	if(!prs_uint32("ptr_domain", ps, depth, &info->ptr_domain))
-		return False;
-		
-	if ( info->ptr_domain ) {
-		if(!smb_io_unistr2("domain", &info->domain, info->ptr_domain, ps, depth))
-			return False;
-	}
-		
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an NET_Q_LOGON_CTRL2 structure.
-********************************************************************/
-
-bool net_io_q_logon_ctrl2(const char *desc, NET_Q_LOGON_CTRL2 *q_l, prs_struct *ps, int depth)
-{
-	if (q_l == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_q_logon_ctrl2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr          ", ps, depth, &q_l->ptr))
-		return False;
-
-	if(!smb_io_unistr2 ("", &q_l->uni_server_name, q_l->ptr, ps, depth))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("function_code", ps, depth, &q_l->function_code))
-		return False;
-	if(!prs_uint32("query_level  ", ps, depth, &q_l->query_level))
-		return False;
-	switch ( q_l->function_code ) {
-		case NETLOGON_CONTROL_REDISCOVER:
-			if ( !net_io_ctrl_data_info_5( "ctrl_data_info5", &q_l->info.info5, ps, depth) ) 
-				return False;
-			break;
-			
-		case NETLOGON_CONTROL_TC_QUERY:
-			if ( !net_io_ctrl_data_info_6( "ctrl_data_info6", &q_l->info.info6, ps, depth) ) 
-				return False;
-			break;
-
-		default:
-			DEBUG(0,("net_io_q_logon_ctrl2: unknown function_code [%d]\n",
-				q_l->function_code));
-			return False;
-	}
-	
-	return True;
-}
-
-/*******************************************************************
- Inits an NET_Q_LOGON_CTRL2 structure.
-********************************************************************/
-
-void init_net_q_logon_ctrl2(NET_Q_LOGON_CTRL2 *q_l, const char *srv_name,
-			    uint32 query_level)
-{
-	DEBUG(5,("init_q_logon_ctrl2\n"));
-
-	q_l->function_code = 0x01;
-	q_l->query_level = query_level;
-
-	init_unistr2(&q_l->uni_server_name, srv_name, UNI_STR_TERMINATE);
-}
-
-/*******************************************************************
- Inits an NET_R_LOGON_CTRL2 structure.
-********************************************************************/
-
-void init_net_r_logon_ctrl2(NET_R_LOGON_CTRL2 *r_l, uint32 query_level,
-			    uint32 flags, uint32 pdc_status, 
-			    uint32 logon_attempts, uint32 tc_status, 
-			    const char *trusted_domain_name)
-{
-	r_l->switch_value  = query_level; 
-
-	switch (query_level) {
-	case 1:
-		r_l->ptr = 1; /* undocumented pointer */
-		init_netinfo_1(&r_l->logon.info1, flags, pdc_status);	
-		r_l->status = NT_STATUS_OK;
-		break;
-	case 2:
-		r_l->ptr = 1; /* undocumented pointer */
-		init_netinfo_2(&r_l->logon.info2, flags, pdc_status,
-		               tc_status, trusted_domain_name);	
-		r_l->status = NT_STATUS_OK;
-		break;
-	case 3:
-		r_l->ptr = 1; /* undocumented pointer */
-		init_netinfo_3(&r_l->logon.info3, flags, logon_attempts);	
-		r_l->status = NT_STATUS_OK;
-		break;
-	default:
-		DEBUG(2,("init_r_logon_ctrl2: unsupported switch value %d\n",
-			r_l->switch_value));
-		r_l->ptr = 0; /* undocumented pointer */
-
-		/* take a guess at an error code... */
-		r_l->status = NT_STATUS_INVALID_INFO_CLASS;
-		break;
-	}
-}
-
-/*******************************************************************
- Reads or writes an NET_R_LOGON_CTRL2 structure.
-********************************************************************/
-
-bool net_io_r_logon_ctrl2(const char *desc, NET_R_LOGON_CTRL2 *r_l, prs_struct *ps, int depth)
-{
-	if (r_l == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_r_logon_ctrl2");
-	depth++;
-
-	if(!prs_uint32("switch_value ", ps, depth, &r_l->switch_value))
-		return False;
-	if(!prs_uint32("ptr          ", ps, depth, &r_l->ptr))
-		return False;
-
-	if (r_l->ptr != 0) {
-		switch (r_l->switch_value) {
-		case 1:
-			if(!net_io_netinfo_1("", &r_l->logon.info1, ps, depth))
-				return False;
-			break;
-		case 2:
-			if(!net_io_netinfo_2("", &r_l->logon.info2, ps, depth))
-				return False;
-			break;
-		case 3:
-			if(!net_io_netinfo_3("", &r_l->logon.info3, ps, depth))
-				return False;
-			break;
-		default:
-			DEBUG(2,("net_io_r_logon_ctrl2: unsupported switch value %d\n",
-				r_l->switch_value));
-			break;
-		}
-	}
-
-	if(!prs_ntstatus("status       ", ps, depth, &r_l->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an NET_Q_LOGON_CTRL structure.
-********************************************************************/
-
-bool net_io_q_logon_ctrl(const char *desc, NET_Q_LOGON_CTRL *q_l, prs_struct *ps, 
-			 int depth)
-{
-	prs_debug(ps, depth, desc, "net_io_q_logon_ctrl");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr          ", ps, depth, &q_l->ptr))
-		return False;
-
-	if(!smb_io_unistr2 ("", &q_l->uni_server_name, q_l->ptr, ps, depth))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("function_code", ps, depth, &q_l->function_code))
-		return False;
-	if(!prs_uint32("query_level  ", ps, depth, &q_l->query_level))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits an NET_Q_LOGON_CTRL structure.
-********************************************************************/
-
-void init_net_q_logon_ctrl(NET_Q_LOGON_CTRL *q_l, const char *srv_name,
-			   uint32 query_level)
-{
-	DEBUG(5,("init_q_logon_ctrl\n"));
-
-	q_l->function_code = 0x01; /* ??? */
-	q_l->query_level = query_level;
-
-	init_unistr2(&q_l->uni_server_name, srv_name, UNI_STR_TERMINATE);
-}
-
-/*******************************************************************
- Inits an NET_R_LOGON_CTRL structure.
-********************************************************************/
-
-void init_net_r_logon_ctrl(NET_R_LOGON_CTRL *r_l, uint32 query_level,
-			   uint32 flags, uint32 pdc_status)
-{
-	DEBUG(5,("init_r_logon_ctrl\n"));
-
-	r_l->switch_value  = query_level; /* should only be 0x1 */
-
-	switch (query_level) {
-	case 1:
-		r_l->ptr = 1; /* undocumented pointer */
-		init_netinfo_1(&r_l->logon.info1, flags, pdc_status);	
-		r_l->status = NT_STATUS_OK;
-		break;
-	default:
-		DEBUG(2,("init_r_logon_ctrl: unsupported switch value %d\n",
-			r_l->switch_value));
-		r_l->ptr = 0; /* undocumented pointer */
-
-		/* take a guess at an error code... */
-		r_l->status = NT_STATUS_INVALID_INFO_CLASS;
-		break;
-	}
-}
-
-/*******************************************************************
- Reads or writes an NET_R_LOGON_CTRL structure.
-********************************************************************/
-
-bool net_io_r_logon_ctrl(const char *desc, NET_R_LOGON_CTRL *r_l, prs_struct *ps, 
-			 int depth)
-{
-	prs_debug(ps, depth, desc, "net_io_r_logon_ctrl");
-	depth++;
-
-	if(!prs_uint32("switch_value ", ps, depth, &r_l->switch_value))
-		return False;
-	if(!prs_uint32("ptr          ", ps, depth, &r_l->ptr))
-		return False;
-
-	if (r_l->ptr != 0) {
-		switch (r_l->switch_value) {
-		case 1:
-			if(!net_io_netinfo_1("", &r_l->logon.info1, ps, depth))
-				return False;
-			break;
-		default:
-			DEBUG(2,("net_io_r_logon_ctrl: unsupported switch value %d\n",
-				r_l->switch_value));
-			break;
-		}
-	}
-
-	if(!prs_ntstatus("status       ", ps, depth, &r_l->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits an NET_R_GETANYDCNAME structure.
-********************************************************************/
-void init_net_q_getanydcname(NET_Q_GETANYDCNAME *r_t, const char *logon_server,
-			     const char *domainname)
-{
-	DEBUG(5,("init_q_getanydcname\n"));
-
-	r_t->ptr_logon_server = (logon_server != NULL);
-	init_unistr2(&r_t->uni_logon_server, logon_server, UNI_STR_TERMINATE);
-	r_t->ptr_domainname = (domainname != NULL);
-	init_unistr2(&r_t->uni_domainname, domainname, UNI_STR_TERMINATE);
-}
-
-/*******************************************************************
- Reads or writes an NET_Q_GETANYDCNAME structure.
-********************************************************************/
-
-bool net_io_q_getanydcname(const char *desc, NET_Q_GETANYDCNAME *r_t, prs_struct *ps,
-			   int depth)
-{
-	if (r_t == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_q_getanydcname");
-	depth++;
-
-	if (!prs_uint32("ptr_logon_server", ps, depth, &r_t->ptr_logon_server))
-		return False;
-
-	if (!smb_io_unistr2("logon_server", &r_t->uni_logon_server,
-			    r_t->ptr_logon_server, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("ptr_domainname", ps, depth, &r_t->ptr_domainname))
-		return False;
-
-	if (!smb_io_unistr2("domainname", &r_t->uni_domainname,
-			    r_t->ptr_domainname, ps, depth))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
- Inits an NET_R_GETANYDCNAME structure.
-********************************************************************/
-void init_net_r_getanydcname(NET_R_GETANYDCNAME *r_t, const char *dcname)
-{
-	DEBUG(5,("init_r_getanydcname\n"));
-
-	init_unistr2(&r_t->uni_dcname, dcname, UNI_STR_TERMINATE);
-}
-
-/*******************************************************************
- Reads or writes an NET_R_GETANYDCNAME structure.
-********************************************************************/
-
-bool net_io_r_getanydcname(const char *desc, NET_R_GETANYDCNAME *r_t, prs_struct *ps,
-			   int depth)
-{
-	if (r_t == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_r_getanydcname");
-	depth++;
-
-	if (!prs_uint32("ptr_dcname", ps, depth, &r_t->ptr_dcname))
-		return False;
-
-	if (!smb_io_unistr2("dcname", &r_t->uni_dcname,
-			    r_t->ptr_dcname, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_werror("status", ps, depth, &r_t->status))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
- Inits an NET_R_GETDCNAME structure.
-********************************************************************/
-void init_net_q_getdcname(NET_Q_GETDCNAME *r_t, const char *logon_server,
-			  const char *domainname)
-{
-	DEBUG(5,("init_q_getdcname\n"));
-
-	init_unistr2(&r_t->uni_logon_server, logon_server, UNI_STR_TERMINATE);
-	r_t->ptr_domainname = (domainname != NULL);
-	init_unistr2(&r_t->uni_domainname, domainname, UNI_STR_TERMINATE);
-}
-
-/*******************************************************************
- Reads or writes an NET_Q_GETDCNAME structure.
-********************************************************************/
-
-bool net_io_q_getdcname(const char *desc, NET_Q_GETDCNAME *r_t, prs_struct *ps,
-			int depth)
-{
-	if (r_t == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_q_getdcname");
-	depth++;
-
-	if (!smb_io_unistr2("logon_server", &r_t->uni_logon_server,
-			    1, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("ptr_domainname", ps, depth, &r_t->ptr_domainname))
-		return False;
-
-	if (!smb_io_unistr2("domainname", &r_t->uni_domainname,
-			    r_t->ptr_domainname, ps, depth))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
- Inits an NET_R_GETDCNAME structure.
-********************************************************************/
-void init_net_r_getdcname(NET_R_GETDCNAME *r_t, const char *dcname)
-{
-	DEBUG(5,("init_r_getdcname\n"));
-
-	init_unistr2(&r_t->uni_dcname, dcname, UNI_STR_TERMINATE);
-}
-
-/*******************************************************************
- Reads or writes an NET_R_GETDCNAME structure.
-********************************************************************/
-
-bool net_io_r_getdcname(const char *desc, NET_R_GETDCNAME *r_t, prs_struct *ps,
-			int depth)
-{
-	if (r_t == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_r_getdcname");
-	depth++;
-
-	if (!prs_uint32("ptr_dcname", ps, depth, &r_t->ptr_dcname))
-		return False;
-
-	if (!smb_io_unistr2("dcname", &r_t->uni_dcname,
-			    r_t->ptr_dcname, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_werror("status", ps, depth, &r_t->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits an NET_R_TRUST_DOM_LIST structure.
-********************************************************************/
-
-void init_r_trust_dom(NET_R_TRUST_DOM_LIST *r_t,
-			uint32 num_doms, const char *dom_name)
-{
-	unsigned int i = 0;
-
-	DEBUG(5,("init_r_trust_dom\n"));
-
-	for (i = 0; i < MAX_TRUST_DOMS; i++) {
-		r_t->uni_trust_dom_name[i].uni_str_len = 0;
-		r_t->uni_trust_dom_name[i].uni_max_len = 0;
-	}
-	if (num_doms > MAX_TRUST_DOMS)
-		num_doms = MAX_TRUST_DOMS;
-
-	for (i = 0; i < num_doms; i++) {
-		fstring domain_name;
-		fstrcpy(domain_name, dom_name);
-		strupper_m(domain_name);
-		init_unistr2(&r_t->uni_trust_dom_name[i], domain_name, UNI_STR_TERMINATE);
-		/* the use of UNISTR2 here is non-standard. */
-		r_t->uni_trust_dom_name[i].offset = 0x1;
-	}
-	
-	r_t->status = NT_STATUS_OK;
-}
-
-/*******************************************************************
- Reads or writes an NET_R_TRUST_DOM_LIST structure.
-********************************************************************/
-
-bool net_io_r_trust_dom(const char *desc, NET_R_TRUST_DOM_LIST *r_t, prs_struct *ps, int depth)
-{
-	uint32 value;
-
-	if (r_t == NULL)
-		 return False;
-
-	prs_debug(ps, depth, desc, "net_io_r_trust_dom");
-	depth++;
-
-	/* temporary code to give a valid response */
-	value=2;
-	if(!prs_uint32("status", ps, depth, &value))
-		 return False;
-
-	value=1;
-	if(!prs_uint32("status", ps, depth, &value))
-		 return False;
-	value=2;
-	if(!prs_uint32("status", ps, depth, &value))
-		 return False;
-
-	value=0;
-	if(!prs_uint32("status", ps, depth, &value))
-		 return False;
-
-	value=0;
-	if(!prs_uint32("status", ps, depth, &value))
-		 return False;
-
-/* old non working code */
-#if 0
-	int i;
-
-	for (i = 0; i < MAX_TRUST_DOMS; i++) {
-		if (r_t->uni_trust_dom_name[i].uni_str_len == 0)
-			break;
-		if(!smb_io_unistr2("", &r_t->uni_trust_dom_name[i], True, ps, depth))
-			 return False;
-	}
-
-	if(!prs_ntstatus("status", ps, depth, &r_t->status))
-		 return False;
-#endif
-	return True;
-}
-
-
-/*******************************************************************
- Reads or writes an NET_Q_TRUST_DOM_LIST structure.
-********************************************************************/
-
-bool net_io_q_trust_dom(const char *desc, NET_Q_TRUST_DOM_LIST *q_l, prs_struct *ps, int depth)
-{
-	if (q_l == NULL)
-		 return False;
-
-	prs_debug(ps, depth, desc, "net_io_q_trust_dom");
-	depth++;
-
-	if(!prs_uint32("ptr          ", ps, depth, &q_l->ptr))
-		 return False;
-	if(!smb_io_unistr2 ("", &q_l->uni_server_name, q_l->ptr, ps, depth))
-		 return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits an NET_Q_REQ_CHAL structure.
-********************************************************************/
-
-void init_q_req_chal(NET_Q_REQ_CHAL *q_c,
-		     const char *logon_srv, const char *logon_clnt,
-		     const DOM_CHAL *clnt_chal)
-{
-	DEBUG(5,("init_q_req_chal: %d\n", __LINE__));
-
-	q_c->undoc_buffer = 1; /* don't know what this buffer is */
-
-	init_unistr2(&q_c->uni_logon_srv, logon_srv , UNI_STR_TERMINATE);
-	init_unistr2(&q_c->uni_logon_clnt, logon_clnt, UNI_STR_TERMINATE);
-
-	memcpy(q_c->clnt_chal.data, clnt_chal->data, sizeof(clnt_chal->data));
-
-	DEBUG(5,("init_q_req_chal: %d\n", __LINE__));
-}
-
-/*******************************************************************
- Reads or writes an NET_Q_REQ_CHAL structure.
-********************************************************************/
-
-bool net_io_q_req_chal(const char *desc,  NET_Q_REQ_CHAL *q_c, prs_struct *ps, int depth)
-{
-	if (q_c == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_q_req_chal");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-    
-	if(!prs_uint32("undoc_buffer", ps, depth, &q_c->undoc_buffer))
-		return False;
-
-	if(!smb_io_unistr2("", &q_c->uni_logon_srv, True, ps, depth)) /* logon server unicode string */
-		return False;
-	if(!smb_io_unistr2("", &q_c->uni_logon_clnt, True, ps, depth)) /* logon client unicode string */
-		return False;
-
-	if(!smb_io_chal("", &q_c->clnt_chal, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_r_req_chal(const char *desc, NET_R_REQ_CHAL *r_c, prs_struct *ps, int depth)
-{
-	if (r_c == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_r_req_chal");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-    
-	if(!smb_io_chal("", &r_c->srv_chal, ps, depth)) /* server challenge */
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_c->status))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_q_auth(const char *desc, NET_Q_AUTH *q_a, prs_struct *ps, int depth)
-{
-	if (q_a == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_q_auth");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-    
-	if(!smb_io_log_info ("", &q_a->clnt_id, ps, depth)) /* client identification info */
-		return False;
-	if(!smb_io_chal("", &q_a->clnt_chal, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_r_auth(const char *desc, NET_R_AUTH *r_a, prs_struct *ps, int depth)
-{
-	if (r_a == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_r_auth");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-    
-	if(!smb_io_chal("", &r_a->srv_chal, ps, depth)) /* server challenge */
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_a->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits a NET_Q_AUTH_2 struct.
-********************************************************************/
-
-void init_q_auth_2(NET_Q_AUTH_2 *q_a,
-		const char *logon_srv, const char *acct_name, uint16 sec_chan, const char *comp_name,
-		const DOM_CHAL *clnt_chal, uint32 clnt_flgs)
-{
-	DEBUG(5,("init_q_auth_2: %d\n", __LINE__));
-
-	init_log_info(&q_a->clnt_id, logon_srv, acct_name, sec_chan, comp_name);
-	memcpy(q_a->clnt_chal.data, clnt_chal->data, sizeof(clnt_chal->data));
-	q_a->clnt_flgs.neg_flags = clnt_flgs;
-
-	DEBUG(5,("init_q_auth_2: %d\n", __LINE__));
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_q_auth_2(const char *desc, NET_Q_AUTH_2 *q_a, prs_struct *ps, int depth)
-{
-	if (q_a == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_q_auth_2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-    
-	if(!smb_io_log_info ("", &q_a->clnt_id, ps, depth)) /* client identification info */
-		return False;
-	if(!smb_io_chal("", &q_a->clnt_chal, ps, depth))
-		return False;
-	if(!net_io_neg_flags("", &q_a->clnt_flgs, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_r_auth_2(const char *desc, NET_R_AUTH_2 *r_a, prs_struct *ps, int depth)
-{
-	if (r_a == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_r_auth_2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-    
-	if(!smb_io_chal("", &r_a->srv_chal, ps, depth)) /* server challenge */
-		return False;
-	if(!net_io_neg_flags("", &r_a->srv_flgs, ps, depth))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_a->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits a NET_Q_AUTH_3 struct.
-********************************************************************/
-
-void init_q_auth_3(NET_Q_AUTH_3 *q_a,
-		const char *logon_srv, const char *acct_name, uint16 sec_chan, const char *comp_name,
-		const DOM_CHAL *clnt_chal, uint32 clnt_flgs)
-{
-	DEBUG(5,("init_q_auth_3: %d\n", __LINE__));
-
-	init_log_info(&q_a->clnt_id, logon_srv, acct_name, sec_chan, comp_name);
-	memcpy(q_a->clnt_chal.data, clnt_chal->data, sizeof(clnt_chal->data));
-	q_a->clnt_flgs.neg_flags = clnt_flgs;
-
-	DEBUG(5,("init_q_auth_3: %d\n", __LINE__));
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_q_auth_3(const char *desc, NET_Q_AUTH_3 *q_a, prs_struct *ps, int depth)
-{
-	if (q_a == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_q_auth_3");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-    
-	if(!smb_io_log_info ("", &q_a->clnt_id, ps, depth)) /* client identification info */
-		return False;
-	if(!smb_io_chal("", &q_a->clnt_chal, ps, depth))
-		return False;
-	if(!net_io_neg_flags("", &q_a->clnt_flgs, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_r_auth_3(const char *desc, NET_R_AUTH_3 *r_a, prs_struct *ps, int depth)
-{
-	if (r_a == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_r_auth_3");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-    
-	if(!smb_io_chal("srv_chal", &r_a->srv_chal, ps, depth)) /* server challenge */
-		return False;
-	if(!net_io_neg_flags("srv_flgs", &r_a->srv_flgs, ps, depth))
-		return False;
-	if (!prs_uint32("unknown", ps, depth, &r_a->unknown))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_a->status))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
- Inits a NET_Q_SRV_PWSET.
-********************************************************************/
-
-void init_q_srv_pwset(NET_Q_SRV_PWSET *q_s,
-		const char *logon_srv, const char *sess_key, const char *acct_name, 
-                uint16 sec_chan, const char *comp_name,
-		DOM_CRED *cred, const uchar hashed_mach_pwd[16])
-{
-	unsigned char nt_cypher[16];
-	
-	DEBUG(5,("init_q_srv_pwset\n"));
-	
-	/* Process the new password. */
-	cred_hash3( nt_cypher, hashed_mach_pwd, (const unsigned char *)sess_key, 1);
-
-	init_clnt_info(&q_s->clnt_id, logon_srv, acct_name, sec_chan, comp_name, cred);
-
-	memcpy(q_s->pwd, nt_cypher, sizeof(q_s->pwd)); 
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_q_srv_pwset(const char *desc, NET_Q_SRV_PWSET *q_s, prs_struct *ps, int depth)
-{
-	if (q_s == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_q_srv_pwset");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-    
-	if(!smb_io_clnt_info("", &q_s->clnt_id, ps, depth)) /* client identification/authentication info */
-		return False;
-	if(!prs_uint8s (False, "pwd", ps, depth, q_s->pwd, 16)) /* new password - undocumented */
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_r_srv_pwset(const char *desc, NET_R_SRV_PWSET *r_s, prs_struct *ps, int depth)
-{
-	if (r_s == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_r_srv_pwset");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-    
-	if(!smb_io_cred("", &r_s->srv_cred, ps, depth)) /* server challenge */
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_s->status))
-		return False;
-
-	return True;
-}
-
-/*************************************************************************
- Init DOM_SID2 array from a string containing multiple sids
- *************************************************************************/
-
-static int init_dom_sid2s(TALLOC_CTX *ctx, const char *sids_str, DOM_SID2 **ppsids)
-{
-	const char *ptr;
-	char *s2;
-	int count = 0;
-
-	DEBUG(4,("init_dom_sid2s: %s\n", sids_str ? sids_str:""));
-
-	*ppsids = NULL;
-
-	if(sids_str) {
-		int number;
-		DOM_SID2 *sids;
-		TALLOC_CTX *frame = talloc_stackframe();
-
-		/* Count the number of valid SIDs. */
-		for (count = 0, ptr = sids_str;
-				next_token_talloc(frame,&ptr, &s2, NULL); ) {
-			DOM_SID tmpsid;
-			if (string_to_sid(&tmpsid, s2))
-				count++;
-		}
-
-		/* Now allocate space for them. */
-		if (count) {
-			*ppsids = TALLOC_ZERO_ARRAY(ctx, DOM_SID2, count);
-			if (*ppsids == NULL) {
-				TALLOC_FREE(frame);
-				return 0;
-			}
-		} else {
-			*ppsids = NULL;
-		}
-
-		sids = *ppsids;
-
-		for (number = 0, ptr = sids_str;
-				next_token_talloc(frame, &ptr, &s2, NULL); ) {
-			DOM_SID tmpsid;
-			if (string_to_sid(&tmpsid, s2)) {
-				/* count only valid sids */
-				init_dom_sid2(&sids[number], &tmpsid);
-				number++;
-			}
-		}
-		TALLOC_FREE(frame);
-	}
-
-	return count;
-}
-
-/*******************************************************************
- Inits a NET_ID_INFO_1 structure.
-********************************************************************/
-
-void init_id_info1(NET_ID_INFO_1 *id, const char *domain_name,
-				uint32 param_ctrl, uint32 log_id_low, uint32 log_id_high,
-				const char *user_name, const char *wksta_name,
-				const char *sess_key,
-				unsigned char lm_cypher[16], unsigned char nt_cypher[16])
-{
-	unsigned char lm_owf[16];
-	unsigned char nt_owf[16];
-
-	DEBUG(5,("init_id_info1: %d\n", __LINE__));
-
-	id->ptr_id_info1 = 1;
-
-	id->param_ctrl = param_ctrl;
-	init_logon_id(&id->logon_id, log_id_low, log_id_high);
-
-
-	if (lm_cypher && nt_cypher) {
-		unsigned char key[16];
-#ifdef DEBUG_PASSWORD
-		DEBUG(100,("lm cypher:"));
-		dump_data(100, lm_cypher, 16);
-
-		DEBUG(100,("nt cypher:"));
-		dump_data(100, nt_cypher, 16);
-#endif
-
-		memset(key, 0, 16);
-		memcpy(key, sess_key, 8);
-
-		memcpy(lm_owf, lm_cypher, 16);
-		SamOEMhash(lm_owf, key, 16);
-		memcpy(nt_owf, nt_cypher, 16);
-		SamOEMhash(nt_owf, key, 16);
-
-#ifdef DEBUG_PASSWORD
-		DEBUG(100,("encrypt of lm owf password:"));
-		dump_data(100, lm_owf, 16);
-
-		DEBUG(100,("encrypt of nt owf password:"));
-		dump_data(100, nt_owf, 16);
-#endif
-		/* set up pointers to cypher blocks */
-		lm_cypher = lm_owf;
-		nt_cypher = nt_owf;
-	}
-
-	init_owf_info(&id->lm_owf, lm_cypher);
-	init_owf_info(&id->nt_owf, nt_cypher);
-
-	init_unistr2(&id->uni_domain_name, domain_name, UNI_FLAGS_NONE);
-	init_uni_hdr(&id->hdr_domain_name, &id->uni_domain_name);
-	init_unistr2(&id->uni_user_name, user_name, UNI_FLAGS_NONE);
-	init_uni_hdr(&id->hdr_user_name, &id->uni_user_name);
-	init_unistr2(&id->uni_wksta_name, wksta_name, UNI_FLAGS_NONE);
-	init_uni_hdr(&id->hdr_wksta_name, &id->uni_wksta_name);
-}
-
-/*******************************************************************
- Reads or writes an NET_ID_INFO_1 structure.
-********************************************************************/
-
-static bool net_io_id_info1(const char *desc,  NET_ID_INFO_1 *id, prs_struct *ps, int depth)
-{
-	if (id == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_id_info1");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!prs_uint32("ptr_id_info1", ps, depth, &id->ptr_id_info1))
-		return False;
-
-	if (id->ptr_id_info1 != 0) {
-		if(!smb_io_unihdr("unihdr", &id->hdr_domain_name, ps, depth))
-			return False;
-
-		if(!prs_uint32("param_ctrl", ps, depth, &id->param_ctrl))
-			return False;
-		if(!smb_io_logon_id("", &id->logon_id, ps, depth))
-			return False;
-
-		if(!smb_io_unihdr("unihdr", &id->hdr_user_name, ps, depth))
-			return False;
-		if(!smb_io_unihdr("unihdr", &id->hdr_wksta_name, ps, depth))
-			return False;
-
-		if(!smb_io_owf_info("", &id->lm_owf, ps, depth))
-			return False;
-		if(!smb_io_owf_info("", &id->nt_owf, ps, depth))
-			return False;
-
-		if(!smb_io_unistr2("unistr2", &id->uni_domain_name,
-				id->hdr_domain_name.buffer, ps, depth))
-			return False;
-		if(!smb_io_unistr2("unistr2", &id->uni_user_name,
-				id->hdr_user_name.buffer, ps, depth))
-			return False;
-		if(!smb_io_unistr2("unistr2", &id->uni_wksta_name,
-				id->hdr_wksta_name.buffer, ps, depth))
-			return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
-Inits a NET_ID_INFO_2 structure.
-
-This is a network logon packet. The log_id parameters
-are what an NT server would generate for LUID once the
-user is logged on. I don't think we care about them.
-
-Note that this has no access to the NT and LM hashed passwords,
-so it forwards the challenge, and the NT and LM responses (24
-bytes each) over the secure channel to the Domain controller
-for it to say yea or nay. This is the preferred method of 
-checking for a logon as it doesn't export the password
-hashes to anyone who has compromised the secure channel. JRA.
-********************************************************************/
-
-void init_id_info2(NET_ID_INFO_2 * id, const char *domain_name,
-		   uint32 param_ctrl,
-		   uint32 log_id_low, uint32 log_id_high,
-		   const char *user_name, const char *wksta_name,
-		   const uchar lm_challenge[8],
-		   const uchar * lm_chal_resp, size_t lm_chal_resp_len,
-		   const uchar * nt_chal_resp, size_t nt_chal_resp_len)
-{
-
-	DEBUG(5,("init_id_info2: %d\n", __LINE__));
-
-	id->ptr_id_info2 = 1;
-
-	id->param_ctrl = param_ctrl;
-	init_logon_id(&id->logon_id, log_id_low, log_id_high);
-
-	memcpy(id->lm_chal, lm_challenge, sizeof(id->lm_chal));
-	init_str_hdr(&id->hdr_nt_chal_resp, nt_chal_resp_len, nt_chal_resp_len, (nt_chal_resp != NULL) ? 1 : 0);
-	init_str_hdr(&id->hdr_lm_chal_resp, lm_chal_resp_len, lm_chal_resp_len, (lm_chal_resp != NULL) ? 1 : 0);
-
-	init_unistr2(&id->uni_domain_name, domain_name, UNI_FLAGS_NONE);
-	init_uni_hdr(&id->hdr_domain_name, &id->uni_domain_name);
-	init_unistr2(&id->uni_user_name, user_name, UNI_FLAGS_NONE);
-	init_uni_hdr(&id->hdr_user_name, &id->uni_user_name);
-	init_unistr2(&id->uni_wksta_name, wksta_name, UNI_FLAGS_NONE);
-	init_uni_hdr(&id->hdr_wksta_name, &id->uni_wksta_name);
-
-	init_string2(&id->nt_chal_resp, (const char *)nt_chal_resp, nt_chal_resp_len, nt_chal_resp_len);
-	init_string2(&id->lm_chal_resp, (const char *)lm_chal_resp, lm_chal_resp_len, lm_chal_resp_len);
-
-}
-
-/*******************************************************************
- Reads or writes an NET_ID_INFO_2 structure.
-********************************************************************/
-
-static bool net_io_id_info2(const char *desc,  NET_ID_INFO_2 *id, prs_struct *ps, int depth)
-{
-	if (id == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_id_info2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!prs_uint32("ptr_id_info2", ps, depth, &id->ptr_id_info2))
-		return False;
-
-	if (id->ptr_id_info2 != 0) {
-		if(!smb_io_unihdr("unihdr", &id->hdr_domain_name, ps, depth))
-			return False;
-
-		if(!prs_uint32("param_ctrl", ps, depth, &id->param_ctrl))
-			return False;
-		if(!smb_io_logon_id("", &id->logon_id, ps, depth))
-			return False;
-
-		if(!smb_io_unihdr("unihdr", &id->hdr_user_name, ps, depth))
-			return False;
-		if(!smb_io_unihdr("unihdr", &id->hdr_wksta_name, ps, depth))
-			return False;
-
-		if(!prs_uint8s (False, "lm_chal", ps, depth, id->lm_chal, 8)) /* lm 8 byte challenge */
-			return False;
-
-		if(!smb_io_strhdr("hdr_nt_chal_resp", &id->hdr_nt_chal_resp, ps, depth))
-			return False;
-		if(!smb_io_strhdr("hdr_lm_chal_resp", &id->hdr_lm_chal_resp, ps, depth))
-			return False;
-
-		if(!smb_io_unistr2("uni_domain_name", &id->uni_domain_name,
-				id->hdr_domain_name.buffer, ps, depth))
-			return False;
-		if(!smb_io_unistr2("uni_user_name  ", &id->uni_user_name,
-				id->hdr_user_name.buffer, ps, depth))
-			return False;
-		if(!smb_io_unistr2("uni_wksta_name ", &id->uni_wksta_name,
-				id->hdr_wksta_name.buffer, ps, depth))
-			return False;
-		if(!smb_io_string2("nt_chal_resp", &id->nt_chal_resp,
-				id->hdr_nt_chal_resp.buffer, ps, depth))
-			return False;
-		if(!smb_io_string2("lm_chal_resp", &id->lm_chal_resp,
-				id->hdr_lm_chal_resp.buffer, ps, depth))
-			return False;
-	}
-
-	return True;
-}
-
-
-/*******************************************************************
- Inits a DOM_SAM_INFO structure.
-********************************************************************/
-
-void init_sam_info(DOM_SAM_INFO *sam,
-				const char *logon_srv, const char *comp_name,
-				DOM_CRED *clnt_cred,
-				DOM_CRED *rtn_cred, uint16 logon_level,
-				NET_ID_INFO_CTR *ctr)
-{
-	DEBUG(5,("init_sam_info: %d\n", __LINE__));
-
-	init_clnt_info2(&sam->client, logon_srv, comp_name, clnt_cred);
-
-	if (rtn_cred != NULL) {
-		sam->ptr_rtn_cred = 1;
-		memcpy(&sam->rtn_cred, rtn_cred, sizeof(sam->rtn_cred));
-	} else {
-		sam->ptr_rtn_cred = 0;
-	}
-
-	sam->logon_level  = logon_level;
-	sam->ctr          = ctr;
-}
-
-/*******************************************************************
- Inits a DOM_SAM_INFO structure.
-********************************************************************/
-
-void init_sam_info_ex(DOM_SAM_INFO_EX *sam,
-		      const char *logon_srv, const char *comp_name,
-		      uint16 logon_level, NET_ID_INFO_CTR *ctr)
-{
-	DEBUG(5,("init_sam_info_ex: %d\n", __LINE__));
-
-	init_clnt_srv(&sam->client, logon_srv, comp_name);
-	sam->logon_level  = logon_level;
-	sam->ctr          = ctr;
-}
-
-/*******************************************************************
- Reads or writes a DOM_SAM_INFO structure.
-********************************************************************/
-
-static bool net_io_id_info_ctr(const char *desc, NET_ID_INFO_CTR **pp_ctr, prs_struct *ps, int depth)
-{
-	NET_ID_INFO_CTR *ctr = *pp_ctr;
-
-	prs_debug(ps, depth, desc, "smb_io_sam_info_ctr");
-	depth++;
-
-	if (UNMARSHALLING(ps)) {
-		ctr = *pp_ctr = PRS_ALLOC_MEM(ps, NET_ID_INFO_CTR, 1);
-		if (ctr == NULL)
-			return False;
-	}
-	
-	if (ctr == NULL)
-		return False;
-
-	/* don't 4-byte align here! */
-
-	if(!prs_uint16("switch_value ", ps, depth, &ctr->switch_value))
-		return False;
-
-	switch (ctr->switch_value) {
-	case 1:
-		if(!net_io_id_info1("", &ctr->auth.id1, ps, depth))
-			return False;
-		break;
-	case 2:
-		if(!net_io_id_info2("", &ctr->auth.id2, ps, depth))
-			return False;
-		break;
-	default:
-		/* PANIC! */
-		DEBUG(4,("smb_io_sam_info_ctr: unknown switch_value!\n"));
-		break;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a DOM_SAM_INFO structure.
- ********************************************************************/
-
-static bool smb_io_sam_info(const char *desc, DOM_SAM_INFO *sam, prs_struct *ps, int depth)
-{
-	if (sam == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "smb_io_sam_info");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!smb_io_clnt_info2("", &sam->client, ps, depth))
-		return False;
-
-	if(!prs_uint32("ptr_rtn_cred ", ps, depth, &sam->ptr_rtn_cred))
-		return False;
-	if (sam->ptr_rtn_cred) {
-		if(!smb_io_cred("", &sam->rtn_cred, ps, depth))
-			return False;
-	}
-
-	if(!prs_uint16("logon_level  ", ps, depth, &sam->logon_level))
-		return False;
-
-	if (sam->logon_level != 0) {
-		if(!net_io_id_info_ctr("logon_info", &sam->ctr, ps, depth))
-			return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a DOM_SAM_INFO_EX structure.
- ********************************************************************/
-
-static bool smb_io_sam_info_ex(const char *desc, DOM_SAM_INFO_EX *sam, prs_struct *ps, int depth)
-{
-	if (sam == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "smb_io_sam_info_ex");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!smb_io_clnt_srv("", &sam->client, ps, depth))
-		return False;
-
-	if(!prs_uint16("logon_level  ", ps, depth, &sam->logon_level))
-		return False;
-
-	if (sam->logon_level != 0) {
-		if(!net_io_id_info_ctr("logon_info", &sam->ctr, ps, depth))
-			return False;
-	}
-
-	return True;
-}
-
-/*************************************************************************
- Inits a NET_USER_INFO_3 structure.
-
- This is a network logon reply packet, and contains much information about
- the user.  This information is passed as a (very long) paramater list
- to avoid having to link in the PASSDB code to every program that deals 
- with this file.
- *************************************************************************/
-
-void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr, 
-			 uint32                user_rid,
-			 uint32                group_rid,
-
-			 const char*		user_name,
-			 const char*		full_name,
-			 const char*		home_dir,
-			 const char*		dir_drive,
-			 const char*		logon_script,
-			 const char*		profile_path,
-
-			 time_t unix_logon_time,
-			 time_t unix_logoff_time,
-			 time_t unix_kickoff_time,
-			 time_t unix_pass_last_set_time,
-			 time_t unix_pass_can_change_time,
-			 time_t unix_pass_must_change_time,
-			 
-			 uint16 logon_count, uint16 bad_pw_count,
- 		 	 uint32 num_groups, const DOM_GID *gids,
-			 uint32 user_flgs, uint32 acct_flags,
-			 uchar user_session_key[16],
-			 uchar lm_session_key[16],
- 			 const char *logon_srv, const char *logon_dom,
-			 const DOM_SID *dom_sid)
-{
-	/* only cope with one "other" sid, right now. */
-	/* need to count the number of space-delimited sids */
-	unsigned int i;
-	int num_other_sids = 0;
-	
-	NTTIME 		logon_time, logoff_time, kickoff_time,
-			pass_last_set_time, pass_can_change_time,
-			pass_must_change_time;
-
-	ZERO_STRUCTP(usr);
-
-	usr->ptr_user_info = 1; /* yes, we're bothering to put USER_INFO data here */
-
-	/* Create NTTIME structs */
-	unix_to_nt_time (&logon_time, 		 unix_logon_time);
-	unix_to_nt_time (&logoff_time, 		 unix_logoff_time);
-	unix_to_nt_time (&kickoff_time, 	 unix_kickoff_time);
-	unix_to_nt_time (&pass_last_set_time, 	 unix_pass_last_set_time);
-	unix_to_nt_time (&pass_can_change_time,	 unix_pass_can_change_time);
-	unix_to_nt_time (&pass_must_change_time, unix_pass_must_change_time);
-
-	usr->logon_time            = logon_time;
-	usr->logoff_time           = logoff_time;
-	usr->kickoff_time          = kickoff_time;
-	usr->pass_last_set_time    = pass_last_set_time;
-	usr->pass_can_change_time  = pass_can_change_time;
-	usr->pass_must_change_time = pass_must_change_time;
-
-	usr->logon_count = logon_count;
-	usr->bad_pw_count = bad_pw_count;
-
-	usr->user_rid = user_rid;
-	usr->group_rid = group_rid;
-	usr->num_groups = num_groups;
-
-	usr->buffer_groups = 1; /* indicates fill in groups, below, even if there are none */
-	usr->user_flgs = user_flgs;
-	usr->acct_flags = acct_flags;
-
-	if (user_session_key != NULL)
-		memcpy(usr->user_sess_key, user_session_key, sizeof(usr->user_sess_key));
-	else
-		memset((char *)usr->user_sess_key, '\0', sizeof(usr->user_sess_key));
-
-	usr->buffer_dom_id = dom_sid ? 1 : 0; /* yes, we're bothering to put a domain SID in */
-
-	memset((char *)usr->lm_sess_key, '\0', sizeof(usr->lm_sess_key));
-
-	for (i=0; i<7; i++) {
-		memset(&usr->unknown[i], '\0', sizeof(usr->unknown));
-	}
-
-	if (lm_session_key != NULL) {
-		memcpy(usr->lm_sess_key, lm_session_key, sizeof(usr->lm_sess_key));
-	}
-
-	num_other_sids = init_dom_sid2s(ctx, NULL, &usr->other_sids);
-
-	usr->num_other_sids = num_other_sids;
-	usr->buffer_other_sids = (num_other_sids != 0) ? 1 : 0; 
-	
-	init_unistr2(&usr->uni_user_name, user_name, UNI_FLAGS_NONE);
-	init_uni_hdr(&usr->hdr_user_name, &usr->uni_user_name);
-	init_unistr2(&usr->uni_full_name, full_name, UNI_FLAGS_NONE);
-	init_uni_hdr(&usr->hdr_full_name, &usr->uni_full_name);
-	init_unistr2(&usr->uni_logon_script, logon_script, UNI_FLAGS_NONE);
-	init_uni_hdr(&usr->hdr_logon_script, &usr->uni_logon_script);
-	init_unistr2(&usr->uni_profile_path, profile_path, UNI_FLAGS_NONE);
-	init_uni_hdr(&usr->hdr_profile_path, &usr->uni_profile_path);
-	init_unistr2(&usr->uni_home_dir, home_dir, UNI_FLAGS_NONE);
-	init_uni_hdr(&usr->hdr_home_dir, &usr->uni_home_dir);
-	init_unistr2(&usr->uni_dir_drive, dir_drive, UNI_FLAGS_NONE);
-	init_uni_hdr(&usr->hdr_dir_drive, &usr->uni_dir_drive);
-
-	usr->num_groups2 = num_groups;
-
-	if (num_groups) {
-		usr->gids = TALLOC_ZERO_ARRAY(ctx,DOM_GID,num_groups);
-		if (usr->gids == NULL)
-	 		return;
-	} else {
-		usr->gids = NULL;
-	}
-
-	for (i = 0; i < num_groups; i++) 
-		usr->gids[i] = gids[i];	
-		
-	init_unistr2(&usr->uni_logon_srv, logon_srv, UNI_FLAGS_NONE);
-	init_uni_hdr(&usr->hdr_logon_srv, &usr->uni_logon_srv);
-	init_unistr2(&usr->uni_logon_dom, logon_dom, UNI_FLAGS_NONE);
-	init_uni_hdr(&usr->hdr_logon_dom, &usr->uni_logon_dom);
-
-	init_dom_sid2(&usr->dom_sid, dom_sid);
-	/* "other" sids are set up above */
-}
-
-static void dump_acct_flags(uint32 acct_flags) {
-
-	int lvl = 10;
-	DEBUG(lvl,("dump_acct_flags\n"));
-	if (acct_flags & ACB_NORMAL) {
-		DEBUGADD(lvl,("\taccount has ACB_NORMAL\n"));
-	}
-	if (acct_flags & ACB_PWNOEXP) {
-		DEBUGADD(lvl,("\taccount has ACB_PWNOEXP\n"));
-	}
-	if (acct_flags & ACB_ENC_TXT_PWD_ALLOWED) {
-		DEBUGADD(lvl,("\taccount has ACB_ENC_TXT_PWD_ALLOWED\n"));
-	}
-	if (acct_flags & ACB_NOT_DELEGATED) {
-		DEBUGADD(lvl,("\taccount has ACB_NOT_DELEGATED\n"));
-	}
-	if (acct_flags & ACB_USE_DES_KEY_ONLY) {
-		DEBUGADD(lvl,("\taccount has ACB_USE_DES_KEY_ONLY set, sig verify wont work\n"));
-	}
-	if (acct_flags & ACB_NO_AUTH_DATA_REQD) {
-		DEBUGADD(lvl,("\taccount has ACB_NO_AUTH_DATA_REQD set\n"));
-	}
-	if (acct_flags & ACB_PWEXPIRED) {
-		DEBUGADD(lvl,("\taccount has ACB_PWEXPIRED set\n"));
-	}
-}
-
-static void dump_user_flgs(uint32 user_flags) {
-
-	int lvl = 10;
-	DEBUG(lvl,("dump_user_flgs\n"));
-	if (user_flags & LOGON_EXTRA_SIDS) {
-		DEBUGADD(lvl,("\taccount has LOGON_EXTRA_SIDS\n"));
-	}
-	if (user_flags & LOGON_RESOURCE_GROUPS) {
-		DEBUGADD(lvl,("\taccount has LOGON_RESOURCE_GROUPS\n"));
-	}
-	if (user_flags & LOGON_NTLMV2_ENABLED) {
-		DEBUGADD(lvl,("\taccount has LOGON_NTLMV2_ENABLED\n"));
-	}
-	if (user_flags & LOGON_CACHED_ACCOUNT) {
-		DEBUGADD(lvl,("\taccount has LOGON_CACHED_ACCOUNT\n"));
-	}
-	if (user_flags & LOGON_PROFILE_PATH_RETURNED) {
-		DEBUGADD(lvl,("\taccount has LOGON_PROFILE_PATH_RETURNED\n"));
-	}
-	if (user_flags & LOGON_SERVER_TRUST_ACCOUNT) {
-		DEBUGADD(lvl,("\taccount has LOGON_SERVER_TRUST_ACCOUNT\n"));
-	}
-
-
-}
-
-/*******************************************************************
- This code has been modified to cope with a NET_USER_INFO_2 - which is
- exactly the same as a NET_USER_INFO_3, minus the other sids parameters.
- We use validation level to determine if we're marshalling a info 2 or
- INFO_3 - be we always return an INFO_3. Based on code donated by Marc
- Jacobsen at HP. JRA.
-********************************************************************/
-
-bool net_io_user_info3(const char *desc, NET_USER_INFO_3 *usr, prs_struct *ps, 
-		       int depth, uint16 validation_level, bool kerb_validation_level)
-{
-	unsigned int i;
-
-	if (usr == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_user_info3");
-	depth++;
-
-	if (UNMARSHALLING(ps))
-		ZERO_STRUCTP(usr);
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!prs_uint32("ptr_user_info ", ps, depth, &usr->ptr_user_info))
-		return False;
-
-	if (usr->ptr_user_info == 0)
-		return True;
-
-	if(!smb_io_time("logon time", &usr->logon_time, ps, depth)) /* logon time */
-		return False;
-	if(!smb_io_time("logoff time", &usr->logoff_time, ps, depth)) /* logoff time */
-		return False;
-	if(!smb_io_time("kickoff time", &usr->kickoff_time, ps, depth)) /* kickoff time */
-		return False;
-	if(!smb_io_time("last set time", &usr->pass_last_set_time, ps, depth)) /* password last set time */
-		return False;
-	if(!smb_io_time("can change time", &usr->pass_can_change_time , ps, depth)) /* password can change time */
-		return False;
-	if(!smb_io_time("must change time", &usr->pass_must_change_time, ps, depth)) /* password must change time */
-		return False;
-
-	if(!smb_io_unihdr("hdr_user_name", &usr->hdr_user_name, ps, depth)) /* username unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_full_name", &usr->hdr_full_name, ps, depth)) /* user's full name unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_logon_script", &usr->hdr_logon_script, ps, depth)) /* logon script unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_profile_path", &usr->hdr_profile_path, ps, depth)) /* profile path unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_home_dir", &usr->hdr_home_dir, ps, depth)) /* home directory unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_dir_drive", &usr->hdr_dir_drive, ps, depth)) /* home directory drive unicode string header */
-		return False;
-
-	if(!prs_uint16("logon_count   ", ps, depth, &usr->logon_count))  /* logon count */
-		return False;
-	if(!prs_uint16("bad_pw_count  ", ps, depth, &usr->bad_pw_count)) /* bad password count */
-		return False;
-
-	if(!prs_uint32("user_rid      ", ps, depth, &usr->user_rid))       /* User RID */
-		return False;
-	if(!prs_uint32("group_rid     ", ps, depth, &usr->group_rid))      /* Group RID */
-		return False;
-	if(!prs_uint32("num_groups    ", ps, depth, &usr->num_groups))    /* num groups */
-		return False;
-	if(!prs_uint32("buffer_groups ", ps, depth, &usr->buffer_groups)) /* undocumented buffer pointer to groups. */
-		return False;
-	if(!prs_uint32("user_flgs     ", ps, depth, &usr->user_flgs))     /* user flags */
-		return False;
-	dump_user_flgs(usr->user_flgs);
-	if(!prs_uint8s(False, "user_sess_key", ps, depth, usr->user_sess_key, 16)) /* user session key */
-		return False;
-
-	if(!smb_io_unihdr("hdr_logon_srv", &usr->hdr_logon_srv, ps, depth)) /* logon server unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_logon_dom", &usr->hdr_logon_dom, ps, depth)) /* logon domain unicode string header */
-		return False;
-
-	if(!prs_uint32("buffer_dom_id ", ps, depth, &usr->buffer_dom_id)) /* undocumented logon domain id pointer */
-		return False;
-
-	if(!prs_uint8s(False, "lm_sess_key", ps, depth, usr->lm_sess_key, 8)) /* lm session key */
-		return False;
-
-	if(!prs_uint32("acct_flags ", ps, depth, &usr->acct_flags)) /* Account flags  */
-		return False;
-	dump_acct_flags(usr->acct_flags);
-	for (i = 0; i < 7; i++)
-	{
-		if (!prs_uint32("unkown", ps, depth, &usr->unknown[i])) /* unknown */
-                        return False;
-	}
-
-	if (validation_level == 3) {
-		if(!prs_uint32("num_other_sids", ps, depth, &usr->num_other_sids)) /* 0 - num_sids */
-			return False;
-		if(!prs_uint32("buffer_other_sids", ps, depth, &usr->buffer_other_sids)) /* NULL - undocumented pointer to SIDs. */
-			return False;
-	} else {
-		if (UNMARSHALLING(ps)) {
-			usr->num_other_sids = 0;
-			usr->buffer_other_sids = 0;
-		}
-	}
-		
-	/* get kerb validation info (not really part of user_info_3) - Guenther */
-
-	if (kerb_validation_level) {
-
-		if(!prs_uint32("ptr_res_group_dom_sid", ps, depth, &usr->ptr_res_group_dom_sid))
-			return False;
-		if(!prs_uint32("res_group_count", ps, depth, &usr->res_group_count))
-			return False;
-		if(!prs_uint32("ptr_res_groups", ps, depth, &usr->ptr_res_groups))
-			return False;
-	}
-
-	if(!smb_io_unistr2("uni_user_name", &usr->uni_user_name, usr->hdr_user_name.buffer, ps, depth)) /* username unicode string */
-		return False;
-	if(!smb_io_unistr2("uni_full_name", &usr->uni_full_name, usr->hdr_full_name.buffer, ps, depth)) /* user's full name unicode string */
-		return False;
-	if(!smb_io_unistr2("uni_logon_script", &usr->uni_logon_script, usr->hdr_logon_script.buffer, ps, depth)) /* logon script unicode string */
-		return False;
-	if(!smb_io_unistr2("uni_profile_path", &usr->uni_profile_path, usr->hdr_profile_path.buffer, ps, depth)) /* profile path unicode string */
-		return False;
-	if(!smb_io_unistr2("uni_home_dir", &usr->uni_home_dir, usr->hdr_home_dir.buffer, ps, depth)) /* home directory unicode string */
-		return False;
-	if(!smb_io_unistr2("uni_dir_drive", &usr->uni_dir_drive, usr->hdr_dir_drive.buffer, ps, depth)) /* home directory drive unicode string */
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("num_groups2   ", ps, depth, &usr->num_groups2))        /* num groups2 */
-		return False;
-
-	if (usr->num_groups != usr->num_groups2) {
-		DEBUG(3,("net_io_user_info3: num_groups mismatch! (%d != %d)\n", 
-			 usr->num_groups, usr->num_groups2));
-		return False;
-	}
-
-	if (UNMARSHALLING(ps)) {
-		if (usr->num_groups) {
-			usr->gids = PRS_ALLOC_MEM(ps, DOM_GID, usr->num_groups);
-			if (usr->gids == NULL)
-				return False;
-		} else {
-			usr->gids = NULL;
-		}
-	}
-
-	for (i = 0; i < usr->num_groups; i++) {
-		if(!smb_io_gid("", &usr->gids[i], ps, depth)) /* group info */
-			return False;
-	}
-
-	if(!smb_io_unistr2("uni_logon_srv", &usr->uni_logon_srv, usr->hdr_logon_srv.buffer, ps, depth)) /* logon server unicode string */
-		return False;
-	if(!smb_io_unistr2("uni_logon_dom", &usr->uni_logon_dom, usr->hdr_logon_dom.buffer, ps, depth)) /* logon domain unicode string */
-		return False;
-
-	if(!smb_io_dom_sid2("", &usr->dom_sid, ps, depth))           /* domain SID */
-		return False;
-
-	if (validation_level == 3 && usr->buffer_other_sids) {
-
-		uint32 num_other_sids = usr->num_other_sids;
-
-		if (!(usr->user_flgs & LOGON_EXTRA_SIDS)) {
-			DEBUG(10,("net_io_user_info3: user_flgs attribute does not have LOGON_EXTRA_SIDS\n"));
-			/* return False; */
-		}
-
-		if (!prs_uint32("num_other_sids", ps, depth,
-				&num_other_sids))
-			return False;
-
-		if (num_other_sids != usr->num_other_sids)
-			return False;
-
-		if (UNMARSHALLING(ps)) {
-			if (usr->num_other_sids) {
-				usr->other_sids = PRS_ALLOC_MEM(ps, DOM_SID2, usr->num_other_sids);
-				usr->other_sids_attrib =
-					PRS_ALLOC_MEM(ps, uint32, usr->num_other_sids);
-			} else {
-				usr->other_sids = NULL;
-				usr->other_sids_attrib = NULL;
-			}
-
-			if ((num_other_sids != 0) &&
-			    ((usr->other_sids == NULL) ||
-			     (usr->other_sids_attrib == NULL)))
-				return False;
-		}
-
-		/* First the pointers to the SIDS and attributes */
-
-		depth++;
-
-		for (i=0; i<usr->num_other_sids; i++) {
-			uint32 ptr = 1;
-
-			if (!prs_uint32("sid_ptr", ps, depth, &ptr))
-				return False;
-
-			if (UNMARSHALLING(ps) && (ptr == 0))
-				return False;
-
-			if (!prs_uint32("attribute", ps, depth,
-					&usr->other_sids_attrib[i]))
-				return False;
-		}
-	
-		for (i = 0; i < usr->num_other_sids; i++) {
-			if(!smb_io_dom_sid2("", &usr->other_sids[i], ps, depth)) /* other domain SIDs */
-				return False;
-		}
-
-		depth--;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_q_sam_logon(const char *desc, NET_Q_SAM_LOGON *q_l, prs_struct *ps, int depth)
-{
-	if (q_l == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_q_sam_logon");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!smb_io_sam_info("", &q_l->sam_id, ps, depth))
-		return False;
-
-	if(!prs_align_uint16(ps))
-		return False;
-
-	if(!prs_uint16("validation_level", ps, depth, &q_l->validation_level))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_r_sam_logon(const char *desc, NET_R_SAM_LOGON *r_l, prs_struct *ps, int depth)
-{
-	if (r_l == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_r_sam_logon");
-	depth++;
-
-	if(!prs_uint32("buffer_creds", ps, depth, &r_l->buffer_creds)) /* undocumented buffer pointer */
-		return False;
-	if (&r_l->buffer_creds) {
-		if(!smb_io_cred("", &r_l->srv_creds, ps, depth)) /* server credentials.  server time stamp appears to be ignored. */
-			return False;
-	}
-
-	if(!prs_uint16("switch_value", ps, depth, &r_l->switch_value))
-		return False;
-	if(!prs_align(ps))
-		return False;
-
-#if 1 /* W2k always needs this - even for bad passwd. JRA */
-	if(!net_io_user_info3("", r_l->user, ps, depth, r_l->switch_value, False))
-		return False;
-#else
-	if (r_l->switch_value != 0) {
-		if(!net_io_user_info3("", r_l->user, ps, depth, r_l->switch_value, False))
-			return False;
-	}
-#endif
-
-	if(!prs_uint32("auth_resp   ", ps, depth, &r_l->auth_resp)) /* 1 - Authoritative response; 0 - Non-Auth? */
-		return False;
-
-	if(!prs_ntstatus("status      ", ps, depth, &r_l->status))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_q_sam_logon_ex(const char *desc, NET_Q_SAM_LOGON_EX *q_l, prs_struct *ps, int depth)
-{
-	if (q_l == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_q_sam_logon_ex");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!smb_io_sam_info_ex("", &q_l->sam_id, ps, depth))
-		return False;
-
-	if(!prs_align_uint16(ps))
-		return False;
-
-	if(!prs_uint16("validation_level", ps, depth, &q_l->validation_level))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("flags  ", ps, depth, &q_l->flags))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_r_sam_logon_ex(const char *desc, NET_R_SAM_LOGON_EX *r_l, prs_struct *ps, int depth)
-{
-	if (r_l == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_r_sam_logon_ex");
-	depth++;
-
-	if(!prs_uint16("switch_value", ps, depth, &r_l->switch_value))
-		return False;
-	if(!prs_align(ps))
-		return False;
-
-#if 1 /* W2k always needs this - even for bad passwd. JRA */
-	if(!net_io_user_info3("", r_l->user, ps, depth, r_l->switch_value, False))
-		return False;
-#else
-	if (r_l->switch_value != 0) {
-		if(!net_io_user_info3("", r_l->user, ps, depth, r_l->switch_value, False))
-			return False;
-	}
-#endif
-
-	if(!prs_uint32("auth_resp   ", ps, depth, &r_l->auth_resp)) /* 1 - Authoritative response; 0 - Non-Auth? */
-		return False;
-
-	if(!prs_uint32("flags   ", ps, depth, &r_l->flags))
-		return False;
-
-	if(!prs_ntstatus("status      ", ps, depth, &r_l->status))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_q_sam_logoff(const char *desc,  NET_Q_SAM_LOGOFF *q_l, prs_struct *ps, int depth)
-{
-	if (q_l == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_q_sam_logoff");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!smb_io_sam_info("", &q_l->sam_id, ps, depth))           /* domain SID */
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes a structure.
-********************************************************************/
-
-bool net_io_r_sam_logoff(const char *desc, NET_R_SAM_LOGOFF *r_l, prs_struct *ps, int depth)
-{
-	if (r_l == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_r_sam_logoff");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	
-	if(!prs_uint32("buffer_creds", ps, depth, &r_l->buffer_creds)) /* undocumented buffer pointer */
-		return False;
-	if(!smb_io_cred("", &r_l->srv_creds, ps, depth)) /* server credentials.  server time stamp appears to be ignored. */
-		return False;
-
-	if(!prs_ntstatus("status      ", ps, depth, &r_l->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-makes a NET_Q_SAM_SYNC structure.
-********************************************************************/
-bool init_net_q_sam_sync(NET_Q_SAM_SYNC * q_s, const char *srv_name,
-                         const char *cli_name, DOM_CRED *cli_creds, 
-                         DOM_CRED *ret_creds, uint32 database_id, 
-			 uint32 next_rid)
-{
-	DEBUG(5, ("init_q_sam_sync\n"));
-
-	init_unistr2(&q_s->uni_srv_name, srv_name, UNI_STR_TERMINATE);
-	init_unistr2(&q_s->uni_cli_name, cli_name, UNI_STR_TERMINATE);
-
-        if (cli_creds)
-                memcpy(&q_s->cli_creds, cli_creds, sizeof(q_s->cli_creds));
-
-	if (cli_creds)
-                memcpy(&q_s->ret_creds, ret_creds, sizeof(q_s->ret_creds));
-	else
-		memset(&q_s->ret_creds, 0, sizeof(q_s->ret_creds));
-
-	q_s->database_id = database_id;
-	q_s->restart_state = 0;
-	q_s->sync_context = next_rid;
-	q_s->max_size = 0xffff;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-bool net_io_q_sam_sync(const char *desc, NET_Q_SAM_SYNC * q_s, prs_struct *ps,
-		       int depth)
-{
-	prs_debug(ps, depth, desc, "net_io_q_sam_sync");
-	depth++;
-
-	if (!smb_io_unistr2("", &q_s->uni_srv_name, True, ps, depth))
-                return False;
-	if (!smb_io_unistr2("", &q_s->uni_cli_name, True, ps, depth))
-                return False;
-
-	if (!smb_io_cred("", &q_s->cli_creds, ps, depth))
-                return False;
-	if (!smb_io_cred("", &q_s->ret_creds, ps, depth))
-                return False;
-
-	if (!prs_uint32("database_id  ", ps, depth, &q_s->database_id))
-                return False;
-	if (!prs_uint32("restart_state", ps, depth, &q_s->restart_state))
-                return False;
-	if (!prs_uint32("sync_context ", ps, depth, &q_s->sync_context))
-                return False;
-
-	if (!prs_uint32("max_size", ps, depth, &q_s->max_size))
-                return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-static bool net_io_sam_delta_hdr(const char *desc, SAM_DELTA_HDR * delta,
-				 prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "net_io_sam_delta_hdr");
-	depth++;
-
-	if (!prs_uint16("type", ps, depth, &delta->type))
-                return False;
-	if (!prs_uint16("type2", ps, depth, &delta->type2))
-                return False;
-	if (!prs_uint32("target_rid", ps, depth, &delta->target_rid))
-                return False;
-
-	if (!prs_uint32("type3", ps, depth, &delta->type3))
-                return False;
-
-        /* Not sure why we need this but it seems to be necessary to get
-           sam deltas working. */
-
-        if (delta->type != 0x16) {
-                if (!prs_uint32("ptr_delta", ps, depth, &delta->ptr_delta))
-                        return False;
-        }
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-static bool net_io_sam_delta_mod_count(const char *desc, SAM_DELTA_MOD_COUNT *info,
-                                   prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "net_io_sam_delta_stamp");
-	depth++;
-
-        if (!prs_uint32("seqnum", ps, depth, &info->seqnum))
-                return False;
-        if (!prs_uint32("dom_mod_count_ptr", ps, depth, 
-                        &info->dom_mod_count_ptr))
-                return False;
-
-        if (info->dom_mod_count_ptr) {
-                if (!prs_uint64("dom_mod_count", ps, depth,
-                                &info->dom_mod_count))
-                        return False;
-        }
-
-        return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-static bool net_io_sam_domain_info(const char *desc, SAM_DOMAIN_INFO * info,
-				   prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "net_io_sam_domain_info");
-	depth++;
-
-	if (!smb_io_unihdr("hdr_dom_name", &info->hdr_dom_name, ps, depth))
-                return False;
-	if (!smb_io_unihdr("hdr_oem_info", &info->hdr_oem_info, ps, depth))
-                return False;
-
-        if (!prs_uint64("force_logoff", ps, depth, &info->force_logoff))
-                return False;
-	if (!prs_uint16("min_pwd_len", ps, depth, &info->min_pwd_len))
-                return False;
-	if (!prs_uint16("pwd_history_len", ps, depth, &info->pwd_history_len))
-                return False;
-	if (!prs_uint64("max_pwd_age", ps, depth, &info->max_pwd_age))
-                return False;
-	if (!prs_uint64("min_pwd_age", ps, depth, &info->min_pwd_age))
-                return False;
-	if (!prs_uint64("dom_mod_count", ps, depth, &info->dom_mod_count))
-                return False;
-	if (!smb_io_time("creation_time", &info->creation_time, ps, depth))
-                return False;
-	if (!prs_uint32("security_information", ps, depth, &info->security_information))
-		return False;
-	if (!smb_io_bufhdr4("hdr_sec_desc", &info->hdr_sec_desc, ps, depth))
-		return False;
-	if (!smb_io_lockout_string_hdr("hdr_account_lockout_string", &info->hdr_account_lockout, ps, depth))
-		return False;
-	if (!smb_io_unihdr("hdr_unknown2", &info->hdr_unknown2, ps, depth))
-		return False;
-	if (!smb_io_unihdr("hdr_unknown3", &info->hdr_unknown3, ps, depth))
-		return False;
-	if (!smb_io_unihdr("hdr_unknown4", &info->hdr_unknown4, ps, depth))
-		return False;
-	if (!prs_uint32("logon_chgpass", ps, depth, &info->logon_chgpass))
-		return False;
-	if (!prs_uint32("unknown6", ps, depth, &info->unknown6))
-		return False;
-	if (!prs_uint32("unknown7", ps, depth, &info->unknown7))
-		return False;
-	if (!prs_uint32("unknown8", ps, depth, &info->unknown8))
-		return False;
-
-	if (!smb_io_unistr2("uni_dom_name", &info->uni_dom_name,
-                            info->hdr_dom_name.buffer, ps, depth))
-                return False;
-	if (!smb_io_unistr2("buf_oem_info", &info->buf_oem_info,
-                            info->hdr_oem_info.buffer, ps, depth))
-                return False;
-
-	if (!smb_io_rpc_blob("buf_sec_desc", &info->buf_sec_desc, ps, depth))
-                return False;
-
-	if (!smb_io_account_lockout_str("account_lockout", &info->account_lockout, 
-					info->hdr_account_lockout.buffer, ps, depth))
-		return False;
-
-	if (!smb_io_unistr2("buf_unknown2", &info->buf_unknown2, 
-			    info->hdr_unknown2.buffer, ps, depth))
-		return False;
-	if (!smb_io_unistr2("buf_unknown3", &info->buf_unknown3, 
-			    info->hdr_unknown3.buffer, ps, depth))
-		return False;
-	if (!smb_io_unistr2("buf_unknown4", &info->buf_unknown4, 
-			    info->hdr_unknown4.buffer, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-static bool net_io_sam_group_info(const char *desc, SAM_GROUP_INFO * info,
-				  prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "net_io_sam_group_info");
-	depth++;
-
-	if (!smb_io_unihdr("hdr_grp_name", &info->hdr_grp_name, ps, depth))
-                return False;
-	if (!smb_io_gid("gid", &info->gid, ps, depth))
-                return False;
-	if (!smb_io_unihdr("hdr_grp_desc", &info->hdr_grp_desc, ps, depth))
-                return False;
-	if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth))
-                return False;
-
-        if (ps->data_offset + 48 > ps->buffer_size)
-                return False;
-	ps->data_offset += 48;
-
-	if (!smb_io_unistr2("uni_grp_name", &info->uni_grp_name,
-                            info->hdr_grp_name.buffer, ps, depth))
-                return False;
-	if (!smb_io_unistr2("uni_grp_desc", &info->uni_grp_desc,
-                            info->hdr_grp_desc.buffer, ps, depth))
-                return False;
-	if (!smb_io_rpc_blob("buf_sec_desc", &info->buf_sec_desc, ps, depth))
-                return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-static bool net_io_sam_passwd_info(const char *desc, SAM_PWD * pwd,
-				   prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "net_io_sam_passwd_info");
-	depth++;
-
-	if (!prs_uint32("unk_0 ", ps, depth, &pwd->unk_0))
-                return False;
-
-	if (!smb_io_unihdr("hdr_lm_pwd", &pwd->hdr_lm_pwd, ps, depth))
-                return False;
-	if (!prs_uint8s(False, "buf_lm_pwd", ps, depth, pwd->buf_lm_pwd, 16))
-                return False;
-
-	if (!smb_io_unihdr("hdr_nt_pwd", &pwd->hdr_nt_pwd, ps, depth))
-                return False;
-	if (!prs_uint8s(False, "buf_nt_pwd", ps, depth, pwd->buf_nt_pwd, 16))
-                return False;
-
-	if (!smb_io_unihdr("", &pwd->hdr_empty_lm, ps, depth))
-                return False;
-	if (!smb_io_unihdr("", &pwd->hdr_empty_nt, ps, depth))
-                return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-static bool net_io_sam_account_info(const char *desc, SAM_ACCOUNT_INFO *info,
-				prs_struct *ps, int depth)
-{
-	BUFHDR2 hdr_priv_data;
-	uint32 i;
-
-	prs_debug(ps, depth, desc, "net_io_sam_account_info");
-	depth++;
-
-	if (!smb_io_unihdr("hdr_acct_name", &info->hdr_acct_name, ps, depth))
-                return False;
-	if (!smb_io_unihdr("hdr_full_name", &info->hdr_full_name, ps, depth))
-                return False;
-
-	if (!prs_uint32("user_rid ", ps, depth, &info->user_rid))
-                return False;
-	if (!prs_uint32("group_rid", ps, depth, &info->group_rid))
-                return False;
-
-	if (!smb_io_unihdr("hdr_home_dir ", &info->hdr_home_dir, ps, depth))
-                return False;
-	if (!smb_io_unihdr("hdr_dir_drive", &info->hdr_dir_drive, ps, depth))
-                return False;
-	if (!smb_io_unihdr("hdr_logon_script", &info->hdr_logon_script, ps,
-                           depth))
-                return False;
-
-	if (!smb_io_unihdr("hdr_acct_desc", &info->hdr_acct_desc, ps, depth))
-                return False;
-	if (!smb_io_unihdr("hdr_workstations", &info->hdr_workstations, ps,
-                           depth))
-                return False;
-
-	if (!smb_io_time("logon_time", &info->logon_time, ps, depth))
-                return False;
-	if (!smb_io_time("logoff_time", &info->logoff_time, ps, depth))
-                return False;
-
-	if (!prs_uint32("logon_divs   ", ps, depth, &info->logon_divs))
-                return False;
-	if (!prs_uint32("ptr_logon_hrs", ps, depth, &info->ptr_logon_hrs))
-                return False;
-
-	if (!prs_uint16("bad_pwd_count", ps, depth, &info->bad_pwd_count))
-                return False;
-	if (!prs_uint16("logon_count", ps, depth, &info->logon_count))
-                return False;
-	if (!smb_io_time("pwd_last_set_time", &info->pwd_last_set_time, ps,
-                         depth))
-                return False;
-	if (!smb_io_time("acct_expiry_time", &info->acct_expiry_time, ps, 
-                         depth))
-                return False;
-
-	if (!prs_uint32("acb_info", ps, depth, &info->acb_info))
-                return False;
-	if (!prs_uint8s(False, "nt_pwd", ps, depth, info->nt_pwd, 16))
-                return False;
-	if (!prs_uint8s(False, "lm_pwd", ps, depth, info->lm_pwd, 16))
-                return False;
-	if (!prs_uint8("lm_pwd_present", ps, depth, &info->lm_pwd_present))
-                return False;
-	if (!prs_uint8("nt_pwd_present", ps, depth, &info->nt_pwd_present))
-                return False;
-	if (!prs_uint8("pwd_expired", ps, depth, &info->pwd_expired))
-                return False;
-
-	if (!smb_io_unihdr("hdr_comment", &info->hdr_comment, ps, depth))
-                return False;
-	if (!smb_io_unihdr("hdr_parameters", &info->hdr_parameters, ps, 
-                           depth))
-                return False;
-	if (!prs_uint16("country", ps, depth, &info->country))
-                return False;
-	if (!prs_uint16("codepage", ps, depth, &info->codepage))
-                return False;
-
-	if (!smb_io_bufhdr2("hdr_priv_data", &hdr_priv_data, ps, depth))
-                return False;
-	if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth))
-                return False;
-	if (!smb_io_unihdr("hdr_profile", &info->hdr_profile, ps, depth))
-                return False;
-
-	for (i = 0; i < 3; i++)
-	{
-		if (!smb_io_unihdr("hdr_reserved", &info->hdr_reserved[i], 
-                                   ps, depth))
-                        return False;                                          
-	}
-
-	for (i = 0; i < 4; i++)
-	{
-		if (!prs_uint32("dw_reserved", ps, depth, 
-                                &info->dw_reserved[i]))
-                        return False;
-	}
-
-	if (!smb_io_unistr2("uni_acct_name", &info->uni_acct_name,
-                            info->hdr_acct_name.buffer, ps, depth))
-                return False;
-	prs_align(ps);
-	if (!smb_io_unistr2("uni_full_name", &info->uni_full_name,
-                            info->hdr_full_name.buffer, ps, depth))
-                return False;
-	prs_align(ps);
-	if (!smb_io_unistr2("uni_home_dir ", &info->uni_home_dir,
-                            info->hdr_home_dir.buffer, ps, depth))
-                return False;
-	prs_align(ps);
-	if (!smb_io_unistr2("uni_dir_drive", &info->uni_dir_drive,
-                            info->hdr_dir_drive.buffer, ps, depth))
-                return False;
-	prs_align(ps);
-	if (!smb_io_unistr2("uni_logon_script", &info->uni_logon_script,
-                            info->hdr_logon_script.buffer, ps, depth))
-                return False;
-	prs_align(ps);
-	if (!smb_io_unistr2("uni_acct_desc", &info->uni_acct_desc,
-                            info->hdr_acct_desc.buffer, ps, depth))
-                return False;
-	prs_align(ps);
-	if (!smb_io_unistr2("uni_workstations", &info->uni_workstations,
-                            info->hdr_workstations.buffer, ps, depth))
-                return False;
-	prs_align(ps);
-
-	if (!prs_uint32("unknown1", ps, depth, &info->unknown1))
-                return False;
-	if (!prs_uint32("unknown2", ps, depth, &info->unknown2))
-                return False;
-
-	if (!smb_io_rpc_blob("buf_logon_hrs", &info->buf_logon_hrs, ps, depth))
-                return False;
-	prs_align(ps);
-	if (!smb_io_unistr2("uni_comment", &info->uni_comment,
-                            info->hdr_comment.buffer, ps, depth))
-                return False;
-	prs_align(ps);
-	if (!smb_io_unistr2("uni_parameters", &info->uni_parameters,
-                            info->hdr_parameters.buffer, ps, depth))
-                return False;
-	prs_align(ps);
-	if (hdr_priv_data.buffer != 0)
-	{
-		int old_offset = 0;
-		uint32 len = 0x44;
-		if (!prs_uint32("pwd_len", ps, depth, &len))
-                        return False;
-		old_offset = ps->data_offset;
-		if (len > 0)
-		{
-			if (ps->io)
-			{
-				/* reading */
-                                if (!prs_hash1(ps, ps->data_offset, len))
-                                        return False;
-			}
-			if (!net_io_sam_passwd_info("pass", &info->pass, 
-                                                    ps, depth))
-                                return False;
-
-			if (!ps->io)
-			{
-				/* writing */
-                                if (!prs_hash1(ps, old_offset, len))
-                                        return False;
-			}
-		}
-                if (old_offset + len > ps->buffer_size)
-                        return False;
-		ps->data_offset = old_offset + len;
-	}
-	if (!smb_io_rpc_blob("buf_sec_desc", &info->buf_sec_desc, ps, depth))
-                return False;
-	prs_align(ps);
-	if (!smb_io_unistr2("uni_profile", &info->uni_profile,
-                            info->hdr_profile.buffer, ps, depth))
-                return False;
-
-	prs_align(ps);
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-static bool net_io_sam_group_mem_info(const char *desc, SAM_GROUP_MEM_INFO * info,
-				      prs_struct *ps, int depth)
-{
-	uint32 i;
-	fstring tmp;
-
-	prs_debug(ps, depth, desc, "net_io_sam_group_mem_info");
-	depth++;
-
-	prs_align(ps);
-	if (!prs_uint32("ptr_rids   ", ps, depth, &info->ptr_rids))
-                return False;
-	if (!prs_uint32("ptr_attribs", ps, depth, &info->ptr_attribs))
-                return False;
-	if (!prs_uint32("num_members", ps, depth, &info->num_members))
-                return False;
-
-        if (ps->data_offset + 16 > ps->buffer_size)
-                return False;
-	ps->data_offset += 16;
-
-	if (info->ptr_rids != 0)
-	{
-		if (!prs_uint32("num_members2", ps, depth, 
-                                &info->num_members2))
-                        return False;
-
-		if (info->num_members2 != info->num_members)
-		{
-			/* RPC fault */
-			return False;
-		}
-
-		if (UNMARSHALLING(ps)) {
-			if (info->num_members2) {
-				info->rids = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_members2);
-
-				if (info->rids == NULL) {
-					DEBUG(0, ("out of memory allocating %d rids\n",
-						info->num_members2));
-					return False;
-				}
-			} else {
-				info->rids = NULL;
-			}
-		}
-
-		for (i = 0; i < info->num_members2; i++)
-		{
-			slprintf(tmp, sizeof(tmp) - 1, "rids[%02d]", i);
-			if (!prs_uint32(tmp, ps, depth, &info->rids[i]))
-                                return False;
-		}
-	}
-
-	if (info->ptr_attribs != 0)
-	{
-		if (!prs_uint32("num_members3", ps, depth, 
-                                &info->num_members3))
-                        return False;
-		if (info->num_members3 != info->num_members)
-		{
-			/* RPC fault */
-			return False;
-		}
-
-		if (UNMARSHALLING(ps)) {
-			if (info->num_members3) {
-				info->attribs = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_members3);
-
-				if (info->attribs == NULL) {
-					DEBUG(0, ("out of memory allocating %d attribs\n",
-						info->num_members3));
-					return False;
-				}
-			} else {
-				info->attribs = NULL;
-			}
-		}	
-
-		for (i = 0; i < info->num_members3; i++)
-		{
-			slprintf(tmp, sizeof(tmp) - 1, "attribs[%02d]", i);
-			if (!prs_uint32(tmp, ps, depth, &info->attribs[i]))
-                                return False;
-		}
-	}
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-static bool net_io_sam_alias_info(const char *desc, SAM_ALIAS_INFO * info,
-				  prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "net_io_sam_alias_info");
-	depth++;
-
-	if (!smb_io_unihdr("hdr_als_name", &info->hdr_als_name, ps, depth))
-                return False;
-	if (!prs_uint32("als_rid", ps, depth, &info->als_rid))
-                return False;
-	if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth))
-                return False;
-	if (!smb_io_unihdr("hdr_als_desc", &info->hdr_als_desc, ps, depth))
-                return False;
-
-        if (ps->data_offset + 40 > ps->buffer_size)
-                return False;
-	ps->data_offset += 40;
-
-	if (!smb_io_unistr2("uni_als_name", &info->uni_als_name,
-                            info->hdr_als_name.buffer, ps, depth))
-                return False;
-	if (!smb_io_rpc_blob("buf_sec_desc", &info->buf_sec_desc, ps, depth))
-                return False;
-
-	if (!smb_io_unistr2("uni_als_desc", &info->uni_als_desc,
-			    info->hdr_als_desc.buffer, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-static bool net_io_sam_alias_mem_info(const char *desc, SAM_ALIAS_MEM_INFO * info,
-				      prs_struct *ps, int depth)
-{
-	uint32 i;
-	fstring tmp;
-
-	prs_debug(ps, depth, desc, "net_io_sam_alias_mem_info");
-	depth++;
-
-	prs_align(ps);
-	if (!prs_uint32("num_members", ps, depth, &info->num_members))
-                return False;
-	if (!prs_uint32("ptr_members", ps, depth, &info->ptr_members))
-                return False;
-
-	if (ps->data_offset + 16 > ps->buffer_size)
-		return False;
-	ps->data_offset += 16;
-
-	if (info->ptr_members != 0)
-	{
-		if (!prs_uint32("num_sids", ps, depth, &info->num_sids))
-                        return False;
-		if (info->num_sids != info->num_members)
-		{
-			/* RPC fault */
-			return False;
-		}
-
-		if (UNMARSHALLING(ps)) {
-			if (info->num_sids) {
-				info->ptr_sids = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_sids);
-                
-				if (info->ptr_sids == NULL) {
-					DEBUG(0, ("out of memory allocating %d ptr_sids\n",
-						info->num_sids));
-					return False;
-				}
-			} else {
-				info->ptr_sids = NULL;
-			}
-		}
-
-		for (i = 0; i < info->num_sids; i++)
-		{
-			slprintf(tmp, sizeof(tmp) - 1, "ptr_sids[%02d]", i);
-			if (!prs_uint32(tmp, ps, depth, &info->ptr_sids[i]))
-                                return False;
-		}
-
-		if (UNMARSHALLING(ps)) {
-			if (info->num_sids) {
-				info->sids = TALLOC_ARRAY(ps->mem_ctx, DOM_SID2, info->num_sids);
-
-				if (info->sids == NULL) {
-					DEBUG(0, ("error allocating %d sids\n",
-						info->num_sids));
-					return False;
-				}
-			} else {
-				info->sids = NULL;
-			}
-		}
-
-		for (i = 0; i < info->num_sids; i++)
-		{
-			if (info->ptr_sids[i] != 0)
-			{
-				slprintf(tmp, sizeof(tmp) - 1, "sids[%02d]",
-					 i);
-				if (!smb_io_dom_sid2(tmp, &info->sids[i], 
-                                                     ps, depth))
-                                        return False;
-			}
-		}
-	}
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-static bool net_io_sam_policy_info(const char *desc, SAM_DELTA_POLICY *info,
-				      prs_struct *ps, int depth)
-{
-	unsigned int i;
-	prs_debug(ps, depth, desc, "net_io_sam_policy_info");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("max_log_size", ps, depth, &info->max_log_size))
-                return False;
-	if (!prs_uint64("audit_retention_period", ps, depth,
-			&info->audit_retention_period))
-                return False;
-	if (!prs_uint32("auditing_mode", ps, depth, &info->auditing_mode))
-                return False;
-	if (!prs_uint32("num_events", ps, depth, &info->num_events))
-                return False;
-	if (!prs_uint32("ptr_events", ps, depth, &info->ptr_events))
-                return False;
-
-	if (!smb_io_unihdr("hdr_dom_name", &info->hdr_dom_name, ps, depth))
-		return False;
-
-	if (!prs_uint32("sid_ptr", ps, depth, &info->sid_ptr))
-                return False;
-
-	if (!prs_uint32("paged_pool_limit", ps, depth, &info->paged_pool_limit))
-                return False;
-	if (!prs_uint32("non_paged_pool_limit", ps, depth,
-			&info->non_paged_pool_limit))
-                return False;
-	if (!prs_uint32("min_workset_size", ps, depth, &info->min_workset_size))
-                return False;
-	if (!prs_uint32("max_workset_size", ps, depth, &info->max_workset_size))
-                return False;
-	if (!prs_uint32("page_file_limit", ps, depth, &info->page_file_limit))
-                return False;
-	if (!prs_uint64("time_limit", ps, depth, &info->time_limit))
-                return False;
-	if (!smb_io_time("modify_time", &info->modify_time, ps, depth))
-                return False;
-	if (!smb_io_time("create_time", &info->create_time, ps, depth))
-                return False;
-	if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth))
-                return False;
-
-	for (i=0; i<4; i++) {
-		UNIHDR dummy;
-		if (!smb_io_unihdr("dummy", &dummy, ps, depth))
-			return False;
-	}
-
-	for (i=0; i<4; i++) {
-		uint32 reserved;
-		if (!prs_uint32("reserved", ps, depth, &reserved))
-			return False;
-	}
-
-	if (!prs_uint32("num_event_audit_options", ps, depth,
-			&info->num_event_audit_options))
-                return False;
-
-	for (i=0; i<info->num_event_audit_options; i++)
-		if (!prs_uint32("event_audit_option", ps, depth,
-				&info->event_audit_option))
-			return False;
-
-	if (!smb_io_unistr2("domain_name", &info->domain_name, True, ps, depth))
-                return False;
-
-	if(!smb_io_dom_sid2("domain_sid", &info->domain_sid, ps, depth))
-		return False;
-
-	if (!smb_io_rpc_blob("buf_sec_desc", &info->buf_sec_desc, ps, depth))
-
-		return False;
-
-	return True;
-}
-
-#if 0
-
-/* This function is pretty broken - see bug #334 */
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-static bool net_io_sam_trustdoms_info(const char *desc, SAM_DELTA_TRUSTDOMS *info,
-				      prs_struct *ps, int depth)
-{
-	int i;
-
-	prs_debug(ps, depth, desc, "net_io_sam_trustdoms_info");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("buf_size", ps, depth, &info->buf_size))
-                return False;
-
-	if(!sec_io_desc("sec_desc", &info->sec_desc, ps, depth))
-		return False;
-
-	if(!smb_io_dom_sid2("sid", &info->sid, ps, depth))
-		return False;
-
-	if(!smb_io_unihdr("hdr_domain", &info->hdr_domain, ps, depth))
-		return False;
-
-	if(!prs_uint32("unknown0", ps, depth, &info->unknown0))
-                return False;
-	if(!prs_uint32("unknown1", ps, depth, &info->unknown1))
-                return False;
-	if(!prs_uint32("unknown2", ps, depth, &info->unknown2))
-                return False;
-
-	if(!prs_uint32("buf_size2", ps, depth, &info->buf_size2))
-                return False;
-	if(!prs_uint32("ptr", ps, depth, &info->ptr))
-                return False;
-
-	for (i=0; i<12; i++)
-		if(!prs_uint32("unknown3", ps, depth, &info->unknown3))
-                	return False;
-
-	if (!smb_io_unistr2("domain", &info->domain, True, ps, depth))
-                return False;
-
-	return True;
-}
-
-#endif
-
-#if 0
-
-/* This function doesn't work - see bug #334 */
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-static bool net_io_sam_secret_info(const char *desc, SAM_DELTA_SECRET *info,
-				   prs_struct *ps, int depth)
-{
-	int i;
-
-	prs_debug(ps, depth, desc, "net_io_sam_secret_info");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("buf_size", ps, depth, &info->buf_size))
-                return False;
-
-	if(!sec_io_desc("sec_desc", &info->sec_desc, ps, depth))
-		return False;
-
-	if (!smb_io_unistr2("secret", &info->secret, True, ps, depth))
-                return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("count1", ps, depth, &info->count1))
-                return False;
-	if(!prs_uint32("count2", ps, depth, &info->count2))
-                return False;
-	if(!prs_uint32("ptr", ps, depth, &info->ptr))
-                return False;
-
-
-	if(!smb_io_time("time1", &info->time1, ps, depth)) /* logon time */
-		return False;
-	if(!prs_uint32("count3", ps, depth, &info->count3))
-                return False;
-	if(!prs_uint32("count4", ps, depth, &info->count4))
-                return False;
-	if(!prs_uint32("ptr2", ps, depth, &info->ptr2))
-                return False;
-	if(!smb_io_time("time2", &info->time2, ps, depth)) /* logon time */
-		return False;
-	if(!prs_uint32("unknow1", ps, depth, &info->unknow1))
-                return False;
-
-
-	if(!prs_uint32("buf_size2", ps, depth, &info->buf_size2))
-                return False;
-	if(!prs_uint32("ptr3", ps, depth, &info->ptr3))
-                return False;
-	for(i=0; i<12; i++)
-		if(!prs_uint32("unknow2", ps, depth, &info->unknow2))
-                	return False;
-
-	if(!prs_uint32("chal_len", ps, depth, &info->chal_len))
-                return False;
-	if(!prs_uint32("reserved1", ps, depth, &info->reserved1))
-                return False;
-	if(!prs_uint32("chal_len2", ps, depth, &info->chal_len2))
-                return False;
-
-	if(!prs_uint8s (False, "chal", ps, depth, info->chal, info->chal_len2))
-		return False;
-
-	if(!prs_uint32("key_len", ps, depth, &info->key_len))
-                return False;
-	if(!prs_uint32("reserved2", ps, depth, &info->reserved2))
-                return False;
-	if(!prs_uint32("key_len2", ps, depth, &info->key_len2))
-                return False;
-
-	if(!prs_uint8s (False, "key", ps, depth, info->key, info->key_len2))
-		return False;
-
-
-	if(!prs_uint32("buf_size3", ps, depth, &info->buf_size3))
-                return False;
-
-	if(!sec_io_desc("sec_desc2", &info->sec_desc2, ps, depth))
-		return False;
-
-
-	return True;
-}
-
-#endif
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-static bool net_io_sam_privs_info(const char *desc, SAM_DELTA_PRIVS *info,
-				      prs_struct *ps, int depth)
-{
-	unsigned int i;
-
-	prs_debug(ps, depth, desc, "net_io_sam_privs_info");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_dom_sid2("sid", &info->sid, ps, depth))
-		return False;
-
-	if(!prs_uint32("priv_count", ps, depth, &info->priv_count))
-                return False;
-	if(!prs_uint32("priv_control", ps, depth, &info->priv_control))
-                return False;
-
-	if(!prs_uint32("priv_attr_ptr", ps, depth, &info->priv_attr_ptr))
-                return False;
-	if(!prs_uint32("priv_name_ptr", ps, depth, &info->priv_name_ptr))
-                return False;
-
-	if (!prs_uint32("paged_pool_limit", ps, depth, &info->paged_pool_limit))
-                return False;
-	if (!prs_uint32("non_paged_pool_limit", ps, depth,
-			&info->non_paged_pool_limit))
-                return False;
-	if (!prs_uint32("min_workset_size", ps, depth, &info->min_workset_size))
-                return False;
-	if (!prs_uint32("max_workset_size", ps, depth, &info->max_workset_size))
-                return False;
-	if (!prs_uint32("page_file_limit", ps, depth, &info->page_file_limit))
-                return False;
-	if (!prs_uint64("time_limit", ps, depth, &info->time_limit))
-                return False;
-	if (!prs_uint32("system_flags", ps, depth, &info->system_flags))
-                return False;
-	if (!smb_io_bufhdr2("hdr_sec_desc", &info->hdr_sec_desc, ps, depth))
-                return False;
-
-	for (i=0; i<4; i++) {
-		UNIHDR dummy;
-		if (!smb_io_unihdr("dummy", &dummy, ps, depth))
-			return False;
-	}
-
-	for (i=0; i<4; i++) {
-		uint32 reserved;
-		if (!prs_uint32("reserved", ps, depth, &reserved))
-			return False;
-	}
-
-	if(!prs_uint32("attribute_count", ps, depth, &info->attribute_count))
-                return False;
-
-	if (UNMARSHALLING(ps)) {
-		if (info->attribute_count) {
-			info->attributes = TALLOC_ARRAY(ps->mem_ctx, uint32, info->attribute_count);
-			if (!info->attributes) {
-				return False;
-			}
-		} else {
-			info->attributes = NULL;
-		}
-	}
-
-	for (i=0; i<info->attribute_count; i++)
-		if(!prs_uint32("attributes", ps, depth, &info->attributes[i]))
-	                return False;
-
-	if(!prs_uint32("privlist_count", ps, depth, &info->privlist_count))
-                return False;
-
-	if (UNMARSHALLING(ps)) {
-		if (info->privlist_count) {
-			info->hdr_privslist = TALLOC_ARRAY(ps->mem_ctx, UNIHDR, info->privlist_count);
-			info->uni_privslist = TALLOC_ARRAY(ps->mem_ctx, UNISTR2, info->privlist_count);
-			if (!info->hdr_privslist) {
-				return False;
-			}
-			if (!info->uni_privslist) {
-				return False;
-			}
-		} else {
-			info->hdr_privslist = NULL;
-			info->uni_privslist = NULL;
-		}
-	}
-
-	for (i=0; i<info->privlist_count; i++)
-		if(!smb_io_unihdr("hdr_privslist", &info->hdr_privslist[i], ps, depth))
-			return False;
-
-	for (i=0; i<info->privlist_count; i++)
-		if (!smb_io_unistr2("uni_privslist", &info->uni_privslist[i], True, ps, depth))
-			return False;
-
-	if (!smb_io_rpc_blob("buf_sec_desc", &info->buf_sec_desc, ps, depth))
-                return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-static bool net_io_sam_delta_ctr(const char *desc,
-				 SAM_DELTA_CTR * delta, uint16 type,
-				 prs_struct *ps, int depth)
-{
-	prs_debug(ps, depth, desc, "net_io_sam_delta_ctr");
-	depth++;
-
-	switch (type) {
-                /* Seen in sam deltas */
-                case SAM_DELTA_MODIFIED_COUNT:
-                        if (!net_io_sam_delta_mod_count("", &delta->mod_count, ps, depth))
-                                return False;
-                        break;
-
-		case SAM_DELTA_DOMAIN_INFO:
-			if (!net_io_sam_domain_info("", &delta->domain_info, ps, depth))
-                                return False;
-			break;
-
-		case SAM_DELTA_GROUP_INFO:
-			if (!net_io_sam_group_info("", &delta->group_info, ps, depth))
-                                return False;
-			break;
-
-		case SAM_DELTA_ACCOUNT_INFO:
-			if (!net_io_sam_account_info("", &delta->account_info, ps, depth))
-                                return False;
-			break;
-
-		case SAM_DELTA_GROUP_MEM:
-			if (!net_io_sam_group_mem_info("", &delta->grp_mem_info, ps, depth))
-                                return False;
-			break;
-
-		case SAM_DELTA_ALIAS_INFO:
-                        if (!net_io_sam_alias_info("", &delta->alias_info, ps, depth))
-                                return False;
-			break;
-
-		case SAM_DELTA_POLICY_INFO:
-                        if (!net_io_sam_policy_info("", &delta->policy_info, ps, depth))
-                                return False;
-			break;
-
-		case SAM_DELTA_ALIAS_MEM:
-			if (!net_io_sam_alias_mem_info("", &delta->als_mem_info, ps, depth))
-                                return False;
-			break;
-
-		case SAM_DELTA_PRIVS_INFO:
-			if (!net_io_sam_privs_info("", &delta->privs_info, ps, depth))
-                                return False;
-			break;
-
-			/* These guys are implemented but broken */
-
- 	        case SAM_DELTA_TRUST_DOMS:
-		case SAM_DELTA_SECRET_INFO:
-			break;
-
-			/* These guys are not implemented yet */
-
-  	        case SAM_DELTA_RENAME_GROUP:
-	        case SAM_DELTA_RENAME_USER:
-	        case SAM_DELTA_RENAME_ALIAS:
-	        case SAM_DELTA_DELETE_GROUP:
-	        case SAM_DELTA_DELETE_USER:
-		default:
-			DEBUG(0, ("Replication error: Unknown delta type 0x%x\n", type));
-			break;
-	}
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-bool net_io_r_sam_sync(const char *desc,
-		       NET_R_SAM_SYNC * r_s, prs_struct *ps, int depth)
-{
-	uint32 i;
-
-	prs_debug(ps, depth, desc, "net_io_r_sam_sync");
-	depth++;
-
-	if (!smb_io_cred("srv_creds", &r_s->srv_creds, ps, depth))
-                return False;
-	if (!prs_uint32("sync_context", ps, depth, &r_s->sync_context))
-                return False;
-
-	if (!prs_uint32("ptr_deltas", ps, depth, &r_s->ptr_deltas))
-                return False;
-	if (r_s->ptr_deltas != 0)
-	{
-		if (!prs_uint32("num_deltas ", ps, depth, &r_s->num_deltas))
-                        return False;
-		if (!prs_uint32("ptr_deltas2", ps, depth, &r_s->ptr_deltas2))
-                        return False;
-		if (r_s->ptr_deltas2 != 0)
-		{
-			if (!prs_uint32("num_deltas2", ps, depth,
-                                        &r_s->num_deltas2))
-                                return False;
-
-			if (r_s->num_deltas2 != r_s->num_deltas)
-			{
-				/* RPC fault */
-				return False;
-			}
-
-			if (UNMARSHALLING(ps)) {
-	                        if (r_s->num_deltas2) {
-					r_s->hdr_deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_HDR, r_s->num_deltas2);
-					if (r_s->hdr_deltas == NULL) {
-						DEBUG(0, ("error tallocating memory "
-							"for %d delta headers\n", 
-							r_s->num_deltas2));
-						return False;
-					}
-				} else {
-					r_s->hdr_deltas = NULL;
-				}
-			}
-
-			for (i = 0; i < r_s->num_deltas2; i++)
-			{
-				if (!net_io_sam_delta_hdr("", 
-                                                          &r_s->hdr_deltas[i],
-                                                          ps, depth))
-                                        return False;
-			}
-
-			if (UNMARSHALLING(ps)) {
-				if (r_s->num_deltas2) {
-					r_s->deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_CTR, r_s->num_deltas2);
-					if (r_s->deltas == NULL) {
-						DEBUG(0, ("error tallocating memory "
-							"for %d deltas\n", 
-							r_s->num_deltas2));
-						return False;
-					}
-				} else {
-					r_s->deltas = NULL;
-				}
-			}
-
-			for (i = 0; i < r_s->num_deltas2; i++)
-			{
-				if (!net_io_sam_delta_ctr(
-                                        "", &r_s->deltas[i],
-                                        r_s->hdr_deltas[i].type3,
-                                        ps, depth)) {
-                                        DEBUG(0, ("hmm, failed on i=%d\n", i));
-                                        return False;
-                                }
-			}
-		}
-	}
-
-	prs_align(ps);
-	if (!prs_ntstatus("status", ps, depth, &(r_s->status)))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-makes a NET_Q_SAM_DELTAS structure.
-********************************************************************/
-bool init_net_q_sam_deltas(NET_Q_SAM_DELTAS *q_s, const char *srv_name, 
-                           const char *cli_name, DOM_CRED *cli_creds, 
-                           uint32 database_id, uint64 dom_mod_count)
-{
-	DEBUG(5, ("init_net_q_sam_deltas\n"));
-
-	init_unistr2(&q_s->uni_srv_name, srv_name, UNI_STR_TERMINATE);
-	init_unistr2(&q_s->uni_cli_name, cli_name, UNI_STR_TERMINATE);
-
-	memcpy(&q_s->cli_creds, cli_creds, sizeof(q_s->cli_creds));
-	memset(&q_s->ret_creds, 0, sizeof(q_s->ret_creds));
-
-	q_s->database_id = database_id;
-    q_s->dom_mod_count = dom_mod_count;
-	q_s->max_size = 0xffff;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-bool net_io_q_sam_deltas(const char *desc, NET_Q_SAM_DELTAS *q_s, prs_struct *ps,
-                         int depth)
-{
-	prs_debug(ps, depth, desc, "net_io_q_sam_deltas");
-	depth++;
-
-	if (!smb_io_unistr2("", &q_s->uni_srv_name, True, ps, depth))
-                return False;
-	if (!smb_io_unistr2("", &q_s->uni_cli_name, True, ps, depth))
-                return False;
-
-	if (!smb_io_cred("", &q_s->cli_creds, ps, depth))
-                return False;
-	if (!smb_io_cred("", &q_s->ret_creds, ps, depth))
-                return False;
-
-	if (!prs_uint32("database_id  ", ps, depth, &q_s->database_id))
-                return False;
-        if (!prs_uint64("dom_mod_count", ps, depth, &q_s->dom_mod_count))
-                return False;
-	if (!prs_uint32("max_size", ps, depth, &q_s->max_size))
-                return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-bool net_io_r_sam_deltas(const char *desc,
-                         NET_R_SAM_DELTAS *r_s, prs_struct *ps, int depth)
-{
-        unsigned int i;
-
-	prs_debug(ps, depth, desc, "net_io_r_sam_deltas");
-	depth++;
-
-	if (!smb_io_cred("srv_creds", &r_s->srv_creds, ps, depth))
-                return False;
-        if (!prs_uint64("dom_mod_count", ps, depth, &r_s->dom_mod_count))
-                return False;
-
-	if (!prs_uint32("ptr_deltas", ps, depth, &r_s->ptr_deltas))
-                return False;
-	if (!prs_uint32("num_deltas", ps, depth, &r_s->num_deltas))
-                return False;
-	if (!prs_uint32("ptr_deltas2", ps, depth, &r_s->num_deltas2))
-                return False;
-
-	if (r_s->num_deltas2 != 0)
-	{
-		if (!prs_uint32("num_deltas2 ", ps, depth, &r_s->num_deltas2))
-                        return False;
-
-		if (r_s->ptr_deltas != 0)
-		{
-			if (UNMARSHALLING(ps)) {
-	                        if (r_s->num_deltas) {
-					r_s->hdr_deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_HDR, r_s->num_deltas);
-					if (r_s->hdr_deltas == NULL) {
-						DEBUG(0, ("error tallocating memory "
-							"for %d delta headers\n", 
-							r_s->num_deltas));
-						return False;
-					}
-				} else {
-					r_s->hdr_deltas = NULL;
-				}
-			}
-
-			for (i = 0; i < r_s->num_deltas; i++)
-			{
-				net_io_sam_delta_hdr("", &r_s->hdr_deltas[i],
-                                                      ps, depth);
-			}
-                        
-			if (UNMARSHALLING(ps)) {
-				if (r_s->num_deltas) {
-					r_s->deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_CTR, r_s->num_deltas);
-					if (r_s->deltas == NULL) {
-						DEBUG(0, ("error tallocating memory "
-							"for %d deltas\n", 
-							r_s->num_deltas));
-						return False;
-					}
-				} else {
-					r_s->deltas = NULL;
-				}
-			}
-
-			for (i = 0; i < r_s->num_deltas; i++)
-			{
-				if (!net_io_sam_delta_ctr(
-                                        "",
-                                        &r_s->deltas[i],
-                                        r_s->hdr_deltas[i].type2,
-                                        ps, depth))
-                                        
-                                        return False;
-			}
-		}
-	}
-
-	prs_align(ps);
-	if (!prs_ntstatus("status", ps, depth, &r_s->status))
-                return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits a NET_Q_DSR_GETDCNAME structure.
-********************************************************************/
-
-void init_net_q_dsr_getdcname(NET_Q_DSR_GETDCNAME *r_t, const char *server_unc,
-			      const char *domain_name,
-			      struct GUID *domain_guid,
-			      struct GUID *site_guid,
-			      uint32_t flags)
-{
-	DEBUG(5, ("init_net_q_dsr_getdcname\n"));
-
-	r_t->ptr_server_unc = (server_unc != NULL);
-	init_unistr2(&r_t->uni_server_unc, server_unc, UNI_STR_TERMINATE);
-
-	r_t->ptr_domain_name = (domain_name != NULL);
-	init_unistr2(&r_t->uni_domain_name, domain_name, UNI_STR_TERMINATE);
-
-	r_t->ptr_domain_guid = (domain_guid != NULL);
-	r_t->domain_guid = domain_guid;
-
-	r_t->ptr_site_guid = (site_guid != NULL);
-	r_t->site_guid = site_guid;
-
-	r_t->flags = flags;
-}
-
-/*******************************************************************
- Inits a NET_Q_DSR_GETDCNAMEEX structure.
-********************************************************************/
-
-void init_net_q_dsr_getdcnameex(NET_Q_DSR_GETDCNAMEEX *r_t, const char *server_unc,
-				const char *domain_name,
-				struct GUID *domain_guid,
-				const char *site_name,
-				uint32_t flags)
-{
-	DEBUG(5, ("init_net_q_dsr_getdcnameex\n"));
-
-	r_t->ptr_server_unc = (server_unc != NULL);
-	init_unistr2(&r_t->uni_server_unc, server_unc, UNI_STR_TERMINATE);
-
-	r_t->ptr_domain_name = (domain_name != NULL);
-	init_unistr2(&r_t->uni_domain_name, domain_name, UNI_STR_TERMINATE);
-
-	r_t->ptr_domain_guid = (domain_guid != NULL);
-	r_t->domain_guid = domain_guid;
-
-	r_t->ptr_site_name = (site_name != NULL);
-	init_unistr2(&r_t->uni_site_name, site_name, UNI_STR_TERMINATE);
-
-	r_t->flags = flags;
-}
-
-/*******************************************************************
- Inits a NET_Q_DSR_GETDCNAMEEX2 structure.
-********************************************************************/
-
-void init_net_q_dsr_getdcnameex2(NET_Q_DSR_GETDCNAMEEX2 *r_t, const char *server_unc,
-				 const char *domain_name,
-				 const char *client_account,
-				 uint32 mask,
-				 struct GUID *domain_guid,
-				 const char *site_name,
-				 uint32_t flags)
-{
-	DEBUG(5, ("init_net_q_dsr_getdcnameex2\n"));
-
-	r_t->ptr_server_unc = (server_unc != NULL);
-	init_unistr2(&r_t->uni_server_unc, server_unc, UNI_STR_TERMINATE);
-
-	r_t->ptr_client_account = (client_account != NULL);
-	init_unistr2(&r_t->uni_client_account, client_account, UNI_STR_TERMINATE);
-
-	r_t->mask = mask;
-
-	r_t->ptr_domain_name = (domain_name != NULL);
-	init_unistr2(&r_t->uni_domain_name, domain_name, UNI_STR_TERMINATE);
-
-	r_t->ptr_domain_guid = (domain_guid != NULL);
-	r_t->domain_guid = domain_guid;
-
-	r_t->ptr_site_name = (site_name != NULL);
-	init_unistr2(&r_t->uni_site_name, site_name, UNI_STR_TERMINATE);
-
-	r_t->flags = flags;
-}
-
-/*******************************************************************
- Reads or writes an NET_Q_DSR_GETDCNAME structure.
-********************************************************************/
-
-bool net_io_q_dsr_getdcname(const char *desc, NET_Q_DSR_GETDCNAME *r_t,
-			    prs_struct *ps, int depth)
-{
-	if (r_t == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_q_dsr_getdcname");
-	depth++;
-
-	if (!prs_uint32("ptr_server_unc", ps, depth, &r_t->ptr_server_unc))
-		return False;
-
-	if (!smb_io_unistr2("server_unc", &r_t->uni_server_unc,
-			    r_t->ptr_server_unc, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("ptr_domain_name", ps, depth, &r_t->ptr_domain_name))
-		return False;
-
-	if (!smb_io_unistr2("domain_name", &r_t->uni_domain_name,
-			    r_t->ptr_domain_name, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("ptr_domain_guid", ps, depth, &r_t->ptr_domain_guid))
-		return False;
-
-	if (UNMARSHALLING(ps) && (r_t->ptr_domain_guid)) {
-		r_t->domain_guid = PRS_ALLOC_MEM(ps, struct GUID, 1);
-		if (r_t->domain_guid == NULL)
-			return False;
-	}
-
-	if ((r_t->ptr_domain_guid) &&
-	    (!smb_io_uuid("domain_guid", r_t->domain_guid, ps, depth)))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("ptr_site_guid", ps, depth, &r_t->ptr_site_guid))
-		return False;
-
-	if (UNMARSHALLING(ps) && (r_t->ptr_site_guid)) {
-		r_t->site_guid = PRS_ALLOC_MEM(ps, struct GUID, 1);
-		if (r_t->site_guid == NULL)
-			return False;
-	}
-
-	if ((r_t->ptr_site_guid) &&
-	    (!smb_io_uuid("site_guid", r_t->site_guid, ps, depth)))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("flags", ps, depth, &r_t->flags))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an NET_Q_DSR_GETDCNAMEEX structure.
-********************************************************************/
-
-bool net_io_q_dsr_getdcnameex(const char *desc, NET_Q_DSR_GETDCNAMEEX *r_t,
-			      prs_struct *ps, int depth)
-{
-	if (r_t == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_q_dsr_getdcnameex");
-	depth++;
-
-	if (!prs_uint32("ptr_server_unc", ps, depth, &r_t->ptr_server_unc))
-		return False;
-
-	if (!smb_io_unistr2("server_unc", &r_t->uni_server_unc,
-			    r_t->ptr_server_unc, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("ptr_domain_name", ps, depth, &r_t->ptr_domain_name))
-		return False;
-
-	if (!smb_io_unistr2("domain_name", &r_t->uni_domain_name,
-			    r_t->ptr_domain_name, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("ptr_domain_guid", ps, depth, &r_t->ptr_domain_guid))
-		return False;
-
-	if (UNMARSHALLING(ps) && (r_t->ptr_domain_guid)) {
-		r_t->domain_guid = PRS_ALLOC_MEM(ps, struct GUID, 1);
-		if (r_t->domain_guid == NULL)
-			return False;
-	}
-
-	if ((r_t->ptr_domain_guid) &&
-	    (!smb_io_uuid("domain_guid", r_t->domain_guid, ps, depth)))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("ptr_site_name", ps, depth, &r_t->ptr_site_name))
-		return False;
-
-	if (!smb_io_unistr2("site_name", &r_t->uni_site_name,
-			    r_t->ptr_site_name, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("flags", ps, depth, &r_t->flags))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an NET_Q_DSR_GETDCNAMEEX2 structure.
-********************************************************************/
-
-bool net_io_q_dsr_getdcnameex2(const char *desc, NET_Q_DSR_GETDCNAMEEX2 *r_t,
-			       prs_struct *ps, int depth)
-{
-	if (r_t == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_q_dsr_getdcnameex2");
-	depth++;
-
-	if (!prs_uint32("ptr_server_unc", ps, depth, &r_t->ptr_server_unc))
-		return False;
-
-	if (!smb_io_unistr2("server_unc", &r_t->uni_server_unc,
-			    r_t->ptr_server_unc, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("ptr_client_account", ps, depth, &r_t->ptr_client_account))
-		return False;
-
-	if (!smb_io_unistr2("client_account", &r_t->uni_client_account,
-			    r_t->ptr_client_account, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("mask", ps, depth, &r_t->mask))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("ptr_domain_name", ps, depth, &r_t->ptr_domain_name))
-		return False;
-
-	if (!smb_io_unistr2("domain_name", &r_t->uni_domain_name,
-			    r_t->ptr_domain_name, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("ptr_domain_guid", ps, depth, &r_t->ptr_domain_guid))
-		return False;
-
-	if (UNMARSHALLING(ps) && (r_t->ptr_domain_guid)) {
-		r_t->domain_guid = PRS_ALLOC_MEM(ps, struct GUID, 1);
-		if (r_t->domain_guid == NULL)
-			return False;
-	}
-
-	if ((r_t->ptr_domain_guid) &&
-	    (!smb_io_uuid("domain_guid", r_t->domain_guid, ps, depth)))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("ptr_site_name", ps, depth, &r_t->ptr_site_name))
-		return False;
-
-	if (!smb_io_unistr2("site_name", &r_t->uni_site_name,
-			    r_t->ptr_site_name, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("flags", ps, depth, &r_t->flags))
-		return False;
-
-	return True;
-}
-
-
-
-/*******************************************************************
- Inits a NET_R_DSR_GETDCNAME structure.
-********************************************************************/
-void init_net_r_dsr_getdcname(NET_R_DSR_GETDCNAME *r_t, const char *dc_unc,
-			      const char *dc_address, int32 dc_address_type,
-			      struct GUID domain_guid, const char *domain_name,
-			      const char *forest_name, uint32 dc_flags,
-			      const char *dc_site_name,
-			      const char *client_site_name)
-{
-	DEBUG(5, ("init_net_q_dsr_getdcname\n"));
-
-	r_t->ptr_dc_unc = (dc_unc != NULL);
-	init_unistr2(&r_t->uni_dc_unc, dc_unc, UNI_STR_TERMINATE);
-
-	r_t->ptr_dc_address = (dc_address != NULL);
-	init_unistr2(&r_t->uni_dc_address, dc_address, UNI_STR_TERMINATE);
-
-	r_t->dc_address_type = dc_address_type;
-	r_t->domain_guid = domain_guid;
-
-	r_t->ptr_domain_name = (domain_name != NULL);
-	init_unistr2(&r_t->uni_domain_name, domain_name, UNI_STR_TERMINATE);
-
-	r_t->ptr_forest_name = (forest_name != NULL);
-	init_unistr2(&r_t->uni_forest_name, forest_name, UNI_STR_TERMINATE);
-
-	r_t->dc_flags = dc_flags;
-
-	r_t->ptr_dc_site_name = (dc_site_name != NULL);
-	init_unistr2(&r_t->uni_dc_site_name, dc_site_name, UNI_STR_TERMINATE);
-
-	r_t->ptr_client_site_name = (client_site_name != NULL);
-	init_unistr2(&r_t->uni_client_site_name, client_site_name,
-		     UNI_STR_TERMINATE);
-}
-
-/*******************************************************************
- Reads or writes an NET_R_DSR_GETDCNAME structure.
-********************************************************************/
-
-bool net_io_r_dsr_getdcname(const char *desc, NET_R_DSR_GETDCNAME *r_t,
-			    prs_struct *ps, int depth)
-{
-	uint32 info_ptr = 1;
-
-	if (r_t == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_r_dsr_getdcname");
-	depth++;
-
-	/* The reply contains *just* an info struct, this is the ptr to it */
-	if (!prs_uint32("info_ptr", ps, depth, &info_ptr))
-		return False;
-
-	if (info_ptr == 0)
-		return False;
-
-	if (!prs_uint32("ptr_dc_unc", ps, depth, &r_t->ptr_dc_unc))
-		return False;
-
-	if (!prs_uint32("ptr_dc_address", ps, depth, &r_t->ptr_dc_address))
-		return False;
-
-	if (!prs_int32("dc_address_type", ps, depth, &r_t->dc_address_type))
-		return False;
-
-	if (!smb_io_uuid("domain_guid", &r_t->domain_guid, ps, depth))
-		return False;
-
-	if (!prs_uint32("ptr_domain_name", ps, depth, &r_t->ptr_domain_name))
-		return False;
-
-	if (!prs_uint32("ptr_forest_name", ps, depth, &r_t->ptr_forest_name))
-		return False;
-
-	if (!prs_uint32("dc_flags", ps, depth, &r_t->dc_flags))
-		return False;
-
-	if (!prs_uint32("ptr_dc_site_name", ps, depth, &r_t->ptr_dc_site_name))
-		return False;
-
-	if (!prs_uint32("ptr_client_site_name", ps, depth,
-			&r_t->ptr_client_site_name))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!smb_io_unistr2("dc_unc", &r_t->uni_dc_unc,
-			    r_t->ptr_dc_unc, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!smb_io_unistr2("dc_address", &r_t->uni_dc_address,
-			    r_t->ptr_dc_address, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!smb_io_unistr2("domain_name", &r_t->uni_domain_name,
-			    r_t->ptr_domain_name, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!smb_io_unistr2("forest_name", &r_t->uni_forest_name,
-			    r_t->ptr_forest_name, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!smb_io_unistr2("dc_site_name", &r_t->uni_dc_site_name,
-			    r_t->ptr_dc_site_name, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!smb_io_unistr2("client_site_name", &r_t->uni_client_site_name,
-			    r_t->ptr_client_site_name, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_werror("result", ps, depth, &r_t->result))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Inits a NET_Q_DSR_GETSITENAME structure.
-********************************************************************/
-
-void init_net_q_dsr_getsitename(NET_Q_DSR_GETSITENAME *r_t, const char *computer_name)
-{
-	DEBUG(5, ("init_net_q_dsr_getsitename\n"));
-
-	r_t->ptr_computer_name = (computer_name != NULL);
-	init_unistr2(&r_t->uni_computer_name, computer_name, UNI_STR_TERMINATE);
-}
-
-/*******************************************************************
- Reads or writes an NET_Q_DSR_GETSITENAME structure.
-********************************************************************/
-
-bool net_io_q_dsr_getsitename(const char *desc, NET_Q_DSR_GETSITENAME *r_t,
-			      prs_struct *ps, int depth)
-{
-	if (r_t == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_q_dsr_getsitename");
-	depth++;
-
-	if (!prs_uint32("ptr_computer_name", ps, depth, &r_t->ptr_computer_name))
-		return False;
-
-	if (!smb_io_unistr2("computer_name", &r_t->uni_computer_name,
-			    r_t->ptr_computer_name, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- Reads or writes an NET_R_DSR_GETSITENAME structure.
-********************************************************************/
-
-bool net_io_r_dsr_getsitename(const char *desc, NET_R_DSR_GETSITENAME *r_t,
-			      prs_struct *ps, int depth)
-{
-	if (r_t == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "net_io_r_dsr_getsitename");
-	depth++;
-
-	if (!prs_uint32("ptr_site_name", ps, depth, &r_t->ptr_site_name))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!smb_io_unistr2("site_name", &r_t->uni_site_name,
-			    r_t->ptr_site_name, ps, depth))
-		return False;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_werror("result", ps, depth, &r_t->result))
-		return False;
-
-	return True;
-}
-
-
diff --git a/source3/rpc_parse/parse_ntsvcs.c b/source3/rpc_parse/parse_ntsvcs.c
index 5758517ca0..2b15a45506 100644
--- a/source3/rpc_parse/parse_ntsvcs.c
+++ b/source3/rpc_parse/parse_ntsvcs.c
@@ -25,96 +25,6 @@
 /*******************************************************************
 ********************************************************************/
 
-bool ntsvcs_io_q_get_version(const char *desc, NTSVCS_Q_GET_VERSION *q_u, prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "ntsvcs_io_q_get_version");
-	depth++;
-
-	/* there is nothing to parse in this PDU */
-
-	return True;
-
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool ntsvcs_io_r_get_version(const char *desc, NTSVCS_R_GET_VERSION *r_u, prs_struct *ps, int depth)
-{
-	if ( !r_u )
-		return False;
-
-	prs_debug(ps, depth, desc, "ntsvcs_io_r_get_version");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-		
-	if(!prs_uint32("version", ps, depth, &r_u->version))
-		return False;
-		
-	if(!prs_werror("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool ntsvcs_io_q_get_device_list_size(const char *desc, NTSVCS_Q_GET_DEVICE_LIST_SIZE *q_u, prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "ntsvcs_io_q_get_device_list_size");
-	depth++;
-	
-	if(!prs_align(ps))
-		return False;
-
-	if ( !prs_pointer("devicename", ps, depth, (void*)&q_u->devicename, sizeof(UNISTR2), (PRS_POINTER_CAST)prs_io_unistr2) )
-		return False;
-	if ( !prs_align(ps) )
-		return False;
-		
-	if ( !prs_uint32("flags", ps, depth, &q_u->flags) )
-		return False;
-	
-	return True;
-
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool ntsvcs_io_r_get_device_list_size(const char *desc, NTSVCS_R_GET_DEVICE_LIST_SIZE *r_u, prs_struct *ps, int depth)
-{
-	if ( !r_u )
-		return False;
-
-	prs_debug(ps, depth, desc, "ntsvcs_io_r_get_device_list_size");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-		
-	if(!prs_uint32("size", ps, depth, &r_u->size))
-		return False;
-		
-	if(!prs_werror("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
-********************************************************************/
-
 bool ntsvcs_io_q_get_device_list(const char *desc, NTSVCS_Q_GET_DEVICE_LIST *q_u, prs_struct *ps, int depth)
 {
 	if (q_u == NULL)
@@ -171,49 +81,6 @@ bool ntsvcs_io_r_get_device_list(const char *desc, NTSVCS_R_GET_DEVICE_LIST *r_u
 /*******************************************************************
 ********************************************************************/
 
-bool ntsvcs_io_q_validate_device_instance(const char *desc, NTSVCS_Q_VALIDATE_DEVICE_INSTANCE *q_u, prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "ntsvcs_io_q_validate_device_instance");
-	depth++;
-	
-	if(!prs_align(ps))
-		return False;
-
-	if ( !prs_io_unistr2("devicepath", ps, depth, &q_u->devicepath) )
-		return False;
-	if( !prs_align(ps) )
-		return False;
-		
-	if ( !prs_uint32("flags", ps, depth, &q_u->flags) )
-		return False;
-	
-	return True;
-
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool ntsvcs_io_r_validate_device_instance(const char *desc, NTSVCS_R_VALIDATE_DEVICE_INSTANCE *r_u, prs_struct *ps, int depth)
-{
-	if ( !r_u )
-		return False;
-
-	prs_debug(ps, depth, desc, "ntsvcs_io_r_validate_device_instance");
-	depth++;
-
-	if(!prs_werror("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
 bool ntsvcs_io_q_get_device_reg_property(const char *desc, NTSVCS_Q_GET_DEVICE_REG_PROPERTY *q_u, prs_struct *ps, int depth)
 {
 	if (q_u == NULL)
@@ -278,149 +145,3 @@ bool ntsvcs_io_r_get_device_reg_property(const char *desc, NTSVCS_R_GET_DEVICE_R
 
 	return True;
 }
-
-/*******************************************************************
-********************************************************************/
-
-bool ntsvcs_io_q_get_hw_profile_info(const char *desc, NTSVCS_Q_GET_HW_PROFILE_INFO *q_u, prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "ntsvcs_io_q_get_hw_profile_info");
-	depth++;
-	
-	if(!prs_align(ps))
-		return False;
-
-	if ( !prs_uint32("index", ps, depth, &q_u->index) )
-		return False;
-
-	q_u->buffer_size = 0x000000a8;
-
-	if ( UNMARSHALLING(ps) ) {
-		q_u->buffer = TALLOC_ARRAY(talloc_tos(), uint8, q_u->buffer_size );
-		if (!q_u->buffer) {
-			return False;
-		}
-	}
-
-	if ( !prs_uint8s(True, "buffer", ps, depth, q_u->buffer, q_u->buffer_size) )
-		return False;
-
-	if ( !prs_uint32("buffer_size", ps, depth, &q_u->buffer_size) )
-		return False;
-
-	if ( !prs_uint32("unknown1", ps, depth, &q_u->unknown1) )
-		return False;
-	
-	return True;
-
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool ntsvcs_io_r_get_hw_profile_info(const char *desc, NTSVCS_R_GET_HW_PROFILE_INFO *r_u, prs_struct *ps, int depth)
-{
-	if ( !r_u )
-		return False;
-
-	prs_debug(ps, depth, desc, "ntsvcs_io_r_get_device_reg_property");
-	depth++;
-
-	if ( !prs_align(ps) )
-		return False;
-
-	if ( UNMARSHALLING(ps) ) {
-		if (r_u->buffer_size) {
-			r_u->buffer = TALLOC_ARRAY(talloc_tos(), uint8, r_u->buffer_size );
-			if (!r_u->buffer) {
-				return False;
-			}
-		} else {
-			r_u->buffer = NULL;
-		}
-	}
-
-	if ( !prs_uint8s(True, "buffer", ps, depth, r_u->buffer, r_u->buffer_size) )
-		return False;
-
-	if(!prs_werror("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool ntsvcs_io_q_hw_profile_flags(const char *desc, NTSVCS_Q_HW_PROFILE_FLAGS *q_u, prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "ntsvcs_io_q_hw_profile_flags");
-	depth++;
-	
-	if(!prs_align(ps))
-		return False;
-
-	if ( !prs_uint32("unknown1", ps, depth, &q_u->unknown1) )
-		return False;
-		
-
-	if ( !prs_io_unistr2("devicepath", ps, depth, &q_u->devicepath) )
-		return False;
-	if( !prs_align(ps) )
-		return False;
-
-	if ( !prs_uint32("unknown2", ps, depth, &q_u->unknown2) )
-		return False;
-	if ( !prs_uint32("unknown3", ps, depth, &q_u->unknown3) )
-		return False;
-	if ( !prs_uint32("unknown4", ps, depth, &q_u->unknown4) )
-		return False;
-	if ( !prs_uint32("unknown5", ps, depth, &q_u->unknown5) )
-		return False;
-	if ( !prs_uint32("unknown6", ps, depth, &q_u->unknown6) )
-		return False;
-	if ( !prs_uint32("unknown7", ps, depth, &q_u->unknown7) )
-		return False;
-
-	if ( !prs_uint32("unknown1", ps, depth, &q_u->unknown1) )
-		return False;
-	
-	return True;
-
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool ntsvcs_io_r_hw_profile_flags(const char *desc, NTSVCS_R_HW_PROFILE_FLAGS *r_u, prs_struct *ps, int depth)
-{
-	if ( !r_u )
-		return False;
-
-	prs_debug(ps, depth, desc, "ntsvcs_io_r_hw_profile_flags");
-	depth++;
-
-	if ( !prs_align(ps) )
-		return False;
-
-	if ( !prs_uint32("unknown1", ps, depth, &r_u->unknown1) )
-		return False;
-	if ( !prs_uint32("unknown2", ps, depth, &r_u->unknown2) )
-		return False;
-	if ( !prs_uint32("unknown3", ps, depth, &r_u->unknown3) )
-		return False;
-	if(!prs_werror("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-
-
-
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
deleted file mode 100644
index 614a80dd6f..0000000000
--- a/source3/rpc_parse/parse_samr.c
+++ /dev/null
@@ -1,8057 +0,0 @@
-/* 
- *  Unix SMB/CIFS implementation.
- *  RPC Pipe client / server routines
- *  Copyright (C) Andrew Tridgell              1992-2000,
- *  Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
- *  Copyright (C) Paul Ashton                  1997-2000,
- *  Copyright (C) Elrond                            2000,
- *  Copyright (C) Jeremy Allison                    2001,
- *  Copyright (C) Jean François Micouleau      1998-2001,
- *  Copyright (C) Jim McDonough <jmcd@us.ibm.com>   2002.
- *  
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 3 of the License, or
- *  (at your option) any later version.
- *  
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *  
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_RPC_PARSE
-
-/*******************************************************************
-inits a SAMR_Q_CLOSE_HND structure.
-********************************************************************/
-
-void init_samr_q_close_hnd(SAMR_Q_CLOSE_HND * q_c, POLICY_HND *hnd)
-{
-	DEBUG(5, ("init_samr_q_close_hnd\n"));
-	
-	q_c->pol = *hnd;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_close_hnd(const char *desc, SAMR_Q_CLOSE_HND * q_u,
-			 prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_close_hnd");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	return smb_io_pol_hnd("pol", &q_u->pol, ps, depth);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_close_hnd(const char *desc, SAMR_R_CLOSE_HND * r_u,
-			 prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_close_hnd");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &r_u->pol, ps, depth))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_LOOKUP_DOMAIN structure.
-********************************************************************/
-
-void init_samr_q_lookup_domain(SAMR_Q_LOOKUP_DOMAIN * q_u,
-			       POLICY_HND *pol, char *dom_name)
-{
-	DEBUG(5, ("init_samr_q_lookup_domain\n"));
-
-	q_u->connect_pol = *pol;
-
-	init_unistr2(&q_u->uni_domain, dom_name, UNI_FLAGS_NONE);
-	init_uni_hdr(&q_u->hdr_domain, &q_u->uni_domain);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-bool samr_io_q_lookup_domain(const char *desc, SAMR_Q_LOOKUP_DOMAIN * q_u,
-			     prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_lookup_domain");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("connect_pol", &q_u->connect_pol, ps, depth))
-		return False;
-
-	if(!smb_io_unihdr("hdr_domain", &q_u->hdr_domain, ps, depth))
-		return False;
-
-	if(!smb_io_unistr2("uni_domain", &q_u->uni_domain, q_u->hdr_domain.buffer, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_LOOKUP_DOMAIN structure.
-********************************************************************/
-
-void init_samr_r_lookup_domain(SAMR_R_LOOKUP_DOMAIN * r_u,
-			       DOM_SID *dom_sid, NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_lookup_domain\n"));
-
-	r_u->status = status;
-	r_u->ptr_sid = 0;
-	if (NT_STATUS_IS_OK(status)) {
-		r_u->ptr_sid = 1;
-		init_dom_sid2(&r_u->dom_sid, dom_sid);
-	}
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_lookup_domain(const char *desc, SAMR_R_LOOKUP_DOMAIN * r_u,
-			     prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_lookup_domain");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr", ps, depth, &r_u->ptr_sid))
-		return False;
-
-	if (r_u->ptr_sid != 0) {
-		if(!smb_io_dom_sid2("sid", &r_u->dom_sid, ps, depth))
-			return False;
-		if(!prs_align(ps))
-			return False;
-	}
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-void init_samr_q_remove_sid_foreign_domain(SAMR_Q_REMOVE_SID_FOREIGN_DOMAIN * q_u, POLICY_HND *dom_pol, DOM_SID *sid)
-{
-	DEBUG(5, ("samr_init_samr_q_remove_sid_foreign_domain\n"));
-
-	q_u->dom_pol = *dom_pol;
-	init_dom_sid2(&q_u->sid, sid);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_remove_sid_foreign_domain(const char *desc, SAMR_Q_REMOVE_SID_FOREIGN_DOMAIN * q_u,
-			  prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_remove_sid_foreign_domain");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("domain_pol", &q_u->dom_pol, ps, depth))
-		return False;
-
-	if(!smb_io_dom_sid2("sid", &q_u->sid, ps, depth))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_remove_sid_foreign_domain(const char *desc, SAMR_R_REMOVE_SID_FOREIGN_DOMAIN * r_u,
-			  prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_remove_sid_foreign_domain");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-void init_samr_q_open_domain(SAMR_Q_OPEN_DOMAIN * q_u,
-			     POLICY_HND *pol, uint32 flags,
-			     const DOM_SID *sid)
-{
-	DEBUG(5, ("samr_init_samr_q_open_domain\n"));
-
-	q_u->pol = *pol;
-	q_u->flags = flags;
-	init_dom_sid2(&q_u->dom_sid, sid);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_open_domain(const char *desc, SAMR_Q_OPEN_DOMAIN * q_u,
-			   prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_open_domain");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &q_u->pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("flags", ps, depth, &q_u->flags))
-		return False;
-
-	if(!smb_io_dom_sid2("sid", &q_u->dom_sid, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_open_domain(const char *desc, SAMR_R_OPEN_DOMAIN * r_u,
-			   prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_open_domain");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("domain_pol", &r_u->domain_pol, ps, depth))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-void init_samr_q_get_usrdom_pwinfo(SAMR_Q_GET_USRDOM_PWINFO * q_u,
-				   POLICY_HND *user_pol)
-{
-	DEBUG(5, ("samr_init_samr_q_get_usrdom_pwinfo\n"));
-
-	q_u->user_pol = *user_pol;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_get_usrdom_pwinfo(const char *desc, SAMR_Q_GET_USRDOM_PWINFO * q_u,
-				 prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_get_usrdom_pwinfo");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	return smb_io_pol_hnd("user_pol", &q_u->user_pol, ps, depth);
-}
-
-/*******************************************************************
- Init.
-********************************************************************/
-
-void init_samr_r_get_usrdom_pwinfo(SAMR_R_GET_USRDOM_PWINFO *r_u, NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_get_usrdom_pwinfo\n"));
-	
-	r_u->min_pwd_length = 0x0000;
-
-	/*
-	 * used to be 	
-	 * r_u->unknown_1 = 0x0015;
-	 * but for trusts.
-	 */
-	r_u->unknown_1 = 0x01D1;
-	r_u->unknown_1 = 0x0015;
-
-	r_u->password_properties = 0x00000000;
-
-	r_u->status = status;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_get_usrdom_pwinfo(const char *desc, SAMR_R_GET_USRDOM_PWINFO * r_u,
-				 prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_get_usrdom_pwinfo");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint16("min_pwd_length", ps, depth, &r_u->min_pwd_length))
-		return False;
-	if(!prs_uint16("unknown_1", ps, depth, &r_u->unknown_1))
-		return False;
-	if(!prs_uint32("password_properties", ps, depth, &r_u->password_properties))
-		return False;
-
-	if(!prs_ntstatus("status   ", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_set_sec_obj(const char *desc, SAMR_Q_SET_SEC_OBJ * q_u,
-			     prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_set_sec_obj");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &q_u->pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("sec_info", ps, depth, &q_u->sec_info))
-		return False;
-		
-	if(!sec_io_desc_buf("sec_desc", &q_u->buf, ps, depth))
-		return False;
-	
-	return True;
-}
-
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-void init_samr_q_query_sec_obj(SAMR_Q_QUERY_SEC_OBJ * q_u,
-			       POLICY_HND *user_pol, uint32 sec_info)
-{
-	DEBUG(5, ("samr_init_samr_q_query_sec_obj\n"));
-
-	q_u->user_pol = *user_pol;
-	q_u->sec_info = sec_info;
-}
-
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_query_sec_obj(const char *desc, SAMR_Q_QUERY_SEC_OBJ * q_u,
-			     prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_query_sec_obj");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("user_pol", &q_u->user_pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("sec_info", ps, depth, &q_u->sec_info))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-void init_samr_q_query_domain_info(SAMR_Q_QUERY_DOMAIN_INFO * q_u,
-				   POLICY_HND *domain_pol, uint16 switch_value)
-{
-	DEBUG(5, ("samr_init_samr_q_query_domain_info\n"));
-
-	q_u->domain_pol = *domain_pol;
-	q_u->switch_value = switch_value;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_query_domain_info(const char *desc, SAMR_Q_QUERY_DOMAIN_INFO * q_u,
-				 prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_query_domain_info");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("domain_pol", &q_u->domain_pol, ps, depth))
-		return False;
-
-	if(!prs_uint16("switch_value", ps, depth, &q_u->switch_value))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a structure.
-********************************************************************/
-
-void init_unk_info1(SAM_UNK_INFO_1 *u_1, uint16 min_pass_len, uint16 pass_hist, 
-		    uint32 password_properties, NTTIME nt_expire, NTTIME nt_min_age)
-{
-	u_1->min_length_password = min_pass_len;
-	u_1->password_history = pass_hist;
-	
-	if (lp_check_password_script() && *lp_check_password_script()) {
-		password_properties |= DOMAIN_PASSWORD_COMPLEX;
-	}
-	u_1->password_properties = password_properties;
-
-	/* password never expire */
-	u_1->expire = nt_expire;
-
-	/* can change the password now */
-	u_1->min_passwordage = nt_min_age;
-	
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_unk_info1(const char *desc, SAM_UNK_INFO_1 * u_1,
-			     prs_struct *ps, int depth)
-{
-	if (u_1 == NULL)
-	  return False;
-
-	prs_debug(ps, depth, desc, "sam_io_unk_info1");
-	depth++;
-
-	if(!prs_uint16("min_length_password", ps, depth, &u_1->min_length_password))
-		return False;
-	if(!prs_uint16("password_history", ps, depth, &u_1->password_history))
-		return False;
-	if(!prs_uint32("password_properties", ps, depth, &u_1->password_properties))
-		return False;
-	if(!smb_io_time("expire", &u_1->expire, ps, depth))
-		return False;
-	if(!smb_io_time("min_passwordage", &u_1->min_passwordage, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a structure.
-********************************************************************/
-
-void init_unk_info2(SAM_UNK_INFO_2 * u_2,
-			const char *comment, const char *domain, const char *server,
-			uint32 seq_num, uint32 num_users, uint32 num_groups, uint32 num_alias, NTTIME nt_logout, uint32 server_role)
-{
-	u_2->logout = nt_logout;
-
-	u_2->seq_num = seq_num;
-
-	
-	u_2->unknown_4 = 0x00000001;
-	u_2->server_role = server_role;
-	u_2->unknown_6 = 0x00000001;
-	u_2->num_domain_usrs = num_users;
-	u_2->num_domain_grps = num_groups;
-	u_2->num_local_grps = num_alias;
-
-	init_unistr2(&u_2->uni_comment, comment, UNI_FLAGS_NONE);
-	init_uni_hdr(&u_2->hdr_comment, &u_2->uni_comment);
-	init_unistr2(&u_2->uni_domain, domain, UNI_FLAGS_NONE);
-	init_uni_hdr(&u_2->hdr_domain, &u_2->uni_domain);
-	init_unistr2(&u_2->uni_server, server, UNI_FLAGS_NONE);
-	init_uni_hdr(&u_2->hdr_server, &u_2->uni_server);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_unk_info2(const char *desc, SAM_UNK_INFO_2 * u_2,
-			     prs_struct *ps, int depth)
-{
-	if (u_2 == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_unk_info2");
-	depth++;
-
-	if(!smb_io_time("logout", &u_2->logout, ps, depth))
-		return False;
-	if(!smb_io_unihdr("hdr_comment", &u_2->hdr_comment, ps, depth))
-		return False;
-	if(!smb_io_unihdr("hdr_domain", &u_2->hdr_domain, ps, depth))
-		return False;
-	if(!smb_io_unihdr("hdr_server", &u_2->hdr_server, ps, depth))
-		return False;
-
-	/* put all the data in here, at the moment, including what the above
-	   pointer is referring to
-	 */
-
-	if(!prs_uint64("seq_num ", ps, depth, &u_2->seq_num))
-		return False;
-
-	if(!prs_uint32("unknown_4 ", ps, depth, &u_2->unknown_4)) /* 0x0000 0001 */
-		return False;
-	if(!prs_uint32("server_role ", ps, depth, &u_2->server_role))
-		return False;
-	if(!prs_uint32("unknown_6 ", ps, depth, &u_2->unknown_6)) /* 0x0000 0001 */
-		return False;
-	if(!prs_uint32("num_domain_usrs ", ps, depth, &u_2->num_domain_usrs))
-		return False;
-	if(!prs_uint32("num_domain_grps", ps, depth, &u_2->num_domain_grps))
-		return False;
-	if(!prs_uint32("num_local_grps", ps, depth, &u_2->num_local_grps))
-		return False;
-
-	if(!smb_io_unistr2("uni_comment", &u_2->uni_comment, u_2->hdr_comment.buffer, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_domain", &u_2->uni_domain, u_2->hdr_domain.buffer, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_server", &u_2->uni_server, u_2->hdr_server.buffer, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a structure.
-********************************************************************/
-
-void init_unk_info3(SAM_UNK_INFO_3 *u_3, NTTIME nt_logout)
-{
-	u_3->logout = nt_logout;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_unk_info3(const char *desc, SAM_UNK_INFO_3 * u_3,
-			     prs_struct *ps, int depth)
-{
-	if (u_3 == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_unk_info3");
-	depth++;
-
-	if(!smb_io_time("logout", &u_3->logout, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a structure.
-********************************************************************/
-
-void init_unk_info4(SAM_UNK_INFO_4 * u_4,const char *comment)
-{
-	init_unistr2(&u_4->uni_comment, comment, UNI_FLAGS_NONE);
-	init_uni_hdr(&u_4->hdr_comment, &u_4->uni_comment);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_unk_info4(const char *desc, SAM_UNK_INFO_4 * u_4,
-			     prs_struct *ps, int depth)
-{
-	if (u_4 == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_unk_info4");
-	depth++;
-
-	if(!smb_io_unihdr("hdr_comment", &u_4->hdr_comment, ps, depth))
-		return False;
-
-	if(!smb_io_unistr2("uni_comment", &u_4->uni_comment, u_4->hdr_comment.buffer, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a structure.
-********************************************************************/
-
-void init_unk_info5(SAM_UNK_INFO_5 * u_5,const char *domain)
-{
-	init_unistr2(&u_5->uni_domain, domain, UNI_FLAGS_NONE);
-	init_uni_hdr(&u_5->hdr_domain, &u_5->uni_domain);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_unk_info5(const char *desc, SAM_UNK_INFO_5 * u_5,
-			     prs_struct *ps, int depth)
-{
-	if (u_5 == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_unk_info5");
-	depth++;
-
-	if(!smb_io_unihdr("hdr_domain", &u_5->hdr_domain, ps, depth))
-		return False;
-
-	if(!smb_io_unistr2("uni_domain", &u_5->uni_domain, u_5->hdr_domain.buffer, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a structure.
-********************************************************************/
-
-void init_unk_info6(SAM_UNK_INFO_6 * u_6, const char *server)
-{
-	init_unistr2(&u_6->uni_server, server, UNI_FLAGS_NONE);
-	init_uni_hdr(&u_6->hdr_server, &u_6->uni_server);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_unk_info6(const char *desc, SAM_UNK_INFO_6 * u_6,
-			     prs_struct *ps, int depth)
-{
-	if (u_6 == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_unk_info6");
-	depth++;
-
-	if(!smb_io_unihdr("hdr_server", &u_6->hdr_server, ps, depth))
-		return False;
-
-	if(!smb_io_unistr2("uni_server", &u_6->uni_server, u_6->hdr_server.buffer, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a structure.
-********************************************************************/
-
-void init_unk_info7(SAM_UNK_INFO_7 * u_7, uint32 server_role)
-{
-	u_7->server_role = server_role;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_unk_info7(const char *desc, SAM_UNK_INFO_7 * u_7,
-			     prs_struct *ps, int depth)
-{
-	if (u_7 == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_unk_info7");
-	depth++;
-
-	if(!prs_uint16("server_role", ps, depth, &u_7->server_role))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a structure.
-********************************************************************/
-
-void init_unk_info8(SAM_UNK_INFO_8 * u_8, uint32 seq_num)
-{
-	unix_to_nt_time(&u_8->domain_create_time, 0);
-	u_8->seq_num = seq_num;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_unk_info8(const char *desc, SAM_UNK_INFO_8 * u_8,
-			     prs_struct *ps, int depth)
-{
-	if (u_8 == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_unk_info8");
-	depth++;
-
-	if (!prs_uint64("seq_num", ps, depth, &u_8->seq_num))
-		return False;
-
-	if(!smb_io_time("domain_create_time", &u_8->domain_create_time, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a structure.
-********************************************************************/
-
-void init_unk_info9(SAM_UNK_INFO_9 * u_9, uint32 unknown)
-{
-	u_9->unknown = unknown;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_unk_info9(const char *desc, SAM_UNK_INFO_9 * u_9,
-			     prs_struct *ps, int depth)
-{
-	if (u_9 == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_unk_info9");
-	depth++;
-
-	if (!prs_uint32("unknown", ps, depth, &u_9->unknown))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a structure.
-********************************************************************/
-
-void init_unk_info12(SAM_UNK_INFO_12 * u_12, NTTIME nt_lock_duration, NTTIME nt_reset_time, uint16 lockout)
-{
-	u_12->duration = nt_lock_duration;
-	u_12->reset_count = nt_reset_time;
-
-	u_12->bad_attempt_lockout = lockout;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_unk_info12(const char *desc, SAM_UNK_INFO_12 * u_12,
-			      prs_struct *ps, int depth)
-{
-	if (u_12 == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_unk_info12");
-	depth++;
-
-	if(!smb_io_time("duration", &u_12->duration, ps, depth))
-		return False;
-	if(!smb_io_time("reset_count", &u_12->reset_count, ps, depth))
-		return False;
-	if(!prs_uint16("bad_attempt_lockout", ps, depth, &u_12->bad_attempt_lockout))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a structure.
-********************************************************************/
-
-void init_unk_info13(SAM_UNK_INFO_13 * u_13, uint32 seq_num)
-{
-	unix_to_nt_time(&u_13->domain_create_time, 0);
-	u_13->seq_num = seq_num;
-	u_13->unknown1 = 0;
-	u_13->unknown2 = 0;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_unk_info13(const char *desc, SAM_UNK_INFO_13 * u_13,
-			     prs_struct *ps, int depth)
-{
-	if (u_13 == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_unk_info13");
-	depth++;
-
-	if (!prs_uint64("seq_num", ps, depth, &u_13->seq_num))
-		return False;
-
-	if(!smb_io_time("domain_create_time", &u_13->domain_create_time, ps, depth))
-		return False;
-
-	if (!prs_uint32("unknown1", ps, depth, &u_13->unknown1))
-		return False;
-	if (!prs_uint32("unknown2", ps, depth, &u_13->unknown2))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_QUERY_DOMAIN_INFO structure.
-********************************************************************/
-
-void init_samr_r_query_domain_info(SAMR_R_QUERY_DOMAIN_INFO * r_u,
-				   uint16 switch_value, SAM_UNK_CTR * ctr,
-				   NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_query_domain_info\n"));
-
-	r_u->ptr_0 = 0;
-	r_u->switch_value = 0;
-	r_u->status = status;	/* return status */
-
-	if (NT_STATUS_IS_OK(status)) {
-		r_u->switch_value = switch_value;
-		r_u->ptr_0 = 1;
-		r_u->ctr = ctr;
-	}
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_query_domain_info(const char *desc, SAMR_R_QUERY_DOMAIN_INFO * r_u,
-				 prs_struct *ps, int depth)
-{
-        if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_query_domain_info");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr_0 ", ps, depth, &r_u->ptr_0))
-		return False;
-
-	if (r_u->ptr_0 != 0 && r_u->ctr != NULL) {
-		if(!prs_uint16("switch_value", ps, depth, &r_u->switch_value))
-			return False;
-		if(!prs_align(ps))
-			return False;
-
-		switch (r_u->switch_value) {
-		case 0x0d:
-			if(!sam_io_unk_info13("unk_inf13", &r_u->ctr->info.inf13, ps, depth))
-				return False;
-			break;
-		case 0x0c:
-			if(!sam_io_unk_info12("unk_inf12", &r_u->ctr->info.inf12, ps, depth))
-				return False;
-			break;
-		case 0x09:
-			if(!sam_io_unk_info9("unk_inf9",&r_u->ctr->info.inf9, ps,depth))
-				return False;
-			break;
-		case 0x08:
-			if(!sam_io_unk_info8("unk_inf8",&r_u->ctr->info.inf8, ps,depth))
-				return False;
-			break;
-		case 0x07:
-			if(!sam_io_unk_info7("unk_inf7",&r_u->ctr->info.inf7, ps,depth))
-				return False;
-			break;
-		case 0x06:
-			if(!sam_io_unk_info6("unk_inf6",&r_u->ctr->info.inf6, ps,depth))
-				return False;
-			break;
-		case 0x05:
-			if(!sam_io_unk_info5("unk_inf5",&r_u->ctr->info.inf5, ps,depth))
-				return False;
-			break;
-		case 0x04:
-			if(!sam_io_unk_info4("unk_inf4",&r_u->ctr->info.inf4, ps,depth))
-				return False;
-			break;
-		case 0x03:
-			if(!sam_io_unk_info3("unk_inf3",&r_u->ctr->info.inf3, ps,depth))
-				return False;
-			break;
-		case 0x02:
-			if(!sam_io_unk_info2("unk_inf2",&r_u->ctr->info.inf2, ps,depth))
-				return False;
-			break;
-		case 0x01:
-			if(!sam_io_unk_info1("unk_inf1",&r_u->ctr->info.inf1, ps,depth))
-				return False;
-			break;
-		default:
-			DEBUG(0, ("samr_io_r_query_domain_info: unknown switch level 0x%x\n",
-				r_u->switch_value));
-			r_u->status = NT_STATUS_INVALID_INFO_CLASS;
-			return False;
-		}
-	}
-	
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-	
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-void init_samr_q_set_sec_obj(SAMR_Q_SET_SEC_OBJ * q_u,
-			     POLICY_HND *pol, uint32 sec_info, SEC_DESC_BUF *buf)
-{
-	DEBUG(5, ("samr_init_samr_q_set_sec_obj\n"));
-
-	q_u->pol = *pol;
-	q_u->sec_info = sec_info;
-	q_u->buf = buf;
-}
-
-
-/*******************************************************************
-reads or writes a SAMR_R_SET_SEC_OBJ structure.
-********************************************************************/
-
-bool samr_io_r_set_sec_obj(const char *desc, SAMR_R_SET_SEC_OBJ * r_u,
-			     prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-  
-	prs_debug(ps, depth, desc, "samr_io_r_set_sec_obj");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a SAMR_R_QUERY_SEC_OBJ structure.
-********************************************************************/
-
-bool samr_io_r_query_sec_obj(const char *desc, SAMR_R_QUERY_SEC_OBJ * r_u,
-			     prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-  
-	prs_debug(ps, depth, desc, "samr_io_r_query_sec_obj");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr", ps, depth, &r_u->ptr))
-		return False;
-	if (r_u->ptr != 0) {
-		if(!sec_io_desc_buf("sec", &r_u->buf, ps, depth))
-			return False;
-	}
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a SAM_STR1 structure.
-********************************************************************/
-
-static bool sam_io_sam_str1(const char *desc, SAM_STR1 * sam, uint32 acct_buf,
-			    uint32 name_buf, uint32 desc_buf,
-			    prs_struct *ps, int depth)
-{
-	if (sam == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_sam_str1");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	if (!smb_io_unistr2("name", &sam->uni_acct_name, acct_buf, ps, depth))
-		return False;
-
-	if (!smb_io_unistr2("desc", &sam->uni_acct_desc, desc_buf, ps, depth))
-		return False;
-
-	if (!smb_io_unistr2("full", &sam->uni_full_name, name_buf, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAM_ENTRY1 structure.
-********************************************************************/
-
-static void init_sam_entry1(SAM_ENTRY1 *sam, uint32 user_idx,
-			    UNISTR2 *sam_name, UNISTR2 *sam_full,
-			    UNISTR2 *sam_desc, uint32 rid_user,
-			    uint32 acb_info)
-{
-	DEBUG(5, ("init_sam_entry1\n"));
-
-	ZERO_STRUCTP(sam);
-
-	sam->user_idx = user_idx;
-	sam->rid_user = rid_user;
-	sam->acb_info = acb_info;
-
-	init_uni_hdr(&sam->hdr_acct_name, sam_name);
-	init_uni_hdr(&sam->hdr_user_name, sam_full);
-	init_uni_hdr(&sam->hdr_user_desc, sam_desc);
-}
-
-/*******************************************************************
-reads or writes a SAM_ENTRY1 structure.
-********************************************************************/
-
-static bool sam_io_sam_entry1(const char *desc, SAM_ENTRY1 * sam,
-			      prs_struct *ps, int depth)
-{
-	if (sam == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_sam_entry1");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("user_idx ", ps, depth, &sam->user_idx))
-		return False;
-
-	if(!prs_uint32("rid_user ", ps, depth, &sam->rid_user))
-		return False;
-	if(!prs_uint32("acb_info ", ps, depth, &sam->acb_info))
-		return False;
-
-	if (!smb_io_unihdr("hdr_acct_name", &sam->hdr_acct_name, ps, depth))
-		return False;
-	if (!smb_io_unihdr("hdr_user_desc", &sam->hdr_user_desc, ps, depth))
-		return False;
-	if (!smb_io_unihdr("hdr_user_name", &sam->hdr_user_name, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a SAM_STR2 structure.
-********************************************************************/
-
-static bool sam_io_sam_str2(const char *desc, SAM_STR2 * sam, uint32 acct_buf,
-			    uint32 desc_buf, prs_struct *ps, int depth)
-{
-	if (sam == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_sam_str2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_unistr2("uni_srv_name", &sam->uni_srv_name, acct_buf, ps, depth)) /* account name unicode string */
-		return False;
-	if(!smb_io_unistr2("uni_srv_desc", &sam->uni_srv_desc, desc_buf, ps, depth))	/* account desc unicode string */
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAM_ENTRY2 structure.
-********************************************************************/
-static void init_sam_entry2(SAM_ENTRY2 * sam, uint32 user_idx,
-			    UNISTR2 *sam_name, UNISTR2 *sam_desc,
-			    uint32 rid_user, uint32 acb_info)
-{
-	DEBUG(5, ("init_sam_entry2\n"));
-
-	sam->user_idx = user_idx;
-	sam->rid_user = rid_user;
-	sam->acb_info = acb_info;
-
-	init_uni_hdr(&sam->hdr_srv_name, sam_name);
-	init_uni_hdr(&sam->hdr_srv_desc, sam_desc);
-}
-
-/*******************************************************************
-reads or writes a SAM_ENTRY2 structure.
-********************************************************************/
-
-static bool sam_io_sam_entry2(const char *desc, SAM_ENTRY2 * sam,
-			      prs_struct *ps, int depth)
-{
-	if (sam == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_sam_entry2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("user_idx ", ps, depth, &sam->user_idx))
-		return False;
-
-	if(!prs_uint32("rid_user ", ps, depth, &sam->rid_user))
-		return False;
-	if(!prs_uint32("acb_info ", ps, depth, &sam->acb_info))
-		return False;
-
-	if(!smb_io_unihdr("unihdr", &sam->hdr_srv_name, ps, depth))	/* account name unicode string header */
-		return False;
-	if(!smb_io_unihdr("unihdr", &sam->hdr_srv_desc, ps, depth))	/* account name unicode string header */
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a SAM_STR3 structure.
-********************************************************************/
-
-static bool sam_io_sam_str3(const char *desc, SAM_STR3 * sam, uint32 acct_buf,
-			    uint32 desc_buf, prs_struct *ps, int depth)
-{
-	if (sam == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_sam_str3");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_unistr2("uni_grp_name", &sam->uni_grp_name, acct_buf, ps, depth))	/* account name unicode string */
-		return False;
-	if(!smb_io_unistr2("uni_grp_desc", &sam->uni_grp_desc, desc_buf, ps, depth))	/* account desc unicode string */
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAM_ENTRY3 structure.
-********************************************************************/
-
-static void init_sam_entry3(SAM_ENTRY3 * sam, uint32 grp_idx,
-			    UNISTR2 *grp_name, UNISTR2 *grp_desc,
-			    uint32 rid_grp)
-{
-	DEBUG(5, ("init_sam_entry3\n"));
-
-	sam->grp_idx = grp_idx;
-	sam->rid_grp = rid_grp;
-	sam->attr = 0x07;	/* group rid attributes - gets ignored by nt 4.0 */
-
-	init_uni_hdr(&sam->hdr_grp_name, grp_name);
-	init_uni_hdr(&sam->hdr_grp_desc, grp_desc);
-}
-
-/*******************************************************************
-reads or writes a SAM_ENTRY3 structure.
-********************************************************************/
-
-static bool sam_io_sam_entry3(const char *desc, SAM_ENTRY3 * sam,
-			      prs_struct *ps, int depth)
-{
-	if (sam == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_sam_entry3");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("grp_idx", ps, depth, &sam->grp_idx))
-		return False;
-
-	if(!prs_uint32("rid_grp", ps, depth, &sam->rid_grp))
-		return False;
-	if(!prs_uint32("attr   ", ps, depth, &sam->attr))
-		return False;
-
-	if(!smb_io_unihdr("unihdr", &sam->hdr_grp_name, ps, depth))	/* account name unicode string header */
-		return False;
-	if(!smb_io_unihdr("unihdr", &sam->hdr_grp_desc, ps, depth))	/* account name unicode string header */
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAM_ENTRY4 structure.
-********************************************************************/
-
-static void init_sam_entry4(SAM_ENTRY4 * sam, uint32 user_idx,
-			    uint32 len_acct_name)
-{
-	DEBUG(5, ("init_sam_entry4\n"));
-
-	sam->user_idx = user_idx;
-	init_str_hdr(&sam->hdr_acct_name, len_acct_name+1, len_acct_name, len_acct_name != 0);
-}
-
-/*******************************************************************
-reads or writes a SAM_ENTRY4 structure.
-********************************************************************/
-
-static bool sam_io_sam_entry4(const char *desc, SAM_ENTRY4 * sam,
-			      prs_struct *ps, int depth)
-{
-	if (sam == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_sam_entry4");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("user_idx", ps, depth, &sam->user_idx))
-		return False;
-	if(!smb_io_strhdr("strhdr", &sam->hdr_acct_name, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAM_ENTRY5 structure.
-********************************************************************/
-
-static void init_sam_entry5(SAM_ENTRY5 * sam, uint32 grp_idx,
-			    uint32 len_grp_name)
-{
-	DEBUG(5, ("init_sam_entry5\n"));
-
-	sam->grp_idx = grp_idx;
-	init_str_hdr(&sam->hdr_grp_name, len_grp_name, len_grp_name,
-		     len_grp_name != 0);
-}
-
-/*******************************************************************
-reads or writes a SAM_ENTRY5 structure.
-********************************************************************/
-
-static bool sam_io_sam_entry5(const char *desc, SAM_ENTRY5 * sam,
-			      prs_struct *ps, int depth)
-{
-	if (sam == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_sam_entry5");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("grp_idx", ps, depth, &sam->grp_idx))
-		return False;
-	if(!smb_io_strhdr("strhdr", &sam->hdr_grp_name, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAM_ENTRY structure.
-********************************************************************/
-
-void init_sam_entry(SAM_ENTRY *sam, UNISTR2 *uni2, uint32 rid)
-{
-	DEBUG(10, ("init_sam_entry: %d\n", rid));
-
-	sam->rid = rid;
-	init_uni_hdr(&sam->hdr_name, uni2);
-}
-
-/*******************************************************************
-reads or writes a SAM_ENTRY structure.
-********************************************************************/
-
-static bool sam_io_sam_entry(const char *desc, SAM_ENTRY * sam,
-			     prs_struct *ps, int depth)
-{
-	if (sam == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_sam_entry");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("rid", ps, depth, &sam->rid))
-		return False;
-	if(!smb_io_unihdr("unihdr", &sam->hdr_name, ps, depth))	/* account name unicode string header */
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_ENUM_DOM_USERS structure.
-********************************************************************/
-
-void init_samr_q_enum_dom_users(SAMR_Q_ENUM_DOM_USERS * q_e, POLICY_HND *pol,
-				uint32 start_idx,
-				uint32 acb_mask, uint32 size)
-{
-	DEBUG(5, ("init_samr_q_enum_dom_users\n"));
-
-	q_e->pol = *pol;
-
-	q_e->start_idx = start_idx;	/* zero indicates lots */
-	q_e->acb_mask = acb_mask;
-	q_e->max_size = size;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_enum_dom_users(const char *desc, SAMR_Q_ENUM_DOM_USERS * q_e,
-			      prs_struct *ps, int depth)
-{
-	if (q_e == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_enum_dom_users");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("domain_pol", &q_e->pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("start_idx", ps, depth, &q_e->start_idx))
-		return False;
-	if(!prs_uint32("acb_mask ", ps, depth, &q_e->acb_mask))
-		return False;
-
-	if(!prs_uint32("max_size ", ps, depth, &q_e->max_size))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
-inits a SAMR_R_ENUM_DOM_USERS structure.
-********************************************************************/
-
-void init_samr_r_enum_dom_users(SAMR_R_ENUM_DOM_USERS * r_u,
-				uint32 next_idx, uint32 num_sam_entries)
-{
-	DEBUG(5, ("init_samr_r_enum_dom_users\n"));
-
-	r_u->next_idx = next_idx;
-
-	if (num_sam_entries != 0) {
-		r_u->ptr_entries1 = 1;
-		r_u->ptr_entries2 = 1;
-		r_u->num_entries2 = num_sam_entries;
-		r_u->num_entries3 = num_sam_entries;
-
-		r_u->num_entries4 = num_sam_entries;
-	} else {
-		r_u->ptr_entries1 = 0;
-		r_u->num_entries2 = num_sam_entries;
-		r_u->ptr_entries2 = 1;
-	}
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_enum_dom_users(const char *desc, SAMR_R_ENUM_DOM_USERS * r_u,
-			      prs_struct *ps, int depth)
-{
-	uint32 i;
-
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_enum_dom_users");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("next_idx    ", ps, depth, &r_u->next_idx))
-		return False;
-	if(!prs_uint32("ptr_entries1", ps, depth, &r_u->ptr_entries1))
-		return False;
-
-	if (r_u->ptr_entries1 != 0) {
-		if(!prs_uint32("num_entries2", ps, depth, &r_u->num_entries2))
-			return False;
-		if(!prs_uint32("ptr_entries2", ps, depth, &r_u->ptr_entries2))
-			return False;
-		if(!prs_uint32("num_entries3", ps, depth, &r_u->num_entries3))
-			return False;
-
-		if (UNMARSHALLING(ps) && (r_u->num_entries2 != 0)) {
-			r_u->sam = PRS_ALLOC_MEM(ps,SAM_ENTRY, r_u->num_entries2);
-			r_u->uni_acct_name = PRS_ALLOC_MEM(ps,UNISTR2, r_u->num_entries2);
-		}
-
-		if ((r_u->sam == NULL || r_u->uni_acct_name == NULL) && r_u->num_entries2 != 0) {
-			DEBUG(0,("NULL pointers in SAMR_R_ENUM_DOM_USERS\n"));
-			r_u->num_entries4 = 0;
-			r_u->status = NT_STATUS_MEMORY_NOT_ALLOCATED;
-			return False;
-		}
-
-		for (i = 0; i < r_u->num_entries2; i++) {
-			if(!sam_io_sam_entry("", &r_u->sam[i], ps, depth))
-				return False;
-		}
-
-		for (i = 0; i < r_u->num_entries2; i++) {
-			if(!smb_io_unistr2("", &r_u->uni_acct_name[i],r_u->sam[i].hdr_name.buffer, ps,depth))
-				return False;
-		}
-
-	}
-
-	if(!prs_align(ps))
-		return False;
-		
-	if(!prs_uint32("num_entries4", ps, depth, &r_u->num_entries4))
-		return False;
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_QUERY_DISPINFO structure.
-********************************************************************/
-
-void init_samr_q_query_dispinfo(SAMR_Q_QUERY_DISPINFO * q_e, POLICY_HND *pol,
-				uint16 switch_level, uint32 start_idx,
-				uint32 max_entries, uint32 max_size)
-{
-	DEBUG(5, ("init_samr_q_query_dispinfo\n"));
-
-	q_e->domain_pol = *pol;
-
-	q_e->switch_level = switch_level;
-
-	q_e->start_idx = start_idx;
-	q_e->max_entries = max_entries;
-	q_e->max_size = max_size;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_query_dispinfo(const char *desc, SAMR_Q_QUERY_DISPINFO * q_e,
-			      prs_struct *ps, int depth)
-{
-	if (q_e == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_query_dispinfo");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("domain_pol", &q_e->domain_pol, ps, depth))
-		return False;
-
-	if(!prs_uint16("switch_level", ps, depth, &q_e->switch_level))
-		return False;
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("start_idx   ", ps, depth, &q_e->start_idx))
-		return False;
-	if(!prs_uint32("max_entries ", ps, depth, &q_e->max_entries))
-		return False;
-	if(!prs_uint32("max_size    ", ps, depth, &q_e->max_size))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAM_DISPINFO_1 structure.
-********************************************************************/
-
-NTSTATUS init_sam_dispinfo_1(TALLOC_CTX *ctx, SAM_DISPINFO_1 **sam,
-			     uint32 num_entries, uint32 start_idx,
-			     struct samr_displayentry *entries)
-{
-	uint32 i;
-
-	DEBUG(10, ("init_sam_dispinfo_1: num_entries: %d\n", num_entries));
-
-	if (num_entries==0)
-		return NT_STATUS_OK;
-
-	*sam = TALLOC_ZERO_ARRAY(ctx, SAM_DISPINFO_1, num_entries);
-	if (*sam == NULL)
-		return NT_STATUS_NO_MEMORY;
-
-	(*sam)->sam=TALLOC_ARRAY(ctx, SAM_ENTRY1, num_entries);
-	if ((*sam)->sam == NULL)
-		return NT_STATUS_NO_MEMORY;
-
-	(*sam)->str=TALLOC_ARRAY(ctx, SAM_STR1, num_entries);
-	if ((*sam)->str == NULL)
-		return NT_STATUS_NO_MEMORY;
-
-	for (i = 0; i < num_entries ; i++) {
-		init_unistr2(&(*sam)->str[i].uni_acct_name,
-			     entries[i].account_name, UNI_FLAGS_NONE);
-		init_unistr2(&(*sam)->str[i].uni_full_name,
-			     entries[i].fullname, UNI_FLAGS_NONE);
-		init_unistr2(&(*sam)->str[i].uni_acct_desc,
-			     entries[i].description, UNI_FLAGS_NONE);
-
-		init_sam_entry1(&(*sam)->sam[i], start_idx+i+1,
-				&(*sam)->str[i].uni_acct_name,
-				&(*sam)->str[i].uni_full_name,
-				&(*sam)->str[i].uni_acct_desc,
-				entries[i].rid, entries[i].acct_flags);
-	}
-
-	return NT_STATUS_OK;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_sam_dispinfo_1(const char *desc, SAM_DISPINFO_1 * sam,
-				  uint32 num_entries,
-				  prs_struct *ps, int depth)
-{
-	uint32 i;
-
-	prs_debug(ps, depth, desc, "sam_io_sam_dispinfo_1");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if (UNMARSHALLING(ps) && num_entries > 0) {
-
-		if ((sam->sam = PRS_ALLOC_MEM(ps, SAM_ENTRY1, num_entries)) == NULL) {
-			DEBUG(0, ("out of memory allocating SAM_ENTRY1\n"));
-			return False;
-		}
-
-		if ((sam->str = PRS_ALLOC_MEM(ps, SAM_STR1, num_entries)) == NULL) {
-			DEBUG(0, ("out of memory allocating SAM_STR1\n"));
-			return False;
-		}
-	}
-
-	for (i = 0; i < num_entries; i++) {
-		if(!sam_io_sam_entry1("", &sam->sam[i], ps, depth))
-			return False;
-	}
-
-	for (i = 0; i < num_entries; i++) {
-		if(!sam_io_sam_str1("", &sam->str[i],
-			      sam->sam[i].hdr_acct_name.buffer,
-			      sam->sam[i].hdr_user_name.buffer,
-			      sam->sam[i].hdr_user_desc.buffer, ps, depth))
-			return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAM_DISPINFO_2 structure.
-********************************************************************/
-
-NTSTATUS init_sam_dispinfo_2(TALLOC_CTX *ctx, SAM_DISPINFO_2 **sam,
-			     uint32 num_entries, uint32 start_idx,
-			     struct samr_displayentry *entries)
-{
-	uint32 i;
-
-	DEBUG(10, ("init_sam_dispinfo_2: num_entries: %d\n", num_entries));
-
-	if (num_entries==0)
-		return NT_STATUS_OK;
-
-	*sam = TALLOC_ZERO_ARRAY(ctx, SAM_DISPINFO_2, num_entries);
-	if (*sam == NULL)
-		return NT_STATUS_NO_MEMORY;
-
-	(*sam)->sam = TALLOC_ARRAY(ctx, SAM_ENTRY2, num_entries);
-	if ((*sam)->sam == NULL)
-		return NT_STATUS_NO_MEMORY;
-
-	(*sam)->str=TALLOC_ARRAY(ctx, SAM_STR2, num_entries);
-	if ((*sam)->str == NULL)
-		return NT_STATUS_NO_MEMORY;
-
-	for (i = 0; i < num_entries; i++) {
-		init_unistr2(&(*sam)->str[i].uni_srv_name,
-			     entries[i].account_name, UNI_FLAGS_NONE);
-		init_unistr2(&(*sam)->str[i].uni_srv_desc,
-			     entries[i].description, UNI_FLAGS_NONE);
-
-		init_sam_entry2(&(*sam)->sam[i], start_idx + i + 1,
-				&(*sam)->str[i].uni_srv_name,
-				&(*sam)->str[i].uni_srv_desc,
-				entries[i].rid, entries[i].acct_flags);
-	}
-
-	return NT_STATUS_OK;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_sam_dispinfo_2(const char *desc, SAM_DISPINFO_2 * sam,
-				  uint32 num_entries,
-				  prs_struct *ps, int depth)
-{
-	uint32 i;
-
-	if (sam == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_sam_dispinfo_2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if (UNMARSHALLING(ps) && num_entries > 0) {
-
-		if ((sam->sam = PRS_ALLOC_MEM(ps, SAM_ENTRY2, num_entries)) == NULL) {
-			DEBUG(0, ("out of memory allocating SAM_ENTRY2\n"));
-			return False;
-		}
-
-		if ((sam->str = PRS_ALLOC_MEM(ps, SAM_STR2, num_entries)) == NULL) {
-			DEBUG(0, ("out of memory allocating SAM_STR2\n"));
-			return False;
-		}
-	}
-
-	for (i = 0; i < num_entries; i++) {
-		if(!sam_io_sam_entry2("", &sam->sam[i], ps, depth))
-			return False;
-	}
-
-	for (i = 0; i < num_entries; i++) {
-		if(!sam_io_sam_str2("", &sam->str[i],
-			      sam->sam[i].hdr_srv_name.buffer,
-			      sam->sam[i].hdr_srv_desc.buffer, ps, depth))
-			return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAM_DISPINFO_3 structure.
-********************************************************************/
-
-NTSTATUS init_sam_dispinfo_3(TALLOC_CTX *ctx, SAM_DISPINFO_3 **sam,
-			     uint32 num_entries, uint32 start_idx,
-			     struct samr_displayentry *entries)
-{
-	uint32 i;
-
-	DEBUG(5, ("init_sam_dispinfo_3: num_entries: %d\n", num_entries));
-
-	if (num_entries==0)
-		return NT_STATUS_OK;
-
-	*sam = TALLOC_ZERO_ARRAY(ctx, SAM_DISPINFO_3, num_entries);
-	if (*sam == NULL)
-		return NT_STATUS_NO_MEMORY;
-
-	if (!((*sam)->sam=TALLOC_ARRAY(ctx, SAM_ENTRY3, num_entries)))
-		return NT_STATUS_NO_MEMORY;
-
-	if (!((*sam)->str=TALLOC_ARRAY(ctx, SAM_STR3, num_entries)))
-		return NT_STATUS_NO_MEMORY;
-
-	for (i = 0; i < num_entries; i++) {
-		DEBUG(11, ("init_sam_dispinfo_3: entry: %d\n",i));
-
-		init_unistr2(&(*sam)->str[i].uni_grp_name,
-			     entries[i].account_name, UNI_FLAGS_NONE);
-		init_unistr2(&(*sam)->str[i].uni_grp_desc,
-			     entries[i].description, UNI_FLAGS_NONE);
-
-		init_sam_entry3(&(*sam)->sam[i], start_idx+i+1,
-				&(*sam)->str[i].uni_grp_name,
-				&(*sam)->str[i].uni_grp_desc,
-				entries[i].rid);
-	}
-
-	return NT_STATUS_OK;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_sam_dispinfo_3(const char *desc, SAM_DISPINFO_3 * sam,
-				  uint32 num_entries,
-				  prs_struct *ps, int depth)
-{
-	uint32 i;
-
-	if (sam == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_sam_dispinfo_3");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if (UNMARSHALLING(ps) && num_entries > 0) {
-
-		if ((sam->sam = PRS_ALLOC_MEM(ps, SAM_ENTRY3, num_entries)) == NULL) {
-			DEBUG(0, ("out of memory allocating SAM_ENTRY3\n"));
-			return False;
-		}
-
-		if ((sam->str = PRS_ALLOC_MEM(ps, SAM_STR3, num_entries)) == NULL) {
-			DEBUG(0, ("out of memory allocating SAM_STR3\n"));
-			return False;
-		}
-	}
-
-	for (i = 0; i < num_entries; i++) {
-		if(!sam_io_sam_entry3("", &sam->sam[i], ps, depth))
-			return False;
-	}
-
-	for (i = 0; i < num_entries; i++) {
-		if(!sam_io_sam_str3("", &sam->str[i],
-			      sam->sam[i].hdr_grp_name.buffer,
-			      sam->sam[i].hdr_grp_desc.buffer, ps, depth))
-			return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAM_DISPINFO_4 structure.
-********************************************************************/
-
-NTSTATUS init_sam_dispinfo_4(TALLOC_CTX *ctx, SAM_DISPINFO_4 **sam,
-			     uint32 num_entries, uint32 start_idx,
-			     struct samr_displayentry *entries)
-{
-	uint32 i;
-
-	DEBUG(5, ("init_sam_dispinfo_4: num_entries: %d\n", num_entries));
-
-	if (num_entries==0)
-		return NT_STATUS_OK;
-
-	*sam = TALLOC_ZERO_ARRAY(ctx, SAM_DISPINFO_4, num_entries);
-	if (*sam == NULL)
-		return NT_STATUS_NO_MEMORY;
-
-	(*sam)->sam = TALLOC_ARRAY(ctx, SAM_ENTRY4, num_entries);
-	if ((*sam)->sam == NULL)
-		return NT_STATUS_NO_MEMORY;
-
-	(*sam)->str=TALLOC_ARRAY(ctx, SAM_STR4, num_entries);
-	if ((*sam)->str == NULL)
-		return NT_STATUS_NO_MEMORY;
-
-	for (i = 0; i < num_entries; i++) {
-		size_t len_sam_name = strlen(entries[i].account_name);
-
-		DEBUG(11, ("init_sam_dispinfo_2: entry: %d\n",i));
-	  
-		init_sam_entry4(&(*sam)->sam[i], start_idx + i + 1,
-				len_sam_name);
-
-		init_string2(&(*sam)->str[i].acct_name,
-			     entries[i].account_name, len_sam_name+1,
-			     len_sam_name);
-	}
-	
-	return NT_STATUS_OK;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_sam_dispinfo_4(const char *desc, SAM_DISPINFO_4 * sam,
-				  uint32 num_entries,
-				  prs_struct *ps, int depth)
-{
-	uint32 i;
-
-	if (sam == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_sam_dispinfo_4");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if (UNMARSHALLING(ps) && num_entries > 0) {
-
-		if ((sam->sam = PRS_ALLOC_MEM(ps, SAM_ENTRY4, num_entries)) == NULL) {
-			DEBUG(0, ("out of memory allocating SAM_ENTRY4\n"));
-			return False;
-		}
-
-		if ((sam->str = PRS_ALLOC_MEM(ps, SAM_STR4, num_entries)) == NULL) {
-			DEBUG(0, ("out of memory allocating SAM_STR4\n"));
-			return False;
-		}
-	}
-
-	for (i = 0; i < num_entries; i++) {
-		if(!sam_io_sam_entry4("", &sam->sam[i], ps, depth))
-			return False;
-	}
-
-	for (i = 0; i < num_entries; i++) {
-		if(!smb_io_string2("acct_name", &sam->str[i].acct_name,
-			     sam->sam[i].hdr_acct_name.buffer, ps, depth))
-			return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAM_DISPINFO_5 structure.
-********************************************************************/
-
-NTSTATUS init_sam_dispinfo_5(TALLOC_CTX *ctx, SAM_DISPINFO_5 **sam,
-			     uint32 num_entries, uint32 start_idx,
-			     struct samr_displayentry *entries)
-{
-	uint32 len_sam_name;
-	uint32 i;
-
-	DEBUG(5, ("init_sam_dispinfo_5: num_entries: %d\n", num_entries));
-
-	if (num_entries==0)
-		return NT_STATUS_OK;
-
-	*sam = TALLOC_ZERO_ARRAY(ctx, SAM_DISPINFO_5, num_entries);
-	if (*sam == NULL)
-		return NT_STATUS_NO_MEMORY;
-
-	if (!((*sam)->sam=TALLOC_ARRAY(ctx, SAM_ENTRY5, num_entries)))
-		return NT_STATUS_NO_MEMORY;
-
-	if (!((*sam)->str=TALLOC_ARRAY(ctx, SAM_STR5, num_entries)))
-		return NT_STATUS_NO_MEMORY;
-
-	for (i = 0; i < num_entries; i++) {
-		DEBUG(11, ("init_sam_dispinfo_5: entry: %d\n",i));
-
-		len_sam_name = strlen(entries[i].account_name);
-	  
-		init_sam_entry5(&(*sam)->sam[i], start_idx+i+1, len_sam_name);
-		init_string2(&(*sam)->str[i].grp_name, entries[i].account_name,
-			     len_sam_name+1, len_sam_name);
-	}
-
-	return NT_STATUS_OK;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_sam_dispinfo_5(const char *desc, SAM_DISPINFO_5 * sam,
-				  uint32 num_entries,
-				  prs_struct *ps, int depth)
-{
-	uint32 i;
-
-	if (sam == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_sam_dispinfo_5");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if (UNMARSHALLING(ps) && num_entries > 0) {
-
-		if ((sam->sam = PRS_ALLOC_MEM(ps, SAM_ENTRY5, num_entries)) == NULL) {
-			DEBUG(0, ("out of memory allocating SAM_ENTRY5\n"));
-			return False;
-		}
-
-		if ((sam->str = PRS_ALLOC_MEM(ps, SAM_STR5, num_entries)) == NULL) {
-			DEBUG(0, ("out of memory allocating SAM_STR5\n"));
-			return False;
-		}
-	}
-
-	for (i = 0; i < num_entries; i++) {
-		if(!sam_io_sam_entry5("", &sam->sam[i], ps, depth))
-			return False;
-	}
-
-	for (i = 0; i < num_entries; i++) {
-		if(!smb_io_string2("grp_name", &sam->str[i].grp_name,
-			     sam->sam[i].hdr_grp_name.buffer, ps, depth))
-			return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_QUERY_DISPINFO structure.
-********************************************************************/
-
-void init_samr_r_query_dispinfo(SAMR_R_QUERY_DISPINFO * r_u,
-				uint32 num_entries, uint32 total_size, uint32 data_size,
-				uint16 switch_level, SAM_DISPINFO_CTR * ctr,
-				NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_query_dispinfo: level %d\n", switch_level));
-
-	r_u->total_size = total_size;
-
-	r_u->data_size = data_size;
-
-	r_u->switch_level = switch_level;
-	r_u->num_entries = num_entries;
-
-	if (num_entries==0)
-		r_u->ptr_entries = 0;
-	else
-		r_u->ptr_entries = 1;
-
-	r_u->num_entries2 = num_entries;
-	r_u->ctr = ctr;
-
-	r_u->status = status;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_query_dispinfo(const char *desc, SAMR_R_QUERY_DISPINFO * r_u,
-			      prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_query_dispinfo");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("total_size  ", ps, depth, &r_u->total_size))
-		return False;
-	if(!prs_uint32("data_size   ", ps, depth, &r_u->data_size))
-		return False;
-	if(!prs_uint16("switch_level", ps, depth, &r_u->switch_level))
-		return False;
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("num_entries ", ps, depth, &r_u->num_entries))
-		return False;
-	if(!prs_uint32("ptr_entries ", ps, depth, &r_u->ptr_entries))
-		return False;
-
-	if (r_u->ptr_entries==0) {
-		if(!prs_align(ps))
-			return False;
-		if(!prs_ntstatus("status", ps, depth, &r_u->status))
-			return False;
-
-		return True;
-	}
-
-	if(!prs_uint32("num_entries2", ps, depth, &r_u->num_entries2))
-		return False;
-
-	switch (r_u->switch_level) {
-	case 0x1:
-		if(!sam_io_sam_dispinfo_1("users", r_u->ctr->sam.info1,
-				r_u->num_entries, ps, depth))
-			return False;
-		break;
-	case 0x2:
-		if(!sam_io_sam_dispinfo_2("servers", r_u->ctr->sam.info2,
-				r_u->num_entries, ps, depth))
-			return False;
-		break;
-	case 0x3:
-		if(!sam_io_sam_dispinfo_3("groups", r_u->ctr->sam.info3,
-				    r_u->num_entries, ps, depth))
-			return False;
-		break;
-	case 0x4:
-		if(!sam_io_sam_dispinfo_4("user list",
-				    r_u->ctr->sam.info4,
-				    r_u->num_entries, ps, depth))
-			return False;
-		break;
-	case 0x5:
-		if(!sam_io_sam_dispinfo_5("group list",
-				    r_u->ctr->sam.info5,
-				    r_u->num_entries, ps, depth))
-			return False;
-		break;
-	default:
-		DEBUG(0,("samr_io_r_query_dispinfo: unknown switch value\n"));
-		break;
-	}
-	
-	if(!prs_align(ps))
-		return False;
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_OPEN_GROUP structure.
-********************************************************************/
-
-void init_samr_q_open_group(SAMR_Q_OPEN_GROUP * q_c,
-			    POLICY_HND *hnd,
-			    uint32 access_mask, uint32 rid)
-{
-	DEBUG(5, ("init_samr_q_open_group\n"));
-
-	q_c->domain_pol = *hnd;
-	q_c->access_mask = access_mask;
-	q_c->rid_group = rid;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_open_group(const char *desc, SAMR_Q_OPEN_GROUP * q_u,
-			  prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_open_group");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("domain_pol", &q_u->domain_pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
-		return False;
-	if(!prs_uint32("rid_group", ps, depth, &q_u->rid_group))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_open_group(const char *desc, SAMR_R_OPEN_GROUP * r_u,
-			  prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_open_group");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &r_u->pol, ps, depth))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a GROUP_INFO1 structure.
-********************************************************************/
-
-void init_samr_group_info1(GROUP_INFO1 * gr1,
-			   char *acct_name, char *acct_desc,
-			   uint32 num_members)
-{
-	DEBUG(5, ("init_samr_group_info1\n"));
-
-	gr1->group_attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT); /* why not | SE_GROUP_ENABLED ? */
-	gr1->num_members = num_members;
-
-	init_unistr2(&gr1->uni_acct_name, acct_name, UNI_FLAGS_NONE);
-	init_uni_hdr(&gr1->hdr_acct_name, &gr1->uni_acct_name);
-	init_unistr2(&gr1->uni_acct_desc, acct_desc, UNI_FLAGS_NONE);
-	init_uni_hdr(&gr1->hdr_acct_desc, &gr1->uni_acct_desc);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_group_info1(const char *desc, GROUP_INFO1 * gr1,
-			 prs_struct *ps, int depth)
-{
-	uint16 dummy = 1;
-
-	if (gr1 == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_group_info1");
-	depth++;
-
-	if(!prs_uint16("level", ps, depth, &dummy))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_unihdr("hdr_acct_name", &gr1->hdr_acct_name, ps, depth))
-		return False;
-
-	if(!prs_uint32("group_attr", ps, depth, &gr1->group_attr))
-		return False;
-	if(!prs_uint32("num_members", ps, depth, &gr1->num_members))
-		return False;
-
-	if(!smb_io_unihdr("hdr_acct_desc", &gr1->hdr_acct_desc, ps, depth))
-		return False;
-
-	if(!smb_io_unistr2("uni_acct_name", &gr1->uni_acct_name,
-			   gr1->hdr_acct_name.buffer, ps, depth))
-		return False;
-
-	if(!smb_io_unistr2("uni_acct_desc", &gr1->uni_acct_desc,
-			   gr1->hdr_acct_desc.buffer, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a GROUP_INFO2 structure.
-********************************************************************/
-
-void init_samr_group_info2(GROUP_INFO2 * gr2, const char *acct_name)
-{
-	DEBUG(5, ("init_samr_group_info2\n"));
-
-	gr2->level = 2;
-	init_unistr2(&gr2->uni_acct_name, acct_name, UNI_FLAGS_NONE);
-	init_uni_hdr(&gr2->hdr_acct_name, &gr2->uni_acct_name);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_group_info2(const char *desc, GROUP_INFO2 *gr2, prs_struct *ps, int depth)
-{
-	if (gr2 == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_group_info2");
-	depth++;
-
-	if(!prs_uint16("hdr_level", ps, depth, &gr2->level))
-		return False;
-
-	if(!smb_io_unihdr("hdr_acct_name", &gr2->hdr_acct_name, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_acct_name", &gr2->uni_acct_name,
-			   gr2->hdr_acct_name.buffer, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a GROUP_INFO3 structure.
-********************************************************************/
-
-void init_samr_group_info3(GROUP_INFO3 *gr3)
-{
-	DEBUG(5, ("init_samr_group_info3\n"));
-
-	gr3->group_attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT); /* why not | SE_GROUP_ENABLED ? */
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_group_info3(const char *desc, GROUP_INFO3 *gr3, prs_struct *ps, int depth)
-{
-	if (gr3 == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_group_info3");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("group_attr", ps, depth, &gr3->group_attr))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a GROUP_INFO4 structure.
-********************************************************************/
-
-void init_samr_group_info4(GROUP_INFO4 * gr4, const char *acct_desc)
-{
-	DEBUG(5, ("init_samr_group_info4\n"));
-
-	gr4->level = 4;
-	init_unistr2(&gr4->uni_acct_desc, acct_desc, UNI_FLAGS_NONE);
-	init_uni_hdr(&gr4->hdr_acct_desc, &gr4->uni_acct_desc);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_group_info4(const char *desc, GROUP_INFO4 * gr4,
-			 prs_struct *ps, int depth)
-{
-	if (gr4 == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_group_info4");
-	depth++;
-
-	if(!prs_uint16("hdr_level", ps, depth, &gr4->level))
-		return False;
-	if(!smb_io_unihdr("hdr_acct_desc", &gr4->hdr_acct_desc, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_acct_desc", &gr4->uni_acct_desc,
-			   gr4->hdr_acct_desc.buffer, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a GROUP_INFO5 structure.
-********************************************************************/
-
-void init_samr_group_info5(GROUP_INFO5 * gr5,
-			   char *acct_name, char *acct_desc,
-			   uint32 num_members)
-{
-	DEBUG(5, ("init_samr_group_info5\n"));
-
-	gr5->group_attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT); /* why not | SE_GROUP_ENABLED ? */
-	gr5->num_members = num_members;
-
-	init_unistr2(&gr5->uni_acct_name, acct_name, UNI_FLAGS_NONE);
-	init_uni_hdr(&gr5->hdr_acct_name, &gr5->uni_acct_name);
-	init_unistr2(&gr5->uni_acct_desc, acct_desc, UNI_FLAGS_NONE);
-	init_uni_hdr(&gr5->hdr_acct_desc, &gr5->uni_acct_desc);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_group_info5(const char *desc, GROUP_INFO5 * gr5,
-			 prs_struct *ps, int depth)
-{
-	uint16 dummy = 1;
-
-	if (gr5 == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_group_info5");
-	depth++;
-
-	if(!prs_uint16("level", ps, depth, &dummy))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_unihdr("hdr_acct_name", &gr5->hdr_acct_name, ps, depth))
-		return False;
-
-	if(!prs_uint32("group_attr", ps, depth, &gr5->group_attr))
-		return False;
-	if(!prs_uint32("num_members", ps, depth, &gr5->num_members))
-		return False;
-
-	if(!smb_io_unihdr("hdr_acct_desc", &gr5->hdr_acct_desc, ps, depth))
-		return False;
-
-	if(!smb_io_unistr2("uni_acct_name", &gr5->uni_acct_name,
-			   gr5->hdr_acct_name.buffer, ps, depth))
-		return False;
-
-	if(!smb_io_unistr2("uni_acct_desc", &gr5->uni_acct_desc,
-			   gr5->hdr_acct_desc.buffer, ps, depth))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool samr_group_info_ctr(const char *desc, GROUP_INFO_CTR **ctr,
-				prs_struct *ps, int depth)
-{
-	if (UNMARSHALLING(ps))
-		*ctr = PRS_ALLOC_MEM(ps,GROUP_INFO_CTR,1);
-
-	if (*ctr == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_group_info_ctr");
-	depth++;
-
-	if(!prs_uint16("switch_value1", ps, depth, &(*ctr)->switch_value1))
-		return False;
-
-	switch ((*ctr)->switch_value1) {
-	case 1:
-		if(!samr_io_group_info1("group_info1", &(*ctr)->group.info1, ps, depth))
-			return False;
-		break;
-	case 2:
-		if(!samr_io_group_info2("group_info2", &(*ctr)->group.info2, ps, depth))
-			return False;
-		break;
-	case 3:
-		if(!samr_io_group_info3("group_info3", &(*ctr)->group.info3, ps, depth))
-			return False;
-		break;
-	case 4:
-		if(!samr_io_group_info4("group_info4", &(*ctr)->group.info4, ps, depth))
-			return False;
-		break;
-	case 5:
-		if(!samr_io_group_info5("group_info5", &(*ctr)->group.info5, ps, depth))
-			return False;
-		break;
-	default:
-		DEBUG(0,("samr_group_info_ctr: unsupported switch level\n"));
-		break;
-	}
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_CREATE_DOM_GROUP structure.
-********************************************************************/
-
-void init_samr_q_create_dom_group(SAMR_Q_CREATE_DOM_GROUP * q_e,
-				  POLICY_HND *pol, const char *acct_desc,
-				  uint32 access_mask)
-{
-	DEBUG(5, ("init_samr_q_create_dom_group\n"));
-
-	q_e->pol = *pol;
-
-	init_unistr2(&q_e->uni_acct_desc, acct_desc, UNI_FLAGS_NONE);
-	init_uni_hdr(&q_e->hdr_acct_desc, &q_e->uni_acct_desc);
-
-	q_e->access_mask = access_mask;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_create_dom_group(const char *desc, SAMR_Q_CREATE_DOM_GROUP * q_e,
-				prs_struct *ps, int depth)
-{
-	if (q_e == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_create_dom_group");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &q_e->pol, ps, depth))
-		return False;
-
-	if(!smb_io_unihdr("hdr_acct_desc", &q_e->hdr_acct_desc, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_acct_desc", &q_e->uni_acct_desc,
-		       q_e->hdr_acct_desc.buffer, ps, depth))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("access", ps, depth, &q_e->access_mask))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_create_dom_group(const char *desc, SAMR_R_CREATE_DOM_GROUP * r_u,
-				prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_create_dom_group");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &r_u->pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("rid   ", ps, depth, &r_u->rid))
-		return False;
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_DELETE_DOM_GROUP structure.
-********************************************************************/
-
-void init_samr_q_delete_dom_group(SAMR_Q_DELETE_DOM_GROUP * q_c,
-				  POLICY_HND *hnd)
-{
-	DEBUG(5, ("init_samr_q_delete_dom_group\n"));
-
-	q_c->group_pol = *hnd;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_delete_dom_group(const char *desc, SAMR_Q_DELETE_DOM_GROUP * q_u,
-				prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_delete_dom_group");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("group_pol", &q_u->group_pol, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_delete_dom_group(const char *desc, SAMR_R_DELETE_DOM_GROUP * r_u,
-				prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_delete_dom_group");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &r_u->pol, ps, depth))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_DEL_GROUPMEM structure.
-********************************************************************/
-
-void init_samr_q_del_groupmem(SAMR_Q_DEL_GROUPMEM * q_e,
-			      POLICY_HND *pol, uint32 rid)
-{
-	DEBUG(5, ("init_samr_q_del_groupmem\n"));
-
-	q_e->pol = *pol;
-	q_e->rid = rid;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_del_groupmem(const char *desc, SAMR_Q_DEL_GROUPMEM * q_e,
-			    prs_struct *ps, int depth)
-{
-	if (q_e == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_del_groupmem");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &q_e->pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("rid", ps, depth, &q_e->rid))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_DEL_GROUPMEM structure.
-********************************************************************/
-
-void init_samr_r_del_groupmem(SAMR_R_DEL_GROUPMEM * r_u, POLICY_HND *pol,
-			      NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_del_groupmem\n"));
-
-	r_u->status = status;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_del_groupmem(const char *desc, SAMR_R_DEL_GROUPMEM * r_u,
-			    prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_del_groupmem");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_ADD_GROUPMEM structure.
-********************************************************************/
-
-void init_samr_q_add_groupmem(SAMR_Q_ADD_GROUPMEM * q_e,
-			      POLICY_HND *pol, uint32 rid)
-{
-	DEBUG(5, ("init_samr_q_add_groupmem\n"));
-
-	q_e->pol = *pol;
-	q_e->rid = rid;
-	q_e->unknown = 0x0005;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_add_groupmem(const char *desc, SAMR_Q_ADD_GROUPMEM * q_e,
-			    prs_struct *ps, int depth)
-{
-	if (q_e == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_add_groupmem");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &q_e->pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("rid    ", ps, depth, &q_e->rid))
-		return False;
-	if(!prs_uint32("unknown", ps, depth, &q_e->unknown))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_ADD_GROUPMEM structure.
-********************************************************************/
-
-void init_samr_r_add_groupmem(SAMR_R_ADD_GROUPMEM * r_u, POLICY_HND *pol,
-			      NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_add_groupmem\n"));
-
-	r_u->status = status;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_add_groupmem(const char *desc, SAMR_R_ADD_GROUPMEM * r_u,
-			    prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_add_groupmem");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_SET_GROUPINFO structure.
-********************************************************************/
-
-void init_samr_q_set_groupinfo(SAMR_Q_SET_GROUPINFO * q_e,
-			       POLICY_HND *pol, GROUP_INFO_CTR * ctr)
-{
-	DEBUG(5, ("init_samr_q_set_groupinfo\n"));
-
-	q_e->pol = *pol;
-	q_e->ctr = ctr;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_set_groupinfo(const char *desc, SAMR_Q_SET_GROUPINFO * q_e,
-			     prs_struct *ps, int depth)
-{
-	if (q_e == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_set_groupinfo");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &q_e->pol, ps, depth))
-		return False;
-	
-	if(!samr_group_info_ctr("ctr", &q_e->ctr, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_SET_GROUPINFO structure.
-********************************************************************/
-
-void init_samr_r_set_groupinfo(SAMR_R_SET_GROUPINFO * r_u, NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_set_groupinfo\n"));
-
-	r_u->status = status;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_set_groupinfo(const char *desc, SAMR_R_SET_GROUPINFO * r_u,
-			     prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_set_groupinfo");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_QUERY_GROUPINFO structure.
-********************************************************************/
-
-void init_samr_q_query_groupinfo(SAMR_Q_QUERY_GROUPINFO * q_e,
-				 POLICY_HND *pol, uint16 switch_level)
-{
-	DEBUG(5, ("init_samr_q_query_groupinfo\n"));
-
-	q_e->pol = *pol;
-
-	q_e->switch_level = switch_level;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_query_groupinfo(const char *desc, SAMR_Q_QUERY_GROUPINFO * q_e,
-			       prs_struct *ps, int depth)
-{
-	if (q_e == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_query_groupinfo");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &q_e->pol, ps, depth))
-		return False;
-
-	if(!prs_uint16("switch_level", ps, depth, &q_e->switch_level))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_QUERY_GROUPINFO structure.
-********************************************************************/
-
-void init_samr_r_query_groupinfo(SAMR_R_QUERY_GROUPINFO * r_u,
-				 GROUP_INFO_CTR * ctr, NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_query_groupinfo\n"));
-
-	r_u->ptr = (NT_STATUS_IS_OK(status) && ctr != NULL) ? 1 : 0;
-	r_u->ctr = ctr;
-	r_u->status = status;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_query_groupinfo(const char *desc, SAMR_R_QUERY_GROUPINFO * r_u,
-			       prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_query_groupinfo");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr", ps, depth, &r_u->ptr))
-		return False;
-
-	if (r_u->ptr != 0) {
-		if(!samr_group_info_ctr("ctr", &r_u->ctr, ps, depth))
-			return False;
-	}
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_QUERY_GROUPMEM structure.
-********************************************************************/
-
-void init_samr_q_query_groupmem(SAMR_Q_QUERY_GROUPMEM * q_c, POLICY_HND *hnd)
-{
-	DEBUG(5, ("init_samr_q_query_groupmem\n"));
-
-	q_c->group_pol = *hnd;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_query_groupmem(const char *desc, SAMR_Q_QUERY_GROUPMEM * q_u,
-			      prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_query_groupmem");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("group_pol", &q_u->group_pol, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_QUERY_GROUPMEM structure.
-********************************************************************/
-
-void init_samr_r_query_groupmem(SAMR_R_QUERY_GROUPMEM * r_u,
-				uint32 num_entries, uint32 *rid,
-				uint32 *attr, NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_query_groupmem\n"));
-
-	if (NT_STATUS_IS_OK(status)) {
-		r_u->ptr = 1;
-		r_u->num_entries = num_entries;
-
-		r_u->ptr_attrs = attr != NULL ? 1 : 0;
-		r_u->ptr_rids = rid != NULL ? 1 : 0;
-
-		r_u->num_rids = num_entries;
-		r_u->rid = rid;
-
-		r_u->num_attrs = num_entries;
-		r_u->attr = attr;
-	} else {
-		r_u->ptr = 0;
-		r_u->num_entries = 0;
-	}
-
-	r_u->status = status;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_query_groupmem(const char *desc, SAMR_R_QUERY_GROUPMEM * r_u,
-			      prs_struct *ps, int depth)
-{
-	uint32 i;
-
-	if (r_u == NULL)
-		return False;
-
-	if (UNMARSHALLING(ps))
-		ZERO_STRUCTP(r_u);
-
-	prs_debug(ps, depth, desc, "samr_io_r_query_groupmem");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr", ps, depth, &r_u->ptr))
-		return False;
-	if(!prs_uint32("num_entries ", ps, depth, &r_u->num_entries))
-		return False;
-
-	if (r_u->ptr != 0) {
-		if(!prs_uint32("ptr_rids ", ps, depth, &r_u->ptr_rids))
-			return False;
-		if(!prs_uint32("ptr_attrs", ps, depth, &r_u->ptr_attrs))
-			return False;
-
-		if (r_u->ptr_rids != 0)	{
-			if(!prs_uint32("num_rids", ps, depth, &r_u->num_rids))
-				return False;
-			if (UNMARSHALLING(ps) && r_u->num_rids != 0) {
-				r_u->rid = PRS_ALLOC_MEM(ps,uint32,r_u->num_rids);
-				if (r_u->rid == NULL)
-					return False;
-			}
-
-			for (i = 0; i < r_u->num_rids; i++) {
-				if(!prs_uint32("", ps, depth, &r_u->rid[i]))
-					return False;
-			}
-		}
-
-		if (r_u->ptr_attrs != 0) {
-			if(!prs_uint32("num_attrs", ps, depth, &r_u->num_attrs))
-				return False;
-
-			if (UNMARSHALLING(ps) && r_u->num_attrs != 0) {
-				r_u->attr = PRS_ALLOC_MEM(ps,uint32,r_u->num_attrs);
-				if (r_u->attr == NULL)
-					return False;
-			}
-
-			for (i = 0; i < r_u->num_attrs; i++) {
-				if(!prs_uint32("", ps, depth, &r_u->attr[i]))
-					return False;
-			}
-		}
-	}
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_QUERY_USERGROUPS structure.
-********************************************************************/
-
-void init_samr_q_query_usergroups(SAMR_Q_QUERY_USERGROUPS * q_u,
-				  POLICY_HND *hnd)
-{
-	DEBUG(5, ("init_samr_q_query_usergroups\n"));
-
-	q_u->pol = *hnd;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_query_usergroups(const char *desc, SAMR_Q_QUERY_USERGROUPS * q_u,
-				prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_query_usergroups");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &q_u->pol, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_QUERY_USERGROUPS structure.
-********************************************************************/
-
-void init_samr_r_query_usergroups(SAMR_R_QUERY_USERGROUPS * r_u,
-				  uint32 num_gids, DOM_GID * gid,
-				  NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_query_usergroups\n"));
-
-	if (NT_STATUS_IS_OK(status)) {
-		r_u->ptr_0 = 1;
-		r_u->num_entries = num_gids;
-		r_u->ptr_1 = (num_gids != 0) ? 1 : 0;
-		r_u->num_entries2 = num_gids;
-
-		r_u->gid = gid;
-	} else {
-		r_u->ptr_0 = 0;
-		r_u->num_entries = 0;
-		r_u->ptr_1 = 0;
-		r_u->gid = NULL;
-	}
-
-	r_u->status = status;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_gids(const char *desc, uint32 *num_gids, DOM_GID ** gid,
-		  prs_struct *ps, int depth)
-{
-	uint32 i;
-	if (gid == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_gids");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("num_gids", ps, depth, num_gids))
-		return False;
-
-	if ((*num_gids) != 0) {
-		if (UNMARSHALLING(ps)) {
-			(*gid) = PRS_ALLOC_MEM(ps,DOM_GID,*num_gids);
-		}
-
-		if ((*gid) == NULL) {
-			return False;
-		}
-
-		for (i = 0; i < (*num_gids); i++) {
-			if(!smb_io_gid("gids", &(*gid)[i], ps, depth))
-				return False;
-		}
-	}
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_query_usergroups(const char *desc, SAMR_R_QUERY_USERGROUPS * r_u,
-				prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_query_usergroups");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr_0       ", ps, depth, &r_u->ptr_0))
-		return False;
-
-	if (r_u->ptr_0 != 0) {
-		if(!prs_uint32("num_entries ", ps, depth, &r_u->num_entries))
-			return False;
-		if(!prs_uint32("ptr_1       ", ps, depth, &r_u->ptr_1))
-			return False;
-
-		if (r_u->num_entries != 0 && r_u->ptr_1 != 0) {
-			if(!samr_io_gids("gids", &r_u->num_entries2, &r_u->gid, ps, depth))
-				return False;
-		}
-	}
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-	  return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_ENUM_DOMAINS structure.
-********************************************************************/
-
-void init_samr_q_enum_domains(SAMR_Q_ENUM_DOMAINS * q_e,
-			      POLICY_HND *pol,
-			      uint32 start_idx, uint32 size)
-{
-	DEBUG(5, ("init_samr_q_enum_domains\n"));
-
-	q_e->pol = *pol;
-
-	q_e->start_idx = start_idx;
-	q_e->max_size = size;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_enum_domains(const char *desc, SAMR_Q_ENUM_DOMAINS * q_e,
-			    prs_struct *ps, int depth)
-{
-	if (q_e == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_enum_domains");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &q_e->pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("start_idx", ps, depth, &q_e->start_idx))
-		return False;
-	if(!prs_uint32("max_size ", ps, depth, &q_e->max_size))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_ENUM_DOMAINS structure.
-********************************************************************/
-
-void init_samr_r_enum_domains(SAMR_R_ENUM_DOMAINS * r_u,
-			      uint32 next_idx, uint32 num_sam_entries)
-{
-	DEBUG(5, ("init_samr_r_enum_domains\n"));
-
-	r_u->next_idx = next_idx;
-
-	if (num_sam_entries != 0) {
-		r_u->ptr_entries1 = 1;
-		r_u->ptr_entries2 = 1;
-		r_u->num_entries2 = num_sam_entries;
-		r_u->num_entries3 = num_sam_entries;
-
-		r_u->num_entries4 = num_sam_entries;
-	} else {
-		r_u->ptr_entries1 = 0;
-		r_u->num_entries2 = num_sam_entries;
-		r_u->ptr_entries2 = 1;
-	}
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_enum_domains(const char *desc, SAMR_R_ENUM_DOMAINS * r_u,
-			    prs_struct *ps, int depth)
-{
-	uint32 i;
-
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_enum_domains");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("next_idx    ", ps, depth, &r_u->next_idx))
-		return False;
-	if(!prs_uint32("ptr_entries1", ps, depth, &r_u->ptr_entries1))
-		return False;
-
-	if (r_u->ptr_entries1 != 0) {
-		if(!prs_uint32("num_entries2", ps, depth, &r_u->num_entries2))
-			return False;
-		if(!prs_uint32("ptr_entries2", ps, depth, &r_u->ptr_entries2))
-			return False;
-		if(!prs_uint32("num_entries3", ps, depth, &r_u->num_entries3))
-			return False;
-
-		if (UNMARSHALLING(ps) && r_u->num_entries2) {
-			r_u->sam = PRS_ALLOC_MEM(ps,SAM_ENTRY,r_u->num_entries2);
-			r_u->uni_dom_name = PRS_ALLOC_MEM(ps,UNISTR2,r_u->num_entries2);
-		}
-
-		if ((r_u->sam == NULL || r_u->uni_dom_name == NULL) && r_u->num_entries2 != 0) {
-			DEBUG(0, ("NULL pointers in SAMR_R_ENUM_DOMAINS\n"));
-			r_u->num_entries4 = 0;
-			r_u->status = NT_STATUS_MEMORY_NOT_ALLOCATED;
-			return False;
-		}
-
-		for (i = 0; i < r_u->num_entries2; i++)	{
-			fstring tmp;
-			slprintf(tmp, sizeof(tmp) - 1, "dom[%d]", i);
-			if(!sam_io_sam_entry(tmp, &r_u->sam[i], ps, depth))
-				return False;
-		}
-
-		for (i = 0; i < r_u->num_entries2; i++)	{
-			fstring tmp;
-			slprintf(tmp, sizeof(tmp) - 1, "dom[%d]", i);
-			if(!smb_io_unistr2(tmp, &r_u->uni_dom_name[i],
-				       r_u->sam[i].hdr_name.buffer, ps,
-				       depth))
-				return False;
-		}
-
-	}
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("num_entries4", ps, depth, &r_u->num_entries4))
-		return False;
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_ENUM_DOM_GROUPS structure.
-********************************************************************/
-
-void init_samr_q_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS * q_e,
-				 POLICY_HND *pol,
-				 uint32 start_idx, uint32 size)
-{
-	DEBUG(5, ("init_samr_q_enum_dom_groups\n"));
-
-	q_e->pol = *pol;
-
-	q_e->start_idx = start_idx;
-	q_e->max_size = size;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_enum_dom_groups(const char *desc, SAMR_Q_ENUM_DOM_GROUPS * q_e,
-			       prs_struct *ps, int depth)
-{
-	if (q_e == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_enum_dom_groups");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &(q_e->pol), ps, depth))
-		return False;
-
-	if(!prs_uint32("start_idx", ps, depth, &q_e->start_idx))
-		return False;
-	if(!prs_uint32("max_size ", ps, depth, &q_e->max_size))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_ENUM_DOM_GROUPS structure.
-********************************************************************/
-
-void init_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS * r_u,
-				 uint32 next_idx, uint32 num_sam_entries)
-{
-	DEBUG(5, ("init_samr_r_enum_dom_groups\n"));
-
-	r_u->next_idx = next_idx;
-
-	if (num_sam_entries != 0) {
-		r_u->ptr_entries1 = 1;
-		r_u->ptr_entries2 = 1;
-		r_u->num_entries2 = num_sam_entries;
-		r_u->num_entries3 = num_sam_entries;
-
-		r_u->num_entries4 = num_sam_entries;
-	} else {
-		r_u->ptr_entries1 = 0;
-		r_u->num_entries2 = num_sam_entries;
-		r_u->ptr_entries2 = 1;
-	}
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_enum_dom_groups(const char *desc, SAMR_R_ENUM_DOM_GROUPS * r_u,
-			       prs_struct *ps, int depth)
-{
-	uint32 i;
-
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_enum_dom_groups");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("next_idx    ", ps, depth, &r_u->next_idx))
-		return False;
-	if(!prs_uint32("ptr_entries1", ps, depth, &r_u->ptr_entries1))
-		return False;
-
-	if (r_u->ptr_entries1 != 0) {
-		if(!prs_uint32("num_entries2", ps, depth, &r_u->num_entries2))
-			return False;
-		if(!prs_uint32("ptr_entries2", ps, depth, &r_u->ptr_entries2))
-			return False;
-		if(!prs_uint32("num_entries3", ps, depth, &r_u->num_entries3))
-			return False;
-
-		if (UNMARSHALLING(ps) && r_u->num_entries2) {
-			r_u->sam = PRS_ALLOC_MEM(ps,SAM_ENTRY,r_u->num_entries2);
-			r_u->uni_grp_name = PRS_ALLOC_MEM(ps,UNISTR2,r_u->num_entries2);
-		}
-
-		if ((r_u->sam == NULL || r_u->uni_grp_name == NULL) && r_u->num_entries2 != 0) {
-			DEBUG(0,
-			      ("NULL pointers in SAMR_R_ENUM_DOM_GROUPS\n"));
-			r_u->num_entries4 = 0;
-			r_u->status = NT_STATUS_MEMORY_NOT_ALLOCATED;
-			return False;
-		}
-
-		for (i = 0; i < r_u->num_entries2; i++)	{
-			if(!sam_io_sam_entry("", &r_u->sam[i], ps, depth))
-				return False;
-		}
-
-		for (i = 0; i < r_u->num_entries2; i++)	{
-			if(!smb_io_unistr2("", &r_u->uni_grp_name[i],
-				       r_u->sam[i].hdr_name.buffer, ps, depth))
-				return False;
-		}
-	}
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("num_entries4", ps, depth, &r_u->num_entries4))
-		return False;
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_ENUM_DOM_ALIASES structure.
-********************************************************************/
-
-void init_samr_q_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES * q_e,
-				  POLICY_HND *pol, uint32 start_idx,
-				  uint32 size)
-{
-	DEBUG(5, ("init_samr_q_enum_dom_aliases\n"));
-
-	q_e->pol = *pol;
-
-	q_e->start_idx = start_idx;
-	q_e->max_size = size;
-}
-
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_enum_dom_aliases(const char *desc, SAMR_Q_ENUM_DOM_ALIASES * q_e,
-				prs_struct *ps, int depth)
-{
-	if (q_e == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_enum_dom_aliases");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &q_e->pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("start_idx", ps, depth, &q_e->start_idx))
-		return False;
-	if(!prs_uint32("max_size ", ps, depth, &q_e->max_size))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_ENUM_DOM_ALIASES structure.
-********************************************************************/
-
-void init_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u, uint32 next_idx, uint32 num_sam_entries)
-{
-	DEBUG(5, ("init_samr_r_enum_dom_aliases\n"));
-
-	r_u->next_idx = next_idx;
-
-	if (num_sam_entries != 0) {
-		r_u->ptr_entries1 = 1;
-		r_u->ptr_entries2 = 1;
-		r_u->num_entries2 = num_sam_entries;
-		r_u->num_entries3 = num_sam_entries;
-
-		r_u->num_entries4 = num_sam_entries;
-	} else {
-		r_u->ptr_entries1 = 0;
-		r_u->num_entries2 = num_sam_entries;
-		r_u->ptr_entries2 = 1;
-	}
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_enum_dom_aliases(const char *desc, SAMR_R_ENUM_DOM_ALIASES * r_u,
-				prs_struct *ps, int depth)
-{
-	uint32 i;
-
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_enum_dom_aliases");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("next_idx    ", ps, depth, &r_u->next_idx))
-		return False;
-	if(!prs_uint32("ptr_entries1", ps, depth, &r_u->ptr_entries1))
-		return False;
-
-	if (r_u->ptr_entries1 != 0) {
-		if(!prs_uint32("num_entries2", ps, depth, &r_u->num_entries2))
-			return False;
-		if(!prs_uint32("ptr_entries2", ps, depth, &r_u->ptr_entries2))
-			return False;
-		if(!prs_uint32("num_entries3", ps, depth, &r_u->num_entries3))
-			return False;
-
-		if (UNMARSHALLING(ps) && (r_u->num_entries2 > 0)) {
-			r_u->sam = PRS_ALLOC_MEM(ps,SAM_ENTRY,r_u->num_entries2);
-			r_u->uni_grp_name = PRS_ALLOC_MEM(ps,UNISTR2,r_u->num_entries2);
-		}
-
-		if (r_u->num_entries2 != 0 && 
-		    (r_u->sam == NULL || r_u->uni_grp_name == NULL)) {
-			DEBUG(0,("NULL pointers in SAMR_R_ENUM_DOM_ALIASES\n"));
-			r_u->num_entries4 = 0;
-			r_u->status = NT_STATUS_MEMORY_NOT_ALLOCATED;
-			return False;
-		}
-
-		for (i = 0; i < r_u->num_entries2; i++) {
-			if(!sam_io_sam_entry("", &r_u->sam[i], ps, depth))
-				return False;
-		}
-
-		for (i = 0; i < r_u->num_entries2; i++) {
-			if(!smb_io_unistr2("", &r_u->uni_grp_name[i],
-				       r_u->sam[i].hdr_name.buffer, ps,
-				       depth))
-				return False;
-		}
-	}
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("num_entries4", ps, depth, &r_u->num_entries4))
-		return False;
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a ALIAS_INFO1 structure.
-********************************************************************/
-
-void init_samr_alias_info1(ALIAS_INFO1 * al1, char *acct_name, uint32 num_member, char *acct_desc)
-{
-	DEBUG(5, ("init_samr_alias_info1\n"));
-
-	init_unistr4(&al1->name, acct_name, UNI_FLAGS_NONE);
-	al1->num_member = num_member;
-	init_unistr4(&al1->description, acct_desc, UNI_FLAGS_NONE);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_alias_info1(const char *desc, ALIAS_INFO1 * al1,
-			 prs_struct *ps, int depth)
-{
-	if (al1 == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_alias_info1");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if ( !prs_unistr4_hdr("name", ps, depth, &al1->name) )
-		return False;
-	if ( !prs_uint32("num_member", ps, depth, &al1->num_member) )
-		return False;
-	if ( !prs_unistr4_hdr("description", ps, depth, &al1->description) )
-		return False;
-
-	if ( !prs_unistr4_str("name", ps, depth, &al1->name) )
-		return False;
-	if ( !prs_align(ps) )
-		return False;
-	if ( !prs_unistr4_str("description", ps, depth, &al1->description) )
-		return False;
-	if ( !prs_align(ps) )
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a ALIAS_INFO3 structure.
-********************************************************************/
-
-void init_samr_alias_info3(ALIAS_INFO3 * al3, const char *acct_desc)
-{
-	DEBUG(5, ("init_samr_alias_info3\n"));
-
-	init_unistr4(&al3->description, acct_desc, UNI_FLAGS_NONE);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_alias_info3(const char *desc, ALIAS_INFO3 *al3,
-			 prs_struct *ps, int depth)
-{
-	if (al3 == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_alias_info3");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if (!prs_unistr4("description", ps, depth, &al3->description))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_alias_info2(const char *desc, ALIAS_INFO2 *al2,
-			 prs_struct *ps, int depth)
-{
-	if (al2 == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_alias_info2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if (!prs_unistr4("name", ps, depth, &al2->name))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_alias_info_ctr(const char *desc, prs_struct *ps, int depth, ALIAS_INFO_CTR * ctr)
-{
-	if ( !ctr )
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_alias_info_ctr");
-	depth++;
-
-	if ( !prs_uint16("level", ps, depth, &ctr->level) )
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-	switch (ctr->level) {
-	case 1: 
-		if(!samr_io_alias_info1("alias_info1", &ctr->alias.info1, ps, depth))
-			return False;
-		break;
-	case 2: 
-		if(!samr_io_alias_info2("alias_info2", &ctr->alias.info2, ps, depth))
-			return False;
-		break;
-	case 3: 
-		if(!samr_io_alias_info3("alias_info3", &ctr->alias.info3, ps, depth))
-			return False;
-		break;
-	default:
-		DEBUG(0,("samr_alias_info_ctr: unsupported switch level\n"));
-		break;
-	}
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_QUERY_ALIASINFO structure.
-********************************************************************/
-
-void init_samr_q_query_aliasinfo(SAMR_Q_QUERY_ALIASINFO * q_e,
-				 POLICY_HND *pol, uint32 switch_level)
-{
-	DEBUG(5, ("init_samr_q_query_aliasinfo\n"));
-
-	q_e->pol = *pol;
-	q_e->level = switch_level;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_query_aliasinfo(const char *desc, SAMR_Q_QUERY_ALIASINFO *in,
-			       prs_struct *ps, int depth)
-{
-	if ( !in )
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_query_aliasinfo");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if ( !smb_io_pol_hnd("pol", &(in->pol), ps, depth) )
-		return False;
-
-	if ( !prs_uint16("level", ps, depth, &in->level) )
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_QUERY_ALIASINFO structure.
-********************************************************************/
-
-void init_samr_r_query_aliasinfo(SAMR_R_QUERY_ALIASINFO *out,
-				 ALIAS_INFO_CTR * ctr, NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_query_aliasinfo\n"));
-
-	out->ctr = ctr;
-	out->status = status;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_query_aliasinfo(const char *desc, SAMR_R_QUERY_ALIASINFO *out,
-			       prs_struct *ps, int depth)
-{
-	if ( !out )
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_query_aliasinfo");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if ( !prs_pointer("alias", ps, depth, (void*)&out->ctr, sizeof(ALIAS_INFO_CTR), (PRS_POINTER_CAST)samr_alias_info_ctr))
-		return False;
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &out->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_SET_ALIASINFO structure.
-********************************************************************/
-
-void init_samr_q_set_aliasinfo(SAMR_Q_SET_ALIASINFO * q_u,
-			       POLICY_HND *hnd, ALIAS_INFO_CTR * ctr)
-{
-	DEBUG(5, ("init_samr_q_set_aliasinfo\n"));
-
-	q_u->alias_pol = *hnd;
-	q_u->ctr = *ctr;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_set_aliasinfo(const char *desc, SAMR_Q_SET_ALIASINFO * q_u,
-			     prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_set_aliasinfo");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("alias_pol", &q_u->alias_pol, ps, depth))
-		return False;
-	if(!samr_alias_info_ctr("ctr", ps, depth, &q_u->ctr))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_set_aliasinfo(const char *desc, SAMR_R_SET_ALIASINFO * r_u,
-			     prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_set_aliasinfo");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_QUERY_USERALIASES structure.
-********************************************************************/
-
-void init_samr_q_query_useraliases(SAMR_Q_QUERY_USERALIASES * q_u,
-				   POLICY_HND *hnd,
-				   uint32 num_sids,
-				   uint32 *ptr_sid, DOM_SID2 * sid)
-{
-	DEBUG(5, ("init_samr_q_query_useraliases\n"));
-
-	q_u->pol = *hnd;
-
-	q_u->num_sids1 = num_sids;
-	q_u->ptr = 1;
-	q_u->num_sids2 = num_sids;
-
-	q_u->ptr_sid = ptr_sid;
-	q_u->sid = sid;
-}
-
-/*******************************************************************
-reads or writes a SAMR_Q_QUERY_USERALIASES structure.
-********************************************************************/
-
-bool samr_io_q_query_useraliases(const char *desc, SAMR_Q_QUERY_USERALIASES * q_u,
-				 prs_struct *ps, int depth)
-{
-	fstring tmp;
-	uint32 i;
-
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_query_useraliases");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &q_u->pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("num_sids1", ps, depth, &q_u->num_sids1))
-		return False;
-	if(!prs_uint32("ptr      ", ps, depth, &q_u->ptr))
-		return False;
-
-	if (q_u->ptr==0)
-		return True;
-
-	if(!prs_uint32("num_sids2", ps, depth, &q_u->num_sids2))
-		return False;
-
-	if (UNMARSHALLING(ps) && (q_u->num_sids2 != 0)) {
-		q_u->ptr_sid = PRS_ALLOC_MEM(ps,uint32,q_u->num_sids2);
-		if (q_u->ptr_sid == NULL)
-			return False;
-
-		q_u->sid = PRS_ALLOC_MEM(ps, DOM_SID2, q_u->num_sids2);
-		if (q_u->sid == NULL)
-			return False;
-	}
-
-	for (i = 0; i < q_u->num_sids2; i++) {
-		slprintf(tmp, sizeof(tmp) - 1, "ptr[%02d]", i);
-		if(!prs_uint32(tmp, ps, depth, &q_u->ptr_sid[i]))
-			return False;
-	}
-
-	for (i = 0; i < q_u->num_sids2; i++) {
-		if (q_u->ptr_sid[i] != 0) {
-			slprintf(tmp, sizeof(tmp) - 1, "sid[%02d]", i);
-			if(!smb_io_dom_sid2(tmp, &q_u->sid[i], ps, depth))
-				return False;
-		}
-	}
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_QUERY_USERALIASES structure.
-********************************************************************/
-
-void init_samr_r_query_useraliases(SAMR_R_QUERY_USERALIASES * r_u,
-				   uint32 num_rids, uint32 *rid,
-				   NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_query_useraliases\n"));
-
-	if (NT_STATUS_IS_OK(status)) {
-		r_u->num_entries = num_rids;
-		r_u->ptr = 1;
-		r_u->num_entries2 = num_rids;
-
-		r_u->rid = rid;
-	} else {
-		r_u->num_entries = 0;
-		r_u->ptr = 0;
-		r_u->num_entries2 = 0;
-	}
-
-	r_u->status = status;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_rids(const char *desc, uint32 *num_rids, uint32 **rid,
-		  prs_struct *ps, int depth)
-{
-	fstring tmp;
-	uint32 i;
-	if (rid == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_rids");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("num_rids", ps, depth, num_rids))
-		return False;
-
-	if ((*num_rids) != 0) {
-		if (UNMARSHALLING(ps)) {
-			/* reading */
-			(*rid) = PRS_ALLOC_MEM(ps,uint32, *num_rids);
-		}
-		if ((*rid) == NULL)
-			return False;
-
-		for (i = 0; i < (*num_rids); i++) {
-			slprintf(tmp, sizeof(tmp) - 1, "rid[%02d]", i);
-			if(!prs_uint32(tmp, ps, depth, &((*rid)[i])))
-				return False;
-		}
-	}
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_query_useraliases(const char *desc, SAMR_R_QUERY_USERALIASES * r_u,
-				 prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_query_useraliases");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("num_entries", ps, depth, &r_u->num_entries))
-		return False;
-	if(!prs_uint32("ptr        ", ps, depth, &r_u->ptr))
-		return False;
-
-	if (r_u->ptr != 0) {
-		if(!samr_io_rids("rids", &r_u->num_entries2, &r_u->rid, ps, depth))
-			return False;
-	}
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_OPEN_ALIAS structure.
-********************************************************************/
-
-void init_samr_q_open_alias(SAMR_Q_OPEN_ALIAS * q_u, POLICY_HND *pol,
-			    uint32 access_mask, uint32 rid)
-{
-	DEBUG(5, ("init_samr_q_open_alias\n"));
-
-	q_u->dom_pol = *pol;
-	q_u->access_mask = access_mask;
-	q_u->rid_alias = rid;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_open_alias(const char *desc, SAMR_Q_OPEN_ALIAS * q_u,
-			  prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_open_alias");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("domain_pol", &q_u->dom_pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
-		return False;
-	if(!prs_uint32("rid_alias", ps, depth, &q_u->rid_alias))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_open_alias(const char *desc, SAMR_R_OPEN_ALIAS * r_u,
-			  prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_open_alias");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &r_u->pol, ps, depth))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_LOOKUP_RIDS structure.
-********************************************************************/
-
-void init_samr_q_lookup_rids(TALLOC_CTX *ctx, SAMR_Q_LOOKUP_RIDS * q_u,
-			     POLICY_HND *pol, uint32 flags,
-			     uint32 num_rids, uint32 *rid)
-{
-	DEBUG(5, ("init_samr_q_lookup_rids\n"));
-
-	q_u->pol = *pol;
-
-	q_u->num_rids1 = num_rids;
-	q_u->flags = flags;
-	q_u->ptr = 0;
-	q_u->num_rids2 = num_rids;
-	if (num_rids) {
-		q_u->rid = TALLOC_ZERO_ARRAY(ctx, uint32, num_rids );
-	} else {
-		q_u->rid = NULL;
-	}
-	if (q_u->rid == NULL) {
-		q_u->num_rids1 = 0;
-		q_u->num_rids2 = 0;
-	} else {
-		memcpy(q_u->rid, rid, num_rids * sizeof(q_u->rid[0]));
-	}
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_lookup_rids(const char *desc, SAMR_Q_LOOKUP_RIDS * q_u,
-			   prs_struct *ps, int depth)
-{
-	uint32 i;
-	fstring tmp;
-
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_lookup_rids");
-	depth++;
-
-	if (UNMARSHALLING(ps))
-		ZERO_STRUCTP(q_u);
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &q_u->pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("num_rids1", ps, depth, &q_u->num_rids1))
-		return False;
-	if(!prs_uint32("flags    ", ps, depth, &q_u->flags))
-		return False;
-	if(!prs_uint32("ptr      ", ps, depth, &q_u->ptr))
-		return False;
-	if(!prs_uint32("num_rids2", ps, depth, &q_u->num_rids2))
-		return False;
-
-	if (UNMARSHALLING(ps) && (q_u->num_rids2 != 0)) {
-		q_u->rid = PRS_ALLOC_MEM(ps, uint32, q_u->num_rids2);
-		if (q_u->rid == NULL)
-			return False;
-	}
-
-	for (i = 0; i < q_u->num_rids2; i++) {
-		slprintf(tmp, sizeof(tmp) - 1, "rid[%02d]  ", i);
-		if(!prs_uint32(tmp, ps, depth, &q_u->rid[i]))
-			return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_LOOKUP_RIDS structure.
-********************************************************************/
-
-void init_samr_r_lookup_rids(SAMR_R_LOOKUP_RIDS * r_u,
-			     uint32 num_names, UNIHDR * hdr_name,
-			     UNISTR2 *uni_name, uint32 *type)
-{
-	DEBUG(5, ("init_samr_r_lookup_rids\n"));
-
-	r_u->hdr_name = NULL;
-	r_u->uni_name = NULL;
-	r_u->type = NULL;
-
-	if (num_names != 0) {
-		r_u->num_names1 = num_names;
-		r_u->ptr_names = 1;
-		r_u->num_names2 = num_names;
-
-		r_u->num_types1 = num_names;
-		r_u->ptr_types = 1;
-		r_u->num_types2 = num_names;
-
-		r_u->hdr_name = hdr_name;
-		r_u->uni_name = uni_name;
-		r_u->type = type;
-	} else {
-		r_u->num_names1 = num_names;
-		r_u->ptr_names = 0;
-		r_u->num_names2 = num_names;
-
-		r_u->num_types1 = num_names;
-		r_u->ptr_types = 0;
-		r_u->num_types2 = num_names;
-	}
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_lookup_rids(const char *desc, SAMR_R_LOOKUP_RIDS * r_u,
-			   prs_struct *ps, int depth)
-{
-	uint32 i;
-	fstring tmp;
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_lookup_rids");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("num_names1", ps, depth, &r_u->num_names1))
-		return False;
-	if(!prs_uint32("ptr_names ", ps, depth, &r_u->ptr_names))
-		return False;
-
-	if (r_u->ptr_names != 0) {
-
-		if(!prs_uint32("num_names2", ps, depth, &r_u->num_names2))
-			return False;
-
-
-		if (UNMARSHALLING(ps) && (r_u->num_names2 != 0)) {
-			r_u->hdr_name = PRS_ALLOC_MEM(ps, UNIHDR, r_u->num_names2);
-			if (r_u->hdr_name == NULL)
-				return False;
-
-			r_u->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, r_u->num_names2);
-			if (r_u->uni_name == NULL)
-				return False;
-		}
-		
-		for (i = 0; i < r_u->num_names2; i++) {
-			slprintf(tmp, sizeof(tmp) - 1, "hdr[%02d]  ", i);
-			if(!smb_io_unihdr("", &r_u->hdr_name[i], ps, depth))
-				return False;
-		}
-		for (i = 0; i < r_u->num_names2; i++) {
-			slprintf(tmp, sizeof(tmp) - 1, "str[%02d]  ", i);
-			if(!smb_io_unistr2("", &r_u->uni_name[i], r_u->hdr_name[i].buffer, ps, depth))
-				return False;
-		}
-
-	}
-	
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("num_types1", ps, depth, &r_u->num_types1))
-		return False;
-	if(!prs_uint32("ptr_types ", ps, depth, &r_u->ptr_types))
-		return False;
-
-	if (r_u->ptr_types != 0) {
-
-		if(!prs_uint32("num_types2", ps, depth, &r_u->num_types2))
-			return False;
-
-		if (UNMARSHALLING(ps) && (r_u->num_types2 != 0)) {
-			r_u->type = PRS_ALLOC_MEM(ps, uint32, r_u->num_types2);
-			if (r_u->type == NULL)
-				return False;
-		}
-
-		for (i = 0; i < r_u->num_types2; i++) {
-			slprintf(tmp, sizeof(tmp) - 1, "type[%02d]  ", i);
-			if(!prs_uint32(tmp, ps, depth, &r_u->type[i]))
-				return False;
-		}
-	}
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_OPEN_ALIAS structure.
-********************************************************************/
-
-void init_samr_q_delete_alias(SAMR_Q_DELETE_DOM_ALIAS * q_u, POLICY_HND *hnd)
-{
-	DEBUG(5, ("init_samr_q_delete_alias\n"));
-
-	q_u->alias_pol = *hnd;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_delete_alias(const char *desc, SAMR_Q_DELETE_DOM_ALIAS * q_u,
-			    prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_delete_alias");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("alias_pol", &q_u->alias_pol, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_delete_alias(const char *desc, SAMR_R_DELETE_DOM_ALIAS * r_u,
-			    prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_delete_alias");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &r_u->pol, ps, depth))
-		return False;
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_CREATE_DOM_ALIAS structure.
-********************************************************************/
-
-void init_samr_q_create_dom_alias(SAMR_Q_CREATE_DOM_ALIAS * q_u,
-				  POLICY_HND *hnd, const char *acct_desc)
-{
-	DEBUG(5, ("init_samr_q_create_dom_alias\n"));
-
-	q_u->dom_pol = *hnd;
-
-	init_unistr2(&q_u->uni_acct_desc, acct_desc, UNI_FLAGS_NONE);
-	init_uni_hdr(&q_u->hdr_acct_desc, &q_u->uni_acct_desc);
-
-	q_u->access_mask = MAXIMUM_ALLOWED_ACCESS;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_create_dom_alias(const char *desc, SAMR_Q_CREATE_DOM_ALIAS * q_u,
-				prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_create_dom_alias");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("dom_pol", &q_u->dom_pol, ps, depth))
-		return False;
-
-	if(!smb_io_unihdr("hdr_acct_desc", &q_u->hdr_acct_desc, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_acct_desc", &q_u->uni_acct_desc,
-		       q_u->hdr_acct_desc.buffer, ps, depth))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_create_dom_alias(const char *desc, SAMR_R_CREATE_DOM_ALIAS * r_u,
-				prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_create_dom_alias");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("alias_pol", &r_u->alias_pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("rid", ps, depth, &r_u->rid))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_ADD_ALIASMEM structure.
-********************************************************************/
-
-void init_samr_q_add_aliasmem(SAMR_Q_ADD_ALIASMEM * q_u, POLICY_HND *hnd,
-			      DOM_SID *sid)
-{
-	DEBUG(5, ("init_samr_q_add_aliasmem\n"));
-
-	q_u->alias_pol = *hnd;
-	init_dom_sid2(&q_u->sid, sid);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_add_aliasmem(const char *desc, SAMR_Q_ADD_ALIASMEM * q_u,
-			    prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_add_aliasmem");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("alias_pol", &q_u->alias_pol, ps, depth))
-		return False;
-	if(!smb_io_dom_sid2("sid      ", &q_u->sid, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_add_aliasmem(const char *desc, SAMR_R_ADD_ALIASMEM * r_u,
-			    prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_add_aliasmem");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_DEL_ALIASMEM structure.
-********************************************************************/
-
-void init_samr_q_del_aliasmem(SAMR_Q_DEL_ALIASMEM * q_u, POLICY_HND *hnd,
-			      DOM_SID *sid)
-{
-	DEBUG(5, ("init_samr_q_del_aliasmem\n"));
-
-	q_u->alias_pol = *hnd;
-	init_dom_sid2(&q_u->sid, sid);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_del_aliasmem(const char *desc, SAMR_Q_DEL_ALIASMEM * q_u,
-			    prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_del_aliasmem");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("alias_pol", &q_u->alias_pol, ps, depth))
-		return False;
-	if(!smb_io_dom_sid2("sid      ", &q_u->sid, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_del_aliasmem(const char *desc, SAMR_R_DEL_ALIASMEM * r_u,
-			    prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_del_aliasmem");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_DELETE_DOM_ALIAS structure.
-********************************************************************/
-
-void init_samr_q_delete_dom_alias(SAMR_Q_DELETE_DOM_ALIAS * q_c,
-				  POLICY_HND *hnd)
-{
-	DEBUG(5, ("init_samr_q_delete_dom_alias\n"));
-
-	q_c->alias_pol = *hnd;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_delete_dom_alias(const char *desc, SAMR_Q_DELETE_DOM_ALIAS * q_u,
-				prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_delete_dom_alias");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("alias_pol", &q_u->alias_pol, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_DELETE_DOM_ALIAS structure.
-********************************************************************/
-
-void init_samr_r_delete_dom_alias(SAMR_R_DELETE_DOM_ALIAS * r_u,
-				  NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_delete_dom_alias\n"));
-
-	r_u->status = status;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_delete_dom_alias(const char *desc, SAMR_R_DELETE_DOM_ALIAS * r_u,
-				prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_delete_dom_alias");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &r_u->pol, ps, depth))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_QUERY_ALIASMEM structure.
-********************************************************************/
-
-void init_samr_q_query_aliasmem(SAMR_Q_QUERY_ALIASMEM * q_c,
-				POLICY_HND *hnd)
-{
-	DEBUG(5, ("init_samr_q_query_aliasmem\n"));
-
-	q_c->alias_pol = *hnd;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_query_aliasmem(const char *desc, SAMR_Q_QUERY_ALIASMEM * q_u,
-			      prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_query_aliasmem");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("alias_pol", &q_u->alias_pol, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_QUERY_ALIASMEM structure.
-********************************************************************/
-
-void init_samr_r_query_aliasmem(SAMR_R_QUERY_ALIASMEM * r_u,
-				uint32 num_sids, DOM_SID2 * sid,
-				NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_query_aliasmem\n"));
-
-	if (NT_STATUS_IS_OK(status)) {
-		r_u->num_sids = num_sids;
-		r_u->ptr = (num_sids != 0) ? 1 : 0;
-		r_u->num_sids1 = num_sids;
-
-		r_u->sid = sid;
-	} else {
-		r_u->ptr = 0;
-		r_u->num_sids = 0;
-	}
-
-	r_u->status = status;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_query_aliasmem(const char *desc, SAMR_R_QUERY_ALIASMEM * r_u,
-			      prs_struct *ps, int depth)
-{
-	uint32 i;
-
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_query_aliasmem");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("num_sids ", ps, depth, &r_u->num_sids))
-		return False;
-	if(!prs_uint32("ptr", ps, depth, &r_u->ptr))
-		return False;
-
-	if (r_u->ptr != 0 && r_u->num_sids != 0) {
-		uint32 *ptr_sid = NULL;
-
-		if(!prs_uint32("num_sids1", ps, depth, &r_u->num_sids1))
-			return False;
-
-		/* We must always use talloc here even when marshalling. */
-		if (r_u->num_sids1) {
-			ptr_sid = TALLOC_ARRAY(ps->mem_ctx, uint32, r_u->num_sids1);
-			if (!ptr_sid) {
-				return False;
-			}
-		} else {
-			ptr_sid = NULL;
-		}
-		
-		for (i = 0; i < r_u->num_sids1; i++) {
-			ptr_sid[i] = 1;
-			if(!prs_uint32("ptr_sid", ps, depth, &ptr_sid[i]))
-				return False;
-		}
-		
-		if (UNMARSHALLING(ps)) {
-			if (r_u->num_sids1) {
-				r_u->sid = TALLOC_ARRAY(ps->mem_ctx, DOM_SID2, r_u->num_sids1);
-				if (!r_u->sid) {
-					return False;
-				}
-			} else {
-				r_u->sid = NULL;
-			}
-		}
-		
-		for (i = 0; i < r_u->num_sids1; i++) {
-			if (ptr_sid[i] != 0) {
-				if(!smb_io_dom_sid2("sid", &r_u->sid[i], ps, depth))
-					return False;
-			}
-		}
-	}
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_LOOKUP_NAMES structure.
-********************************************************************/
-
-NTSTATUS init_samr_q_lookup_names(TALLOC_CTX *ctx, SAMR_Q_LOOKUP_NAMES * q_u,
-			      POLICY_HND *pol, uint32 flags,
-			      uint32 num_names, const char **name)
-{
-	uint32 i;
-
-	DEBUG(5, ("init_samr_q_lookup_names\n"));
-
-	q_u->pol = *pol;
-
-	q_u->num_names1 = num_names;
-	q_u->flags = flags;
-	q_u->ptr = 0;
-	q_u->num_names2 = num_names;
-
-	if (num_names) {
-		if (!(q_u->hdr_name = TALLOC_ZERO_ARRAY(ctx, UNIHDR, num_names)))
-			return NT_STATUS_NO_MEMORY;
-
-		if (!(q_u->uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_names)))
-			return NT_STATUS_NO_MEMORY;
-	} else {
-		q_u->hdr_name = NULL;
-		q_u->uni_name = NULL;
-	}
-
-	for (i = 0; i < num_names; i++) {
-		init_unistr2(&q_u->uni_name[i], name[i], UNI_FLAGS_NONE);	/* unicode string for machine account */
-		init_uni_hdr(&q_u->hdr_name[i], &q_u->uni_name[i]);	/* unicode header for user_name */
-	}
-
-	return NT_STATUS_OK;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_lookup_names(const char *desc, SAMR_Q_LOOKUP_NAMES * q_u,
-			    prs_struct *ps, int depth)
-{
-	uint32 i;
-
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_lookup_names");
-	depth++;
-
-	if (UNMARSHALLING(ps))
-		ZERO_STRUCTP(q_u);
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &q_u->pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("num_names1", ps, depth, &q_u->num_names1))
-		return False;
-	if(!prs_uint32("flags     ", ps, depth, &q_u->flags))
-		return False;
-	if(!prs_uint32("ptr       ", ps, depth, &q_u->ptr))
-		return False;
-	if(!prs_uint32("num_names2", ps, depth, &q_u->num_names2))
-		return False;
-
-	if (UNMARSHALLING(ps) && (q_u->num_names2 != 0)) {
-		q_u->hdr_name = PRS_ALLOC_MEM(ps, UNIHDR, q_u->num_names2);
-		q_u->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, q_u->num_names2);
-		if (!q_u->hdr_name || !q_u->uni_name)
-			return False;
-	}
-
-	for (i = 0; i < q_u->num_names2; i++) {
-		if(!smb_io_unihdr("", &q_u->hdr_name[i], ps, depth))
-			return False;
-	}
-
-	for (i = 0; i < q_u->num_names2; i++) {
-		if(!smb_io_unistr2("", &q_u->uni_name[i], q_u->hdr_name[i].buffer, ps, depth))
-			return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_LOOKUP_NAMES structure.
-********************************************************************/
-
-NTSTATUS init_samr_r_lookup_names(TALLOC_CTX *ctx, SAMR_R_LOOKUP_NAMES * r_u,
-			      uint32 num_rids,
-			      uint32 *rid, enum lsa_SidType *type,
-			      NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_lookup_names\n"));
-
-	if (NT_STATUS_IS_OK(status) && (num_rids != 0))	{
-		uint32 i;
-
-		r_u->num_types1 = num_rids;
-		r_u->ptr_types = 1;
-		r_u->num_types2 = num_rids;
-
-		r_u->num_rids1 = num_rids;
-		r_u->ptr_rids = 1;
-		r_u->num_rids2 = num_rids;
-
-		if (!(r_u->rids = TALLOC_ZERO_ARRAY(ctx, uint32, num_rids)))
-			return NT_STATUS_NO_MEMORY;
-		if (!(r_u->types = TALLOC_ZERO_ARRAY(ctx, uint32, num_rids)))
-			return NT_STATUS_NO_MEMORY;
-
-		for (i = 0; i < num_rids; i++) {
-			r_u->rids[i] = rid[i];
-			r_u->types[i] = type[i];
-		}
-	} else {
-
-		r_u->num_types1 = 0;
-		r_u->ptr_types = 0;
-		r_u->num_types2 = 0;
-
-		r_u->num_rids1 = 0;
-		r_u->ptr_rids = 0;
-		r_u->num_rids2 = 0;
-
-		r_u->rids = NULL;
-		r_u->types = NULL;
-	}
-
-	r_u->status = status;
-
-	return NT_STATUS_OK;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_lookup_names(const char *desc, SAMR_R_LOOKUP_NAMES * r_u,
-			    prs_struct *ps, int depth)
-{
-	uint32 i;
-	fstring tmp;
-
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_lookup_names");
-	depth++;
-
-	if (UNMARSHALLING(ps))
-		ZERO_STRUCTP(r_u);
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("num_rids1", ps, depth, &r_u->num_rids1))
-		return False;
-	if(!prs_uint32("ptr_rids ", ps, depth, &r_u->ptr_rids))
-		return False;
-
-	if (r_u->ptr_rids != 0)	{
-		if(!prs_uint32("num_rids2", ps, depth, &r_u->num_rids2))
-			return False;
-
-		if (r_u->num_rids2 != r_u->num_rids1) {
-			/* RPC fault */
-			return False;
-		}
-
-		if (UNMARSHALLING(ps) && r_u->num_rids2) {
-			r_u->rids = PRS_ALLOC_MEM(ps, uint32, r_u->num_rids2);
-
-			if (!r_u->rids) {
-				DEBUG(0, ("NULL rids in samr_io_r_lookup_names\n"));
-				return False;
-			}
-		}
-
-		for (i = 0; i < r_u->num_rids2; i++) {
-			slprintf(tmp, sizeof(tmp) - 1, "rid[%02d]  ", i);
-			if(!prs_uint32(tmp, ps, depth, &r_u->rids[i]))
-				return False;
-		}
-	}
-
-	if(!prs_uint32("num_types1", ps, depth, &r_u->num_types1))
-		return False;
-	if(!prs_uint32("ptr_types ", ps, depth, &r_u->ptr_types))
-		return False;
-
-	if (r_u->ptr_types != 0) {
-		if(!prs_uint32("num_types2", ps, depth, &r_u->num_types2))
-			return False;
-
-		if (r_u->num_types2 != r_u->num_types1) {
-			/* RPC fault */
-			return False;
-		}
-
-		if (UNMARSHALLING(ps) && r_u->num_types2) {
-			r_u->types = PRS_ALLOC_MEM(ps, uint32, r_u->num_types2);
-
-			if (!r_u->types) {
-				DEBUG(0, ("NULL types in samr_io_r_lookup_names\n"));
-				return False;
-			}
-		}
-
-		for (i = 0; i < r_u->num_types2; i++) {
-			slprintf(tmp, sizeof(tmp) - 1, "type[%02d]  ", i);
-			if(!prs_uint32(tmp, ps, depth, &r_u->types[i]))
-				return False;
-		}
-	}
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_DELETE_DOM_USER structure.
-********************************************************************/
-
-void init_samr_q_delete_dom_user(SAMR_Q_DELETE_DOM_USER * q_c,
-				 POLICY_HND *hnd)
-{
-	DEBUG(5, ("init_samr_q_delete_dom_user\n"));
-
-	q_c->user_pol = *hnd;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_delete_dom_user(const char *desc, SAMR_Q_DELETE_DOM_USER * q_u,
-			       prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_delete_dom_user");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("user_pol", &q_u->user_pol, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_delete_dom_user(const char *desc, SAMR_R_DELETE_DOM_USER * r_u,
-			       prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_delete_dom_user");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &r_u->pol, ps, depth))
-		return False;
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-void init_samr_q_open_user(SAMR_Q_OPEN_USER * q_u,
-			   POLICY_HND *pol,
-			   uint32 access_mask, uint32 rid)
-{
-	DEBUG(5, ("samr_init_samr_q_open_user\n"));
-
-	q_u->domain_pol = *pol;
-	q_u->access_mask = access_mask;
-	q_u->user_rid = rid;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_open_user(const char *desc, SAMR_Q_OPEN_USER * q_u,
-			 prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_open_user");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("domain_pol", &q_u->domain_pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
-		return False;
-	if(!prs_uint32("user_rid ", ps, depth, &q_u->user_rid))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_open_user(const char *desc, SAMR_R_OPEN_USER * r_u,
-			 prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_open_user");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("user_pol", &r_u->user_pol, ps, depth))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-void init_samr_q_create_user(SAMR_Q_CREATE_USER * q_u,
-			     POLICY_HND *pol,
-			     const char *name,
-			     uint32 acb_info, uint32 access_mask)
-{
-	DEBUG(5, ("samr_init_samr_q_create_user\n"));
-
-	q_u->domain_pol = *pol;
-
-	init_unistr2(&q_u->uni_name, name, UNI_FLAGS_NONE);
-	init_uni_hdr(&q_u->hdr_name, &q_u->uni_name);
-
-	q_u->acb_info = acb_info;
-	q_u->access_mask = access_mask;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_create_user(const char *desc, SAMR_Q_CREATE_USER * q_u,
-			   prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_create_user");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("domain_pol", &q_u->domain_pol, ps, depth))
-		return False;
-
-	if(!smb_io_unihdr("hdr_name", &q_u->hdr_name, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_name", &q_u->uni_name, q_u->hdr_name.buffer, ps, depth))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("acb_info   ", ps, depth, &q_u->acb_info))
-		return False;
-	if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_create_user(const char *desc, SAMR_R_CREATE_USER * r_u,
-			   prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_create_user");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("user_pol", &r_u->user_pol, ps, depth))
-		return False;
-
-	if(!prs_uint32("access_granted", ps, depth, &r_u->access_granted))
-		return False;
-	if(!prs_uint32("user_rid ", ps, depth, &r_u->user_rid))
-		return False;
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_QUERY_USERINFO structure.
-********************************************************************/
-
-void init_samr_q_query_userinfo(SAMR_Q_QUERY_USERINFO * q_u,
-				const POLICY_HND *hnd, uint16 switch_value)
-{
-	DEBUG(5, ("init_samr_q_query_userinfo\n"));
-
-	q_u->pol = *hnd;
-	q_u->switch_value = switch_value;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_query_userinfo(const char *desc, SAMR_Q_QUERY_USERINFO * q_u,
-			      prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_query_userinfo");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &q_u->pol, ps, depth))
-		return False;
-
-	if(!prs_uint16("switch_value", ps, depth, &q_u->switch_value)) /* 0x0015 or 0x0011 */
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a LOGON_HRS structure.
-********************************************************************/
-
-static bool sam_io_logon_hrs(const char *desc, LOGON_HRS * hrs,
-			     prs_struct *ps, int depth)
-{
-	if (hrs == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_logon_hrs");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("maxlen", ps, depth, &hrs->max_len))
-		return False;
-
-	if(!prs_uint32("offset", ps, depth, &hrs->offset))
-		return False;
-
-	if(!prs_uint32("len  ", ps, depth, &hrs->len))
-		return False;
-
-	if (hrs->len > sizeof(hrs->hours)) {
-		DEBUG(3, ("sam_io_logon_hrs: truncating length from %d\n", hrs->len));
-		hrs->len = sizeof(hrs->hours);
-	}
-
-	if(!prs_uint8s(False, "hours", ps, depth, hrs->hours, hrs->len))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAM_USER_INFO_18 structure.
-********************************************************************/
-
-void init_sam_user_info18(SAM_USER_INFO_18 * usr,
-			  const uint8 lm_pwd[16], const uint8 nt_pwd[16])
-{
-	DEBUG(5, ("init_sam_user_info18\n"));
-
-	usr->lm_pwd_active =
-		memcpy(usr->lm_pwd, lm_pwd, sizeof(usr->lm_pwd)) ? 1 : 0;
-	usr->nt_pwd_active =
-		memcpy(usr->nt_pwd, nt_pwd, sizeof(usr->nt_pwd)) ? 1 : 0;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_user_info18(const char *desc, SAM_USER_INFO_18 * u,
-			prs_struct *ps, int depth)
-{
-	if (u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_user_info18");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint8s(False, "lm_pwd", ps, depth, u->lm_pwd, sizeof(u->lm_pwd)))
-		return False;
-	if(!prs_uint8s(False, "nt_pwd", ps, depth, u->nt_pwd, sizeof(u->nt_pwd)))
-		return False;
-
-	if(!prs_uint8("lm_pwd_active", ps, depth, &u->lm_pwd_active))
-		return False;
-	if(!prs_uint8("nt_pwd_active", ps, depth, &u->nt_pwd_active))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAM_USER_INFO_7 structure.
-********************************************************************/
-
-void init_sam_user_info7(SAM_USER_INFO_7 * usr, const char *name)
-{
-	DEBUG(5, ("init_sam_user_info7\n"));
-
-	init_unistr2(&usr->uni_name, name, UNI_FLAGS_NONE);	/* unicode string for name */
-	init_uni_hdr(&usr->hdr_name, &usr->uni_name);		/* unicode header for name */
-
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_user_info7(const char *desc, SAM_USER_INFO_7 * usr,
-			prs_struct *ps, int depth)
-{
-	if (usr == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_user_info7");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_unihdr("unihdr", &usr->hdr_name, ps, depth))
-		return False;
-
-	if(!smb_io_unistr2("unistr2", &usr->uni_name, True, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAM_USER_INFO_9 structure.
-********************************************************************/
-
-void init_sam_user_info9(SAM_USER_INFO_9 * usr, uint32 rid_group)
-{
-	DEBUG(5, ("init_sam_user_info9\n"));
-
-	usr->rid_group = rid_group;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_user_info9(const char *desc, SAM_USER_INFO_9 * usr,
-			prs_struct *ps, int depth)
-{
-	if (usr == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_user_info9");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("rid_group", ps, depth, &usr->rid_group))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAM_USER_INFO_16 structure.
-********************************************************************/
-
-void init_sam_user_info16(SAM_USER_INFO_16 * usr, uint32 acb_info)
-{
-	DEBUG(5, ("init_sam_user_info16\n"));
-
-	usr->acb_info = acb_info;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_user_info16(const char *desc, SAM_USER_INFO_16 * usr,
-			prs_struct *ps, int depth)
-{
-	if (usr == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_user_info16");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("acb_info", ps, depth, &usr->acb_info))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAM_USER_INFO_17 structure.
-********************************************************************/
-
-void init_sam_user_info17(SAM_USER_INFO_17 * usr,
-			  NTTIME * expiry,
-			  char *mach_acct,
-			  uint32 rid_user, uint32 rid_group, uint16 acct_ctrl)
-{
-	DEBUG(5, ("init_sam_user_info17\n"));
-
-	memcpy(&usr->expiry, expiry, sizeof(usr->expiry));	/* expiry time or something? */
-	ZERO_STRUCT(usr->padding_1);	/* 0 - padding 24 bytes */
-
-	usr->padding_2 = 0;	/* 0 - padding 4 bytes */
-
-	usr->ptr_1 = 1;		/* pointer */
-	ZERO_STRUCT(usr->padding_3);	/* 0 - padding 32 bytes */
-	usr->padding_4 = 0;	/* 0 - padding 4 bytes */
-
-	usr->ptr_2 = 1;		/* pointer */
-	usr->padding_5 = 0;	/* 0 - padding 4 bytes */
-
-	usr->ptr_3 = 1;		/* pointer */
-	ZERO_STRUCT(usr->padding_6);	/* 0 - padding 32 bytes */
-
-	usr->rid_user = rid_user;
-	usr->rid_group = rid_group;
-
-	usr->acct_ctrl = acct_ctrl;
-	usr->unknown_3 = 0x0000;
-
-	usr->unknown_4 = 0x003f;	/* 0x003f      - 16 bit unknown */
-	usr->unknown_5 = 0x003c;	/* 0x003c      - 16 bit unknown */
-
-	ZERO_STRUCT(usr->padding_7);	/* 0 - padding 16 bytes */
-	usr->padding_8 = 0;	/* 0 - padding 4 bytes */
-
-	init_unistr2(&usr->uni_mach_acct, mach_acct, UNI_FLAGS_NONE);	/* unicode string for machine account */
-	init_uni_hdr(&usr->hdr_mach_acct, &usr->uni_mach_acct);	/* unicode header for machine account */
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_user_info17(const char *desc, SAM_USER_INFO_17 * usr,
-			prs_struct *ps, int depth)
-{
-	if (usr == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_unknown_17");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint8s(False, "padding_0", ps, depth, usr->padding_0, sizeof(usr->padding_0)))
-		return False;
-
-	if(!smb_io_time("time", &usr->expiry, ps, depth))
-		return False;
-
-	if(!prs_uint8s(False, "padding_1", ps, depth, usr->padding_1, sizeof(usr->padding_1)))
-		return False;
-
-	if(!smb_io_unihdr("unihdr", &usr->hdr_mach_acct, ps, depth))
-		return False;
-
-	if(!prs_uint32("padding_2", ps, depth, &usr->padding_2))
-		return False;
-
-	if(!prs_uint32("ptr_1    ", ps, depth, &usr->ptr_1))
-		return False;
-	if(!prs_uint8s(False, "padding_3", ps, depth, usr->padding_3, sizeof(usr->padding_3)))
-		return False;
-
-	if(!prs_uint32("padding_4", ps, depth, &usr->padding_4))
-		return False;
-
-	if(!prs_uint32("ptr_2    ", ps, depth, &usr->ptr_2))
-		return False;
-	if(!prs_uint32("padding_5", ps, depth, &usr->padding_5))
-		return False;
-
-	if(!prs_uint32("ptr_3    ", ps, depth, &usr->ptr_3))
-		return False;
-	if(!prs_uint8s(False, "padding_6", ps, depth, usr->padding_6,sizeof(usr->padding_6)))
-		return False;
-
-	if(!prs_uint32("rid_user ", ps, depth, &usr->rid_user))
-		return False;
-	if(!prs_uint32("rid_group", ps, depth, &usr->rid_group))
-		return False;
-	if(!prs_uint16("acct_ctrl", ps, depth, &usr->acct_ctrl))
-		return False;
-	if(!prs_uint16("unknown_3", ps, depth, &usr->unknown_3))
-		return False;
-	if(!prs_uint16("unknown_4", ps, depth, &usr->unknown_4))
-		return False;
-	if(!prs_uint16("unknown_5", ps, depth, &usr->unknown_5))
-		return False;
-
-	if(!prs_uint8s(False, "padding_7", ps, depth, usr->padding_7, sizeof(usr->padding_7)))
-		return False;
-
-	if(!prs_uint32("padding_8", ps, depth, &(usr->padding_8)))
-		return False;
-
-	if(!smb_io_unistr2("unistr2", &usr->uni_mach_acct, True, ps, depth))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint8s(False, "padding_9", ps, depth, usr->padding_9, sizeof(usr->padding_9)))
-		return False;
-
-	return True;
-}
-
-/*************************************************************************
- init_sam_user_infoa
- *************************************************************************/
-
-void init_sam_user_info24(SAM_USER_INFO_24 * usr, char newpass[516],
-			  uint8 pw_len)
-{
-	DEBUG(10, ("init_sam_user_info24:\n"));
-	memcpy(usr->pass, newpass, sizeof(usr->pass));
-	usr->pw_len = pw_len;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_user_info24(const char *desc, SAM_USER_INFO_24 * usr,
-			       prs_struct *ps, int depth)
-{
-	if (usr == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_user_info24");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint8s(False, "password", ps, depth, usr->pass, 
-		       sizeof(usr->pass)))
-		return False;
-	
-	if (MARSHALLING(ps) && (usr->pw_len != 0)) {
-		if (!prs_uint8("pw_len", ps, depth, &usr->pw_len))
-			return False;
-	} else if (UNMARSHALLING(ps)) {
-		if (!prs_uint8("pw_len", ps, depth, &usr->pw_len))
-			return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_user_info26(const char *desc, SAM_USER_INFO_26 * usr,
-			       prs_struct *ps, int depth)
-{
-	if (usr == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_user_info26");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint8s(False, "password", ps, depth, usr->pass, 
-		       sizeof(usr->pass)))
-		return False;
-	
-	if (!prs_uint8("pw_len", ps, depth, &usr->pw_len))
-		return False;
-
-	return True;
-}
-
-
-/*************************************************************************
- init_sam_user_info23
-
- unknown_6 = 0x0000 04ec 
-
- *************************************************************************/
-
-void init_sam_user_info23W(SAM_USER_INFO_23 * usr, NTTIME * logon_time,	/* all zeros */
-			NTTIME * logoff_time,	/* all zeros */
-			NTTIME * kickoff_time,	/* all zeros */
-			NTTIME * pass_last_set_time,	/* all zeros */
-			NTTIME * pass_can_change_time,	/* all zeros */
-			NTTIME * pass_must_change_time,	/* all zeros */
-			UNISTR2 *user_name,
-			UNISTR2 *full_name,
-			UNISTR2 *home_dir,
-			UNISTR2 *dir_drive,
-			UNISTR2 *log_scr,
-			UNISTR2 *prof_path,
-			UNISTR2 *desc,
-			UNISTR2 *wkstas,
-			UNISTR2 *unk_str,
-			UNISTR2 *mung_dial,
-			uint32 user_rid,	/* 0x0000 0000 */
-			uint32 group_rid,
-			uint32 acb_info,
-			uint32 fields_present,
-			uint16 logon_divs,
-			LOGON_HRS * hrs,
-			uint16 bad_password_count,
-			uint16 logon_count,
-			char newpass[516])
-{
-	usr->logon_time = *logon_time;	/* all zeros */
-	usr->logoff_time = *logoff_time;	/* all zeros */
-	usr->kickoff_time = *kickoff_time;	/* all zeros */
-	usr->pass_last_set_time = *pass_last_set_time;	/* all zeros */
-	usr->pass_can_change_time = *pass_can_change_time;	/* all zeros */
-	usr->pass_must_change_time = *pass_must_change_time;	/* all zeros */
-
-	ZERO_STRUCT(usr->nt_pwd);
-	ZERO_STRUCT(usr->lm_pwd);
-
-	usr->user_rid = user_rid;	/* 0x0000 0000 */
-	usr->group_rid = group_rid;
-	usr->acb_info = acb_info;
-	usr->fields_present = fields_present;	/* 09f8 27fa */
-
-	usr->logon_divs = logon_divs;	/* should be 168 (hours/week) */
-	usr->ptr_logon_hrs = hrs ? 1 : 0;
-
-	if (nt_time_is_zero(pass_must_change_time)) {
-		usr->passmustchange=PASS_MUST_CHANGE_AT_NEXT_LOGON;
-	} else {
-		usr->passmustchange=0;
-	}
-
-	ZERO_STRUCT(usr->padding1);
-	ZERO_STRUCT(usr->padding2);
-
-	usr->bad_password_count = bad_password_count;
-	usr->logon_count = logon_count;
-
-	memcpy(usr->pass, newpass, sizeof(usr->pass));
-
-	copy_unistr2(&usr->uni_user_name, user_name);
-	init_uni_hdr(&usr->hdr_user_name, &usr->uni_user_name);
-
-	copy_unistr2(&usr->uni_full_name, full_name);
-	init_uni_hdr(&usr->hdr_full_name, &usr->uni_full_name);
-
-	copy_unistr2(&usr->uni_home_dir, home_dir);
-	init_uni_hdr(&usr->hdr_home_dir, &usr->uni_home_dir);
-
-	copy_unistr2(&usr->uni_dir_drive, dir_drive);
-	init_uni_hdr(&usr->hdr_dir_drive, &usr->uni_dir_drive);
-
-	copy_unistr2(&usr->uni_logon_script, log_scr);
-	init_uni_hdr(&usr->hdr_logon_script, &usr->uni_logon_script);
-
-	copy_unistr2(&usr->uni_profile_path, prof_path);
-	init_uni_hdr(&usr->hdr_profile_path, &usr->uni_profile_path);
-
-	copy_unistr2(&usr->uni_acct_desc, desc);
-	init_uni_hdr(&usr->hdr_acct_desc, &usr->uni_acct_desc);
-
-	copy_unistr2(&usr->uni_workstations, wkstas);
-	init_uni_hdr(&usr->hdr_workstations, &usr->uni_workstations);
-
-	copy_unistr2(&usr->uni_comment, unk_str);
-	init_uni_hdr(&usr->hdr_comment, &usr->uni_comment);
-
-	copy_unistr2(&usr->uni_munged_dial, mung_dial);
-	init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial);
-
-	if (hrs) {
-		memcpy(&usr->logon_hrs, hrs, sizeof(usr->logon_hrs));
-	} else {
-		ZERO_STRUCT(usr->logon_hrs);
-	}
-}
-
-/*************************************************************************
- init_sam_user_info23
-
- unknown_6 = 0x0000 04ec 
-
- *************************************************************************/
-
-void init_sam_user_info23A(SAM_USER_INFO_23 * usr, NTTIME * logon_time,	/* all zeros */
-			   NTTIME * logoff_time,	/* all zeros */
-			   NTTIME * kickoff_time,	/* all zeros */
-			   NTTIME * pass_last_set_time,	/* all zeros */
-			   NTTIME * pass_can_change_time,	/* all zeros */
-			   NTTIME * pass_must_change_time,	/* all zeros */
-			   char *user_name,	/* NULL */
-			   char *full_name,
-			   char *home_dir, char *dir_drive, char *log_scr,
-			   char *prof_path, const char *desc, char *wkstas,
-			   char *unk_str, char *mung_dial, uint32 user_rid,	/* 0x0000 0000 */
-			   uint32 group_rid, uint32 acb_info,
-			   uint32 fields_present, uint16 logon_divs,
-			   LOGON_HRS * hrs, uint16 bad_password_count, uint16 logon_count,
-			   char newpass[516])
-{
-	DATA_BLOB blob = base64_decode_data_blob(mung_dial);
-	
-	usr->logon_time = *logon_time;	/* all zeros */
-	usr->logoff_time = *logoff_time;	/* all zeros */
-	usr->kickoff_time = *kickoff_time;	/* all zeros */
-	usr->pass_last_set_time = *pass_last_set_time;	/* all zeros */
-	usr->pass_can_change_time = *pass_can_change_time;	/* all zeros */
-	usr->pass_must_change_time = *pass_must_change_time;	/* all zeros */
-
-	ZERO_STRUCT(usr->nt_pwd);
-	ZERO_STRUCT(usr->lm_pwd);
-
-	usr->user_rid = user_rid;	/* 0x0000 0000 */
-	usr->group_rid = group_rid;
-	usr->acb_info = acb_info;
-	usr->fields_present = fields_present;	/* 09f8 27fa */
-
-	usr->logon_divs = logon_divs;	/* should be 168 (hours/week) */
-	usr->ptr_logon_hrs = hrs ? 1 : 0;
-
-	if (nt_time_is_zero(pass_must_change_time)) {
-		usr->passmustchange=PASS_MUST_CHANGE_AT_NEXT_LOGON;
-	} else {
-		usr->passmustchange=0;
-	}
-
-	ZERO_STRUCT(usr->padding1);
-	ZERO_STRUCT(usr->padding2);
-
-	usr->bad_password_count = bad_password_count;
-	usr->logon_count = logon_count;
-
-	memcpy(usr->pass, newpass, sizeof(usr->pass));
-
-	init_unistr2(&usr->uni_user_name, user_name, UNI_FLAGS_NONE);
-	init_uni_hdr(&usr->hdr_user_name, &usr->uni_user_name);
-
-	init_unistr2(&usr->uni_full_name, full_name, UNI_FLAGS_NONE);
-	init_uni_hdr(&usr->hdr_full_name, &usr->uni_full_name);
-
-	init_unistr2(&usr->uni_home_dir, home_dir, UNI_FLAGS_NONE);
-	init_uni_hdr(&usr->hdr_home_dir, &usr->uni_home_dir);
-
-	init_unistr2(&usr->uni_dir_drive, dir_drive, UNI_FLAGS_NONE);
-	init_uni_hdr(&usr->hdr_dir_drive, &usr->uni_dir_drive);
-
-	init_unistr2(&usr->uni_logon_script, log_scr, UNI_FLAGS_NONE);
-	init_uni_hdr(&usr->hdr_logon_script, &usr->uni_logon_script);
-
-	init_unistr2(&usr->uni_profile_path, prof_path, UNI_FLAGS_NONE);
-	init_uni_hdr(&usr->hdr_profile_path, &usr->uni_profile_path);
-
-	init_unistr2(&usr->uni_acct_desc, desc, UNI_FLAGS_NONE);
-	init_uni_hdr(&usr->hdr_acct_desc, &usr->uni_acct_desc);
-
-	init_unistr2(&usr->uni_workstations, wkstas, UNI_FLAGS_NONE);
-	init_uni_hdr(&usr->hdr_workstations, &usr->uni_workstations);
-
-	init_unistr2(&usr->uni_comment, unk_str, UNI_FLAGS_NONE);
-	init_uni_hdr(&usr->hdr_comment, &usr->uni_comment);
-
-	init_unistr2_from_datablob(&usr->uni_munged_dial, &blob);
-	init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial);
-
-	data_blob_free(&blob);
-	
-	if (hrs) {
-		memcpy(&usr->logon_hrs, hrs, sizeof(usr->logon_hrs));
-	} else {
-		ZERO_STRUCT(usr->logon_hrs);
-	}
-}
-
-
-/*************************************************************************
- init_samr_user_info25P
- fields_present = ACCT_NT_PWD_SET | ACCT_LM_PWD_SET | ACCT_FLAGS
-*************************************************************************/
-
-void init_sam_user_info25P(SAM_USER_INFO_25 * usr,
-			   uint32 fields_present, uint32 acb_info,
-			   char newpass[532])
-{
-	usr->fields_present = fields_present;
-	ZERO_STRUCT(usr->padding1);
-	ZERO_STRUCT(usr->padding2);
-
-	usr->acb_info = acb_info;
-	memcpy(usr->pass, newpass, sizeof(usr->pass));
-}
-
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_user_info23(const char *desc, SAM_USER_INFO_23 * usr,
-			       prs_struct *ps, int depth)
-{
-	if (usr == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_user_info23");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_time("logon_time           ", &usr->logon_time, ps, depth))
-		return False;
-	if(!smb_io_time("logoff_time          ", &usr->logoff_time, ps, depth))
-		return False;
-	if(!smb_io_time("kickoff_time         ", &usr->kickoff_time, ps, depth))
-		return False;
-	if(!smb_io_time("pass_last_set_time   ", &usr->pass_last_set_time, ps, depth))
-		return False;
-	if(!smb_io_time("pass_can_change_time ", &usr->pass_can_change_time, ps, depth))
-		return False;
-	if(!smb_io_time("pass_must_change_time", &usr->pass_must_change_time, ps, depth))
-		return False;
-
-	if(!smb_io_unihdr("hdr_user_name   ", &usr->hdr_user_name, ps, depth))	/* username unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_full_name   ", &usr->hdr_full_name, ps, depth))	/* user's full name unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_home_dir    ", &usr->hdr_home_dir, ps, depth))	/* home directory unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_dir_drive   ", &usr->hdr_dir_drive, ps, depth))	/* home directory drive */
-		return False;
-	if(!smb_io_unihdr("hdr_logon_script", &usr->hdr_logon_script, ps, depth))	/* logon script unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_profile_path", &usr->hdr_profile_path, ps, depth))	/* profile path unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_acct_desc   ", &usr->hdr_acct_desc, ps, depth))	/* account desc */
-		return False;
-	if(!smb_io_unihdr("hdr_workstations", &usr->hdr_workstations, ps, depth))	/* wkstas user can log on from */
-		return False;
-	if(!smb_io_unihdr("hdr_comment ", &usr->hdr_comment, ps, depth))	/* unknown string */
-		return False;
-	if(!smb_io_unihdr("hdr_munged_dial ", &usr->hdr_munged_dial, ps, depth))	/* wkstas user can log on from */
-		return False;
-
-	if(!prs_uint8s(False, "lm_pwd        ", ps, depth, usr->lm_pwd, sizeof(usr->lm_pwd)))
-		return False;
-	if(!prs_uint8s(False, "nt_pwd        ", ps, depth, usr->nt_pwd, sizeof(usr->nt_pwd)))
-		return False;
-
-	if(!prs_uint32("user_rid      ", ps, depth, &usr->user_rid))	/* User ID */
-		return False;
-	if(!prs_uint32("group_rid     ", ps, depth, &usr->group_rid))	/* Group ID */
-		return False;
-	if(!prs_uint32("acb_info      ", ps, depth, &usr->acb_info))
-		return False;
-
-	if(!prs_uint32("fields_present ", ps, depth, &usr->fields_present))
-		return False;
-	if(!prs_uint16("logon_divs    ", ps, depth, &usr->logon_divs))	/* logon divisions per week */
-		return False;
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("ptr_logon_hrs ", ps, depth, &usr->ptr_logon_hrs))
-		return False;
-
-	if(!prs_uint16("bad_password_count     ", ps, depth, &usr->bad_password_count))
-		return False;
-	if(!prs_uint16("logon_count     ", ps, depth, &usr->logon_count))
-		return False;
-
-	if(!prs_uint8s(False, "padding1      ", ps, depth, usr->padding1, sizeof(usr->padding1)))
-		return False;
-	if(!prs_uint8("passmustchange ", ps, depth, &usr->passmustchange))
-		return False;
-	if(!prs_uint8("padding2       ", ps, depth, &usr->padding2))
-		return False;
-
-
-	if(!prs_uint8s(False, "password      ", ps, depth, usr->pass, sizeof(usr->pass)))
-		return False;
-
-	/* here begins pointed-to data */
-
-	if(!smb_io_unistr2("uni_user_name   ", &usr->uni_user_name, usr->hdr_user_name.buffer, ps, depth))	/* username unicode string */
-		return False;
-
-	if(!smb_io_unistr2("uni_full_name   ", &usr->uni_full_name, usr->hdr_full_name.buffer, ps, depth))	/* user's full name unicode string */
-		return False;
-
-	if(!smb_io_unistr2("uni_home_dir    ", &usr->uni_home_dir, usr->hdr_home_dir.buffer, ps, depth))	/* home directory unicode string */
-		return False;
-
-	if(!smb_io_unistr2("uni_dir_drive   ", &usr->uni_dir_drive, usr->hdr_dir_drive.buffer, ps, depth))	/* home directory drive unicode string */
-		return False;
-
-	if(!smb_io_unistr2("uni_logon_script", &usr->uni_logon_script, usr->hdr_logon_script.buffer, ps, depth))	/* logon script unicode string */
-		return False;
-
-	if(!smb_io_unistr2("uni_profile_path", &usr->uni_profile_path, usr->hdr_profile_path.buffer, ps, depth))	/* profile path unicode string */
-		return False;
-
-	if(!smb_io_unistr2("uni_acct_desc   ", &usr->uni_acct_desc, usr->hdr_acct_desc.buffer, ps, depth))	/* user desc unicode string */
-		return False;
-
-	if(!smb_io_unistr2("uni_workstations", &usr->uni_workstations, usr->hdr_workstations.buffer, ps, depth))	/* worksations user can log on from */
-		return False;
-
-	if(!smb_io_unistr2("uni_comment ", &usr->uni_comment, usr->hdr_comment.buffer, ps, depth))	/* unknown string */
-		return False;
-
-	if(!smb_io_unistr2("uni_munged_dial ", &usr->uni_munged_dial, usr->hdr_munged_dial.buffer, ps, depth))
-		return False;
-
-	/* ok, this is only guess-work (as usual) */
-	if (usr->ptr_logon_hrs) {
-		if(!sam_io_logon_hrs("logon_hrs", &usr->logon_hrs, ps, depth))
-			return False;
-	} 
-
-	return True;
-}
-
-/*******************************************************************
- reads or writes a structure.
- NB. This structure is *definately* incorrect. It's my best guess
- currently for W2K SP2. The password field is encrypted in a different
- way than normal... And there are definately other problems. JRA.
-********************************************************************/
-
-static bool sam_io_user_info25(const char *desc, SAM_USER_INFO_25 * usr, prs_struct *ps, int depth)
-{
-	if (usr == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_user_info25");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_time("logon_time           ", &usr->logon_time, ps, depth))
-		return False;
-	if(!smb_io_time("logoff_time          ", &usr->logoff_time, ps, depth))
-		return False;
-	if(!smb_io_time("kickoff_time         ", &usr->kickoff_time, ps, depth))
-		return False;
-	if(!smb_io_time("pass_last_set_time   ", &usr->pass_last_set_time, ps, depth))
-		return False;
-	if(!smb_io_time("pass_can_change_time ", &usr->pass_can_change_time, ps, depth))
-		return False;
-	if(!smb_io_time("pass_must_change_time", &usr->pass_must_change_time, ps, depth))
-		return False;
-
-	if(!smb_io_unihdr("hdr_user_name   ", &usr->hdr_user_name, ps, depth))	/* username unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_full_name   ", &usr->hdr_full_name, ps, depth))	/* user's full name unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_home_dir    ", &usr->hdr_home_dir, ps, depth))	/* home directory unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_dir_drive   ", &usr->hdr_dir_drive, ps, depth))	/* home directory drive */
-		return False;
-	if(!smb_io_unihdr("hdr_logon_script", &usr->hdr_logon_script, ps, depth))	/* logon script unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_profile_path", &usr->hdr_profile_path, ps, depth))	/* profile path unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_acct_desc   ", &usr->hdr_acct_desc, ps, depth))	/* account desc */
-		return False;
-	if(!smb_io_unihdr("hdr_workstations", &usr->hdr_workstations, ps, depth))	/* wkstas user can log on from */
-		return False;
-	if(!smb_io_unihdr("hdr_comment ", &usr->hdr_comment, ps, depth))	/* unknown string */
-		return False;
-	if(!smb_io_unihdr("hdr_munged_dial ", &usr->hdr_munged_dial, ps, depth))	/* wkstas user can log on from */
-		return False;
-
-	if(!prs_uint8s(False, "lm_pwd        ", ps, depth, usr->lm_pwd, sizeof(usr->lm_pwd)))
-		return False;
-	if(!prs_uint8s(False, "nt_pwd        ", ps, depth, usr->nt_pwd, sizeof(usr->nt_pwd)))
-		return False;
-
-	if(!prs_uint32("user_rid      ", ps, depth, &usr->user_rid))	/* User ID */
-		return False;
-	if(!prs_uint32("group_rid     ", ps, depth, &usr->group_rid))	/* Group ID */
-		return False;
-	if(!prs_uint32("acb_info      ", ps, depth, &usr->acb_info))
-		return False;
-	if(!prs_uint32("fields_present ", ps, depth, &usr->fields_present))
-		return False;
-
-	if(!prs_uint16("logon_divs    ", ps, depth, &usr->logon_divs))	/* logon divisions per week */
-		return False;
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("ptr_logon_hrs ", ps, depth, &usr->ptr_logon_hrs))
-		return False;
-
-	if(!prs_uint16("bad_password_count     ", ps, depth, &usr->bad_password_count))
-		return False;
-	if(!prs_uint16("logon_count     ", ps, depth, &usr->logon_count))
-		return False;
-
-	if(!prs_uint8s(False, "padding1      ", ps, depth, usr->padding1, sizeof(usr->padding1)))
-		return False;
-	if(!prs_uint8("passmustchange ", ps, depth, &usr->passmustchange))
-		return False;
-	if(!prs_uint8("padding2       ", ps, depth, &usr->padding2))
-		return False;
-
-
-	if(!prs_uint8s(False, "password      ", ps, depth, usr->pass, sizeof(usr->pass)))
-		return False;
-
-	/* here begins pointed-to data */
-
-	if(!smb_io_unistr2("uni_user_name   ", &usr->uni_user_name, usr->hdr_user_name.buffer, ps, depth))	/* username unicode string */
-		return False;
-
-	if(!smb_io_unistr2("uni_full_name   ", &usr->uni_full_name, usr->hdr_full_name.buffer, ps, depth))	/* user's full name unicode string */
-		return False;
-
-	if(!smb_io_unistr2("uni_home_dir    ", &usr->uni_home_dir, usr->hdr_home_dir.buffer, ps, depth))	/* home directory unicode string */
-		return False;
-
-	if(!smb_io_unistr2("uni_dir_drive   ", &usr->uni_dir_drive, usr->hdr_dir_drive.buffer, ps, depth))	/* home directory drive unicode string */
-		return False;
-
-	if(!smb_io_unistr2("uni_logon_script", &usr->uni_logon_script, usr->hdr_logon_script.buffer, ps, depth))	/* logon script unicode string */
-		return False;
-
-	if(!smb_io_unistr2("uni_profile_path", &usr->uni_profile_path, usr->hdr_profile_path.buffer, ps, depth))	/* profile path unicode string */
-		return False;
-
-	if(!smb_io_unistr2("uni_acct_desc   ", &usr->uni_acct_desc, usr->hdr_acct_desc.buffer, ps, depth))	/* user desc unicode string */
-		return False;
-
-	if(!smb_io_unistr2("uni_workstations", &usr->uni_workstations, usr->hdr_workstations.buffer, ps, depth))	/* worksations user can log on from */
-		return False;
-
-	if(!smb_io_unistr2("uni_comment ", &usr->uni_comment, usr->hdr_comment.buffer, ps, depth))	/* unknown string */
-		return False;
-
-	if(!smb_io_unistr2("uni_munged_dial ", &usr->uni_munged_dial, usr->hdr_munged_dial.buffer, ps, depth))
-		return False;
-
-	/* ok, this is only guess-work (as usual) */
-	if (usr->ptr_logon_hrs) {
-		if(!sam_io_logon_hrs("logon_hrs", &usr->logon_hrs, ps, depth))
-			return False;
-	} 
-
-	return True;
-}
-
-
-/*************************************************************************
- init_sam_user_info21W
-
- unknown_6 = 0x0000 04ec 
-
- *************************************************************************/
-
-void init_sam_user_info21W(SAM_USER_INFO_21 * usr,
-			   NTTIME * logon_time,
-			   NTTIME * logoff_time,
-			   NTTIME * kickoff_time,
-			   NTTIME * pass_last_set_time,
-			   NTTIME * pass_can_change_time,
-			   NTTIME * pass_must_change_time,
-			   UNISTR2 *user_name,
-			   UNISTR2 *full_name,
-			   UNISTR2 *home_dir,
-			   UNISTR2 *dir_drive,
-			   UNISTR2 *log_scr,
-			   UNISTR2 *prof_path,
-			   UNISTR2 *desc,
-			   UNISTR2 *wkstas,
-			   UNISTR2 *unk_str,
-			   UNISTR2 *mung_dial,
-			   uchar lm_pwd[16],
-			   uchar nt_pwd[16],
-			   uint32 user_rid,
-			   uint32 group_rid,
-			   uint32 acb_info,
-			   uint32 fields_present,
-			   uint16 logon_divs,
-			   LOGON_HRS * hrs,
-			   uint16 bad_password_count,
-			   uint16 logon_count)
-{
-	usr->logon_time = *logon_time;
-	usr->logoff_time = *logoff_time;
-	usr->kickoff_time = *kickoff_time;
-	usr->pass_last_set_time = *pass_last_set_time;
-	usr->pass_can_change_time = *pass_can_change_time;
-	usr->pass_must_change_time = *pass_must_change_time;
-
-	memcpy(usr->lm_pwd, lm_pwd, sizeof(usr->lm_pwd));
-	memcpy(usr->nt_pwd, nt_pwd, sizeof(usr->nt_pwd));
-
-	usr->user_rid = user_rid;
-	usr->group_rid = group_rid;
-	usr->acb_info = acb_info;
-	usr->fields_present = fields_present;	/* 0x00ff ffff */
-
-	usr->logon_divs = logon_divs;	/* should be 168 (hours/week) */
-	usr->ptr_logon_hrs = hrs ? 1 : 0;
-	usr->bad_password_count = bad_password_count;
-	usr->logon_count = logon_count;
-
-	if (nt_time_is_zero(pass_must_change_time)) {
-		usr->passmustchange=PASS_MUST_CHANGE_AT_NEXT_LOGON;
-	} else {
-		usr->passmustchange=0;
-	}
-
-	ZERO_STRUCT(usr->padding1);
-	ZERO_STRUCT(usr->padding2);
-
-	copy_unistr2(&usr->uni_user_name, user_name);
-	init_uni_hdr(&usr->hdr_user_name, &usr->uni_user_name);
-
-	copy_unistr2(&usr->uni_full_name, full_name);
-	init_uni_hdr(&usr->hdr_full_name, &usr->uni_full_name);
-
-	copy_unistr2(&usr->uni_home_dir, home_dir);
-	init_uni_hdr(&usr->hdr_home_dir, &usr->uni_home_dir);
-
-	copy_unistr2(&usr->uni_dir_drive, dir_drive);
-	init_uni_hdr(&usr->hdr_dir_drive, &usr->uni_dir_drive);
-
-	copy_unistr2(&usr->uni_logon_script, log_scr);
-	init_uni_hdr(&usr->hdr_logon_script, &usr->uni_logon_script);
-
-	copy_unistr2(&usr->uni_profile_path, prof_path);
-	init_uni_hdr(&usr->hdr_profile_path, &usr->uni_profile_path);
-
-	copy_unistr2(&usr->uni_acct_desc, desc);
-	init_uni_hdr(&usr->hdr_acct_desc, &usr->uni_acct_desc);
-
-	copy_unistr2(&usr->uni_workstations, wkstas);
-	init_uni_hdr(&usr->hdr_workstations, &usr->uni_workstations);
-
-	copy_unistr2(&usr->uni_comment, unk_str);
-	init_uni_hdr(&usr->hdr_comment, &usr->uni_comment);
-
-	copy_unistr2(&usr->uni_munged_dial, mung_dial);
-	init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial);
-
-	if (hrs) {
-		memcpy(&usr->logon_hrs, hrs, sizeof(usr->logon_hrs));
-	} else {
-		ZERO_STRUCT(usr->logon_hrs);
-	}
-}
-
-/*************************************************************************
- init_sam_user_info21
-
- unknown_6 = 0x0000 04ec 
-
- *************************************************************************/
-
-NTSTATUS init_sam_user_info21A(SAM_USER_INFO_21 *usr, struct samu *pw, DOM_SID *domain_sid)
-{
-	NTTIME 		logon_time, logoff_time, kickoff_time,
-			pass_last_set_time, pass_can_change_time,
-			pass_must_change_time;
-			
-	time_t must_change_time;
-	const char*		user_name = pdb_get_username(pw);
-	const char*		full_name = pdb_get_fullname(pw);
-	const char*		home_dir  = pdb_get_homedir(pw);
-	const char*		dir_drive = pdb_get_dir_drive(pw);
-	const char*		logon_script = pdb_get_logon_script(pw);
-	const char*		profile_path = pdb_get_profile_path(pw);
-	const char*		description = pdb_get_acct_desc(pw);
-	const char*		workstations = pdb_get_workstations(pw);
-	const char*		munged_dial = pdb_get_munged_dial(pw);
-	DATA_BLOB 		munged_dial_blob;
-
-	uint32 user_rid;
-	const DOM_SID *user_sid;
-
-	uint32 group_rid;
-	const DOM_SID *group_sid;
-
-	if (munged_dial) {
-		munged_dial_blob = base64_decode_data_blob(munged_dial);
-	} else {
-		munged_dial_blob = data_blob_null;
-	}
-
-	/* Create NTTIME structs */
-	unix_to_nt_time (&logon_time,	        pdb_get_logon_time(pw));
-	unix_to_nt_time (&logoff_time,	pdb_get_logoff_time(pw));
-	unix_to_nt_time (&kickoff_time, 	pdb_get_kickoff_time(pw));
-	unix_to_nt_time (&pass_last_set_time, pdb_get_pass_last_set_time(pw));
-	unix_to_nt_time (&pass_can_change_time,pdb_get_pass_can_change_time(pw));
-	must_change_time = pdb_get_pass_must_change_time(pw);
-	if (must_change_time == get_time_t_max())
-		unix_to_nt_time_abs(&pass_must_change_time, must_change_time);
-	else
-		unix_to_nt_time(&pass_must_change_time, must_change_time);
-	
-	/* structure assignment */
-	usr->logon_time            = logon_time;
-	usr->logoff_time           = logoff_time;
-	usr->kickoff_time          = kickoff_time;
-	usr->pass_last_set_time    = pass_last_set_time;
-	usr->pass_can_change_time  = pass_can_change_time;
-	usr->pass_must_change_time = pass_must_change_time;
-
-	ZERO_STRUCT(usr->nt_pwd);
-	ZERO_STRUCT(usr->lm_pwd);
-
-	user_sid = pdb_get_user_sid(pw);
-	
-	if (!sid_peek_check_rid(domain_sid, user_sid, &user_rid)) {
-		DEBUG(0, ("init_sam_user_info_21A: User %s has SID %s, \nwhich conflicts with "
-			  "the domain sid %s.  Failing operation.\n", 
-			  user_name, sid_string_dbg(user_sid),
-			  sid_string_dbg(domain_sid)));
-		data_blob_free(&munged_dial_blob);
-		return NT_STATUS_UNSUCCESSFUL;
-	}
-
-	become_root();	
-	group_sid = pdb_get_group_sid(pw);
-	unbecome_root();
-
-	if (!sid_peek_check_rid(domain_sid, group_sid, &group_rid)) {
-		DEBUG(0, ("init_sam_user_info_21A: User %s has Primary Group SID %s, \n"
-			  "which conflicts with the domain sid %s.  Failing operation.\n", 
-			  user_name, sid_string_dbg(group_sid),
-			  sid_string_dbg(domain_sid)));
-		data_blob_free(&munged_dial_blob);
-		return NT_STATUS_UNSUCCESSFUL;
-	}
-
-	usr->user_rid  = user_rid;
-	usr->group_rid = group_rid;
-	usr->acb_info  = pdb_get_acct_ctrl(pw);
-
-	/*
-	  Look at a user on a real NT4 PDC with usrmgr, press
-	  'ok'. Then you will see that fields_present is set to
-	  0x08f827fa. Look at the user immediately after that again,
-	  and you will see that 0x00fffff is returned. This solves
-	  the problem that you get access denied after having looked
-	  at the user.
-	  -- Volker
-	*/
-	usr->fields_present = pdb_build_fields_present(pw);
-
-	usr->logon_divs = pdb_get_logon_divs(pw); 
-	usr->ptr_logon_hrs = pdb_get_hours(pw) ? 1 : 0;
-	usr->bad_password_count = pdb_get_bad_password_count(pw);
-	usr->logon_count = pdb_get_logon_count(pw);
-
-	if (pdb_get_pass_must_change_time(pw) == 0) {
-		usr->passmustchange=PASS_MUST_CHANGE_AT_NEXT_LOGON;
-	} else {
-		usr->passmustchange=0;
-	}
-
-	ZERO_STRUCT(usr->padding1);
-	ZERO_STRUCT(usr->padding2);
-
-	init_unistr2(&usr->uni_user_name, user_name, UNI_STR_TERMINATE);
-	init_uni_hdr(&usr->hdr_user_name, &usr->uni_user_name);
-
-	init_unistr2(&usr->uni_full_name, full_name, UNI_STR_TERMINATE);
-	init_uni_hdr(&usr->hdr_full_name, &usr->uni_full_name);
-
-	init_unistr2(&usr->uni_home_dir, home_dir, UNI_STR_TERMINATE);
-	init_uni_hdr(&usr->hdr_home_dir, &usr->uni_home_dir);
-
-	init_unistr2(&usr->uni_dir_drive, dir_drive, UNI_STR_TERMINATE);
-	init_uni_hdr(&usr->hdr_dir_drive, &usr->uni_dir_drive);
-
-	init_unistr2(&usr->uni_logon_script, logon_script, UNI_STR_TERMINATE);
-	init_uni_hdr(&usr->hdr_logon_script, &usr->uni_logon_script);
-
-	init_unistr2(&usr->uni_profile_path, profile_path, UNI_STR_TERMINATE);
-	init_uni_hdr(&usr->hdr_profile_path, &usr->uni_profile_path);
-
-	init_unistr2(&usr->uni_acct_desc, description, UNI_STR_TERMINATE);
-	init_uni_hdr(&usr->hdr_acct_desc, &usr->uni_acct_desc);
-
-	init_unistr2(&usr->uni_workstations, workstations, UNI_STR_TERMINATE);
-	init_uni_hdr(&usr->hdr_workstations, &usr->uni_workstations);
-
-	init_unistr2(&usr->uni_comment, NULL, UNI_STR_TERMINATE);
-	init_uni_hdr(&usr->hdr_comment, &usr->uni_comment);
-
-	init_unistr2_from_datablob(&usr->uni_munged_dial, &munged_dial_blob);
-	init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial);
-	data_blob_free(&munged_dial_blob);
-
-	if (pdb_get_hours(pw)) {
-		usr->logon_hrs.max_len = 1260;
-		usr->logon_hrs.offset = 0;
-		usr->logon_hrs.len = pdb_get_hours_len(pw);
-		memcpy(&usr->logon_hrs.hours, pdb_get_hours(pw), MAX_HOURS_LEN);
-	} else {
-		usr->logon_hrs.max_len = 1260;
-		usr->logon_hrs.offset = 0;
-		usr->logon_hrs.len = 0;
-		memset(&usr->logon_hrs, 0xff, sizeof(usr->logon_hrs));
-	}
-
-	return NT_STATUS_OK;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_user_info21(const char *desc, SAM_USER_INFO_21 * usr,
-			prs_struct *ps, int depth)
-{
-	if (usr == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_user_info21");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_time("logon_time           ", &usr->logon_time, ps, depth))
-		return False;
-	if(!smb_io_time("logoff_time          ", &usr->logoff_time, ps, depth))
-		return False;
-	if(!smb_io_time("pass_last_set_time   ", &usr->pass_last_set_time, ps,depth))
-		return False;
-	if(!smb_io_time("kickoff_time         ", &usr->kickoff_time, ps, depth))
-		return False;
-	if(!smb_io_time("pass_can_change_time ", &usr->pass_can_change_time, ps,depth))
-		return False;
-	if(!smb_io_time("pass_must_change_time", &usr->pass_must_change_time,  ps, depth))
-		return False;
-
-	if(!smb_io_unihdr("hdr_user_name   ", &usr->hdr_user_name, ps, depth))	/* username unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_full_name   ", &usr->hdr_full_name, ps, depth))	/* user's full name unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_home_dir    ", &usr->hdr_home_dir, ps, depth))	/* home directory unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_dir_drive   ", &usr->hdr_dir_drive, ps, depth))	/* home directory drive */
-		return False;
-	if(!smb_io_unihdr("hdr_logon_script", &usr->hdr_logon_script, ps, depth))	/* logon script unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_profile_path", &usr->hdr_profile_path, ps, depth))	/* profile path unicode string header */
-		return False;
-	if(!smb_io_unihdr("hdr_acct_desc   ", &usr->hdr_acct_desc, ps, depth))	/* account desc */
-		return False;
-	if(!smb_io_unihdr("hdr_workstations", &usr->hdr_workstations, ps, depth))	/* wkstas user can log on from */
-		return False;
-	if(!smb_io_unihdr("hdr_comment ", &usr->hdr_comment, ps, depth))	/* unknown string */
-		return False;
-	if(!smb_io_unihdr("hdr_munged_dial ", &usr->hdr_munged_dial, ps, depth))	/* wkstas user can log on from */
-		return False;
-
-	if(!prs_uint8s(False, "lm_pwd        ", ps, depth, usr->lm_pwd, sizeof(usr->lm_pwd)))
-		return False;
-	if(!prs_uint8s(False, "nt_pwd        ", ps, depth, usr->nt_pwd, sizeof(usr->nt_pwd)))
-		return False;
-
-	if(!prs_uint32("user_rid      ", ps, depth, &usr->user_rid))	/* User ID */
-		return False;
-	if(!prs_uint32("group_rid     ", ps, depth, &usr->group_rid))	/* Group ID */
-		return False;
-	if(!prs_uint32("acb_info      ", ps, depth, &usr->acb_info))
-		return False;
-
-	if(!prs_uint32("fields_present ", ps, depth, &usr->fields_present))
-		return False;
-	if(!prs_uint16("logon_divs    ", ps, depth, &usr->logon_divs))	/* logon divisions per week */
-		return False;
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("ptr_logon_hrs ", ps, depth, &usr->ptr_logon_hrs))
-		return False;
-
-	if(!prs_uint16("bad_password_count     ", ps, depth, &usr->bad_password_count))
-		return False;
-	if(!prs_uint16("logon_count     ", ps, depth, &usr->logon_count))
-		return False;
-
-	if(!prs_uint8s(False, "padding1      ", ps, depth, usr->padding1, sizeof(usr->padding1)))
-		return False;
-	if(!prs_uint8("passmustchange ", ps, depth, &usr->passmustchange))
-		return False;
-	if(!prs_uint8("padding2       ", ps, depth, &usr->padding2))
-		return False;
-
-	/* here begins pointed-to data */
-
-	if(!smb_io_unistr2("uni_user_name   ", &usr->uni_user_name,usr->hdr_user_name.buffer, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_full_name   ", &usr->uni_full_name, usr->hdr_full_name.buffer, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_home_dir    ", &usr->uni_home_dir, usr->hdr_home_dir.buffer, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_dir_drive   ", &usr->uni_dir_drive, usr->hdr_dir_drive.buffer, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_logon_script", &usr->uni_logon_script, usr->hdr_logon_script.buffer, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_profile_path", &usr->uni_profile_path, usr->hdr_profile_path.buffer, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_acct_desc   ", &usr->uni_acct_desc, usr->hdr_acct_desc.buffer, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_workstations", &usr->uni_workstations, usr->hdr_workstations.buffer, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_comment", &usr->uni_comment, usr->hdr_comment.buffer, ps, depth))
-		return False;
-	if(!smb_io_unistr2("uni_munged_dial ", &usr->uni_munged_dial,usr->hdr_munged_dial.buffer, ps, depth))
-		return False;
-
-	/* ok, this is only guess-work (as usual) */
-	if (usr->ptr_logon_hrs) {
-		if(!sam_io_logon_hrs("logon_hrs", &usr->logon_hrs, ps, depth))
-			return False;
-	}
-
-	return True;
-}
-
-void init_sam_user_info20A(SAM_USER_INFO_20 *usr, struct samu *pw)
-{
-	const char *munged_dial = pdb_get_munged_dial(pw);
-	DATA_BLOB blob;
-
-	if (munged_dial) {
-		blob = base64_decode_data_blob(munged_dial);
-	} else {
-		blob = data_blob_null;
-	}
-
-	init_unistr2_from_datablob(&usr->uni_munged_dial, &blob);
-	init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial);
-	data_blob_free(&blob);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool sam_io_user_info20(const char *desc, SAM_USER_INFO_20 *usr,
-			prs_struct *ps, int depth)
-{
-	if (usr == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sam_io_user_info20");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_unihdr("hdr_munged_dial ", &usr->hdr_munged_dial, ps, depth))	/* wkstas user can log on from */
-		return False;
-
-	if(!smb_io_unistr2("uni_munged_dial ", &usr->uni_munged_dial,usr->hdr_munged_dial.buffer, ps, depth))	/* worksations user can log on from */
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAM_USERINFO_CTR structure.
-********************************************************************/
-
-NTSTATUS make_samr_userinfo_ctr_usr21(TALLOC_CTX *ctx, SAM_USERINFO_CTR * ctr,
-				    uint16 switch_value,
-				    SAM_USER_INFO_21 * usr)
-{
-	DEBUG(5, ("make_samr_userinfo_ctr_usr21\n"));
-
-	ctr->switch_value = switch_value;
-	ctr->info.id = NULL;
-
-	switch (switch_value) {
-	case 16:
-		ctr->info.id16 = TALLOC_ZERO_P(ctx,SAM_USER_INFO_16);
-		if (ctr->info.id16 == NULL)
-			return NT_STATUS_NO_MEMORY;
-
-		init_sam_user_info16(ctr->info.id16, usr->acb_info);
-		break;
-#if 0
-/* whoops - got this wrong.  i think.  or don't understand what's happening. */
-	case 17:
-		{
-			NTTIME expire;
-			info = (void *)&id11;
-
-			expire.low = 0xffffffff;
-			expire.high = 0x7fffffff;
-
-			ctr->info.id = TALLOC_ZERO_P(ctx,SAM_USER_INFO_17);
-			init_sam_user_info11(ctr->info.id17, &expire,
-					     "BROOKFIELDS$",	/* name */
-					     0x03ef,	/* user rid */
-					     0x201,	/* group rid */
-					     0x0080);	/* acb info */
-
-			break;
-		}
-#endif
-	case 18:
-		ctr->info.id18 = TALLOC_ZERO_P(ctx,SAM_USER_INFO_18);
-		if (ctr->info.id18 == NULL)
-			return NT_STATUS_NO_MEMORY;
-
-		init_sam_user_info18(ctr->info.id18, usr->lm_pwd, usr->nt_pwd);
-		break;
-	case 21:
-		{
-			SAM_USER_INFO_21 *cusr;
-			cusr = TALLOC_ZERO_P(ctx,SAM_USER_INFO_21);
-			ctr->info.id21 = cusr;
-			if (ctr->info.id21 == NULL)
-				return NT_STATUS_NO_MEMORY;
-			memcpy(cusr, usr, sizeof(*usr));
-			memset(cusr->lm_pwd, 0, sizeof(cusr->lm_pwd));
-			memset(cusr->nt_pwd, 0, sizeof(cusr->nt_pwd));
-			break;
-		}
-	default:
-		DEBUG(4,("make_samr_userinfo_ctr: unsupported info\n"));
-		return NT_STATUS_INVALID_INFO_CLASS;
-	}
-
-	return NT_STATUS_OK;
-}
-
-/*******************************************************************
-inits a SAM_USERINFO_CTR structure.
-********************************************************************/
-
-static void init_samr_userinfo_ctr(SAM_USERINFO_CTR * ctr, DATA_BLOB *sess_key,
-				   uint16 switch_value, void *info)
-{
-	DEBUG(5, ("init_samr_userinfo_ctr\n"));
-
-	ctr->switch_value = switch_value;
-	ctr->info.id = info;
-
-	switch (switch_value) {
-	case 0x18:
-		SamOEMhashBlob(ctr->info.id24->pass, 516, sess_key);
-		dump_data(100, sess_key->data, sess_key->length);
-		dump_data(100, ctr->info.id24->pass, 516);
-		break;
-	case 0x17:
-		SamOEMhashBlob(ctr->info.id23->pass, 516, sess_key);
-		dump_data(100, sess_key->data, sess_key->length);
-		dump_data(100, ctr->info.id23->pass, 516);
-		break;
-	case 0x07:
-		break;
-	default:
-		DEBUG(4,("init_samr_userinfo_ctr: unsupported switch level: %d\n", switch_value));
-	}
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-static bool samr_io_userinfo_ctr(const char *desc, SAM_USERINFO_CTR **ppctr,
-				 prs_struct *ps, int depth)
-{
-	bool ret;
-	SAM_USERINFO_CTR *ctr;
-
-	prs_debug(ps, depth, desc, "samr_io_userinfo_ctr");
-	depth++;
-
-	if (UNMARSHALLING(ps)) {
-		ctr = PRS_ALLOC_MEM(ps,SAM_USERINFO_CTR,1);
-		if (ctr == NULL)
-			return False;
-		*ppctr = ctr;
-	} else {
-		ctr = *ppctr;
-	}
-
-	/* lkclXXXX DO NOT ALIGN BEFORE READING SWITCH VALUE! */
-
-	if(!prs_uint16("switch_value", ps, depth, &ctr->switch_value))
-		return False;
-	if(!prs_align(ps))
-		return False;
-
-	ret = False;
-
-	switch (ctr->switch_value) {
-	case 7:
-		if (UNMARSHALLING(ps))
-			ctr->info.id7 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_7,1);
-		if (ctr->info.id7 == NULL) {
-			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
-			return False;
-		}
-		ret = sam_io_user_info7("", ctr->info.id7, ps, depth);
-		break;
-	case 9:
-		if (UNMARSHALLING(ps))
-			ctr->info.id9 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_9,1);
-		if (ctr->info.id9 == NULL) {
-			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
-			return False;
-		}
-		ret = sam_io_user_info9("", ctr->info.id9, ps, depth);
-		break;
-	case 16:
-		if (UNMARSHALLING(ps))
-			ctr->info.id16 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_16,1);
-		if (ctr->info.id16 == NULL) {
-			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
-			return False;
-		}
-		ret = sam_io_user_info16("", ctr->info.id16, ps, depth);
-		break;
-	case 17:
-		if (UNMARSHALLING(ps))
-			ctr->info.id17 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_17,1);
-
-		if (ctr->info.id17 == NULL) {
-			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
-			return False;
-		}
-		ret = sam_io_user_info17("", ctr->info.id17, ps, depth);
-		break;
-	case 18:
-		if (UNMARSHALLING(ps))
-			ctr->info.id18 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_18,1);
-
-		if (ctr->info.id18 == NULL) {
-			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
-			return False;
-		}
-		ret = sam_io_user_info18("", ctr->info.id18, ps, depth);
-		break;
-	case 20:
-		if (UNMARSHALLING(ps))
-			ctr->info.id20 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_20,1);
-
-		if (ctr->info.id20 == NULL) {
-			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
-			return False;
-		}
-		ret = sam_io_user_info20("", ctr->info.id20, ps, depth);
-		break;
-	case 21:
-		if (UNMARSHALLING(ps))
-			ctr->info.id21 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_21,1);
-
-		if (ctr->info.id21 == NULL) {
-			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
-			return False;
-		}
-		ret = sam_io_user_info21("", ctr->info.id21, ps, depth);
-		break;
-	case 23:
-		if (UNMARSHALLING(ps))
-			ctr->info.id23 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_23,1);
-
-		if (ctr->info.id23 == NULL) {
-			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
-			return False;
-		}
-		ret = sam_io_user_info23("", ctr->info.id23, ps, depth);
-		break;
-	case 24:
-		if (UNMARSHALLING(ps))
-			ctr->info.id24 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_24,1);
-
-		if (ctr->info.id24 == NULL) {
-			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
-			return False;
-		}
-		ret = sam_io_user_info24("", ctr->info.id24, ps,  depth);
-		break;
-	case 25:
-		if (UNMARSHALLING(ps))
-			ctr->info.id25 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_25,1);
-
-		if (ctr->info.id25 == NULL) {
-			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
-			return False;
-		}
-		ret = sam_io_user_info25("", ctr->info.id25, ps, depth);
-		break;
-	case 26:
-		if (UNMARSHALLING(ps))
-			ctr->info.id26 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_26,1);
-
-		if (ctr->info.id26 == NULL) {
-			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
-			return False;
-		}
-		ret = sam_io_user_info26("", ctr->info.id26, ps,  depth);
-		break;
-	default:
-		DEBUG(2, ("samr_io_userinfo_ctr: unknown switch level 0x%x\n", ctr->switch_value));
-		ret = False;
-		break;
-	}
-
-	return ret;
-}
-
-/*******************************************************************
-inits a SAMR_R_QUERY_USERINFO structure.
-********************************************************************/
-
-void init_samr_r_query_userinfo(SAMR_R_QUERY_USERINFO * r_u,
-				SAM_USERINFO_CTR * ctr, NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_query_userinfo\n"));
-
-	r_u->ptr = 0;
-	r_u->ctr = NULL;
-
-	if (NT_STATUS_IS_OK(status)) {
-		r_u->ptr = 1;
-		r_u->ctr = ctr;
-	}
-
-	r_u->status = status;	/* return status */
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_query_userinfo(const char *desc, SAMR_R_QUERY_USERINFO * r_u,
-			      prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_query_userinfo");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr", ps, depth, &r_u->ptr))
-		return False;
-
-	if (r_u->ptr != 0) {
-		if(!samr_io_userinfo_ctr("ctr", &r_u->ctr, ps, depth))
-			return False;
-	}
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_SET_USERINFO structure.
-********************************************************************/
-
-void init_samr_q_set_userinfo(SAMR_Q_SET_USERINFO * q_u,
-			      const POLICY_HND *hnd, DATA_BLOB *sess_key,
-			      uint16 switch_value, void *info)
-{
-	DEBUG(5, ("init_samr_q_set_userinfo\n"));
-
-	q_u->pol = *hnd;
-	q_u->switch_value = switch_value;
-	init_samr_userinfo_ctr(q_u->ctr, sess_key, switch_value, info);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_set_userinfo(const char *desc, SAMR_Q_SET_USERINFO * q_u,
-			    prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_set_userinfo");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	smb_io_pol_hnd("pol", &(q_u->pol), ps, depth);
-
-	if(!prs_uint16("switch_value", ps, depth, &q_u->switch_value))
-		return False;
-	if(!samr_io_userinfo_ctr("ctr", &q_u->ctr, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_SET_USERINFO structure.
-********************************************************************/
-
-void init_samr_r_set_userinfo(SAMR_R_SET_USERINFO * r_u, NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_set_userinfo\n"));
-
-	r_u->status = status;	/* return status */
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_set_userinfo(const char *desc, SAMR_R_SET_USERINFO * r_u,
-			    prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_set_userinfo");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_SET_USERINFO2 structure.
-********************************************************************/
-
-void init_samr_q_set_userinfo2(SAMR_Q_SET_USERINFO2 * q_u,
-			       const POLICY_HND *hnd, DATA_BLOB *sess_key,
-			       uint16 switch_value, SAM_USERINFO_CTR * ctr)
-{
-	DEBUG(5, ("init_samr_q_set_userinfo2\n"));
-
-	q_u->pol = *hnd;
-	q_u->switch_value = switch_value;
-	q_u->ctr = ctr;
-
-	q_u->ctr->switch_value = switch_value;
-
-	switch (switch_value) {
-	case 18:
-		SamOEMhashBlob(ctr->info.id18->lm_pwd, 16, sess_key);
-		SamOEMhashBlob(ctr->info.id18->nt_pwd, 16, sess_key);
-		dump_data(100, sess_key->data, sess_key->length);
-		dump_data(100, ctr->info.id18->lm_pwd, 16);
-		dump_data(100, ctr->info.id18->nt_pwd, 16);
-		break;
-	}
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_set_userinfo2(const char *desc, SAMR_Q_SET_USERINFO2 * q_u,
-			     prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_set_userinfo2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("pol", &q_u->pol, ps, depth))
-		return False;
-
-	if(!prs_uint16("switch_value", ps, depth, &q_u->switch_value))
-		return False;
-	if(!samr_io_userinfo_ctr("ctr", &q_u->ctr, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_SET_USERINFO2 structure.
-********************************************************************/
-
-void init_samr_r_set_userinfo2(SAMR_R_SET_USERINFO2 * r_u, NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_set_userinfo2\n"));
-
-	r_u->status = status;	/* return status */
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_set_userinfo2(const char *desc, SAMR_R_SET_USERINFO2 * r_u,
-			     prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_set_userinfo2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_CONNECT structure.
-********************************************************************/
-
-void init_samr_q_connect(SAMR_Q_CONNECT * q_u,
-			 char *srv_name, uint32 access_mask)
-{
-	DEBUG(5, ("init_samr_q_connect\n"));
-
-	/* make PDC server name \\server */
-	q_u->ptr_srv_name = (srv_name != NULL && *srv_name) ? 1 : 0;
-	init_unistr2(&q_u->uni_srv_name, srv_name, UNI_STR_TERMINATE);
-
-	/* example values: 0x0000 0002 */
-	q_u->access_mask = access_mask;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_connect(const char *desc, SAMR_Q_CONNECT * q_u,
-		       prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_connect");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr_srv_name", ps, depth, &q_u->ptr_srv_name))
-		return False;
-	if(!smb_io_unistr2("", &q_u->uni_srv_name, q_u->ptr_srv_name, ps, depth))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_connect(const char *desc, SAMR_R_CONNECT * r_u,
-		       prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_connect");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("connect_pol", &r_u->connect_pol, ps, depth))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_CONNECT4 structure.
-********************************************************************/
-
-void init_samr_q_connect4(SAMR_Q_CONNECT4 * q_u,
-			  char *srv_name, uint32 access_mask)
-{
-	DEBUG(5, ("init_samr_q_connect4\n"));
-
-	/* make PDC server name \\server */
-	q_u->ptr_srv_name = (srv_name != NULL && *srv_name) ? 1 : 0;
-	init_unistr2(&q_u->uni_srv_name, srv_name, UNI_STR_TERMINATE);
-
-	/* Only value we've seen, possibly an address type ? */
-	q_u->unk_0 = 2;
-
-	/* example values: 0x0000 0002 */
-	q_u->access_mask = access_mask;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_connect4(const char *desc, SAMR_Q_CONNECT4 * q_u,
-			prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_connect4");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr_srv_name", ps, depth, &q_u->ptr_srv_name))
-		return False;
-	if(!smb_io_unistr2("", &q_u->uni_srv_name, q_u->ptr_srv_name, ps, depth))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("unk_0", ps, depth, &q_u->unk_0))
-		return False;
-	if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_connect4(const char *desc, SAMR_R_CONNECT4 * r_u,
-			prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_connect4");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("connect_pol", &r_u->connect_pol, ps, depth))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_CONNECT5 structure.
-********************************************************************/
-
-void init_samr_q_connect5(SAMR_Q_CONNECT5 * q_u,
-			  char *srv_name, uint32 access_mask)
-{
-	DEBUG(5, ("init_samr_q_connect5\n"));
-
-	/* make PDC server name \\server */
-	q_u->ptr_srv_name = (srv_name != NULL && *srv_name) ? 1 : 0;
-	init_unistr2(&q_u->uni_srv_name, srv_name, UNI_STR_TERMINATE);
-
-	/* example values: 0x0000 0002 */
-	q_u->access_mask = access_mask;
-
-	q_u->level = 1;
-	q_u->info1_unk1 = 3;
-	q_u->info1_unk2 = 0;
-}
-
-/*******************************************************************
-inits a SAMR_R_CONNECT5 structure.
-********************************************************************/
-
-void init_samr_r_connect5(SAMR_R_CONNECT5 * r_u, POLICY_HND *pol, NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_q_connect5\n"));
-
-	r_u->level = 1;
-	r_u->info1_unk1 = 3;
-	r_u->info1_unk2 = 0;
-
-	r_u->connect_pol = *pol;
-	r_u->status = status;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_connect5(const char *desc, SAMR_Q_CONNECT5 * q_u,
-			prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_connect5");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr_srv_name", ps, depth, &q_u->ptr_srv_name))
-		return False;
-	if(!smb_io_unistr2("", &q_u->uni_srv_name, q_u->ptr_srv_name, ps, depth))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
-		return False;
-
-	if(!prs_uint32("level", ps, depth, &q_u->level))
-		return False;
-	if(!prs_uint32("level", ps, depth, &q_u->level))
-		return False;
-	
-	if(!prs_uint32("info1_unk1", ps, depth, &q_u->info1_unk1))
-		return False;
-	if(!prs_uint32("info1_unk2", ps, depth, &q_u->info1_unk2))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_connect5(const char *desc, SAMR_R_CONNECT5 * r_u,
-			prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_connect5");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("level", ps, depth, &r_u->level))
-		return False;
-	if(!prs_uint32("level", ps, depth, &r_u->level))
-		return False;
-	if(!prs_uint32("info1_unk1", ps, depth, &r_u->info1_unk1))
-		return False;
-	if(!prs_uint32("info1_unk2", ps, depth, &r_u->info1_unk2))
-		return False;
-
-	if(!smb_io_pol_hnd("connect_pol", &r_u->connect_pol, ps, depth))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_CONNECT_ANON structure.
-********************************************************************/
-
-void init_samr_q_connect_anon(SAMR_Q_CONNECT_ANON * q_u)
-{
-	DEBUG(5, ("init_samr_q_connect_anon\n"));
-
-	q_u->ptr = 1;
-	q_u->unknown_0 = 0x5c;	/* server name (?!!) */
-	q_u->access_mask = MAXIMUM_ALLOWED_ACCESS;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_connect_anon(const char *desc, SAMR_Q_CONNECT_ANON * q_u,
-			    prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_connect_anon");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr      ", ps, depth, &q_u->ptr))
-		return False;
-	if (q_u->ptr) {
-		if(!prs_uint16("unknown_0", ps, depth, &q_u->unknown_0))
-			return False;
-	}
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("access_mask", ps, depth, &q_u->access_mask))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_connect_anon(const char *desc, SAMR_R_CONNECT_ANON * r_u,
-			    prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_connect_anon");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("connect_pol", &r_u->connect_pol, ps, depth))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_GET_DOM_PWINFO structure.
-********************************************************************/
-
-void init_samr_q_get_dom_pwinfo(SAMR_Q_GET_DOM_PWINFO * q_u,
-				char *srv_name)
-{
-	DEBUG(5, ("init_samr_q_get_dom_pwinfo\n"));
-
-	q_u->ptr = 1;
-	init_unistr2(&q_u->uni_srv_name, srv_name, UNI_FLAGS_NONE);
-	init_uni_hdr(&q_u->hdr_srv_name, &q_u->uni_srv_name);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_get_dom_pwinfo(const char *desc, SAMR_Q_GET_DOM_PWINFO * q_u,
-			      prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_get_dom_pwinfo");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr", ps, depth, &q_u->ptr))
-		return False;
-	if (q_u->ptr != 0) {
-		if(!smb_io_unihdr("", &q_u->hdr_srv_name, ps, depth))
-			return False;
-		if(!smb_io_unistr2("", &q_u->uni_srv_name, q_u->hdr_srv_name.buffer, ps, depth))
-			return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_get_dom_pwinfo(const char *desc, SAMR_R_GET_DOM_PWINFO * r_u,
-			      prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_get_dom_pwinfo");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint16("min_pwd_length", ps, depth, &r_u->min_pwd_length))
-		return False;
-	if(!prs_align(ps))
-		return False;
-	if(!prs_uint32("password_properties", ps, depth, &r_u->password_properties))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-make a SAMR_ENC_PASSWD structure.
-********************************************************************/
-
-void init_enc_passwd(SAMR_ENC_PASSWD * pwd, const char pass[512])
-{
-	ZERO_STRUCTP(pwd);
-
-	if (pass == NULL) {
-		pwd->ptr = 0;
-	} else {
-		pwd->ptr = 1;
-		memcpy(pwd->pass, pass, sizeof(pwd->pass));
-	}
-}
-
-/*******************************************************************
-reads or writes a SAMR_ENC_PASSWD structure.
-********************************************************************/
-
-bool samr_io_enc_passwd(const char *desc, SAMR_ENC_PASSWD * pwd,
-			prs_struct *ps, int depth)
-{
-	if (pwd == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_enc_passwd");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr", ps, depth, &pwd->ptr))
-		return False;
-
-	if (pwd->ptr != 0) {
-		if(!prs_uint8s(False, "pwd", ps, depth, pwd->pass, sizeof(pwd->pass)))
-			return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_ENC_HASH structure.
-********************************************************************/
-
-void init_enc_hash(SAMR_ENC_HASH * hsh, const uchar hash[16])
-{
-	ZERO_STRUCTP(hsh);
-
-	if (hash == NULL) {
-		hsh->ptr = 0;
-	} else {
-		hsh->ptr = 1;
-		memcpy(hsh->hash, hash, sizeof(hsh->hash));
-	}
-}
-
-/*******************************************************************
-reads or writes a SAMR_ENC_HASH structure.
-********************************************************************/
-
-bool samr_io_enc_hash(const char *desc, SAMR_ENC_HASH * hsh,
-		      prs_struct *ps, int depth)
-{
-	if (hsh == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_enc_hash");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr ", ps, depth, &hsh->ptr))
-		return False;
-	if (hsh->ptr != 0) {
-		if(!prs_uint8s(False, "hash", ps, depth, hsh->hash,sizeof(hsh->hash)))
-			return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_CHGPASSWD_USER structure.
-********************************************************************/
-
-void init_samr_q_chgpasswd_user(SAMR_Q_CHGPASSWD_USER * q_u,
-				const char *dest_host, const char *user_name,
-				const uchar nt_newpass[516],
-				const uchar nt_oldhash[16],
-				const uchar lm_newpass[516],
-				const uchar lm_oldhash[16])
-{
-	DEBUG(5, ("init_samr_q_chgpasswd_user\n"));
-
-	q_u->ptr_0 = 1;
-	init_unistr2(&q_u->uni_dest_host, dest_host, UNI_FLAGS_NONE);
-	init_uni_hdr(&q_u->hdr_dest_host, &q_u->uni_dest_host);
-
-	init_unistr2(&q_u->uni_user_name, user_name, UNI_FLAGS_NONE);
-	init_uni_hdr(&q_u->hdr_user_name, &q_u->uni_user_name);
-
-	init_enc_passwd(&q_u->nt_newpass, (const char *)nt_newpass);
-	init_enc_hash(&q_u->nt_oldhash, nt_oldhash);
-
-	q_u->unknown = 0x01;
-
-	init_enc_passwd(&q_u->lm_newpass, (const char *)lm_newpass);
-	init_enc_hash(&q_u->lm_oldhash, lm_oldhash);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_chgpasswd_user(const char *desc, SAMR_Q_CHGPASSWD_USER * q_u,
-			      prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_chgpasswd_user");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr_0", ps, depth, &q_u->ptr_0))
-		return False;
-
-	if(!smb_io_unihdr("", &q_u->hdr_dest_host, ps, depth))
-		return False;
-	if(!smb_io_unistr2("", &q_u->uni_dest_host, q_u->hdr_dest_host.buffer, ps, depth))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-	if(!smb_io_unihdr("", &q_u->hdr_user_name, ps, depth))
-		return False;
-	if(!smb_io_unistr2("", &q_u->uni_user_name, q_u->hdr_user_name.buffer,ps, depth))
-		return False;
-
-	if(!samr_io_enc_passwd("nt_newpass", &q_u->nt_newpass, ps, depth))
-		return False;
-	if(!samr_io_enc_hash("nt_oldhash", &q_u->nt_oldhash, ps, depth))
-		return False;
-
-	if(!prs_uint32("unknown", ps, depth, &q_u->unknown))
-		return False;
-
-	if(!samr_io_enc_passwd("lm_newpass", &q_u->lm_newpass, ps, depth))
-		return False;
-	if(!samr_io_enc_hash("lm_oldhash", &q_u->lm_oldhash, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_CHGPASSWD_USER structure.
-********************************************************************/
-
-void init_samr_r_chgpasswd_user(SAMR_R_CHGPASSWD_USER * r_u, NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_chgpasswd_user\n"));
-
-	r_u->status = status;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_chgpasswd_user(const char *desc, SAMR_R_CHGPASSWD_USER * r_u,
-			      prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_chgpasswd_user");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_Q_CHGPASSWD3 structure.
-********************************************************************/
-
-void init_samr_q_chgpasswd_user3(SAMR_Q_CHGPASSWD_USER3 * q_u,
-				 const char *dest_host, const char *user_name,
-				 const uchar nt_newpass[516],
-				 const uchar nt_oldhash[16],
-				 const uchar lm_newpass[516],
-				 const uchar lm_oldhash[16])
-{
-	DEBUG(5, ("init_samr_q_chgpasswd_user3\n"));
-
-	q_u->ptr_0 = 1;
-	init_unistr2(&q_u->uni_dest_host, dest_host, UNI_FLAGS_NONE);
-	init_uni_hdr(&q_u->hdr_dest_host, &q_u->uni_dest_host);
-
-	init_unistr2(&q_u->uni_user_name, user_name, UNI_FLAGS_NONE);
-	init_uni_hdr(&q_u->hdr_user_name, &q_u->uni_user_name);
-
-	init_enc_passwd(&q_u->nt_newpass, (const char *)nt_newpass);
-	init_enc_hash(&q_u->nt_oldhash, nt_oldhash);
-
-	q_u->lm_change = 0x01;
-
-	init_enc_passwd(&q_u->lm_newpass, (const char *)lm_newpass);
-	init_enc_hash(&q_u->lm_oldhash, lm_oldhash);
-
-	init_enc_passwd(&q_u->password3, NULL);
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_chgpasswd_user3(const char *desc, SAMR_Q_CHGPASSWD_USER3 * q_u,
-			       prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_chgpasswd_user3");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr_0", ps, depth, &q_u->ptr_0))
-		return False;
-
-	if(!smb_io_unihdr("", &q_u->hdr_dest_host, ps, depth))
-		return False;
-	if(!smb_io_unistr2("", &q_u->uni_dest_host, q_u->hdr_dest_host.buffer, ps, depth))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-	if(!smb_io_unihdr("", &q_u->hdr_user_name, ps, depth))
-		return False;
-	if(!smb_io_unistr2("", &q_u->uni_user_name, q_u->hdr_user_name.buffer,ps, depth))
-		return False;
-
-	if(!samr_io_enc_passwd("nt_newpass", &q_u->nt_newpass, ps, depth))
-		return False;
-	if(!samr_io_enc_hash("nt_oldhash", &q_u->nt_oldhash, ps, depth))
-		return False;
-
-	if(!prs_uint32("lm_change", ps, depth, &q_u->lm_change))
-		return False;
-
-	if(!samr_io_enc_passwd("lm_newpass", &q_u->lm_newpass, ps, depth))
-		return False;
-	if(!samr_io_enc_hash("lm_oldhash", &q_u->lm_oldhash, ps, depth))
-		return False;
-
-	if(!samr_io_enc_passwd("password3", &q_u->password3, ps, depth))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_CHGPASSWD_USER3 structure.
-********************************************************************/
-
-void init_samr_r_chgpasswd_user3(SAMR_R_CHGPASSWD_USER3 *r_u, NTSTATUS status, 
-				 SAMR_CHANGE_REJECT *reject, SAM_UNK_INFO_1 *info)
-{
-	DEBUG(5, ("init_samr_r_chgpasswd_user3\n"));
-
-	r_u->status = status;
-	r_u->info = 0;
-	r_u->ptr_info = 0;
-	r_u->reject = 0;
-	r_u->ptr_reject = 0;
-
-	if (info) {
-		r_u->info = info;
-		r_u->ptr_info = 1;
-	}
-	if (reject && (reject->reject_reason != Undefined)) {
-		r_u->reject = reject;
-		r_u->ptr_reject = 1;
-	}
-}
-
-/*******************************************************************
- Reads or writes an SAMR_CHANGE_REJECT structure.
-********************************************************************/
-
-bool samr_io_change_reject(const char *desc, SAMR_CHANGE_REJECT *reject, prs_struct *ps, int depth)
-{
-	if (reject == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_change_reject");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(UNMARSHALLING(ps))
-		ZERO_STRUCTP(reject);
-	
-	if (!prs_uint32("reject_reason", ps, depth, &reject->reject_reason))
-		return False;
-		
-	if (!prs_uint32("unknown1", ps, depth, &reject->unknown1))
-		return False;
-
-	if (!prs_uint32("unknown2", ps, depth, &reject->unknown2))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_chgpasswd_user3(const char *desc, SAMR_R_CHGPASSWD_USER3 *r_u,
-			       prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_chgpasswd_user3");
-	depth++;
-
-	if (!prs_align(ps))
-		return False;
-
-	if (!prs_uint32("ptr_info", ps, depth, &r_u->ptr_info))
-		return False;
-
-	/* special case: Windows 2000 can return stub data here saying
-	   NT_STATUS_NOT_SUPPORTED */
-
-	if ( NT_STATUS_EQUAL( NT_STATUS_NOT_SUPPORTED, NT_STATUS(r_u->ptr_info)) ) {
-		r_u->status = NT_STATUS_NOT_SUPPORTED;
-		return True;
-	}
-
-	if (r_u->ptr_info && r_u->info != NULL) {
-		/* SAM_UNK_INFO_1 */
-		if (!sam_io_unk_info1("info", r_u->info, ps, depth))
-			return False;
-	}
-
-	if (!prs_uint32("ptr_reject", ps, depth, &r_u->ptr_reject))
-		return False;
-			     
-	if (r_u->ptr_reject && r_u->reject != NULL) {
-		/* SAMR_CHANGE_REJECT */
-		if (!samr_io_change_reject("reject", r_u->reject, ps, depth))
-			return False;
-	}
-
-	if (!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-void init_samr_q_query_domain_info2(SAMR_Q_QUERY_DOMAIN_INFO2 *q_u,
-				POLICY_HND *domain_pol, uint16 switch_value)
-{
-	DEBUG(5, ("init_samr_q_query_domain_info2\n"));
-
-	q_u->domain_pol = *domain_pol;
-	q_u->switch_value = switch_value;
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_query_domain_info2(const char *desc, SAMR_Q_QUERY_DOMAIN_INFO2 *q_u,
-			      prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_query_domain_info2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("domain_pol", &q_u->domain_pol, ps, depth))
-		return False;
-
-	if(!prs_uint16("switch_value", ps, depth, &q_u->switch_value))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_QUERY_DOMAIN_INFO structure.
-********************************************************************/
-
-void init_samr_r_query_domain_info2(SAMR_R_QUERY_DOMAIN_INFO2 * r_u,
-				    uint16 switch_value, SAM_UNK_CTR * ctr,
-				    NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_query_domain_info2\n"));
-
-	r_u->ptr_0 = 0;
-	r_u->switch_value = 0;
-	r_u->status = status;	/* return status */
-
-	if (NT_STATUS_IS_OK(status)) {
-		r_u->switch_value = switch_value;
-		r_u->ptr_0 = 1;
-		r_u->ctr = ctr;
-	}
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_query_domain_info2(const char *desc, SAMR_R_QUERY_DOMAIN_INFO2 * r_u,
-				  prs_struct *ps, int depth)
-{
-        if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_query_domain_info2");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("ptr_0 ", ps, depth, &r_u->ptr_0))
-		return False;
-
-	if (r_u->ptr_0 != 0 && r_u->ctr != NULL) {
-		if(!prs_uint16("switch_value", ps, depth, &r_u->switch_value))
-			return False;
-		if(!prs_align(ps))
-			return False;
-
-		switch (r_u->switch_value) {
-		case 0x0d:
-			if(!sam_io_unk_info13("unk_inf13", &r_u->ctr->info.inf13, ps, depth))
-				return False;
-			break;
-		case 0x0c:
-			if(!sam_io_unk_info12("unk_inf12", &r_u->ctr->info.inf12, ps, depth))
-				return False;
-			break;
-		case 0x09:
-			if(!sam_io_unk_info9("unk_inf9",&r_u->ctr->info.inf9, ps,depth))
-				return False;
-			break;
-		case 0x08:
-			if(!sam_io_unk_info8("unk_inf8",&r_u->ctr->info.inf8, ps,depth))
-				return False;
-			break;
-		case 0x07:
-			if(!sam_io_unk_info7("unk_inf7",&r_u->ctr->info.inf7, ps,depth))
-				return False;
-			break;
-		case 0x06:
-			if(!sam_io_unk_info6("unk_inf6",&r_u->ctr->info.inf6, ps,depth))
-				return False;
-			break;
-		case 0x05:
-			if(!sam_io_unk_info5("unk_inf5",&r_u->ctr->info.inf5, ps,depth))
-				return False;
-			break;
-		case 0x04:
-			if(!sam_io_unk_info4("unk_inf4",&r_u->ctr->info.inf4, ps,depth))
-				return False;
-			break;
-		case 0x03:
-			if(!sam_io_unk_info3("unk_inf3",&r_u->ctr->info.inf3, ps,depth))
-				return False;
-			break;
-		case 0x02:
-			if(!sam_io_unk_info2("unk_inf2",&r_u->ctr->info.inf2, ps,depth))
-				return False;
-			break;
-		case 0x01:
-			if(!sam_io_unk_info1("unk_inf1",&r_u->ctr->info.inf1, ps,depth))
-				return False;
-			break;
-		default:
-			DEBUG(0, ("samr_io_r_query_domain_info2: unknown switch level 0x%x\n",
-				r_u->switch_value));
-			r_u->status = NT_STATUS_INVALID_INFO_CLASS;
-			return False;
-		}
-	}
-	
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-	
-	return True;
-}
-
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-void init_samr_q_set_domain_info(SAMR_Q_SET_DOMAIN_INFO *q_u,
-				POLICY_HND *domain_pol, uint16 switch_value, SAM_UNK_CTR *ctr)
-{
-	DEBUG(5, ("init_samr_q_set_domain_info\n"));
-
-	q_u->domain_pol = *domain_pol;
-	q_u->switch_value0 = switch_value;
-
-	q_u->switch_value = switch_value;
-	q_u->ctr = ctr;
-	
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_q_set_domain_info(const char *desc, SAMR_Q_SET_DOMAIN_INFO *q_u,
-			      prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_q_set_domain_info");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("domain_pol", &q_u->domain_pol, ps, depth))
-		return False;
-
-	if(!prs_uint16("switch_value0", ps, depth, &q_u->switch_value0))
-		return False;
-
-	if(!prs_uint16("switch_value", ps, depth, &q_u->switch_value))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	if (UNMARSHALLING(ps)) {
-		if ((q_u->ctr = PRS_ALLOC_MEM(ps, SAM_UNK_CTR, 1)) == NULL)
-			return False;
-	}
-	
-	switch (q_u->switch_value) {
-
-	case 0x0c:
-		if(!sam_io_unk_info12("unk_inf12", &q_u->ctr->info.inf12, ps, depth))
-			return False;
-		break;
-	case 0x07:
-		if(!sam_io_unk_info7("unk_inf7",&q_u->ctr->info.inf7, ps,depth))
-			return False;
-		break;
-	case 0x06:
-		if(!sam_io_unk_info6("unk_inf6",&q_u->ctr->info.inf6, ps,depth))
-			return False;
-		break;
-	case 0x05:
-		if(!sam_io_unk_info5("unk_inf5",&q_u->ctr->info.inf5, ps,depth))
-			return False;
-		break;
-	case 0x03:
-		if(!sam_io_unk_info3("unk_inf3",&q_u->ctr->info.inf3, ps,depth))
-			return False;
-		break;
-	case 0x02:
-		if(!sam_io_unk_info2("unk_inf2",&q_u->ctr->info.inf2, ps,depth))
-			return False;
-		break;
-	case 0x01:
-		if(!sam_io_unk_info1("unk_inf1",&q_u->ctr->info.inf1, ps,depth))
-			return False;
-		break;
-	default:
-		DEBUG(0, ("samr_io_r_samr_unknown_2e: unknown switch level 0x%x\n",
-			q_u->switch_value));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
-inits a SAMR_R_QUERY_DOMAIN_INFO structure.
-********************************************************************/
-
-void init_samr_r_set_domain_info(SAMR_R_SET_DOMAIN_INFO * r_u, NTSTATUS status)
-{
-	DEBUG(5, ("init_samr_r_set_domain_info\n"));
-
-	r_u->status = status;	/* return status */
-}
-
-/*******************************************************************
-reads or writes a structure.
-********************************************************************/
-
-bool samr_io_r_set_domain_info(const char *desc, SAMR_R_SET_DOMAIN_INFO * r_u,
-			      prs_struct *ps, int depth)
-{
-        if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "samr_io_r_samr_unknown_2e");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_ntstatus("status", ps, depth, &r_u->status))
-		return False;
-	
-	return True;
-}
diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c
index 6ea128d3a4..c71b31086a 100644
--- a/source3/rpc_parse/parse_sec.c
+++ b/source3/rpc_parse/parse_sec.c
@@ -27,28 +27,11 @@
 #define DBGC_CLASS DBGC_RPC_PARSE
 
 /*******************************************************************
- Reads or writes a SEC_ACCESS structure.
-********************************************************************/
-
-bool sec_io_access(const char *desc, SEC_ACCESS *t, prs_struct *ps, int depth)
-{
-	if (t == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "sec_io_access");
-	depth++;
-	
-	if(!prs_uint32("mask", ps, depth, t))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
  Reads or writes a SEC_ACE structure.
 ********************************************************************/
 
-bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth)
+static bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps,
+		       int depth)
 {
 	uint32 old_offset;
 	uint32 offset_ace_size;
@@ -130,7 +113,8 @@ bool sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth)
  for you as it reads them.
 ********************************************************************/
 
-bool sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth)
+static bool sec_io_acl(const char *desc, SEC_ACL **ppsa, prs_struct *ps,
+		       int depth)
 {
 	unsigned int i;
 	uint32 old_offset;
diff --git a/source3/rpc_parse/parse_svcctl.c b/source3/rpc_parse/parse_svcctl.c
index 18e12ef0a6..62c1e21927 100644
--- a/source3/rpc_parse/parse_svcctl.c
+++ b/source3/rpc_parse/parse_svcctl.c
@@ -198,225 +198,6 @@ uint32 svcctl_sizeof_service_config( SERVICE_CONFIG *config )
 /*******************************************************************
 ********************************************************************/
 
-bool svcctl_io_q_open_scmanager(const char *desc, SVCCTL_Q_OPEN_SCMANAGER *q_u, prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "svcctl_io_q_open_scmanager");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_pointer("servername", ps, depth, (void*)&q_u->servername, sizeof(UNISTR2), (PRS_POINTER_CAST)prs_io_unistr2))
-		return False;
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_pointer("database", ps, depth, (void*)&q_u->database, sizeof(UNISTR2), (PRS_POINTER_CAST)prs_io_unistr2))
-		return False;
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("access", ps, depth, &q_u->access))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool svcctl_io_r_open_scmanager(const char *desc, SVCCTL_R_OPEN_SCMANAGER *r_u, prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "svcctl_io_r_open_scmanager");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("scm_pol", &r_u->handle, ps, depth))
-		return False;
-
-	if(!prs_werror("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool svcctl_io_q_get_display_name(const char *desc, SVCCTL_Q_GET_DISPLAY_NAME *q_u, prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "svcctl_io_q_get_display_name");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("scm_pol", &q_u->handle, ps, depth))
-		return False;
-
-	if(!smb_io_unistr2("servicename", &q_u->servicename, 1, ps, depth))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("display_name_len", ps, depth, &q_u->display_name_len))
-		return False;
-	
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool init_svcctl_r_get_display_name( SVCCTL_R_GET_DISPLAY_NAME *r_u, const char *displayname )
-{
-	r_u->display_name_len = strlen(displayname);
-	init_unistr2( &r_u->displayname, displayname, UNI_STR_TERMINATE );
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool svcctl_io_r_get_display_name(const char *desc, SVCCTL_R_GET_DISPLAY_NAME *r_u, prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "svcctl_io_r_get_display_name");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	
-	if(!smb_io_unistr2("displayname", &r_u->displayname, 1, ps, depth))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("display_name_len", ps, depth, &r_u->display_name_len))
-		return False;
-
-	if(!prs_werror("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
-********************************************************************/
-
-bool svcctl_io_q_open_service(const char *desc, SVCCTL_Q_OPEN_SERVICE *q_u, prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "svcctl_io_q_open_service");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("scm_pol", &q_u->handle, ps, depth))
-		return False;
-
-	if(!smb_io_unistr2("servicename", &q_u->servicename, 1, ps, depth))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("access", ps, depth, &q_u->access))
-		return False;
-	
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool svcctl_io_r_open_service(const char *desc, SVCCTL_R_OPEN_SERVICE *r_u, prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "svcctl_io_r_open_service");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("service_pol", &r_u->handle, ps, depth))
-		return False;
-
-	if(!prs_werror("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool svcctl_io_q_query_status(const char *desc, SVCCTL_Q_QUERY_STATUS *q_u, prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "svcctl_io_q_query_status");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("service_pol", &q_u->handle, ps, depth))
-		return False;
-	
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool svcctl_io_r_query_status(const char *desc, SVCCTL_R_QUERY_STATUS *r_u, prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "svcctl_io_r_query_status");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!svcctl_io_service_status("service_status", &r_u->svc_status, ps, depth))
-		return False;
-
-	if(!prs_werror("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
 bool svcctl_io_q_enum_services_status(const char *desc, SVCCTL_Q_ENUM_SERVICES_STATUS *q_u, prs_struct *ps, int depth)
 {
 	if (q_u == NULL)
@@ -481,50 +262,6 @@ bool svcctl_io_r_enum_services_status(const char *desc, SVCCTL_R_ENUM_SERVICES_S
 /*******************************************************************
 ********************************************************************/
 
-bool svcctl_io_q_start_service(const char *desc, SVCCTL_Q_START_SERVICE *q_u, prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "svcctl_io_q_start_service");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("service_pol", &q_u->handle, ps, depth))
-		return False;
-
-	if(!prs_uint32("parmcount", ps, depth, &q_u->parmcount))
-		return False;
-
-	if ( !prs_pointer("rights", ps, depth, (void*)&q_u->parameters, sizeof(UNISTR4_ARRAY), (PRS_POINTER_CAST)prs_unistr4_array) )
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool svcctl_io_r_start_service(const char *desc, SVCCTL_R_START_SERVICE *r_u, prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "svcctl_io_r_start_service");
-	depth++;
-
-	if(!prs_werror("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
-********************************************************************/
-
 bool svcctl_io_q_enum_dependent_services(const char *desc, SVCCTL_Q_ENUM_DEPENDENT_SERVICES *q_u, prs_struct *ps, int depth)
 {
 	if (q_u == NULL)
@@ -581,53 +318,6 @@ bool svcctl_io_r_enum_dependent_services(const char *desc, SVCCTL_R_ENUM_DEPENDE
 /*******************************************************************
 ********************************************************************/
 
-bool svcctl_io_q_control_service(const char *desc, SVCCTL_Q_CONTROL_SERVICE *q_u, prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "svcctl_io_q_control_service");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("service_pol", &q_u->handle, ps, depth))
-		return False;
-
-	if(!prs_uint32("control", ps, depth, &q_u->control))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool svcctl_io_r_control_service(const char *desc, SVCCTL_R_CONTROL_SERVICE *r_u, prs_struct *ps, int depth)
-{
-	if (r_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "svcctl_io_r_control_service");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!svcctl_io_service_status("service_status", &r_u->svc_status, ps, depth))
-		return False;
-
-	if(!prs_werror("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-
-/*******************************************************************
-********************************************************************/
-
 bool svcctl_io_q_query_service_config(const char *desc, SVCCTL_Q_QUERY_SERVICE_CONFIG *q_u, prs_struct *ps, int depth)
 {
 	if (q_u == NULL)
@@ -899,195 +589,3 @@ bool svcctl_io_r_query_service_status_ex(const char *desc, SVCCTL_R_QUERY_SERVIC
 
 	return True;
 }
-
-/*******************************************************************
-********************************************************************/
-
-bool svcctl_io_q_lock_service_db(const char *desc, SVCCTL_Q_LOCK_SERVICE_DB *q_u, prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "svcctl_io_q_lock_service_db");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("scm_handle", &q_u->handle, ps, depth))
-		return False;
-
-	return True;
-
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool svcctl_io_r_lock_service_db(const char *desc, SVCCTL_R_LOCK_SERVICE_DB *r_u, prs_struct *ps, int depth)
-{
-	if ( !r_u )
-		return False;
-
-	prs_debug(ps, depth, desc, "svcctl_io_r_lock_service_db");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("lock_handle", &r_u->h_lock, ps, depth))
-		return False;
-
-	if(!prs_werror("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool svcctl_io_q_unlock_service_db(const char *desc, SVCCTL_Q_UNLOCK_SERVICE_DB *q_u, prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "svcctl_io_q_unlock_service_db");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("h_lock", &q_u->h_lock, ps, depth))
-		return False;
-
-	return True;
-
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool svcctl_io_r_unlock_service_db(const char *desc, SVCCTL_R_UNLOCK_SERVICE_DB *r_u, prs_struct *ps, int depth)
-{
-	if ( !r_u )
-		return False;
-
-	prs_debug(ps, depth, desc, "svcctl_io_r_unlock_service_db");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_werror("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool svcctl_io_q_query_service_sec(const char *desc, SVCCTL_Q_QUERY_SERVICE_SEC *q_u, prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "svcctl_io_q_query_service_sec");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("handle", &q_u->handle, ps, depth))
-		return False;
-	if(!prs_uint32("security_flags", ps, depth, &q_u->security_flags))
-		return False;
-	if(!prs_uint32("buffer_size", ps, depth, &q_u->buffer_size))
-		return False;
-
-	return True;
-
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool svcctl_io_r_query_service_sec(const char *desc, SVCCTL_R_QUERY_SERVICE_SEC *r_u, prs_struct *ps, int depth)
-{
-	if ( !r_u )
-		return False;
-
-	prs_debug(ps, depth, desc, "svcctl_io_r_query_service_sec");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if (!prs_rpcbuffer("buffer", ps, depth, &r_u->buffer))
-		return False;
-
-	if(!prs_uint32("needed", ps, depth, &r_u->needed))
-		return False;
-
-	if(!prs_werror("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool svcctl_io_q_set_service_sec(const char *desc, SVCCTL_Q_SET_SERVICE_SEC *q_u, prs_struct *ps, int depth)
-{
-	if (q_u == NULL)
-		return False;
-
-	prs_debug(ps, depth, desc, "svcctl_io_q_set_service_sec");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!smb_io_pol_hnd("handle", &q_u->handle, ps, depth))
-		return False;
-	if(!prs_uint32("security_flags", ps, depth, &q_u->security_flags))
-		return False;
-
-	if (!prs_rpcbuffer("buffer", ps, depth, &q_u->buffer))
-		return False;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_uint32("buffer_size", ps, depth, &q_u->buffer_size))
-		return False;
-
-	return True;
-
-}
-
-/*******************************************************************
-********************************************************************/
-
-bool svcctl_io_r_set_service_sec(const char *desc, SVCCTL_R_SET_SERVICE_SEC *r_u, prs_struct *ps, int depth)
-{
-	if ( !r_u )
-		return False;
-
-	prs_debug(ps, depth, desc, "svcctl_io_r_set_service_sec");
-	depth++;
-
-	if(!prs_align(ps))
-		return False;
-
-	if(!prs_werror("status", ps, depth, &r_u->status))
-		return False;
-
-	return True;
-}
-
-
-
-
diff --git a/source3/rpc_server/srv_dssetup_nt.c b/source3/rpc_server/srv_dssetup_nt.c
new file mode 100644
index 0000000000..ea535a3375
--- /dev/null
+++ b/source3/rpc_server/srv_dssetup_nt.c
@@ -0,0 +1,220 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  RPC Pipe client / server routines
+ *  Copyright (C) Andrew Tridgell               1992-1997.
+ *  Copyright (C) Luke Kenneth Casson Leighton  1996-1997.
+ *  Copyright (C) Paul Ashton                        1997.
+ *  Copyright (C) Jeremy Allison                     2001.
+ *  Copyright (C) Gerald Carter                      2002.
+ *  Copyright (C) Guenther Deschner                  2008.
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_RPC_SRV
+
+/********************************************************************
+ Fill in a dssetup_DsRolePrimaryDomInfoBasic structure
+ ********************************************************************/
+
+static WERROR fill_dsrole_dominfo_basic(TALLOC_CTX *ctx,
+					struct dssetup_DsRolePrimaryDomInfoBasic **info)
+{
+	struct dssetup_DsRolePrimaryDomInfoBasic *basic = NULL;
+	fstring dnsdomain;
+
+	DEBUG(10,("fill_dsrole_dominfo_basic: enter\n"));
+
+	basic = TALLOC_ZERO_P(ctx, struct dssetup_DsRolePrimaryDomInfoBasic);
+	if (!basic) {
+		DEBUG(0,("fill_dsrole_dominfo_basic: out of memory\n"));
+		return WERR_NOMEM;
+	}
+
+	switch (lp_server_role()) {
+		case ROLE_STANDALONE:
+			basic->role = DS_ROLE_STANDALONE_SERVER;
+			basic->domain = get_global_sam_name();
+			break;
+		case ROLE_DOMAIN_MEMBER:
+			basic->role = DS_ROLE_MEMBER_SERVER;
+			basic->domain = lp_workgroup();
+			break;
+		case ROLE_DOMAIN_BDC:
+			basic->role = DS_ROLE_BACKUP_DC;
+			basic->domain = get_global_sam_name();
+			break;
+		case ROLE_DOMAIN_PDC:
+			basic->role = DS_ROLE_PRIMARY_DC;
+			basic->domain = get_global_sam_name();
+			break;
+	}
+
+	if (secrets_fetch_domain_guid(lp_workgroup(), &basic->domain_guid)) {
+		basic->flags |= DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT;
+	}
+
+	/* fill in some additional fields if we are a member of an AD domain */
+
+	if (lp_security() == SEC_ADS) {
+		fstrcpy(dnsdomain, lp_realm());
+		strlower_m(dnsdomain);
+		basic->dns_domain = dnsdomain;
+
+		/* FIXME!! We really should fill in the correct forest
+		   name.  Should get this information from winbindd.  */
+		basic->forest = dnsdomain;
+	} else {
+		/* security = domain should not fill in the dns or
+		   forest name */
+		basic->dns_domain = NULL;
+		basic->forest = NULL;
+	}
+
+	*info = basic;
+
+	return WERR_OK;
+}
+
+/********************************************************************
+ Implement the _dssetup_DsRoleGetPrimaryDomainInformation() call
+ ********************************************************************/
+
+WERROR _dssetup_DsRoleGetPrimaryDomainInformation(pipes_struct *p,
+						  struct dssetup_DsRoleGetPrimaryDomainInformation *r)
+{
+	WERROR werr = WERR_OK;
+
+	switch (r->in.level) {
+
+		case DS_ROLE_BASIC_INFORMATION: {
+			struct dssetup_DsRolePrimaryDomInfoBasic *basic = NULL;
+			werr = fill_dsrole_dominfo_basic(p->mem_ctx, &basic);
+			if (W_ERROR_IS_OK(werr)) {
+				r->out.info->basic = *basic;
+			}
+			break;
+		}
+		default:
+			DEBUG(0,("_dssetup_DsRoleGetPrimaryDomainInformation: "
+				"Unknown info level [%d]!\n", r->in.level));
+			werr = WERR_UNKNOWN_LEVEL;
+	}
+
+	return werr;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _dssetup_DsRoleDnsNameToFlatName(pipes_struct *p,
+					struct dssetup_DsRoleDnsNameToFlatName *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _dssetup_DsRoleDcAsDc(pipes_struct *p,
+			     struct dssetup_DsRoleDcAsDc *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _dssetup_DsRoleDcAsReplica(pipes_struct *p,
+				  struct dssetup_DsRoleDcAsReplica *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _dssetup_DsRoleDemoteDc(pipes_struct *p,
+			       struct dssetup_DsRoleDemoteDc *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _dssetup_DsRoleGetDcOperationProgress(pipes_struct *p,
+					     struct dssetup_DsRoleGetDcOperationProgress *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _dssetup_DsRoleGetDcOperationResults(pipes_struct *p,
+					    struct dssetup_DsRoleGetDcOperationResults *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _dssetup_DsRoleCancel(pipes_struct *p,
+			     struct dssetup_DsRoleCancel *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _dssetup_DsRoleServerSaveStateForUpgrade(pipes_struct *p,
+						struct dssetup_DsRoleServerSaveStateForUpgrade *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _dssetup_DsRoleUpgradeDownlevelServer(pipes_struct *p,
+					     struct dssetup_DsRoleUpgradeDownlevelServer *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _dssetup_DsRoleAbortDownlevelServerUpgrade(pipes_struct *p,
+						  struct dssetup_DsRoleAbortDownlevelServerUpgrade *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
diff --git a/source3/rpc_server/srv_eventlog.c b/source3/rpc_server/srv_eventlog.c
index 516ea134f2..5679a6acb6 100644
--- a/source3/rpc_server/srv_eventlog.c
+++ b/source3/rpc_server/srv_eventlog.c
@@ -42,27 +42,7 @@ static bool proxy_eventlog_call(pipes_struct *p, uint8 opnum)
 
 static bool api_eventlog_open_eventlog(pipes_struct *p)
 {
-	EVENTLOG_Q_OPEN_EVENTLOG q_u;
-	EVENTLOG_R_OPEN_EVENTLOG r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!(eventlog_io_q_open_eventlog("", &q_u, data, 0))) {
-		DEBUG(0, ("eventlog_io_q_open_eventlog: unable to unmarshall EVENTLOG_Q_OPEN_EVENTLOG.\n"));
-		return False;
-	}
-	
-	r_u.status = _eventlog_open_eventlog(p, &q_u, &r_u);
-
-	if (!(eventlog_io_r_open_eventlog("", &r_u, rdata, 0))) {
-		DEBUG(0, ("eventlog_io_r_open_eventlog: unable to marshall EVENTLOG_R_OPEN_EVENTLOG.\n"));
-		return False;
-	}
-
-	return True;
+	return proxy_eventlog_call(p, NDR_EVENTLOG_OPENEVENTLOGW);
 }
 
 static bool api_eventlog_close_eventlog(pipes_struct *p)
@@ -72,52 +52,12 @@ static bool api_eventlog_close_eventlog(pipes_struct *p)
 
 static bool api_eventlog_get_num_records(pipes_struct *p)
 {
-	EVENTLOG_Q_GET_NUM_RECORDS q_u;
-	EVENTLOG_R_GET_NUM_RECORDS r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!(eventlog_io_q_get_num_records("", &q_u, data, 0))) {
-		DEBUG(0, ("eventlog_io_q_get_num_records: unable to unmarshall EVENTLOG_Q_GET_NUM_RECORDS.\n"));
-		return False;
-	}
-    
-	r_u.status = _eventlog_get_num_records(p, &q_u, &r_u);
-    
-	if (!(eventlog_io_r_get_num_records("", &r_u, rdata, 0))) {
-		DEBUG(0, ("eventlog_io_r_get_num_records: unable to marshall EVENTLOG_R_GET_NUM_RECORDS.\n"));
-		return False;
-	}
-
-	return True;
+	return proxy_eventlog_call(p, NDR_EVENTLOG_GETNUMRECORDS);
 }
 
 static bool api_eventlog_get_oldest_entry(pipes_struct *p)
 {
-	EVENTLOG_Q_GET_OLDEST_ENTRY q_u;
-	EVENTLOG_R_GET_OLDEST_ENTRY r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!(eventlog_io_q_get_oldest_entry("", &q_u, data, 0))) {
-		DEBUG(0, ("eventlog_io_q_get_oldest_entry: unable to unmarshall EVENTLOG_Q_GET_OLDEST_ENTRY.\n"));
-		return False;
-	}
-
-	r_u.status = _eventlog_get_oldest_entry(p, &q_u, &r_u);
-    
-	if (!(eventlog_io_r_get_oldest_entry("", &r_u, rdata, 0))) {
-		DEBUG(0, ("eventlog_io_r_get_oldest_entry: unable to marshall EVENTLOG_R_GET_OLDEST_ENTRY.\n"));
-		return False;
-	}
-    
-	return True;
+	return proxy_eventlog_call(p, NDR_EVENTLOG_GETOLDESTRECORD);
 }
 
 static bool api_eventlog_read_eventlog(pipes_struct *p)
@@ -147,27 +87,7 @@ static bool api_eventlog_read_eventlog(pipes_struct *p)
 
 static bool api_eventlog_clear_eventlog(pipes_struct *p)
 {
-	EVENTLOG_Q_CLEAR_EVENTLOG q_u;
-	EVENTLOG_R_CLEAR_EVENTLOG r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!(eventlog_io_q_clear_eventlog("", &q_u, data, 0))) {
-		DEBUG(0, ("eventlog_io_q_clear_eventlog: unable to unmarshall EVENTLOG_Q_CLEAR_EVENTLOG.\n"));
-		return False;
-	}
-
-	r_u.status = _eventlog_clear_eventlog(p, &q_u, &r_u);
-
-	if (!(eventlog_io_r_clear_eventlog("", &r_u, rdata, 0))) {
-		DEBUG(0, ("eventlog_io_q_clear_eventlog: unable to marshall EVENTLOG_Q_CLEAR_EVENTLOG.\n"));
-		return False;
-	}
-
-	return True;
+	return proxy_eventlog_call(p, NDR_EVENTLOG_CLEAREVENTLOGW);
 }
 
 /*
diff --git a/source3/rpc_server/srv_eventlog_lib.c b/source3/rpc_server/srv_eventlog_lib.c
index 4e996ee19b..269e2f318e 100644
--- a/source3/rpc_server/srv_eventlog_lib.c
+++ b/source3/rpc_server/srv_eventlog_lib.c
@@ -140,15 +140,14 @@ int elog_tdb_size( TDB_CONTEXT * tdb, int *MaxSize, int *Retention )
  return True if we made enough room to accommodate needed bytes
 ********************************************************************/
 
-bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32 needed,
-			     bool whack_by_date )
+static bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32 needed,
+				    bool whack_by_date )
 {
 	int start_record, i, new_start;
 	int end_record;
 	int nbytes, reclen, len, Retention, MaxSize;
 	int tresv1, trecnum, timegen, timewr;
 	TDB_DATA key, ret;
-	TALLOC_CTX *mem_ctx = NULL;
 	time_t current_time, exp_time;
 
 	/* discard some eventlogs */
@@ -156,10 +155,7 @@ bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32 needed,
 	/* read eventlogs from oldest_entry -- there can't be any discontinuity in recnos,
 	   although records not necessarily guaranteed to have successive times */
 	/* */
-	mem_ctx = talloc_init( "make_way_for_eventlogs" );	/* Homage to BPG */
 
-	if ( mem_ctx == NULL )
-		return False;	/* can't allocate memory indicates bigger problems */
 	/* lock */
 	tdb_lock_bystring_with_timeout( the_tdb, EVT_NEXT_RECORD, 1 );
 	/* read */
diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c
index 3c9c835bad..0e2bcf4126 100644
--- a/source3/rpc_server/srv_eventlog_nt.c
+++ b/source3/rpc_server/srv_eventlog_nt.c
@@ -423,12 +423,12 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info )
 	char *path = NULL;
 	uint32 uiMaxSize;
 	uint32 uiRetention;
-	REGISTRY_KEY *keyinfo;
-	REGISTRY_VALUE *val;
-	REGVAL_CTR *values;
+	struct registry_key *key;
+	struct registry_value *value;
 	WERROR wresult;
 	char *elogname = info->logname;
 	TALLOC_CTX *ctx = talloc_tos();
+	bool ret = false;
 
 	DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname ) );
 
@@ -451,44 +451,48 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info )
 		return false;
 	}
 
-	wresult = regkey_open_internal( NULL, &keyinfo, path,
-					get_root_nt_token(  ), REG_KEY_READ );
+	wresult = reg_open_path(ctx, path, REG_KEY_READ, get_root_nt_token(),
+				&key);
 
 	if ( !W_ERROR_IS_OK( wresult ) ) {
 		DEBUG( 4,
 		       ( "sync_eventlog_params: Failed to open key [%s] (%s)\n",
 			 path, dos_errstr( wresult ) ) );
-		return False;
+		return false;
 	}
 
-	if ( !( values = TALLOC_ZERO_P( keyinfo, REGVAL_CTR ) ) ) {
-		TALLOC_FREE( keyinfo );
-		DEBUG( 0, ( "control_eventlog_hook: talloc() failed!\n" ) );
-
-		return False;
+	wresult = reg_queryvalue(key, key, "Retention", &value);
+	if (!W_ERROR_IS_OK(wresult)) {
+		DEBUG(4, ("Failed to query value \"Retention\": %s\n",
+			  dos_errstr(wresult)));
+		ret = false;
+		goto done;
 	}
-	fetch_reg_values( keyinfo, values );
-
-	if ( ( val = regval_ctr_getvalue( values, "Retention" ) ) != NULL )
-		uiRetention = IVAL( regval_data_p( val ), 0 );
+	uiRetention = value->v.dword;
 
-	if ( ( val = regval_ctr_getvalue( values, "MaxSize" ) ) != NULL )
-		uiMaxSize = IVAL( regval_data_p( val ), 0 );
-
-	TALLOC_FREE( keyinfo );
+	wresult = reg_queryvalue(key, key, "MaxSize", &value);
+	if (!W_ERROR_IS_OK(wresult)) {
+		DEBUG(4, ("Failed to query value \"MaxSize\": %s\n",
+			  dos_errstr(wresult)));
+		ret = false;
+		goto done;
+	}
+	uiMaxSize = value->v.dword;
 
 	tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_MAXSIZE, uiMaxSize );
 	tdb_store_int32( ELOG_TDB_CTX(info->etdb), EVT_RETENTION, uiRetention );
 
-	return True;
+	ret = true;
+
+done:
+	TALLOC_FREE(ctx);
+	return ret;
 }
 
 /********************************************************************
  ********************************************************************/
 
 static Eventlog_entry *read_package_entry( prs_struct * ps,
-					   EVENTLOG_Q_READ_EVENTLOG * q_u,
-					   EVENTLOG_R_READ_EVENTLOG * r_u,
 					   Eventlog_entry * entry )
 {
 	uint8 *offset;
@@ -604,28 +608,23 @@ static bool add_record_to_resp( EVENTLOG_R_READ_EVENTLOG * r_u,
 }
 
 /********************************************************************
+ _eventlog_OpenEventLogW
  ********************************************************************/
 
-NTSTATUS _eventlog_open_eventlog( pipes_struct * p,
-				EVENTLOG_Q_OPEN_EVENTLOG * q_u,
-				EVENTLOG_R_OPEN_EVENTLOG * r_u )
+NTSTATUS _eventlog_OpenEventLogW(pipes_struct *p,
+				 struct eventlog_OpenEventLogW *r)
 {
-	fstring servername, logname;
+	const char *servername = "";
+	const char *logname = "";
 	EVENTLOG_INFO *info;
 	NTSTATUS result;
 
-	fstrcpy( servername, "" );
-	if ( q_u->servername.string ) {
-		rpcstr_pull( servername, q_u->servername.string->buffer,
-			     sizeof( servername ),
-			     q_u->servername.string->uni_str_len * 2, 0 );
+	if (r->in.servername->string) {
+		servername = r->in.servername->string;
 	}
 
-	fstrcpy( logname, "" );
-	if ( q_u->logname.string ) {
-		rpcstr_pull( logname, q_u->logname.string->buffer,
-			     sizeof( logname ),
-			     q_u->logname.string->uni_str_len * 2, 0 );
+	if (r->in.logname->string) {
+		logname = r->in.logname->string;
 	}
 	
 	DEBUG( 10,("_eventlog_open_eventlog: Server [%s], Log [%s]\n",
@@ -634,13 +633,13 @@ NTSTATUS _eventlog_open_eventlog( pipes_struct * p,
 	/* according to MSDN, if the logfile cannot be found, we should
 	  default to the "Application" log */
 	  
-	if ( !NT_STATUS_IS_OK( result = elog_open( p, logname, &r_u->handle )) )
+	if ( !NT_STATUS_IS_OK( result = elog_open( p, logname, r->out.handle )) )
 		return result;
 
-	if ( !(info = find_eventlog_info_by_hnd( p, &r_u->handle )) ) {
+	if ( !(info = find_eventlog_info_by_hnd( p, r->out.handle )) ) {
 		DEBUG(0,("_eventlog_open_eventlog: eventlog (%s) opened but unable to find handle!\n",
 			logname ));
-		elog_close( p, &r_u->handle );
+		elog_close( p, r->out.handle );
 		return NT_STATUS_INVALID_HANDLE;
 	}
 
@@ -653,28 +652,35 @@ NTSTATUS _eventlog_open_eventlog( pipes_struct * p,
 }
 
 /********************************************************************
+ _eventlog_ClearEventLogW
  This call still needs some work
  ********************************************************************/
-
-NTSTATUS _eventlog_clear_eventlog( pipes_struct * p,
-				 EVENTLOG_Q_CLEAR_EVENTLOG * q_u,
-				 EVENTLOG_R_CLEAR_EVENTLOG * r_u )
-{
-	EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle );
-	char *backup_file_name = NULL;
+/** The windows client seems to be doing something funny with the file name
+   A call like
+      ClearEventLog(handle, "backup_file")
+   on the client side will result in the backup file name looking like this on the
+   server side:
+      \??\${CWD of client}\backup_file
+   If an absolute path gets specified, such as
+      ClearEventLog(handle, "C:\\temp\\backup_file")
+   then it is still mangled by the client into this:
+      \??\C:\temp\backup_file
+   when it is on the wire.
+   I'm not sure where the \?? is coming from, or why the ${CWD} of the client process
+   would be added in given that the backup file gets written on the server side. */
+
+NTSTATUS _eventlog_ClearEventLogW(pipes_struct *p,
+				  struct eventlog_ClearEventLogW *r)
+{
+	EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
+	const char *backup_file_name = NULL;
 
 	if ( !info )
 		return NT_STATUS_INVALID_HANDLE;
 
-	if (q_u->backupfile.string) {
-		size_t len = rpcstr_pull_talloc(p->mem_ctx,
-				&backup_file_name,
-				q_u->backupfile.string->buffer,
-				q_u->backupfile.string->uni_str_len * 2,
-				0 );
-		if (len == (size_t)-1 || !backup_file_name) {
-			return NT_STATUS_INVALID_PARAMETER;
-		}
+	if (r->in.backupfile && r->in.backupfile->string) {
+
+		backup_file_name = r->in.backupfile->string;
 
 		DEBUG(8,( "_eventlog_clear_eventlog: Using [%s] as the backup "
 			"file name for log [%s].",
@@ -765,7 +771,7 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p,
 
 		/* Now see if there is enough room to add */
 
-		if ( !(ee_new = read_package_entry( ps, q_u, r_u, entry )) )
+		if ( !(ee_new = read_package_entry( ps, entry )) )
 			return NT_STATUS_NO_MEMORY;
 
 		if ( r_u->num_bytes_in_resp + ee_new->record.length > q_u->max_read_size ) {
@@ -805,13 +811,13 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p,
 }
 
 /********************************************************************
+ _eventlog_GetOldestRecord
  ********************************************************************/
 
-NTSTATUS _eventlog_get_oldest_entry( pipes_struct * p,
-				   EVENTLOG_Q_GET_OLDEST_ENTRY * q_u,
-				   EVENTLOG_R_GET_OLDEST_ENTRY * r_u )
+NTSTATUS _eventlog_GetOldestRecord(pipes_struct *p,
+				   struct eventlog_GetOldestRecord *r)
 {
-	EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle );
+	EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
 
 	if (info == NULL) {
 		return NT_STATUS_INVALID_HANDLE;
@@ -820,19 +826,19 @@ NTSTATUS _eventlog_get_oldest_entry( pipes_struct * p,
 	if ( !( get_oldest_entry_hook( info ) ) )
 		return NT_STATUS_ACCESS_DENIED;
 
-	r_u->oldest_entry = info->oldest_entry;
+	*r->out.oldest_entry = info->oldest_entry;
 
 	return NT_STATUS_OK;
 }
 
 /********************************************************************
+_eventlog_GetNumRecords
  ********************************************************************/
 
-NTSTATUS _eventlog_get_num_records( pipes_struct * p,
-				  EVENTLOG_Q_GET_NUM_RECORDS * q_u,
-				  EVENTLOG_R_GET_NUM_RECORDS * r_u )
+NTSTATUS _eventlog_GetNumRecords(pipes_struct *p,
+				 struct eventlog_GetNumRecords *r)
 {
-	EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle );
+	EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, r->in.handle );
 
 	if (info == NULL) {
 		return NT_STATUS_INVALID_HANDLE;
@@ -841,17 +847,11 @@ NTSTATUS _eventlog_get_num_records( pipes_struct * p,
 	if ( !( get_num_records_hook( info ) ) )
 		return NT_STATUS_ACCESS_DENIED;
 
-	r_u->num_records = info->num_records;
+	*r->out.number = info->num_records;
 
 	return NT_STATUS_OK;
 }
 
-NTSTATUS _eventlog_ClearEventLogW(pipes_struct *p, struct eventlog_ClearEventLogW *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
 NTSTATUS _eventlog_BackupEventLogW(pipes_struct *p, struct eventlog_BackupEventLogW *r)
 {
 	p->rng_fault_state = True;
@@ -864,30 +864,12 @@ NTSTATUS _eventlog_DeregisterEventSource(pipes_struct *p, struct eventlog_Deregi
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
 
-NTSTATUS _eventlog_GetNumRecords(pipes_struct *p, struct eventlog_GetNumRecords *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _eventlog_GetOldestRecord(pipes_struct *p, struct eventlog_GetOldestRecord *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
 NTSTATUS _eventlog_ChangeNotify(pipes_struct *p, struct eventlog_ChangeNotify *r)
 {
 	p->rng_fault_state = True;
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
 
-NTSTATUS _eventlog_OpenEventLogW(pipes_struct *p, struct eventlog_OpenEventLogW *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
 NTSTATUS _eventlog_RegisterEventSourceW(pipes_struct *p, struct eventlog_RegisterEventSourceW *r)
 {
 	p->rng_fault_state = True;
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
deleted file mode 100644
index b433ac2c8f..0000000000
--- a/source3/rpc_server/srv_lsa.c
+++ /dev/null
@@ -1,1069 +0,0 @@
-/* 
- *  Unix SMB/CIFS implementation.
- *  RPC Pipe client / server routines
- *  Copyright (C) Andrew Tridgell              1992-1997,
- *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
- *  Copyright (C) Paul Ashton                       1997,
- *  Copyright (C) Jeremy Allison                    2001,
- *  Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002-2003.
- *  Copyright (C) Gerald (Jerry) Carter             2005
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 3 of the License, or
- *  (at your option) any later version.
- *  
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *  
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/* This is the interface to the lsa server code. */
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_RPC_SRV
-
-static bool proxy_lsa_call(pipes_struct *p, uint8 opnum)
-{
-	struct api_struct *fns;
-	int n_fns;
-
-	lsarpc_get_pipe_fns(&fns, &n_fns);
-
-	if (opnum >= n_fns)
-		return False;
-
-	if (fns[opnum].opnum != opnum) {
-		smb_panic("LSA function table not sorted");
-	}
-
-	return fns[opnum].fn(p);
-}
-
-/***************************************************************************
- api_lsa_open_policy2
- ***************************************************************************/
-
-static bool api_lsa_open_policy2(pipes_struct *p)
-{
-	LSA_Q_OPEN_POL2 q_u;
-	LSA_R_OPEN_POL2 r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the server, object attributes and desired access flag...*/
-	if(!lsa_io_q_open_pol2("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_open_policy2: unable to unmarshall LSA_Q_OPEN_POL2.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_open_policy2(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_open_pol2("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_open_policy2: unable to marshall LSA_R_OPEN_POL2.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
-api_lsa_open_policy
- ***************************************************************************/
-
-static bool api_lsa_open_policy(pipes_struct *p)
-{
-	LSA_Q_OPEN_POL q_u;
-	LSA_R_OPEN_POL r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the server, object attributes and desired access flag...*/
-	if(!lsa_io_q_open_pol("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_open_policy: unable to unmarshall LSA_Q_OPEN_POL.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_open_policy(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_open_pol("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_open_policy: unable to marshall LSA_R_OPEN_POL.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_enum_trust_dom
- ***************************************************************************/
-
-static bool api_lsa_enum_trust_dom(pipes_struct *p)
-{
-	LSA_Q_ENUM_TRUST_DOM q_u;
-	LSA_R_ENUM_TRUST_DOM r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the enum trust domain context etc. */
-	if(!lsa_io_q_enum_trust_dom("", &q_u, data, 0))
-		return False;
-
-	/* get required trusted domains information */
-	r_u.status = _lsa_enum_trust_dom(p, &q_u, &r_u);
-
-	/* prepare the response */
-	if(!lsa_io_r_enum_trust_dom("", &r_u, rdata, 0))
-		return False;
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_query_info
- ***************************************************************************/
-
-static bool api_lsa_query_info(pipes_struct *p)
-{
-	LSA_Q_QUERY_INFO q_u;
-	LSA_R_QUERY_INFO r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the info class and policy handle */
-	if(!lsa_io_q_query("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_query_info: failed to unmarshall LSA_Q_QUERY_INFO.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_query_info(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_query("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_query_info: failed to marshall LSA_R_QUERY_INFO.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_lookup_sids
- ***************************************************************************/
-
-static bool api_lsa_lookup_sids(pipes_struct *p)
-{
-	LSA_Q_LOOKUP_SIDS q_u;
-	LSA_R_LOOKUP_SIDS r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the info class and policy handle */
-	if(!lsa_io_q_lookup_sids("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_lookup_sids: failed to unmarshall LSA_Q_LOOKUP_SIDS.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_lookup_sids(p, &q_u, &r_u);
-
-	if(!lsa_io_r_lookup_sids("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_lookup_sids: Failed to marshall LSA_R_LOOKUP_SIDS.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_lookup_names
- ***************************************************************************/
-
-static bool api_lsa_lookup_names(pipes_struct *p)
-{
-	LSA_Q_LOOKUP_NAMES q_u;
-	LSA_R_LOOKUP_NAMES r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the info class and policy handle */
-	if(!lsa_io_q_lookup_names("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_lookup_names: failed to unmarshall LSA_Q_LOOKUP_NAMES.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_lookup_names(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_lookup_names("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_lookup_names: Failed to marshall LSA_R_LOOKUP_NAMES.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_close.
- ***************************************************************************/
-
-static bool api_lsa_close(pipes_struct *p)
-{
-	return proxy_lsa_call(p, NDR_LSA_CLOSE);
-}
-
-/***************************************************************************
- api_lsa_open_secret.
- ***************************************************************************/
-
-static bool api_lsa_open_secret(pipes_struct *p)
-{
-	return proxy_lsa_call(p, NDR_LSA_OPENSECRET);
-}
-
-/***************************************************************************
- api_lsa_open_secret.
- ***************************************************************************/
-
-static bool api_lsa_enum_privs(pipes_struct *p)
-{
-	LSA_Q_ENUM_PRIVS q_u;
-	LSA_R_ENUM_PRIVS r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!lsa_io_q_enum_privs("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_enum_privs: failed to unmarshall LSA_Q_ENUM_PRIVS.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_enum_privs(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_enum_privs("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_enum_privs: Failed to marshall LSA_R_ENUM_PRIVS.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_open_secret.
- ***************************************************************************/
-
-static bool api_lsa_priv_get_dispname(pipes_struct *p)
-{
-	LSA_Q_PRIV_GET_DISPNAME q_u;
-	LSA_R_PRIV_GET_DISPNAME r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!lsa_io_q_priv_get_dispname("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_priv_get_dispname: failed to unmarshall LSA_Q_PRIV_GET_DISPNAME.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_priv_get_dispname(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_priv_get_dispname("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_priv_get_dispname: Failed to marshall LSA_R_PRIV_GET_DISPNAME.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_open_secret.
- ***************************************************************************/
-
-static bool api_lsa_enum_accounts(pipes_struct *p)
-{
-	LSA_Q_ENUM_ACCOUNTS q_u;
-	LSA_R_ENUM_ACCOUNTS r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!lsa_io_q_enum_accounts("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_enum_accounts: failed to unmarshall LSA_Q_ENUM_ACCOUNTS.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_enum_accounts(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_enum_accounts("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_enum_accounts: Failed to marshall LSA_R_ENUM_ACCOUNTS.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_UNK_GET_CONNUSER
- ***************************************************************************/
-
-static bool api_lsa_unk_get_connuser(pipes_struct *p)
-{
-	LSA_Q_UNK_GET_CONNUSER q_u;
-	LSA_R_UNK_GET_CONNUSER r_u;
-	
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!lsa_io_q_unk_get_connuser("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_unk_get_connuser: failed to unmarshall LSA_Q_UNK_GET_CONNUSER.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_unk_get_connuser(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_unk_get_connuser("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_unk_get_connuser: Failed to marshall LSA_R_UNK_GET_CONNUSER.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_create_user
- ***************************************************************************/
-
-static bool api_lsa_create_account(pipes_struct *p)
-{
-	LSA_Q_CREATEACCOUNT q_u;
-	LSA_R_CREATEACCOUNT r_u;
-	
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!lsa_io_q_create_account("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_create_account: failed to unmarshall LSA_Q_CREATEACCOUNT.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_create_account(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_create_account("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_create_account: Failed to marshall LSA_R_CREATEACCOUNT.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_open_user
- ***************************************************************************/
-
-static bool api_lsa_open_account(pipes_struct *p)
-{
-	LSA_Q_OPENACCOUNT q_u;
-	LSA_R_OPENACCOUNT r_u;
-	
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!lsa_io_q_open_account("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_open_account: failed to unmarshall LSA_Q_OPENACCOUNT.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_open_account(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_open_account("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_open_account: Failed to marshall LSA_R_OPENACCOUNT.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_get_privs
- ***************************************************************************/
-
-static bool api_lsa_enum_privsaccount(pipes_struct *p)
-{
-	LSA_Q_ENUMPRIVSACCOUNT q_u;
-	LSA_R_ENUMPRIVSACCOUNT r_u;
-	
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!lsa_io_q_enum_privsaccount("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_enum_privsaccount: failed to unmarshall LSA_Q_ENUMPRIVSACCOUNT.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_enum_privsaccount(p, rdata, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_enum_privsaccount("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_enum_privsaccount: Failed to marshall LSA_R_ENUMPRIVSACCOUNT.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_getsystemaccount
- ***************************************************************************/
-
-static bool api_lsa_getsystemaccount(pipes_struct *p)
-{
-	LSA_Q_GETSYSTEMACCOUNT q_u;
-	LSA_R_GETSYSTEMACCOUNT r_u;
-	
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!lsa_io_q_getsystemaccount("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_getsystemaccount: failed to unmarshall LSA_Q_GETSYSTEMACCOUNT.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_getsystemaccount(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_getsystemaccount("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_getsystemaccount: Failed to marshall LSA_R_GETSYSTEMACCOUNT.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-
-/***************************************************************************
- api_lsa_setsystemaccount
- ***************************************************************************/
-
-static bool api_lsa_setsystemaccount(pipes_struct *p)
-{
-	LSA_Q_SETSYSTEMACCOUNT q_u;
-	LSA_R_SETSYSTEMACCOUNT r_u;
-	
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!lsa_io_q_setsystemaccount("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_setsystemaccount: failed to unmarshall LSA_Q_SETSYSTEMACCOUNT.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_setsystemaccount(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_setsystemaccount("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_setsystemaccount: Failed to marshall LSA_R_SETSYSTEMACCOUNT.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_addprivs
- ***************************************************************************/
-
-static bool api_lsa_addprivs(pipes_struct *p)
-{
-	LSA_Q_ADDPRIVS q_u;
-	LSA_R_ADDPRIVS r_u;
-	
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!lsa_io_q_addprivs("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_addprivs: failed to unmarshall LSA_Q_ADDPRIVS.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_addprivs(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_addprivs("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_addprivs: Failed to marshall LSA_R_ADDPRIVS.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_removeprivs
- ***************************************************************************/
-
-static bool api_lsa_removeprivs(pipes_struct *p)
-{
-	LSA_Q_REMOVEPRIVS q_u;
-	LSA_R_REMOVEPRIVS r_u;
-	
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!lsa_io_q_removeprivs("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_removeprivs: failed to unmarshall LSA_Q_REMOVEPRIVS.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_removeprivs(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_removeprivs("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_removeprivs: Failed to marshall LSA_R_REMOVEPRIVS.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_query_secobj
- ***************************************************************************/
-
-static bool api_lsa_query_secobj(pipes_struct *p)
-{
-	LSA_Q_QUERY_SEC_OBJ q_u;
-	LSA_R_QUERY_SEC_OBJ r_u;
-	
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!lsa_io_q_query_sec_obj("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_query_secobj: failed to unmarshall LSA_Q_QUERY_SEC_OBJ.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_query_secobj(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_query_sec_obj("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_query_secobj: Failed to marshall LSA_R_QUERY_SEC_OBJ.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_add_acct_rights
- ***************************************************************************/
-
-static bool api_lsa_add_acct_rights(pipes_struct *p)
-{
-	LSA_Q_ADD_ACCT_RIGHTS q_u;
-	LSA_R_ADD_ACCT_RIGHTS r_u;
-	
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!lsa_io_q_add_acct_rights("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_add_acct_rights: failed to unmarshall LSA_Q_ADD_ACCT_RIGHTS.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_add_acct_rights(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_add_acct_rights("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_add_acct_rights: Failed to marshall LSA_R_ADD_ACCT_RIGHTS.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_remove_acct_rights
- ***************************************************************************/
-
-static bool api_lsa_remove_acct_rights(pipes_struct *p)
-{
-	LSA_Q_REMOVE_ACCT_RIGHTS q_u;
-	LSA_R_REMOVE_ACCT_RIGHTS r_u;
-	
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!lsa_io_q_remove_acct_rights("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_remove_acct_rights: failed to unmarshall LSA_Q_REMOVE_ACCT_RIGHTS.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_remove_acct_rights(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_remove_acct_rights("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_remove_acct_rights: Failed to marshall LSA_R_REMOVE_ACCT_RIGHTS.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_enum_acct_rights
- ***************************************************************************/
-
-static bool api_lsa_enum_acct_rights(pipes_struct *p)
-{
-	LSA_Q_ENUM_ACCT_RIGHTS q_u;
-	LSA_R_ENUM_ACCT_RIGHTS r_u;
-	
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!lsa_io_q_enum_acct_rights("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_enum_acct_rights: failed to unmarshall LSA_Q_ENUM_ACCT_RIGHTS.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_enum_acct_rights(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_enum_acct_rights("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_enum_acct_rights: Failed to marshall LSA_R_ENUM_ACCT_RIGHTS.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_lookup_priv_value
- ***************************************************************************/
-
-static bool api_lsa_lookup_priv_value(pipes_struct *p)
-{
-	LSA_Q_LOOKUP_PRIV_VALUE q_u;
-	LSA_R_LOOKUP_PRIV_VALUE r_u;
-	
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!lsa_io_q_lookup_priv_value("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_lookup_priv_value: failed to unmarshall LSA_Q_LOOKUP_PRIV_VALUE .\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_lookup_priv_value(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_lookup_priv_value("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_lookup_priv_value: Failed to marshall LSA_R_LOOKUP_PRIV_VALUE.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- ***************************************************************************/
-
-static bool api_lsa_open_trust_dom(pipes_struct *p)
-{
-	return proxy_lsa_call(p, NDR_LSA_OPENTRUSTEDDOMAIN);
-}
-
-/***************************************************************************
- ***************************************************************************/
-
-static bool api_lsa_create_trust_dom(pipes_struct *p)
-{
-	return proxy_lsa_call(p, NDR_LSA_CREATETRUSTEDDOMAIN);
-}
-
-/***************************************************************************
- ***************************************************************************/
-
-static bool api_lsa_create_secret(pipes_struct *p)
-{
-	return proxy_lsa_call(p, NDR_LSA_CREATESECRET);
-}
-
-/***************************************************************************
- ***************************************************************************/
-
-static bool api_lsa_set_secret(pipes_struct *p)
-{
-	return proxy_lsa_call(p, NDR_LSA_SETSECRET);
-}
-
-/***************************************************************************
- ***************************************************************************/
-
-static bool api_lsa_delete_object(pipes_struct *p)
-{
-	LSA_Q_DELETE_OBJECT q_u;
-	LSA_R_DELETE_OBJECT r_u;
-	
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!lsa_io_q_delete_object("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_delete_object: failed to unmarshall LSA_Q_DELETE_OBJECT.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_delete_object(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_delete_object("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_delete_object: Failed to marshall LSA_R_DELETE_OBJECT.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_lookup_sids2
- ***************************************************************************/
-
-static bool api_lsa_lookup_sids2(pipes_struct *p)
-{
-	LSA_Q_LOOKUP_SIDS2 q_u;
-	LSA_R_LOOKUP_SIDS2 r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the info class and policy handle */
-	if(!lsa_io_q_lookup_sids2("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_lookup_sids2: failed to unmarshall LSA_Q_LOOKUP_SIDS2.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_lookup_sids2(p, &q_u, &r_u);
-
-	if(!lsa_io_r_lookup_sids2("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_lookup_sids2: Failed to marshall LSA_R_LOOKUP_SIDS2.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_lookup_sids3
- ***************************************************************************/
-
-static bool api_lsa_lookup_sids3(pipes_struct *p)
-{
-	LSA_Q_LOOKUP_SIDS3 q_u;
-	LSA_R_LOOKUP_SIDS3 r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the info class and policy handle */
-	if(!lsa_io_q_lookup_sids3("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_lookup_sids3: failed to unmarshall LSA_Q_LOOKUP_SIDS3.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_lookup_sids3(p, &q_u, &r_u);
-
-	if(!lsa_io_r_lookup_sids3("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_lookup_sids3: Failed to marshall LSA_R_LOOKUP_SIDS3.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_lookup_names2
- ***************************************************************************/
-
-static bool api_lsa_lookup_names2(pipes_struct *p)
-{
-	LSA_Q_LOOKUP_NAMES2 q_u;
-	LSA_R_LOOKUP_NAMES2 r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the info class and policy handle */
-	if(!lsa_io_q_lookup_names2("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_lookup_names2: failed to unmarshall LSA_Q_LOOKUP_NAMES2.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_lookup_names2(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_lookup_names2("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_lookup_names2: Failed to marshall LSA_R_LOOKUP_NAMES2.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_lookup_names3
- ***************************************************************************/
-
-static bool api_lsa_lookup_names3(pipes_struct *p)
-{
-	LSA_Q_LOOKUP_NAMES3 q_u;
-	LSA_R_LOOKUP_NAMES3 r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the info class and policy handle */
-	if(!lsa_io_q_lookup_names3("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_lookup_names3: failed to unmarshall LSA_Q_LOOKUP_NAMES3.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_lookup_names3(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_lookup_names3("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_lookup_names3: Failed to marshall LSA_R_LOOKUP_NAMES3.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/***************************************************************************
- api_lsa_lookup_names4
- ***************************************************************************/
-
-static bool api_lsa_lookup_names4(pipes_struct *p)
-{
-	LSA_Q_LOOKUP_NAMES4 q_u;
-	LSA_R_LOOKUP_NAMES4 r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the info class and policy handle */
-	if(!lsa_io_q_lookup_names4("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_lookup_names4: failed to unmarshall LSA_Q_LOOKUP_NAMES4.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_lookup_names4(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!lsa_io_r_lookup_names4("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_lookup_names4: Failed to marshall LSA_R_LOOKUP_NAMES4.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-#if 0	/* AD DC work in ongoing in Samba 4 */
-
-/***************************************************************************
- api_lsa_query_info2
- ***************************************************************************/
-
-static bool api_lsa_query_info2(pipes_struct *p)
-{
-	LSA_Q_QUERY_INFO2 q_u;
-	LSA_R_QUERY_INFO2 r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!lsa_io_q_query_info2("", &q_u, data, 0)) {
-		DEBUG(0,("api_lsa_query_info2: failed to unmarshall LSA_Q_QUERY_INFO2.\n"));
-		return False;
-	}
-
-	r_u.status = _lsa_query_info2(p, &q_u, &r_u);
-
-	if (!lsa_io_r_query_info2("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_lsa_query_info2: failed to marshall LSA_R_QUERY_INFO2.\n"));
-		return False;
-	}
-
-	return True;
-}
-#endif	/* AD DC work in ongoing in Samba 4 */
-
-/***************************************************************************
- \PIPE\ntlsa commands
- ***************************************************************************/
- 
-static struct api_struct api_lsa_cmds[] =
-{
-	{ "LSA_OPENPOLICY2"     , LSA_OPENPOLICY2     , api_lsa_open_policy2     },
-	{ "LSA_OPENPOLICY"      , LSA_OPENPOLICY      , api_lsa_open_policy      },
-	{ "LSA_QUERYINFOPOLICY" , LSA_QUERYINFOPOLICY , api_lsa_query_info       },
-	{ "LSA_ENUMTRUSTDOM"    , LSA_ENUMTRUSTDOM    , api_lsa_enum_trust_dom   },
-	{ "LSA_CLOSE"           , LSA_CLOSE           , api_lsa_close            },
-	{ "LSA_OPENSECRET"      , LSA_OPENSECRET      , api_lsa_open_secret      },
-	{ "LSA_LOOKUPSIDS"      , LSA_LOOKUPSIDS      , api_lsa_lookup_sids      },
-	{ "LSA_LOOKUPNAMES"     , LSA_LOOKUPNAMES     , api_lsa_lookup_names     },
-	{ "LSA_ENUM_PRIVS"      , LSA_ENUM_PRIVS      , api_lsa_enum_privs       },
-	{ "LSA_PRIV_GET_DISPNAME",LSA_PRIV_GET_DISPNAME,api_lsa_priv_get_dispname},
-	{ "LSA_ENUM_ACCOUNTS"   , LSA_ENUM_ACCOUNTS   , api_lsa_enum_accounts    },
-	{ "LSA_UNK_GET_CONNUSER", LSA_UNK_GET_CONNUSER, api_lsa_unk_get_connuser },
-	{ "LSA_CREATEACCOUNT"   , LSA_CREATEACCOUNT   , api_lsa_create_account   },
-	{ "LSA_OPENACCOUNT"     , LSA_OPENACCOUNT     , api_lsa_open_account     },
-	{ "LSA_ENUMPRIVSACCOUNT", LSA_ENUMPRIVSACCOUNT, api_lsa_enum_privsaccount},
-	{ "LSA_GETSYSTEMACCOUNT", LSA_GETSYSTEMACCOUNT, api_lsa_getsystemaccount },
-	{ "LSA_SETSYSTEMACCOUNT", LSA_SETSYSTEMACCOUNT, api_lsa_setsystemaccount },
-	{ "LSA_ADDPRIVS"        , LSA_ADDPRIVS        , api_lsa_addprivs         },
-	{ "LSA_REMOVEPRIVS"     , LSA_REMOVEPRIVS     , api_lsa_removeprivs      },
-	{ "LSA_ADDACCTRIGHTS"   , LSA_ADDACCTRIGHTS   , api_lsa_add_acct_rights    },
-	{ "LSA_REMOVEACCTRIGHTS", LSA_REMOVEACCTRIGHTS, api_lsa_remove_acct_rights },
-	{ "LSA_ENUMACCTRIGHTS"  , LSA_ENUMACCTRIGHTS  , api_lsa_enum_acct_rights },
-	{ "LSA_QUERYSECOBJ"     , LSA_QUERYSECOBJ     , api_lsa_query_secobj     },
-	{ "LSA_LOOKUPPRIVVALUE" , LSA_LOOKUPPRIVVALUE , api_lsa_lookup_priv_value },
-	{ "LSA_OPENTRUSTDOM"    , LSA_OPENTRUSTDOM    , api_lsa_open_trust_dom },
-	{ "LSA_OPENSECRET"      , LSA_OPENSECRET      , api_lsa_open_secret },
-	{ "LSA_CREATETRUSTDOM"  , LSA_CREATETRUSTDOM  , api_lsa_create_trust_dom },
-	{ "LSA_CREATSECRET"     , LSA_CREATESECRET    , api_lsa_create_secret },
-	{ "LSA_SETSECRET"       , LSA_SETSECRET       , api_lsa_set_secret },
-	{ "LSA_DELETEOBJECT"    , LSA_DELETEOBJECT    , api_lsa_delete_object },
-	{ "LSA_LOOKUPSIDS2"     , LSA_LOOKUPSIDS2     , api_lsa_lookup_sids2 },
-	{ "LSA_LOOKUPNAMES2"	, LSA_LOOKUPNAMES2    , api_lsa_lookup_names2 },
-	{ "LSA_LOOKUPNAMES3"	, LSA_LOOKUPNAMES3    , api_lsa_lookup_names3 },
-	{ "LSA_LOOKUPSIDS3"     , LSA_LOOKUPSIDS3     , api_lsa_lookup_sids3 },
-	{ "LSA_LOOKUPNAMES4"	, LSA_LOOKUPNAMES4    , api_lsa_lookup_names4 }
-#if 0	/* AD DC work in ongoing in Samba 4 */
-	/* be careful of the adding of new RPC's.  See commentrs below about
-	   ADS DC capabilities                                               */
-	{ "LSA_QUERYINFO2"      , LSA_QUERYINFO2      , api_lsa_query_info2      }
-#endif	/* AD DC work in ongoing in Samba 4 */
-};
-
-static int count_fns(void)
-{
-	int funcs = sizeof(api_lsa_cmds) / sizeof(struct api_struct);
-	
-#if 0	/* AD DC work is on going in Samba 4 */
-	/*
-	 * NOTE: Certain calls can not be enabled if we aren't an ADS DC.  Make sure
-	 * these calls are always last and that you decrement by the amount of calls
-	 * to disable.
-	 */
-	if (!(SEC_ADS == lp_security() && ROLE_DOMAIN_PDC == lp_server_role())) {
-		funcs -= 1;
-	}
-#endif	/* AD DC work in ongoing in Samba 4 */
-
-	return funcs;
-}
-void lsa_get_pipe_fns( struct api_struct **fns, int *n_fns )
-{
-	*fns = api_lsa_cmds;
-	*n_fns = count_fns();
-}
-
-
-NTSTATUS rpc_lsa_init(void)
-{
-	int funcs = count_fns();
-
-	return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "lsarpc", "lsass", api_lsa_cmds, 
-		funcs);
-}
diff --git a/source3/rpc_server/srv_lsa_ds.c b/source3/rpc_server/srv_lsa_ds.c
deleted file mode 100644
index 55baa40261..0000000000
--- a/source3/rpc_server/srv_lsa_ds.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- *  Unix SMB/CIFS implementation.
- *  RPC Pipe client / server routines
- *  Copyright (C) Gerald Carter		2003
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 3 of the License, or
- *  (at your option) any later version.
- *  
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *  
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/* This is the interface for the registry functions. */
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_RPC_SRV
-
-/*******************************************************************
- ********************************************************************/
-
-static bool api_dsrole_get_primary_dominfo(pipes_struct *p)
-{
-	DS_Q_GETPRIMDOMINFO q_u;
-	DS_R_GETPRIMDOMINFO r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the request */
-	if ( !ds_io_q_getprimdominfo("", &q_u, data, 0) )
-		return False;
-
-	/* construct reply. */
-	r_u.status = _dsrole_get_primary_dominfo( p, &q_u, &r_u );
-
-	if ( !ds_io_r_getprimdominfo("", &r_u, rdata, 0) )
-		return False;
-
-	return True;
-}
-
-/*******************************************************************
- stub functions for unimplemented RPC
-*******************************************************************/
-
-static bool api_dsrole_stub( pipes_struct *p )
-{
-	DEBUG(0,("api_dsrole_stub:  Hmmm....didn't know this RPC existed...\n"));
-
-	return False;
-}
-
-
-/*******************************************************************
- array of \PIPE\lsass (new windows 2000 UUID)  operations
-********************************************************************/
-static struct api_struct api_lsa_ds_cmds[] = {
-	{ "DS_NOP", 			DS_NOP, 		api_dsrole_stub },
-	{ "DS_GETPRIMDOMINFO", 		DS_GETPRIMDOMINFO, 	api_dsrole_get_primary_dominfo	}
-
-};
-
-void lsa_ds_get_pipe_fns( struct api_struct **fns, int *n_fns )
-{
-	*fns = api_lsa_ds_cmds;
-	*n_fns = sizeof(api_lsa_ds_cmds) / sizeof(struct api_struct);
-}
-
-
-NTSTATUS rpc_lsa_ds_init(void)
-{
-	return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "lsa_ds", "lsa_ds", api_lsa_ds_cmds,
-		sizeof(api_lsa_ds_cmds) / sizeof(struct api_struct));
-}
diff --git a/source3/rpc_server/srv_lsa_ds_nt.c b/source3/rpc_server/srv_lsa_ds_nt.c
deleted file mode 100644
index 994b3cccca..0000000000
--- a/source3/rpc_server/srv_lsa_ds_nt.c
+++ /dev/null
@@ -1,130 +0,0 @@
-/* 
- *  Unix SMB/CIFS implementation.
- *  RPC Pipe client / server routines
- *  Copyright (C) Andrew Tridgell               1992-1997.
- *  Copyright (C) Luke Kenneth Casson Leighton  1996-1997.
- *  Copyright (C) Paul Ashton                        1997.
- *  Copyright (C) Jeremy Allison                     2001.
- *  Copyright (C) Gerald Carter                      2002.
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 3 of the License, or
- *  (at your option) any later version.
- *  
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *  
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/* Implementation of registry functions. */
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_RPC_SRV
-
-/********************************************************************
- Fill in a DS_DOMINFO_CTR structure
- ********************************************************************/
-
-static NTSTATUS fill_dsrole_dominfo_basic(TALLOC_CTX *ctx, DSROLE_PRIMARY_DOMAIN_INFO_BASIC **info) 
-{
-	DSROLE_PRIMARY_DOMAIN_INFO_BASIC *basic;
-	const char *netbios_domain = "";
-	fstring dnsdomain;
-
-	DEBUG(10,("fill_dsrole_dominfo_basic: enter\n"));
-
-	if ( !(basic = TALLOC_ZERO_P(ctx, DSROLE_PRIMARY_DOMAIN_INFO_BASIC)) ) {
-		DEBUG(0,("fill_dsrole_dominfo_basic: FATAL error!  talloc_xero() failed\n"));
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	switch ( lp_server_role() ) {
-		case ROLE_STANDALONE:
-			basic->machine_role = DSROLE_STANDALONE_SRV;
-			basic->netbios_ptr = 1;
-			netbios_domain = get_global_sam_name();
-			break;
-		case ROLE_DOMAIN_MEMBER:
-			basic->netbios_ptr = 1;
-			netbios_domain = lp_workgroup();
-			basic->machine_role = DSROLE_DOMAIN_MEMBER_SRV;
-			break;
-		case ROLE_DOMAIN_BDC:
-			basic->netbios_ptr = 1;
-			netbios_domain = get_global_sam_name();
-			basic->machine_role = DSROLE_BDC;
-			break;
-		case ROLE_DOMAIN_PDC:
-			basic->netbios_ptr = 1;
-			netbios_domain = get_global_sam_name();
-			basic->machine_role = DSROLE_PDC;
-			break;
-	}
-
-	/* always set netbios name */
-
-	init_unistr2( &basic->netbios_domain, netbios_domain, UNI_STR_TERMINATE);
-
-	if ( secrets_fetch_domain_guid( lp_workgroup(), &basic->domain_guid ) )
-		basic->flags |= DSROLE_PRIMARY_DOMAIN_GUID_PRESENT;
-
-	/* fill in some additional fields if we are a member of an AD domain */
-
-	if ( lp_security() == SEC_ADS ) {
-		fstrcpy( dnsdomain, lp_realm() );
-		strlower_m( dnsdomain );
-		
-		basic->dnsname_ptr = 1;
-		init_unistr2( &basic->dns_domain, dnsdomain, UNI_STR_TERMINATE);
-
-		/* FIXME!! We really should fill in the correct forest
-		   name.  Should get this information from winbindd.  */
-		basic->forestname_ptr = 1;
-		init_unistr2( &basic->forest_domain, dnsdomain, UNI_STR_TERMINATE);
-	} else {
-		/* security = domain should not fill in the dns or
-		   forest name */
-		basic->dnsname_ptr = 0;
-		basic->forestname_ptr = 0;
-	}
-
-	*info = basic;
-
-	return NT_STATUS_OK;
-}
-
-/********************************************************************
- Implement the DsroleGetPrimaryDomainInfo() call
- ********************************************************************/
-
-NTSTATUS _dsrole_get_primary_dominfo(pipes_struct *p, DS_Q_GETPRIMDOMINFO *q_u, DS_R_GETPRIMDOMINFO *r_u)
-{
-	NTSTATUS result = NT_STATUS_OK;
-	uint32 level = q_u->level;
-
-	switch ( level ) {
-
-		case DsRolePrimaryDomainInfoBasic:
-			r_u->level = DsRolePrimaryDomainInfoBasic;
-			r_u->ptr = 1;
-			result = fill_dsrole_dominfo_basic( p->mem_ctx, &r_u->info.basic );
-			break;
-
-		default:
-			DEBUG(0,("_dsrole_get_primary_dominfo: Unsupported info level [%d]!\n",
-				level));
-			result = NT_STATUS_INVALID_LEVEL;
-	}
-
-	return result;
-}
-
-
-
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 1b78772a79..1333d656d4 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -10,17 +10,18 @@
  *  Copyright (C) Simo Sorce                        2003.
  *  Copyright (C) Gerald (Jerry) Carter             2005.
  *  Copyright (C) Volker Lendecke                   2005.
+ *  Copyright (C) Guenther Deschner		    2008.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
  *  the Free Software Foundation; either version 3 of the License, or
  *  (at your option) any later version.
- *  
+ *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
- *  
+ *
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  */
@@ -40,82 +41,31 @@ struct lsa_info {
 };
 
 const struct generic_mapping lsa_generic_mapping = {
-	POLICY_READ,
-	POLICY_WRITE,
-	POLICY_EXECUTE,
-	POLICY_ALL_ACCESS
+	LSA_POLICY_READ,
+	LSA_POLICY_WRITE,
+	LSA_POLICY_EXECUTE,
+	LSA_POLICY_ALL_ACCESS
 };
 
-/*******************************************************************
- Function to free the per handle data.
- ********************************************************************/
-
-static void free_lsa_info(void *ptr)
-{
-	struct lsa_info *lsa = (struct lsa_info *)ptr;
-
-	SAFE_FREE(lsa);
-}
-
 /***************************************************************************
-Init dom_query
- ***************************************************************************/
-
-static void init_dom_query_3(DOM_QUERY_3 *d_q, const char *dom_name, DOM_SID *dom_sid)
-{
-	d_q->buffer_dom_name = (dom_name != NULL) ? 1 : 0; /* domain buffer pointer */
-	d_q->buffer_dom_sid = (dom_sid != NULL) ? 1 : 0;  /* domain sid pointer */
-
-	/* this string is supposed to be non-null terminated. */
-	/* But the maxlen in this UNISTR2 must include the terminating null. */
-	init_unistr2(&d_q->uni_domain_name, dom_name, UNI_BROKEN_NON_NULL);
-
-	/*
-	 * I'm not sure why this really odd combination of length
-	 * values works, but it does appear to. I need to look at
-	 * this *much* more closely - but at the moment leave alone
-	 * until it's understood. This allows a W2k client to join
-	 * a domain with both odd and even length names... JRA.
-	 */
-
-	/*
-	 * IMPORTANT NOTE !!!!
-	 * The two fields below probably are reversed in meaning, ie.
-	 * the first field is probably the str_len, the second the max
-	 * len. Both are measured in bytes anyway.
-	 */
-
-	d_q->uni_dom_str_len = d_q->uni_domain_name.uni_max_len * 2;
-	d_q->uni_dom_max_len = d_q->uni_domain_name.uni_str_len * 2;
-
-	if (dom_sid != NULL)
-		init_dom_sid2(&d_q->dom_sid, dom_sid);
-}
-
-/***************************************************************************
-Init dom_query
- ***************************************************************************/
-
-static void init_dom_query_5(DOM_QUERY_5 *d_q, const char *dom_name, DOM_SID *dom_sid)
-{
-	init_dom_query_3(d_q, dom_name, dom_sid);
-}
-
-/***************************************************************************
- init_dom_ref - adds a domain if it's not already in, returns the index.
+ init_lsa_ref_domain_list - adds a domain if it's not already in, returns the index.
 ***************************************************************************/
 
-static int init_dom_ref(DOM_R_REF *ref, const char *dom_name, DOM_SID *dom_sid)
+static int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx,
+				    struct lsa_RefDomainList *ref,
+				    const char *dom_name,
+				    DOM_SID *dom_sid)
 {
 	int num = 0;
 
 	if (dom_name != NULL) {
-		for (num = 0; num < ref->num_ref_doms_1; num++) {
-			if (sid_equal(dom_sid, &ref->ref_dom[num].ref_dom.sid))
+		for (num = 0; num < ref->count; num++) {
+			if (sid_equal(dom_sid, ref->domains[num].sid)) {
 				return num;
+			}
 		}
 	} else {
-		num = ref->num_ref_doms_1;
+		num = ref->count;
 	}
 
 	if (num >= MAX_REF_DOMAINS) {
@@ -123,32 +73,71 @@ static int init_dom_ref(DOM_R_REF *ref, const char *dom_name, DOM_SID *dom_sid)
 		return -1;
 	}
 
-	ref->num_ref_doms_1 = num+1;
-	ref->ptr_ref_dom  = 1;
-	ref->max_entries = MAX_REF_DOMAINS;
-	ref->num_ref_doms_2 = num+1;
+	ref->count = num + 1;
+	ref->max_size = MAX_REF_DOMAINS;
 
-	ref->hdr_ref_dom[num].ptr_dom_sid = 1; /* dom sid cannot be NULL. */
-
-	init_unistr2(&ref->ref_dom[num].uni_dom_name, dom_name, UNI_FLAGS_NONE);
-	init_uni_hdr(&ref->hdr_ref_dom[num].hdr_dom_name, &ref->ref_dom[num].uni_dom_name);
+	ref->domains = TALLOC_REALLOC_ARRAY(mem_ctx, ref->domains,
+					    struct lsa_DomainInfo, ref->count);
+	if (!ref->domains) {
+		return -1;
+	}
 
-	init_dom_sid2(&ref->ref_dom[num].ref_dom, dom_sid );
+	init_lsa_StringLarge(&ref->domains[num].name, dom_name);
+	ref->domains[num].sid = sid_dup_talloc(mem_ctx, dom_sid);
+	if (!ref->domains[num].sid) {
+		return -1;
+	}
 
 	return num;
 }
 
+
+/*******************************************************************
+ Function to free the per handle data.
+ ********************************************************************/
+
+static void free_lsa_info(void *ptr)
+{
+	struct lsa_info *lsa = (struct lsa_info *)ptr;
+
+	SAFE_FREE(lsa);
+}
+
+/***************************************************************************
+ initialize a lsa_DomainInfo structure.
+ ***************************************************************************/
+
+static void init_dom_query_3(struct lsa_DomainInfo *r,
+			     const char *name,
+			     DOM_SID *sid)
+{
+	init_lsa_StringLarge(&r->name, name);
+	r->sid = sid;
+}
+
+/***************************************************************************
+ initialize a lsa_DomainInfo structure.
+ ***************************************************************************/
+
+static void init_dom_query_5(struct lsa_DomainInfo *r,
+			     const char *name,
+			     DOM_SID *sid)
+{
+	init_lsa_StringLarge(&r->name, name);
+	r->sid = sid;
+}
+
 /***************************************************************************
  lookup_lsa_rids. Must be called as root for lookup_name to work.
  ***************************************************************************/
 
 static NTSTATUS lookup_lsa_rids(TALLOC_CTX *mem_ctx,
-			DOM_R_REF *ref,
-			DOM_RID *prid,
-			uint32 num_entries,
-			const UNISTR2 *name,
-			int flags,
-			uint32 *pmapped_count)
+				struct lsa_RefDomainList *ref,
+				struct lsa_TranslatedSid *prid,
+				uint32_t num_entries,
+				struct lsa_String *name,
+				int flags,
+				uint32_t *pmapped_count)
 {
 	uint32 mapped_count, i;
 
@@ -161,15 +150,14 @@ static NTSTATUS lookup_lsa_rids(TALLOC_CTX *mem_ctx,
 		DOM_SID sid;
 		uint32 rid;
 		int dom_idx;
-		char *full_name;
+		const char *full_name;
 		const char *domain;
 		enum lsa_SidType type = SID_NAME_UNKNOWN;
 
 		/* Split name into domain and user component */
 
-		full_name = rpcstr_pull_unistr2_talloc(mem_ctx, &name[i]);
+		full_name = name[i].string;
 		if (full_name == NULL) {
-			DEBUG(0, ("pull_ucs2_talloc failed\n"));
 			return NT_STATUS_NO_MEMORY;
 		}
 
@@ -202,11 +190,11 @@ static NTSTATUS lookup_lsa_rids(TALLOC_CTX *mem_ctx,
 
 		if (type != SID_NAME_UNKNOWN) {
 			sid_split_rid(&sid, &rid);
-			dom_idx = init_dom_ref(ref, domain, &sid);
+			dom_idx = init_lsa_ref_domain_list(mem_ctx, ref, domain, &sid);
 			mapped_count++;
 		}
 
-		init_dom_rid(&prid[i], rid, type, dom_idx);
+		init_lsa_translated_sid(&prid[i], type, rid, dom_idx);
 	}
 
 	*pmapped_count = mapped_count;
@@ -218,12 +206,12 @@ static NTSTATUS lookup_lsa_rids(TALLOC_CTX *mem_ctx,
  ***************************************************************************/
 
 static NTSTATUS lookup_lsa_sids(TALLOC_CTX *mem_ctx,
-			DOM_R_REF *ref,
-			LSA_TRANSLATED_SID3 *trans_sids,
-			uint32 num_entries,
-			const UNISTR2 *name,
-			int flags,
-			uint32 *pmapped_count)
+				struct lsa_RefDomainList *ref,
+				struct lsa_TranslatedSid3 *trans_sids,
+				uint32_t num_entries,
+				struct lsa_String *name,
+				int flags,
+				uint32 *pmapped_count)
 {
 	uint32 mapped_count, i;
 
@@ -236,15 +224,14 @@ static NTSTATUS lookup_lsa_sids(TALLOC_CTX *mem_ctx,
 		DOM_SID sid;
 		uint32 rid;
 		int dom_idx;
-		char *full_name;
+		const char *full_name;
 		const char *domain;
 		enum lsa_SidType type = SID_NAME_UNKNOWN;
 
 		/* Split name into domain and user component */
 
-		full_name = rpcstr_pull_unistr2_talloc(mem_ctx, &name[i]);
+		full_name = name[i].string;
 		if (full_name == NULL) {
-			DEBUG(0, ("pull_ucs2_talloc failed\n"));
 			return NT_STATUS_NO_MEMORY;
 		}
 
@@ -279,164 +266,20 @@ static NTSTATUS lookup_lsa_sids(TALLOC_CTX *mem_ctx,
 			DOM_SID domain_sid;
 			sid_copy(&domain_sid, &sid);
 			sid_split_rid(&domain_sid, &rid);
-			dom_idx = init_dom_ref(ref, domain, &domain_sid);
+			dom_idx = init_lsa_ref_domain_list(mem_ctx, ref, domain, &domain_sid);
 			mapped_count++;
 		}
 
-		/* Initialize the LSA_TRANSLATED_SID3 return. */
+		/* Initialize the lsa_TranslatedSid3 return. */
 		trans_sids[i].sid_type = type;
-		trans_sids[i].sid2 = TALLOC_P(mem_ctx, DOM_SID2);
-		if (trans_sids[i].sid2 == NULL) {
-			return NT_STATUS_NO_MEMORY;
-		}
-		init_dom_sid2(trans_sids[i].sid2, &sid);
-		trans_sids[i].sid_idx = dom_idx;
+		trans_sids[i].sid = sid_dup_talloc(mem_ctx, &sid);
+		trans_sids[i].sid_index = dom_idx;
 	}
 
 	*pmapped_count = mapped_count;
 	return NT_STATUS_OK;
 }
 
-/***************************************************************************
- init_reply_lookup_names
- ***************************************************************************/
-
-static void init_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l,
-                DOM_R_REF *ref, uint32 num_entries,
-                DOM_RID *rid, uint32 mapped_count)
-{
-	r_l->ptr_dom_ref  = 1;
-	r_l->dom_ref      = ref;
-
-	r_l->num_entries  = num_entries;
-	r_l->ptr_entries  = 1;
-	r_l->num_entries2 = num_entries;
-	r_l->dom_rid      = rid;
-
-	r_l->mapped_count = mapped_count;
-}
-
-/***************************************************************************
- init_reply_lookup_names2
- ***************************************************************************/
-
-static void init_reply_lookup_names2(LSA_R_LOOKUP_NAMES2 *r_l,
-                DOM_R_REF *ref, uint32 num_entries,
-                DOM_RID2 *rid, uint32 mapped_count)
-{
-	r_l->ptr_dom_ref  = 1;
-	r_l->dom_ref      = ref;
-
-	r_l->num_entries  = num_entries;
-	r_l->ptr_entries  = 1;
-	r_l->num_entries2 = num_entries;
-	r_l->dom_rid      = rid;
-
-	r_l->mapped_count = mapped_count;
-}
-
-/***************************************************************************
- init_reply_lookup_names3
- ***************************************************************************/
-
-static void init_reply_lookup_names3(LSA_R_LOOKUP_NAMES3 *r_l,
-                DOM_R_REF *ref, uint32 num_entries,
-                LSA_TRANSLATED_SID3 *trans_sids, uint32 mapped_count)
-{
-	r_l->ptr_dom_ref  = 1;
-	r_l->dom_ref      = ref;
-
-	r_l->num_entries  = num_entries;
-	r_l->ptr_entries  = 1;
-	r_l->num_entries2 = num_entries;
-	r_l->trans_sids   = trans_sids;
-
-	r_l->mapped_count = mapped_count;
-}
-
-/***************************************************************************
- init_reply_lookup_names4
- ***************************************************************************/
-
-static void init_reply_lookup_names4(LSA_R_LOOKUP_NAMES4 *r_l,
-                DOM_R_REF *ref, uint32 num_entries,
-                LSA_TRANSLATED_SID3 *trans_sids, uint32 mapped_count)
-{
-	r_l->ptr_dom_ref  = 1;
-	r_l->dom_ref      = ref;
-
-	r_l->num_entries  = num_entries;
-	r_l->ptr_entries  = 1;
-	r_l->num_entries2 = num_entries;
-	r_l->trans_sids   = trans_sids;
-
-	r_l->mapped_count = mapped_count;
-}
-
-/***************************************************************************
- Init_reply_lookup_sids.
- ***************************************************************************/
-
-static void init_reply_lookup_sids2(LSA_R_LOOKUP_SIDS2 *r_l,
-				DOM_R_REF *ref,
-				uint32 mapped_count)
-{
-	r_l->ptr_dom_ref  = ref ? 1 : 0;
-	r_l->dom_ref      = ref;
-	r_l->mapped_count = mapped_count;
-}
-
-/***************************************************************************
- Init_reply_lookup_sids.
- ***************************************************************************/
-
-static void init_reply_lookup_sids3(LSA_R_LOOKUP_SIDS3 *r_l,
-				DOM_R_REF *ref,
-				uint32 mapped_count)
-{
-	r_l->ptr_dom_ref  = ref ? 1 : 0;
-	r_l->dom_ref      = ref;
-	r_l->mapped_count = mapped_count;
-}
-
-/***************************************************************************
- Init_reply_lookup_sids.
- ***************************************************************************/
-
-static NTSTATUS init_reply_lookup_sids(TALLOC_CTX *mem_ctx,
-				LSA_R_LOOKUP_SIDS *r_l,
-				DOM_R_REF *ref,
-				LSA_TRANS_NAME_ENUM2 *names,
-				uint32 mapped_count)
-{
-	LSA_TRANS_NAME_ENUM *oldnames = &r_l->names;
-
-	oldnames->num_entries = names->num_entries;
-	oldnames->ptr_trans_names = names->ptr_trans_names;
-	oldnames->num_entries2 = names->num_entries2;
-	oldnames->uni_name = names->uni_name;
-
-	if (names->num_entries) {
-		int i;
-
-		oldnames->name = TALLOC_ARRAY(mem_ctx, LSA_TRANS_NAME, names->num_entries);
-
-		if (!oldnames->name) {
-			return NT_STATUS_NO_MEMORY;
-		}
-		for (i = 0; i < names->num_entries; i++) {
-			oldnames->name[i].sid_name_use = names->name[i].sid_name_use;
-			oldnames->name[i].hdr_name = names->name[i].hdr_name;
-			oldnames->name[i].domain_idx = names->name[i].domain_idx;
-		}
-	}
-
-	r_l->ptr_dom_ref  = ref ? 1 : 0;
-	r_l->dom_ref      = ref;
-	r_l->mapped_count = mapped_count;
-	return NT_STATUS_OK;
-}
-
 static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *sd_size)
 {
 	DOM_SID local_adm_sid;
@@ -447,17 +290,17 @@ static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s
 
 	SEC_ACL *psa = NULL;
 
-	init_sec_access(&mask, POLICY_EXECUTE);
+	init_sec_access(&mask, LSA_POLICY_EXECUTE);
 	init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
 
 	sid_copy(&adm_sid, get_global_sam_sid());
 	sid_append_rid(&adm_sid, DOMAIN_GROUP_RID_ADMINS);
-	init_sec_access(&mask, POLICY_ALL_ACCESS);
+	init_sec_access(&mask, LSA_POLICY_ALL_ACCESS);
 	init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
 
 	sid_copy(&local_adm_sid, &global_sid_Builtin);
 	sid_append_rid(&local_adm_sid, BUILTIN_ALIAS_RID_ADMINS);
-	init_sec_access(&mask, POLICY_ALL_ACCESS);
+	init_sec_access(&mask, LSA_POLICY_ALL_ACCESS);
 	init_sec_ace(&ace[2], &local_adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
 
 	if((psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
@@ -487,7 +330,7 @@ static void init_dns_dom_info(LSA_DNS_DOM_INFO *r_l, const char *nb_name,
 		r_l->hdr_nb_dom_name.uni_max_len += 2;
 		r_l->uni_nb_dom_name.uni_max_len += 1;
 	}
-	
+
 	if (dns_name && *dns_name) {
 		init_unistr2(&r_l->uni_dns_dom_name, dns_name, UNI_FLAGS_NONE);
 		init_uni_hdr(&r_l->hdr_dns_dom_name, &r_l->uni_dns_dom_name);
@@ -506,7 +349,7 @@ static void init_dns_dom_info(LSA_DNS_DOM_INFO *r_l, const char *nb_name,
 	if (dom_guid) {
 		memcpy(&r_l->dom_guid, dom_guid, sizeof(struct GUID));
 	}
-	
+
 	if (dom_sid) {
 		r_l->ptr_dom_sid = 1;
 		init_dom_sid2(&r_l->dom_sid, dom_sid);
@@ -516,15 +359,16 @@ static void init_dns_dom_info(LSA_DNS_DOM_INFO *r_l, const char *nb_name,
 
 
 /***************************************************************************
- _lsa_open_policy2.
+ _lsa_OpenPolicy2
  ***************************************************************************/
 
-NTSTATUS _lsa_open_policy2(pipes_struct *p, LSA_Q_OPEN_POL2 *q_u, LSA_R_OPEN_POL2 *r_u)
+NTSTATUS _lsa_OpenPolicy2(pipes_struct *p,
+			  struct lsa_OpenPolicy2 *r)
 {
 	struct lsa_info *info;
 	SEC_DESC *psd = NULL;
 	size_t sd_size;
-	uint32 des_access=q_u->des_access;
+	uint32 des_access = r->in.access_mask;
 	uint32 acc_granted;
 	NTSTATUS status;
 
@@ -547,7 +391,7 @@ NTSTATUS _lsa_open_policy2(pipes_struct *p, LSA_Q_OPEN_POL2 *q_u, LSA_R_OPEN_POL
 	/* This is needed for lsa_open_account and rpcclient .... :-) */
 
 	if (p->pipe_user.ut.uid == sec_initial_uid())
-		acc_granted = POLICY_ALL_ACCESS;
+		acc_granted = LSA_POLICY_ALL_ACCESS;
 
 	/* associate the domain SID with the (unique) handle. */
 	if ((info = SMB_MALLOC_P(struct lsa_info)) == NULL)
@@ -558,22 +402,23 @@ NTSTATUS _lsa_open_policy2(pipes_struct *p, LSA_Q_OPEN_POL2 *q_u, LSA_R_OPEN_POL
 	info->access = acc_granted;
 
 	/* set up the LSA QUERY INFO response */
-	if (!create_policy_hnd(p, &r_u->pol, free_lsa_info, (void *)info))
+	if (!create_policy_hnd(p, r->out.handle, free_lsa_info, (void *)info))
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 
 	return NT_STATUS_OK;
 }
 
 /***************************************************************************
- _lsa_open_policy
+ _lsa_OpenPolicy
  ***************************************************************************/
 
-NTSTATUS _lsa_open_policy(pipes_struct *p, LSA_Q_OPEN_POL *q_u, LSA_R_OPEN_POL *r_u)
+NTSTATUS _lsa_OpenPolicy(pipes_struct *p,
+			 struct lsa_OpenPolicy *r)
 {
 	struct lsa_info *info;
 	SEC_DESC *psd = NULL;
 	size_t sd_size;
-	uint32 des_access=q_u->des_access;
+	uint32 des_access= r->in.access_mask;
 	uint32 acc_granted;
 	NTSTATUS status;
 
@@ -603,23 +448,25 @@ NTSTATUS _lsa_open_policy(pipes_struct *p, LSA_Q_OPEN_POL *q_u, LSA_R_OPEN_POL *
 	info->access = acc_granted;
 
 	/* set up the LSA QUERY INFO response */
-	if (!create_policy_hnd(p, &r_u->pol, free_lsa_info, (void *)info))
+	if (!create_policy_hnd(p, r->out.handle, free_lsa_info, (void *)info))
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 
 	return NT_STATUS_OK;
 }
 
 /***************************************************************************
- _lsa_enum_trust_dom - this needs fixing to do more than return NULL ! JRA.
+ _lsa_EnumTrustDom - this needs fixing to do more than return NULL ! JRA.
  ufff, done :)  mimir
  ***************************************************************************/
 
-NTSTATUS _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u,
-			     LSA_R_ENUM_TRUST_DOM *r_u)
+NTSTATUS _lsa_EnumTrustDom(pipes_struct *p,
+			   struct lsa_EnumTrustDom *r)
 {
 	struct lsa_info *info;
 	uint32 next_idx;
 	struct trustdom_info **domains;
+	struct lsa_DomainInfo *lsa_domains = NULL;
+	int i;
 
 	/*
 	 * preferred length is set to 5 as a "our" preferred length
@@ -628,16 +475,16 @@ NTSTATUS _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u,
 	 * it needs further investigation how to optimally choose this value
 	 */
 	uint32 max_num_domains =
-		q_u->preferred_len < 5 ? q_u->preferred_len : 10;
+		r->in.max_size < 5 ? r->in.max_size : 10;
 	uint32 num_domains;
 	NTSTATUS nt_status;
 	uint32 num_thistime;
 
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
 	/* check if the user have enough rights */
-	if (!(info->access & POLICY_VIEW_LOCAL_INFORMATION))
+	if (!(info->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
 		return NT_STATUS_ACCESS_DENIED;
 
 	nt_status = pdb_enum_trusteddoms(p->mem_ctx, &num_domains, &domains);
@@ -646,81 +493,105 @@ NTSTATUS _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u,
 		return nt_status;
 	}
 
-	if (q_u->enum_context < num_domains) {
+	if (*r->in.resume_handle < num_domains) {
 		num_thistime = MIN(num_domains, max_num_domains);
 
-		r_u->status = STATUS_MORE_ENTRIES;
+		nt_status = STATUS_MORE_ENTRIES;
 
-		if (q_u->enum_context + num_thistime > num_domains) {
-			num_thistime = num_domains - q_u->enum_context;
-			r_u->status = NT_STATUS_OK;
+		if (*r->in.resume_handle + num_thistime > num_domains) {
+			num_thistime = num_domains - *r->in.resume_handle;
+			nt_status = NT_STATUS_OK;
 		}
 
-		next_idx = q_u->enum_context + num_thistime;
+		next_idx = *r->in.resume_handle + num_thistime;
 	} else {
 		num_thistime = 0;
 		next_idx = 0xffffffff;
-		r_u->status = NT_STATUS_NO_MORE_ENTRIES;
+		nt_status = NT_STATUS_NO_MORE_ENTRIES;
 	}
-		
+
 	/* set up the lsa_enum_trust_dom response */
 
-	init_r_enum_trust_dom(p->mem_ctx, r_u, next_idx,
-			      num_thistime, domains+q_u->enum_context);
+	lsa_domains = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_DomainInfo,
+					num_thistime);
+	if (!lsa_domains) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
-	return r_u->status;
+	for (i=0; i<num_thistime; i++) {
+		init_lsa_StringLarge(&lsa_domains[i].name, domains[i]->name);
+		lsa_domains[i].sid = &domains[i]->sid;
+	}
+
+	*r->out.resume_handle = next_idx;
+	r->out.domains->count = num_thistime;
+	r->out.domains->domains = lsa_domains;
+
+	return nt_status;
 }
 
+#define LSA_AUDIT_NUM_CATEGORIES_NT4	7
+#define LSA_AUDIT_NUM_CATEGORIES_WIN2K	9
+#define LSA_AUDIT_NUM_CATEGORIES LSA_AUDIT_NUM_CATEGORIES_NT4
+
 /***************************************************************************
- _lsa_query_info. See the POLICY_INFOMATION_CLASS docs at msdn.
+ _lsa_QueryInfoPolicy
  ***************************************************************************/
 
-NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INFO *r_u)
+NTSTATUS _lsa_QueryInfoPolicy(pipes_struct *p,
+			      struct lsa_QueryInfoPolicy *r)
 {
+	NTSTATUS status = NT_STATUS_OK;
 	struct lsa_info *handle;
-	LSA_INFO_CTR *ctr = &r_u->ctr;
 	DOM_SID domain_sid;
 	const char *name;
 	DOM_SID *sid = NULL;
+	union lsa_PolicyInformation *info = NULL;
 
-	r_u->status = NT_STATUS_OK;
-
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle))
+	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
 		return NT_STATUS_INVALID_HANDLE;
 
-	switch (q_u->info_class) {
+	info = TALLOC_ZERO_P(p->mem_ctx, union lsa_PolicyInformation);
+	if (!info) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	switch (r->in.level) {
 	case 0x02:
 		{
 
 		uint32 policy_def = LSA_AUDIT_POLICY_ALL;
-		
+
 		/* check if the user have enough rights */
-		if (!(handle->access & POLICY_VIEW_AUDIT_INFORMATION)) {
-			DEBUG(10,("_lsa_query_info: insufficient access rights\n"));
+		if (!(handle->access & LSA_POLICY_VIEW_AUDIT_INFORMATION)) {
+			DEBUG(10,("_lsa_QueryInfoPolicy: insufficient access rights\n"));
 			return NT_STATUS_ACCESS_DENIED;
 		}
 
 		/* fake info: We audit everything. ;) */
-		ctr->info.id2.ptr = 1;
-		ctr->info.id2.auditing_enabled = True;
-		ctr->info.id2.count1 = ctr->info.id2.count2 = LSA_AUDIT_NUM_CATEGORIES;
 
-		if ((ctr->info.id2.auditsettings = TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, LSA_AUDIT_NUM_CATEGORIES)) == NULL)
+		info->audit_events.auditing_mode = true;
+		info->audit_events.count = LSA_AUDIT_NUM_CATEGORIES;
+		info->audit_events.settings = TALLOC_ZERO_ARRAY(p->mem_ctx,
+								enum lsa_PolicyAuditPolicy,
+								info->audit_events.count);
+		if (!info->audit_events.settings) {
 			return NT_STATUS_NO_MEMORY;
+		}
 
-		ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT] = policy_def;
-		ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS] = policy_def; 
-		ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_LOGON] = policy_def; 
-		ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_PROCCESS_TRACKING] = policy_def; 
-		ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES] = policy_def;
-		ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_SYSTEM] = policy_def;
-		ctr->info.id2.auditsettings[LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS] = policy_def; 
+		info->audit_events.settings[LSA_AUDIT_CATEGORY_ACCOUNT_MANAGEMENT] = policy_def;
+		info->audit_events.settings[LSA_AUDIT_CATEGORY_FILE_AND_OBJECT_ACCESS] = policy_def;
+		info->audit_events.settings[LSA_AUDIT_CATEGORY_LOGON] = policy_def;
+		info->audit_events.settings[LSA_AUDIT_CATEGORY_PROCCESS_TRACKING] = policy_def;
+		info->audit_events.settings[LSA_AUDIT_CATEGORY_SECURITY_POLICY_CHANGES] = policy_def;
+		info->audit_events.settings[LSA_AUDIT_CATEGORY_SYSTEM] = policy_def;
+		info->audit_events.settings[LSA_AUDIT_CATEGORY_USE_OF_USER_RIGHTS] = policy_def;
 
 		break;
 		}
 	case 0x03:
 		/* check if the user have enough rights */
-		if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+		if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
 			return NT_STATUS_ACCESS_DENIED;
 
 		/* Request PolicyPrimaryDomainInformation. */
@@ -745,21 +616,22 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF
 			default:
 				return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
 		}
-		init_dom_query_3(&r_u->ctr.info.id3, name, sid);
+		init_dom_query_3(&info->domain, name, sid);
 		break;
 	case 0x05:
 		/* check if the user have enough rights */
-		if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+		if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
 			return NT_STATUS_ACCESS_DENIED;
 
 		/* Request PolicyAccountDomainInformation. */
 		name = get_global_sam_name();
 		sid = get_global_sam_sid();
-		init_dom_query_5(&r_u->ctr.info.id5, name, sid);
+
+		init_dom_query_5(&info->account_domain, name, sid);
 		break;
 	case 0x06:
 		/* check if the user have enough rights */
-		if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+		if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
 			return NT_STATUS_ACCESS_DENIED;
 
 		switch (lp_server_role()) {
@@ -768,29 +640,27 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF
 				 * only a BDC is a backup controller
 				 * of the domain, it controls.
 				 */
-				ctr->info.id6.server_role = 2;
+				info->role.role = 2;
 				break;
 			default:
 				/*
 				 * any other role is a primary
 				 * of the domain, it controls.
 				 */
-				ctr->info.id6.server_role = 3;
-				break; 
+				info->role.role = 3;
+				break;
 		}
 		break;
 	default:
-		DEBUG(0,("_lsa_query_info: unknown info level in Lsa Query: %d\n", q_u->info_class));
-		r_u->status = NT_STATUS_INVALID_INFO_CLASS;
+		DEBUG(0,("_lsa_QueryInfoPolicy: unknown info level in Lsa Query: %d\n",
+			r->in.level));
+		status = NT_STATUS_INVALID_INFO_CLASS;
 		break;
 	}
 
-	if (NT_STATUS_IS_OK(r_u->status)) {
-		r_u->dom_ptr = 0x22000000; /* bizarre */
-		ctr->info_class = q_u->info_class;
-	}
+	*r->out.info = info;
 
-	return r_u->status;
+	return status;
 }
 
 /***************************************************************************
@@ -798,38 +668,40 @@ NTSTATUS _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INF
  ***************************************************************************/
 
 static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
-				uint16 level,				/* input */
-				int num_sids,				/* input */
-				const DOM_SID2 *sid,			/* input */
-				DOM_R_REF **pp_ref,			/* output */
-				LSA_TRANS_NAME_ENUM2 *names,		/* input/output */
-				uint32 *pp_mapped_count)
+					  TALLOC_CTX *mem_ctx,
+					  uint16_t level,			/* input */
+					  int num_sids,				/* input */
+					  struct lsa_SidPtr *sid,		/* input */
+					  struct lsa_RefDomainList **pp_ref,	/* input/output */
+					  struct lsa_TranslatedName2 **pp_names,/* input/output */
+					  uint32_t *pp_mapped_count)		/* input/output */
 {
 	NTSTATUS status;
 	int i;
 	const DOM_SID **sids = NULL;
-	DOM_R_REF *ref = NULL;
+	struct lsa_RefDomainList *ref = NULL;
 	uint32 mapped_count = 0;
 	struct lsa_dom_info *dom_infos = NULL;
 	struct lsa_name_info *name_infos = NULL;
+	struct lsa_TranslatedName2 *names = NULL;
 
 	*pp_mapped_count = 0;
+	*pp_names = NULL;
 	*pp_ref = NULL;
-	ZERO_STRUCTP(names);
 
 	if (num_sids == 0) {
 		return NT_STATUS_OK;
 	}
 
 	sids = TALLOC_ARRAY(p->mem_ctx, const DOM_SID *, num_sids);
-	ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
+	ref = TALLOC_ZERO_P(p->mem_ctx, struct lsa_RefDomainList);
 
 	if (sids == NULL || ref == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
 	for (i=0; i<num_sids; i++) {
-		sids[i] = &sid[i].sid;
+		sids[i] = sid[i].sid;
 	}
 
 	status = lookup_sids(p->mem_ctx, num_sids, sids, level,
@@ -839,9 +711,8 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
 		return status;
 	}
 
-	names->name = TALLOC_ARRAY(p->mem_ctx, LSA_TRANS_NAME2, num_sids);
-	names->uni_name = TALLOC_ARRAY(p->mem_ctx, UNISTR2, num_sids);
-	if ((names->name == NULL) || (names->uni_name == NULL)) {
+	names = TALLOC_ARRAY(p->mem_ctx, struct lsa_TranslatedName2, num_sids);
+	if (names == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
@@ -851,8 +722,9 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
 			break;
 		}
 
-		if (init_dom_ref(ref, dom_infos[i].name,
-				 &dom_infos[i].sid) != i) {
+		if (init_lsa_ref_domain_list(mem_ctx, ref,
+					     dom_infos[i].name,
+					     &dom_infos[i].sid) != i) {
 			DEBUG(0, ("Domain %s mentioned twice??\n",
 				  dom_infos[i].name));
 			return NT_STATUS_INTERNAL_ERROR;
@@ -871,7 +743,7 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
 			 * RID as 8 bytes hex, in others it returns the full
 			 * SID. We (Jerry/VL) could not figure out which the
 			 * hard cases are, so leave it with the SID.  */
-			name->name = talloc_asprintf(p->mem_ctx, "%s", 
+			name->name = talloc_asprintf(p->mem_ctx, "%s",
 			                             sid_to_fstring(tmp,
 								    sids[i]));
 			if (name->name == NULL) {
@@ -880,13 +752,10 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
 		} else {
 			mapped_count += 1;
 		}
-		init_lsa_trans_name2(&names->name[i], &names->uni_name[i],
-				    name->type, name->name, name->dom_idx);
-	}
 
-	names->num_entries = num_sids;
-	names->ptr_trans_names = 1;
-	names->num_entries2 = num_sids;
+		init_lsa_translated_name2(&names[i], name->type,
+					  name->name, name->dom_idx, 0);
+	}
 
 	status = NT_STATUS_NONE_MAPPED;
 	if (mapped_count > 0) {
@@ -898,147 +767,173 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
 		   num_sids, mapped_count, nt_errstr(status)));
 
 	*pp_mapped_count = mapped_count;
+	*pp_names = names;
 	*pp_ref = ref;
 
 	return status;
 }
 
 /***************************************************************************
- _lsa_lookup_sids
+ _lsa_LookupSids
  ***************************************************************************/
 
-NTSTATUS _lsa_lookup_sids(pipes_struct *p,
-			  LSA_Q_LOOKUP_SIDS *q_u,
-			  LSA_R_LOOKUP_SIDS *r_u)
+NTSTATUS _lsa_LookupSids(pipes_struct *p,
+			 struct lsa_LookupSids *r)
 {
+	NTSTATUS status;
 	struct lsa_info *handle;
-	int num_sids = q_u->sids.num_entries;
+	int num_sids = r->in.sids->num_sids;
 	uint32 mapped_count = 0;
-	DOM_R_REF *ref = NULL;
-	LSA_TRANS_NAME_ENUM2 names;
-	NTSTATUS status;
+	struct lsa_RefDomainList *domains = NULL;
+	struct lsa_TranslatedName *names_out = NULL;
+	struct lsa_TranslatedName2 *names = NULL;
+	int i;
 
-	if ((q_u->level < 1) || (q_u->level > 6)) {
+	if ((r->in.level < 1) || (r->in.level > 6)) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) {
+	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) {
 		return NT_STATUS_INVALID_HANDLE;
 	}
 
 	/* check if the user has enough rights */
-	if (!(handle->access & POLICY_LOOKUP_NAMES)) {
+	if (!(handle->access & LSA_POLICY_LOOKUP_NAMES)) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
 	if (num_sids >  MAX_LOOKUP_SIDS) {
-		DEBUG(5,("_lsa_lookup_sids: limit of %d exceeded, requested %d\n",
+		DEBUG(5,("_lsa_LookupSids: limit of %d exceeded, requested %d\n",
 			 MAX_LOOKUP_SIDS, num_sids));
 		return NT_STATUS_NONE_MAPPED;
 	}
 
-	r_u->status = _lsa_lookup_sids_internal(p,
-						q_u->level,
-						num_sids, 
-						q_u->sids.sid,
-						&ref,
-						&names,
-						&mapped_count);
+	status = _lsa_lookup_sids_internal(p,
+					   p->mem_ctx,
+					   r->in.level,
+					   num_sids,
+					   r->in.sids->sids,
+					   &domains,
+					   &names,
+					   &mapped_count);
 
-	/* Convert from LSA_TRANS_NAME_ENUM2 to LSA_TRANS_NAME_ENUM */
+	/* Convert from lsa_TranslatedName2 to lsa_TranslatedName */
+	names_out = TALLOC_ARRAY(p->mem_ctx, struct lsa_TranslatedName,
+				 num_sids);
+	if (!names_out) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
-	status = init_reply_lookup_sids(p->mem_ctx, r_u, ref, &names, mapped_count);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
+	for (i=0; i<num_sids; i++) {
+		names_out[i].sid_type = names[i].sid_type;
+		names_out[i].name = names[i].name;
+		names_out[i].sid_index = names[i].sid_index;
 	}
-	return r_u->status;
+
+	*r->out.domains = domains;
+	r->out.names->count = num_sids;
+	r->out.names->names = names_out;
+	*r->out.count = mapped_count;
+
+	return status;
 }
 
 /***************************************************************************
- _lsa_lookup_sids2
+ _lsa_LookupSids2
  ***************************************************************************/
 
-NTSTATUS _lsa_lookup_sids2(pipes_struct *p,
-			  LSA_Q_LOOKUP_SIDS2 *q_u,
-			  LSA_R_LOOKUP_SIDS2 *r_u)
+NTSTATUS _lsa_LookupSids2(pipes_struct *p,
+			  struct lsa_LookupSids2 *r)
 {
+	NTSTATUS status;
 	struct lsa_info *handle;
-	int num_sids = q_u->sids.num_entries;
+	int num_sids = r->in.sids->num_sids;
 	uint32 mapped_count = 0;
-	DOM_R_REF *ref = NULL;
+	struct lsa_RefDomainList *domains = NULL;
+	struct lsa_TranslatedName2 *names = NULL;
+	bool check_policy = true;
 
-	if ((q_u->level < 1) || (q_u->level > 6)) {
-		return NT_STATUS_INVALID_PARAMETER;
+	switch (p->hdr_req.opnum) {
+		case NDR_LSA_LOOKUPSIDS3:
+			check_policy = false;
+			break;
+		case NDR_LSA_LOOKUPSIDS2:
+		default:
+			check_policy = true;
 	}
 
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) {
-		return NT_STATUS_INVALID_HANDLE;
+	if ((r->in.level < 1) || (r->in.level > 6)) {
+		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	/* check if the user have enough rights */
-	if (!(handle->access & POLICY_LOOKUP_NAMES)) {
-		return NT_STATUS_ACCESS_DENIED;
+	if (check_policy) {
+		if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) {
+			return NT_STATUS_INVALID_HANDLE;
+		}
+
+		/* check if the user have enough rights */
+		if (!(handle->access & LSA_POLICY_LOOKUP_NAMES)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
 	}
 
 	if (num_sids >  MAX_LOOKUP_SIDS) {
-		DEBUG(5,("_lsa_lookup_sids2: limit of %d exceeded, requested %d\n",
+		DEBUG(5,("_lsa_LookupSids2: limit of %d exceeded, requested %d\n",
 			 MAX_LOOKUP_SIDS, num_sids));
 		return NT_STATUS_NONE_MAPPED;
 	}
 
-	r_u->status = _lsa_lookup_sids_internal(p,
-						q_u->level,
-						num_sids, 
-						q_u->sids.sid,
-						&ref,
-						&r_u->names,
-						&mapped_count);
+	status = _lsa_lookup_sids_internal(p,
+					   p->mem_ctx,
+					   r->in.level,
+					   num_sids,
+					   r->in.sids->sids,
+					   &domains,
+					   &names,
+					   &mapped_count);
 
-	init_reply_lookup_sids2(r_u, ref, mapped_count);
-	return r_u->status;
+	*r->out.domains = domains;
+	r->out.names->count = num_sids;
+	r->out.names->names = names;
+	*r->out.count = mapped_count;
+
+	return status;
 }
 
 /***************************************************************************
- _lsa_lookup_sida3
+ _lsa_LookupSids3
  ***************************************************************************/
 
-NTSTATUS _lsa_lookup_sids3(pipes_struct *p,
-			  LSA_Q_LOOKUP_SIDS3 *q_u,
-			  LSA_R_LOOKUP_SIDS3 *r_u)
+NTSTATUS _lsa_LookupSids3(pipes_struct *p,
+			  struct lsa_LookupSids3 *r)
 {
-	int num_sids = q_u->sids.num_entries;
-	uint32 mapped_count = 0;
-	DOM_R_REF *ref = NULL;
-
-	if ((q_u->level < 1) || (q_u->level > 6)) {
-		return NT_STATUS_INVALID_PARAMETER;
-	}
+	struct lsa_LookupSids2 q;
 
 	/* No policy handle on this call. Restrict to crypto connections. */
 	if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
-		DEBUG(0,("_lsa_lookup_sids3: client %s not using schannel for netlogon\n",
+		DEBUG(0,("_lsa_LookupSids3: client %s not using schannel for netlogon\n",
 			get_remote_machine_name() ));
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	if (num_sids >  MAX_LOOKUP_SIDS) {
-		DEBUG(5,("_lsa_lookup_sids3: limit of %d exceeded, requested %d\n",
-			 MAX_LOOKUP_SIDS, num_sids));
-		return NT_STATUS_NONE_MAPPED;
-	}
+	q.in.handle		= NULL;
+	q.in.sids		= r->in.sids;
+	q.in.level		= r->in.level;
+	q.in.unknown1		= r->in.unknown1;
+	q.in.unknown2		= r->in.unknown2;
+	q.in.names		= r->in.names;
+	q.in.count		= r->in.count;
 
-	r_u->status = _lsa_lookup_sids_internal(p,
-						q_u->level,
-						num_sids, 
-						q_u->sids.sid,
-						&ref,
-						&r_u->names,
-						&mapped_count);
+	q.out.domains		= r->out.domains;
+	q.out.names		= r->out.names;
+	q.out.count		= r->out.count;
 
-	init_reply_lookup_sids3(r_u, ref, mapped_count);
-	return r_u->status;
+	return _lsa_LookupSids2(p, &q);
 }
 
+/***************************************************************************
+ ***************************************************************************/
+
 static int lsa_lookup_level_to_flags(uint16 level)
 {
 	int flags;
@@ -1065,33 +960,37 @@ static int lsa_lookup_level_to_flags(uint16 level)
 }
 
 /***************************************************************************
-lsa_reply_lookup_names
+ _lsa_LookupNames
  ***************************************************************************/
 
-NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP_NAMES *r_u)
+NTSTATUS _lsa_LookupNames(pipes_struct *p,
+			  struct lsa_LookupNames *r)
 {
+	NTSTATUS status = NT_STATUS_NONE_MAPPED;
 	struct lsa_info *handle;
-	UNISTR2 *names = q_u->uni_name;
-	uint32 num_entries = q_u->num_entries;
-	DOM_R_REF *ref;
-	DOM_RID *rids;
+	struct lsa_String *names = r->in.names;
+	uint32 num_entries = r->in.num_names;
+	struct lsa_RefDomainList *domains = NULL;
+	struct lsa_TranslatedSid *rids = NULL;
 	uint32 mapped_count = 0;
 	int flags = 0;
 
 	if (num_entries >  MAX_LOOKUP_SIDS) {
 		num_entries = MAX_LOOKUP_SIDS;
-		DEBUG(5,("_lsa_lookup_names: truncating name lookup list to %d\n", num_entries));
+		DEBUG(5,("_lsa_LookupNames: truncating name lookup list to %d\n",
+			num_entries));
 	}
-		
-	flags = lsa_lookup_level_to_flags(q_u->lookup_level);
 
-	ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
-	if (!ref) {
+	flags = lsa_lookup_level_to_flags(r->in.level);
+
+	domains = TALLOC_ZERO_P(p->mem_ctx, struct lsa_RefDomainList);
+	if (!domains) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
 	if (num_entries) {
-		rids = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID, num_entries);
+		rids = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_TranslatedSid,
+					 num_entries);
 		if (!rids) {
 			return NT_STATUS_NO_MEMORY;
 		}
@@ -1099,146 +998,136 @@ NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP
 		rids = NULL;
 	}
 
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) {
-		r_u->status = NT_STATUS_INVALID_HANDLE;
+	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) {
+		status = NT_STATUS_INVALID_HANDLE;
 		goto done;
 	}
 
 	/* check if the user have enough rights */
-	if (!(handle->access & POLICY_LOOKUP_NAMES)) {
-		r_u->status = NT_STATUS_ACCESS_DENIED;
+	if (!(handle->access & LSA_POLICY_LOOKUP_NAMES)) {
+		status = NT_STATUS_ACCESS_DENIED;
 		goto done;
 	}
 
 	/* set up the LSA Lookup RIDs response */
 	become_root(); /* lookup_name can require root privs */
-	r_u->status = lookup_lsa_rids(p->mem_ctx, ref, rids, num_entries,
-				      names, flags, &mapped_count);
+	status = lookup_lsa_rids(p->mem_ctx, domains, rids, num_entries,
+				 names, flags, &mapped_count);
 	unbecome_root();
 
 done:
 
-	if (NT_STATUS_IS_OK(r_u->status) && (num_entries != 0) ) {
-		if (mapped_count == 0)
-			r_u->status = NT_STATUS_NONE_MAPPED;
-		else if (mapped_count != num_entries)
-			r_u->status = STATUS_SOME_UNMAPPED;
+	if (NT_STATUS_IS_OK(status) && (num_entries != 0) ) {
+		if (mapped_count == 0) {
+			status = NT_STATUS_NONE_MAPPED;
+		} else if (mapped_count != num_entries) {
+			status = STATUS_SOME_UNMAPPED;
+		}
 	}
 
-	init_reply_lookup_names(r_u, ref, num_entries, rids, mapped_count);
-	return r_u->status;
+	*r->out.count = num_entries;
+	*r->out.domains = domains;
+	r->out.sids->sids = rids;
+	r->out.sids->count = mapped_count;
+
+	return status;
 }
 
 /***************************************************************************
-lsa_reply_lookup_names2
+ _lsa_LookupNames2
  ***************************************************************************/
 
-NTSTATUS _lsa_lookup_names2(pipes_struct *p, LSA_Q_LOOKUP_NAMES2 *q_u, LSA_R_LOOKUP_NAMES2 *r_u)
+NTSTATUS _lsa_LookupNames2(pipes_struct *p,
+			   struct lsa_LookupNames2 *r)
 {
-	struct lsa_info *handle;
-	UNISTR2 *names = q_u->uni_name;
-	uint32 num_entries = q_u->num_entries;
-	DOM_R_REF *ref;
-	DOM_RID *rids;
-	DOM_RID2 *rids2;
-	int i;
-	uint32 mapped_count = 0;
-	int flags = 0;
-
-	if (num_entries >  MAX_LOOKUP_SIDS) {
-		num_entries = MAX_LOOKUP_SIDS;
-		DEBUG(5,("_lsa_lookup_names2: truncating name lookup list to %d\n", num_entries));
-	}
-
-	flags = lsa_lookup_level_to_flags(q_u->lookup_level);
+	NTSTATUS status;
+	struct lsa_LookupNames q;
+	struct lsa_TransSidArray2 *sid_array2 = r->in.sids;
+	struct lsa_TransSidArray *sid_array = NULL;
+	uint32_t i;
 
-	ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
-	if (ref == NULL) {
-		r_u->status = NT_STATUS_NO_MEMORY;
+	sid_array = TALLOC_ZERO_P(p->mem_ctx, struct lsa_TransSidArray);
+	if (!sid_array) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (num_entries) {
-		rids = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID, num_entries);
-		rids2 = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID2, num_entries);
-		if ((rids == NULL) || (rids2 == NULL)) {
-			r_u->status = NT_STATUS_NO_MEMORY;
-			return NT_STATUS_NO_MEMORY;
-		}
-	} else {
-		rids = NULL;
-		rids2 = NULL;
-	}
-
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) {
-		r_u->status = NT_STATUS_INVALID_HANDLE;
-		goto done;
-	}
-
-	/* check if the user have enough rights */
-	if (!(handle->access & POLICY_LOOKUP_NAMES)) {
-		r_u->status = NT_STATUS_ACCESS_DENIED;
-		goto done;
-	}
+	q.in.handle		= r->in.handle;
+	q.in.num_names		= r->in.num_names;
+	q.in.names		= r->in.names;
+	q.in.level		= r->in.level;
+	q.in.sids		= sid_array;
+	q.in.count		= r->in.count;
+	/* we do not know what this is for */
+	/*			= r->in.unknown1; */
+	/*			= r->in.unknown2; */
 
-	/* set up the LSA Lookup RIDs response */
-	become_root(); /* lookup_name can require root privs */
-	r_u->status = lookup_lsa_rids(p->mem_ctx, ref, rids, num_entries,
-				      names, flags, &mapped_count);
-	unbecome_root();
+	q.out.domains		= r->out.domains;
+	q.out.sids		= sid_array;
+	q.out.count		= r->out.count;
 
-done:
+	status = _lsa_LookupNames(p, &q);
 
-	if (NT_STATUS_IS_OK(r_u->status)) {
-		if (mapped_count == 0) {
-			r_u->status = NT_STATUS_NONE_MAPPED;
-		} else if (mapped_count != num_entries) {
-			r_u->status = STATUS_SOME_UNMAPPED;
-		}
+	sid_array2->sids = TALLOC_ARRAY(p->mem_ctx, struct lsa_TranslatedSid2, sid_array->count);
+	if (!sid_array2->sids) {
+		return NT_STATUS_NO_MEMORY;
 	}
 
-	/* Convert the rids array to rids2. */
-	for (i = 0; i < num_entries; i++) {
-		rids2[i].type = rids[i].type;
-		rids2[i].rid = rids[i].rid;
-		rids2[i].rid_idx = rids[i].rid_idx;
-		rids2[i].unknown = 0;
+	for (i=0; i<sid_array->count; i++) {
+		sid_array2->sids[i].sid_type  = sid_array->sids[i].sid_type;
+		sid_array2->sids[i].rid       = sid_array->sids[i].rid;
+		sid_array2->sids[i].sid_index = sid_array->sids[i].sid_index;
+		sid_array2->sids[i].unknown   = 0;
 	}
 
-	init_reply_lookup_names2(r_u, ref, num_entries, rids2, mapped_count);
-	return r_u->status;
+	r->out.sids = sid_array2;
+
+	return status;
 }
 
 /***************************************************************************
-lsa_reply_lookup_names3.
+ _lsa_LookupNames3
  ***************************************************************************/
 
-NTSTATUS _lsa_lookup_names3(pipes_struct *p, LSA_Q_LOOKUP_NAMES3 *q_u, LSA_R_LOOKUP_NAMES3 *r_u)
+NTSTATUS _lsa_LookupNames3(pipes_struct *p,
+			   struct lsa_LookupNames3 *r)
 {
+	NTSTATUS status;
 	struct lsa_info *handle;
-	UNISTR2 *names = q_u->uni_name;
-	uint32 num_entries = q_u->num_entries;
-	DOM_R_REF *ref = NULL;
-	LSA_TRANSLATED_SID3 *trans_sids = NULL;
+	struct lsa_String *names = r->in.names;
+	uint32 num_entries = r->in.num_names;
+	struct lsa_RefDomainList *domains = NULL;
+	struct lsa_TranslatedSid3 *trans_sids = NULL;
 	uint32 mapped_count = 0;
 	int flags = 0;
+	bool check_policy = true;
+
+	switch (p->hdr_req.opnum) {
+		case NDR_LSA_LOOKUPNAMES4:
+			check_policy = false;
+			break;
+		case NDR_LSA_LOOKUPNAMES3:
+		default:
+			check_policy = true;
+	}
 
 	if (num_entries >  MAX_LOOKUP_SIDS) {
 		num_entries = MAX_LOOKUP_SIDS;
-		DEBUG(5,("_lsa_lookup_names3: truncating name lookup list to %d\n", num_entries));
+		DEBUG(5,("_lsa_LookupNames3: truncating name lookup list to %d\n", num_entries));
 	}
-		
+
 	/* Probably the lookup_level is some sort of bitmask. */
-	if (q_u->lookup_level == 1) {
+	if (r->in.level == 1) {
 		flags = LOOKUP_NAME_ALL;
 	}
 
-	ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
-	if (ref == NULL) {
+	domains = TALLOC_ZERO_P(p->mem_ctx, struct lsa_RefDomainList);
+	if (!domains) {
 		return NT_STATUS_NO_MEMORY;
 	}
+
 	if (num_entries) {
-		trans_sids = TALLOC_ZERO_ARRAY(p->mem_ctx, LSA_TRANSLATED_SID3, num_entries);
+		trans_sids = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_TranslatedSid3,
+					       num_entries);
 		if (!trans_sids) {
 			return NT_STATUS_NO_MEMORY;
 		}
@@ -1246,59 +1135,52 @@ NTSTATUS _lsa_lookup_names3(pipes_struct *p, LSA_Q_LOOKUP_NAMES3 *q_u, LSA_R_LOO
 		trans_sids = NULL;
 	}
 
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) {
-		r_u->status = NT_STATUS_INVALID_HANDLE;
-		goto done;
-	}
+	if (check_policy) {
 
-	/* check if the user have enough rights */
-	if (!(handle->access & POLICY_LOOKUP_NAMES)) {
-		r_u->status = NT_STATUS_ACCESS_DENIED;
-		goto done;
+		if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle)) {
+			status = NT_STATUS_INVALID_HANDLE;
+			goto done;
+		}
+
+		/* check if the user have enough rights */
+		if (!(handle->access & LSA_POLICY_LOOKUP_NAMES)) {
+			status = NT_STATUS_ACCESS_DENIED;
+			goto done;
+		}
 	}
 
 	/* set up the LSA Lookup SIDs response */
 	become_root(); /* lookup_name can require root privs */
-	r_u->status = lookup_lsa_sids(p->mem_ctx, ref, trans_sids, num_entries,
-				      names, flags, &mapped_count);
+	status = lookup_lsa_sids(p->mem_ctx, domains, trans_sids, num_entries,
+				 names, flags, &mapped_count);
 	unbecome_root();
 
 done:
 
-	if (NT_STATUS_IS_OK(r_u->status)) {
+	if (NT_STATUS_IS_OK(status)) {
 		if (mapped_count == 0) {
-			r_u->status = NT_STATUS_NONE_MAPPED;
+			status = NT_STATUS_NONE_MAPPED;
 		} else if (mapped_count != num_entries) {
-			r_u->status = STATUS_SOME_UNMAPPED;
+			status = STATUS_SOME_UNMAPPED;
 		}
 	}
 
-	init_reply_lookup_names3(r_u, ref, num_entries, trans_sids, mapped_count);
-	return r_u->status;
+	*r->out.count = num_entries;
+	*r->out.domains = domains;
+	r->out.sids->sids = trans_sids;
+	r->out.sids->count = mapped_count;
+
+	return status;
 }
 
 /***************************************************************************
-lsa_reply_lookup_names4.
+ _lsa_LookupNames4
  ***************************************************************************/
 
-NTSTATUS _lsa_lookup_names4(pipes_struct *p, LSA_Q_LOOKUP_NAMES4 *q_u, LSA_R_LOOKUP_NAMES4 *r_u)
+NTSTATUS _lsa_LookupNames4(pipes_struct *p,
+			   struct lsa_LookupNames4 *r)
 {
-	UNISTR2 *names = q_u->uni_name;
-	uint32 num_entries = q_u->num_entries;
-	DOM_R_REF *ref = NULL;
-	LSA_TRANSLATED_SID3 *trans_sids = NULL;
-	uint32 mapped_count = 0;
-	int flags = 0;
-
-	if (num_entries >  MAX_LOOKUP_SIDS) {
-		num_entries = MAX_LOOKUP_SIDS;
-		DEBUG(5,("_lsa_lookup_names4: truncating name lookup list to %d\n", num_entries));
-	}
-		
-	/* Probably the lookup_level is some sort of bitmask. */
-	if (q_u->lookup_level == 1) {
-		flags = LOOKUP_NAME_ALL;
-	}
+	struct lsa_LookupNames3 q;
 
 	/* No policy handle on this call. Restrict to crypto connections. */
 	if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
@@ -1307,36 +1189,20 @@ NTSTATUS _lsa_lookup_names4(pipes_struct *p, LSA_Q_LOOKUP_NAMES4 *q_u, LSA_R_LOO
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
-	if (!ref) {
-		return NT_STATUS_NO_MEMORY;
-	}
+	q.in.handle		= NULL;
+	q.in.num_names		= r->in.num_names;
+	q.in.names		= r->in.names;
+	q.in.level		= r->in.level;
+	q.in.unknown1		= r->in.unknown1;
+	q.in.unknown2		= r->in.unknown2;
+	q.in.sids		= r->in.sids;
+	q.in.count		= r->in.count;
 
-	if (num_entries) {
-		trans_sids = TALLOC_ZERO_ARRAY(p->mem_ctx, LSA_TRANSLATED_SID3, num_entries);
-		if (!trans_sids) {
-			return NT_STATUS_NO_MEMORY;
-		}
-	} else {
-		trans_sids = NULL;
-	}
+	q.out.domains		= r->out.domains;
+	q.out.sids		= r->out.sids;
+	q.out.count		= r->out.count;
 
-	/* set up the LSA Lookup SIDs response */
-	become_root(); /* lookup_name can require root privs */
-	r_u->status = lookup_lsa_sids(p->mem_ctx, ref, trans_sids, num_entries,
-				      names, flags, &mapped_count);
-	unbecome_root();
-
-	if (NT_STATUS_IS_OK(r_u->status)) {
-		if (mapped_count == 0) {
-			r_u->status = NT_STATUS_NONE_MAPPED;
-		} else if (mapped_count != num_entries) {
-			r_u->status = STATUS_SOME_UNMAPPED;
-		}
-	}
-
-	init_reply_lookup_names4(r_u, ref, num_entries, trans_sids, mapped_count);
-	return r_u->status;
+	return _lsa_LookupNames3(p, &q);
 }
 
 /***************************************************************************
@@ -1394,86 +1260,94 @@ NTSTATUS _lsa_SetSecret(pipes_struct *p, struct lsa_SetSecret *r)
 }
 
 /***************************************************************************
+ _lsa_DeleteObject
  ***************************************************************************/
 
-NTSTATUS _lsa_delete_object(pipes_struct *p, LSA_Q_DELETE_OBJECT *q_u, LSA_R_DELETE_OBJECT *r_u)
+NTSTATUS _lsa_DeleteObject(pipes_struct *p,
+			   struct lsa_DeleteObject *r)
 {
 	return NT_STATUS_ACCESS_DENIED;
 }
 
 /***************************************************************************
-_lsa_enum_privs.
+ _lsa_EnumPrivs
  ***************************************************************************/
 
-NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIVS *r_u)
+NTSTATUS _lsa_EnumPrivs(pipes_struct *p,
+			struct lsa_EnumPrivs *r)
 {
 	struct lsa_info *handle;
 	uint32 i;
-	uint32 enum_context = q_u->enum_context;
+	uint32 enum_context = *r->in.resume_handle;
 	int num_privs = count_all_privileges();
-	LSA_PRIV_ENTRY *entries = NULL;
+	struct lsa_PrivEntry *entries = NULL;
 	LUID_ATTR luid;
 
 	/* remember that the enum_context starts at 0 and not 1 */
 
 	if ( enum_context >= num_privs )
 		return NT_STATUS_NO_MORE_ENTRIES;
-		
-	DEBUG(10,("_lsa_enum_privs: enum_context:%d total entries:%d\n", 
+
+	DEBUG(10,("_lsa_EnumPrivs: enum_context:%d total entries:%d\n",
 		enum_context, num_privs));
-	
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle))
+
+	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
 		return NT_STATUS_INVALID_HANDLE;
 
 	/* check if the user have enough rights
 	   I don't know if it's the right one. not documented.  */
 
-	if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+	if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
 		return NT_STATUS_ACCESS_DENIED;
 
 	if (num_privs) {
-		if ( !(entries = TALLOC_ZERO_ARRAY(p->mem_ctx, LSA_PRIV_ENTRY, num_privs )) )
+		entries = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_PrivEntry, num_privs);
+		if (!entries) {
 			return NT_STATUS_NO_MEMORY;
+		}
 	} else {
 		entries = NULL;
 	}
 
 	for (i = 0; i < num_privs; i++) {
 		if( i < enum_context) {
-			init_unistr2(&entries[i].name, NULL, UNI_FLAGS_NONE);
-			init_uni_hdr(&entries[i].hdr_name, &entries[i].name);
-			
-			entries[i].luid_low = 0;
-			entries[i].luid_high = 0;
+
+			init_lsa_StringLarge(&entries[i].name, NULL);
+
+			entries[i].luid.low = 0;
+			entries[i].luid.high = 0;
 		} else {
-			init_unistr2(&entries[i].name, privs[i].name, UNI_FLAGS_NONE);
-			init_uni_hdr(&entries[i].hdr_name, &entries[i].name);
-			
+
+			init_lsa_StringLarge(&entries[i].name, privs[i].name);
+
 			luid = get_privilege_luid( &privs[i].se_priv );
-			
-			entries[i].luid_low = luid.luid.low;
-			entries[i].luid_high = luid.luid.high;
+
+			entries[i].luid.low = luid.luid.low;
+			entries[i].luid.high = luid.luid.high;
 		}
 	}
 
 	enum_context = num_privs;
-	
-	init_lsa_r_enum_privs(r_u, enum_context, num_privs, entries);
+
+	*r->out.resume_handle = enum_context;
+	r->out.privs->count = num_privs;
+	r->out.privs->privs = entries;
 
 	return NT_STATUS_OK;
 }
 
 /***************************************************************************
-_lsa_priv_get_dispname.
+ _lsa_LookupPrivDisplayName
  ***************************************************************************/
 
-NTSTATUS _lsa_priv_get_dispname(pipes_struct *p, LSA_Q_PRIV_GET_DISPNAME *q_u, LSA_R_PRIV_GET_DISPNAME *r_u)
+NTSTATUS _lsa_LookupPrivDisplayName(pipes_struct *p,
+				    struct lsa_LookupPrivDisplayName *r)
 {
 	struct lsa_info *handle;
-	fstring name_asc;
 	const char *description;
+	struct lsa_StringLarge *lsa_name;
 
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle))
+	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
 		return NT_STATUS_INVALID_HANDLE;
 
 	/* check if the user have enough rights */
@@ -1481,50 +1355,49 @@ NTSTATUS _lsa_priv_get_dispname(pipes_struct *p, LSA_Q_PRIV_GET_DISPNAME *q_u, L
 	/*
 	 * I don't know if it's the right one. not documented.
 	 */
-	if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+	if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
 		return NT_STATUS_ACCESS_DENIED;
 
-	unistr2_to_ascii(name_asc, &q_u->name, sizeof(name_asc));
+	DEBUG(10,("_lsa_LookupPrivDisplayName: name = %s\n", r->in.name->string));
 
-	DEBUG(10,("_lsa_priv_get_dispname: name = %s\n", name_asc));
+	description = get_privilege_dispname(r->in.name->string);
+	if (!description) {
+		DEBUG(10,("_lsa_LookupPrivDisplayName: doesn't exist\n"));
+		return NT_STATUS_NO_SUCH_PRIVILEGE;
+	}
 
-	description = get_privilege_dispname( name_asc );
-	
-	if ( description ) {
-		DEBUG(10,("_lsa_priv_get_dispname: display name = %s\n", description));
-		
-		init_unistr2(&r_u->desc, description, UNI_FLAGS_NONE);
-		init_uni_hdr(&r_u->hdr_desc, &r_u->desc);
+	DEBUG(10,("_lsa_LookupPrivDisplayName: display name = %s\n", description));
 
-		r_u->ptr_info = 0xdeadbeef;
-		r_u->lang_id = q_u->lang_id;
-		
-		return NT_STATUS_OK;
-	} else {
-		DEBUG(10,("_lsa_priv_get_dispname: doesn't exist\n"));
-		
-		r_u->ptr_info = 0;
-		
-		return NT_STATUS_NO_SUCH_PRIVILEGE;
+	lsa_name = TALLOC_ZERO_P(p->mem_ctx, struct lsa_StringLarge);
+	if (!lsa_name) {
+		return NT_STATUS_NO_MEMORY;
 	}
+
+	init_lsa_StringLarge(lsa_name, description);
+
+	*r->out.returned_language_id = r->in.language_id;
+	*r->out.disp_name = lsa_name;
+
+	return NT_STATUS_OK;
 }
 
 /***************************************************************************
-_lsa_enum_accounts.
+ _lsa_EnumAccounts
  ***************************************************************************/
 
-NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENUM_ACCOUNTS *r_u)
+NTSTATUS _lsa_EnumAccounts(pipes_struct *p,
+			   struct lsa_EnumAccounts *r)
 {
 	struct lsa_info *handle;
 	DOM_SID *sid_list;
 	int i, j, num_entries;
-	LSA_SID_ENUM *sids=&r_u->sids;
-	NTSTATUS ret;
+	NTSTATUS status;
+	struct lsa_SidPtr *sids = NULL;
 
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle))
+	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
 		return NT_STATUS_INVALID_HANDLE;
 
-	if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+	if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
 		return NT_STATUS_ACCESS_DENIED;
 
 	sid_list = NULL;
@@ -1533,44 +1406,53 @@ NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENU
 	/* The only way we can currently find out all the SIDs that have been
 	   privileged is to scan all privileges */
 
-	if (!NT_STATUS_IS_OK(ret = privilege_enumerate_accounts(&sid_list, &num_entries))) {
-		return ret;
+	status = privilege_enumerate_accounts(&sid_list, &num_entries);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
 
-	if (q_u->enum_context >= num_entries)
+	if (*r->in.resume_handle >= num_entries) {
 		return NT_STATUS_NO_MORE_ENTRIES;
+	}
 
-	if (num_entries-q_u->enum_context) {
-		sids->ptr_sid = TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_entries-q_u->enum_context);
-		sids->sid = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_SID2, num_entries-q_u->enum_context);
-
-		if (sids->ptr_sid==NULL || sids->sid==NULL) {
+	if (num_entries - *r->in.resume_handle) {
+		sids = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_SidPtr,
+					 num_entries - *r->in.resume_handle);
+		if (!sids) {
 			SAFE_FREE(sid_list);
 			return NT_STATUS_NO_MEMORY;
 		}
 
-		for (i = q_u->enum_context, j = 0; i < num_entries; i++, j++) {
-			init_dom_sid2(&(*sids).sid[j], &sid_list[i]);
-			(*sids).ptr_sid[j] = 1;
+		for (i = *r->in.resume_handle, j = 0; i < num_entries; i++, j++) {
+			sids[j].sid = sid_dup_talloc(p->mem_ctx, &sid_list[i]);
+			if (!sids[j].sid) {
+				SAFE_FREE(sid_list);
+				return NT_STATUS_NO_MEMORY;
+			}
 		}
-	} else {
-		sids->ptr_sid = NULL;
-		sids->sid = NULL;
 	}
 
 	talloc_free(sid_list);
 
-	init_lsa_r_enum_accounts(r_u, num_entries);
+	*r->out.resume_handle = num_entries;
+	r->out.sids->num_sids = num_entries;
+	r->out.sids->sids = sids;
 
 	return NT_STATUS_OK;
 }
 
+/***************************************************************************
+ _lsa_GetUserName
+ ***************************************************************************/
 
-NTSTATUS _lsa_unk_get_connuser(pipes_struct *p, LSA_Q_UNK_GET_CONNUSER *q_u, LSA_R_UNK_GET_CONNUSER *r_u)
+NTSTATUS _lsa_GetUserName(pipes_struct *p,
+			  struct lsa_GetUserName *r)
 {
 	const char *username, *domname;
 	user_struct *vuser = get_valid_user_struct(p->vuid);
-  
+	struct lsa_String *account_name = NULL;
+	struct lsa_String *authority_name = NULL;
+
 	if (vuser == NULL)
 		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
 
@@ -1588,33 +1470,38 @@ NTSTATUS _lsa_unk_get_connuser(pipes_struct *p, LSA_Q_UNK_GET_CONNUSER *q_u, LSA
 		username = vuser->user.smb_name;
 		domname = vuser->user.domain;
 	}
-  
-	r_u->ptr_user_name = 1;
-	init_unistr2(&r_u->uni2_user_name, username, UNI_STR_TERMINATE);
-	init_uni_hdr(&r_u->hdr_user_name, &r_u->uni2_user_name);
 
-	r_u->unk1 = 1;
-  
-	r_u->ptr_dom_name = 1;
-	init_unistr2(&r_u->uni2_dom_name, domname,  UNI_STR_TERMINATE);
-	init_uni_hdr(&r_u->hdr_dom_name, &r_u->uni2_dom_name);
+	account_name = TALLOC_ZERO_P(p->mem_ctx, struct lsa_String);
+	if (!account_name) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
-	r_u->status = NT_STATUS_OK;
-  
-	return r_u->status;
+	authority_name = TALLOC_ZERO_P(p->mem_ctx, struct lsa_String);
+	if (!authority_name) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	init_lsa_String(account_name, username);
+	init_lsa_String(authority_name, domname);
+
+	*r->out.account_name = account_name;
+	*r->out.authority_name = authority_name;
+
+	return NT_STATUS_OK;
 }
 
 /***************************************************************************
- Lsa Create Account 
+ _lsa_CreateAccount
  ***************************************************************************/
 
-NTSTATUS _lsa_create_account(pipes_struct *p, LSA_Q_CREATEACCOUNT *q_u, LSA_R_CREATEACCOUNT *r_u)
+NTSTATUS _lsa_CreateAccount(pipes_struct *p,
+			    struct lsa_CreateAccount *r)
 {
 	struct lsa_info *handle;
 	struct lsa_info *info;
 
 	/* find the connection policy handle. */
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle))
+	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
 		return NT_STATUS_INVALID_HANDLE;
 
 	/* check if the user have enough rights */
@@ -1623,29 +1510,29 @@ NTSTATUS _lsa_create_account(pipes_struct *p, LSA_Q_CREATEACCOUNT *q_u, LSA_R_CR
 	 * I don't know if it's the right one. not documented.
 	 * but guessed with rpcclient.
 	 */
-	if (!(handle->access & POLICY_GET_PRIVATE_INFORMATION))
+	if (!(handle->access & LSA_POLICY_GET_PRIVATE_INFORMATION))
 		return NT_STATUS_ACCESS_DENIED;
 
-	/* check to see if the pipe_user is a Domain Admin since 
+	/* check to see if the pipe_user is a Domain Admin since
 	   account_pol.tdb was already opened as root, this is all we have */
-	   
+
 	if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
 		return NT_STATUS_ACCESS_DENIED;
-		
-	if ( is_privileged_sid( &q_u->sid.sid ) )
+
+	if ( is_privileged_sid( r->in.sid ) )
 		return NT_STATUS_OBJECT_NAME_COLLISION;
 
 	/* associate the user/group SID with the (unique) handle. */
-	
+
 	if ((info = SMB_MALLOC_P(struct lsa_info)) == NULL)
 		return NT_STATUS_NO_MEMORY;
 
 	ZERO_STRUCTP(info);
-	info->sid = q_u->sid.sid;
-	info->access = q_u->access;
+	info->sid = *r->in.sid;
+	info->access = r->in.access_mask;
 
 	/* get a (unique) handle.  open a policy on it. */
-	if (!create_policy_hnd(p, &r_u->pol, free_lsa_info, (void *)info))
+	if (!create_policy_hnd(p, r->out.acct_handle, free_lsa_info, (void *)info))
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 
 	return privilege_create_account( &info->sid );
@@ -1653,16 +1540,17 @@ NTSTATUS _lsa_create_account(pipes_struct *p, LSA_Q_CREATEACCOUNT *q_u, LSA_R_CR
 
 
 /***************************************************************************
- Lsa Open Account
+ _lsa_OpenAccount
  ***************************************************************************/
 
-NTSTATUS _lsa_open_account(pipes_struct *p, LSA_Q_OPENACCOUNT *q_u, LSA_R_OPENACCOUNT *r_u)
+NTSTATUS _lsa_OpenAccount(pipes_struct *p,
+			  struct lsa_OpenAccount *r)
 {
 	struct lsa_info *handle;
 	struct lsa_info *info;
 
 	/* find the connection policy handle. */
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle))
+	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
 		return NT_STATUS_INVALID_HANDLE;
 
 	/* check if the user have enough rights */
@@ -1671,7 +1559,7 @@ NTSTATUS _lsa_open_account(pipes_struct *p, LSA_Q_OPENACCOUNT *q_u, LSA_R_OPENAC
 	 * I don't know if it's the right one. not documented.
 	 * but guessed with rpcclient.
 	 */
-	if (!(handle->access & POLICY_GET_PRIVATE_INFORMATION))
+	if (!(handle->access & LSA_POLICY_GET_PRIVATE_INFORMATION))
 		return NT_STATUS_ACCESS_DENIED;
 
 	/* TODO: Fis the parsing routine before reenabling this check! */
@@ -1684,62 +1572,94 @@ NTSTATUS _lsa_open_account(pipes_struct *p, LSA_Q_OPENACCOUNT *q_u, LSA_R_OPENAC
 		return NT_STATUS_NO_MEMORY;
 
 	ZERO_STRUCTP(info);
-	info->sid = q_u->sid.sid;
-	info->access = q_u->access;
+	info->sid = *r->in.sid;
+	info->access = r->in.access_mask;
 
 	/* get a (unique) handle.  open a policy on it. */
-	if (!create_policy_hnd(p, &r_u->pol, free_lsa_info, (void *)info))
+	if (!create_policy_hnd(p, r->out.acct_handle, free_lsa_info, (void *)info))
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 
 	return NT_STATUS_OK;
 }
 
 /***************************************************************************
+ _lsa_EnumPrivsAccount
  For a given SID, enumerate all the privilege this account has.
  ***************************************************************************/
 
-NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, prs_struct *ps, LSA_Q_ENUMPRIVSACCOUNT *q_u, LSA_R_ENUMPRIVSACCOUNT *r_u)
+NTSTATUS _lsa_EnumPrivsAccount(pipes_struct *p,
+			       struct lsa_EnumPrivsAccount *r)
 {
+	NTSTATUS status = NT_STATUS_OK;
 	struct lsa_info *info=NULL;
 	SE_PRIV mask;
 	PRIVILEGE_SET privileges;
+	struct lsa_PrivilegeSet *priv_set = NULL;
+	struct lsa_LUIDAttribute *luid_attrs = NULL;
+	int i;
 
 	/* find the connection policy handle. */
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
-	if ( !get_privileges_for_sids( &mask, &info->sid, 1 ) ) 
+	if ( !get_privileges_for_sids( &mask, &info->sid, 1 ) )
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 
 	privilege_set_init( &privileges );
 
 	if ( se_priv_to_privilege_set( &privileges, &mask ) ) {
 
-		DEBUG(10,("_lsa_enum_privsaccount: %s has %d privileges\n",
+		DEBUG(10,("_lsa_EnumPrivsAccount: %s has %d privileges\n",
 			  sid_string_dbg(&info->sid),
 			  privileges.count));
 
-		r_u->status = init_lsa_r_enum_privsaccount(ps->mem_ctx, r_u, privileges.set, privileges.count, 0);
+		priv_set = TALLOC_ZERO_P(p->mem_ctx, struct lsa_PrivilegeSet);
+		if (!priv_set) {
+			status = NT_STATUS_NO_MEMORY;
+			goto done;
+		}
+
+		luid_attrs = TALLOC_ZERO_ARRAY(p->mem_ctx,
+					       struct lsa_LUIDAttribute,
+					       privileges.count);
+		if (!luid_attrs) {
+			status = NT_STATUS_NO_MEMORY;
+			goto done;
+		}
+
+		for (i=0; i<privileges.count; i++) {
+			luid_attrs[i].luid.low = privileges.set[i].luid.low;
+			luid_attrs[i].luid.high = privileges.set[i].luid.high;
+			luid_attrs[i].attribute = privileges.set[i].attr;
+		}
+
+		priv_set->count = privileges.count;
+		priv_set->unknown = 0;
+		priv_set->set = luid_attrs;
+
+		*r->out.privs = priv_set;
+	} else {
+		status = NT_STATUS_NO_SUCH_PRIVILEGE;
 	}
-	else
-		r_u->status = NT_STATUS_NO_SUCH_PRIVILEGE;
 
+ done:
 	privilege_set_free( &privileges );
 
-	return r_u->status;
+	return status;
 }
 
 /***************************************************************************
- 
+ _lsa_GetSystemAccessAccount
  ***************************************************************************/
 
-NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA_R_GETSYSTEMACCOUNT *r_u)
+NTSTATUS _lsa_GetSystemAccessAccount(pipes_struct *p,
+				     struct lsa_GetSystemAccessAccount *r)
 {
 	struct lsa_info *info=NULL;
 
 	/* find the connection policy handle. */
 
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
 	if (!lookup_sid(p->mem_ctx, &info->sid, NULL, NULL, NULL))
@@ -1750,11 +1670,11 @@ NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA
 	  0x02 -> Access this computer from network
 	  0x04 -> Log on as a batch job
 	  0x10 -> Log on as a service
-	  
+
 	  they can be ORed together
 	*/
 
-	r_u->access = PR_LOG_ON_LOCALLY | PR_ACCESS_FROM_NETWORK;
+	*r->out.access_mask = PR_LOG_ON_LOCALLY | PR_ACCESS_FROM_NETWORK;
 
 	return NT_STATUS_OK;
 }
@@ -1763,19 +1683,19 @@ NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA
   update the systemaccount information
  ***************************************************************************/
 
-NTSTATUS _lsa_setsystemaccount(pipes_struct *p, LSA_Q_SETSYSTEMACCOUNT *q_u, LSA_R_SETSYSTEMACCOUNT *r_u)
+NTSTATUS _lsa_SetSystemAccessAccount(pipes_struct *p,
+				     struct lsa_SetSystemAccessAccount *r)
 {
 	struct lsa_info *info=NULL;
 	GROUP_MAP map;
-	r_u->status = NT_STATUS_OK;
 
 	/* find the connection policy handle. */
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
-	/* check to see if the pipe_user is a Domain Admin since 
+	/* check to see if the pipe_user is a Domain Admin since
 	   account_pol.tdb was already opened as root, this is all we have */
-	   
+
 	if ( !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
 		return NT_STATUS_ACCESS_DENIED;
 
@@ -1786,35 +1706,36 @@ NTSTATUS _lsa_setsystemaccount(pipes_struct *p, LSA_Q_SETSYSTEMACCOUNT *q_u, LSA
 }
 
 /***************************************************************************
+ _lsa_AddPrivilegesToAccount
  For a given SID, add some privileges.
  ***************************************************************************/
 
-NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u)
+NTSTATUS _lsa_AddPrivilegesToAccount(pipes_struct *p,
+				     struct lsa_AddPrivilegesToAccount *r)
 {
 	struct lsa_info *info = NULL;
 	SE_PRIV mask;
-	PRIVILEGE_SET *set = NULL;
+	struct lsa_PrivilegeSet *set = NULL;
 
 	/* find the connection policy handle. */
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
-		
-	/* check to see if the pipe_user is root or a Domain Admin since 
+
+	/* check to see if the pipe_user is root or a Domain Admin since
 	   account_pol.tdb was already opened as root, this is all we have */
-	   
-	if ( p->pipe_user.ut.uid != sec_initial_uid() 
+
+	if ( p->pipe_user.ut.uid != sec_initial_uid()
 		&& !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
 	{
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	set = &q_u->set;
-
+	set = r->in.privs;
 	if ( !privilege_set_to_se_priv( &mask, set ) )
 		return NT_STATUS_NO_SUCH_PRIVILEGE;
 
 	if ( !grant_privilege( &info->sid, &mask ) ) {
-		DEBUG(3,("_lsa_addprivs: grant_privilege(%s) failed!\n",
+		DEBUG(3,("_lsa_AddPrivilegesToAccount: grant_privilege(%s) failed!\n",
 			 sid_string_dbg(&info->sid) ));
 		DEBUG(3,("Privilege mask:\n"));
 		dump_se_priv( DBGC_ALL, 3, &mask );
@@ -1825,35 +1746,37 @@ NTSTATUS _lsa_addprivs(pipes_struct *p, LSA_Q_ADDPRIVS *q_u, LSA_R_ADDPRIVS *r_u
 }
 
 /***************************************************************************
+ _lsa_RemovePrivilegesFromAccount
  For a given SID, remove some privileges.
  ***************************************************************************/
 
-NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEPRIVS *r_u)
+NTSTATUS _lsa_RemovePrivilegesFromAccount(pipes_struct *p,
+					  struct lsa_RemovePrivilegesFromAccount *r)
 {
 	struct lsa_info *info = NULL;
 	SE_PRIV mask;
-	PRIVILEGE_SET *set = NULL;
+	struct lsa_PrivilegeSet *set = NULL;
 
 	/* find the connection policy handle. */
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
-	/* check to see if the pipe_user is root or a Domain Admin since 
+	/* check to see if the pipe_user is root or a Domain Admin since
 	   account_pol.tdb was already opened as root, this is all we have */
-	   
+
 	if ( p->pipe_user.ut.uid != sec_initial_uid()
-		&& !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) 
+		&& !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
 	{
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	set = &q_u->set;
+	set = r->in.privs;
 
 	if ( !privilege_set_to_se_priv( &mask, set ) )
 		return NT_STATUS_NO_SUCH_PRIVILEGE;
 
 	if ( !revoke_privilege( &info->sid, &mask ) ) {
-		DEBUG(3,("_lsa_removeprivs: revoke_privilege(%s) failed!\n",
+		DEBUG(3,("_lsa_RemovePrivilegesFromAccount: revoke_privilege(%s) failed!\n",
 			 sid_string_dbg(&info->sid) ));
 		DEBUG(3,("Privilege mask:\n"));
 		dump_se_priv( DBGC_ALL, 3, &mask );
@@ -1864,28 +1787,27 @@ NTSTATUS _lsa_removeprivs(pipes_struct *p, LSA_Q_REMOVEPRIVS *q_u, LSA_R_REMOVEP
 }
 
 /***************************************************************************
- For a given SID, remove some privileges.
+ _lsa_QuerySecurity
  ***************************************************************************/
 
-NTSTATUS _lsa_query_secobj(pipes_struct *p, LSA_Q_QUERY_SEC_OBJ *q_u, LSA_R_QUERY_SEC_OBJ *r_u)
+NTSTATUS _lsa_QuerySecurity(pipes_struct *p,
+			    struct lsa_QuerySecurity *r)
 {
 	struct lsa_info *handle=NULL;
 	SEC_DESC *psd = NULL;
 	size_t sd_size;
 	NTSTATUS status;
 
-	r_u->status = NT_STATUS_OK;
-
 	/* find the connection policy handle. */
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle))
+	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&handle))
 		return NT_STATUS_INVALID_HANDLE;
 
 	/* check if the user have enough rights */
-	if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+	if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
 		return NT_STATUS_ACCESS_DENIED;
 
 
-	switch (q_u->sec_info) {
+	switch (r->in.sec_info) {
 	case 1:
 		/* SD contains only the owner */
 
@@ -1894,7 +1816,7 @@ NTSTATUS _lsa_query_secobj(pipes_struct *p, LSA_Q_QUERY_SEC_OBJ *q_u, LSA_R_QUER
 			return NT_STATUS_NO_MEMORY;
 
 
-		if((r_u->buf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL)
+		if((*r->out.sdbuf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL)
 			return NT_STATUS_NO_MEMORY;
 		break;
 	case 4:
@@ -1904,16 +1826,14 @@ NTSTATUS _lsa_query_secobj(pipes_struct *p, LSA_Q_QUERY_SEC_OBJ *q_u, LSA_R_QUER
 		if(!NT_STATUS_IS_OK(status))
 			return NT_STATUS_NO_MEMORY;
 
-		if((r_u->buf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL)
+		if((*r->out.sdbuf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL)
 			return NT_STATUS_NO_MEMORY;
 		break;
 	default:
 		return NT_STATUS_INVALID_LEVEL;
 	}
 
-	r_u->ptr=1;
-
-	return r_u->status;
+	return status;
 }
 
 #if 0 	/* AD DC work in ongoing in Samba 4 */
@@ -1921,7 +1841,7 @@ NTSTATUS _lsa_query_secobj(pipes_struct *p, LSA_Q_QUERY_SEC_OBJ *q_u, LSA_R_QUER
 /***************************************************************************
  ***************************************************************************/
 
-NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_INFO2 *r_u)
+ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_INFO2 *r_u)
 {
 	struct lsa_info *handle;
 	const char *nb_name;
@@ -1940,7 +1860,7 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I
 	switch (q_u->info_class) {
 	case 0x0c:
 		/* check if the user have enough rights */
-		if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
+		if (!(handle->access & LSA_POLICY_VIEW_LOCAL_INFORMATION))
 			return NT_STATUS_ACCESS_DENIED;
 
 		/* Request PolicyPrimaryDomainInformation. */
@@ -1966,7 +1886,7 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I
 			default:
 				return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
 		}
-		init_dns_dom_info(&r_u->info.dns_dom_info, nb_name, dns_name, 
+		init_dns_dom_info(&r_u->info.dns_dom_info, nb_name, dns_name,
 				  forest_name,&guid,sid);
 		break;
 	default:
@@ -1985,54 +1905,46 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I
 #endif	/* AD DC work in ongoing in Samba 4 */
 
 /***************************************************************************
+ _lsa_AddAccountRights
  ***************************************************************************/
 
-NTSTATUS _lsa_add_acct_rights(pipes_struct *p, LSA_Q_ADD_ACCT_RIGHTS *q_u, LSA_R_ADD_ACCT_RIGHTS *r_u)
+NTSTATUS _lsa_AddAccountRights(pipes_struct *p,
+			       struct lsa_AddAccountRights *r)
 {
 	struct lsa_info *info = NULL;
 	int i = 0;
 	DOM_SID sid;
-	fstring privname;
-	UNISTR4_ARRAY *uni_privnames = q_u->rights;
-	
 
 	/* find the connection policy handle. */
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
-		
-	/* check to see if the pipe_user is a Domain Admin since 
+
+	/* check to see if the pipe_user is a Domain Admin since
 	   account_pol.tdb was already opened as root, this is all we have */
-	   
+
 	if ( p->pipe_user.ut.uid != sec_initial_uid()
-		&& !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) 
+		&& !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
 	{
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
 	/* according to an NT4 PDC, you can add privileges to SIDs even without
 	   call_lsa_create_account() first.  And you can use any arbitrary SID. */
-	   
-	sid_copy( &sid, &q_u->sid.sid );
-	
-	/* just a little sanity check */
-	
-	if ( q_u->count != uni_privnames->count ) {
-		DEBUG(0,("_lsa_add_acct_rights: count != number of UNISTR2 elements!\n"));
-		return NT_STATUS_INVALID_HANDLE;	
-	}
-		
-	for ( i=0; i<q_u->count; i++ ) {
-		UNISTR4 *uni4_str = &uni_privnames->strings[i];
+
+	sid_copy( &sid, r->in.sid );
+
+	for ( i=0; i < r->in.rights->count; i++ ) {
+
+		const char *privname = r->in.rights->names[i].string;
 
 		/* only try to add non-null strings */
 
-		if ( !uni4_str->string )
+		if ( !privname )
 			continue;
 
-		rpcstr_pull( privname, uni4_str->string->buffer, sizeof(privname), -1, STR_TERMINATE );
-		
 		if ( !grant_privilege_by_name( &sid, privname ) ) {
-			DEBUG(2,("_lsa_add_acct_rights: Failed to add privilege [%s]\n", privname ));
+			DEBUG(2,("_lsa_AddAccountRights: Failed to add privilege [%s]\n",
+				privname ));
 			return NT_STATUS_NO_SUCH_PRIVILEGE;
 		}
 	}
@@ -2041,58 +1953,51 @@ NTSTATUS _lsa_add_acct_rights(pipes_struct *p, LSA_Q_ADD_ACCT_RIGHTS *q_u, LSA_R
 }
 
 /***************************************************************************
+ _lsa_RemoveAccountRights
  ***************************************************************************/
 
-NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u, LSA_R_REMOVE_ACCT_RIGHTS *r_u)
+NTSTATUS _lsa_RemoveAccountRights(pipes_struct *p,
+				  struct lsa_RemoveAccountRights *r)
 {
 	struct lsa_info *info = NULL;
 	int i = 0;
 	DOM_SID sid;
-	fstring privname;
-	UNISTR4_ARRAY *uni_privnames = q_u->rights;
-	
+	const char *privname = NULL;
 
 	/* find the connection policy handle. */
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
-		
-	/* check to see if the pipe_user is a Domain Admin since 
+
+	/* check to see if the pipe_user is a Domain Admin since
 	   account_pol.tdb was already opened as root, this is all we have */
-	   
+
 	if ( p->pipe_user.ut.uid != sec_initial_uid()
 		&& !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) )
 	{
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	sid_copy( &sid, &q_u->sid.sid );
+	sid_copy( &sid, r->in.sid );
 
-	if ( q_u->removeall ) {
-		if ( !revoke_all_privileges( &sid ) ) 
+	if ( r->in.remove_all ) {
+		if ( !revoke_all_privileges( &sid ) )
 			return NT_STATUS_ACCESS_DENIED;
-	
+
 		return NT_STATUS_OK;
 	}
-	
-	/* just a little sanity check */
-	
-	if ( q_u->count != uni_privnames->count ) {
-		DEBUG(0,("_lsa_add_acct_rights: count != number of UNISTR2 elements!\n"));
-		return NT_STATUS_INVALID_HANDLE;	
-	}
-		
-	for ( i=0; i<q_u->count; i++ ) {
-		UNISTR4 *uni4_str = &uni_privnames->strings[i];
+
+	for ( i=0; i < r->in.rights->count; i++ ) {
+
+		privname = r->in.rights->names[i].string;
 
 		/* only try to add non-null strings */
 
-		if ( !uni4_str->string )
+		if ( !privname )
 			continue;
 
-		rpcstr_pull( privname, uni4_str->string->buffer, sizeof(privname), -1, STR_TERMINATE );
-		
 		if ( !revoke_privilege_by_name( &sid, privname ) ) {
-			DEBUG(2,("_lsa_remove_acct_rights: Failed to revoke privilege [%s]\n", privname ));
+			DEBUG(2,("_lsa_RemoveAccountRights: Failed to revoke privilege [%s]\n",
+				privname ));
 			return NT_STATUS_NO_SUCH_PRIVILEGE;
 		}
 	}
@@ -2100,28 +2005,70 @@ NTSTATUS _lsa_remove_acct_rights(pipes_struct *p, LSA_Q_REMOVE_ACCT_RIGHTS *q_u,
 	return NT_STATUS_OK;
 }
 
+/*******************************************************************
+********************************************************************/
+
+static NTSTATUS init_lsa_right_set(TALLOC_CTX *mem_ctx,
+				   struct lsa_RightSet *r,
+				   PRIVILEGE_SET *privileges)
+{
+	uint32 i;
+	const char *privname;
+	const char **privname_array = NULL;
+	int num_priv = 0;
+
+	for (i=0; i<privileges->count; i++) {
+
+		privname = luid_to_privilege_name(&privileges->set[i].luid);
+		if (privname) {
+			if (!add_string_to_array(mem_ctx, privname,
+						 &privname_array, &num_priv)) {
+				return NT_STATUS_NO_MEMORY;
+			}
+		}
+	}
+
+	if (num_priv) {
+
+		r->names = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_StringLarge,
+					     num_priv);
+		if (!r->names) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		for (i=0; i<num_priv; i++) {
+			init_lsa_StringLarge(&r->names[i], privname_array[i]);
+		}
+
+		r->count = num_priv;
+	}
+
+	return NT_STATUS_OK;
+}
 
 /***************************************************************************
+ _lsa_EnumAccountRights
  ***************************************************************************/
 
-NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA_R_ENUM_ACCT_RIGHTS *r_u)
+NTSTATUS _lsa_EnumAccountRights(pipes_struct *p,
+				struct lsa_EnumAccountRights *r)
 {
+	NTSTATUS status;
 	struct lsa_info *info = NULL;
 	DOM_SID sid;
 	PRIVILEGE_SET privileges;
 	SE_PRIV mask;
-	
 
 	/* find the connection policy handle. */
-	
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+
+	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
-		
+
 	/* according to an NT4 PDC, you can add privileges to SIDs even without
 	   call_lsa_create_account() first.  And you can use any arbitrary SID. */
-	   
-	sid_copy( &sid, &q_u->sid.sid );
-	
+
+	sid_copy( &sid, r->in.sid );
+
 	if ( !get_privileges_for_sids( &mask, &sid, 1 ) )
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 
@@ -2129,37 +2076,38 @@ NTSTATUS _lsa_enum_acct_rights(pipes_struct *p, LSA_Q_ENUM_ACCT_RIGHTS *q_u, LSA
 
 	if ( se_priv_to_privilege_set( &privileges, &mask ) ) {
 
-		DEBUG(10,("_lsa_enum_acct_rights: %s has %d privileges\n",
+		DEBUG(10,("_lsa_EnumAccountRights: %s has %d privileges\n",
 			  sid_string_dbg(&sid), privileges.count));
 
-		r_u->status = init_r_enum_acct_rights( r_u, &privileges );
+		status = init_lsa_right_set(p->mem_ctx, r->out.rights, &privileges);
+	} else {
+		status = NT_STATUS_NO_SUCH_PRIVILEGE;
 	}
-	else 
-		r_u->status = NT_STATUS_NO_SUCH_PRIVILEGE;
 
 	privilege_set_free( &privileges );
 
-	return r_u->status;
+	return status;
 }
 
-
 /***************************************************************************
+ _lsa_LookupPrivValue
  ***************************************************************************/
 
-NTSTATUS _lsa_lookup_priv_value(pipes_struct *p, LSA_Q_LOOKUP_PRIV_VALUE *q_u, LSA_R_LOOKUP_PRIV_VALUE *r_u)
+NTSTATUS _lsa_LookupPrivValue(pipes_struct *p,
+			      struct lsa_LookupPrivValue *r)
 {
 	struct lsa_info *info = NULL;
-	fstring name;
+	const char *name = NULL;
 	LUID_ATTR priv_luid;
 	SE_PRIV mask;
-	
+
 	/* find the connection policy handle. */
-	
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+
+	if (!find_policy_by_hnd(p, r->in.handle, (void **)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
-		
-	unistr2_to_ascii(name, &q_u->privname.unistring, sizeof(name));
-	
+
+	name = r->in.name->string;
+
 	DEBUG(10,("_lsa_lookup_priv_value: name = %s\n", name));
 
 	if ( !se_priv_from_name( name, &mask ) )
@@ -2167,19 +2115,17 @@ NTSTATUS _lsa_lookup_priv_value(pipes_struct *p, LSA_Q_LOOKUP_PRIV_VALUE *q_u, L
 
 	priv_luid = get_privilege_luid( &mask );
 
-	r_u->luid.low  = priv_luid.luid.low;
-	r_u->luid.high = priv_luid.luid.high;
-		
+	r->out.luid->low = priv_luid.luid.low;
+	r->out.luid->high = priv_luid.luid.high;
 
 	return NT_STATUS_OK;
 }
 
-
 /*
  * From here on the server routines are just dummy ones to make smbd link with
  * librpc/gen_ndr/srv_lsa.c. These routines are actually never called, we are
  * pulling the server stubs across one by one.
- */ 
+ */
 
 NTSTATUS _lsa_Delete(pipes_struct *p, struct lsa_Delete *r)
 {
@@ -2187,18 +2133,6 @@ NTSTATUS _lsa_Delete(pipes_struct *p, struct lsa_Delete *r)
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
 
-NTSTATUS _lsa_EnumPrivs(pipes_struct *p, struct lsa_EnumPrivs *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_QuerySecurity(pipes_struct *p, struct lsa_QuerySecurity *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
 NTSTATUS _lsa_SetSecObj(pipes_struct *p, struct lsa_SetSecObj *r)
 {
 	p->rng_fault_state = True;
@@ -2211,18 +2145,6 @@ NTSTATUS _lsa_ChangePassword(pipes_struct *p, struct lsa_ChangePassword *r)
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
 
-NTSTATUS _lsa_OpenPolicy(pipes_struct *p, struct lsa_OpenPolicy *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_QueryInfoPolicy(pipes_struct *p, struct lsa_QueryInfoPolicy *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
 NTSTATUS _lsa_SetInfoPolicy(pipes_struct *p, struct lsa_SetInfoPolicy *r)
 {
 	p->rng_fault_state = True;
@@ -2235,60 +2157,6 @@ NTSTATUS _lsa_ClearAuditLog(pipes_struct *p, struct lsa_ClearAuditLog *r)
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
 
-NTSTATUS _lsa_CreateAccount(pipes_struct *p, struct lsa_CreateAccount *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_EnumAccounts(pipes_struct *p, struct lsa_EnumAccounts *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_EnumTrustDom(pipes_struct *p, struct lsa_EnumTrustDom *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_LookupNames(pipes_struct *p, struct lsa_LookupNames *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_LookupSids(pipes_struct *p, struct lsa_LookupSids *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_OpenAccount(pipes_struct *p, struct lsa_OpenAccount *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_EnumPrivsAccount(pipes_struct *p, struct lsa_EnumPrivsAccount *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_AddPrivilegesToAccount(pipes_struct *p, struct lsa_AddPrivilegesToAccount *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_RemovePrivilegesFromAccount(pipes_struct *p, struct lsa_RemovePrivilegesFromAccount *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
 NTSTATUS _lsa_GetQuotasForAccount(pipes_struct *p, struct lsa_GetQuotasForAccount *r)
 {
 	p->rng_fault_state = True;
@@ -2301,18 +2169,6 @@ NTSTATUS _lsa_SetQuotasForAccount(pipes_struct *p, struct lsa_SetQuotasForAccoun
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
 
-NTSTATUS _lsa_GetSystemAccessAccount(pipes_struct *p, struct lsa_GetSystemAccessAccount *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_SetSystemAccessAccount(pipes_struct *p, struct lsa_SetSystemAccessAccount *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
 NTSTATUS _lsa_QueryTrustedDomainInfo(pipes_struct *p, struct lsa_QueryTrustedDomainInfo *r)
 {
 	p->rng_fault_state = True;
@@ -2331,54 +2187,18 @@ NTSTATUS _lsa_QuerySecret(pipes_struct *p, struct lsa_QuerySecret *r)
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
 
-NTSTATUS _lsa_LookupPrivValue(pipes_struct *p, struct lsa_LookupPrivValue *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
 NTSTATUS _lsa_LookupPrivName(pipes_struct *p, struct lsa_LookupPrivName *r)
 {
 	p->rng_fault_state = True;
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
 
-NTSTATUS _lsa_LookupPrivDisplayName(pipes_struct *p, struct lsa_LookupPrivDisplayName *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_DeleteObject(pipes_struct *p, struct lsa_DeleteObject *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
 NTSTATUS _lsa_EnumAccountsWithUserRight(pipes_struct *p, struct lsa_EnumAccountsWithUserRight *r)
 {
 	p->rng_fault_state = True;
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
 
-NTSTATUS _lsa_EnumAccountRights(pipes_struct *p, struct lsa_EnumAccountRights *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_AddAccountRights(pipes_struct *p, struct lsa_AddAccountRights *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_RemoveAccountRights(pipes_struct *p, struct lsa_RemoveAccountRights *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
 NTSTATUS _lsa_QueryTrustedDomainInfoBySid(pipes_struct *p, struct lsa_QueryTrustedDomainInfoBySid *r)
 {
 	p->rng_fault_state = True;
@@ -2409,18 +2229,6 @@ NTSTATUS _lsa_RetrievePrivateData(pipes_struct *p, struct lsa_RetrievePrivateDat
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
 
-NTSTATUS _lsa_OpenPolicy2(pipes_struct *p, struct lsa_OpenPolicy2 *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_GetUserName(pipes_struct *p, struct lsa_GetUserName *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
 NTSTATUS _lsa_QueryInfoPolicy2(pipes_struct *p, struct lsa_QueryInfoPolicy2 *r)
 {
 	p->rng_fault_state = True;
@@ -2487,18 +2295,6 @@ NTSTATUS _lsa_TestCall(pipes_struct *p, struct lsa_TestCall *r)
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
 
-NTSTATUS _lsa_LookupSids2(pipes_struct *p, struct lsa_LookupSids2 *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_LookupNames2(pipes_struct *p, struct lsa_LookupNames2 *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
 NTSTATUS _lsa_CreateTrustedDomainEx2(pipes_struct *p, struct lsa_CreateTrustedDomainEx2 *r)
 {
 	p->rng_fault_state = True;
@@ -2553,12 +2349,6 @@ NTSTATUS _lsa_CREDRPROFILELOADED(pipes_struct *p, struct lsa_CREDRPROFILELOADED
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
 
-NTSTATUS _lsa_LookupNames3(pipes_struct *p, struct lsa_LookupNames3 *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
 NTSTATUS _lsa_CREDRGETSESSIONTYPES(pipes_struct *p, struct lsa_CREDRGETSESSIONTYPES *r)
 {
 	p->rng_fault_state = True;
@@ -2583,7 +2373,7 @@ NTSTATUS _lsa_LSARUNREGISTERAUDITEVENT(pipes_struct *p, struct lsa_LSARUNREGISTE
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
 
-NTSTATUS _lsa_LSARQUERYFORESTTRUSTINFORMATION(pipes_struct *p, struct lsa_LSARQUERYFORESTTRUSTINFORMATION *r)
+NTSTATUS _lsa_lsaRQueryForestTrustInformation(pipes_struct *p, struct lsa_lsaRQueryForestTrustInformation *r)
 {
 	p->rng_fault_state = True;
 	return NT_STATUS_NOT_IMPLEMENTED;
@@ -2601,18 +2391,6 @@ NTSTATUS _lsa_CREDRRENAME(pipes_struct *p, struct lsa_CREDRRENAME *r)
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
 
-NTSTATUS _lsa_LookupSids3(pipes_struct *p, struct lsa_LookupSids3 *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-NTSTATUS _lsa_LookupNames4(pipes_struct *p, struct lsa_LookupNames4 *r)
-{
-	p->rng_fault_state = True;
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
 NTSTATUS _lsa_LSAROPENPOLICYSCE(pipes_struct *p, struct lsa_LSAROPENPOLICYSCE *r)
 {
 	p->rng_fault_state = True;
diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c
deleted file mode 100644
index 6d9859a9ae..0000000000
--- a/source3/rpc_server/srv_netlog.c
+++ /dev/null
@@ -1,405 +0,0 @@
-/* 
- *  Unix SMB/CIFS implementation.
- *  RPC Pipe client / server routines
- *  Copyright (C) Andrew Tridgell              1992-1997,
- *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
- *  Copyright (C) Paul Ashton                       1997,
- *  Copyright (C) Jeremy Allison               1998-2001,
- *  Copyright (C) Jim McDonough <jmcd@us.ibm.com>   2003.
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 3 of the License, or
- *  (at your option) any later version.
- *  
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *  
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/* This is the interface to the netlogon pipe. */
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_RPC_SRV
-
-/*************************************************************************
- api_net_req_chal:
- *************************************************************************/
-
-static bool api_net_req_chal(pipes_struct *p)
-{
-	NET_Q_REQ_CHAL q_u;
-	NET_R_REQ_CHAL r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the challenge... */
-	if(!net_io_q_req_chal("", &q_u, data, 0)) {
-		DEBUG(0,("api_net_req_chal: Failed to unmarshall NET_Q_REQ_CHAL.\n"));
-		return False;
-	}
-
-	r_u.status = _net_req_chal(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!net_io_r_req_chal("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_net_req_chal: Failed to marshall NET_R_REQ_CHAL.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*************************************************************************
- api_net_auth:
- *************************************************************************/
-
-static bool api_net_auth(pipes_struct *p)
-{
-	NET_Q_AUTH q_u;
-	NET_R_AUTH r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the challenge... */
-	if(!net_io_q_auth("", &q_u, data, 0)) {
-		DEBUG(0,("api_net_auth: Failed to unmarshall NET_Q_AUTH.\n"));
-		return False;
-	}
-
-	r_u.status = _net_auth(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!net_io_r_auth("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_net_auth: Failed to marshall NET_R_AUTH.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*************************************************************************
- api_net_auth_2:
- *************************************************************************/
-
-static bool api_net_auth_2(pipes_struct *p)
-{
-	NET_Q_AUTH_2 q_u;
-	NET_R_AUTH_2 r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the challenge... */
-	if(!net_io_q_auth_2("", &q_u, data, 0)) {
-		DEBUG(0,("api_net_auth_2: Failed to unmarshall NET_Q_AUTH_2.\n"));
-		return False;
-	}
-
-	r_u.status = _net_auth_2(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!net_io_r_auth_2("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_net_auth_2: Failed to marshall NET_R_AUTH_2.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*************************************************************************
- api_net_srv_pwset:
- *************************************************************************/
-
-static bool api_net_srv_pwset(pipes_struct *p)
-{
-	NET_Q_SRV_PWSET q_u;
-	NET_R_SRV_PWSET r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the challenge and encrypted password ... */
-	if(!net_io_q_srv_pwset("", &q_u, data, 0)) {
-		DEBUG(0,("api_net_srv_pwset: Failed to unmarshall NET_Q_SRV_PWSET.\n"));
-		return False;
-	}
-
-	r_u.status = _net_srv_pwset(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!net_io_r_srv_pwset("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_net_srv_pwset: Failed to marshall NET_R_SRV_PWSET.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*************************************************************************
- api_net_sam_logoff:
- *************************************************************************/
-
-static bool api_net_sam_logoff(pipes_struct *p)
-{
-	NET_Q_SAM_LOGOFF q_u;
-	NET_R_SAM_LOGOFF r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!net_io_q_sam_logoff("", &q_u, data, 0)) {
-		DEBUG(0,("api_net_sam_logoff: Failed to unmarshall NET_Q_SAM_LOGOFF.\n"));
-		return False;
-	}
-
-	r_u.status = _net_sam_logoff(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!net_io_r_sam_logoff("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_net_sam_logoff: Failed to marshall NET_R_SAM_LOGOFF.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*************************************************************************
- api_net_sam_logon:
- *************************************************************************/
-
-static bool api_net_sam_logon(pipes_struct *p)
-{
-	NET_Q_SAM_LOGON q_u;
-	NET_R_SAM_LOGON r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-    
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!net_io_q_sam_logon("", &q_u, data, 0)) {
-		DEBUG(0, ("api_net_sam_logon: Failed to unmarshall NET_Q_SAM_LOGON.\n"));
-		return False;
-	}
-   
-	r_u.status = _net_sam_logon(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!net_io_r_sam_logon("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*************************************************************************
- api_net_trust_dom_list:
- *************************************************************************/
-
-static bool api_net_trust_dom_list(pipes_struct *p)
-{
-	NET_Q_TRUST_DOM_LIST q_u;
-	NET_R_TRUST_DOM_LIST r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the lsa trusted domain list query... */
-	if(!net_io_q_trust_dom("", &q_u, data, 0)) {
-		DEBUG(0,("api_net_trust_dom_list: Failed to unmarshall NET_Q_TRUST_DOM_LIST.\n"));
-		return False;
-	}
-
-	/* construct reply. */
-	r_u.status = _net_trust_dom_list(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!net_io_r_trust_dom("", &r_u, rdata, 0)) {
-		DEBUG(0,("net_reply_trust_dom_list: Failed to marshall NET_R_TRUST_DOM_LIST.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*************************************************************************
- api_net_logon_ctrl2:
- *************************************************************************/
-
-static bool api_net_logon_ctrl2(pipes_struct *p)
-{
-	NET_Q_LOGON_CTRL2 q_u;
-	NET_R_LOGON_CTRL2 r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-
-	/* grab the lsa netlogon ctrl2 query... */
-	if(!net_io_q_logon_ctrl2("", &q_u, data, 0)) {
-		DEBUG(0,("api_net_logon_ctrl2: Failed to unmarshall NET_Q_LOGON_CTRL2.\n"));
-		return False;
-	}
-
-	r_u.status = _net_logon_ctrl2(p, &q_u, &r_u);
-
-	if(!net_io_r_logon_ctrl2("", &r_u, rdata, 0)) {
-		DEBUG(0,("net_reply_logon_ctrl2: Failed to marshall NET_R_LOGON_CTRL2.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*************************************************************************
- api_net_logon_ctrl:
- *************************************************************************/
-
-static bool api_net_logon_ctrl(pipes_struct *p)
-{
-	NET_Q_LOGON_CTRL q_u;
-	NET_R_LOGON_CTRL r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the lsa netlogon ctrl query... */
-	if(!net_io_q_logon_ctrl("", &q_u, data, 0)) {
-		DEBUG(0,("api_net_logon_ctrl: Failed to unmarshall NET_Q_LOGON_CTRL.\n"));
-		return False;
-	}
-
-	r_u.status = _net_logon_ctrl(p, &q_u, &r_u);
-
-	if(!net_io_r_logon_ctrl("", &r_u, rdata, 0)) {
-		DEBUG(0,("net_reply_logon_ctrl2: Failed to marshall NET_R_LOGON_CTRL.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*************************************************************************
- api_net_sam_logon_ex:
- *************************************************************************/
-
-static bool api_net_sam_logon_ex(pipes_struct *p)
-{
-	NET_Q_SAM_LOGON_EX q_u;
-	NET_R_SAM_LOGON_EX r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-    
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!net_io_q_sam_logon_ex("", &q_u, data, 0)) {
-		DEBUG(0, ("api_net_sam_logon_ex: Failed to unmarshall NET_Q_SAM_LOGON_EX.\n"));
-		return False;
-	}
-   
-	r_u.status = _net_sam_logon_ex(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!net_io_r_sam_logon_ex("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_net_sam_logon_ex: Failed to marshall NET_R_SAM_LOGON_EX.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-
-/*************************************************************************
- api_ds_enum_dom_trusts:
- *************************************************************************/
-
-#if 0 	/* JERRY */
-static bool api_ds_enum_dom_trusts(pipes_struct *p)
-{
-	DS_Q_ENUM_DOM_TRUSTS q_u;
-	DS_R_ENUM_DOM_TRUSTS r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	DEBUG(6,("api_ds_enum_dom_trusts\n"));
-
-	if ( !ds_io_q_enum_domain_trusts("", data, 0, &q_u) ) {
-		DEBUG(0,("api_ds_enum_domain_trusts: Failed to unmarshall DS_Q_ENUM_DOM_TRUSTS.\n"));
-		return False;
-	}
-
-	r_u.status = _ds_enum_dom_trusts(p, &q_u, &r_u);
-
-	if ( !ds_io_r_enum_domain_trusts("", rdata, 0, &r_u) ) {
-		DEBUG(0,("api_ds_enum_domain_trusts: Failed to marshall DS_R_ENUM_DOM_TRUSTS.\n"));
-		return False;
-	}
-
-	DEBUG(6,("api_ds_enum_dom_trusts\n"));
-
-	return True;
-}
-#endif	/* JERRY */
-
-/*******************************************************************
- array of \PIPE\NETLOGON operations
- ********************************************************************/
-static struct api_struct api_net_cmds [] =
-    {
-      { "NET_REQCHAL"       , NET_REQCHAL       , api_net_req_chal       }, 
-      { "NET_AUTH"          , NET_AUTH          , api_net_auth           }, 
-      { "NET_AUTH2"         , NET_AUTH2         , api_net_auth_2         }, 
-      { "NET_SRVPWSET"      , NET_SRVPWSET      , api_net_srv_pwset      }, 
-      { "NET_SAMLOGON"      , NET_SAMLOGON      , api_net_sam_logon      }, 
-      { "NET_SAMLOGOFF"     , NET_SAMLOGOFF     , api_net_sam_logoff     }, 
-      { "NET_LOGON_CTRL2"   , NET_LOGON_CTRL2   , api_net_logon_ctrl2    }, 
-      { "NET_TRUST_DOM_LIST", NET_TRUST_DOM_LIST, api_net_trust_dom_list },
-      { "NET_LOGON_CTRL"    , NET_LOGON_CTRL    , api_net_logon_ctrl     },
-      { "NET_SAMLOGON_EX"   , NET_SAMLOGON_EX   , api_net_sam_logon_ex   },
-#if 0	/* JERRY */
-      { "DS_ENUM_DOM_TRUSTS", DS_ENUM_DOM_TRUSTS, api_ds_enum_dom_trusts }
-#endif	/* JERRY */
-    };
-
-void netlog_get_pipe_fns( struct api_struct **fns, int *n_fns )
-{
-	*fns = api_net_cmds;
-	*n_fns = sizeof(api_net_cmds) / sizeof(struct api_struct);
-}
-
-NTSTATUS rpc_net_init(void)
-{
-  return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "NETLOGON", "lsass", api_net_cmds,
-				    sizeof(api_net_cmds) / sizeof(struct api_struct));
-}
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 218ce73444..5b26f55845 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -1,4 +1,4 @@
-/* 
+/*
  *  Unix SMB/CIFS implementation.
  *  RPC Pipe client / server routines
  *  Copyright (C) Andrew Tridgell              1992-1997,
@@ -6,17 +6,18 @@
  *  Copyright (C) Paul Ashton                       1997.
  *  Copyright (C) Jeremy Allison               1998-2001.
  *  Copyright (C) Andrew Bartlett                   2001.
+ *  Copyright (C) Guenther Deschner		    2008.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
  *  the Free Software Foundation; either version 3 of the License, or
  *  (at your option) any later version.
- *  
+ *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
- *  
+ *
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  */
@@ -34,38 +35,83 @@ extern userdom_struct current_user_info;
  init_net_r_req_chal:
  *************************************************************************/
 
-static void init_net_r_req_chal(NET_R_REQ_CHAL *r_c,
-                                DOM_CHAL *srv_chal, NTSTATUS status)
+static void init_net_r_req_chal(struct netr_Credential *r,
+				struct netr_Credential *srv_chal)
 {
 	DEBUG(6,("init_net_r_req_chal: %d\n", __LINE__));
-	memcpy(r_c->srv_chal.data, srv_chal->data, sizeof(srv_chal->data));
-	r_c->status = status;
+
+	memcpy(r->data, srv_chal->data, sizeof(r->data));
 }
 
-/*************************************************************************
- error messages cropping up when using nltest.exe...
- *************************************************************************/
+/*******************************************************************
+ Inits a netr_NETLOGON_INFO_1 structure.
+********************************************************************/
+
+static void init_netlogon_info1(struct netr_NETLOGON_INFO_1 *r,
+				uint32_t flags,
+				uint32_t pdc_connection_status)
+{
+	r->flags = flags;
+	r->pdc_connection_status = pdc_connection_status;
+}
 
-#define ERROR_NO_SUCH_DOMAIN   0x54b
-#define ERROR_NO_LOGON_SERVERS 0x51f
-#define NO_ERROR               0x0
+/*******************************************************************
+ Inits a netr_NETLOGON_INFO_2 structure.
+********************************************************************/
+
+static void init_netlogon_info2(struct netr_NETLOGON_INFO_2 *r,
+				uint32_t flags,
+				uint32_t pdc_connection_status,
+				const char *trusted_dc_name,
+				uint32_t tc_connection_status)
+{
+	r->flags = flags;
+	r->pdc_connection_status = pdc_connection_status;
+	r->trusted_dc_name = trusted_dc_name;
+	r->tc_connection_status = tc_connection_status;
+}
+
+/*******************************************************************
+ Inits a netr_NETLOGON_INFO_3 structure.
+********************************************************************/
+
+static void init_netlogon_info3(struct netr_NETLOGON_INFO_3 *r,
+				uint32_t flags,
+				uint32_t logon_attempts)
+{
+	r->flags = flags;
+	r->logon_attempts = logon_attempts;
+}
 
 /*************************************************************************
- net_reply_logon_ctrl:
+ _netr_LogonControl
  *************************************************************************/
 
-NTSTATUS _net_logon_ctrl(pipes_struct *p, NET_Q_LOGON_CTRL *q_u, 
-		       NET_R_LOGON_CTRL *r_u)
+WERROR _netr_LogonControl(pipes_struct *p,
+			  struct netr_LogonControl *r)
 {
-	uint32 flags = 0x0;
-	uint32 pdc_connection_status = 0x00; /* Maybe a win32 error code? */
-	
+	struct netr_NETLOGON_INFO_1 *info1;
+	uint32_t flags = 0x0;
+	uint32_t pdc_connection_status = W_ERROR_V(WERR_OK);
+
 	/* Setup the Logon Control response */
 
-	init_net_r_logon_ctrl(r_u, q_u->query_level, flags, 
-			      pdc_connection_status);
+	switch (r->in.level) {
+		case 1:
+			info1 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_1);
+			if (!info1) {
+				return WERR_NOMEM;
+			}
+			init_netlogon_info1(info1,
+					    flags,
+					    pdc_connection_status);
+			r->out.info->info1 = info1;
+			break;
+		default:
+			return WERR_UNKNOWN_LEVEL;
+	}
 
-	return r_u->status;
+	return WERR_OK;
 }
 
 /****************************************************************************
@@ -80,129 +126,153 @@ static void send_sync_message(void)
 }
 
 /*************************************************************************
- net_reply_logon_ctrl2:
+ _netr_LogonControl2
  *************************************************************************/
 
-NTSTATUS _net_logon_ctrl2(pipes_struct *p, NET_Q_LOGON_CTRL2 *q_u, NET_R_LOGON_CTRL2 *r_u)
+WERROR _netr_LogonControl2(pipes_struct *p,
+			   struct netr_LogonControl2 *r)
 {
         uint32 flags = 0x0;
         uint32 pdc_connection_status = 0x0;
         uint32 logon_attempts = 0x0;
         uint32 tc_status;
-	fstring servername, domain, dc_name, dc_name2;
+	fstring dc_name, dc_name2;
 	struct sockaddr_storage dc_ss;
+	const char *domain = NULL;
+	struct netr_NETLOGON_INFO_1 *info1;
+	struct netr_NETLOGON_INFO_2 *info2;
+	struct netr_NETLOGON_INFO_3 *info3;
 
-	/* this should be \\global_myname() */
-	unistr2_to_ascii(servername, &q_u->uni_server_name, sizeof(servername));
-
-	r_u->status = NT_STATUS_OK;
-	
-	tc_status = ERROR_NO_SUCH_DOMAIN;
+	tc_status = W_ERROR_V(WERR_NO_SUCH_DOMAIN);
 	fstrcpy( dc_name, "" );
-	
-	switch ( q_u->function_code ) {
+
+	switch (r->in.function_code) {
 		case NETLOGON_CONTROL_TC_QUERY:
-			unistr2_to_ascii(domain, &q_u->info.info6.domain, sizeof(domain));
-				
+			domain = r->in.data->domain;
+
 			if ( !is_trusted_domain( domain ) )
 				break;
-				
+
 			if ( !get_dc_name( domain, NULL, dc_name2, &dc_ss ) ) {
-				tc_status = ERROR_NO_LOGON_SERVERS;
+				tc_status = W_ERROR_V(WERR_NO_LOGON_SERVERS);
 				break;
 			}
 
 			fstr_sprintf( dc_name, "\\\\%s", dc_name2 );
-				
-			tc_status = NO_ERROR;
-			
+
+			tc_status = W_ERROR_V(WERR_OK);
+
 			break;
-			
+
 		case NETLOGON_CONTROL_REDISCOVER:
-			unistr2_to_ascii(domain, &q_u->info.info6.domain, sizeof(domain));
-				
+			domain = r->in.data->domain;
+
 			if ( !is_trusted_domain( domain ) )
 				break;
-				
+
 			if ( !get_dc_name( domain, NULL, dc_name2, &dc_ss ) ) {
-				tc_status = ERROR_NO_LOGON_SERVERS;
+				tc_status = W_ERROR_V(WERR_NO_LOGON_SERVERS);
 				break;
 			}
 
 			fstr_sprintf( dc_name, "\\\\%s", dc_name2 );
-				
-			tc_status = NO_ERROR;
-			
+
+			tc_status = W_ERROR_V(WERR_OK);
+
 			break;
-			
+
 		default:
 			/* no idea what this should be */
-			DEBUG(0,("_net_logon_ctrl2: unimplemented function level [%d]\n",
-				q_u->function_code));
+			DEBUG(0,("_netr_LogonControl2: unimplemented function level [%d]\n",
+				r->in.function_code));
+			return WERR_UNKNOWN_LEVEL;
 	}
-	
+
 	/* prepare the response */
-	
-	init_net_r_logon_ctrl2( r_u, q_u->query_level, flags, 
-		pdc_connection_status, logon_attempts, tc_status, dc_name );
 
-        if (lp_server_role() == ROLE_DOMAIN_BDC)
+	switch (r->in.level) {
+		case 1:
+			info1 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_1);
+			W_ERROR_HAVE_NO_MEMORY(info1);
+
+			init_netlogon_info1(info1,
+					    flags,
+					    pdc_connection_status);
+			r->out.query->info1 = info1;
+			break;
+		case 2:
+			info2 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_2);
+			W_ERROR_HAVE_NO_MEMORY(info2);
+
+			init_netlogon_info2(info2,
+					    flags,
+					    pdc_connection_status,
+					    dc_name,
+					    tc_status);
+			r->out.query->info2 = info2;
+			break;
+		case 3:
+			info3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_NETLOGON_INFO_3);
+			W_ERROR_HAVE_NO_MEMORY(info3);
+
+			init_netlogon_info3(info3,
+					    flags,
+					    logon_attempts);
+			r->out.query->info3 = info3;
+			break;
+		default:
+			return WERR_UNKNOWN_LEVEL;
+	}
+
+        if (lp_server_role() == ROLE_DOMAIN_BDC) {
                 send_sync_message();
+	}
 
-	return r_u->status;
+	return WERR_OK;
 }
 
 /*************************************************************************
- net_reply_trust_dom_list:
+ _netr_NetrEnumerateTrustedDomains
  *************************************************************************/
 
-NTSTATUS _net_trust_dom_list(pipes_struct *p, NET_Q_TRUST_DOM_LIST *q_u, NET_R_TRUST_DOM_LIST *r_u)
+WERROR _netr_NetrEnumerateTrustedDomains(pipes_struct *p,
+					 struct netr_NetrEnumerateTrustedDomains *r)
 {
-	const char *trusted_domain = "test_domain";
-	uint32 num_trust_domains = 1;
+	struct netr_Blob trusted_domains_blob;
+	DATA_BLOB blob;
 
-	DEBUG(6,("_net_trust_dom_list: %d\n", __LINE__));
+	DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
 
 	/* set up the Trusted Domain List response */
-	init_r_trust_dom(r_u, num_trust_domains, trusted_domain);
-
-	DEBUG(6,("_net_trust_dom_list: %d\n", __LINE__));
-
-	return r_u->status;
-}
 
-/***********************************************************************************
- init_net_r_srv_pwset:
- ***********************************************************************************/
+	blob = data_blob_talloc_zero(p->mem_ctx, 2);
+	trusted_domains_blob.data = blob.data;
+	trusted_domains_blob.length = blob.length;
 
-static void init_net_r_srv_pwset(NET_R_SRV_PWSET *r_s,
-				 DOM_CRED *srv_cred, NTSTATUS status)  
-{
-	DEBUG(5,("init_net_r_srv_pwset: %d\n", __LINE__));
+	DEBUG(6,("_netr_NetrEnumerateTrustedDomains: %d\n", __LINE__));
 
-	memcpy(&r_s->srv_cred, srv_cred, sizeof(r_s->srv_cred));
-	r_s->status = status;
+	*r->out.trusted_domains_blob = trusted_domains_blob;
 
-	DEBUG(5,("init_net_r_srv_pwset: %d\n", __LINE__));
+	return WERR_OK;
 }
 
 /******************************************************************
  gets a machine password entry.  checks access rights of the host.
  ******************************************************************/
 
-static NTSTATUS get_md4pw(char *md4pw, char *mach_acct, uint16 sec_chan_type)
+static NTSTATUS get_md4pw(char *md4pw, const char *mach_acct, uint16 sec_chan_type)
 {
 	struct samu *sampass = NULL;
 	const uint8 *pass;
 	bool ret;
 	uint32 acct_ctrl;
-	
+
 #if 0
 	char addr[INET6_ADDRSTRLEN];
 
     /*
      * Currently this code is redundent as we already have a filter
-     * by hostname list. What this code really needs to do is to 
+     * by hostname list. What this code really needs to do is to
      * get a hosts allowed/hosts denied list from the SAM database
      * on a per user basis, and make the access decision there.
      * I will leave this code here for now as a reminder to implement
@@ -225,7 +295,7 @@ static NTSTATUS get_md4pw(char *md4pw, char *mach_acct, uint16 sec_chan_type)
 	become_root();
 	ret = pdb_getsampwnam(sampass, mach_acct);
 	unbecome_root();
- 
+
  	if (!ret) {
  		DEBUG(0,("get_md4pw: Workstation %s: no account in domain\n", mach_acct));
 		TALLOC_FREE(sampass);
@@ -241,7 +311,7 @@ static NTSTATUS get_md4pw(char *md4pw, char *mach_acct, uint16 sec_chan_type)
 
 	if (!(acct_ctrl & ACB_SVRTRUST) &&
 	    !(acct_ctrl & ACB_WSTRUST) &&
-	    !(acct_ctrl & ACB_DOMTRUST)) 
+	    !(acct_ctrl & ACB_DOMTRUST))
 	{
 		DEBUG(0,("get_md4pw: Workstation %s: account is not a trust account\n", mach_acct));
 		TALLOC_FREE(sampass);
@@ -287,17 +357,18 @@ static NTSTATUS get_md4pw(char *md4pw, char *mach_acct, uint16 sec_chan_type)
 	dump_data(5, (uint8 *)md4pw, 16);
 
 	TALLOC_FREE(sampass);
-	
+
 	return NT_STATUS_OK;
- 	
+
 
 }
 
 /*************************************************************************
- _net_req_chal
+ _netr_ServerReqChallenge
  *************************************************************************/
 
-NTSTATUS _net_req_chal(pipes_struct *p, NET_Q_REQ_CHAL *q_u, NET_R_REQ_CHAL *r_u)
+NTSTATUS _netr_ServerReqChallenge(pipes_struct *p,
+				  struct netr_ServerReqChallenge *r)
 {
 	if (!p->dc) {
 		p->dc = TALLOC_ZERO_P(p->pipe_state_mem_ctx, struct dcinfo);
@@ -305,65 +376,53 @@ NTSTATUS _net_req_chal(pipes_struct *p, NET_Q_REQ_CHAL *q_u, NET_R_REQ_CHAL *r_u
 			return NT_STATUS_NO_MEMORY;
 		}
 	} else {
-		DEBUG(10,("_net_req_chal: new challenge requested. Clearing old state.\n"));
+		DEBUG(10,("_netr_ServerReqChallenge: new challenge requested. Clearing old state.\n"));
 		ZERO_STRUCTP(p->dc);
 	}
 
-	rpcstr_pull(p->dc->remote_machine,
-			q_u->uni_logon_clnt.buffer,
-			sizeof(fstring),q_u->uni_logon_clnt.uni_str_len*2,0);
+	fstrcpy(p->dc->remote_machine, r->in.computer_name);
 
 	/* Save the client challenge to the server. */
-	memcpy(p->dc->clnt_chal.data, q_u->clnt_chal.data, sizeof(q_u->clnt_chal.data));
+	memcpy(p->dc->clnt_chal.data, r->in.credentials->data,
+		sizeof(r->in.credentials->data));
 
 	/* Create a server challenge for the client */
 	/* Set this to a random value. */
 	generate_random_buffer(p->dc->srv_chal.data, 8);
-	
+
 	/* set up the LSA REQUEST CHALLENGE response */
-	init_net_r_req_chal(r_u, &p->dc->srv_chal, NT_STATUS_OK);
-	
+	init_net_r_req_chal(r->out.return_credentials, &p->dc->srv_chal);
+
 	p->dc->challenge_sent = True;
 
 	return NT_STATUS_OK;
 }
 
 /*************************************************************************
- init_net_r_auth:
+ _netr_ServerAuthenticate
+ Create the initial credentials.
  *************************************************************************/
 
-static void init_net_r_auth(NET_R_AUTH *r_a, DOM_CHAL *resp_cred, NTSTATUS status)
-{
-	memcpy(r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data));
-	r_a->status = status;
-}
-
-/*************************************************************************
- _net_auth. Create the initial credentials.
- *************************************************************************/
-
-NTSTATUS _net_auth(pipes_struct *p, NET_Q_AUTH *q_u, NET_R_AUTH *r_u)
+NTSTATUS _netr_ServerAuthenticate(pipes_struct *p,
+				  struct netr_ServerAuthenticate *r)
 {
 	NTSTATUS status;
-	fstring mach_acct;
-	fstring remote_machine;
-	DOM_CHAL srv_chal_out;
+	struct netr_Credential srv_chal_out;
 
 	if (!p->dc || !p->dc->challenge_sent) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	rpcstr_pull(mach_acct, q_u->clnt_id.uni_acct_name.buffer,sizeof(fstring),
-				q_u->clnt_id.uni_acct_name.uni_str_len*2,0);
-	rpcstr_pull(remote_machine, q_u->clnt_id.uni_comp_name.buffer,sizeof(fstring),
-				q_u->clnt_id.uni_comp_name.uni_str_len*2,0);
-
-	status = get_md4pw((char *)p->dc->mach_pw, mach_acct, q_u->clnt_id.sec_chan);
+	status = get_md4pw((char *)p->dc->mach_pw,
+			   r->in.account_name,
+			   r->in.secure_channel_type);
 	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(0,("_net_auth: creds_server_check failed. Failed to "
+		DEBUG(0,("_netr_ServerAuthenticate: get_md4pw failed. Failed to "
 			"get password for machine account %s "
 			"from client %s: %s\n",
-			mach_acct, remote_machine, nt_errstr(status) ));
+			r->in.account_name,
+			r->in.computer_name,
+			nt_errstr(status) ));
 		/* always return NT_STATUS_ACCESS_DENIED */
 		return NT_STATUS_ACCESS_DENIED;
 	}
@@ -374,110 +433,101 @@ NTSTATUS _net_auth(pipes_struct *p, NET_Q_AUTH *q_u, NET_R_AUTH *r_u)
 			&p->dc->clnt_chal,	/* Stored client chal. */
 			&p->dc->srv_chal,	/* Stored server chal. */
 			p->dc->mach_pw,
-			&srv_chal_out);	
+			&srv_chal_out);
 
 	/* Check client credentials are valid. */
-	if (!creds_server_check(p->dc, &q_u->clnt_chal)) {
-		DEBUG(0,("_net_auth: creds_server_check failed. Rejecting auth "
+	if (!netlogon_creds_server_check(p->dc, r->in.credentials)) {
+		DEBUG(0,("_netr_ServerAuthenticate: netlogon_creds_server_check failed. Rejecting auth "
 			"request from client %s machine account %s\n",
-			remote_machine, mach_acct ));
+			r->in.computer_name,
+			r->in.account_name));
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	fstrcpy(p->dc->mach_acct, mach_acct);
-	fstrcpy(p->dc->remote_machine, remote_machine);
+	fstrcpy(p->dc->mach_acct, r->in.account_name);
+	fstrcpy(p->dc->remote_machine, r->in.computer_name);
 	p->dc->authenticated = True;
 
 	/* set up the LSA AUTH response */
 	/* Return the server credentials. */
-	init_net_r_auth(r_u, &srv_chal_out, NT_STATUS_OK);
 
-	return r_u->status;
-}
+	memcpy(r->out.return_credentials->data, &srv_chal_out.data,
+	       sizeof(r->out.return_credentials->data));
 
-/*************************************************************************
- init_net_r_auth_2:
- *************************************************************************/
-
-static void init_net_r_auth_2(NET_R_AUTH_2 *r_a,
-                              DOM_CHAL *resp_cred, NEG_FLAGS *flgs, NTSTATUS status)
-{
-	memcpy(r_a->srv_chal.data, resp_cred->data, sizeof(resp_cred->data));
-	memcpy(&r_a->srv_flgs, flgs, sizeof(r_a->srv_flgs));
-	r_a->status = status;
+	return NT_STATUS_OK;
 }
 
 /*************************************************************************
- _net_auth_2
+ _netr_ServerAuthenticate2
  *************************************************************************/
 
-NTSTATUS _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u)
+NTSTATUS _netr_ServerAuthenticate2(pipes_struct *p,
+				   struct netr_ServerAuthenticate2 *r)
 {
 	NTSTATUS status;
-	NEG_FLAGS srv_flgs;
-	fstring mach_acct;
-	fstring remote_machine;
-	DOM_CHAL srv_chal_out;
-
-	rpcstr_pull(mach_acct, q_u->clnt_id.uni_acct_name.buffer,sizeof(fstring),
-				q_u->clnt_id.uni_acct_name.uni_str_len*2,0);
+	uint32_t srv_flgs;
+	struct netr_Credential srv_chal_out;
 
-	/* We use this as the key to store the creds. */
-	rpcstr_pull(remote_machine, q_u->clnt_id.uni_comp_name.buffer,sizeof(fstring),
-				q_u->clnt_id.uni_comp_name.uni_str_len*2,0);
+	/* We use this as the key to store the creds: */
+	/* r->in.computer_name */
 
 	if (!p->dc || !p->dc->challenge_sent) {
-		DEBUG(0,("_net_auth2: no challenge sent to client %s\n",
-			remote_machine ));
+		DEBUG(0,("_netr_ServerAuthenticate2: no challenge sent to client %s\n",
+			r->in.computer_name));
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	if ( (lp_server_schannel() == True) &&
-	     ((q_u->clnt_flgs.neg_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
+	if ( (lp_server_schannel() == true) &&
+	     ((*r->in.negotiate_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
 
 		/* schannel must be used, but client did not offer it. */
-		DEBUG(0,("_net_auth2: schannel required but client failed "
+		DEBUG(0,("_netr_ServerAuthenticate2: schannel required but client failed "
 			"to offer it. Client was %s\n",
-			mach_acct ));
+			r->in.account_name));
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	status = get_md4pw((char *)p->dc->mach_pw, mach_acct, q_u->clnt_id.sec_chan);
+	status = get_md4pw((char *)p->dc->mach_pw,
+			   r->in.account_name,
+			   r->in.secure_channel_type);
 	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(0,("_net_auth2: failed to get machine password for "
+		DEBUG(0,("_netr_ServerAuthenticate2: failed to get machine password for "
 			"account %s: %s\n",
-			mach_acct, nt_errstr(status) ));
+			r->in.account_name, nt_errstr(status) ));
 		/* always return NT_STATUS_ACCESS_DENIED */
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
 	/* From the client / server challenges and md4 password, generate sess key */
-	creds_server_init(q_u->clnt_flgs.neg_flags,
+	creds_server_init(*r->in.negotiate_flags,
 			p->dc,
 			&p->dc->clnt_chal,	/* Stored client chal. */
 			&p->dc->srv_chal,	/* Stored server chal. */
 			p->dc->mach_pw,
-			&srv_chal_out);	
+			&srv_chal_out);
 
 	/* Check client credentials are valid. */
-	if (!creds_server_check(p->dc, &q_u->clnt_chal)) {
-		DEBUG(0,("_net_auth2: creds_server_check failed. Rejecting auth "
+	if (!netlogon_creds_server_check(p->dc, r->in.credentials)) {
+		DEBUG(0,("_netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth "
 			"request from client %s machine account %s\n",
-			remote_machine, mach_acct ));
+			r->in.computer_name,
+			r->in.account_name));
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	srv_flgs.neg_flags = 0x000001ff;
+	srv_flgs = 0x000001ff;
 
-	if (lp_server_schannel() != False) {
-		srv_flgs.neg_flags |= NETLOGON_NEG_SCHANNEL;
+	if (lp_server_schannel() != false) {
+		srv_flgs |= NETLOGON_NEG_SCHANNEL;
 	}
 
 	/* set up the LSA AUTH 2 response */
-	init_net_r_auth_2(r_u, &srv_chal_out, &srv_flgs, NT_STATUS_OK);
+	memcpy(r->out.return_credentials->data, &srv_chal_out.data,
+	       sizeof(r->out.return_credentials->data));
+	*r->out.negotiate_flags = srv_flgs;
 
-	fstrcpy(p->dc->mach_acct, mach_acct);
-	fstrcpy(p->dc->remote_machine, remote_machine);
+	fstrcpy(p->dc->mach_acct, r->in.account_name);
+	fstrcpy(p->dc->remote_machine, r->in.computer_name);
 	fstrcpy(p->dc->domain, lp_workgroup() );
 
 	p->dc->authenticated = True;
@@ -485,39 +535,40 @@ NTSTATUS _net_auth_2(pipes_struct *p, NET_Q_AUTH_2 *q_u, NET_R_AUTH_2 *r_u)
 	/* Store off the state so we can continue after client disconnect. */
 	become_root();
 	secrets_store_schannel_session_info(p->mem_ctx,
-					remote_machine,
-					p->dc);
+					    r->in.computer_name,
+					    p->dc);
 	unbecome_root();
 
-	return r_u->status;
+	return NT_STATUS_OK;
 }
 
 /*************************************************************************
- _net_srv_pwset
+ _netr_ServerPasswordSet
  *************************************************************************/
 
-NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *r_u)
+NTSTATUS _netr_ServerPasswordSet(pipes_struct *p,
+				 struct netr_ServerPasswordSet *r)
 {
+	NTSTATUS status = NT_STATUS_OK;
 	fstring remote_machine;
 	struct samu *sampass=NULL;
 	bool ret = False;
 	unsigned char pwd[16];
 	int i;
 	uint32 acct_ctrl;
-	DOM_CRED cred_out;
+	struct netr_Authenticator cred_out;
 	const uchar *old_pw;
 
-	DEBUG(5,("_net_srv_pwset: %d\n", __LINE__));
+	DEBUG(5,("_netr_ServerPasswordSet: %d\n", __LINE__));
 
 	/* We need the remote machine name for the creds lookup. */
-	rpcstr_pull(remote_machine,q_u->clnt_id.login.uni_comp_name.buffer,
-		    sizeof(remote_machine),q_u->clnt_id.login.uni_comp_name.uni_str_len*2,0);
+	fstrcpy(remote_machine, r->in.computer_name);
 
 	if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
 		/* 'server schannel = yes' should enforce use of
 		   schannel, the client did offer it in auth2, but
 		   obviously did not use it. */
-		DEBUG(0,("_net_srv_pwset: client %s not using schannel for netlogon\n",
+		DEBUG(0,("_netr_ServerPasswordSet: client %s not using schannel for netlogon\n",
 			remote_machine ));
 		return NT_STATUS_ACCESS_DENIED;
 	}
@@ -538,12 +589,12 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
 		return NT_STATUS_INVALID_HANDLE;
 	}
 
-	DEBUG(3,("_net_srv_pwset: Server Password Set by remote machine:[%s] on account [%s]\n",
+	DEBUG(3,("_netr_ServerPasswordSet: Server Password Set by remote machine:[%s] on account [%s]\n",
 			remote_machine, p->dc->mach_acct));
-	
+
 	/* Step the creds chain forward. */
-	if (!creds_server_step(p->dc, &q_u->clnt_id.cred, &cred_out)) {
-		DEBUG(2,("_net_srv_pwset: creds_server_step failed. Rejecting auth "
+	if (!netlogon_creds_server_step(p->dc, r->in.credential, &cred_out)) {
+		DEBUG(2,("_netr_ServerPasswordSet: netlogon_creds_server_step failed. Rejecting auth "
 			"request from client %s machine account %s\n",
 			remote_machine, p->dc->mach_acct ));
 		return NT_STATUS_INVALID_PARAMETER;
@@ -568,7 +619,7 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
 	}
 
 	/* Ensure the account exists and is a machine account. */
-	
+
 	acct_ctrl = pdb_get_acct_ctrl(sampass);
 
 	if (!(acct_ctrl & ACB_WSTRUST ||
@@ -577,16 +628,16 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
 		TALLOC_FREE(sampass);
 		return NT_STATUS_NO_SUCH_USER;
 	}
-	
+
 	if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
 		TALLOC_FREE(sampass);
 		return NT_STATUS_ACCOUNT_DISABLED;
 	}
 
 	/* Woah - what does this to to the credential chain ? JRA */
-	cred_hash3( pwd, q_u->pwd, p->dc->sess_key, 0);
+	cred_hash3(pwd, r->in.new_password->hash, p->dc->sess_key, 0);
 
-	DEBUG(100,("Server password set : new given value was :\n"));
+	DEBUG(100,("_netr_ServerPasswordSet: new given value was :\n"));
 	for(i = 0; i < sizeof(pwd); i++)
 		DEBUG(100,("%02X ", pwd[i]));
 	DEBUG(100,("\n"));
@@ -594,7 +645,7 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
 	old_pw = pdb_get_nt_passwd(sampass);
 
 	if (old_pw && memcmp(pwd, old_pw, 16) == 0) {
-		/* Avoid backend modificiations and other fun if the 
+		/* Avoid backend modificiations and other fun if the
 		   client changed the password to the *same thing* */
 
 		ret = True;
@@ -605,43 +656,44 @@ NTSTATUS _net_srv_pwset(pipes_struct *p, NET_Q_SRV_PWSET *q_u, NET_R_SRV_PWSET *
 			TALLOC_FREE(sampass);
 			return NT_STATUS_NO_MEMORY;
 		}
-		
+
 		if (!pdb_set_nt_passwd(sampass, pwd, PDB_CHANGED)) {
 			TALLOC_FREE(sampass);
 			return NT_STATUS_NO_MEMORY;
 		}
-		
+
 		if (!pdb_set_pass_last_set_time(sampass, time(NULL), PDB_CHANGED)) {
 			TALLOC_FREE(sampass);
 			/* Not quite sure what this one qualifies as, but this will do */
-			return NT_STATUS_UNSUCCESSFUL; 
+			return NT_STATUS_UNSUCCESSFUL;
 		}
-		
+
 		become_root();
-		r_u->status = pdb_update_sam_account(sampass);
+		status = pdb_update_sam_account(sampass);
 		unbecome_root();
 	}
 
 	/* set up the LSA Server Password Set response */
-	init_net_r_srv_pwset(r_u, &cred_out, r_u->status);
+
+	memcpy(r->out.return_authenticator, &cred_out,
+	       sizeof(r->out.return_authenticator));
 
 	TALLOC_FREE(sampass);
-	return r_u->status;
+	return status;
 }
 
 /*************************************************************************
- _net_sam_logoff:
+ _netr_LogonSamLogoff
  *************************************************************************/
 
-NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOFF *r_u)
+NTSTATUS _netr_LogonSamLogoff(pipes_struct *p,
+			      struct netr_LogonSamLogoff *r)
 {
-	fstring remote_machine;
-
 	if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
 		/* 'server schannel = yes' should enforce use of
 		   schannel, the client did offer it in auth2, but
 		   obviously did not use it. */
-		DEBUG(0,("_net_sam_logoff: client %s not using schannel for netlogon\n",
+		DEBUG(0,("_netr_LogonSamLogoff: client %s not using schannel for netlogon\n",
 			get_remote_machine_name() ));
 		return NT_STATUS_ACCESS_DENIED;
 	}
@@ -650,9 +702,8 @@ NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOF
 	if (!get_valid_user_struct(p->vuid))
 		return NT_STATUS_NO_SUCH_USER;
 
-	/* Get the remote machine name for the creds store. */
-	rpcstr_pull(remote_machine,q_u->sam_id.client.login.uni_comp_name.buffer,
-		    sizeof(remote_machine),q_u->sam_id.client.login.uni_comp_name.uni_str_len*2,0);
+	/* Using the remote machine name for the creds store: */
+	/* r->in.computer_name */
 
 	if (!p->dc) {
 		/* Restore the saved state of the netlogon creds. */
@@ -660,8 +711,8 @@ NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOF
 
 		become_root();
 		ret = secrets_restore_schannel_session_info(p->pipe_state_mem_ctx,
-						remote_machine,
-						&p->dc);
+							    r->in.computer_name,
+							    &p->dc);
 		unbecome_root();
 		if (!ret) {
 			return NT_STATUS_INVALID_HANDLE;
@@ -672,25 +723,22 @@ NTSTATUS _net_sam_logoff(pipes_struct *p, NET_Q_SAM_LOGOFF *q_u, NET_R_SAM_LOGOF
 		return NT_STATUS_INVALID_HANDLE;
 	}
 
-	r_u->buffer_creds = 1; /* yes, we have valid server credentials */
-
 	/* checks and updates credentials.  creates reply credentials */
-	if (!creds_server_step(p->dc, &q_u->sam_id.client.cred, &r_u->srv_creds)) {
-		DEBUG(2,("_net_sam_logoff: creds_server_step failed. Rejecting auth "
+	if (!netlogon_creds_server_step(p->dc, r->in.credential, r->out.return_authenticator)) {
+		DEBUG(2,("_netr_LogonSamLogoff: netlogon_creds_server_step failed. Rejecting auth "
 			"request from client %s machine account %s\n",
-			remote_machine, p->dc->mach_acct ));
+			r->in.computer_name, p->dc->mach_acct ));
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
 	/* We must store the creds state after an update. */
 	become_root();
 	secrets_store_schannel_session_info(p->pipe_state_mem_ctx,
-					remote_machine,
-					p->dc);
+					    r->in.computer_name,
+					    p->dc);
 	unbecome_root();
 
-	r_u->status = NT_STATUS_OK;
-	return r_u->status;
+	return NT_STATUS_OK;
 }
 
 /*******************************************************************
@@ -701,7 +749,7 @@ static NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx,
 				       const DOM_SID *domain_sid,
 				       size_t num_sids,
 				       const DOM_SID *sids,
-				       int *numgroups, DOM_GID **pgids) 
+				       int *numgroups, DOM_GID **pgids)
 {
 	int i;
 
@@ -724,53 +772,54 @@ static NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx,
 }
 
 /*************************************************************************
- _net_sam_logon
+ _netr_LogonSamLogon
  *************************************************************************/
 
-static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
-					NET_Q_SAM_LOGON *q_u,
-					NET_R_SAM_LOGON *r_u,
-					bool process_creds)
+NTSTATUS _netr_LogonSamLogon(pipes_struct *p,
+			     struct netr_LogonSamLogon *r)
 {
 	NTSTATUS status = NT_STATUS_OK;
-	NET_USER_INFO_3 *usr_info = NULL;
-	NET_ID_INFO_CTR *ctr = q_u->sam_id.ctr;
-	UNISTR2 *uni_samlogon_user = NULL;
-	UNISTR2 *uni_samlogon_domain = NULL;
-	UNISTR2 *uni_samlogon_workstation = NULL;
+	struct netr_SamInfo3 *sam3 = NULL;
+	union netr_LogonLevel *logon = r->in.logon;
 	fstring nt_username, nt_domain, nt_workstation;
 	auth_usersupplied_info *user_info = NULL;
 	auth_serversupplied_info *server_info = NULL;
 	struct samu *sampw;
 	struct auth_context *auth_context = NULL;
-	 
+	bool process_creds = true;
+
+	switch (p->hdr_req.opnum) {
+		case NDR_NETR_LOGONSAMLOGON:
+			process_creds = true;
+			break;
+		case NDR_NETR_LOGONSAMLOGONEX:
+		default:
+			process_creds = false;
+	}
+
 	if ( (lp_server_schannel() == True) && (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) ) {
 		/* 'server schannel = yes' should enforce use of
 		   schannel, the client did offer it in auth2, but
 		   obviously did not use it. */
-		DEBUG(0,("_net_sam_logon_internal: client %s not using schannel for netlogon\n",
+		DEBUG(0,("_netr_LogonSamLogon: client %s not using schannel for netlogon\n",
 			get_remote_machine_name() ));
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	usr_info = TALLOC_P(p->mem_ctx, NET_USER_INFO_3);
-	if (!usr_info) {
+	sam3 = TALLOC_ZERO_P(p->mem_ctx, struct netr_SamInfo3);
+	if (!sam3) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	ZERO_STRUCTP(usr_info);
-
  	/* store the user information, if there is any. */
-	r_u->user = usr_info;
-	r_u->auth_resp = 1; /* authoritative response */
-	if (q_u->validation_level != 2 && q_u->validation_level != 3) {
-		DEBUG(0,("_net_sam_logon: bad validation_level value %d.\n", (int)q_u->validation_level ));
+	r->out.validation->sam3 = sam3;
+	*r->out.authoritative = true; /* authoritative response */
+	if (r->in.validation_level != 2 && r->in.validation_level != 3) {
+		DEBUG(0,("_netr_LogonSamLogon: bad validation_level value %d.\n",
+			(int)r->in.validation_level));
 		return NT_STATUS_ACCESS_DENIED;
 	}
-	/* We handle the return of USER_INFO_2 instead of 3 in the parse return. Sucks, I know... */
-	r_u->switch_value = q_u->validation_level; /* indicates type of validation user info */
-	r_u->buffer_creds = 1; /* Ensure we always return server creds. */
- 
+
 	if (!get_valid_user_struct(p->vuid))
 		return NT_STATUS_NO_SUCH_USER;
 
@@ -781,8 +830,8 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
 		/* Note this is the remote machine this request is coming from (member server),
 		   not neccessarily the workstation name the user is logging onto.
 		*/
-		rpcstr_pull(remote_machine,q_u->sam_id.client.login.uni_comp_name.buffer,
-		    sizeof(remote_machine),q_u->sam_id.client.login.uni_comp_name.uni_str_len*2,0);
+
+		fstrcpy(remote_machine, r->in.computer_name);
 
 		if (!p->dc) {
 			/* Restore the saved state of the netlogon creds. */
@@ -803,8 +852,8 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
 		}
 
 		/* checks and updates credentials.  creates reply credentials */
-		if (!creds_server_step(p->dc, &q_u->sam_id.client.cred,  &r_u->srv_creds)) {
-			DEBUG(2,("_net_sam_logon: creds_server_step failed. Rejecting auth "
+		if (!netlogon_creds_server_step(p->dc, r->in.credential,  r->out.return_authenticator)) {
+			DEBUG(2,("_netr_LogonSamLogon: creds_server_step failed. Rejecting auth "
 				"request from client %s machine account %s\n",
 				remote_machine, p->dc->mach_acct ));
 			return NT_STATUS_INVALID_PARAMETER;
@@ -818,20 +867,25 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
 		unbecome_root();
 	}
 
-	switch (q_u->sam_id.logon_level) {
+	switch (r->in.logon_level) {
 	case INTERACTIVE_LOGON_TYPE:
-		uni_samlogon_user = &ctr->auth.id1.uni_user_name;
- 		uni_samlogon_domain = &ctr->auth.id1.uni_domain_name;
+		fstrcpy(nt_username,
+			logon->password->identity_info.account_name.string);
+		fstrcpy(nt_domain,
+			logon->password->identity_info.domain_name.string);
+		fstrcpy(nt_workstation,
+			logon->password->identity_info.workstation.string);
 
-                uni_samlogon_workstation = &ctr->auth.id1.uni_wksta_name;
-            
 		DEBUG(3,("SAM Logon (Interactive). Domain:[%s].  ", lp_workgroup()));
 		break;
 	case NET_LOGON_TYPE:
-		uni_samlogon_user = &ctr->auth.id2.uni_user_name;
-		uni_samlogon_domain = &ctr->auth.id2.uni_domain_name;
-		uni_samlogon_workstation = &ctr->auth.id2.uni_wksta_name;
-            
+		fstrcpy(nt_username,
+			logon->network->identity_info.account_name.string);
+		fstrcpy(nt_domain,
+			logon->network->identity_info.domain_name.string);
+		fstrcpy(nt_workstation,
+			logon->network->identity_info.workstation.string);
+
 		DEBUG(3,("SAM Logon (Network). Domain:[%s].  ", lp_workgroup()));
 		break;
 	default:
@@ -839,24 +893,23 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
 		return NT_STATUS_INVALID_INFO_CLASS;
 	} /* end switch */
 
-	rpcstr_pull(nt_username,uni_samlogon_user->buffer,sizeof(nt_username),uni_samlogon_user->uni_str_len*2,0);
-	rpcstr_pull(nt_domain,uni_samlogon_domain->buffer,sizeof(nt_domain),uni_samlogon_domain->uni_str_len*2,0);
-	rpcstr_pull(nt_workstation,uni_samlogon_workstation->buffer,sizeof(nt_workstation),uni_samlogon_workstation->uni_str_len*2,0);
-
 	DEBUG(3,("User:[%s@%s] Requested Domain:[%s]\n", nt_username, nt_workstation, nt_domain));
 	fstrcpy(current_user_info.smb_name, nt_username);
 	sub_set_smb_name(nt_username);
-     
-	DEBUG(5,("Attempting validation level %d for unmapped username %s.\n", q_u->sam_id.ctr->switch_value, nt_username));
+
+	DEBUG(5,("Attempting validation level %d for unmapped username %s.\n",
+		r->in.validation_level, nt_username));
 
 	status = NT_STATUS_OK;
-	
-	switch (ctr->switch_value) {
+
+	switch (r->in.logon_level) {
 	case NET_LOGON_TYPE:
 	{
 		const char *wksname = nt_workstation;
-		
-		if (!NT_STATUS_IS_OK(status = make_auth_context_fixed(&auth_context, ctr->auth.id2.lm_chal))) {
+
+		status = make_auth_context_fixed(&auth_context,
+						 logon->network->challenge);
+		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}
 
@@ -867,16 +920,16 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
 		if (*wksname == '\\') wksname++;
 
 		/* Standard challenge/response authenticaion */
-		if (!make_user_info_netlogon_network(&user_info, 
-						     nt_username, nt_domain, 
+		if (!make_user_info_netlogon_network(&user_info,
+						     nt_username, nt_domain,
 						     wksname,
-						     ctr->auth.id2.param_ctrl,
-						     ctr->auth.id2.lm_chal_resp.buffer,
-						     ctr->auth.id2.lm_chal_resp.str_str_len,
-						     ctr->auth.id2.nt_chal_resp.buffer,
-						     ctr->auth.id2.nt_chal_resp.str_str_len)) {
+						     logon->network->identity_info.parameter_control,
+						     logon->network->lm.data,
+						     logon->network->lm.length,
+						     logon->network->nt.data,
+						     logon->network->nt.length)) {
 			status = NT_STATUS_NO_MEMORY;
-		}	
+		}
 		break;
 	}
 	case INTERACTIVE_LOGON_TYPE:
@@ -886,20 +939,20 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
 		   on */
 	{
 		const uint8 *chal;
-		
+
 		if (!NT_STATUS_IS_OK(status = make_auth_context_subsystem(&auth_context))) {
 			return status;
 		}
-		
+
 		chal = auth_context->get_ntlm_challenge(auth_context);
 
-		if (!make_user_info_netlogon_interactive(&user_info, 
-							 nt_username, nt_domain, 
-							 nt_workstation, 
-							 ctr->auth.id1.param_ctrl,
+		if (!make_user_info_netlogon_interactive(&user_info,
+							 nt_username, nt_domain,
+							 nt_workstation,
+							 logon->password->identity_info.parameter_control,
 							 chal,
-							 ctr->auth.id1.lm_owf.data, 
-							 ctr->auth.id1.nt_owf.data, 
+							 logon->password->lmpassword.hash,
+							 logon->password->ntpassword.hash,
 							 p->dc->sess_key)) {
 			status = NT_STATUS_NO_MEMORY;
 		}
@@ -909,29 +962,29 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
 		DEBUG(2,("SAM Logon: unsupported switch value\n"));
 		return NT_STATUS_INVALID_INFO_CLASS;
 	} /* end switch */
-	
+
 	if ( NT_STATUS_IS_OK(status) ) {
-		status = auth_context->check_ntlm_password(auth_context, 
+		status = auth_context->check_ntlm_password(auth_context,
 			user_info, &server_info);
 	}
 
-	(auth_context->free)(&auth_context);	
+	(auth_context->free)(&auth_context);
 	free_user_info(&user_info);
-	
-	DEBUG(5, ("_net_sam_logon: check_password returned status %s\n", 
+
+	DEBUG(5,("_netr_LogonSamLogon: check_password returned status %s\n",
 		  nt_errstr(status)));
 
 	/* Check account and password */
-    
+
 	if (!NT_STATUS_IS_OK(status)) {
-		/* If we don't know what this domain is, we need to 
-		   indicate that we are not authoritative.  This 
-		   allows the client to decide if it needs to try 
+		/* If we don't know what this domain is, we need to
+		   indicate that we are not authoritative.  This
+		   allows the client to decide if it needs to try
 		   a local user.  Fix by jpjanosi@us.ibm.com, #2976 */
-                if ( NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER) 
+                if ( NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)
 		     && !strequal(nt_domain, get_global_sam_name())
 		     && !is_trusted_domain(nt_domain) )
-			r_u->auth_resp = 0; /* We are not authoritative */
+			*r->out.authoritative = false; /* We are not authoritative */
 
 		TALLOC_FREE(server_info);
 		return status;
@@ -939,7 +992,7 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
 
 	if (server_info->guest) {
 		/* We don't like guest domain logons... */
-		DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST "
+		DEBUG(5,("_netr_LogonSamLogon: Attempted domain logon as GUEST "
 			 "denied.\n"));
 		TALLOC_FREE(server_info);
 		return NT_STATUS_LOGON_FAILURE;
@@ -958,29 +1011,40 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
 
 		int num_gids = 0;
 		const char *my_name;
-		unsigned char user_session_key[16];
-		unsigned char lm_session_key[16];
+
+		struct netr_UserSessionKey user_session_key;
+		struct netr_LMSessionKey lm_session_key;
 		unsigned char pipe_session_key[16];
 
-		sampw = server_info->sam_account;
+		NTTIME last_logon, last_logoff, acct_expiry, last_password_change;
+		NTTIME allow_password_change, force_password_change;
+		struct samr_RidWithAttributeArray groups;
+		int i;
+		struct dom_sid2 *sid = NULL;
+
+		ZERO_STRUCT(user_session_key);
+		ZERO_STRUCT(lm_session_key);
 
-		/* set up pointer indicating user/password failed to be
-		 * found */
-		usr_info->ptr_user_info = 0;
+		sampw = server_info->sam_account;
 
 		user_sid = pdb_get_user_sid(sampw);
 		group_sid = pdb_get_group_sid(sampw);
 
 		if ((user_sid == NULL) || (group_sid == NULL)) {
-			DEBUG(1, ("_net_sam_logon: User without group or user SID\n"));
+			DEBUG(1, ("_netr_LogonSamLogon: User without group or user SID\n"));
 			return NT_STATUS_UNSUCCESSFUL;
 		}
 
 		sid_copy(&domain_sid, user_sid);
 		sid_split_rid(&domain_sid, &user_rid);
 
+		sid = sid_dup_talloc(p->mem_ctx, &domain_sid);
+		if (!sid) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
 		if (!sid_peek_check_rid(&domain_sid, group_sid, &group_rid)) {
-			DEBUG(1, ("_net_sam_logon: user %s\\%s has user sid "
+			DEBUG(1, ("_netr_LogonSamLogon: user %s\\%s has user sid "
 				  "%s\n but group sid %s.\n"
 				  "The conflicting domain portions are not "
 				  "supported for NETLOGON calls\n",
@@ -1007,9 +1071,9 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
 		}
 
 		if (server_info->user_session_key.length) {
-			memcpy(user_session_key,
+			memcpy(user_session_key.key,
 			       server_info->user_session_key.data,
-			       MIN(sizeof(user_session_key),
+			       MIN(sizeof(user_session_key.key),
 				   server_info->user_session_key.length));
 			if (process_creds) {
 				/* Get the pipe session key from the creds. */
@@ -1021,13 +1085,13 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
 				}
 				memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16);
 			}
-			SamOEMhash(user_session_key, pipe_session_key, 16);
+			SamOEMhash(user_session_key.key, pipe_session_key, 16);
 			memset(pipe_session_key, '\0', 16);
 		}
 		if (server_info->lm_session_key.length) {
-			memcpy(lm_session_key,
+			memcpy(lm_session_key.key,
 			       server_info->lm_session_key.data,
-			       MIN(sizeof(lm_session_key),
+			       MIN(sizeof(lm_session_key.key),
 				   server_info->lm_session_key.length));
 			if (process_creds) {
 				/* Get the pipe session key from the creds. */
@@ -1039,36 +1103,56 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
 				}
 				memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16);
 			}
-			SamOEMhash(lm_session_key, pipe_session_key, 16);
+			SamOEMhash(lm_session_key.key, pipe_session_key, 16);
 			memset(pipe_session_key, '\0', 16);
 		}
 
-		init_net_user_info3(p->mem_ctx, usr_info,
-				    user_rid,
-				    group_rid,
-				    pdb_get_username(sampw),
-				    pdb_get_fullname(sampw),
-				    pdb_get_homedir(sampw),
-				    pdb_get_dir_drive(sampw),
-				    pdb_get_logon_script(sampw),
-				    pdb_get_profile_path(sampw),
-				    pdb_get_logon_time(sampw),
-				    get_time_t_max(),
-				    get_time_t_max(),
-				    pdb_get_pass_last_set_time(sampw),
-				    pdb_get_pass_can_change_time(sampw),
-				    pdb_get_pass_must_change_time(sampw),
-				    0, /* logon_count */
-				    0, /* bad_pw_count */
-				    num_gids,    /* uint32 num_groups */
-				    gids    , /* DOM_GID *gids */
-				    LOGON_EXTRA_SIDS, /* uint32 user_flgs (?) */
-				    pdb_get_acct_ctrl(sampw),
-				    server_info->user_session_key.length ? user_session_key : NULL,
-				    server_info->lm_session_key.length ? lm_session_key : NULL,
-				    my_name     , /* char *logon_srv */
-				    pdb_get_domain(sampw),
-				    &domain_sid);     /* DOM_SID *dom_sid */
+		groups.count = num_gids;
+		groups.rids = TALLOC_ARRAY(p->mem_ctx, struct samr_RidWithAttribute,
+					   groups.count);
+		if (!groups.rids) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		for (i=0; i < groups.count; i++) {
+			groups.rids[i].rid = gids[i].g_rid;
+			groups.rids[i].attributes = gids[i].attr;
+		}
+
+		unix_to_nt_time(&last_logon, pdb_get_logon_time(sampw));
+		unix_to_nt_time(&last_logoff, get_time_t_max());
+		unix_to_nt_time(&acct_expiry, get_time_t_max());
+		unix_to_nt_time(&last_password_change, pdb_get_pass_last_set_time(sampw));
+		unix_to_nt_time(&allow_password_change, pdb_get_pass_can_change_time(sampw));
+		unix_to_nt_time(&force_password_change, pdb_get_pass_must_change_time(sampw));
+
+		init_netr_SamInfo3(sam3,
+				   last_logon,
+				   last_logoff,
+				   acct_expiry,
+				   last_password_change,
+				   allow_password_change,
+				   force_password_change,
+				   talloc_strdup(p->mem_ctx, pdb_get_username(sampw)),
+				   talloc_strdup(p->mem_ctx, pdb_get_fullname(sampw)),
+				   talloc_strdup(p->mem_ctx, pdb_get_logon_script(sampw)),
+				   talloc_strdup(p->mem_ctx, pdb_get_profile_path(sampw)),
+				   talloc_strdup(p->mem_ctx, pdb_get_homedir(sampw)),
+				   talloc_strdup(p->mem_ctx, pdb_get_dir_drive(sampw)),
+				   0, /* logon_count */
+				   0, /* bad_password_count */
+				   user_rid,
+				   group_rid,
+				   groups,
+				   NETLOGON_EXTRA_SIDS,
+				   user_session_key,
+				   my_name,
+				   talloc_strdup(p->mem_ctx, pdb_get_domain(sampw)),
+				   sid,
+				   lm_session_key,
+				   pdb_get_acct_ctrl(sampw),
+				   0, /* sidcount */
+				   NULL); /* struct netr_SidAttr *sids */
 		ZERO_STRUCT(user_session_key);
 		ZERO_STRUCT(lm_session_key);
 	}
@@ -1077,25 +1161,14 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
 }
 
 /*************************************************************************
- _net_sam_logon
+ _netr_LogonSamLogonEx
+ - no credential chaining. Map into net sam logon.
  *************************************************************************/
 
-NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *r_u)
+NTSTATUS _netr_LogonSamLogonEx(pipes_struct *p,
+			       struct netr_LogonSamLogonEx *r)
 {
-	return _net_sam_logon_internal(p, q_u, r_u, True);
-}
- 
-/*************************************************************************
- _net_sam_logon_ex - no credential chaining. Map into net sam logon.
- *************************************************************************/
-
-NTSTATUS _net_sam_logon_ex(pipes_struct *p, NET_Q_SAM_LOGON_EX *q_u, NET_R_SAM_LOGON_EX *r_u)
-{
-	NET_Q_SAM_LOGON q;
-	NET_R_SAM_LOGON r;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
+	struct netr_LogonSamLogon q;
 
 	/* Only allow this if the pipe is protected. */
 	if (p->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
@@ -1104,43 +1177,409 @@ NTSTATUS _net_sam_logon_ex(pipes_struct *p, NET_Q_SAM_LOGON_EX *q_u, NET_R_SAM_L
 		return NT_STATUS_INVALID_PARAMETER;
         }
 
-	/* Map a NET_Q_SAM_LOGON_EX to NET_Q_SAM_LOGON. */
-	q.validation_level = q_u->validation_level;
-
- 	/* Map a DOM_SAM_INFO_EX into a DOM_SAM_INFO with no creds. */
-	q.sam_id.client.login = q_u->sam_id.client;
-	q.sam_id.logon_level = q_u->sam_id.logon_level;
-	q.sam_id.ctr = q_u->sam_id.ctr;
+	q.in.server_name 	= r->in.server_name;
+	q.in.computer_name	= r->in.computer_name;
+	q.in.logon_level	= r->in.logon_level;
+	q.in.logon		= r->in.logon;
+	q.in.validation_level	= r->in.validation_level;
+	/* we do not handle the flags */
+	/*			= r->in.flags; */
 
-	r_u->status = _net_sam_logon_internal(p, &q, &r, False);
-
-	if (!NT_STATUS_IS_OK(r_u->status)) {
-		return r_u->status;
-	}
+	q.out.validation	= r->out.validation;
+	q.out.authoritative	= r->out.authoritative;
+	/* we do not handle the flags */
+	/*			= r->out.flags; */
 
-	/* Map the NET_R_SAM_LOGON to NET_R_SAM_LOGON_EX. */
-	r_u->switch_value = r.switch_value;
-	r_u->user = r.user;
-	r_u->auth_resp = r.auth_resp;
-	r_u->flags = 0; /* FIXME ! */
-	return r_u->status;
+	return _netr_LogonSamLogon(p, &q);
 }
 
 /*************************************************************************
  _ds_enum_dom_trusts
  *************************************************************************/
 #if 0	/* JERRY -- not correct */
-NTSTATUS _ds_enum_dom_trusts(pipes_struct *p, DS_Q_ENUM_DOM_TRUSTS *q_u,
+ NTSTATUS _ds_enum_dom_trusts(pipes_struct *p, DS_Q_ENUM_DOM_TRUSTS *q_u,
 			     DS_R_ENUM_DOM_TRUSTS *r_u)
 {
 	NTSTATUS status = NT_STATUS_OK;
 
-	/* TODO: According to MSDN, the can only be executed against a 
+	/* TODO: According to MSDN, the can only be executed against a
 	   DC or domain member running Windows 2000 or later.  Need
-	   to test against a standalone 2k server and see what it 
-	   does.  A windows 2000 DC includes its own domain in the 
+	   to test against a standalone 2k server and see what it
+	   does.  A windows 2000 DC includes its own domain in the
 	   list.  --jerry */
 
 	return status;
 }
 #endif	/* JERRY */
+
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_LogonUasLogon(pipes_struct *p,
+			   struct netr_LogonUasLogon *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_LogonUasLogoff(pipes_struct *p,
+			    struct netr_LogonUasLogoff *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_DatabaseDeltas(pipes_struct *p,
+			      struct netr_DatabaseDeltas *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_DatabaseSync(pipes_struct *p,
+			    struct netr_DatabaseSync *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_AccountDeltas(pipes_struct *p,
+			     struct netr_AccountDeltas *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_AccountSync(pipes_struct *p,
+			   struct netr_AccountSync *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_GetDcName(pipes_struct *p,
+		       struct netr_GetDcName *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_GetAnyDCName(pipes_struct *p,
+			  struct netr_GetAnyDCName *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_DatabaseSync2(pipes_struct *p,
+			     struct netr_DatabaseSync2 *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_DatabaseRedo(pipes_struct *p,
+			    struct netr_DatabaseRedo *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_LogonControl2Ex(pipes_struct *p,
+			     struct netr_LogonControl2Ex *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsRGetDCName(pipes_struct *p,
+			  struct netr_DsRGetDCName *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_NETRLOGONDUMMYROUTINE1(pipes_struct *p,
+				    struct netr_NETRLOGONDUMMYROUTINE1 *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_NETRLOGONSETSERVICEBITS(pipes_struct *p,
+				     struct netr_NETRLOGONSETSERVICEBITS *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_LogonGetTrustRid(pipes_struct *p,
+			      struct netr_LogonGetTrustRid *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_NETRLOGONCOMPUTESERVERDIGEST(pipes_struct *p,
+					  struct netr_NETRLOGONCOMPUTESERVERDIGEST *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_NETRLOGONCOMPUTECLIENTDIGEST(pipes_struct *p,
+					  struct netr_NETRLOGONCOMPUTECLIENTDIGEST *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_ServerAuthenticate3(pipes_struct *p,
+				   struct netr_ServerAuthenticate3 *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsRGetDCNameEx(pipes_struct *p,
+			    struct netr_DsRGetDCNameEx *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsRGetSiteName(pipes_struct *p,
+			    struct netr_DsRGetSiteName *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_LogonGetDomainInfo(pipes_struct *p,
+				  struct netr_LogonGetDomainInfo *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
+				  struct netr_ServerPasswordSet2 *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_ServerPasswordGet(pipes_struct *p,
+			       struct netr_ServerPasswordGet *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_NETRLOGONSENDTOSAM(pipes_struct *p,
+				struct netr_NETRLOGONSENDTOSAM *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsRAddressToSitenamesW(pipes_struct *p,
+				    struct netr_DsRAddressToSitenamesW *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsRGetDCNameEx2(pipes_struct *p,
+			     struct netr_DsRGetDCNameEx2 *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN(pipes_struct *p,
+						 struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_NetrEnumerateTrustedDomainsEx(pipes_struct *p,
+					   struct netr_NetrEnumerateTrustedDomainsEx *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsRAddressToSitenamesExW(pipes_struct *p,
+				      struct netr_DsRAddressToSitenamesExW *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsrGetDcSiteCoverageW(pipes_struct *p,
+				   struct netr_DsrGetDcSiteCoverageW *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsrEnumerateDomainTrusts(pipes_struct *p,
+				      struct netr_DsrEnumerateDomainTrusts *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsrDeregisterDNSHostRecords(pipes_struct *p,
+					 struct netr_DsrDeregisterDNSHostRecords *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_ServerTrustPasswordsGet(pipes_struct *p,
+				       struct netr_ServerTrustPasswordsGet *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_DsRGetForestTrustInformation(pipes_struct *p,
+					  struct netr_DsRGetForestTrustInformation *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_GetForestTrustInformation(pipes_struct *p,
+				       struct netr_GetForestTrustInformation *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _netr_LogonSamLogonWithFlags(pipes_struct *p,
+				      struct netr_LogonSamLogonWithFlags *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _netr_NETRSERVERGETTRUSTINFO(pipes_struct *p,
+				    struct netr_NETRSERVERGETTRUSTINFO *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
diff --git a/source3/rpc_server/srv_ntsvcs.c b/source3/rpc_server/srv_ntsvcs.c
index b3e93ac459..12fffc3e96 100644
--- a/source3/rpc_server/srv_ntsvcs.c
+++ b/source3/rpc_server/srv_ntsvcs.c
@@ -25,49 +25,38 @@
 /*******************************************************************
  ********************************************************************/
 
-static bool api_ntsvcs_get_version(pipes_struct *p)
+static bool proxy_ntsvcs_call(pipes_struct *p, uint8_t opnum)
 {
-	NTSVCS_Q_GET_VERSION q_u;
-	NTSVCS_R_GET_VERSION r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
+	struct api_struct *fns;
+	int n_fns;
 
-	if(!ntsvcs_io_q_get_version("", &q_u, data, 0))
-		return False;
+	ntsvcs_get_pipe_fns(&fns, &n_fns);
 
-	r_u.status = _ntsvcs_get_version(p, &q_u, &r_u);
+	if (opnum >= n_fns) {
+		return false;
+	}
 
-	if(!ntsvcs_io_r_get_version("", &r_u, rdata, 0))
-		return False;
+	if (fns[opnum].opnum != opnum) {
+		smb_panic("NTSVCS function table not sorted");
+	}
 
-	return True;
+	return fns[opnum].fn(p);
 }
 
 /*******************************************************************
  ********************************************************************/
 
-static bool api_ntsvcs_get_device_list_size(pipes_struct *p)
+static bool api_ntsvcs_get_version(pipes_struct *p)
 {
-	NTSVCS_Q_GET_DEVICE_LIST_SIZE q_u;
-	NTSVCS_R_GET_DEVICE_LIST_SIZE r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!ntsvcs_io_q_get_device_list_size("", &q_u, data, 0))
-		return False;
-
-	r_u.status = _ntsvcs_get_device_list_size(p, &q_u, &r_u);
+	return proxy_ntsvcs_call(p, NDR_PNP_GETVERSION);
+}
 
-	if(!ntsvcs_io_r_get_device_list_size("", &r_u, rdata, 0))
-		return False;
+/*******************************************************************
+ ********************************************************************/
 
-	return True;
+static bool api_ntsvcs_get_device_list_size(pipes_struct *p)
+{
+	return proxy_ntsvcs_call(p, NDR_PNP_GETDEVICELISTSIZE);
 }
 
 /*******************************************************************
@@ -99,23 +88,7 @@ static bool api_ntsvcs_get_device_list(pipes_struct *p)
 
 static bool api_ntsvcs_validate_device_instance(pipes_struct *p)
 {
-	NTSVCS_Q_VALIDATE_DEVICE_INSTANCE q_u;
-	NTSVCS_R_VALIDATE_DEVICE_INSTANCE r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!ntsvcs_io_q_validate_device_instance("", &q_u, data, 0))
-		return False;
-
-	r_u.status = _ntsvcs_validate_device_instance(p, &q_u, &r_u);
-
-	if(!ntsvcs_io_r_validate_device_instance("", &r_u, rdata, 0))
-		return False;
-
-	return True;
+	return proxy_ntsvcs_call(p, NDR_PNP_VALIDATEDEVICEINSTANCE);
 }
 
 /*******************************************************************
@@ -147,23 +120,7 @@ static bool api_ntsvcs_get_device_reg_property(pipes_struct *p)
 
 static bool api_ntsvcs_get_hw_profile_info(pipes_struct *p)
 {
-	NTSVCS_Q_GET_HW_PROFILE_INFO q_u;
-	NTSVCS_R_GET_HW_PROFILE_INFO r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!ntsvcs_io_q_get_hw_profile_info("", &q_u, data, 0))
-		return False;
-
-	r_u.status = _ntsvcs_get_hw_profile_info(p, &q_u, &r_u);
-
-	if(!ntsvcs_io_r_get_hw_profile_info("", &r_u, rdata, 0))
-		return False;
-
-	return True;
+	return proxy_ntsvcs_call(p, NDR_PNP_GETHWPROFINFO);
 }
 
 /*******************************************************************
@@ -171,23 +128,7 @@ static bool api_ntsvcs_get_hw_profile_info(pipes_struct *p)
 
 static bool api_ntsvcs_hw_profile_flags(pipes_struct *p)
 {
-	NTSVCS_Q_HW_PROFILE_FLAGS q_u;
-	NTSVCS_R_HW_PROFILE_FLAGS r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!ntsvcs_io_q_hw_profile_flags("", &q_u, data, 0))
-		return False;
-
-	r_u.status = _ntsvcs_hw_profile_flags(p, &q_u, &r_u);
-
-	if(!ntsvcs_io_r_hw_profile_flags("", &r_u, rdata, 0))
-		return False;
-
-	return True;
+	return proxy_ntsvcs_call(p, NDR_PNP_HWPROFFLAGS);
 }
 
 /*******************************************************************
@@ -206,13 +147,13 @@ static struct api_struct api_ntsvcs_cmds[] =
 };
 
 
-void ntsvcs_get_pipe_fns( struct api_struct **fns, int *n_fns )
+void ntsvcs2_get_pipe_fns( struct api_struct **fns, int *n_fns )
 {
 	*fns = api_ntsvcs_cmds;
 	*n_fns = sizeof(api_ntsvcs_cmds) / sizeof(struct api_struct);
 }
 
-NTSTATUS rpc_ntsvcs_init(void)
+NTSTATUS rpc_ntsvcs2_init(void)
 {
   return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "ntsvcs", "ntsvcs", api_ntsvcs_cmds,
 				    sizeof(api_ntsvcs_cmds) / sizeof(struct api_struct));
diff --git a/source3/rpc_server/srv_ntsvcs_nt.c b/source3/rpc_server/srv_ntsvcs_nt.c
index 16c74c5d6d..11ea5d0cd1 100644
--- a/source3/rpc_server/srv_ntsvcs_nt.c
+++ b/source3/rpc_server/srv_ntsvcs_nt.c
@@ -34,31 +34,31 @@ static char* get_device_path(TALLOC_CTX *mem_ctx, const char *device )
 /********************************************************************
 ********************************************************************/
 
-WERROR _ntsvcs_get_version( pipes_struct *p, NTSVCS_Q_GET_VERSION *q_u, NTSVCS_R_GET_VERSION *r_u )
+WERROR _PNP_GetVersion(pipes_struct *p,
+		       struct PNP_GetVersion *r)
 {
-	r_u->version = 0x00000400;	/* no idea what this means */
-		
+	*r->out.version = 0x0400;      /* no idea what this means */
+
 	return WERR_OK;
 }
 
 /********************************************************************
 ********************************************************************/
 
-WERROR _ntsvcs_get_device_list_size( pipes_struct *p, NTSVCS_Q_GET_DEVICE_LIST_SIZE *q_u, NTSVCS_R_GET_DEVICE_LIST_SIZE *r_u )
+WERROR _PNP_GetDeviceListSize(pipes_struct *p,
+			      struct PNP_GetDeviceListSize *r)
 {
-	fstring device;
 	char *devicepath;
 
-	if ( !q_u->devicename )
+	if (!r->in.devicename) {
 		return WERR_ACCESS_DENIED;
+	}
 
-	rpcstr_pull(device, q_u->devicename->buffer, sizeof(device), q_u->devicename->uni_str_len*2, 0);
-
-	if (!(devicepath = get_device_path(p->mem_ctx, device))) {
+	if (!(devicepath = get_device_path(p->mem_ctx, r->in.devicename))) {
 		return WERR_NOMEM;
 	}
 
-	r_u->size = strlen(devicepath) + 2;
+	*r->out.size = strlen(devicepath) + 2;
 
 	TALLOC_FREE(devicepath);
 
@@ -143,7 +143,8 @@ WERROR _ntsvcs_get_device_reg_property( pipes_struct *p, NTSVCS_Q_GET_DEVICE_REG
 /********************************************************************
 ********************************************************************/
 
-WERROR _ntsvcs_validate_device_instance( pipes_struct *p, NTSVCS_Q_VALIDATE_DEVICE_INSTANCE *q_u, NTSVCS_R_VALIDATE_DEVICE_INSTANCE *r_u )
+WERROR _PNP_ValidateDeviceInstance(pipes_struct *p,
+				   struct PNP_ValidateDeviceInstance *r)
 {
 	/* whatever dude */
 	return WERR_OK;
@@ -152,12 +153,12 @@ WERROR _ntsvcs_validate_device_instance( pipes_struct *p, NTSVCS_Q_VALIDATE_DEVI
 /********************************************************************
 ********************************************************************/
 
-WERROR _ntsvcs_get_hw_profile_info( pipes_struct *p, NTSVCS_Q_GET_HW_PROFILE_INFO *q_u, NTSVCS_R_GET_HW_PROFILE_INFO *r_u )
+WERROR _PNP_GetHwProfInfo(pipes_struct *p,
+			  struct PNP_GetHwProfInfo *r)
 {
 	/* steal the incoming buffer */
 
-	r_u->buffer_size = q_u->buffer_size;
-	r_u->buffer = q_u->buffer;
+	r->out.info = r->in.info;
 
 	/* Take the 5th Ammentment */
 
@@ -167,10 +168,611 @@ WERROR _ntsvcs_get_hw_profile_info( pipes_struct *p, NTSVCS_Q_GET_HW_PROFILE_INF
 /********************************************************************
 ********************************************************************/
 
-WERROR _ntsvcs_hw_profile_flags( pipes_struct *p, NTSVCS_Q_HW_PROFILE_FLAGS *q_u, NTSVCS_R_HW_PROFILE_FLAGS *r_u )
-{	
+WERROR _PNP_HwProfFlags(pipes_struct *p,
+			struct PNP_HwProfFlags *r)
+{
 	/* just nod your head */
-	
+
 	return WERR_OK;
 }
 
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_Disconnect(pipes_struct *p,
+		       struct PNP_Disconnect *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_Connect(pipes_struct *p,
+		    struct PNP_Connect *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetGlobalState(pipes_struct *p,
+			   struct PNP_GetGlobalState *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_InitDetection(pipes_struct *p,
+			  struct PNP_InitDetection *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_ReportLogOn(pipes_struct *p,
+			struct PNP_ReportLogOn *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetRootDeviceInstance(pipes_struct *p,
+				  struct PNP_GetRootDeviceInstance *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetRelatedDeviceInstance(pipes_struct *p,
+				     struct PNP_GetRelatedDeviceInstance *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_EnumerateSubKeys(pipes_struct *p,
+			     struct PNP_EnumerateSubKeys *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetDeviceList(pipes_struct *p,
+			  struct PNP_GetDeviceList *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetDepth(pipes_struct *p,
+		     struct PNP_GetDepth *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetDeviceRegProp(pipes_struct *p,
+			     struct PNP_GetDeviceRegProp *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_SetDeviceRegProp(pipes_struct *p,
+			     struct PNP_SetDeviceRegProp *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetClassInstance(pipes_struct *p,
+			     struct PNP_GetClassInstance *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_CreateKey(pipes_struct *p,
+		      struct PNP_CreateKey *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_DeleteRegistryKey(pipes_struct *p,
+			      struct PNP_DeleteRegistryKey *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetClassCount(pipes_struct *p,
+			  struct PNP_GetClassCount *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetClassName(pipes_struct *p,
+			 struct PNP_GetClassName *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_DeleteClassKey(pipes_struct *p,
+			   struct PNP_DeleteClassKey *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetInterfaceDeviceAlias(pipes_struct *p,
+				    struct PNP_GetInterfaceDeviceAlias *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetInterfaceDeviceList(pipes_struct *p,
+				   struct PNP_GetInterfaceDeviceList *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetInterfaceDeviceListSize(pipes_struct *p,
+				       struct PNP_GetInterfaceDeviceListSize *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_RegisterDeviceClassAssociation(pipes_struct *p,
+					   struct PNP_RegisterDeviceClassAssociation *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_UnregisterDeviceClassAssociation(pipes_struct *p,
+					     struct PNP_UnregisterDeviceClassAssociation *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetClassRegProp(pipes_struct *p,
+			    struct PNP_GetClassRegProp *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_SetClassRegProp(pipes_struct *p,
+			    struct PNP_SetClassRegProp *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_CreateDevInst(pipes_struct *p,
+			  struct PNP_CreateDevInst *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_DeviceInstanceAction(pipes_struct *p,
+				 struct PNP_DeviceInstanceAction *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetDeviceStatus(pipes_struct *p,
+			    struct PNP_GetDeviceStatus *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_SetDeviceProblem(pipes_struct *p,
+			     struct PNP_SetDeviceProblem *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_DisableDevInst(pipes_struct *p,
+			   struct PNP_DisableDevInst *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_UninstallDevInst(pipes_struct *p,
+			     struct PNP_UninstallDevInst *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_AddID(pipes_struct *p,
+		  struct PNP_AddID *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_RegisterDriver(pipes_struct *p,
+			   struct PNP_RegisterDriver *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_QueryRemove(pipes_struct *p,
+			struct PNP_QueryRemove *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_RequestDeviceEject(pipes_struct *p,
+			       struct PNP_RequestDeviceEject *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_IsDockStationPresent(pipes_struct *p,
+				 struct PNP_IsDockStationPresent *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_RequestEjectPC(pipes_struct *p,
+			   struct PNP_RequestEjectPC *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_AddEmptyLogConf(pipes_struct *p,
+			    struct PNP_AddEmptyLogConf *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_FreeLogConf(pipes_struct *p,
+			struct PNP_FreeLogConf *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetFirstLogConf(pipes_struct *p,
+			    struct PNP_GetFirstLogConf *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetNextLogConf(pipes_struct *p,
+			   struct PNP_GetNextLogConf *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetLogConfPriority(pipes_struct *p,
+			       struct PNP_GetLogConfPriority *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_AddResDes(pipes_struct *p,
+		      struct PNP_AddResDes *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_FreeResDes(pipes_struct *p,
+		       struct PNP_FreeResDes *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetNextResDes(pipes_struct *p,
+			  struct PNP_GetNextResDes *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetResDesData(pipes_struct *p,
+			  struct PNP_GetResDesData *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetResDesDataSize(pipes_struct *p,
+			      struct PNP_GetResDesDataSize *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_ModifyResDes(pipes_struct *p,
+			 struct PNP_ModifyResDes *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_DetectResourceLimit(pipes_struct *p,
+				struct PNP_DetectResourceLimit *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_QueryResConfList(pipes_struct *p,
+			     struct PNP_QueryResConfList *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_SetHwProf(pipes_struct *p,
+		      struct PNP_SetHwProf *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_QueryArbitratorFreeData(pipes_struct *p,
+				    struct PNP_QueryArbitratorFreeData *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_QueryArbitratorFreeSize(pipes_struct *p,
+				    struct PNP_QueryArbitratorFreeSize *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_RunDetection(pipes_struct *p,
+			 struct PNP_RunDetection *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_RegisterNotification(pipes_struct *p,
+				 struct PNP_RegisterNotification *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_UnregisterNotification(pipes_struct *p,
+				   struct PNP_UnregisterNotification *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetCustomDevProp(pipes_struct *p,
+			     struct PNP_GetCustomDevProp *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetVersionInternal(pipes_struct *p,
+			       struct PNP_GetVersionInternal *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetBlockedDriverInfo(pipes_struct *p,
+				 struct PNP_GetBlockedDriverInfo *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+WERROR _PNP_GetServerSideDeviceInstallFlags(pipes_struct *p,
+					    struct PNP_GetServerSideDeviceInstallFlags *r)
+{
+	p->rng_fault_state = true;
+	return WERR_NOT_SUPPORTED;
+}
+
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 5ede0c93f4..19c8db0533 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -993,7 +993,7 @@ bool check_bind_req(struct pipes_struct *p, RPC_IFACE* abstract,
 	/* we have to check all now since win2k introduced a new UUID on the lsaprpc pipe */
 		
 	for ( i=0; pipe_names[i].client_pipe; i++ ) {
-		DEBUG(10,("checking %s\n", pipe_names[i].client_pipe));
+		DEBUGADD(10,("checking %s\n", pipe_names[i].client_pipe));
 		if ( strequal(pipe_names[i].client_pipe, pname)
 			&& (abstract->version == pipe_names[i].abstr_syntax.version) 
 			&& (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(struct GUID)) == 0)
@@ -1105,7 +1105,7 @@ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_
 	char *OIDs[ASN1_MAX_OIDS];
         int i;
 	NTSTATUS status;
-        bool got_kerberos_mechanism = False;
+        bool got_kerberos_mechanism = false;
 	AUTH_NTLMSSP_STATE *a = NULL;
 	RPC_HDR_AUTH auth_info;
 
@@ -1133,7 +1133,7 @@ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_
         }
 
 	if (strcmp(OID_KERBEROS5, OIDs[0]) == 0 || strcmp(OID_KERBEROS5_OLD, OIDs[0]) == 0) {
-		got_kerberos_mechanism = True;
+		got_kerberos_mechanism = true;
 	}
 
 	for (i=0;OIDs[i];i++) {
@@ -1154,27 +1154,38 @@ static bool pipe_spnego_auth_bind_negotiate(pipes_struct *p, prs_struct *rpc_in_
 		free_pipe_ntlmssp_auth_data(&p->auth);
 	}
 
-	/* Initialize the NTLM engine. */
-	status = auth_ntlmssp_start(&a);
-	if (!NT_STATUS_IS_OK(status)) {
-		goto err;
-	}
+	if (!got_kerberos_mechanism) {
+		/* Initialize the NTLM engine. */
+		status = auth_ntlmssp_start(&a);
+		if (!NT_STATUS_IS_OK(status)) {
+			goto err;
+		}
 
-	/*
-	 * Pass the first security blob of data to it.
-	 * This can return an error or NT_STATUS_MORE_PROCESSING_REQUIRED
-	 * which means we need another packet to complete the bind.
-	 */
+		/*
+		 * Pass the first security blob of data to it.
+		 * This can return an error or NT_STATUS_MORE_PROCESSING_REQUIRED
+		 * which means we need another packet to complete the bind.
+		 */
 
-        status = auth_ntlmssp_update(a, secblob, &chal);
+		status = auth_ntlmssp_update(a, secblob, &chal);
 
-	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-		DEBUG(3,("pipe_spnego_auth_bind_negotiate: auth_ntlmssp_update failed.\n"));
-		goto err;
-	}
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+			DEBUG(3,("pipe_spnego_auth_bind_negotiate: auth_ntlmssp_update failed.\n"));
+			goto err;
+		}
 
-	/* Generate the response blob we need for step 2 of the bind. */
-	response = spnego_gen_auth_response(&chal, status, OID_NTLMSSP);
+		/* Generate the response blob we need for step 2 of the bind. */
+		response = spnego_gen_auth_response(&chal, status, OID_NTLMSSP);
+	} else {
+		/*
+		 * SPNEGO negotiate down to NTLMSSP. The subsequent
+		 * code to process follow-up packets is not complete
+		 * yet. JRA.
+		 */
+		response = spnego_gen_auth_response(NULL,
+					NT_STATUS_MORE_PROCESSING_REQUIRED,
+					OID_NTLMSSP);
+	}
 
 	/* Copy the blob into the pout_auth parse struct */
 	init_rpc_hdr_auth(&auth_info, RPC_SPNEGO_AUTH_TYPE, pauth_info->auth_level, RPC_HDR_AUTH_LEN, 1);
@@ -1231,6 +1242,10 @@ static bool pipe_spnego_auth_bind_continue(pipes_struct *p, prs_struct *rpc_in_p
 	ZERO_STRUCT(auth_reply);
 	ZERO_STRUCT(response);
 
+	/*
+	 * NB. If we've negotiated down from krb5 to NTLMSSP we'll currently
+	 * fail here as 'a' == NULL.
+	 */
 	if (p->auth.auth_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP || !a) {
 		DEBUG(0,("pipe_spnego_auth_bind_continue: not in NTLMSSP auth state.\n"));
 		goto err;
@@ -1259,7 +1274,7 @@ static bool pipe_spnego_auth_bind_continue(pipes_struct *p, prs_struct *rpc_in_p
 	 * The following call actually checks the challenge/response data.
 	 * for correctness against the given DOMAIN\user name.
 	 */
-	
+
 	if (!pipe_ntlmssp_verify_final(p, &auth_blob)) {
 		goto err;
 	}
@@ -2361,16 +2376,16 @@ void get_pipe_fns( int idx, struct api_struct **fns, int *n_fns )
 
 	switch ( idx ) {
 		case PI_LSARPC:
-			lsa_get_pipe_fns( &cmds, &n_cmds );
+			lsarpc_get_pipe_fns( &cmds, &n_cmds );
 			break;
-		case PI_LSARPC_DS:
-			lsa_ds_get_pipe_fns( &cmds, &n_cmds );
+		case PI_DSSETUP:
+			dssetup_get_pipe_fns( &cmds, &n_cmds );
 			break;
 		case PI_SAMR:
 			samr_get_pipe_fns( &cmds, &n_cmds );
 			break;
 		case PI_NETLOGON:
-			netlog_get_pipe_fns( &cmds, &n_cmds );
+			netlogon_get_pipe_fns( &cmds, &n_cmds );
 			break;
 		case PI_SRVSVC:
 			srvsvc2_get_pipe_fns( &cmds, &n_cmds );
@@ -2394,7 +2409,7 @@ void get_pipe_fns( int idx, struct api_struct **fns, int *n_fns )
 			eventlog2_get_pipe_fns( &cmds, &n_cmds );
 			break;
 		case PI_NTSVCS:
-			ntsvcs_get_pipe_fns( &cmds, &n_cmds );
+			ntsvcs2_get_pipe_fns( &cmds, &n_cmds );
 			break;
 #ifdef DEVELOPER
 		case PI_RPCECHO:
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
deleted file mode 100644
index a1deac083d..0000000000
--- a/source3/rpc_server/srv_samr.c
+++ /dev/null
@@ -1,1571 +0,0 @@
-/* 
- *  Unix SMB/CIFS implementation.
- *  RPC Pipe client / server routines
- *  Copyright (C) Andrew Tridgell              1992-1997,
- *  Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
- *  Copyright (C) Paul Ashton                       1997,
- *  Copyright (C) Marc Jacobsen			    1999,
- *  Copyright (C) Jean François Micouleau      1998-2001,
- *  Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002-2003.
- *	
- * 	Split into interface and implementation modules by, 
- *
- *  Copyright (C) Jeremy Allison                    2001.
- *  
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 3 of the License, or
- *  (at your option) any later version.
- *  
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *  
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-/*
- * This is the interface to the SAMR code.
- */
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_RPC_SRV
-
-/*******************************************************************
- api_samr_close_hnd
- ********************************************************************/
-
-static bool api_samr_close_hnd(pipes_struct *p)
-{
-	SAMR_Q_CLOSE_HND q_u;
-	SAMR_R_CLOSE_HND r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!samr_io_q_close_hnd("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_close_hnd: unable to unmarshall SAMR_Q_CLOSE_HND.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_close_hnd(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_close_hnd("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_close_hnd: unable to marshall SAMR_R_CLOSE_HND.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_open_domain
- ********************************************************************/
-
-static bool api_samr_open_domain(pipes_struct *p)
-{
-	SAMR_Q_OPEN_DOMAIN q_u;
-	SAMR_R_OPEN_DOMAIN r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!samr_io_q_open_domain("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_open_domain: unable to unmarshall SAMR_Q_OPEN_DOMAIN.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_open_domain(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_open_domain("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_open_domain: unable to marshall SAMR_R_OPEN_DOMAIN.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_get_usrdom_pwinfo
- ********************************************************************/
-
-static bool api_samr_get_usrdom_pwinfo(pipes_struct *p)
-{
-	SAMR_Q_GET_USRDOM_PWINFO q_u;
-	SAMR_R_GET_USRDOM_PWINFO r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!samr_io_q_get_usrdom_pwinfo("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_get_usrdom_pwinfo: unable to unmarshall SAMR_Q_GET_USRDOM_PWINFO.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_get_usrdom_pwinfo(p, &q_u, &r_u);
-
-	if(!samr_io_r_get_usrdom_pwinfo("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_get_usrdom_pwinfo: unable to marshall SAMR_R_GET_USRDOM_PWINFO.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_set_sec_obj
- ********************************************************************/
-
-static bool api_samr_set_sec_obj(pipes_struct *p)
-{
-	SAMR_Q_SET_SEC_OBJ q_u;
-	SAMR_R_SET_SEC_OBJ r_u;
-	
-	prs_struct *data  = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-	
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-	
-	if(!samr_io_q_set_sec_obj("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_set_sec_obj: unable to unmarshall SAMR_Q_SET_SEC_OBJ.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_set_sec_obj(p, &q_u, &r_u);
-
-	if(!samr_io_r_set_sec_obj("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_set_sec_obj: unable to marshall SAMR_R_SET_SEC_OBJ.\n"));
-		return False;
-	}
-	
-	return True;
-}
-
-/*******************************************************************
- api_samr_query_sec_obj
- ********************************************************************/
-
-static bool api_samr_query_sec_obj(pipes_struct *p)
-{
-	SAMR_Q_QUERY_SEC_OBJ q_u;
-	SAMR_R_QUERY_SEC_OBJ r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!samr_io_q_query_sec_obj("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_query_sec_obj: unable to unmarshall SAMR_Q_QUERY_SEC_OBJ.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_query_sec_obj(p, &q_u, &r_u);
-
-	if(!samr_io_r_query_sec_obj("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_query_sec_obj: unable to marshall SAMR_R_QUERY_SEC_OBJ.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_enum_dom_users
- ********************************************************************/
-
-static bool api_samr_enum_dom_users(pipes_struct *p)
-{
-	SAMR_Q_ENUM_DOM_USERS q_u;
-	SAMR_R_ENUM_DOM_USERS r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the samr open */
-	if(!samr_io_q_enum_dom_users("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_enum_dom_users: unable to unmarshall SAMR_Q_ENUM_DOM_USERS.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_enum_dom_users(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_enum_dom_users("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_enum_dom_users: unable to marshall SAMR_R_ENUM_DOM_USERS.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_enum_dom_groups
- ********************************************************************/
-
-static bool api_samr_enum_dom_groups(pipes_struct *p)
-{
-	SAMR_Q_ENUM_DOM_GROUPS q_u;
-	SAMR_R_ENUM_DOM_GROUPS r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the samr open */
-	if(!samr_io_q_enum_dom_groups("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_enum_dom_groups: unable to unmarshall SAMR_Q_ENUM_DOM_GROUPS.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_enum_dom_groups(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_enum_dom_groups("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_enum_dom_groups: unable to marshall SAMR_R_ENUM_DOM_GROUPS.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_enum_dom_aliases
- ********************************************************************/
-
-static bool api_samr_enum_dom_aliases(pipes_struct *p)
-{
-	SAMR_Q_ENUM_DOM_ALIASES q_u;
-	SAMR_R_ENUM_DOM_ALIASES r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-	
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the samr open */
-	if(!samr_io_q_enum_dom_aliases("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_enum_dom_aliases: unable to unmarshall SAMR_Q_ENUM_DOM_ALIASES.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_enum_dom_aliases(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_enum_dom_aliases("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_enum_dom_aliases: unable to marshall SAMR_R_ENUM_DOM_ALIASES.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_query_dispinfo
- ********************************************************************/
-
-static bool api_samr_query_dispinfo(pipes_struct *p)
-{
-	SAMR_Q_QUERY_DISPINFO q_u;
-	SAMR_R_QUERY_DISPINFO r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!samr_io_q_query_dispinfo("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_query_dispinfo: unable to unmarshall SAMR_Q_QUERY_DISPINFO.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_query_dispinfo(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_query_dispinfo("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_query_dispinfo: unable to marshall SAMR_R_QUERY_DISPINFO.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_query_aliasinfo
- ********************************************************************/
-
-static bool api_samr_query_aliasinfo(pipes_struct *p)
-{
-	SAMR_Q_QUERY_ALIASINFO q_u;
-	SAMR_R_QUERY_ALIASINFO r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the samr open */
-	if(!samr_io_q_query_aliasinfo("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_query_aliasinfo: unable to unmarshall SAMR_Q_QUERY_ALIASINFO.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_query_aliasinfo(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_query_aliasinfo("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_query_aliasinfo: unable to marshall SAMR_R_QUERY_ALIASINFO.\n"));
-		return False;
-	}
-  
-	return True;
-}
-
-/*******************************************************************
- api_samr_lookup_names
- ********************************************************************/
-
-static bool api_samr_lookup_names(pipes_struct *p)
-{
-	SAMR_Q_LOOKUP_NAMES q_u;
-	SAMR_R_LOOKUP_NAMES r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the samr lookup names */
-	if(!samr_io_q_lookup_names("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_lookup_names: unable to unmarshall SAMR_Q_LOOKUP_NAMES.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_lookup_names(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_lookup_names("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_lookup_names: unable to marshall SAMR_R_LOOKUP_NAMES.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_chgpasswd_user
- ********************************************************************/
-
-static bool api_samr_chgpasswd_user(pipes_struct *p)
-{
-	SAMR_Q_CHGPASSWD_USER q_u;
-	SAMR_R_CHGPASSWD_USER r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* change password request */
-	if (!samr_io_q_chgpasswd_user("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_chgpasswd_user: Failed to unmarshall SAMR_Q_CHGPASSWD_USER.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_chgpasswd_user(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_chgpasswd_user("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_chgpasswd_user: Failed to marshall SAMR_R_CHGPASSWD_USER.\n" ));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_lookup_rids
- ********************************************************************/
-
-static bool api_samr_lookup_rids(pipes_struct *p)
-{
-	SAMR_Q_LOOKUP_RIDS q_u;
-	SAMR_R_LOOKUP_RIDS r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the samr lookup names */
-	if(!samr_io_q_lookup_rids("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_lookup_rids: unable to unmarshall SAMR_Q_LOOKUP_RIDS.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_lookup_rids(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_lookup_rids("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_lookup_rids: unable to marshall SAMR_R_LOOKUP_RIDS.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_open_user
- ********************************************************************/
-
-static bool api_samr_open_user(pipes_struct *p)
-{
-	SAMR_Q_OPEN_USER q_u;
-	SAMR_R_OPEN_USER r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!samr_io_q_open_user("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_open_user: unable to unmarshall SAMR_Q_OPEN_USER.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_open_user(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_open_user("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_open_user: unable to marshall SAMR_R_OPEN_USER.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_query_userinfo
- ********************************************************************/
-
-static bool api_samr_query_userinfo(pipes_struct *p)
-{
-	SAMR_Q_QUERY_USERINFO q_u;
-	SAMR_R_QUERY_USERINFO r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!samr_io_q_query_userinfo("", &q_u, data, 0)){
-		DEBUG(0,("api_samr_query_userinfo: unable to unmarshall SAMR_Q_QUERY_USERINFO.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_query_userinfo(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_query_userinfo("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_query_userinfo: unable to marshall SAMR_R_QUERY_USERINFO.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_query_usergroups
- ********************************************************************/
-
-static bool api_samr_query_usergroups(pipes_struct *p)
-{
-	SAMR_Q_QUERY_USERGROUPS q_u;
-	SAMR_R_QUERY_USERGROUPS r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!samr_io_q_query_usergroups("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_query_usergroups: unable to unmarshall SAMR_Q_QUERY_USERGROUPS.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_query_usergroups(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_query_usergroups("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_query_usergroups: unable to marshall SAMR_R_QUERY_USERGROUPS.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_query_domain_info
- ********************************************************************/
-
-static bool api_samr_query_domain_info(pipes_struct *p)
-{
-	SAMR_Q_QUERY_DOMAIN_INFO q_u;
-	SAMR_R_QUERY_DOMAIN_INFO r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!samr_io_q_query_domain_info("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_query_domain_info: unable to unmarshall SAMR_Q_QUERY_DOMAIN_INFO.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_query_domain_info(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_query_domain_info("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_query_domain_info: unable to marshall SAMR_R_QUERY_DOMAIN_INFO.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_create_user
- ********************************************************************/
-
-static bool api_samr_create_user(pipes_struct *p)
-{
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	SAMR_Q_CREATE_USER q_u;
-	SAMR_R_CREATE_USER r_u;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the samr create user */
-	if (!samr_io_q_create_user("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_create_user: Unable to unmarshall SAMR_Q_CREATE_USER.\n"));
-		return False;
-	}
-
-	r_u.status=_samr_create_user(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_create_user("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_create_user: Unable to marshall SAMR_R_CREATE_USER.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_connect_anon
- ********************************************************************/
-
-static bool api_samr_connect_anon(pipes_struct *p)
-{
-	SAMR_Q_CONNECT_ANON q_u;
-	SAMR_R_CONNECT_ANON r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the samr open policy */
-	if(!samr_io_q_connect_anon("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_connect_anon: unable to unmarshall SAMR_Q_CONNECT_ANON.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_connect_anon(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_connect_anon("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_connect_anon: unable to marshall SAMR_R_CONNECT_ANON.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_connect
- ********************************************************************/
-
-static bool api_samr_connect(pipes_struct *p)
-{
-	SAMR_Q_CONNECT q_u;
-	SAMR_R_CONNECT r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the samr open policy */
-	if(!samr_io_q_connect("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_connect: unable to unmarshall SAMR_Q_CONNECT.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_connect(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_connect("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_connect: unable to marshall SAMR_R_CONNECT.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_connect4
- ********************************************************************/
-
-static bool api_samr_connect4(pipes_struct *p)
-{
-	SAMR_Q_CONNECT4 q_u;
-	SAMR_R_CONNECT4 r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the samr open policy */
-	if(!samr_io_q_connect4("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_connect4: unable to unmarshall SAMR_Q_CONNECT4.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_connect4(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_connect4("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_connect4: unable to marshall SAMR_R_CONNECT4.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_chgpasswd_user3
- ********************************************************************/
-
-static bool api_samr_chgpasswd_user3(pipes_struct *p)
-{
-	SAMR_Q_CHGPASSWD_USER3 q_u;
-	SAMR_R_CHGPASSWD_USER3 r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* change password request */
-	if (!samr_io_q_chgpasswd_user3("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_chgpasswd_user3: Failed to unmarshall SAMR_Q_CHGPASSWD_USER3.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_chgpasswd_user3(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_chgpasswd_user3("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_chgpasswd_user3: Failed to marshall SAMR_R_CHGPASSWD_USER3.\n" ));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_connect5
- ********************************************************************/
-
-static bool api_samr_connect5(pipes_struct *p)
-{
-	SAMR_Q_CONNECT5 q_u;
-	SAMR_R_CONNECT5 r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the samr open policy */
-	if(!samr_io_q_connect5("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_connect5: unable to unmarshall SAMR_Q_CONNECT5.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_connect5(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_connect5("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_connect5: unable to marshall SAMR_R_CONNECT5.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/**********************************************************************
- api_samr_lookup_domain
- **********************************************************************/
-
-static bool api_samr_lookup_domain(pipes_struct *p)
-{
-	SAMR_Q_LOOKUP_DOMAIN q_u;
-	SAMR_R_LOOKUP_DOMAIN r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-  
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!samr_io_q_lookup_domain("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_lookup_domain: Unable to unmarshall SAMR_Q_LOOKUP_DOMAIN.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_lookup_domain(p, &q_u, &r_u);
-	
-	if(!samr_io_r_lookup_domain("", &r_u, rdata, 0)){
-		DEBUG(0,("api_samr_lookup_domain: Unable to marshall SAMR_R_LOOKUP_DOMAIN.\n"));
-		return False;
-	}
-	
-	return True;
-}
-
-/**********************************************************************
- api_samr_enum_domains
- **********************************************************************/
-
-static bool api_samr_enum_domains(pipes_struct *p)
-{
-	SAMR_Q_ENUM_DOMAINS q_u;
-	SAMR_R_ENUM_DOMAINS r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-  
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!samr_io_q_enum_domains("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_enum_domains: Unable to unmarshall SAMR_Q_ENUM_DOMAINS.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_enum_domains(p, &q_u, &r_u);
-
-	if(!samr_io_r_enum_domains("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_enum_domains: Unable to marshall SAMR_R_ENUM_DOMAINS.\n"));
-		return False;
-	}
-	
-	return True;
-}
-
-/*******************************************************************
- api_samr_open_alias
- ********************************************************************/
-
-static bool api_samr_open_alias(pipes_struct *p)
-{
-	SAMR_Q_OPEN_ALIAS q_u;
-	SAMR_R_OPEN_ALIAS r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	/* grab the samr open policy */
-	if(!samr_io_q_open_alias("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_open_alias: Unable to unmarshall SAMR_Q_OPEN_ALIAS.\n"));
-		return False;
-	}
-
-	r_u.status=_samr_open_alias(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_open_alias("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_open_alias: Unable to marshall SAMR_R_OPEN_ALIAS.\n"));
-		return False;
-	}
-	
-	return True;
-}
-
-/*******************************************************************
- api_samr_set_userinfo
- ********************************************************************/
-
-static bool api_samr_set_userinfo(pipes_struct *p)
-{
-	SAMR_Q_SET_USERINFO q_u;
-	SAMR_R_SET_USERINFO r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!samr_io_q_set_userinfo("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.\n"));
-		/* Fix for W2K SP2 */
-		/* what is that status-code ? - gd */
-		if (q_u.switch_value == 0x1a) {
-			setup_fault_pdu(p, NT_STATUS(DCERPC_FAULT_INVALID_TAG));
-			return True;
-		}
-		return False;
-	}
-
-	r_u.status = _samr_set_userinfo(p, &q_u, &r_u);
-
-	if(!samr_io_r_set_userinfo("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_set_userinfo: Unable to marshall SAMR_R_SET_USERINFO.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_set_userinfo2
- ********************************************************************/
-
-static bool api_samr_set_userinfo2(pipes_struct *p)
-{
-	SAMR_Q_SET_USERINFO2 q_u;
-	SAMR_R_SET_USERINFO2 r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!samr_io_q_set_userinfo2("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_set_userinfo2: Unable to unmarshall SAMR_Q_SET_USERINFO2.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_set_userinfo2(p, &q_u, &r_u);
-
-	if(!samr_io_r_set_userinfo2("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_set_userinfo2: Unable to marshall SAMR_R_SET_USERINFO2.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_query_useraliases
- ********************************************************************/
-
-static bool api_samr_query_useraliases(pipes_struct *p)
-{
-	SAMR_Q_QUERY_USERALIASES q_u;
-	SAMR_R_QUERY_USERALIASES r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!samr_io_q_query_useraliases("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_query_useraliases:  Unable to unmarshall SAMR_Q_QUERY_USERALIASES.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_query_useraliases(p, &q_u, &r_u);
-
-	if (! samr_io_r_query_useraliases("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_query_useraliases:  Unable to nmarshall SAMR_R_QUERY_USERALIASES.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_query_aliasmem
- ********************************************************************/
-
-static bool api_samr_query_aliasmem(pipes_struct *p)
-{
-	SAMR_Q_QUERY_ALIASMEM q_u;
-	SAMR_R_QUERY_ALIASMEM r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!samr_io_q_query_aliasmem("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_query_aliasmem: unable to unmarshall SAMR_Q_QUERY_ALIASMEM.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_query_aliasmem(p, &q_u, &r_u);
-
-	if (!samr_io_r_query_aliasmem("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_query_aliasmem: unable to marshall SAMR_R_QUERY_ALIASMEM.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_query_groupmem
- ********************************************************************/
-
-static bool api_samr_query_groupmem(pipes_struct *p)
-{
-	SAMR_Q_QUERY_GROUPMEM q_u;
-	SAMR_R_QUERY_GROUPMEM r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!samr_io_q_query_groupmem("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_query_groupmem: unable to unmarshall SAMR_Q_QUERY_GROUPMEM.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_query_groupmem(p, &q_u, &r_u);
-
-	if (!samr_io_r_query_groupmem("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_query_groupmem: unable to marshall SAMR_R_QUERY_GROUPMEM.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_add_aliasmem
- ********************************************************************/
-
-static bool api_samr_add_aliasmem(pipes_struct *p)
-{
-	SAMR_Q_ADD_ALIASMEM q_u;
-	SAMR_R_ADD_ALIASMEM r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!samr_io_q_add_aliasmem("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_add_aliasmem: unable to unmarshall SAMR_Q_ADD_ALIASMEM.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_add_aliasmem(p, &q_u, &r_u);
-
-	if (!samr_io_r_add_aliasmem("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_add_aliasmem: unable to marshall SAMR_R_ADD_ALIASMEM.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_del_aliasmem
- ********************************************************************/
-
-static bool api_samr_del_aliasmem(pipes_struct *p)
-{
-	SAMR_Q_DEL_ALIASMEM q_u;
-	SAMR_R_DEL_ALIASMEM r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!samr_io_q_del_aliasmem("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_del_aliasmem: unable to unmarshall SAMR_Q_DEL_ALIASMEM.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_del_aliasmem(p, &q_u, &r_u);
-
-	if (!samr_io_r_del_aliasmem("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_del_aliasmem: unable to marshall SAMR_R_DEL_ALIASMEM.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_add_groupmem
- ********************************************************************/
-
-static bool api_samr_add_groupmem(pipes_struct *p)
-{
-	SAMR_Q_ADD_GROUPMEM q_u;
-	SAMR_R_ADD_GROUPMEM r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!samr_io_q_add_groupmem("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_add_groupmem: unable to unmarshall SAMR_Q_ADD_GROUPMEM.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_add_groupmem(p, &q_u, &r_u);
-
-	if (!samr_io_r_add_groupmem("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_add_groupmem: unable to marshall SAMR_R_ADD_GROUPMEM.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_del_groupmem
- ********************************************************************/
-
-static bool api_samr_del_groupmem(pipes_struct *p)
-{
-	SAMR_Q_DEL_GROUPMEM q_u;
-	SAMR_R_DEL_GROUPMEM r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!samr_io_q_del_groupmem("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_del_groupmem: unable to unmarshall SAMR_Q_DEL_GROUPMEM.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_del_groupmem(p, &q_u, &r_u);
-
-	if (!samr_io_r_del_groupmem("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_del_groupmem: unable to marshall SAMR_R_DEL_GROUPMEM.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_delete_dom_user
- ********************************************************************/
-
-static bool api_samr_delete_dom_user(pipes_struct *p)
-{
-	SAMR_Q_DELETE_DOM_USER q_u;
-	SAMR_R_DELETE_DOM_USER r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!samr_io_q_delete_dom_user("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_delete_dom_user: unable to unmarshall SAMR_Q_DELETE_DOM_USER.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_delete_dom_user(p, &q_u, &r_u);
-
-	if (!samr_io_r_delete_dom_user("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_delete_dom_user: unable to marshall SAMR_R_DELETE_DOM_USER.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_delete_dom_group
- ********************************************************************/
-
-static bool api_samr_delete_dom_group(pipes_struct *p)
-{
-	SAMR_Q_DELETE_DOM_GROUP q_u;
-	SAMR_R_DELETE_DOM_GROUP r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!samr_io_q_delete_dom_group("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_delete_dom_group: unable to unmarshall SAMR_Q_DELETE_DOM_GROUP.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_delete_dom_group(p, &q_u, &r_u);
-
-	if (!samr_io_r_delete_dom_group("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_delete_dom_group: unable to marshall SAMR_R_DELETE_DOM_GROUP.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_delete_dom_alias
- ********************************************************************/
-
-static bool api_samr_delete_dom_alias(pipes_struct *p)
-{
-	SAMR_Q_DELETE_DOM_ALIAS q_u;
-	SAMR_R_DELETE_DOM_ALIAS r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!samr_io_q_delete_dom_alias("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_delete_dom_alias: unable to unmarshall SAMR_Q_DELETE_DOM_ALIAS.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_delete_dom_alias(p, &q_u, &r_u);
-
-	if (!samr_io_r_delete_dom_alias("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_delete_dom_alias: unable to marshall SAMR_R_DELETE_DOM_ALIAS.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_create_dom_group
- ********************************************************************/
-
-static bool api_samr_create_dom_group(pipes_struct *p)
-{
-	SAMR_Q_CREATE_DOM_GROUP q_u;
-	SAMR_R_CREATE_DOM_GROUP r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!samr_io_q_create_dom_group("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_create_dom_group: unable to unmarshall SAMR_Q_CREATE_DOM_GROUP.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_create_dom_group(p, &q_u, &r_u);
-
-	if (!samr_io_r_create_dom_group("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_create_dom_group: unable to marshall SAMR_R_CREATE_DOM_GROUP.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_create_dom_alias
- ********************************************************************/
-
-static bool api_samr_create_dom_alias(pipes_struct *p)
-{
-	SAMR_Q_CREATE_DOM_ALIAS q_u;
-	SAMR_R_CREATE_DOM_ALIAS r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!samr_io_q_create_dom_alias("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_create_dom_alias: unable to unmarshall SAMR_Q_CREATE_DOM_ALIAS.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_create_dom_alias(p, &q_u, &r_u);
-
-	if (!samr_io_r_create_dom_alias("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_create_dom_alias: unable to marshall SAMR_R_CREATE_DOM_ALIAS.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_query_groupinfo
- ********************************************************************/
-
-static bool api_samr_query_groupinfo(pipes_struct *p)
-{
-	SAMR_Q_QUERY_GROUPINFO q_u;
-	SAMR_R_QUERY_GROUPINFO r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!samr_io_q_query_groupinfo("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_query_groupinfo: unable to unmarshall SAMR_Q_QUERY_GROUPINFO.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_query_groupinfo(p, &q_u, &r_u);
-
-	if (!samr_io_r_query_groupinfo("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_query_groupinfo: unable to marshall SAMR_R_QUERY_GROUPINFO.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_set_groupinfo
- ********************************************************************/
-
-static bool api_samr_set_groupinfo(pipes_struct *p)
-{
-	SAMR_Q_SET_GROUPINFO q_u;
-	SAMR_R_SET_GROUPINFO r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!samr_io_q_set_groupinfo("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_set_groupinfo: unable to unmarshall SAMR_Q_SET_GROUPINFO.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_set_groupinfo(p, &q_u, &r_u);
-
-	if (!samr_io_r_set_groupinfo("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_set_groupinfo: unable to marshall SAMR_R_SET_GROUPINFO.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_set_aliasinfo
- ********************************************************************/
-
-static bool api_samr_set_aliasinfo(pipes_struct *p)
-{
-	SAMR_Q_SET_ALIASINFO q_u;
-	SAMR_R_SET_ALIASINFO r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!samr_io_q_set_aliasinfo("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_set_aliasinfo: unable to unmarshall SAMR_Q_SET_ALIASINFO.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_set_aliasinfo(p, &q_u, &r_u);
-
-	if (!samr_io_r_set_aliasinfo("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_set_aliasinfo: unable to marshall SAMR_R_SET_ALIASINFO.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_get_dom_pwinfo
- ********************************************************************/
-
-static bool api_samr_get_dom_pwinfo(pipes_struct *p)
-{
-	SAMR_Q_GET_DOM_PWINFO q_u;
-	SAMR_R_GET_DOM_PWINFO r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!samr_io_q_get_dom_pwinfo("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_get_dom_pwinfo: unable to unmarshall SAMR_Q_GET_DOM_PWINFO.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_get_dom_pwinfo(p, &q_u, &r_u);
-
-	if (!samr_io_r_get_dom_pwinfo("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_get_dom_pwinfo: unable to marshall SAMR_R_GET_DOM_PWINFO.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_open_group
- ********************************************************************/
-
-static bool api_samr_open_group(pipes_struct *p)
-{
-	SAMR_Q_OPEN_GROUP q_u;
-	SAMR_R_OPEN_GROUP r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!samr_io_q_open_group("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_open_group: unable to unmarshall SAMR_Q_OPEN_GROUP.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_open_group(p, &q_u, &r_u);
-
-	if (!samr_io_r_open_group("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_open_group: unable to marshall SAMR_R_OPEN_GROUP.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_remove_sid_foreign_domain
- ********************************************************************/
-
-static bool api_samr_remove_sid_foreign_domain(pipes_struct *p)
-{
-	SAMR_Q_REMOVE_SID_FOREIGN_DOMAIN q_u;
-	SAMR_R_REMOVE_SID_FOREIGN_DOMAIN r_u;
-
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if (!samr_io_q_remove_sid_foreign_domain("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_remove_sid_foreign_domain: unable to unmarshall SAMR_Q_REMOVE_SID_FOREIGN_DOMAIN.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_remove_sid_foreign_domain(p, &q_u, &r_u);
-
-	if (!samr_io_r_remove_sid_foreign_domain("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_remove_sid_foreign_domain: unable to marshall SAMR_R_REMOVE_SID_FOREIGN_DOMAIN.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_query_dom_info2
- ********************************************************************/
-
-static bool api_samr_query_domain_info2(pipes_struct *p)
-{
-	SAMR_Q_QUERY_DOMAIN_INFO2 q_u;
-	SAMR_R_QUERY_DOMAIN_INFO2 r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!samr_io_q_query_domain_info2("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_query_domain_info2: unable to unmarshall SAMR_Q_QUERY_DOMAIN_INFO2.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_query_domain_info2(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_query_domain_info2("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_query_domain_info2: unable to marshall SAMR_R_QUERY_DOMAIN_INFO2.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- api_samr_set_dom_info
- ********************************************************************/
-
-static bool api_samr_set_dom_info(pipes_struct *p)
-{
-	SAMR_Q_SET_DOMAIN_INFO q_u;
-	SAMR_R_SET_DOMAIN_INFO r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!samr_io_q_set_domain_info("", &q_u, data, 0)) {
-		DEBUG(0,("api_samr_set_dom_info: unable to unmarshall SAMR_Q_SET_DOMAIN_INFO.\n"));
-		return False;
-	}
-
-	r_u.status = _samr_set_dom_info(p, &q_u, &r_u);
-
-	/* store the response in the SMB stream */
-	if(!samr_io_r_set_domain_info("", &r_u, rdata, 0)) {
-		DEBUG(0,("api_samr_set_dom_info: unable to marshall SAMR_R_SET_DOMAIN_INFO.\n"));
-		return False;
-	}
-
-	return True;
-}
-
-/*******************************************************************
- array of \PIPE\samr operations
- ********************************************************************/
-
-static struct api_struct api_samr_cmds [] =
-{
-      {"SAMR_CLOSE_HND"         , SAMR_CLOSE_HND        , api_samr_close_hnd        },
-      {"SAMR_CONNECT"           , SAMR_CONNECT          , api_samr_connect          },
-      {"SAMR_CONNECT_ANON"      , SAMR_CONNECT_ANON     , api_samr_connect_anon     },
-      {"SAMR_ENUM_DOMAINS"      , SAMR_ENUM_DOMAINS     , api_samr_enum_domains     },
-      {"SAMR_ENUM_DOM_USERS"    , SAMR_ENUM_DOM_USERS   , api_samr_enum_dom_users   },
-      
-      {"SAMR_ENUM_DOM_GROUPS"   , SAMR_ENUM_DOM_GROUPS  , api_samr_enum_dom_groups  },
-      {"SAMR_ENUM_DOM_ALIASES"  , SAMR_ENUM_DOM_ALIASES , api_samr_enum_dom_aliases },
-      {"SAMR_QUERY_USERALIASES" , SAMR_QUERY_USERALIASES, api_samr_query_useraliases},
-      {"SAMR_QUERY_ALIASMEM"    , SAMR_QUERY_ALIASMEM   , api_samr_query_aliasmem   },
-      {"SAMR_QUERY_GROUPMEM"    , SAMR_QUERY_GROUPMEM   , api_samr_query_groupmem   },
-      {"SAMR_ADD_ALIASMEM"      , SAMR_ADD_ALIASMEM     , api_samr_add_aliasmem     },
-      {"SAMR_DEL_ALIASMEM"      , SAMR_DEL_ALIASMEM     , api_samr_del_aliasmem     },
-      {"SAMR_ADD_GROUPMEM"      , SAMR_ADD_GROUPMEM     , api_samr_add_groupmem     },
-      {"SAMR_DEL_GROUPMEM"      , SAMR_DEL_GROUPMEM     , api_samr_del_groupmem     },
-      
-      {"SAMR_DELETE_DOM_USER"   , SAMR_DELETE_DOM_USER  , api_samr_delete_dom_user  },
-      {"SAMR_DELETE_DOM_GROUP"  , SAMR_DELETE_DOM_GROUP , api_samr_delete_dom_group },
-      {"SAMR_DELETE_DOM_ALIAS"  , SAMR_DELETE_DOM_ALIAS , api_samr_delete_dom_alias },
-      {"SAMR_CREATE_DOM_GROUP"  , SAMR_CREATE_DOM_GROUP , api_samr_create_dom_group },
-      {"SAMR_CREATE_DOM_ALIAS"  , SAMR_CREATE_DOM_ALIAS , api_samr_create_dom_alias },
-      {"SAMR_LOOKUP_NAMES"      , SAMR_LOOKUP_NAMES     , api_samr_lookup_names     },
-      {"SAMR_OPEN_USER"         , SAMR_OPEN_USER        , api_samr_open_user        },
-      {"SAMR_QUERY_USERINFO"    , SAMR_QUERY_USERINFO   , api_samr_query_userinfo   },
-      {"SAMR_SET_USERINFO"      , SAMR_SET_USERINFO     , api_samr_set_userinfo     },
-      {"SAMR_SET_USERINFO2"     , SAMR_SET_USERINFO2    , api_samr_set_userinfo2    },
-      
-      {"SAMR_QUERY_DOMAIN_INFO" , SAMR_QUERY_DOMAIN_INFO, api_samr_query_domain_info},
-      {"SAMR_QUERY_USERGROUPS"  , SAMR_QUERY_USERGROUPS , api_samr_query_usergroups },
-      {"SAMR_QUERY_DISPINFO"    , SAMR_QUERY_DISPINFO   , api_samr_query_dispinfo   },
-      {"SAMR_QUERY_DISPINFO3"   , SAMR_QUERY_DISPINFO3  , api_samr_query_dispinfo   },
-      {"SAMR_QUERY_DISPINFO4"   , SAMR_QUERY_DISPINFO4  , api_samr_query_dispinfo   },
-      
-      {"SAMR_QUERY_ALIASINFO"   , SAMR_QUERY_ALIASINFO  , api_samr_query_aliasinfo  },
-      {"SAMR_QUERY_GROUPINFO"   , SAMR_QUERY_GROUPINFO  , api_samr_query_groupinfo  },
-      {"SAMR_SET_GROUPINFO"     , SAMR_SET_GROUPINFO    , api_samr_set_groupinfo    },
-      {"SAMR_SET_ALIASINFO"     , SAMR_SET_ALIASINFO    , api_samr_set_aliasinfo    },
-      {"SAMR_CREATE_USER"       , SAMR_CREATE_USER      , api_samr_create_user      },
-      {"SAMR_LOOKUP_RIDS"       , SAMR_LOOKUP_RIDS      , api_samr_lookup_rids      },
-      {"SAMR_GET_DOM_PWINFO"    , SAMR_GET_DOM_PWINFO   , api_samr_get_dom_pwinfo   },
-      {"SAMR_CHGPASSWD_USER"    , SAMR_CHGPASSWD_USER   , api_samr_chgpasswd_user   },
-      {"SAMR_OPEN_ALIAS"        , SAMR_OPEN_ALIAS       , api_samr_open_alias       },
-      {"SAMR_OPEN_GROUP"        , SAMR_OPEN_GROUP       , api_samr_open_group       },
-      {"SAMR_OPEN_DOMAIN"       , SAMR_OPEN_DOMAIN      , api_samr_open_domain      },
-      {"SAMR_REMOVE_SID_FOREIGN_DOMAIN"       , SAMR_REMOVE_SID_FOREIGN_DOMAIN      , api_samr_remove_sid_foreign_domain      },
-      {"SAMR_LOOKUP_DOMAIN"     , SAMR_LOOKUP_DOMAIN    , api_samr_lookup_domain    },
-      
-      {"SAMR_QUERY_SEC_OBJECT"  , SAMR_QUERY_SEC_OBJECT , api_samr_query_sec_obj    },
-      {"SAMR_SET_SEC_OBJECT"    , SAMR_SET_SEC_OBJECT   , api_samr_set_sec_obj      },
-      {"SAMR_GET_USRDOM_PWINFO" , SAMR_GET_USRDOM_PWINFO, api_samr_get_usrdom_pwinfo},
-      {"SAMR_QUERY_DOMAIN_INFO2", SAMR_QUERY_DOMAIN_INFO2, api_samr_query_domain_info2},
-      {"SAMR_SET_DOMAIN_INFO"   , SAMR_SET_DOMAIN_INFO  , api_samr_set_dom_info     },
-      {"SAMR_CONNECT4"          , SAMR_CONNECT4         , api_samr_connect4         },
-      {"SAMR_CHGPASSWD_USER3"   , SAMR_CHGPASSWD_USER3  , api_samr_chgpasswd_user3  },
-      {"SAMR_CONNECT5"          , SAMR_CONNECT5         , api_samr_connect5         }
-};
-
-void samr_get_pipe_fns( struct api_struct **fns, int *n_fns )
-{
-	*fns = api_samr_cmds;
-	*n_fns = sizeof(api_samr_cmds) / sizeof(struct api_struct);
-}
-
-
-NTSTATUS rpc_samr_init(void)
-{
-  return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, "samr", "lsass", api_samr_cmds,
-				    sizeof(api_samr_cmds) / sizeof(struct api_struct));
-}
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 01ce932afa..f38a8fcfc0 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -11,6 +11,7 @@
  *  Copyright (C) Gerald (Jerry) Carter             2003-2004,
  *  Copyright (C) Simo Sorce                        2003.
  *  Copyright (C) Volker Lendecke		    2005.
+ *  Copyright (C) Guenther Deschner		    2008.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -125,12 +126,12 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
 	/* add Full Access 'BUILTIN\Administrators' and 'BUILTIN\Account Operators */
 
 	init_sec_access(&mask, map->generic_all);
-	
+
 	init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
 	init_sec_ace(&ace[i++], &global_sid_Builtin_Account_Operators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
 
 	/* Add Full Access for Domain Admins if we are a DC */
-	
+
 	if ( IS_DC ) {
 		sid_copy( &domadmin_sid, get_global_sam_sid() );
 		sid_append_rid( &domadmin_sid, DOMAIN_GROUP_RID_ADMINS );
@@ -162,57 +163,57 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
  level of access for further checks.
 ********************************************************************/
 
-static NTSTATUS access_check_samr_object( SEC_DESC *psd, NT_USER_TOKEN *token, 
+static NTSTATUS access_check_samr_object( SEC_DESC *psd, NT_USER_TOKEN *token,
                                           SE_PRIV *rights, uint32 rights_mask,
-                                          uint32 des_access, uint32 *acc_granted, 
+                                          uint32 des_access, uint32 *acc_granted,
 					  const char *debug )
 {
 	NTSTATUS status = NT_STATUS_ACCESS_DENIED;
 	uint32 saved_mask = 0;
 
-	/* check privileges; certain SAM access bits should be overridden 
-	   by privileges (mostly having to do with creating/modifying/deleting 
+	/* check privileges; certain SAM access bits should be overridden
+	   by privileges (mostly having to do with creating/modifying/deleting
 	   users and groups) */
-	
+
 	if ( rights && user_has_any_privilege( token, rights ) ) {
-	
+
 		saved_mask = (des_access & rights_mask);
 		des_access &= ~saved_mask;
-		
+
 		DEBUG(4,("access_check_samr_object: user rights access mask [0x%x]\n",
 			rights_mask));
 	}
-		
-	
+
+
 	/* check the security descriptor first */
-	
+
 	if ( se_access_check(psd, token, des_access, acc_granted, &status) )
 		goto done;
-	
+
 	/* give root a free pass */
-	
+
 	if ( geteuid() == sec_initial_uid() ) {
-	
+
 		DEBUG(4,("%s: ACCESS should be DENIED  (requested: %#010x)\n", debug, des_access));
 		DEBUGADD(4,("but overritten by euid == sec_initial_uid()\n"));
-		
+
 		*acc_granted = des_access;
-		
+
 		status = NT_STATUS_OK;
 		goto done;
 	}
-	
-	
+
+
 done:
-	/* add in any bits saved during the privilege check (only 
+	/* add in any bits saved during the privilege check (only
 	   matters is status is ok) */
-	
+
 	*acc_granted |= rights_mask;
 
-	DEBUG(4,("%s: access %s (requested: 0x%08x, granted: 0x%08x)\n", 
-		debug, NT_STATUS_IS_OK(status) ? "GRANTED" : "DENIED", 
+	DEBUG(4,("%s: access %s (requested: 0x%08x, granted: 0x%08x)\n",
+		debug, NT_STATUS_IS_OK(status) ? "GRANTED" : "DENIED",
 		des_access, *acc_granted));
-	
+
 	return status;
 }
 
@@ -222,28 +223,28 @@ done:
 
 static NTSTATUS access_check_samr_function(uint32 acc_granted, uint32 acc_required, const char *debug)
 {
-	DEBUG(5,("%s: access check ((granted: %#010x;  required: %#010x)\n",  
+	DEBUG(5,("%s: access check ((granted: %#010x;  required: %#010x)\n",
 		debug, acc_granted, acc_required));
 
 	/* check the security descriptor first */
-	
+
 	if ( (acc_granted&acc_required) == acc_required )
 		return NT_STATUS_OK;
-		
+
 	/* give root a free pass */
 
 	if (geteuid() == sec_initial_uid()) {
-	
+
 		DEBUG(4,("%s: ACCESS should be DENIED (granted: %#010x;  required: %#010x)\n",
 			debug, acc_granted, acc_required));
 		DEBUGADD(4,("but overwritten by euid == 0\n"));
-		
+
 		return NT_STATUS_OK;
 	}
-	
-	DEBUG(2,("%s: ACCESS DENIED (granted: %#010x;  required: %#010x)\n", 
+
+	DEBUG(2,("%s: ACCESS DENIED (granted: %#010x;  required: %#010x)\n",
 		debug, acc_granted, acc_required));
-		
+
 	return NT_STATUS_ACCESS_DENIED;
 }
 
@@ -278,7 +279,7 @@ static DISP_INFO *get_samr_dispinfo_by_sid(DOM_SID *psid)
 
 	/* There are two cases to consider here:
 	   1) The SID is a domain SID and we look for an equality match, or
-	   2) This is an account SID and so we return the DISP_INFO* for our 
+	   2) This is an account SID and so we return the DISP_INFO* for our
 	      domain */
 
 	if (psid == NULL) {
@@ -293,7 +294,7 @@ static DISP_INFO *get_samr_dispinfo_by_sid(DOM_SID *psid)
 
 		return &builtin_dispinfo;
 	}
-		
+
 	if (sid_check_is_domain(psid) || sid_check_is_in_our_domain(psid)) {
 		/*
 		 * Necessary only once, but it does not really hurt.
@@ -315,7 +316,7 @@ static struct samr_info *get_samr_info_by_sid(DOM_SID *psid)
 	struct samr_info *info;
 	fstring sid_str;
 	TALLOC_CTX *mem_ctx;
-	
+
 	if (psid) {
 		sid_to_fstring(sid_str, psid);
 	} else {
@@ -465,7 +466,7 @@ static void force_flush_samr_cache(DISP_INFO *disp_info)
 
 static void samr_clear_sam_passwd(struct samu *sam_pass)
 {
-	
+
 	if (!sam_pass)
 		return;
 
@@ -543,116 +544,113 @@ static uint32 count_sam_aliases(struct disp_info *info)
 }
 
 /*******************************************************************
- _samr_close_hnd
+ _samr_Close
  ********************************************************************/
 
-NTSTATUS _samr_close_hnd(pipes_struct *p, SAMR_Q_CLOSE_HND *q_u, SAMR_R_CLOSE_HND *r_u)
+NTSTATUS _samr_Close(pipes_struct *p, struct samr_Close *r)
 {
-	r_u->status = NT_STATUS_OK;
-
-	/* close the policy handle */
-	if (!close_policy_hnd(p, &q_u->pol))
-		return NT_STATUS_OBJECT_NAME_INVALID;
+	if (!close_policy_hnd(p, r->in.handle)) {
+		return NT_STATUS_INVALID_HANDLE;
+	}
 
-	DEBUG(5,("samr_reply_close_hnd: %d\n", __LINE__));
+	ZERO_STRUCTP(r->out.handle);
 
-	return r_u->status;
+	return NT_STATUS_OK;
 }
 
 /*******************************************************************
- samr_reply_open_domain
+ _samr_OpenDomain
  ********************************************************************/
 
-NTSTATUS _samr_open_domain(pipes_struct *p, SAMR_Q_OPEN_DOMAIN *q_u, SAMR_R_OPEN_DOMAIN *r_u)
+NTSTATUS _samr_OpenDomain(pipes_struct *p,
+			  struct samr_OpenDomain *r)
 {
 	struct    samr_info *info;
 	SEC_DESC *psd = NULL;
 	uint32    acc_granted;
-	uint32    des_access = q_u->flags;
+	uint32    des_access = r->in.access_mask;
 	NTSTATUS  status;
 	size_t    sd_size;
 	SE_PRIV se_rights;
 
-	r_u->status = NT_STATUS_OK;
-
 	/* find the connection policy handle. */
-	
-	if ( !find_policy_by_hnd(p, &q_u->pol, (void**)(void *)&info) )
+
+	if ( !find_policy_by_hnd(p, r->in.connect_handle, (void**)(void *)&info) )
 		return NT_STATUS_INVALID_HANDLE;
 
-	status = access_check_samr_function( info->acc_granted, 
-		SA_RIGHT_SAM_OPEN_DOMAIN, "_samr_open_domain" );
-		
+	status = access_check_samr_function(info->acc_granted,
+					    SA_RIGHT_SAM_OPEN_DOMAIN,
+					    "_samr_OpenDomain" );
+
 	if ( !NT_STATUS_IS_OK(status) )
 		return status;
 
 	/*check if access can be granted as requested by client. */
-	
+
 	make_samr_object_sd( p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0 );
 	se_map_generic( &des_access, &dom_generic_mapping );
-	
+
 	se_priv_copy( &se_rights, &se_machine_account );
 	se_priv_add( &se_rights, &se_add_users );
 
-	status = access_check_samr_object( psd, p->pipe_user.nt_user_token, 
-		&se_rights, GENERIC_RIGHTS_DOMAIN_WRITE, des_access, 
-		&acc_granted, "_samr_open_domain" );
-		
+	status = access_check_samr_object( psd, p->pipe_user.nt_user_token,
+		&se_rights, GENERIC_RIGHTS_DOMAIN_WRITE, des_access,
+		&acc_granted, "_samr_OpenDomain" );
+
 	if ( !NT_STATUS_IS_OK(status) )
 		return status;
 
-	if (!sid_check_is_domain(&q_u->dom_sid.sid) &&
-	    !sid_check_is_builtin(&q_u->dom_sid.sid)) {
+	if (!sid_check_is_domain(r->in.sid) &&
+	    !sid_check_is_builtin(r->in.sid)) {
 		return NT_STATUS_NO_SUCH_DOMAIN;
 	}
 
 	/* associate the domain SID with the (unique) handle. */
-	if ((info = get_samr_info_by_sid(&q_u->dom_sid.sid))==NULL)
+	if ((info = get_samr_info_by_sid(r->in.sid))==NULL)
 		return NT_STATUS_NO_MEMORY;
 	info->acc_granted = acc_granted;
 
 	/* get a (unique) handle.  open a policy on it. */
-	if (!create_policy_hnd(p, &r_u->domain_pol, free_samr_info, (void *)info))
+	if (!create_policy_hnd(p, r->out.domain_handle, free_samr_info, (void *)info))
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 
-	DEBUG(5,("samr_open_domain: %d\n", __LINE__));
+	DEBUG(5,("_samr_OpenDomain: %d\n", __LINE__));
 
-	return r_u->status;
+	return NT_STATUS_OK;
 }
 
 /*******************************************************************
- _samr_get_usrdom_pwinfo
+ _samr_GetUserPwInfo
  ********************************************************************/
 
-NTSTATUS _samr_get_usrdom_pwinfo(pipes_struct *p, SAMR_Q_GET_USRDOM_PWINFO *q_u, SAMR_R_GET_USRDOM_PWINFO *r_u)
+NTSTATUS _samr_GetUserPwInfo(pipes_struct *p,
+			     struct samr_GetUserPwInfo *r)
 {
 	struct samr_info *info = NULL;
 
-	r_u->status = NT_STATUS_OK;
-
 	/* find the policy handle.  open a policy on it. */
-	if (!find_policy_by_hnd(p, &q_u->user_pol, (void **)(void *)&info))
+	if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
 	if (!sid_check_is_in_our_domain(&info->sid))
 		return NT_STATUS_OBJECT_TYPE_MISMATCH;
 
-	init_samr_r_get_usrdom_pwinfo(r_u, NT_STATUS_OK);
+	ZERO_STRUCTP(r->out.info);
 
-	DEBUG(5,("_samr_get_usrdom_pwinfo: %d\n", __LINE__));
+	DEBUG(5,("_samr_GetUserPwInfo: %d\n", __LINE__));
 
-	/* 
+	/*
 	 * NT sometimes return NT_STATUS_ACCESS_DENIED
 	 * I don't know yet why.
 	 */
 
-	return r_u->status;
+	return NT_STATUS_OK;
 }
 
 /*******************************************************************
 ********************************************************************/
 
-static bool get_lsa_policy_samr_sid( pipes_struct *p, POLICY_HND *pol, 
+static bool get_lsa_policy_samr_sid( pipes_struct *p, POLICY_HND *pol,
 					DOM_SID *sid, uint32 *acc_granted,
 					DISP_INFO **ppdisp_info)
 {
@@ -675,10 +673,11 @@ static bool get_lsa_policy_samr_sid( pipes_struct *p, POLICY_HND *pol,
 }
 
 /*******************************************************************
- _samr_set_sec_obj
+ _samr_SetSecurity
  ********************************************************************/
 
-NTSTATUS _samr_set_sec_obj(pipes_struct *p, SAMR_Q_SET_SEC_OBJ *q_u, SAMR_R_SET_SEC_OBJ *r_u)
+NTSTATUS _samr_SetSecurity(pipes_struct *p,
+			   struct samr_SetSecurity *r)
 {
 	DOM_SID pol_sid;
 	uint32 acc_granted, i;
@@ -687,9 +686,7 @@ NTSTATUS _samr_set_sec_obj(pipes_struct *p, SAMR_Q_SET_SEC_OBJ *q_u, SAMR_R_SET_
 	struct samu *sampass=NULL;
 	NTSTATUS status;
 
-	r_u->status = NT_STATUS_OK;
-
-	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &pol_sid, &acc_granted, NULL))
+	if (!get_lsa_policy_samr_sid(p, r->in.handle, &pol_sid, &acc_granted, NULL))
 		return NT_STATUS_INVALID_HANDLE;
 
 	if (!(sampass = samu_new( p->mem_ctx))) {
@@ -708,12 +705,12 @@ NTSTATUS _samr_set_sec_obj(pipes_struct *p, SAMR_Q_SET_SEC_OBJ *q_u, SAMR_R_SET_
 		return NT_STATUS_INVALID_HANDLE;
 	}
 
-	dacl = q_u->buf->sd->dacl;
+	dacl = r->in.sdbuf->sd->dacl;
 	for (i=0; i < dacl->num_aces; i++) {
 		if (sid_equal(&pol_sid, &dacl->aces[i].trustee)) {
-			ret = pdb_set_pass_can_change(sampass, 
-				(dacl->aces[i].access_mask & 
-				 SA_RIGHT_USER_CHANGE_PASSWORD) ? 
+			ret = pdb_set_pass_can_change(sampass,
+				(dacl->aces[i].access_mask &
+				 SA_RIGHT_USER_CHANGE_PASSWORD) ?
 						      True: False);
 			break;
 		}
@@ -724,7 +721,9 @@ NTSTATUS _samr_set_sec_obj(pipes_struct *p, SAMR_Q_SET_SEC_OBJ *q_u, SAMR_R_SET_
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	status = access_check_samr_function(acc_granted, SA_RIGHT_USER_SET_ATTRIBUTES, "_samr_set_sec_obj");
+	status = access_check_samr_function(acc_granted,
+					    SA_RIGHT_USER_SET_ATTRIBUTES,
+					    "_samr_SetSecurity");
 	if (NT_STATUS_IS_OK(status)) {
 		become_root();
 		status = pdb_update_sam_account(sampass);
@@ -771,98 +770,92 @@ static bool check_change_pw_access(TALLOC_CTX *mem_ctx, DOM_SID *user_sid)
 
 
 /*******************************************************************
- _samr_query_sec_obj
+ _samr_QuerySecurity
  ********************************************************************/
 
-NTSTATUS _samr_query_sec_obj(pipes_struct *p, SAMR_Q_QUERY_SEC_OBJ *q_u, SAMR_R_QUERY_SEC_OBJ *r_u)
+NTSTATUS _samr_QuerySecurity(pipes_struct *p,
+			     struct samr_QuerySecurity *r)
 {
+	NTSTATUS status;
 	DOM_SID pol_sid;
 	SEC_DESC * psd = NULL;
 	uint32 acc_granted;
 	size_t sd_size;
 
-	r_u->status = NT_STATUS_OK;
-
 	/* Get the SID. */
-	if (!get_lsa_policy_samr_sid(p, &q_u->user_pol, &pol_sid, &acc_granted, NULL))
+	if (!get_lsa_policy_samr_sid(p, r->in.handle, &pol_sid, &acc_granted, NULL))
 		return NT_STATUS_INVALID_HANDLE;
 
-	DEBUG(10,("_samr_query_sec_obj: querying security on SID: %s\n",
+	DEBUG(10,("_samr_QuerySecurity: querying security on SID: %s\n",
 		  sid_string_dbg(&pol_sid)));
 
 	/* Check what typ of SID is beeing queried (e.g Domain SID, User SID, Group SID) */
 
 	/* To query the security of the SAM it self an invalid SID with S-0-0 is passed to this function */
 	if (pol_sid.sid_rev_num == 0) {
-		DEBUG(5,("_samr_query_sec_obj: querying security on SAM\n"));
-		r_u->status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
-	} else if (sid_equal(&pol_sid,get_global_sam_sid())) { 
+		DEBUG(5,("_samr_QuerySecurity: querying security on SAM\n"));
+		status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
+	} else if (sid_equal(&pol_sid,get_global_sam_sid())) {
 		/* check if it is our domain SID */
-		DEBUG(5,("_samr_query_sec_obj: querying security on Domain "
+		DEBUG(5,("_samr_QuerySecurity: querying security on Domain "
 			 "with SID: %s\n", sid_string_dbg(&pol_sid)));
-		r_u->status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0);
+		status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0);
 	} else if (sid_equal(&pol_sid,&global_sid_Builtin)) {
 		/* check if it is the Builtin  Domain */
 		/* TODO: Builtin probably needs a different SD with restricted write access*/
-		DEBUG(5,("_samr_query_sec_obj: querying security on Builtin "
+		DEBUG(5,("_samr_QuerySecurity: querying security on Builtin "
 			 "Domain with SID: %s\n", sid_string_dbg(&pol_sid)));
-		r_u->status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0);
+		status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0);
 	} else if (sid_check_is_in_our_domain(&pol_sid) ||
 	    	 sid_check_is_in_builtin(&pol_sid)) {
 		/* TODO: different SDs have to be generated for aliases groups and users.
 		         Currently all three get a default user SD  */
-		DEBUG(10,("_samr_query_sec_obj: querying security on Object "
+		DEBUG(10,("_samr_QuerySecurity: querying security on Object "
 			  "with SID: %s\n", sid_string_dbg(&pol_sid)));
 		if (check_change_pw_access(p->mem_ctx, &pol_sid)) {
-			r_u->status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping, 
+			status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping,
 							  &pol_sid, SAMR_USR_RIGHTS_WRITE_PW);
 		} else {
-			r_u->status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_nopwchange_generic_mapping, 
+			status = make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_nopwchange_generic_mapping,
 							  &pol_sid, SAMR_USR_RIGHTS_CANT_WRITE_PW);
 		}
 	} else {
 		return NT_STATUS_OBJECT_TYPE_MISMATCH;
 	}
 
-	if ((r_u->buf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL)
+	if ((*r->out.sdbuf = make_sec_desc_buf(p->mem_ctx, sd_size, psd)) == NULL)
 		return NT_STATUS_NO_MEMORY;
 
-	if (NT_STATUS_IS_OK(r_u->status))
-		r_u->ptr = 1;
-
-	return r_u->status;
+	return status;
 }
 
 /*******************************************************************
 makes a SAM_ENTRY / UNISTR2* structure from a user list.
 ********************************************************************/
 
-static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp,
-					 UNISTR2 **uni_name_pp,
-					 uint32 num_entries, uint32 start_idx,
+static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx,
+					 struct samr_SamEntry **sam_pp,
+					 uint32_t num_entries,
+					 uint32_t start_idx,
 					 struct samr_displayentry *entries)
 {
-	uint32 i;
-	SAM_ENTRY *sam;
-	UNISTR2 *uni_name;
-	
+	uint32_t i;
+	struct samr_SamEntry *sam;
+
 	*sam_pp = NULL;
-	*uni_name_pp = NULL;
 
-	if (num_entries == 0)
+	if (num_entries == 0) {
 		return NT_STATUS_OK;
+	}
 
-	sam = TALLOC_ZERO_ARRAY(ctx, SAM_ENTRY, num_entries);
-
-	uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_entries);
-
-	if (sam == NULL || uni_name == NULL) {
+	sam = TALLOC_ZERO_ARRAY(ctx, struct samr_SamEntry, num_entries);
+	if (sam == NULL) {
 		DEBUG(0, ("make_user_sam_entry_list: TALLOC_ZERO failed!\n"));
 		return NT_STATUS_NO_MEMORY;
 	}
 
 	for (i = 0; i < num_entries; i++) {
-		UNISTR2 uni_temp_name;
+#if 0
 		/*
 		 * usrmgr expects a non-NULL terminated string with
 		 * trust relationships
@@ -874,50 +867,59 @@ static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp,
 			init_unistr2(&uni_temp_name, entries[i].account_name,
 				     UNI_STR_TERMINATE);
 		}
-
-		init_sam_entry(&sam[i], &uni_temp_name, entries[i].rid);
-		copy_unistr2(&uni_name[i], &uni_temp_name);
+#endif
+		init_lsa_String(&sam[i].name, entries[i].account_name);
+		sam[i].idx = entries[i].rid;
 	}
 
 	*sam_pp = sam;
-	*uni_name_pp = uni_name;
+
 	return NT_STATUS_OK;
 }
 
+#define MAX_SAM_ENTRIES MAX_SAM_ENTRIES_W2K
+
 /*******************************************************************
- samr_reply_enum_dom_users
+ _samr_EnumDomainUsers
  ********************************************************************/
 
-NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u, 
-			      SAMR_R_ENUM_DOM_USERS *r_u)
+NTSTATUS _samr_EnumDomainUsers(pipes_struct *p,
+			       struct samr_EnumDomainUsers *r)
 {
+	NTSTATUS status;
 	struct samr_info *info = NULL;
 	int num_account;
-	uint32 enum_context=q_u->start_idx;
+	uint32 enum_context = *r->in.resume_handle;
 	enum remote_arch_types ra_type = get_remote_arch();
 	int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K;
 	uint32 max_entries = max_sam_entries;
 	struct samr_displayentry *entries = NULL;
-	
-	r_u->status = NT_STATUS_OK;
+	struct samr_SamArray *samr_array = NULL;
+	struct samr_SamEntry *samr_entries = NULL;
 
 	/* find the policy handle.  open a policy on it. */
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+	if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
- 	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, 
-					SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, 
-					"_samr_enum_dom_users"))) {
- 		return r_u->status;
+	status = access_check_samr_function(info->acc_granted,
+					    SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+					    "_samr_EnumDomainUsers");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
- 	
-	DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__));
+
+	DEBUG(5,("_samr_EnumDomainUsers: %d\n", __LINE__));
 
 	if (info->builtin_domain) {
 		/* No users in builtin. */
-		init_samr_r_enum_dom_users(r_u, q_u->start_idx, 0);
-		DEBUG(5,("_samr_enum_dom_users: No users in BUILTIN\n"));
-		return r_u->status;
+		*r->out.resume_handle = *r->in.resume_handle;
+		DEBUG(5,("_samr_EnumDomainUsers: No users in BUILTIN\n"));
+		return status;
+	}
+
+	samr_array = TALLOC_ZERO_P(p->mem_ctx, struct samr_SamArray);
+	if (!samr_array) {
+		return NT_STATUS_NO_MEMORY;
 	}
 
 	become_root();
@@ -925,14 +927,14 @@ NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u,
 	/* AS ROOT !!!! */
 
 	if ((info->disp_info->enum_users != NULL) &&
-	    (info->disp_info->enum_acb_mask != q_u->acb_mask)) {
+	    (info->disp_info->enum_acb_mask != r->in.acct_flags)) {
 		pdb_search_destroy(info->disp_info->enum_users);
 		info->disp_info->enum_users = NULL;
 	}
 
 	if (info->disp_info->enum_users == NULL) {
-		info->disp_info->enum_users = pdb_search_users(q_u->acb_mask);
-		info->disp_info->enum_acb_mask = q_u->acb_mask;
+		info->disp_info->enum_users = pdb_search_users(r->in.acct_flags);
+		info->disp_info->enum_acb_mask = r->in.acct_flags;
 	}
 
 	if (info->disp_info->enum_users == NULL) {
@@ -950,63 +952,62 @@ NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u,
 	unbecome_root();
 
 	if (num_account == 0) {
-		DEBUG(5, ("_samr_enum_dom_users: enumeration handle over "
+		DEBUG(5, ("_samr_EnumDomainUsers: enumeration handle over "
 			  "total entries\n"));
-		init_samr_r_enum_dom_users(r_u, q_u->start_idx, 0);
+		*r->out.resume_handle = *r->in.resume_handle;
 		return NT_STATUS_OK;
 	}
 
-	r_u->status = make_user_sam_entry_list(p->mem_ctx, &r_u->sam,
-					       &r_u->uni_acct_name, 
-					       num_account, enum_context,
-					       entries);
-
-	if (!NT_STATUS_IS_OK(r_u->status))
-		return r_u->status;
+	status = make_user_sam_entry_list(p->mem_ctx, &samr_entries,
+					  num_account, enum_context,
+					  entries);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
 
 	if (max_entries <= num_account) {
-		r_u->status = STATUS_MORE_ENTRIES;
+		status = STATUS_MORE_ENTRIES;
 	} else {
-		r_u->status = NT_STATUS_OK;
+		status = NT_STATUS_OK;
 	}
 
 	/* Ensure we cache this enumeration. */
 	set_disp_info_cache_timeout(info->disp_info, DISP_INFO_CACHE_TIMEOUT);
 
-	DEBUG(5, ("_samr_enum_dom_users: %d\n", __LINE__));
+	DEBUG(5, ("_samr_EnumDomainUsers: %d\n", __LINE__));
 
-	init_samr_r_enum_dom_users(r_u, q_u->start_idx + num_account,
-				   num_account);
+	samr_array->count = num_account;
+	samr_array->entries = samr_entries;
 
-	DEBUG(5,("_samr_enum_dom_users: %d\n", __LINE__));
+	*r->out.resume_handle = *r->in.resume_handle + num_account;
+	*r->out.sam = samr_array;
+	*r->out.num_entries = num_account;
 
-	return r_u->status;
+	DEBUG(5,("_samr_EnumDomainUsers: %d\n", __LINE__));
+
+	return status;
 }
 
 /*******************************************************************
 makes a SAM_ENTRY / UNISTR2* structure from a group list.
 ********************************************************************/
 
-static void make_group_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp,
-				      UNISTR2 **uni_name_pp,
-				      uint32 num_sam_entries,
+static void make_group_sam_entry_list(TALLOC_CTX *ctx,
+				      struct samr_SamEntry **sam_pp,
+				      uint32_t num_sam_entries,
 				      struct samr_displayentry *entries)
 {
-	uint32 i;
-	SAM_ENTRY *sam;
-	UNISTR2 *uni_name;
+	struct samr_SamEntry *sam;
+	uint32_t i;
 
 	*sam_pp = NULL;
-	*uni_name_pp = NULL;
 
-	if (num_sam_entries == 0)
+	if (num_sam_entries == 0) {
 		return;
+	}
 
-	sam = TALLOC_ZERO_ARRAY(ctx, SAM_ENTRY, num_sam_entries);
-	uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_sam_entries);
-
-	if (sam == NULL || uni_name == NULL) {
-		DEBUG(0, ("NULL pointers in SAMR_R_QUERY_DISPINFO\n"));
+	sam = TALLOC_ZERO_ARRAY(ctx, struct samr_SamEntry, num_sam_entries);
+	if (sam == NULL) {
 		return;
 	}
 
@@ -1014,44 +1015,50 @@ static void make_group_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp,
 		/*
 		 * JRA. I think this should include the null. TNG does not.
 		 */
-		init_unistr2(&uni_name[i], entries[i].account_name,
-			     UNI_STR_TERMINATE);
-		init_sam_entry(&sam[i], &uni_name[i], entries[i].rid);
+		init_lsa_String(&sam[i].name, entries[i].account_name);
+		sam[i].idx = entries[i].rid;
 	}
 
 	*sam_pp = sam;
-	*uni_name_pp = uni_name;
 }
 
 /*******************************************************************
- samr_reply_enum_dom_groups
+ _samr_EnumDomainGroups
  ********************************************************************/
 
-NTSTATUS _samr_enum_dom_groups(pipes_struct *p, SAMR_Q_ENUM_DOM_GROUPS *q_u, SAMR_R_ENUM_DOM_GROUPS *r_u)
+NTSTATUS _samr_EnumDomainGroups(pipes_struct *p,
+				struct samr_EnumDomainGroups *r)
 {
+	NTSTATUS status;
 	struct samr_info *info = NULL;
 	struct samr_displayentry *groups;
 	uint32 num_groups;
-
-	r_u->status = NT_STATUS_OK;
+	struct samr_SamArray *samr_array = NULL;
+	struct samr_SamEntry *samr_entries = NULL;
 
 	/* find the policy handle.  open a policy on it. */
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+	if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
-	r_u->status = access_check_samr_function(info->acc_granted,
-						 SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
-						 "_samr_enum_dom_groups");
-	if (!NT_STATUS_IS_OK(r_u->status))
-		return r_u->status;
+	status = access_check_samr_function(info->acc_granted,
+					    SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+					    "_samr_EnumDomainGroups");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
 
-	DEBUG(5,("samr_reply_enum_dom_groups: %d\n", __LINE__));
+	DEBUG(5,("_samr_EnumDomainGroups: %d\n", __LINE__));
 
 	if (info->builtin_domain) {
 		/* No groups in builtin. */
-		init_samr_r_enum_dom_groups(r_u, q_u->start_idx, 0);
-		DEBUG(5,("_samr_enum_dom_users: No groups in BUILTIN\n"));
-		return r_u->status;
+		*r->out.resume_handle = *r->in.resume_handle;
+		DEBUG(5,("_samr_EnumDomainGroups: No groups in BUILTIN\n"));
+		return status;
+	}
+
+	samr_array = TALLOC_ZERO_P(p->mem_ctx, struct samr_SamArray);
+	if (!samr_array) {
+		return NT_STATUS_NO_MEMORY;
 	}
 
 	/* the domain group array is being allocated in the function below */
@@ -1067,46 +1074,64 @@ NTSTATUS _samr_enum_dom_groups(pipes_struct *p, SAMR_Q_ENUM_DOM_GROUPS *q_u, SAM
 		}
 	}
 
-	num_groups = pdb_search_entries(info->disp_info->groups, q_u->start_idx,
+	num_groups = pdb_search_entries(info->disp_info->groups,
+					*r->in.resume_handle,
 					MAX_SAM_ENTRIES, &groups);
 	unbecome_root();
-	
+
 	/* Ensure we cache this enumeration. */
 	set_disp_info_cache_timeout(info->disp_info, DISP_INFO_CACHE_TIMEOUT);
 
-	make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name,
+	make_group_sam_entry_list(p->mem_ctx, &samr_entries,
 				  num_groups, groups);
 
-	init_samr_r_enum_dom_groups(r_u, q_u->start_idx, num_groups);
+	samr_array->count = num_groups;
+	samr_array->entries = samr_entries;
+
+	*r->out.sam = samr_array;
+	*r->out.num_entries = num_groups;
+	/* this was missing, IMHO:
+	*r->out.resume_handle = num_groups + *r->in.resume_handle;
+	*/
 
-	DEBUG(5,("samr_enum_dom_groups: %d\n", __LINE__));
+	DEBUG(5,("_samr_EnumDomainGroups: %d\n", __LINE__));
 
-	return r_u->status;
+	return status;
 }
 
 /*******************************************************************
- samr_reply_enum_dom_aliases
+ _samr_EnumDomainAliases
  ********************************************************************/
 
-NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, SAMR_R_ENUM_DOM_ALIASES *r_u)
+NTSTATUS _samr_EnumDomainAliases(pipes_struct *p,
+				 struct samr_EnumDomainAliases *r)
 {
+	NTSTATUS status;
 	struct samr_info *info;
 	struct samr_displayentry *aliases;
 	uint32 num_aliases = 0;
+	struct samr_SamArray *samr_array = NULL;
+	struct samr_SamEntry *samr_entries = NULL;
 
 	/* find the policy handle.  open a policy on it. */
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+	if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
-	r_u->status = access_check_samr_function(info->acc_granted,
-						 SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
-						 "_samr_enum_dom_aliases");
-	if (!NT_STATUS_IS_OK(r_u->status))
-		return r_u->status;
+	status = access_check_samr_function(info->acc_granted,
+					    SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+					    "_samr_EnumDomainAliases");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
 
-	DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n",
+	DEBUG(5,("_samr_EnumDomainAliases: sid %s\n",
 		 sid_string_dbg(&info->sid)));
 
+	samr_array = TALLOC_ZERO_P(p->mem_ctx, struct samr_SamArray);
+	if (!samr_array) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
 	become_root();
 
 	if (info->disp_info->aliases == NULL) {
@@ -1117,39 +1142,244 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S
 		}
 	}
 
-	num_aliases = pdb_search_entries(info->disp_info->aliases, q_u->start_idx,
+	num_aliases = pdb_search_entries(info->disp_info->aliases,
+					 *r->in.resume_handle,
 					 MAX_SAM_ENTRIES, &aliases);
 	unbecome_root();
-	
+
 	/* Ensure we cache this enumeration. */
 	set_disp_info_cache_timeout(info->disp_info, DISP_INFO_CACHE_TIMEOUT);
 
-	make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name,
+	make_group_sam_entry_list(p->mem_ctx, &samr_entries,
 				  num_aliases, aliases);
 
-	init_samr_r_enum_dom_aliases(r_u, q_u->start_idx + num_aliases,
-				     num_aliases);
+	DEBUG(5,("_samr_EnumDomainAliases: %d\n", __LINE__));
+
+	samr_array->count = num_aliases;
+	samr_array->entries = samr_entries;
+
+	*r->out.sam = samr_array;
+	*r->out.num_entries = num_aliases;
+	*r->out.resume_handle = num_aliases + *r->in.resume_handle;
+
+	return status;
+}
+
+/*******************************************************************
+ inits a samr_DispInfoGeneral structure.
+********************************************************************/
+
+static NTSTATUS init_samr_dispinfo_1(TALLOC_CTX *ctx,
+				     struct samr_DispInfoGeneral *r,
+				     uint32_t num_entries,
+				     uint32_t start_idx,
+				     struct samr_displayentry *entries)
+{
+	uint32 i;
+
+	DEBUG(10, ("init_samr_dispinfo_1: num_entries: %d\n", num_entries));
+
+	if (num_entries == 0) {
+		return NT_STATUS_OK;
+	}
+
+	r->count = num_entries;
+
+	r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryGeneral, num_entries);
+	if (!r->entries) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i = 0; i < num_entries ; i++) {
 
-	DEBUG(5,("samr_enum_dom_aliases: %d\n", __LINE__));
+		init_lsa_String(&r->entries[i].account_name,
+				entries[i].account_name);
 
-	return r_u->status;
+		init_lsa_String(&r->entries[i].description,
+				entries[i].description);
+
+		init_lsa_String(&r->entries[i].full_name,
+				entries[i].fullname);
+
+		r->entries[i].rid = entries[i].rid;
+		r->entries[i].acct_flags = entries[i].acct_flags;
+		r->entries[i].idx = start_idx+i+1;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ inits a samr_DispInfoFull structure.
+********************************************************************/
+
+static NTSTATUS init_samr_dispinfo_2(TALLOC_CTX *ctx,
+				     struct samr_DispInfoFull *r,
+				     uint32_t num_entries,
+				     uint32_t start_idx,
+				     struct samr_displayentry *entries)
+{
+	uint32_t i;
+
+	DEBUG(10, ("init_samr_dispinfo_2: num_entries: %d\n", num_entries));
+
+	if (num_entries == 0) {
+		return NT_STATUS_OK;
+	}
+
+	r->count = num_entries;
+
+	r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryFull, num_entries);
+	if (!r->entries) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i = 0; i < num_entries ; i++) {
+
+		init_lsa_String(&r->entries[i].account_name,
+				entries[i].account_name);
+
+		init_lsa_String(&r->entries[i].description,
+				entries[i].description);
+
+		r->entries[i].rid = entries[i].rid;
+		r->entries[i].acct_flags = entries[i].acct_flags;
+		r->entries[i].idx = start_idx+i+1;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ inits a samr_DispInfoFullGroups structure.
+********************************************************************/
+
+static NTSTATUS init_samr_dispinfo_3(TALLOC_CTX *ctx,
+				     struct samr_DispInfoFullGroups *r,
+				     uint32_t num_entries,
+				     uint32_t start_idx,
+				     struct samr_displayentry *entries)
+{
+	uint32_t i;
+
+	DEBUG(5, ("init_samr_dispinfo_3: num_entries: %d\n", num_entries));
+
+	if (num_entries == 0) {
+		return NT_STATUS_OK;
+	}
+
+	r->count = num_entries;
+
+	r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryFullGroup, num_entries);
+	if (!r->entries) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i = 0; i < num_entries ; i++) {
+
+		init_lsa_String(&r->entries[i].account_name,
+				entries[i].account_name);
+
+		init_lsa_String(&r->entries[i].description,
+				entries[i].description);
+
+		r->entries[i].rid = entries[i].rid;
+		r->entries[i].acct_flags = entries[i].acct_flags;
+		r->entries[i].idx = start_idx+i+1;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ inits a samr_DispInfoAscii structure.
+********************************************************************/
+
+static NTSTATUS init_samr_dispinfo_4(TALLOC_CTX *ctx,
+				     struct samr_DispInfoAscii *r,
+				     uint32_t num_entries,
+				     uint32_t start_idx,
+				     struct samr_displayentry *entries)
+{
+	uint32_t i;
+
+	DEBUG(5, ("init_samr_dispinfo_4: num_entries: %d\n", num_entries));
+
+	if (num_entries == 0) {
+		return NT_STATUS_OK;
+	}
+
+	r->count = num_entries;
+
+	r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryAscii, num_entries);
+	if (!r->entries) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i = 0; i < num_entries ; i++) {
+
+		init_lsa_AsciiStringLarge(&r->entries[i].account_name,
+					  entries[i].account_name);
+
+		r->entries[i].idx = start_idx+i+1;
+	}
+
+	return NT_STATUS_OK;
 }
 
 /*******************************************************************
- samr_reply_query_dispinfo
+ inits a samr_DispInfoAscii structure.
+********************************************************************/
+
+static NTSTATUS init_samr_dispinfo_5(TALLOC_CTX *ctx,
+				     struct samr_DispInfoAscii *r,
+				     uint32_t num_entries,
+				     uint32_t start_idx,
+				     struct samr_displayentry *entries)
+{
+	uint32_t i;
+
+	DEBUG(5, ("init_samr_dispinfo_5: num_entries: %d\n", num_entries));
+
+	if (num_entries == 0) {
+		return NT_STATUS_OK;
+	}
+
+	r->count = num_entries;
+
+	r->entries = TALLOC_ZERO_ARRAY(ctx, struct samr_DispEntryAscii, num_entries);
+	if (!r->entries) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i = 0; i < num_entries ; i++) {
+
+		init_lsa_AsciiStringLarge(&r->entries[i].account_name,
+					  entries[i].account_name);
+
+		r->entries[i].idx = start_idx+i+1;
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*******************************************************************
+ _samr_QueryDisplayInfo
  ********************************************************************/
 
-NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, 
-			      SAMR_R_QUERY_DISPINFO *r_u)
+NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p,
+				struct samr_QueryDisplayInfo *r)
 {
+	NTSTATUS status;
 	struct samr_info *info = NULL;
 	uint32 struct_size=0x20; /* W2K always reply that, client doesn't care */
-	
-	uint32 max_entries=q_u->max_entries;
-	uint32 enum_context=q_u->start_idx;
-	uint32 max_size=q_u->max_size;
 
-	SAM_DISPINFO_CTR *ctr;
+	uint32 max_entries = r->in.max_entries;
+	uint32 enum_context = r->in.start_idx;
+	uint32 max_size = r->in.buf_size;
+
+	union samr_DispInfo *disp_info = r->out.info;
+
 	uint32 temp_size=0, total_data_size=0;
 	NTSTATUS disp_ret = NT_STATUS_UNSUCCESSFUL;
 	uint32 num_account = 0;
@@ -1157,16 +1387,15 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
 	int max_sam_entries = (ra_type == RA_WIN95) ? MAX_SAM_ENTRIES_W95 : MAX_SAM_ENTRIES_W2K;
 	struct samr_displayentry *entries = NULL;
 
-	DEBUG(5, ("samr_reply_query_dispinfo: %d\n", __LINE__));
-	r_u->status = NT_STATUS_UNSUCCESSFUL;
+	DEBUG(5,("_samr_QueryDisplayInfo: %d\n", __LINE__));
 
 	/* find the policy handle.  open a policy on it. */
-	if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)(void *)&info))
+	if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
 	/*
 	 * calculate how many entries we will return.
-	 * based on 
+	 * based on
 	 * - the number of entries the client asked
 	 * - our limit on that
 	 * - the starting point (enumeration context)
@@ -1192,15 +1421,15 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
 	 * JFM, 12/20/2001
 	 */
 
-	if ((q_u->switch_level < 1) || (q_u->switch_level > 5)) {
-		DEBUG(0,("_samr_query_dispinfo: Unknown info level (%u)\n",
-			 (unsigned int)q_u->switch_level ));
+	if ((r->in.level < 1) || (r->in.level > 5)) {
+		DEBUG(0,("_samr_QueryDisplayInfo: Unknown info level (%u)\n",
+			 (unsigned int)r->in.level ));
 		return NT_STATUS_INVALID_INFO_CLASS;
 	}
 
 	/* first limit the number of entries we will return */
 	if(max_entries > max_sam_entries) {
-		DEBUG(5, ("samr_reply_query_dispinfo: client requested %d "
+		DEBUG(5, ("_samr_QueryDisplayInfo: client requested %d "
 			  "entries, limiting to %d\n", max_entries,
 			  max_sam_entries));
 		max_entries = max_sam_entries;
@@ -1210,23 +1439,18 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
 	 * return */
 
 	temp_size=max_entries*struct_size;
-	
+
 	if (temp_size>max_size) {
 		max_entries=MIN((max_size/struct_size),max_entries);;
-		DEBUG(5, ("samr_reply_query_dispinfo: buffer size limits to "
+		DEBUG(5, ("_samr_QueryDisplayInfo: buffer size limits to "
 			  "only %d entries\n", max_entries));
 	}
 
-	if (!(ctr = TALLOC_ZERO_P(p->mem_ctx,SAM_DISPINFO_CTR)))
-		return NT_STATUS_NO_MEMORY;
-
-	ZERO_STRUCTP(ctr);
-
 	become_root();
 
 	/* THe following done as ROOT. Don't return without unbecome_root(). */
 
-	switch (q_u->switch_level) {
+	switch (r->in.level) {
 	case 0x1:
 	case 0x4:
 		if (info->disp_info->users == NULL) {
@@ -1235,10 +1459,10 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
 				unbecome_root();
 				return NT_STATUS_ACCESS_DENIED;
 			}
-			DEBUG(10,("samr_reply_query_dispinfo: starting user enumeration at index %u\n",
+			DEBUG(10,("_samr_QueryDisplayInfo: starting user enumeration at index %u\n",
 				(unsigned  int)enum_context ));
 		} else {
-			DEBUG(10,("samr_reply_query_dispinfo: using cached user enumeration at index %u\n",
+			DEBUG(10,("_samr_QueryDisplayInfo: using cached user enumeration at index %u\n",
 				(unsigned  int)enum_context ));
 		}
 
@@ -1254,10 +1478,10 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
 				unbecome_root();
 				return NT_STATUS_ACCESS_DENIED;
 			}
-			DEBUG(10,("samr_reply_query_dispinfo: starting machine enumeration at index %u\n",
+			DEBUG(10,("_samr_QueryDisplayInfo: starting machine enumeration at index %u\n",
 				(unsigned  int)enum_context ));
 		} else {
-			DEBUG(10,("samr_reply_query_dispinfo: using cached machine enumeration at index %u\n",
+			DEBUG(10,("_samr_QueryDisplayInfo: using cached machine enumeration at index %u\n",
 				(unsigned  int)enum_context ));
 		}
 
@@ -1273,10 +1497,10 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
 				unbecome_root();
 				return NT_STATUS_ACCESS_DENIED;
 			}
-			DEBUG(10,("samr_reply_query_dispinfo: starting group enumeration at index %u\n",
+			DEBUG(10,("_samr_QueryDisplayInfo: starting group enumeration at index %u\n",
 				(unsigned  int)enum_context ));
 		} else {
-			DEBUG(10,("samr_reply_query_dispinfo: using cached group enumeration at index %u\n",
+			DEBUG(10,("_samr_QueryDisplayInfo: using cached group enumeration at index %u\n",
 				(unsigned  int)enum_context ));
 		}
 
@@ -1291,32 +1515,33 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
 	}
 	unbecome_root();
 
+
 	/* Now create reply structure */
-	switch (q_u->switch_level) {
+	switch (r->in.level) {
 	case 0x1:
-		disp_ret = init_sam_dispinfo_1(p->mem_ctx, &ctr->sam.info1,
-					       num_account, enum_context,
-					       entries);
+		disp_ret = init_samr_dispinfo_1(p->mem_ctx, &disp_info->info1,
+						num_account, enum_context,
+						entries);
 		break;
 	case 0x2:
-		disp_ret = init_sam_dispinfo_2(p->mem_ctx, &ctr->sam.info2,
-					       num_account, enum_context,
-					       entries);
+		disp_ret = init_samr_dispinfo_2(p->mem_ctx, &disp_info->info2,
+						num_account, enum_context,
+						entries);
 		break;
 	case 0x3:
-		disp_ret = init_sam_dispinfo_3(p->mem_ctx, &ctr->sam.info3,
-					       num_account, enum_context,
-					       entries);
+		disp_ret = init_samr_dispinfo_3(p->mem_ctx, &disp_info->info3,
+						num_account, enum_context,
+						entries);
 		break;
 	case 0x4:
-		disp_ret = init_sam_dispinfo_4(p->mem_ctx, &ctr->sam.info4,
-					       num_account, enum_context,
-					       entries);
+		disp_ret = init_samr_dispinfo_4(p->mem_ctx, &disp_info->info4,
+						num_account, enum_context,
+						entries);
 		break;
 	case 0x5:
-		disp_ret = init_sam_dispinfo_5(p->mem_ctx, &ctr->sam.info5,
-					       num_account, enum_context,
-					       entries);
+		disp_ret = init_samr_dispinfo_5(p->mem_ctx, &disp_info->info5,
+						num_account, enum_context,
+						entries);
 		break;
 	default:
 		smb_panic("info class changed");
@@ -1330,73 +1555,130 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u,
 	total_data_size=num_account*struct_size;
 
 	if (num_account) {
-		r_u->status = STATUS_MORE_ENTRIES;
+		status = STATUS_MORE_ENTRIES;
 	} else {
-		r_u->status = NT_STATUS_OK;
+		status = NT_STATUS_OK;
 	}
 
 	/* Ensure we cache this enumeration. */
 	set_disp_info_cache_timeout(info->disp_info, DISP_INFO_CACHE_TIMEOUT);
 
-	DEBUG(5, ("_samr_query_dispinfo: %d\n", __LINE__));
+	DEBUG(5, ("_samr_QueryDisplayInfo: %d\n", __LINE__));
+
+	*r->out.total_size = total_data_size;
+	*r->out.returned_size = temp_size;
+
+	return status;
+}
+
+/****************************************************************
+ _samr_QueryDisplayInfo2
+****************************************************************/
+
+NTSTATUS _samr_QueryDisplayInfo2(pipes_struct *p,
+				 struct samr_QueryDisplayInfo2 *r)
+{
+	struct samr_QueryDisplayInfo q;
+
+	q.in.domain_handle	= r->in.domain_handle;
+	q.in.level		= r->in.level;
+	q.in.start_idx		= r->in.start_idx;
+	q.in.max_entries	= r->in.max_entries;
+	q.in.buf_size		= r->in.buf_size;
+
+	q.out.total_size	= r->out.total_size;
+	q.out.returned_size	= r->out.returned_size;
+	q.out.info		= r->out.info;
+
+	return _samr_QueryDisplayInfo(p, &q);
+}
+
+/****************************************************************
+ _samr_QueryDisplayInfo3
+****************************************************************/
+
+NTSTATUS _samr_QueryDisplayInfo3(pipes_struct *p,
+				 struct samr_QueryDisplayInfo3 *r)
+{
+	struct samr_QueryDisplayInfo q;
 
-	init_samr_r_query_dispinfo(r_u, num_account, total_data_size,
-				   temp_size, q_u->switch_level, ctr,
-				   r_u->status);
+	q.in.domain_handle	= r->in.domain_handle;
+	q.in.level		= r->in.level;
+	q.in.start_idx		= r->in.start_idx;
+	q.in.max_entries	= r->in.max_entries;
+	q.in.buf_size		= r->in.buf_size;
 
-	return r_u->status;
+	q.out.total_size	= r->out.total_size;
+	q.out.returned_size	= r->out.returned_size;
+	q.out.info		= r->out.info;
 
+	return _samr_QueryDisplayInfo(p, &q);
 }
 
 /*******************************************************************
- samr_reply_query_aliasinfo
+ _samr_QueryAliasInfo
  ********************************************************************/
 
-NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAMR_R_QUERY_ALIASINFO *r_u)
+NTSTATUS _samr_QueryAliasInfo(pipes_struct *p,
+			      struct samr_QueryAliasInfo *r)
 {
 	DOM_SID   sid;
 	struct acct_info info;
 	uint32    acc_granted;
 	NTSTATUS status;
+	union samr_AliasInfo *alias_info = NULL;
+	const char *alias_name = NULL;
+	const char *alias_description = NULL;
 
-	r_u->status = NT_STATUS_OK;
+	DEBUG(5,("_samr_QueryAliasInfo: %d\n", __LINE__));
 
-	DEBUG(5,("_samr_query_aliasinfo: %d\n", __LINE__));
+	alias_info = TALLOC_ZERO_P(p->mem_ctx, union samr_AliasInfo);
+	if (!alias_info) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	/* find the policy handle.  open a policy on it. */
-	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted, NULL))
+	if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &sid, &acc_granted, NULL))
 		return NT_STATUS_INVALID_HANDLE;
-	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_LOOKUP_INFO, "_samr_query_aliasinfo"))) {
-		return r_u->status;
+
+	status = access_check_samr_function(acc_granted,
+					    SA_RIGHT_ALIAS_LOOKUP_INFO,
+					    "_samr_QueryAliasInfo");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
 
 	become_root();
 	status = pdb_get_aliasinfo(&sid, &info);
 	unbecome_root();
-	
+
 	if ( !NT_STATUS_IS_OK(status))
 		return status;
 
-	if ( !(r_u->ctr = TALLOC_ZERO_P( p->mem_ctx, ALIAS_INFO_CTR )) ) 
-		return NT_STATUS_NO_MEMORY;
-
+	/* FIXME: info contains fstrings */
+	alias_name = talloc_strdup(r, info.acct_name);
+	alias_description = talloc_strdup(r, info.acct_desc);
 
-	switch (q_u->level ) {
-	case 1:
-		r_u->ctr->level = 1;
-		init_samr_alias_info1(&r_u->ctr->alias.info1, info.acct_name, 1, info.acct_desc);
+	switch (r->in.level) {
+	case ALIASINFOALL:
+		init_samr_alias_info1(&alias_info->all,
+				      alias_name,
+				      1,
+				      alias_description);
 		break;
-	case 3:
-		r_u->ctr->level = 3;
-		init_samr_alias_info3(&r_u->ctr->alias.info3, info.acct_desc);
+	case ALIASINFODESCRIPTION:
+		init_samr_alias_info3(&alias_info->description,
+				      alias_description);
 		break;
 	default:
 		return NT_STATUS_INVALID_INFO_CLASS;
 	}
 
-	DEBUG(5,("_samr_query_aliasinfo: %d\n", __LINE__));
+	*r->out.info = alias_info;
 
-	return r_u->status;
+	DEBUG(5,("_samr_QueryAliasInfo: %d\n", __LINE__));
+
+	return NT_STATUS_OK;
 }
 
 #if 0
@@ -1460,170 +1742,184 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM
 #endif
 
 /*******************************************************************
- _samr_lookup_names
+ _samr_LookupNames
  ********************************************************************/
 
-NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LOOKUP_NAMES *r_u)
+NTSTATUS _samr_LookupNames(pipes_struct *p,
+			   struct samr_LookupNames *r)
 {
+	NTSTATUS status;
 	uint32 rid[MAX_SAM_ENTRIES];
 	enum lsa_SidType type[MAX_SAM_ENTRIES];
 	int i;
-	int num_rids = q_u->num_names2;
+	int num_rids = r->in.num_names;
 	DOM_SID pol_sid;
 	uint32  acc_granted;
+	struct samr_Ids rids, types;
 
-	r_u->status = NT_STATUS_OK;
-
-	DEBUG(5,("_samr_lookup_names: %d\n", __LINE__));
+	DEBUG(5,("_samr_LookupNames: %d\n", __LINE__));
 
 	ZERO_ARRAY(rid);
 	ZERO_ARRAY(type);
 
-	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &pol_sid, &acc_granted, NULL)) {
-		init_samr_r_lookup_names(p->mem_ctx, r_u, 0, NULL, NULL, NT_STATUS_OBJECT_TYPE_MISMATCH);
-		return r_u->status;
+	if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &pol_sid, &acc_granted, NULL)) {
+		return NT_STATUS_OBJECT_TYPE_MISMATCH;
 	}
-	
-	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, 0, "_samr_lookup_names"))) { /* Don't know the acc_bits yet */
-		return r_u->status;
+
+	status = access_check_samr_function(acc_granted,
+					    0, /* Don't know the acc_bits yet */
+					    "_samr_LookupNames");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
 
 	if (num_rids > MAX_SAM_ENTRIES) {
 		num_rids = MAX_SAM_ENTRIES;
-		DEBUG(5,("_samr_lookup_names: truncating entries to %d\n", num_rids));
+		DEBUG(5,("_samr_LookupNames: truncating entries to %d\n", num_rids));
 	}
 
-	DEBUG(5,("_samr_lookup_names: looking name on SID %s\n",
+	DEBUG(5,("_samr_LookupNames: looking name on SID %s\n",
 		 sid_string_dbg(&pol_sid)));
-	
+
 	for (i = 0; i < num_rids; i++) {
-		fstring name;
-            	int ret;
 
-	        r_u->status = NT_STATUS_NONE_MAPPED;
+		status = NT_STATUS_NONE_MAPPED;
 	        type[i] = SID_NAME_UNKNOWN;
 
-	        rid [i] = 0xffffffff;
-
-		ret = rpcstr_pull(name, q_u->uni_name[i].buffer, sizeof(name), q_u->uni_name[i].uni_str_len*2, 0);
-
-		if (ret <= 0) {
-			continue;
-		}
+		rid[i] = 0xffffffff;
 
 		if (sid_check_is_builtin(&pol_sid)) {
-			if (lookup_builtin_name(name, &rid[i])) {
+			if (lookup_builtin_name(r->in.names[i].string,
+						&rid[i]))
+			{
 				type[i] = SID_NAME_ALIAS;
 			}
 		} else {
-			lookup_global_sam_name(name, 0, &rid[i], &type[i]);
+			lookup_global_sam_name(r->in.names[i].string, 0,
+					       &rid[i], &type[i]);
 		}
 
 		if (type[i] != SID_NAME_UNKNOWN) {
-			r_u->status = NT_STATUS_OK;
+			status = NT_STATUS_OK;
 		}
 	}
 
-	init_samr_r_lookup_names(p->mem_ctx, r_u, num_rids, rid, type, r_u->status);
+	rids.count = num_rids;
+	rids.ids = rid;
+
+	types.count = num_rids;
+	types.ids = type;
 
-	DEBUG(5,("_samr_lookup_names: %d\n", __LINE__));
+	*r->out.rids = rids;
+	*r->out.types = types;
 
-	return r_u->status;
+	DEBUG(5,("_samr_LookupNames: %d\n", __LINE__));
+
+	return status;
 }
 
 /*******************************************************************
- _samr_chgpasswd_user
+ _samr_ChangePasswordUser2
  ********************************************************************/
 
-NTSTATUS _samr_chgpasswd_user(pipes_struct *p, SAMR_Q_CHGPASSWD_USER *q_u, SAMR_R_CHGPASSWD_USER *r_u)
+NTSTATUS _samr_ChangePasswordUser2(pipes_struct *p,
+				   struct samr_ChangePasswordUser2 *r)
 {
+	NTSTATUS status;
 	fstring user_name;
 	fstring wks;
 
-	DEBUG(5,("_samr_chgpasswd_user: %d\n", __LINE__));
+	DEBUG(5,("_samr_ChangePasswordUser2: %d\n", __LINE__));
 
-	r_u->status = NT_STATUS_OK;
+	fstrcpy(user_name, r->in.account->string);
+	fstrcpy(wks, r->in.server->string);
 
-	rpcstr_pull(user_name, q_u->uni_user_name.buffer, sizeof(user_name), q_u->uni_user_name.uni_str_len*2, 0);
-	rpcstr_pull(wks, q_u->uni_dest_host.buffer, sizeof(wks), q_u->uni_dest_host.uni_str_len*2,0);
-
-	DEBUG(5,("samr_chgpasswd_user: user: %s wks: %s\n", user_name, wks));
+	DEBUG(5,("_samr_ChangePasswordUser2: user: %s wks: %s\n", user_name, wks));
 
 	/*
 	 * Pass the user through the NT -> unix user mapping
 	 * function.
 	 */
- 
+
 	(void)map_username(user_name);
- 
+
 	/*
-	 * UNIX username case mangling not required, pass_oem_change 
+	 * UNIX username case mangling not required, pass_oem_change
 	 * is case insensitive.
 	 */
 
-	r_u->status = pass_oem_change(user_name, q_u->lm_newpass.pass, q_u->lm_oldhash.hash,
-				q_u->nt_newpass.pass, q_u->nt_oldhash.hash, NULL);
-
-	init_samr_r_chgpasswd_user(r_u, r_u->status);
+	status = pass_oem_change(user_name,
+				 r->in.lm_password->data,
+				 r->in.lm_verifier->hash,
+				 r->in.nt_password->data,
+				 r->in.nt_verifier->hash,
+				 NULL);
 
-	DEBUG(5,("_samr_chgpasswd_user: %d\n", __LINE__));
+	DEBUG(5,("_samr_ChangePasswordUser2: %d\n", __LINE__));
 
-	return r_u->status;
+	return status;
 }
 
 /*******************************************************************
- _samr_chgpasswd_user3
+ _samr_ChangePasswordUser3
  ********************************************************************/
 
-NTSTATUS _samr_chgpasswd_user3(pipes_struct *p, SAMR_Q_CHGPASSWD_USER3 *q_u, SAMR_R_CHGPASSWD_USER3 *r_u)
+NTSTATUS _samr_ChangePasswordUser3(pipes_struct *p,
+				   struct samr_ChangePasswordUser3 *r)
 {
+	NTSTATUS status;
 	fstring user_name;
-	fstring wks;
+	const char *wks = NULL;
 	uint32 reject_reason;
-	SAM_UNK_INFO_1 *info = NULL;
-	SAMR_CHANGE_REJECT *reject = NULL;
+	struct samr_DomInfo1 *dominfo = NULL;
+	struct samr_ChangeReject *reject = NULL;
 
-	DEBUG(5,("_samr_chgpasswd_user3: %d\n", __LINE__));
+	DEBUG(5,("_samr_ChangePasswordUser3: %d\n", __LINE__));
 
-	rpcstr_pull(user_name, q_u->uni_user_name.buffer, sizeof(user_name), q_u->uni_user_name.uni_str_len*2, 0);
-	rpcstr_pull(wks, q_u->uni_dest_host.buffer, sizeof(wks), q_u->uni_dest_host.uni_str_len*2,0);
+	fstrcpy(user_name, r->in.account->string);
+	if (r->in.server && r->in.server->string) {
+		wks = r->in.server->string;
+	}
 
-	DEBUG(5,("_samr_chgpasswd_user3: user: %s wks: %s\n", user_name, wks));
+	DEBUG(5,("_samr_ChangePasswordUser3: user: %s wks: %s\n", user_name, wks));
 
 	/*
 	 * Pass the user through the NT -> unix user mapping
 	 * function.
 	 */
- 
+
 	(void)map_username(user_name);
- 
+
 	/*
-	 * UNIX username case mangling not required, pass_oem_change 
+	 * UNIX username case mangling not required, pass_oem_change
 	 * is case insensitive.
 	 */
 
-	r_u->status = pass_oem_change(user_name, q_u->lm_newpass.pass, q_u->lm_oldhash.hash,
-				      q_u->nt_newpass.pass, q_u->nt_oldhash.hash, &reject_reason);
+	status = pass_oem_change(user_name,
+				 r->in.lm_password->data,
+				 r->in.lm_verifier->hash,
+				 r->in.nt_password->data,
+				 r->in.nt_verifier->hash,
+				 &reject_reason);
 
-	if (NT_STATUS_EQUAL(r_u->status, NT_STATUS_PASSWORD_RESTRICTION) || 
-	    NT_STATUS_EQUAL(r_u->status, NT_STATUS_ACCOUNT_RESTRICTION)) {
+	if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) ||
+	    NT_STATUS_EQUAL(status, NT_STATUS_ACCOUNT_RESTRICTION)) {
 
 		uint32 min_pass_len,pass_hist,password_properties;
 		time_t u_expire, u_min_age;
 		NTTIME nt_expire, nt_min_age;
 		uint32 account_policy_temp;
 
-		if ((info = TALLOC_ZERO_P(p->mem_ctx, SAM_UNK_INFO_1)) == NULL) {
+		dominfo = TALLOC_ZERO_P(p->mem_ctx, struct samr_DomInfo1);
+		if (!dominfo) {
 			return NT_STATUS_NO_MEMORY;
 		}
 
-		if ((reject = TALLOC_ZERO_P(p->mem_ctx, SAMR_CHANGE_REJECT)) == NULL) {
+		reject = TALLOC_ZERO_P(p->mem_ctx, struct samr_ChangeReject);
+		if (!reject) {
 			return NT_STATUS_NO_MEMORY;
 		}
 
-		ZERO_STRUCTP(info);
-		ZERO_STRUCTP(reject);
-
 		become_root();
 
 		/* AS ROOT !!! */
@@ -1644,23 +1940,32 @@ NTSTATUS _samr_chgpasswd_user3(pipes_struct *p, SAMR_Q_CHGPASSWD_USER3 *q_u, SAM
 		u_min_age = account_policy_temp;
 
 		/* !AS ROOT */
-		
+
 		unbecome_root();
 
 		unix_to_nt_time_abs(&nt_expire, u_expire);
 		unix_to_nt_time_abs(&nt_min_age, u_min_age);
 
-		init_unk_info1(info, (uint16)min_pass_len, (uint16)pass_hist, 
-		               password_properties, nt_expire, nt_min_age);
+		if (lp_check_password_script() && *lp_check_password_script()) {
+			password_properties |= DOMAIN_PASSWORD_COMPLEX;
+		}
+
+		init_samr_DomInfo1(dominfo,
+				   min_pass_len,
+				   pass_hist,
+				   password_properties,
+				   u_expire,
+				   u_min_age);
 
-		reject->reject_reason = reject_reason;
+		reject->reason = reject_reason;
+
+		*r->out.dominfo = dominfo;
+		*r->out.reject = reject;
 	}
-	
-	init_samr_r_chgpasswd_user3(r_u, r_u->status, reject, info);
 
-	DEBUG(5,("_samr_chgpasswd_user3: %d\n", __LINE__));
+	DEBUG(5,("_samr_ChangePasswordUser3: %d\n", __LINE__));
 
-	return r_u->status;
+	return status;
 }
 
 /*******************************************************************
@@ -1668,60 +1973,54 @@ makes a SAMR_R_LOOKUP_RIDS structure.
 ********************************************************************/
 
 static bool make_samr_lookup_rids(TALLOC_CTX *ctx, uint32 num_names,
-				  const char **names, UNIHDR **pp_hdr_name,
-				  UNISTR2 **pp_uni_name)
+				  const char **names,
+				  struct lsa_String **lsa_name_array_p)
 {
-	uint32 i;
-	UNIHDR *hdr_name=NULL;
-	UNISTR2 *uni_name=NULL;
+	struct lsa_String *lsa_name_array = NULL;
+	uint32_t i;
 
-	*pp_uni_name = NULL;
-	*pp_hdr_name = NULL;
+	*lsa_name_array_p = NULL;
 
 	if (num_names != 0) {
-		hdr_name = TALLOC_ZERO_ARRAY(ctx, UNIHDR, num_names);
-		if (hdr_name == NULL)
-			return False;
-
-		uni_name = TALLOC_ZERO_ARRAY(ctx,UNISTR2, num_names);
-		if (uni_name == NULL)
-			return False;
+		lsa_name_array = TALLOC_ZERO_ARRAY(ctx, struct lsa_String, num_names);
+		if (!lsa_name_array) {
+			return false;
+		}
 	}
 
 	for (i = 0; i < num_names; i++) {
 		DEBUG(10, ("names[%d]:%s\n", i, names[i] && *names[i] ? names[i] : ""));
-		init_unistr2(&uni_name[i], names[i], UNI_FLAGS_NONE);
-		init_uni_hdr(&hdr_name[i], &uni_name[i]);
+		init_lsa_String(&lsa_name_array[i], names[i]);
 	}
 
-	*pp_uni_name = uni_name;
-	*pp_hdr_name = hdr_name;
+	*lsa_name_array_p = lsa_name_array;
 
-	return True;
+	return true;
 }
 
 /*******************************************************************
- _samr_lookup_rids
+ _samr_LookupRids
  ********************************************************************/
 
-NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOKUP_RIDS *r_u)
+NTSTATUS _samr_LookupRids(pipes_struct *p,
+			  struct samr_LookupRids *r)
 {
+	NTSTATUS status;
 	const char **names;
 	enum lsa_SidType *attrs = NULL;
 	uint32 *wire_attrs = NULL;
-	UNIHDR *hdr_name = NULL;
-	UNISTR2 *uni_name = NULL;
 	DOM_SID pol_sid;
-	int num_rids = (int)q_u->num_rids1;
+	int num_rids = (int)r->in.num_rids;
 	uint32 acc_granted;
 	int i;
+	struct lsa_Strings names_array;
+	struct samr_Ids types_array;
+	struct lsa_String *lsa_names = NULL;
 
-	r_u->status = NT_STATUS_OK;
-
-	DEBUG(5,("_samr_lookup_rids: %d\n", __LINE__));
+	DEBUG(5,("_samr_LookupRids: %d\n", __LINE__));
 
 	/* find the policy handle.  open a policy on it. */
-	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &pol_sid, &acc_granted, NULL))
+	if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &pol_sid, &acc_granted, NULL))
 		return NT_STATUS_INVALID_HANDLE;
 
 	if (num_rids > 1000) {
@@ -1744,59 +2043,67 @@ NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOK
 	}
 
 	become_root();  /* lookup_sid can require root privs */
-	r_u->status = pdb_lookup_rids(&pol_sid, num_rids, q_u->rid,
-				      names, attrs);
+	status = pdb_lookup_rids(&pol_sid, num_rids, r->in.rids,
+				 names, attrs);
 	unbecome_root();
 
-	if ( NT_STATUS_EQUAL(r_u->status, NT_STATUS_NONE_MAPPED) && (num_rids == 0) ) {
-		r_u->status = NT_STATUS_OK;
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED) && (num_rids == 0)) {
+		status = NT_STATUS_OK;
 	}
 
-	if(!make_samr_lookup_rids(p->mem_ctx, num_rids, names,
-				  &hdr_name, &uni_name))
+	if (!make_samr_lookup_rids(p->mem_ctx, num_rids, names,
+				   &lsa_names)) {
 		return NT_STATUS_NO_MEMORY;
+	}
 
 	/* Convert from enum lsa_SidType to uint32 for wire format. */
 	for (i = 0; i < num_rids; i++) {
 		wire_attrs[i] = (uint32)attrs[i];
 	}
 
-	init_samr_r_lookup_rids(r_u, num_rids, hdr_name, uni_name, wire_attrs);
+	names_array.count = num_rids;
+	names_array.names = lsa_names;
+
+	types_array.count = num_rids;
+	types_array.ids = wire_attrs;
 
-	DEBUG(5,("_samr_lookup_rids: %d\n", __LINE__));
+	*r->out.names = names_array;
+	*r->out.types = types_array;
 
-	return r_u->status;
+	DEBUG(5,("_samr_LookupRids: %d\n", __LINE__));
+
+	return status;
 }
 
 /*******************************************************************
- _samr_open_user. Safe - gives out no passwd info.
- ********************************************************************/
+ _samr_OpenUser
+********************************************************************/
 
-NTSTATUS _samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN_USER *r_u)
+NTSTATUS _samr_OpenUser(pipes_struct *p,
+			struct samr_OpenUser *r)
 {
 	struct samu *sampass=NULL;
 	DOM_SID sid;
-	POLICY_HND domain_pol = q_u->domain_pol;
-	POLICY_HND *user_pol = &r_u->user_pol;
+	POLICY_HND domain_pol = *r->in.domain_handle;
+	POLICY_HND *user_pol = r->out.user_handle;
 	struct samr_info *info = NULL;
 	SEC_DESC *psd = NULL;
 	uint32    acc_granted;
-	uint32    des_access = q_u->access_mask;
+	uint32    des_access = r->in.access_mask;
 	size_t    sd_size;
 	bool ret;
 	NTSTATUS nt_status;
 	SE_PRIV se_rights;
 
-	r_u->status = NT_STATUS_OK;
-
 	/* find the domain policy handle and get domain SID / access bits in the domain policy. */
-	
+
 	if ( !get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted, NULL) )
 		return NT_STATUS_INVALID_HANDLE;
-	
-	nt_status = access_check_samr_function( acc_granted, 
-		SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_user" );
-		
+
+	nt_status = access_check_samr_function(acc_granted,
+					       SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+					       "_samr_OpenUser" );
+
 	if ( !NT_STATUS_IS_OK(nt_status) )
 		return nt_status;
 
@@ -1805,22 +2112,22 @@ NTSTATUS _samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN_USE
 	}
 
 	/* append the user's RID to it */
-	
-	if (!sid_append_rid(&sid, q_u->user_rid))
+
+	if (!sid_append_rid(&sid, r->in.rid))
 		return NT_STATUS_NO_SUCH_USER;
-	
+
 	/* check if access can be granted as requested by client. */
-	
+
 	make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping, &sid, SAMR_USR_RIGHTS_WRITE_PW);
 	se_map_generic(&des_access, &usr_generic_mapping);
-	
+
 	se_priv_copy( &se_rights, &se_machine_account );
 	se_priv_add( &se_rights, &se_add_users );
-	
-	nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token, 
-		&se_rights, GENERIC_RIGHTS_USER_WRITE, des_access, 
-		&acc_granted, "_samr_open_user");
-		
+
+	nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+		&se_rights, GENERIC_RIGHTS_USER_WRITE, des_access,
+		&acc_granted, "_samr_OpenUser");
+
 	if ( !NT_STATUS_IS_OK(nt_status) )
 		return nt_status;
 
@@ -1844,22 +2151,27 @@ NTSTATUS _samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN_USE
 	if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info))
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 
-	return r_u->status;
+	return NT_STATUS_OK;
 }
 
 /*************************************************************************
  get_user_info_7. Safe. Only gives out account_name.
  *************************************************************************/
 
-static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx, SAM_USER_INFO_7 *id7, DOM_SID *user_sid)
+static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx,
+				struct samr_UserInfo7 *r,
+				DOM_SID *user_sid)
 {
 	struct samu *smbpass=NULL;
 	bool ret;
+	const char *account_name = NULL;
+
+	ZERO_STRUCTP(r);
 
 	if ( !(smbpass = samu_new( mem_ctx )) ) {
 		return NT_STATUS_NO_MEMORY;
 	}
-	
+
 	become_root();
 	ret = pdb_getsampwsid(smbpass, user_sid);
 	unbecome_root();
@@ -1869,12 +2181,16 @@ static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx, SAM_USER_INFO_7 *id7, DOM_S
 		return NT_STATUS_NO_SUCH_USER;
 	}
 
-	DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) ));
+	account_name = talloc_strdup(mem_ctx, pdb_get_username(smbpass));
+	if (!account_name) {
+		TALLOC_FREE(smbpass);
+		return NT_STATUS_NO_MEMORY;
+	}
+	TALLOC_FREE(smbpass);
 
-	ZERO_STRUCTP(id7);
-	init_sam_user_info7(id7, pdb_get_username(smbpass) );
+	DEBUG(3,("User:[%s]\n", account_name));
 
-	TALLOC_FREE(smbpass);
+	init_samr_user_info7(r, account_name);
 
 	return NT_STATUS_OK;
 }
@@ -1882,11 +2198,16 @@ static NTSTATUS get_user_info_7(TALLOC_CTX *mem_ctx, SAM_USER_INFO_7 *id7, DOM_S
 /*************************************************************************
  get_user_info_9. Only gives out primary group SID.
  *************************************************************************/
-static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx, SAM_USER_INFO_9 * id9, DOM_SID *user_sid)
+
+static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx,
+				struct samr_UserInfo9 *r,
+				DOM_SID *user_sid)
 {
 	struct samu *smbpass=NULL;
 	bool ret;
 
+	ZERO_STRUCTP(r);
+
 	if ( !(smbpass = samu_new( mem_ctx )) ) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -1897,13 +2218,13 @@ static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx, SAM_USER_INFO_9 * id9, DOM_
 
 	if (ret==False) {
 		DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
+		TALLOC_FREE(smbpass);
 		return NT_STATUS_NO_SUCH_USER;
 	}
 
 	DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) ));
 
-	ZERO_STRUCTP(id9);
-	init_sam_user_info9(id9, pdb_get_group_rid(smbpass) );
+	init_samr_user_info9(r, pdb_get_group_rid(smbpass));
 
 	TALLOC_FREE(smbpass);
 
@@ -1914,11 +2235,15 @@ static NTSTATUS get_user_info_9(TALLOC_CTX *mem_ctx, SAM_USER_INFO_9 * id9, DOM_
  get_user_info_16. Safe. Only gives out acb bits.
  *************************************************************************/
 
-static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx, SAM_USER_INFO_16 *id16, DOM_SID *user_sid)
+static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx,
+				 struct samr_UserInfo16 *r,
+				 DOM_SID *user_sid)
 {
 	struct samu *smbpass=NULL;
 	bool ret;
 
+	ZERO_STRUCTP(r);
+
 	if ( !(smbpass = samu_new( mem_ctx )) ) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -1929,13 +2254,13 @@ static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx, SAM_USER_INFO_16 *id16, DO
 
 	if (ret==False) {
 		DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
+		TALLOC_FREE(smbpass);
 		return NT_STATUS_NO_SUCH_USER;
 	}
 
 	DEBUG(3,("User:[%s]\n", pdb_get_username(smbpass) ));
 
-	ZERO_STRUCTP(id16);
-	init_sam_user_info16(id16, pdb_get_acct_ctrl(smbpass) );
+	init_samr_user_info16(r, pdb_get_acct_ctrl(smbpass));
 
 	TALLOC_FREE(smbpass);
 
@@ -1945,14 +2270,19 @@ static NTSTATUS get_user_info_16(TALLOC_CTX *mem_ctx, SAM_USER_INFO_16 *id16, DO
 /*************************************************************************
  get_user_info_18. OK - this is the killer as it gives out password info.
  Ensure that this is only allowed on an encrypted connection with a root
- user. JRA. 
+ user. JRA.
  *************************************************************************/
 
-static NTSTATUS get_user_info_18(pipes_struct *p, TALLOC_CTX *mem_ctx, SAM_USER_INFO_18 * id18, DOM_SID *user_sid)
+static NTSTATUS get_user_info_18(pipes_struct *p,
+				 TALLOC_CTX *mem_ctx,
+				 struct samr_UserInfo18 *r,
+				 DOM_SID *user_sid)
 {
 	struct samu *smbpass=NULL;
 	bool ret;
 
+	ZERO_STRUCTP(r);
+
 	if (p->auth.auth_type != PIPE_AUTH_TYPE_NTLMSSP || p->auth.auth_type != PIPE_AUTH_TYPE_SPNEGO_NTLMSSP) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
@@ -1984,9 +2314,9 @@ static NTSTATUS get_user_info_18(pipes_struct *p, TALLOC_CTX *mem_ctx, SAM_USER_
 		return NT_STATUS_ACCOUNT_DISABLED;
 	}
 
-	ZERO_STRUCTP(id18);
-	init_sam_user_info18(id18, pdb_get_lanman_passwd(smbpass), pdb_get_nt_passwd(smbpass));
-	
+	init_samr_user_info18(r, pdb_get_lanman_passwd(smbpass),
+			      pdb_get_nt_passwd(smbpass));
+
 	TALLOC_FREE(smbpass);
 
 	return NT_STATUS_OK;
@@ -1996,10 +2326,17 @@ static NTSTATUS get_user_info_18(pipes_struct *p, TALLOC_CTX *mem_ctx, SAM_USER_
  get_user_info_20
  *************************************************************************/
 
-static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx, SAM_USER_INFO_20 *id20, DOM_SID *user_sid)
+static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx,
+				 struct samr_UserInfo20 *r,
+				 DOM_SID *user_sid)
 {
 	struct samu *sampass=NULL;
 	bool ret;
+	const char *munged_dial = NULL;
+	const char *munged_dial_decoded = NULL;
+	DATA_BLOB blob;
+
+	ZERO_STRUCTP(r);
 
 	if ( !(sampass = samu_new( mem_ctx )) ) {
 		return NT_STATUS_NO_MEMORY;
@@ -2011,72 +2348,221 @@ static NTSTATUS get_user_info_20(TALLOC_CTX *mem_ctx, SAM_USER_INFO_20 *id20, DO
 
 	if (ret == False) {
 		DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
+		TALLOC_FREE(sampass);
 		return NT_STATUS_NO_SUCH_USER;
 	}
 
+	munged_dial = pdb_get_munged_dial(sampass);
+
 	samr_clear_sam_passwd(sampass);
 
 	DEBUG(3,("User:[%s]\n",  pdb_get_username(sampass) ));
 
-	ZERO_STRUCTP(id20);
-	init_sam_user_info20A(id20, sampass);
-	
+	if (munged_dial) {
+		blob = base64_decode_data_blob(munged_dial);
+		munged_dial_decoded = talloc_strndup(mem_ctx,
+						     (const char *)blob.data,
+						     blob.length);
+		data_blob_free(&blob);
+		if (!munged_dial_decoded) {
+			TALLOC_FREE(sampass);
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
+
+#if 0
+	init_unistr2_from_datablob(&usr->uni_munged_dial, &blob);
+	init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial);
+	data_blob_free(&blob);
+#endif
+	init_samr_user_info20(r, munged_dial_decoded);
+
 	TALLOC_FREE(sampass);
 
 	return NT_STATUS_OK;
 }
 
+
 /*************************************************************************
  get_user_info_21
  *************************************************************************/
 
-static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21, 
-				 DOM_SID *user_sid, DOM_SID *domain_sid)
+static NTSTATUS get_user_info_21(TALLOC_CTX *mem_ctx,
+				 struct samr_UserInfo21 *r,
+				 DOM_SID *user_sid,
+				 DOM_SID *domain_sid)
 {
-	struct samu *sampass=NULL;
+	struct samu *pw = NULL;
 	bool ret;
-	NTSTATUS nt_status;
-
-	if ( !(sampass = samu_new( mem_ctx )) ) {
+	const DOM_SID *sid_user, *sid_group;
+	uint32_t rid, primary_gid;
+	NTTIME last_logon, last_logoff, last_password_change,
+	       acct_expiry, allow_password_change, force_password_change;
+	time_t must_change_time;
+	uint8_t password_expired;
+	const char *account_name, *full_name, *home_directory, *home_drive,
+		   *logon_script, *profile_path, *description,
+		   *workstations, *comment, *parameters;
+	struct samr_LogonHours logon_hours;
+	const char *munged_dial = NULL;
+	DATA_BLOB blob;
+
+	ZERO_STRUCTP(r);
+
+	if (!(pw = samu_new(mem_ctx))) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
 	become_root();
-	ret = pdb_getsampwsid(sampass, user_sid);
+	ret = pdb_getsampwsid(pw, user_sid);
 	unbecome_root();
 
 	if (ret == False) {
 		DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid)));
+		TALLOC_FREE(pw);
 		return NT_STATUS_NO_SUCH_USER;
 	}
 
-	samr_clear_sam_passwd(sampass);
+	samr_clear_sam_passwd(pw);
 
-	DEBUG(3,("User:[%s]\n",  pdb_get_username(sampass) ));
+	DEBUG(3,("User:[%s]\n", pdb_get_username(pw)));
 
-	ZERO_STRUCTP(id21);
-	nt_status = init_sam_user_info21A(id21, sampass, domain_sid);
-	
-	TALLOC_FREE(sampass);
+	sid_user = pdb_get_user_sid(pw);
 
-	return nt_status;
+	if (!sid_peek_check_rid(domain_sid, sid_user, &rid)) {
+		DEBUG(0, ("get_user_info_21: User %s has SID %s, \nwhich conflicts with "
+			  "the domain sid %s.  Failing operation.\n",
+			  pdb_get_username(pw), sid_string_dbg(sid_user),
+			  sid_string_dbg(domain_sid)));
+		TALLOC_FREE(pw);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	become_root();
+	sid_group = pdb_get_group_sid(pw);
+	unbecome_root();
+
+	if (!sid_peek_check_rid(domain_sid, sid_group, &primary_gid)) {
+		DEBUG(0, ("get_user_info_21: User %s has Primary Group SID %s, \n"
+			  "which conflicts with the domain sid %s.  Failing operation.\n",
+			  pdb_get_username(pw), sid_string_dbg(sid_group),
+			  sid_string_dbg(domain_sid)));
+		TALLOC_FREE(pw);
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	unix_to_nt_time(&last_logon, pdb_get_logon_time(pw));
+	unix_to_nt_time(&last_logoff, pdb_get_logoff_time(pw));
+	unix_to_nt_time(&acct_expiry, pdb_get_kickoff_time(pw));
+	unix_to_nt_time(&last_password_change, pdb_get_pass_last_set_time(pw));
+	unix_to_nt_time(&allow_password_change, pdb_get_pass_can_change_time(pw));
+
+	must_change_time = pdb_get_pass_must_change_time(pw);
+	if (must_change_time == get_time_t_max()) {
+		unix_to_nt_time_abs(&force_password_change, must_change_time);
+	} else {
+		unix_to_nt_time(&force_password_change, must_change_time);
+	}
+
+	if (pdb_get_pass_must_change_time(pw) == 0) {
+		password_expired = PASS_MUST_CHANGE_AT_NEXT_LOGON;
+	} else {
+		password_expired = 0;
+	}
+
+	munged_dial = pdb_get_munged_dial(pw);
+	if (munged_dial) {
+		blob = base64_decode_data_blob(munged_dial);
+		parameters = talloc_strndup(mem_ctx, (const char *)blob.data, blob.length);
+		data_blob_free(&blob);
+		if (!parameters) {
+			TALLOC_FREE(pw);
+			return NT_STATUS_NO_MEMORY;
+		}
+	} else {
+		parameters = NULL;
+	}
+
+
+	account_name = talloc_strdup(mem_ctx, pdb_get_username(pw));
+	full_name = talloc_strdup(mem_ctx, pdb_get_fullname(pw));
+	home_directory = talloc_strdup(mem_ctx, pdb_get_homedir(pw));
+	home_drive = talloc_strdup(mem_ctx, pdb_get_dir_drive(pw));
+	logon_script = talloc_strdup(mem_ctx, pdb_get_logon_script(pw));
+	profile_path = talloc_strdup(mem_ctx, pdb_get_profile_path(pw));
+	description = talloc_strdup(mem_ctx, pdb_get_acct_desc(pw));
+	workstations = talloc_strdup(mem_ctx, pdb_get_workstations(pw));
+	comment = talloc_strdup(mem_ctx, pdb_get_comment(pw));
+
+	logon_hours = get_logon_hours_from_pdb(mem_ctx, pw);
+#if 0
+
+	/*
+	  Look at a user on a real NT4 PDC with usrmgr, press
+	  'ok'. Then you will see that fields_present is set to
+	  0x08f827fa. Look at the user immediately after that again,
+	  and you will see that 0x00fffff is returned. This solves
+	  the problem that you get access denied after having looked
+	  at the user.
+	  -- Volker
+	*/
+
+#if 0
+	init_unistr2_from_datablob(&usr->uni_munged_dial, &munged_dial_blob);
+	init_uni_hdr(&usr->hdr_munged_dial, &usr->uni_munged_dial);
+	data_blob_free(&munged_dial_blob);
+#endif
+#endif
+
+	init_samr_user_info21(r,
+			      last_logon,
+			      last_logoff,
+			      last_password_change,
+			      acct_expiry,
+			      allow_password_change,
+			      force_password_change,
+			      account_name,
+			      full_name,
+			      home_directory,
+			      home_drive,
+			      logon_script,
+			      profile_path,
+			      description,
+			      workstations,
+			      comment,
+			      parameters,
+			      rid,
+			      primary_gid,
+			      pdb_get_acct_ctrl(pw),
+			      pdb_build_fields_present(pw),
+			      logon_hours,
+			      pdb_get_bad_password_count(pw),
+			      pdb_get_logon_count(pw),
+			      0, /* country_code */
+			      0, /* code_page */
+			      0, /* nt_password_set */
+			      0, /* lm_password_set */
+			      password_expired);
+	TALLOC_FREE(pw);
+
+	return NT_STATUS_OK;
 }
 
 /*******************************************************************
- _samr_query_userinfo
+ _samr_QueryUserInfo
  ********************************************************************/
 
-NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_R_QUERY_USERINFO *r_u)
+NTSTATUS _samr_QueryUserInfo(pipes_struct *p,
+			     struct samr_QueryUserInfo *r)
 {
-	SAM_USERINFO_CTR *ctr;
+	NTSTATUS status;
+	union samr_UserInfo *user_info = NULL;
 	struct samr_info *info = NULL;
 	DOM_SID domain_sid;
 	uint32 rid;
-	
-	r_u->status=NT_STATUS_OK;
 
 	/* search for the handle */
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+	if (!find_policy_by_hnd(p, r->in.user_handle, (void **)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
 	domain_sid = info->sid;
@@ -2086,94 +2572,81 @@ NTSTATUS _samr_query_userinfo(pipes_struct *p, SAMR_Q_QUERY_USERINFO *q_u, SAMR_
 	if (!sid_check_is_in_our_domain(&info->sid))
 		return NT_STATUS_OBJECT_TYPE_MISMATCH;
 
-	DEBUG(5,("_samr_query_userinfo: sid:%s\n",
+	DEBUG(5,("_samr_QueryUserInfo: sid:%s\n",
 		 sid_string_dbg(&info->sid)));
 
-	ctr = TALLOC_ZERO_P(p->mem_ctx, SAM_USERINFO_CTR);
-	if (!ctr)
+	user_info = TALLOC_ZERO_P(p->mem_ctx, union samr_UserInfo);
+	if (!user_info) {
 		return NT_STATUS_NO_MEMORY;
+	}
 
-	ZERO_STRUCTP(ctr);
-
-	/* ok!  user info levels (lots: see MSDEV help), off we go... */
-	ctr->switch_value = q_u->switch_value;
-
-	DEBUG(5,("_samr_query_userinfo: user info level: %d\n", q_u->switch_value));
+	DEBUG(5,("_samr_QueryUserInfo: user info level: %d\n", r->in.level));
 
-	switch (q_u->switch_value) {
+	switch (r->in.level) {
 	case 7:
-		ctr->info.id7 = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_7);
-		if (ctr->info.id7 == NULL)
-			return NT_STATUS_NO_MEMORY;
-
-		if (!NT_STATUS_IS_OK(r_u->status = get_user_info_7(p->mem_ctx, ctr->info.id7, &info->sid)))
-			return r_u->status;
+		status = get_user_info_7(p->mem_ctx, &user_info->info7, &info->sid);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
 		break;
 	case 9:
-		ctr->info.id9 = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_9);
-		if (ctr->info.id9 == NULL)
-			return NT_STATUS_NO_MEMORY;
-
-		if (!NT_STATUS_IS_OK(r_u->status = get_user_info_9(p->mem_ctx, ctr->info.id9, &info->sid)))
-			return r_u->status;
+		status = get_user_info_9(p->mem_ctx, &user_info->info9, &info->sid);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
 		break;
 	case 16:
-		ctr->info.id16 = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_16);
-		if (ctr->info.id16 == NULL)
-			return NT_STATUS_NO_MEMORY;
-
-		if (!NT_STATUS_IS_OK(r_u->status = get_user_info_16(p->mem_ctx, ctr->info.id16, &info->sid)))
-			return r_u->status;
+		status = get_user_info_16(p->mem_ctx, &user_info->info16, &info->sid);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
 		break;
 
 	case 18:
-		ctr->info.id18 = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_18);
-		if (ctr->info.id18 == NULL)
-			return NT_STATUS_NO_MEMORY;
-
-		if (!NT_STATUS_IS_OK(r_u->status = get_user_info_18(p, p->mem_ctx, ctr->info.id18, &info->sid)))
-			return r_u->status;
+		status = get_user_info_18(p, p->mem_ctx, &user_info->info18, &info->sid);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
 		break;
-		
+
 	case 20:
-		ctr->info.id20 = TALLOC_ZERO_P(p->mem_ctx,SAM_USER_INFO_20);
-		if (ctr->info.id20 == NULL)
-			return NT_STATUS_NO_MEMORY;
-		if (!NT_STATUS_IS_OK(r_u->status = get_user_info_20(p->mem_ctx, ctr->info.id20, &info->sid)))
-			return r_u->status;
+		status = get_user_info_20(p->mem_ctx, &user_info->info20, &info->sid);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
 		break;
 
 	case 21:
-		ctr->info.id21 = TALLOC_ZERO_P(p->mem_ctx,SAM_USER_INFO_21);
-		if (ctr->info.id21 == NULL)
-			return NT_STATUS_NO_MEMORY;
-		if (!NT_STATUS_IS_OK(r_u->status = get_user_info_21(p->mem_ctx, ctr->info.id21, 
-								    &info->sid, &domain_sid)))
-			return r_u->status;
+		status = get_user_info_21(p->mem_ctx, &user_info->info21,
+					  &info->sid, &domain_sid);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
 		break;
 
 	default:
 		return NT_STATUS_INVALID_INFO_CLASS;
 	}
 
-	init_samr_r_query_userinfo(r_u, ctr, r_u->status);
+	*r->out.info = user_info;
+
+	DEBUG(5,("_samr_QueryUserInfo: %d\n", __LINE__));
 
-	DEBUG(5,("_samr_query_userinfo: %d\n", __LINE__));
-	
-	return r_u->status;
+	return status;
 }
 
 /*******************************************************************
- samr_reply_query_usergroups
+ _samr_GetGroupsForUser
  ********************************************************************/
 
-NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, SAMR_R_QUERY_USERGROUPS *r_u)
+NTSTATUS _samr_GetGroupsForUser(pipes_struct *p,
+				struct samr_GetGroupsForUser *r)
 {
 	struct samu *sam_pass=NULL;
 	DOM_SID  sid;
 	DOM_SID *sids;
-	DOM_GID dom_gid;
-	DOM_GID *gids = NULL;
+	struct samr_RidWithAttribute dom_gid;
+	struct samr_RidWithAttribute *gids = NULL;
 	uint32 primary_group_rid;
 	size_t num_groups = 0;
 	gid_t *unix_gids;
@@ -2183,6 +2656,8 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
 	NTSTATUS result;
 	bool success = False;
 
+	struct samr_RidWithAttributeArray *rids = NULL;
+
 	/*
 	 * from the SID in the request:
 	 * we should send back the list of DOMAIN GROUPS
@@ -2195,16 +2670,22 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
 	 * JFM, 12/2/2001
 	 */
 
-	r_u->status = NT_STATUS_OK;
+	DEBUG(5,("_samr_GetGroupsForUser: %d\n", __LINE__));
 
-	DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__));
+	rids = TALLOC_ZERO_P(p->mem_ctx, struct samr_RidWithAttributeArray);
+	if (!rids) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	/* find the policy handle.  open a policy on it. */
-	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted, NULL))
+	if (!get_lsa_policy_samr_sid(p, r->in.user_handle, &sid, &acc_granted, NULL))
 		return NT_STATUS_INVALID_HANDLE;
-	
-	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_USER_GET_GROUPS, "_samr_query_usergroups"))) {
-		return r_u->status;
+
+	result = access_check_samr_function(acc_granted,
+					    SA_RIGHT_USER_GET_GROUPS,
+					    "_samr_GetGroupsForUser");
+	if (!NT_STATUS_IS_OK(result)) {
+		return result;
 	}
 
 	if (!sid_check_is_in_our_domain(&sid))
@@ -2231,7 +2712,7 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
 	result = pdb_enum_group_memberships(p->mem_ctx, sam_pass,
 					    &sids, &unix_gids, &num_groups);
 	if ( NT_STATUS_IS_OK(result) ) {
-		success = sid_peek_check_rid(get_global_sam_sid(), 
+		success = sid_peek_check_rid(get_global_sam_sid(),
 					     pdb_get_group_sid(sam_pass),
 					     &primary_group_rid);
 	}
@@ -2254,48 +2735,53 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S
 	gids = NULL;
 	num_gids = 0;
 
-	dom_gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
-			SE_GROUP_ENABLED);
-	dom_gid.g_rid = primary_group_rid;
-	ADD_TO_ARRAY(p->mem_ctx, DOM_GID, dom_gid, &gids, &num_gids);
+	dom_gid.attributes = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|
+			      SE_GROUP_ENABLED);
+	dom_gid.rid = primary_group_rid;
+	ADD_TO_ARRAY(p->mem_ctx, struct samr_RidWithAttribute, dom_gid, &gids, &num_gids);
 
 	for (i=0; i<num_groups; i++) {
 
 		if (!sid_peek_check_rid(get_global_sam_sid(),
-					&(sids[i]), &dom_gid.g_rid)) {
+					&(sids[i]), &dom_gid.rid)) {
 			DEBUG(10, ("Found sid %s not in our domain\n",
 				   sid_string_dbg(&sids[i])));
 			continue;
 		}
 
-		if (dom_gid.g_rid == primary_group_rid) {
+		if (dom_gid.rid == primary_group_rid) {
 			/* We added the primary group directly from the
 			 * sam_account. The other SIDs are unique from
 			 * enum_group_memberships */
 			continue;
 		}
 
-		ADD_TO_ARRAY(p->mem_ctx, DOM_GID, dom_gid, &gids, &num_gids);
+		ADD_TO_ARRAY(p->mem_ctx, struct samr_RidWithAttribute, dom_gid, &gids, &num_gids);
 	}
-	
-	/* construct the response.  lkclXXXX: gids are not copied! */
-	init_samr_r_query_usergroups(r_u, num_gids, gids, r_u->status);
-	
-	DEBUG(5,("_samr_query_usergroups: %d\n", __LINE__));
-	
-	return r_u->status;
+
+	rids->count = num_gids;
+	rids->rids = gids;
+
+	*r->out.rids = rids;
+
+	DEBUG(5,("_samr_GetGroupsForUser: %d\n", __LINE__));
+
+	return result;
 }
 
 /*******************************************************************
- _samr_query_domain_info
+ samr_QueryDomainInfo_internal
  ********************************************************************/
 
-NTSTATUS _samr_query_domain_info(pipes_struct *p, 
-				 SAMR_Q_QUERY_DOMAIN_INFO *q_u, 
-				 SAMR_R_QUERY_DOMAIN_INFO *r_u)
+static NTSTATUS samr_QueryDomainInfo_internal(const char *fn_name,
+					      pipes_struct *p,
+					      struct policy_handle *handle,
+					      uint32_t level,
+					      union samr_DomainInfo **dom_info_ptr)
 {
+	NTSTATUS status = NT_STATUS_OK;
 	struct samr_info *info = NULL;
-	SAM_UNK_CTR *ctr;
+	union samr_DomainInfo *dom_info;
 	uint32 min_pass_len,pass_hist,password_properties;
 	time_t u_expire, u_min_age;
 	NTTIME nt_expire, nt_min_age;
@@ -2313,24 +2799,23 @@ NTSTATUS _samr_query_domain_info(pipes_struct *p,
 
 	uint32 num_users=0, num_groups=0, num_aliases=0;
 
-	if ((ctr = TALLOC_ZERO_P(p->mem_ctx, SAM_UNK_CTR)) == NULL) {
+	DEBUG(5,("%s: %d\n", fn_name, __LINE__));
+
+	dom_info = TALLOC_ZERO_P(p->mem_ctx, union samr_DomainInfo);
+	if (!dom_info) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	ZERO_STRUCTP(ctr);
+	*dom_info_ptr = dom_info;
 
-	r_u->status = NT_STATUS_OK;
-	
-	DEBUG(5,("_samr_query_domain_info: %d\n", __LINE__));
-	
 	/* find the policy handle.  open a policy on it. */
-	if (!find_policy_by_hnd(p, &q_u->domain_pol, (void **)(void *)&info)) {
+	if (!find_policy_by_hnd(p, handle, (void **)(void *)&info)) {
 		return NT_STATUS_INVALID_HANDLE;
 	}
-	
-	switch (q_u->switch_value) {
+
+	switch (level) {
 		case 0x01:
-			
+
 			become_root();
 
 			/* AS ROOT !!! */
@@ -2351,14 +2836,18 @@ NTSTATUS _samr_query_domain_info(pipes_struct *p,
 			u_min_age = account_policy_temp;
 
 			/* !AS ROOT */
-			
+
 			unbecome_root();
 
 			unix_to_nt_time_abs(&nt_expire, u_expire);
 			unix_to_nt_time_abs(&nt_min_age, u_min_age);
 
-			init_unk_info1(&ctr->info.inf1, (uint16)min_pass_len, (uint16)pass_hist, 
-			               password_properties, nt_expire, nt_min_age);
+			init_samr_DomInfo1(&dom_info->info1,
+					   (uint16)min_pass_len,
+					   (uint16)pass_hist,
+					   password_properties,
+					   nt_expire,
+					   nt_min_age);
 			break;
 		case 0x02:
 
@@ -2379,15 +2868,25 @@ NTSTATUS _samr_query_domain_info(pipes_struct *p,
 				seq_num = time(NULL);
 
 			/* !AS ROOT */
-			
+
 			unbecome_root();
 
 			server_role = ROLE_DOMAIN_PDC;
 			if (lp_server_role() == ROLE_DOMAIN_BDC)
 				server_role = ROLE_DOMAIN_BDC;
 
-			init_unk_info2(&ctr->info.inf2, lp_serverstring(), lp_workgroup(), global_myname(), seq_num, 
-				       num_users, num_groups, num_aliases, nt_logout, server_role);
+			init_samr_DomInfo2(&dom_info->info2,
+					   nt_logout,
+					   lp_serverstring(),
+					   lp_workgroup(),
+					   global_myname(),
+					   seq_num,
+					   1,
+					   server_role,
+					   1,
+					   num_users,
+					   num_groups,
+					   num_aliases);
 			break;
 		case 0x03:
 
@@ -2402,31 +2901,37 @@ NTSTATUS _samr_query_domain_info(pipes_struct *p,
 			}
 
 			/* !AS ROOT */
-			
+
 			unbecome_root();
 
 			unix_to_nt_time_abs(&nt_logout, u_logout);
-			
-			init_unk_info3(&ctr->info.inf3, nt_logout);
+
+			init_samr_DomInfo3(&dom_info->info3,
+					   nt_logout);
+
 			break;
 		case 0x04:
-			init_unk_info4(&ctr->info.inf4, lp_serverstring());
+			init_samr_DomInfo4(&dom_info->info4,
+					   lp_serverstring());
 			break;
 		case 0x05:
-			init_unk_info5(&ctr->info.inf5, get_global_sam_name());
+			init_samr_DomInfo5(&dom_info->info5,
+					   get_global_sam_name());
 			break;
 		case 0x06:
 			/* NT returns its own name when a PDC. win2k and later
 			 * only the name of the PDC if itself is a BDC (samba4
 			 * idl) */
-			init_unk_info6(&ctr->info.inf6, global_myname());
+			init_samr_DomInfo6(&dom_info->info6,
+					   global_myname());
 			break;
 		case 0x07:
 			server_role = ROLE_DOMAIN_PDC;
 			if (lp_server_role() == ROLE_DOMAIN_BDC)
 				server_role = ROLE_DOMAIN_BDC;
 
-			init_unk_info7(&ctr->info.inf7, server_role);
+			init_samr_DomInfo7(&dom_info->info7,
+					   server_role);
 			break;
 		case 0x08:
 
@@ -2439,10 +2944,12 @@ NTSTATUS _samr_query_domain_info(pipes_struct *p,
 			}
 
 			/* !AS ROOT */
-			
+
 			unbecome_root();
 
-			init_unk_info8(&ctr->info.inf8, (uint32) seq_num);
+			init_samr_DomInfo8(&dom_info->info8,
+					   seq_num,
+					   0);
 			break;
 		case 0x0c:
 
@@ -2463,24 +2970,38 @@ NTSTATUS _samr_query_domain_info(pipes_struct *p,
 			lockout = account_policy_temp;
 
 			/* !AS ROOT */
-			
+
 			unbecome_root();
 
 			unix_to_nt_time_abs(&nt_lock_duration, u_lock_duration);
 			unix_to_nt_time_abs(&nt_reset_time, u_reset_time);
-	
-            		init_unk_info12(&ctr->info.inf12, nt_lock_duration, nt_reset_time, (uint16)lockout);
+
+			init_samr_DomInfo12(&dom_info->info12,
+					    nt_lock_duration,
+					    nt_reset_time,
+					    (uint16)lockout);
             		break;
         	default:
             		return NT_STATUS_INVALID_INFO_CLASS;
-		}
-	
+	}
+
+	DEBUG(5,("%s: %d\n", fn_name, __LINE__));
+
+	return status;
+}
 
-	init_samr_r_query_domain_info(r_u, q_u->switch_value, ctr, NT_STATUS_OK);
-	
-	DEBUG(5,("_samr_query_domain_info: %d\n", __LINE__));
-	
-	return r_u->status;
+/*******************************************************************
+ _samr_QueryDomainInfo
+ ********************************************************************/
+
+NTSTATUS _samr_QueryDomainInfo(pipes_struct *p,
+			       struct samr_QueryDomainInfo *r)
+{
+	return samr_QueryDomainInfo_internal("_samr_QueryDomainInfo",
+					     p,
+					     r->in.domain_handle,
+					     r->in.level,
+					     r->out.info);
 }
 
 /* W2k3 seems to use the same check for all 3 objects that can be created via
@@ -2522,19 +3043,17 @@ static NTSTATUS can_create(TALLOC_CTX *mem_ctx, const char *new_name)
 }
 
 /*******************************************************************
- _samr_create_user
- Create an account, can be either a normal user or a machine.
- This funcion will need to be updated for bdc/domain trusts.
+ _samr_CreateUser2
  ********************************************************************/
 
-NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u,
-			   SAMR_R_CREATE_USER *r_u)
+NTSTATUS _samr_CreateUser2(pipes_struct *p,
+			   struct samr_CreateUser2 *r)
 {
-	char *account;
+	const char *account = NULL;
 	DOM_SID sid;
-	POLICY_HND dom_pol = q_u->domain_pol;
-	uint16 acb_info = q_u->acb_info;
-	POLICY_HND *user_pol = &r_u->user_pol;
+	POLICY_HND dom_pol = *r->in.domain_handle;
+	uint32_t acb_info = r->in.acct_flags;
+	POLICY_HND *user_pol = r->out.user_handle;
 	struct samr_info *info = NULL;
 	NTSTATUS nt_status;
 	uint32 acc_granted;
@@ -2553,19 +3072,19 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u,
 
 	nt_status = access_check_samr_function(acc_granted,
 					       SA_RIGHT_DOMAIN_CREATE_USER,
-					       "_samr_create_user");
+					       "_samr_CreateUser2");
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		return nt_status;
 	}
 
 	if (!(acb_info == ACB_NORMAL || acb_info == ACB_DOMTRUST ||
-	      acb_info == ACB_WSTRUST || acb_info == ACB_SVRTRUST)) { 
-		/* Match Win2k, and return NT_STATUS_INVALID_PARAMETER if 
+	      acb_info == ACB_WSTRUST || acb_info == ACB_SVRTRUST)) {
+		/* Match Win2k, and return NT_STATUS_INVALID_PARAMETER if
 		   this parameter is not an account type */
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	account = rpcstr_pull_unistr2_talloc(p->mem_ctx, &q_u->uni_name);
+	account = r->in.account_name->string;
 	if (account == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -2576,14 +3095,14 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u,
 	}
 
 	/* determine which user right we need to check based on the acb_info */
-	
+
 	if ( acb_info & ACB_WSTRUST )
 	{
 		se_priv_copy( &se_rights, &se_machine_account );
 		can_add_account = user_has_privileges(
 			p->pipe_user.nt_user_token, &se_rights );
-	} 
-	/* usrmgr.exe (and net rpc trustdom grant) creates a normal user 
+	}
+	/* usrmgr.exe (and net rpc trustdom grant) creates a normal user
 	   account for domain trusts and changes the ACB flags later */
 	else if ( acb_info & ACB_NORMAL &&
 		  (account[strlen(account)-1] != '$') )
@@ -2591,7 +3110,7 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u,
 		se_priv_copy( &se_rights, &se_add_users );
 		can_add_account = user_has_privileges(
 			p->pipe_user.nt_user_token, &se_rights );
-	} 
+	}
 	else 	/* implicit assumption of a BDC or domain trust account here
 		 * (we already check the flags earlier) */
 	{
@@ -2603,41 +3122,41 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u,
 				DOMAIN_GROUP_RID_ADMINS );
 		}
 	}
-		
-	DEBUG(5, ("_samr_create_user: %s can add this account : %s\n",
+
+	DEBUG(5, ("_samr_CreateUser2: %s can add this account : %s\n",
 		  uidtoname(p->pipe_user.ut.uid),
 		  can_add_account ? "True":"False" ));
-		
+
 	/********** BEGIN Admin BLOCK **********/
 
 	if ( can_add_account )
 		become_root();
 
 	nt_status = pdb_create_user(p->mem_ctx, account, acb_info,
-				    &r_u->user_rid);
+				    r->out.rid);
 
 	if ( can_add_account )
 		unbecome_root();
 
 	/********** END Admin BLOCK **********/
-	
+
 	/* now check for failure */
-	
+
 	if ( !NT_STATUS_IS_OK(nt_status) )
 		return nt_status;
-			
+
 	/* Get the user's SID */
 
-	sid_compose(&sid, get_global_sam_sid(), r_u->user_rid);
-	
+	sid_compose(&sid, get_global_sam_sid(), *r->out.rid);
+
 	make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping,
 			    &sid, SAMR_USR_RIGHTS_WRITE_PW);
 	se_map_generic(&des_access, &usr_generic_mapping);
-	
-	nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token, 
-		&se_rights, GENERIC_RIGHTS_USER_WRITE, des_access, 
-		&acc_granted, "_samr_create_user");
-		
+
+	nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+		&se_rights, GENERIC_RIGHTS_USER_WRITE, des_access,
+		&acc_granted, "_samr_CreateUser2");
+
 	if ( !NT_STATUS_IS_OK(nt_status) ) {
 		return nt_status;
 	}
@@ -2659,40 +3178,38 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u,
 	/* After a "set" ensure we have no cached display info. */
 	force_flush_samr_cache(info->disp_info);
 
-	r_u->access_granted = acc_granted;
+	*r->out.access_granted = acc_granted;
 
 	return NT_STATUS_OK;
 }
 
 /*******************************************************************
- samr_reply_connect_anon
+ _samr_Connect
  ********************************************************************/
 
-NTSTATUS _samr_connect_anon(pipes_struct *p, SAMR_Q_CONNECT_ANON *q_u, SAMR_R_CONNECT_ANON *r_u)
+NTSTATUS _samr_Connect(pipes_struct *p,
+		       struct samr_Connect *r)
 {
 	struct samr_info *info = NULL;
-	uint32    des_access = q_u->access_mask;
+	uint32    des_access = r->in.access_mask;
 
 	/* Access check */
 
 	if (!pipe_access_check(p)) {
-		DEBUG(3, ("access denied to samr_connect_anon\n"));
-		r_u->status = NT_STATUS_ACCESS_DENIED;
-		return r_u->status;
+		DEBUG(3, ("access denied to _samr_Connect\n"));
+		return NT_STATUS_ACCESS_DENIED;
 	}
 
 	/* set up the SAMR connect_anon response */
 
-	r_u->status = NT_STATUS_OK;
-
 	/* associate the user's SID with the new handle. */
 	if ((info = get_samr_info_by_sid(NULL)) == NULL)
 		return NT_STATUS_NO_MEMORY;
 
 	/* don't give away the farm but this is probably ok.  The SA_RIGHT_SAM_ENUM_DOMAINS
-	   was observed from a win98 client trying to enumerate users (when configured  
+	   was observed from a win98 client trying to enumerate users (when configured
 	   user level access control on shares)   --jerry */
-	   
+
 	if (des_access == MAXIMUM_ALLOWED_ACCESS) {
 		/* Map to max possible knowing we're filtered below. */
 		des_access = GENERIC_ALL_ACCESS;
@@ -2700,152 +3217,143 @@ NTSTATUS _samr_connect_anon(pipes_struct *p, SAMR_Q_CONNECT_ANON *q_u, SAMR_R_CO
 
 	se_map_generic( &des_access, &sam_generic_mapping );
 	info->acc_granted = des_access & (SA_RIGHT_SAM_ENUM_DOMAINS|SA_RIGHT_SAM_OPEN_DOMAIN);
-	
-	info->status = q_u->unknown_0;
 
 	/* get a (unique) handle.  open a policy on it. */
-	if (!create_policy_hnd(p, &r_u->connect_pol, free_samr_info, (void *)info))
+	if (!create_policy_hnd(p, r->out.connect_handle, free_samr_info, (void *)info))
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 
-	return r_u->status;
+	return NT_STATUS_OK;
 }
 
 /*******************************************************************
- samr_reply_connect
+ _samr_Connect2
  ********************************************************************/
 
-NTSTATUS _samr_connect(pipes_struct *p, SAMR_Q_CONNECT *q_u, SAMR_R_CONNECT *r_u)
+NTSTATUS _samr_Connect2(pipes_struct *p,
+			struct samr_Connect2 *r)
 {
 	struct samr_info *info = NULL;
 	SEC_DESC *psd = NULL;
 	uint32    acc_granted;
-	uint32    des_access = q_u->access_mask;
+	uint32    des_access = r->in.access_mask;
 	NTSTATUS  nt_status;
 	size_t    sd_size;
 
 
-	DEBUG(5,("_samr_connect: %d\n", __LINE__));
+	DEBUG(5,("_samr_Connect2: %d\n", __LINE__));
 
 	/* Access check */
 
 	if (!pipe_access_check(p)) {
-		DEBUG(3, ("access denied to samr_connect\n"));
-		r_u->status = NT_STATUS_ACCESS_DENIED;
-		return r_u->status;
+		DEBUG(3, ("access denied to _samr_Connect2\n"));
+		return NT_STATUS_ACCESS_DENIED;
 	}
 
 	make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
 	se_map_generic(&des_access, &sam_generic_mapping);
-	
-	nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token, 
-		NULL, 0, des_access, &acc_granted, "_samr_connect");
-	
-	if ( !NT_STATUS_IS_OK(nt_status) ) 
-		return nt_status;
 
-	r_u->status = NT_STATUS_OK;
+	nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+		NULL, 0, des_access, &acc_granted, "_samr_Connect2");
+
+	if ( !NT_STATUS_IS_OK(nt_status) )
+		return nt_status;
 
 	/* associate the user's SID and access granted with the new handle. */
 	if ((info = get_samr_info_by_sid(NULL)) == NULL)
 		return NT_STATUS_NO_MEMORY;
 
 	info->acc_granted = acc_granted;
-	info->status = q_u->access_mask;
+	info->status = r->in.access_mask; /* this looks so wrong... - gd */
 
 	/* get a (unique) handle.  open a policy on it. */
-	if (!create_policy_hnd(p, &r_u->connect_pol, free_samr_info, (void *)info))
+	if (!create_policy_hnd(p, r->out.connect_handle, free_samr_info, (void *)info))
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 
-	DEBUG(5,("_samr_connect: %d\n", __LINE__));
+	DEBUG(5,("_samr_Connect2: %d\n", __LINE__));
 
-	return r_u->status;
+	return nt_status;
 }
 
 /*******************************************************************
- samr_connect4
+ _samr_Connect4
  ********************************************************************/
 
-NTSTATUS _samr_connect4(pipes_struct *p, SAMR_Q_CONNECT4 *q_u, SAMR_R_CONNECT4 *r_u)
+NTSTATUS _samr_Connect4(pipes_struct *p,
+			struct samr_Connect4 *r)
 {
 	struct samr_info *info = NULL;
 	SEC_DESC *psd = NULL;
 	uint32    acc_granted;
-	uint32    des_access = q_u->access_mask;
+	uint32    des_access = r->in.access_mask;
 	NTSTATUS  nt_status;
 	size_t    sd_size;
 
 
-	DEBUG(5,("_samr_connect4: %d\n", __LINE__));
+	DEBUG(5,("_samr_Connect4: %d\n", __LINE__));
 
 	/* Access check */
 
 	if (!pipe_access_check(p)) {
-		DEBUG(3, ("access denied to samr_connect4\n"));
-		r_u->status = NT_STATUS_ACCESS_DENIED;
-		return r_u->status;
+		DEBUG(3, ("access denied to samr_Connect4\n"));
+		return NT_STATUS_ACCESS_DENIED;
 	}
 
 	make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
 	se_map_generic(&des_access, &sam_generic_mapping);
-	
-	nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token, 
-		NULL, 0, des_access, &acc_granted, "_samr_connect4");
-	
-	if ( !NT_STATUS_IS_OK(nt_status) ) 
-		return nt_status;
 
-	r_u->status = NT_STATUS_OK;
+	nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+		NULL, 0, des_access, &acc_granted, "_samr_Connect4");
+
+	if ( !NT_STATUS_IS_OK(nt_status) )
+		return nt_status;
 
 	/* associate the user's SID and access granted with the new handle. */
 	if ((info = get_samr_info_by_sid(NULL)) == NULL)
 		return NT_STATUS_NO_MEMORY;
 
 	info->acc_granted = acc_granted;
-	info->status = q_u->access_mask;
+	info->status = r->in.access_mask; /* ??? */
 
 	/* get a (unique) handle.  open a policy on it. */
-	if (!create_policy_hnd(p, &r_u->connect_pol, free_samr_info, (void *)info))
+	if (!create_policy_hnd(p, r->out.connect_handle, free_samr_info, (void *)info))
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 
-	DEBUG(5,("_samr_connect: %d\n", __LINE__));
+	DEBUG(5,("_samr_Connect4: %d\n", __LINE__));
 
-	return r_u->status;
+	return NT_STATUS_OK;
 }
 
 /*******************************************************************
- samr_connect5
+ _samr_Connect5
  ********************************************************************/
 
-NTSTATUS _samr_connect5(pipes_struct *p, SAMR_Q_CONNECT5 *q_u, SAMR_R_CONNECT5 *r_u)
+NTSTATUS _samr_Connect5(pipes_struct *p,
+			struct samr_Connect5 *r)
 {
 	struct samr_info *info = NULL;
 	SEC_DESC *psd = NULL;
 	uint32    acc_granted;
-	uint32    des_access = q_u->access_mask;
+	uint32    des_access = r->in.access_mask;
 	NTSTATUS  nt_status;
-	POLICY_HND pol;
 	size_t    sd_size;
+	struct samr_ConnectInfo1 info1;
 
-
-	DEBUG(5,("_samr_connect5: %d\n", __LINE__));
-
-	ZERO_STRUCTP(r_u);
+	DEBUG(5,("_samr_Connect5: %d\n", __LINE__));
 
 	/* Access check */
 
 	if (!pipe_access_check(p)) {
-		DEBUG(3, ("access denied to samr_connect5\n"));
-		r_u->status = NT_STATUS_ACCESS_DENIED;
-		return r_u->status;
+		DEBUG(3, ("access denied to samr_Connect5\n"));
+		return NT_STATUS_ACCESS_DENIED;
 	}
 
 	make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
 	se_map_generic(&des_access, &sam_generic_mapping);
-	
-	nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token, 
-		NULL, 0, des_access, &acc_granted, "_samr_connect5");
-	
-	if ( !NT_STATUS_IS_OK(nt_status) ) 
+
+	nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+		NULL, 0, des_access, &acc_granted, "_samr_Connect5");
+
+	if ( !NT_STATUS_IS_OK(nt_status) )
 		return nt_status;
 
 	/* associate the user's SID and access granted with the new handle. */
@@ -2853,181 +3361,169 @@ NTSTATUS _samr_connect5(pipes_struct *p, SAMR_Q_CONNECT5 *q_u, SAMR_R_CONNECT5 *
 		return NT_STATUS_NO_MEMORY;
 
 	info->acc_granted = acc_granted;
-	info->status = q_u->access_mask;
+	info->status = r->in.access_mask; /* ??? */
 
 	/* get a (unique) handle.  open a policy on it. */
-	if (!create_policy_hnd(p, &pol, free_samr_info, (void *)info))
+	if (!create_policy_hnd(p, r->out.connect_handle, free_samr_info, (void *)info))
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 
-	DEBUG(5,("_samr_connect: %d\n", __LINE__));
+	DEBUG(5,("_samr_Connect5: %d\n", __LINE__));
 
-	init_samr_r_connect5(r_u, &pol, NT_STATUS_OK);
+	info1.client_version = SAMR_CONNECT_AFTER_W2K;
+	info1.unknown2 = 0;
 
-	return r_u->status;
+	*r->out.level_out = 1;
+	r->out.info_out->info1 = info1;
+
+	return NT_STATUS_OK;
 }
 
 /**********************************************************************
- api_samr_lookup_domain
+ _samr_LookupDomain
  **********************************************************************/
 
-NTSTATUS _samr_lookup_domain(pipes_struct *p, SAMR_Q_LOOKUP_DOMAIN *q_u, SAMR_R_LOOKUP_DOMAIN *r_u)
+NTSTATUS _samr_LookupDomain(pipes_struct *p,
+			    struct samr_LookupDomain *r)
 {
+	NTSTATUS status = NT_STATUS_OK;
 	struct samr_info *info;
-	fstring domain_name;
-	DOM_SID sid;
-
-	r_u->status = NT_STATUS_OK;
+	const char *domain_name;
+	DOM_SID *sid = NULL;
 
-	if (!find_policy_by_hnd(p, &q_u->connect_pol, (void**)(void *)&info))
+	if (!find_policy_by_hnd(p, r->in.connect_handle, (void**)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
 
-	/* win9x user manager likes to use SA_RIGHT_SAM_ENUM_DOMAINS here.  
+	/* win9x user manager likes to use SA_RIGHT_SAM_ENUM_DOMAINS here.
 	   Reverted that change so we will work with RAS servers again */
 
-	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, 
-		SA_RIGHT_SAM_OPEN_DOMAIN, "_samr_lookup_domain"))) 
-	{
-		return r_u->status;
+	status = access_check_samr_function(info->acc_granted,
+					    SA_RIGHT_SAM_OPEN_DOMAIN,
+					    "_samr_LookupDomain");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
 
-	rpcstr_pull(domain_name, q_u->uni_domain.buffer, sizeof(domain_name), q_u->uni_domain.uni_str_len*2, 0);
+	domain_name = r->in.domain_name->string;
 
-	ZERO_STRUCT(sid);
+	sid = TALLOC_ZERO_P(p->mem_ctx, struct dom_sid2);
+	if (!sid) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	if (strequal(domain_name, builtin_domain_name())) {
-		sid_copy(&sid, &global_sid_Builtin);
+		sid_copy(sid, &global_sid_Builtin);
 	} else {
-		if (!secrets_fetch_domain_sid(domain_name, &sid)) {
-			r_u->status = NT_STATUS_NO_SUCH_DOMAIN;
+		if (!secrets_fetch_domain_sid(domain_name, sid)) {
+			status = NT_STATUS_NO_SUCH_DOMAIN;
 		}
 	}
 
 	DEBUG(2,("Returning domain sid for domain %s -> %s\n", domain_name,
-		 sid_string_dbg(&sid)));
-
-	init_samr_r_lookup_domain(r_u, &sid, r_u->status);
+		 sid_string_dbg(sid)));
 
-	return r_u->status;
-}
+	*r->out.sid = sid;
 
-/******************************************************************
-makes a SAMR_R_ENUM_DOMAINS structure.
-********************************************************************/
-
-static bool make_enum_domains(TALLOC_CTX *ctx, SAM_ENTRY **pp_sam,
-			UNISTR2 **pp_uni_name, uint32 num_sam_entries, fstring doms[])
-{
-	uint32 i;
-	SAM_ENTRY *sam;
-	UNISTR2 *uni_name;
-
-	DEBUG(5, ("make_enum_domains\n"));
-
-	*pp_sam = NULL;
-	*pp_uni_name = NULL;
-
-	if (num_sam_entries == 0)
-		return True;
-
-	sam = TALLOC_ZERO_ARRAY(ctx, SAM_ENTRY, num_sam_entries);
-	uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_sam_entries);
-
-	if (sam == NULL || uni_name == NULL)
-		return False;
-
-	for (i = 0; i < num_sam_entries; i++) {
-		init_unistr2(&uni_name[i], doms[i], UNI_FLAGS_NONE);
-		init_sam_entry(&sam[i], &uni_name[i], 0);
-	}
-
-	*pp_sam = sam;
-	*pp_uni_name = uni_name;
-
-	return True;
+	return status;
 }
 
 /**********************************************************************
- api_samr_enum_domains
+ _samr_EnumDomains
  **********************************************************************/
 
-NTSTATUS _samr_enum_domains(pipes_struct *p, SAMR_Q_ENUM_DOMAINS *q_u, SAMR_R_ENUM_DOMAINS *r_u)
+NTSTATUS _samr_EnumDomains(pipes_struct *p,
+			   struct samr_EnumDomains *r)
 {
+	NTSTATUS status;
 	struct samr_info *info;
-	uint32 num_entries = 2;
-	fstring dom[2];
-	const char *name;
+	uint32_t num_entries = 2;
+	struct samr_SamEntry *entry_array = NULL;
+	struct samr_SamArray *sam;
 
-	r_u->status = NT_STATUS_OK;
-	
-	if (!find_policy_by_hnd(p, &q_u->pol, (void**)(void *)&info))
+	if (!find_policy_by_hnd(p, r->in.connect_handle, (void**)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
-	
-	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, SA_RIGHT_SAM_ENUM_DOMAINS, "_samr_enum_domains"))) {
-		return r_u->status;
-	}
 
-	name = get_global_sam_name();
+	status = access_check_samr_function(info->acc_granted,
+					    SA_RIGHT_SAM_ENUM_DOMAINS,
+					    "_samr_EnumDomains");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
 
-	fstrcpy(dom[0],name);
-	strupper_m(dom[0]);
-	fstrcpy(dom[1],"Builtin");
+	sam = TALLOC_ZERO_P(p->mem_ctx, struct samr_SamArray);
+	if (!sam) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
-	if (!make_enum_domains(p->mem_ctx, &r_u->sam, &r_u->uni_dom_name, num_entries, dom))
+	entry_array = TALLOC_ZERO_ARRAY(p->mem_ctx,
+					struct samr_SamEntry,
+					num_entries);
+	if (!entry_array) {
 		return NT_STATUS_NO_MEMORY;
+	}
+
+	entry_array[0].idx = 0;
+	init_lsa_String(&entry_array[0].name, get_global_sam_name());
 
-	init_samr_r_enum_domains(r_u, q_u->start_idx + num_entries, num_entries);
+	entry_array[1].idx = 1;
+	init_lsa_String(&entry_array[1].name, "Builtin");
 
-	return r_u->status;
+	sam->count = num_entries;
+	sam->entries = entry_array;
+
+	*r->out.sam = sam;
+	*r->out.num_entries = num_entries;
+
+	return status;
 }
 
 /*******************************************************************
- api_samr_open_alias
+ _samr_OpenAlias
  ********************************************************************/
 
-NTSTATUS _samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OPEN_ALIAS *r_u)
+NTSTATUS _samr_OpenAlias(pipes_struct *p,
+			 struct samr_OpenAlias *r)
 {
 	DOM_SID sid;
-	POLICY_HND domain_pol = q_u->dom_pol;
-	uint32 alias_rid = q_u->rid_alias;
-	POLICY_HND *alias_pol = &r_u->pol;
+	POLICY_HND domain_pol = *r->in.domain_handle;
+	uint32 alias_rid = r->in.rid;
+	POLICY_HND *alias_pol = r->out.alias_handle;
 	struct    samr_info *info = NULL;
 	SEC_DESC *psd = NULL;
 	uint32    acc_granted;
-	uint32    des_access = q_u->access_mask;
+	uint32    des_access = r->in.access_mask;
 	size_t    sd_size;
 	NTSTATUS  status;
 	SE_PRIV se_rights;
 
-	r_u->status = NT_STATUS_OK;
-
 	/* find the domain policy and get the SID / access bits stored in the domain policy */
-	
+
 	if ( !get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted, NULL) )
 		return NT_STATUS_INVALID_HANDLE;
-	
-	status = access_check_samr_function(acc_granted, 
-		SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_alias");
-		
-	if ( !NT_STATUS_IS_OK(status) ) 
+
+	status = access_check_samr_function(acc_granted,
+					    SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+					    "_samr_OpenAlias");
+
+	if ( !NT_STATUS_IS_OK(status) )
 		return status;
 
 	/* append the alias' RID to it */
-	
+
 	if (!sid_append_rid(&sid, alias_rid))
 		return NT_STATUS_NO_SUCH_ALIAS;
-		
+
 	/*check if access can be granted as requested by client. */
-	
+
 	make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &ali_generic_mapping, NULL, 0);
 	se_map_generic(&des_access,&ali_generic_mapping);
-	
+
 	se_priv_copy( &se_rights, &se_add_users );
-	
-	
-	status = access_check_samr_object(psd, p->pipe_user.nt_user_token, 
-		&se_rights, GENERIC_RIGHTS_ALIAS_WRITE, des_access, 
-		&acc_granted, "_samr_open_alias");
-		
+
+
+	status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+		&se_rights, GENERIC_RIGHTS_ALIAS_WRITE, des_access,
+		&acc_granted, "_samr_OpenAlias");
+
 	if ( !NT_STATUS_IS_OK(status) )
 		return status;
 
@@ -3046,7 +3542,7 @@ NTSTATUS _samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OPEN_A
 		}
 
 		/* make sure there is a mapping */
-		
+
 		if ( !sid_to_gid( &sid, &gid ) ) {
 			return NT_STATUS_NO_SUCH_ALIAS;
 		}
@@ -3056,23 +3552,24 @@ NTSTATUS _samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OPEN_A
 	/* associate the alias SID with the new handle. */
 	if ((info = get_samr_info_by_sid(&sid)) == NULL)
 		return NT_STATUS_NO_MEMORY;
-		
+
 	info->acc_granted = acc_granted;
 
 	/* get a (unique) handle.  open a policy on it. */
 	if (!create_policy_hnd(p, alias_pol, free_samr_info, (void *)info))
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 
-	return r_u->status;
+	return NT_STATUS_OK;
 }
 
 /*******************************************************************
  set_user_info_7
  ********************************************************************/
+
 static NTSTATUS set_user_info_7(TALLOC_CTX *mem_ctx,
-				const SAM_USER_INFO_7 *id7, struct samu *pwd)
+				struct samr_UserInfo7 *id7,
+				struct samu *pwd)
 {
-	fstring new_name;
 	NTSTATUS rc;
 
 	if (id7 == NULL) {
@@ -3081,14 +3578,14 @@ static NTSTATUS set_user_info_7(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	if(!rpcstr_pull(new_name, id7->uni_name.buffer, sizeof(new_name), id7->uni_name.uni_str_len*2, 0)) {
+	if (!id7->account_name.string) {
 	        DEBUG(5, ("set_user_info_7: failed to get new username\n"));
 		TALLOC_FREE(pwd);
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
 	/* check to see if the new username already exists.  Note: we can't
-	   reliably lock all backends, so there is potentially the 
+	   reliably lock all backends, so there is potentially the
 	   possibility that a user can be created in between this check and
 	   the rename.  The rename should fail, but may not get the
 	   exact same failure status code.  I think this is small enough
@@ -3096,12 +3593,12 @@ static NTSTATUS set_user_info_7(TALLOC_CTX *mem_ctx,
 	   simply that the rename fails with a slightly different status
 	   code (like UNSUCCESSFUL instead of ALREADY_EXISTS). */
 
-	rc = can_create(mem_ctx, new_name);
+	rc = can_create(mem_ctx, id7->account_name.string);
 	if (!NT_STATUS_IS_OK(rc)) {
 		return rc;
 	}
 
-	rc = pdb_rename_sam_account(pwd, new_name);
+	rc = pdb_rename_sam_account(pwd, id7->account_name.string);
 
 	TALLOC_FREE(pwd);
 	return rc;
@@ -3111,16 +3608,17 @@ static NTSTATUS set_user_info_7(TALLOC_CTX *mem_ctx,
  set_user_info_16
  ********************************************************************/
 
-static bool set_user_info_16(const SAM_USER_INFO_16 *id16, struct samu *pwd)
+static bool set_user_info_16(struct samr_UserInfo16 *id16,
+			     struct samu *pwd)
 {
 	if (id16 == NULL) {
 		DEBUG(5, ("set_user_info_16: NULL id16\n"));
 		TALLOC_FREE(pwd);
 		return False;
 	}
-	
+
 	/* FIX ME: check if the value is really changed --metze */
-	if (!pdb_set_acct_ctrl(pwd, id16->acb_info, PDB_CHANGED)) {
+	if (!pdb_set_acct_ctrl(pwd, id16->acct_flags, PDB_CHANGED)) {
 		TALLOC_FREE(pwd);
 		return False;
 	}
@@ -3139,28 +3637,28 @@ static bool set_user_info_16(const SAM_USER_INFO_16 *id16, struct samu *pwd)
  set_user_info_18
  ********************************************************************/
 
-static bool set_user_info_18(SAM_USER_INFO_18 *id18, struct samu *pwd)
+static bool set_user_info_18(struct samr_UserInfo18 *id18,
+			     struct samu *pwd)
 {
-
 	if (id18 == NULL) {
 		DEBUG(2, ("set_user_info_18: id18 is NULL\n"));
 		TALLOC_FREE(pwd);
 		return False;
 	}
- 
-	if (!pdb_set_lanman_passwd (pwd, id18->lm_pwd, PDB_CHANGED)) {
+
+	if (!pdb_set_lanman_passwd (pwd, id18->lm_pwd.hash, PDB_CHANGED)) {
 		TALLOC_FREE(pwd);
 		return False;
 	}
-	if (!pdb_set_nt_passwd     (pwd, id18->nt_pwd, PDB_CHANGED)) {
+	if (!pdb_set_nt_passwd     (pwd, id18->nt_pwd.hash, PDB_CHANGED)) {
 		TALLOC_FREE(pwd);
 		return False;
 	}
  	if (!pdb_set_pass_last_set_time (pwd, time(NULL), PDB_CHANGED)) {
 		TALLOC_FREE(pwd);
-		return False; 
+		return False;
 	}
- 
+
 	if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) {
 		TALLOC_FREE(pwd);
 		return False;
@@ -3174,13 +3672,14 @@ static bool set_user_info_18(SAM_USER_INFO_18 *id18, struct samu *pwd)
  set_user_info_20
  ********************************************************************/
 
-static bool set_user_info_20(SAM_USER_INFO_20 *id20, struct samu *pwd)
+static bool set_user_info_20(struct samr_UserInfo20 *id20,
+			     struct samu *pwd)
 {
 	if (id20 == NULL) {
 		DEBUG(5, ("set_user_info_20: NULL id20\n"));
 		return False;
 	}
- 
+
 	copy_id20_to_sam_passwd(pwd, id20);
 
 	/* write the change out */
@@ -3193,30 +3692,30 @@ static bool set_user_info_20(SAM_USER_INFO_20 *id20, struct samu *pwd)
 
 	return True;
 }
+
 /*******************************************************************
  set_user_info_21
  ********************************************************************/
 
-static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21,
+static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx,
+				 struct samr_UserInfo21 *id21,
 				 struct samu *pwd)
 {
-	fstring new_name;
 	NTSTATUS status;
-	
+
 	if (id21 == NULL) {
 		DEBUG(5, ("set_user_info_21: NULL id21\n"));
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
 	/* we need to separately check for an account rename first */
-	
-	if (rpcstr_pull(new_name, id21->uni_user_name.buffer, 
-		sizeof(new_name), id21->uni_user_name.uni_str_len*2, 0) 
-		&& (!strequal(new_name, pdb_get_username(pwd)))) 
+
+	if (id21->account_name.string &&
+	    (!strequal(id21->account_name.string, pdb_get_username(pwd))))
 	{
 
 		/* check to see if the new username already exists.  Note: we can't
-		   reliably lock all backends, so there is potentially the 
+		   reliably lock all backends, so there is potentially the
 		   possibility that a user can be created in between this check and
 		   the rename.  The rename should fail, but may not get the
 		   exact same failure status code.  I think this is small enough
@@ -3224,43 +3723,43 @@ static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21,
 		   simply that the rename fails with a slightly different status
 		   code (like UNSUCCESSFUL instead of ALREADY_EXISTS). */
 
-		status = can_create(mem_ctx, new_name);
+		status = can_create(mem_ctx, id21->account_name.string);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}
 
-		status = pdb_rename_sam_account(pwd, new_name);
+		status = pdb_rename_sam_account(pwd, id21->account_name.string);
 
 		if (!NT_STATUS_IS_OK(status)) {
-			DEBUG(0,("set_user_info_21: failed to rename account: %s\n", 
+			DEBUG(0,("set_user_info_21: failed to rename account: %s\n",
 				nt_errstr(status)));
 			TALLOC_FREE(pwd);
 			return status;
 		}
 
-		/* set the new username so that later 
+		/* set the new username so that later
 		   functions can work on the new account */
-		pdb_set_username(pwd, new_name, PDB_SET);
+		pdb_set_username(pwd, id21->account_name.string, PDB_SET);
 	}
 
-	copy_id21_to_sam_passwd(pwd, id21);
- 
+	copy_id21_to_sam_passwd("INFO_21", pwd, id21);
+
 	/*
 	 * The funny part about the previous two calls is
 	 * that pwd still has the password hashes from the
 	 * passdb entry.  These have not been updated from
 	 * id21.  I don't know if they need to be set.    --jerry
 	 */
- 
+
 	if ( IS_SAM_CHANGED(pwd, PDB_GROUPSID) ) {
 		status = pdb_set_unix_primary_group(mem_ctx, pwd);
 		if ( !NT_STATUS_IS_OK(status) ) {
 			return status;
 		}
 	}
-	
+
 	/* Don't worry about writing out the user account since the
-	   primary group SID is generated solely from the user's Unix 
+	   primary group SID is generated solely from the user's Unix
 	   primary group. */
 
 	/* write the change out */
@@ -3278,7 +3777,8 @@ static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, SAM_USER_INFO_21 *id21,
  set_user_info_23
  ********************************************************************/
 
-static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, SAM_USER_INFO_23 *id23,
+static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx,
+				 struct samr_UserInfo23 *id23,
 				 struct samu *pwd)
 {
 	char *plaintext_buf = NULL;
@@ -3297,7 +3797,7 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, SAM_USER_INFO_23 *id23,
 	acct_ctrl = pdb_get_acct_ctrl(pwd);
 
 	if (!decode_pw_buffer(mem_ctx,
-				id23->pass,
+				id23->password.data,
 				&plaintext_buf,
 				&len,
 				STR_UNICODE)) {
@@ -3445,18 +3945,19 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd)
  set_user_info_25
  ********************************************************************/
 
-static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, SAM_USER_INFO_25 *id25,
+static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx,
+				 struct samr_UserInfo25 *id25,
 				 struct samu *pwd)
 {
 	NTSTATUS status;
-	
+
 	if (id25 == NULL) {
 		DEBUG(5, ("set_user_info_25: NULL id25\n"));
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
 	copy_id25_to_sam_passwd(pwd, id25);
- 
+
 	/* write the change out */
 	if(!NT_STATUS_IS_OK(status = pdb_update_sam_account(pwd))) {
 		TALLOC_FREE(pwd);
@@ -3477,7 +3978,7 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, SAM_USER_INFO_25 *id25,
 			return status;
 		}
 	}
-	
+
 	/* WARNING: No TALLOC_FREE(pwd), we are about to set the password
 	 * hereafter! */
 
@@ -3485,38 +3986,41 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, SAM_USER_INFO_25 *id25,
 }
 
 /*******************************************************************
- samr_reply_set_userinfo
+ samr_SetUserInfo_internal
  ********************************************************************/
 
-NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SET_USERINFO *r_u)
+static NTSTATUS samr_SetUserInfo_internal(const char *fn_name,
+					  pipes_struct *p,
+					  struct policy_handle *user_handle,
+					  uint16_t level,
+					  union samr_UserInfo *info)
 {
+	NTSTATUS status;
 	struct samu *pwd = NULL;
 	DOM_SID sid;
-	POLICY_HND *pol = &q_u->pol;
-	uint16 switch_value = q_u->switch_value;
-	SAM_USERINFO_CTR *ctr = q_u->ctr;
-	uint32 acc_granted;
-	uint32 acc_required;
+	POLICY_HND *pol = user_handle;
+	uint16_t switch_value = level;
+	uint32_t acc_granted;
+	uint32_t acc_required;
 	bool ret;
 	bool has_enough_rights = False;
-	uint32 acb_info;
+	uint32_t acb_info;
 	DISP_INFO *disp_info = NULL;
 
-	DEBUG(5, ("_samr_set_userinfo: %d\n", __LINE__));
-
-	r_u->status = NT_STATUS_OK;
+	DEBUG(5,("%s: %d\n", fn_name, __LINE__));
 
 	/* find the policy handle.  open a policy on it. */
-	if (!get_lsa_policy_samr_sid(p, pol, &sid, &acc_granted, &disp_info))
+	if (!get_lsa_policy_samr_sid(p, pol, &sid, &acc_granted, &disp_info)) {
 		return NT_STATUS_INVALID_HANDLE;
+	}
 
-	/* This is tricky.  A WinXP domain join sets 
+	/* This is tricky.  A WinXP domain join sets
 	  (SA_RIGHT_USER_SET_PASSWORD|SA_RIGHT_USER_SET_ATTRIBUTES|SA_RIGHT_USER_ACCT_FLAGS_EXPIRY)
-	  The MMC lusrmgr plugin includes these perms and more in the SamrOpenUser().  But the 
-	  standard Win32 API calls just ask for SA_RIGHT_USER_SET_PASSWORD in the SamrOpenUser().  
-	  This should be enough for levels 18, 24, 25,& 26.  Info level 23 can set more so 
+	  The MMC lusrmgr plugin includes these perms and more in the SamrOpenUser().  But the
+	  standard Win32 API calls just ask for SA_RIGHT_USER_SET_PASSWORD in the SamrOpenUser().
+	  This should be enough for levels 18, 24, 25,& 26.  Info level 23 can set more so
 	  we'll use the set from the WinXP join as the basis. */
-	
+
 	switch (switch_value) {
 	case 18:
 	case 24:
@@ -3525,319 +4029,252 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE
 		acc_required = SA_RIGHT_USER_SET_PASSWORD;
 		break;
 	default:
-		acc_required = SA_RIGHT_USER_SET_PASSWORD | SA_RIGHT_USER_SET_ATTRIBUTES | SA_RIGHT_USER_ACCT_FLAGS_EXPIRY;
+		acc_required = SA_RIGHT_USER_SET_PASSWORD |
+			       SA_RIGHT_USER_SET_ATTRIBUTES |
+			       SA_RIGHT_USER_ACCT_FLAGS_EXPIRY;
 		break;
 	}
-	
-	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, acc_required, "_samr_set_userinfo"))) {
-		return r_u->status;
+
+	status = access_check_samr_function(acc_granted,
+					    acc_required,
+					    fn_name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
 
-	DEBUG(5, ("_samr_set_userinfo: sid:%s, level:%d\n",
-		  sid_string_dbg(&sid), switch_value));
+	DEBUG(5, ("%s: sid:%s, level:%d\n",
+		  fn_name, sid_string_dbg(&sid), switch_value));
 
-	if (ctr == NULL) {
-		DEBUG(5, ("_samr_set_userinfo: NULL info level\n"));
+	if (info == NULL) {
+		DEBUG(5, ("%s: NULL info level\n", fn_name));
 		return NT_STATUS_INVALID_INFO_CLASS;
 	}
-	
- 	if ( !(pwd = samu_new( NULL )) ) {
+
+	if (!(pwd = samu_new(NULL))) {
 		return NT_STATUS_NO_MEMORY;
 	}
-	
+
 	become_root();
 	ret = pdb_getsampwsid(pwd, &sid);
 	unbecome_root();
-	
-	if ( !ret ) {
+
+	if (!ret) {
 		TALLOC_FREE(pwd);
 		return NT_STATUS_NO_SUCH_USER;
  	}
-	
+
 	/* deal with machine password changes differently from userinfo changes */
 	/* check to see if we have the sufficient rights */
-	
+
 	acb_info = pdb_get_acct_ctrl(pwd);
-	if ( acb_info & ACB_WSTRUST ) 
-		has_enough_rights = user_has_privileges( p->pipe_user.nt_user_token, &se_machine_account);
-	else if ( acb_info & ACB_NORMAL )
-		has_enough_rights = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users );
-	else if ( acb_info & (ACB_SVRTRUST|ACB_DOMTRUST) ) {
-		if ( lp_enable_privileges() )
-			has_enough_rights = nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS );
-	}
-	
-	DEBUG(5, ("_samr_set_userinfo: %s does%s possess sufficient rights\n",
+	if (acb_info & ACB_WSTRUST)
+		has_enough_rights = user_has_privileges(p->pipe_user.nt_user_token,
+							&se_machine_account);
+	else if (acb_info & ACB_NORMAL)
+		has_enough_rights = user_has_privileges(p->pipe_user.nt_user_token,
+							&se_add_users);
+	else if (acb_info & (ACB_SVRTRUST|ACB_DOMTRUST)) {
+		if (lp_enable_privileges()) {
+			has_enough_rights = nt_token_check_domain_rid(p->pipe_user.nt_user_token,
+								      DOMAIN_GROUP_RID_ADMINS);
+		}
+	}
+
+	DEBUG(5, ("%s: %s does%s possess sufficient rights\n",
+		  fn_name,
 		  uidtoname(p->pipe_user.ut.uid),
 		  has_enough_rights ? "" : " not"));
 
 	/* ================ BEGIN SeMachineAccountPrivilege BLOCK ================ */
-	
-	if ( has_enough_rights )				
-		become_root(); 
-	
+
+	if (has_enough_rights) {
+		become_root();
+	}
+
 	/* ok!  user info levels (lots: see MSDEV help), off we go... */
 
 	switch (switch_value) {
+
+		case 7:
+			status = set_user_info_7(p->mem_ctx,
+						 &info->info7, pwd);
+			break;
+
+		case 16:
+			if (!set_user_info_16(&info->info16, pwd)) {
+				status = NT_STATUS_ACCESS_DENIED;
+			}
+			break;
+
 		case 18:
-			if (!set_user_info_18(ctr->info.id18, pwd))
-				r_u->status = NT_STATUS_ACCESS_DENIED;
+			/* Used by AS/U JRA. */
+			if (!set_user_info_18(&info->info18, pwd)) {
+				status = NT_STATUS_ACCESS_DENIED;
+			}
 			break;
 
-		case 24:
+		case 20:
+			if (!set_user_info_20(&info->info20, pwd)) {
+				status = NT_STATUS_ACCESS_DENIED;
+			}
+			break;
+
+		case 21:
+			status = set_user_info_21(p->mem_ctx,
+						  &info->info21, pwd);
+			break;
+
+		case 23:
 			if (!p->session_key.length) {
-				r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
+				status = NT_STATUS_NO_USER_SESSION_KEY;
 			}
-			SamOEMhashBlob(ctr->info.id24->pass, 516, &p->session_key);
+			SamOEMhashBlob(info->info23.password.data, 516,
+				       &p->session_key);
 
-			dump_data(100, ctr->info.id24->pass, 516);
+			dump_data(100, info->info23.password.data, 516);
 
-			if (!set_user_info_pw(ctr->info.id24->pass, pwd))
-				r_u->status = NT_STATUS_ACCESS_DENIED;
+			status = set_user_info_23(p->mem_ctx,
+						  &info->info23, pwd);
 			break;
 
-		case 25:
+		case 24:
 			if (!p->session_key.length) {
-				r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
+				status = NT_STATUS_NO_USER_SESSION_KEY;
 			}
-			encode_or_decode_arc4_passwd_buffer(ctr->info.id25->pass, &p->session_key);
+			SamOEMhashBlob(info->info24.password.data,
+				       516,
+				       &p->session_key);
 
-			dump_data(100, ctr->info.id25->pass, 532);
+			dump_data(100, info->info24.password.data, 516);
 
-			r_u->status = set_user_info_25(p->mem_ctx,
-						       ctr->info.id25, pwd);
-			if (!NT_STATUS_IS_OK(r_u->status)) {
-				goto done;
+			if (!set_user_info_pw(info->info24.password.data, pwd)) {
+				status = NT_STATUS_ACCESS_DENIED;
 			}
-			if (!set_user_info_pw(ctr->info.id25->pass, pwd))
-				r_u->status = NT_STATUS_ACCESS_DENIED;
 			break;
 
-		case 26:
+		case 25:
 			if (!p->session_key.length) {
-				r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
+				status = NT_STATUS_NO_USER_SESSION_KEY;
 			}
-			encode_or_decode_arc4_passwd_buffer(ctr->info.id26->pass, &p->session_key);
+			encode_or_decode_arc4_passwd_buffer(info->info25.password.data,
+							    &p->session_key);
 
-			dump_data(100, ctr->info.id26->pass, 516);
+			dump_data(100, info->info25.password.data, 532);
 
-			if (!set_user_info_pw(ctr->info.id26->pass, pwd))
-				r_u->status = NT_STATUS_ACCESS_DENIED;
+			status = set_user_info_25(p->mem_ctx,
+						  &info->info25, pwd);
+			if (!NT_STATUS_IS_OK(status)) {
+				goto done;
+			}
+			if (!set_user_info_pw(info->info25.password.data, pwd)) {
+				status = NT_STATUS_ACCESS_DENIED;
+			}
 			break;
 
-		case 23:
+		case 26:
 			if (!p->session_key.length) {
-				r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
+				status = NT_STATUS_NO_USER_SESSION_KEY;
 			}
-			SamOEMhashBlob(ctr->info.id23->pass, 516, &p->session_key);
+			encode_or_decode_arc4_passwd_buffer(info->info26.password.data,
+							    &p->session_key);
 
-			dump_data(100, ctr->info.id23->pass, 516);
+			dump_data(100, info->info26.password.data, 516);
 
-			r_u->status = set_user_info_23(p->mem_ctx,
-						       ctr->info.id23, pwd);
+			if (!set_user_info_pw(info->info26.password.data, pwd)) {
+				status = NT_STATUS_ACCESS_DENIED;
+			}
 			break;
 
 		default:
-			r_u->status = NT_STATUS_INVALID_INFO_CLASS;
+			status = NT_STATUS_INVALID_INFO_CLASS;
 	}
 
  done:
-	
-	if ( has_enough_rights )				
+
+	if (has_enough_rights) {
 		unbecome_root();
-		
+	}
+
 	/* ================ END SeMachineAccountPrivilege BLOCK ================ */
 
-	if (NT_STATUS_IS_OK(r_u->status)) {
+	if (NT_STATUS_IS_OK(status)) {
 		force_flush_samr_cache(disp_info);
 	}
 
-	return r_u->status;
+	return status;
 }
 
 /*******************************************************************
- samr_reply_set_userinfo2
+ _samr_SetUserInfo
  ********************************************************************/
 
-NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_SET_USERINFO2 *r_u)
+NTSTATUS _samr_SetUserInfo(pipes_struct *p,
+			   struct samr_SetUserInfo *r)
 {
-	struct samu *pwd = NULL;
-	DOM_SID sid;
-	SAM_USERINFO_CTR *ctr = q_u->ctr;
-	POLICY_HND *pol = &q_u->pol;
-	uint16 switch_value = q_u->switch_value;
-	uint32 acc_granted;
-	uint32 acc_required;
-	bool ret;
-	bool has_enough_rights = False;
-	uint32 acb_info;
-	DISP_INFO *disp_info = NULL;
-
-	DEBUG(5, ("samr_reply_set_userinfo2: %d\n", __LINE__));
-
-	r_u->status = NT_STATUS_OK;
-
-	/* find the policy handle.  open a policy on it. */
-	if (!get_lsa_policy_samr_sid(p, pol, &sid, &acc_granted, &disp_info))
-		return NT_STATUS_INVALID_HANDLE;
-
-		
-#if 0 	/* this really should be applied on a per info level basis   --jerry */
-
-	/* observed when joining XP client to Samba domain */
-	acc_required = SA_RIGHT_USER_SET_PASSWORD | SA_RIGHT_USER_SET_ATTRIBUTES | SA_RIGHT_USER_ACCT_FLAGS_EXPIRY;
-#else
-	acc_required = SA_RIGHT_USER_SET_ATTRIBUTES;
-#endif
-	
-	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, acc_required, "_samr_set_userinfo2"))) {
-		return r_u->status;
-	}
-
-	DEBUG(5, ("samr_reply_set_userinfo2: sid:%s\n",
-		  sid_string_dbg(&sid)));
-
-	if (ctr == NULL) {
-		DEBUG(5, ("samr_reply_set_userinfo2: NULL info level\n"));
-		return NT_STATUS_INVALID_INFO_CLASS;
-	}
-
-	switch_value=ctr->switch_value;
-
-	if ( !(pwd = samu_new( NULL )) ) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	become_root();
-	ret = pdb_getsampwsid(pwd, &sid);
-	unbecome_root();
-	
-	if ( !ret ) {
-		TALLOC_FREE(pwd);
-		return NT_STATUS_NO_SUCH_USER;
- 	}
-	
-	acb_info = pdb_get_acct_ctrl(pwd);
-	if ( acb_info & ACB_WSTRUST ) 
-		has_enough_rights = user_has_privileges( p->pipe_user.nt_user_token, &se_machine_account);
-	else if ( acb_info & ACB_NORMAL )
-		has_enough_rights = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users );
-	else if ( acb_info & (ACB_SVRTRUST|ACB_DOMTRUST) ) {
-		if ( lp_enable_privileges() )
-			has_enough_rights = nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS );
-	}
-	
-	DEBUG(5, ("_samr_set_userinfo2: %s does%s possess sufficient rights\n",
-		  uidtoname(p->pipe_user.ut.uid),
-		  has_enough_rights ? "" : " not"));
-
-	/* ================ BEGIN SeMachineAccountPrivilege BLOCK ================ */
-	
-	if ( has_enough_rights )				
-		become_root(); 
-	
-	/* ok!  user info levels (lots: see MSDEV help), off we go... */
-	
-	switch (switch_value) {
-		case 7:
-			r_u->status = set_user_info_7(p->mem_ctx,
-						      ctr->info.id7, pwd);
-			break;
-		case 16:
-			if (!set_user_info_16(ctr->info.id16, pwd))
-				r_u->status = NT_STATUS_ACCESS_DENIED;
-			break;
-		case 18:
-			/* Used by AS/U JRA. */
-			if (!set_user_info_18(ctr->info.id18, pwd))
-				r_u->status = NT_STATUS_ACCESS_DENIED;
-			break;
-		case 20:
-			if (!set_user_info_20(ctr->info.id20, pwd))
-				r_u->status = NT_STATUS_ACCESS_DENIED;
-			break;
-		case 21:
-			r_u->status = set_user_info_21(p->mem_ctx,
-						       ctr->info.id21, pwd);
-			break;
-		case 23:
-			if (!p->session_key.length) {
-				r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
-			}
-			SamOEMhashBlob(ctr->info.id23->pass, 516, &p->session_key);
-
-			dump_data(100, ctr->info.id23->pass, 516);
-
-			r_u->status = set_user_info_23(p->mem_ctx,
-						       ctr->info.id23, pwd);
-			break;
-		case 26:
-			if (!p->session_key.length) {
-				r_u->status = NT_STATUS_NO_USER_SESSION_KEY;
-			}
-			encode_or_decode_arc4_passwd_buffer(ctr->info.id26->pass, &p->session_key);
-
-			dump_data(100, ctr->info.id26->pass, 516);
-
-			if (!set_user_info_pw(ctr->info.id26->pass, pwd))
-				r_u->status = NT_STATUS_ACCESS_DENIED;
-			break;
-		default:
-			r_u->status = NT_STATUS_INVALID_INFO_CLASS;
-	}
-
-	if ( has_enough_rights )				
-		unbecome_root();
-		
-	/* ================ END SeMachineAccountPrivilege BLOCK ================ */
+	return samr_SetUserInfo_internal("_samr_SetUserInfo",
+					 p,
+					 r->in.user_handle,
+					 r->in.level,
+					 r->in.info);
+}
 
-	if (NT_STATUS_IS_OK(r_u->status)) {
-		force_flush_samr_cache(disp_info);
-	}
+/*******************************************************************
+ _samr_SetUserInfo2
+ ********************************************************************/
 
-	return r_u->status;
+NTSTATUS _samr_SetUserInfo2(pipes_struct *p,
+			    struct samr_SetUserInfo2 *r)
+{
+	return samr_SetUserInfo_internal("_samr_SetUserInfo2",
+					 p,
+					 r->in.user_handle,
+					 r->in.level,
+					 r->in.info);
 }
 
 /*********************************************************************
- _samr_query_aliasmem
+ _samr_GetAliasMembership
 *********************************************************************/
 
-NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, SAMR_R_QUERY_USERALIASES *r_u)
+NTSTATUS _samr_GetAliasMembership(pipes_struct *p,
+				  struct samr_GetAliasMembership *r)
 {
 	size_t num_alias_rids;
 	uint32 *alias_rids;
 	struct samr_info *info = NULL;
 	size_t i;
-		
+
 	NTSTATUS ntstatus1;
 	NTSTATUS ntstatus2;
 
 	DOM_SID *members;
 
-	r_u->status = NT_STATUS_OK;
-
-	DEBUG(5,("_samr_query_useraliases: %d\n", __LINE__));
+	DEBUG(5,("_samr_GetAliasMembership: %d\n", __LINE__));
 
 	/* find the policy handle.  open a policy on it. */
-	if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&info))
+	if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info))
 		return NT_STATUS_INVALID_HANDLE;
-		
-	ntstatus1 = access_check_samr_function(info->acc_granted, SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM, "_samr_query_useraliases");
-	ntstatus2 = access_check_samr_function(info->acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_query_useraliases");
-	
+
+	ntstatus1 = access_check_samr_function(info->acc_granted,
+					       SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM,
+					       "_samr_GetAliasMembership");
+	ntstatus2 = access_check_samr_function(info->acc_granted,
+					       SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+					       "_samr_GetAliasMembership");
+
 	if (!NT_STATUS_IS_OK(ntstatus1) || !NT_STATUS_IS_OK(ntstatus2)) {
 		if (!(NT_STATUS_EQUAL(ntstatus1,NT_STATUS_ACCESS_DENIED) && NT_STATUS_IS_OK(ntstatus2)) &&
 		    !(NT_STATUS_EQUAL(ntstatus1,NT_STATUS_ACCESS_DENIED) && NT_STATUS_IS_OK(ntstatus1))) {
 			return (NT_STATUS_IS_OK(ntstatus1)) ? ntstatus2 : ntstatus1;
 		}
-	}		
+	}
 
 	if (!sid_check_is_domain(&info->sid) &&
 	    !sid_check_is_builtin(&info->sid))
 		return NT_STATUS_OBJECT_TYPE_MISMATCH;
 
-	if (q_u->num_sids1) {
-		members = TALLOC_ARRAY(p->mem_ctx, DOM_SID, q_u->num_sids1);
+	if (r->in.sids->num_sids) {
+		members = TALLOC_ARRAY(p->mem_ctx, DOM_SID, r->in.sids->num_sids);
 
 		if (members == NULL)
 			return NT_STATUS_NO_MEMORY;
@@ -3845,15 +4282,15 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u,
 		members = NULL;
 	}
 
-	for (i=0; i<q_u->num_sids1; i++)
-		sid_copy(&members[i], &q_u->sid[i].sid);
+	for (i=0; i<r->in.sids->num_sids; i++)
+		sid_copy(&members[i], r->in.sids->sids[i].sid);
 
 	alias_rids = NULL;
 	num_alias_rids = 0;
 
 	become_root();
 	ntstatus1 = pdb_enum_alias_memberships(p->mem_ctx, &info->sid, members,
-					       q_u->num_sids1,
+					       r->in.sids->num_sids,
 					       &alias_rids, &num_alias_rids);
 	unbecome_root();
 
@@ -3861,40 +4298,44 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u,
 		return ntstatus1;
 	}
 
-	init_samr_r_query_useraliases(r_u, num_alias_rids, alias_rids,
-				      NT_STATUS_OK);
+	r->out.rids->count = num_alias_rids;
+	r->out.rids->ids = alias_rids;
+
 	return NT_STATUS_OK;
 }
 
 /*********************************************************************
- _samr_query_aliasmem
+ _samr_GetMembersInAlias
 *********************************************************************/
 
-NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_R_QUERY_ALIASMEM *r_u)
+NTSTATUS _samr_GetMembersInAlias(pipes_struct *p,
+				 struct samr_GetMembersInAlias *r)
 {
 	NTSTATUS status;
 	size_t i;
 	size_t num_sids = 0;
-	DOM_SID2 *sid;
-	DOM_SID *sids=NULL;
+	struct lsa_SidPtr *sids = NULL;
+	DOM_SID *pdb_sids = NULL;
 
 	DOM_SID alias_sid;
 
 	uint32 acc_granted;
 
 	/* find the policy handle.  open a policy on it. */
-	if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted, NULL)) 
+	if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &alias_sid, &acc_granted, NULL))
 		return NT_STATUS_INVALID_HANDLE;
-	
-	if (!NT_STATUS_IS_OK(r_u->status = 
-		access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_GET_MEMBERS, "_samr_query_aliasmem"))) {
-		return r_u->status;
+
+	status = access_check_samr_function(acc_granted,
+					    SA_RIGHT_ALIAS_GET_MEMBERS,
+					    "_samr_GetMembersInAlias");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
 
 	DEBUG(10, ("sid is %s\n", sid_string_dbg(&alias_sid)));
 
 	become_root();
-	status = pdb_enum_aliasmem(&alias_sid, &sids, &num_sids);
+	status = pdb_enum_aliasmem(&alias_sid, &pdb_sids, &num_sids);
 	unbecome_root();
 
 	if (!NT_STATUS_IS_OK(status)) {
@@ -3902,31 +4343,35 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_
 	}
 
 	if (num_sids) {
-		sid = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_SID2, num_sids);	
-		if (sid == NULL) {
-			SAFE_FREE(sids);
+		sids = TALLOC_ZERO_ARRAY(p->mem_ctx, struct lsa_SidPtr, num_sids);
+		if (sids == NULL) {
+			TALLOC_FREE(pdb_sids);
 			return NT_STATUS_NO_MEMORY;
 		}
-	} else {
-		sid = NULL;
 	}
 
 	for (i = 0; i < num_sids; i++) {
-		init_dom_sid2(&sid[i], &sids[i]);
+		sids[i].sid = sid_dup_talloc(p->mem_ctx, &pdb_sids[i]);
+		if (!sids[i].sid) {
+			TALLOC_FREE(pdb_sids);
+			return NT_STATUS_NO_MEMORY;
+		}
 	}
 
-	init_samr_r_query_aliasmem(r_u, num_sids, sid, NT_STATUS_OK);
+	r->out.sids->num_sids = num_sids;
+	r->out.sids->sids = sids;
 
-	TALLOC_FREE(sids);
+	TALLOC_FREE(pdb_sids);
 
 	return NT_STATUS_OK;
 }
 
 /*********************************************************************
- _samr_query_groupmem
+ _samr_QueryGroupMember
 *********************************************************************/
 
-NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_R_QUERY_GROUPMEM *r_u)
+NTSTATUS _samr_QueryGroupMember(pipes_struct *p,
+				struct samr_QueryGroupMember *r)
 {
 	DOM_SID group_sid;
 	size_t i, num_members;
@@ -3936,16 +4381,25 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_
 
 	uint32 acc_granted;
 
-	NTSTATUS result;
+	NTSTATUS status;
+	struct samr_RidTypeArray *rids = NULL;
+
+	rids = TALLOC_ZERO_P(p->mem_ctx, struct samr_RidTypeArray);
+	if (!rids) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	/* find the policy handle.  open a policy on it. */
-	if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid, &acc_granted, NULL)) 
+	if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, NULL))
 		return NT_STATUS_INVALID_HANDLE;
-		
-	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_GET_MEMBERS, "_samr_query_groupmem"))) {
-		return r_u->status;
+
+	status = access_check_samr_function(acc_granted,
+					    SA_RIGHT_GROUP_GET_MEMBERS,
+					    "_samr_QueryGroupMember");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
-		
+
 	DEBUG(10, ("sid is %s\n", sid_string_dbg(&group_sid)));
 
 	if (!sid_check_is_in_our_domain(&group_sid)) {
@@ -3957,12 +4411,12 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_
 	DEBUG(10, ("lookup on Domain SID\n"));
 
 	become_root();
-	result = pdb_enum_group_members(p->mem_ctx, &group_sid,
+	status = pdb_enum_group_members(p->mem_ctx, &group_sid,
 					&rid, &num_members);
 	unbecome_root();
 
-	if (!NT_STATUS_IS_OK(result))
-		return result;
+	if (!NT_STATUS_IS_OK(status))
+		return status;
 
 	if (num_members) {
 		attr=TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_members);
@@ -3972,81 +4426,93 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_
 	} else {
 		attr = NULL;
 	}
-	
+
 	for (i=0; i<num_members; i++)
 		attr[i] = SID_NAME_USER;
 
-	init_samr_r_query_groupmem(r_u, num_members, rid, attr, NT_STATUS_OK);
+	rids->count = num_members;
+	rids->types = attr;
+	rids->rids = rid;
+
+	*r->out.rids = rids;
 
 	return NT_STATUS_OK;
 }
 
 /*********************************************************************
- _samr_add_aliasmem
+ _samr_AddAliasMember
 *********************************************************************/
 
-NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_ADD_ALIASMEM *r_u)
+NTSTATUS _samr_AddAliasMember(pipes_struct *p,
+			      struct samr_AddAliasMember *r)
 {
 	DOM_SID alias_sid;
 	uint32 acc_granted;
 	SE_PRIV se_rights;
 	bool can_add_accounts;
-	NTSTATUS ret;
+	NTSTATUS status;
 	DISP_INFO *disp_info = NULL;
 
 	/* Find the policy handle. Open a policy on it. */
-	if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted, &disp_info)) 
+	if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &alias_sid, &acc_granted, &disp_info))
 		return NT_STATUS_INVALID_HANDLE;
-	
-	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_ADD_MEMBER, "_samr_add_aliasmem"))) {
-		return r_u->status;
+
+	status = access_check_samr_function(acc_granted,
+					    SA_RIGHT_ALIAS_ADD_MEMBER,
+					    "_samr_AddAliasMember");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
-		
+
 	DEBUG(10, ("sid is %s\n", sid_string_dbg(&alias_sid)));
-	
+
 	se_priv_copy( &se_rights, &se_add_users );
 	can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
 
 	/******** BEGIN SeAddUsers BLOCK *********/
-	
+
 	if ( can_add_accounts )
 		become_root();
-	
-	ret = pdb_add_aliasmem(&alias_sid, &q_u->sid.sid);
-	
+
+	status = pdb_add_aliasmem(&alias_sid, r->in.sid);
+
 	if ( can_add_accounts )
 		unbecome_root();
-		
+
 	/******** END SeAddUsers BLOCK *********/
-	
-	if (NT_STATUS_IS_OK(ret)) {
+
+	if (NT_STATUS_IS_OK(status)) {
 		force_flush_samr_cache(disp_info);
 	}
 
-	return ret;
+	return status;
 }
 
 /*********************************************************************
- _samr_del_aliasmem
+ _samr_DeleteAliasMember
 *********************************************************************/
 
-NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DEL_ALIASMEM *r_u)
+NTSTATUS _samr_DeleteAliasMember(pipes_struct *p,
+				 struct samr_DeleteAliasMember *r)
 {
 	DOM_SID alias_sid;
 	uint32 acc_granted;
 	SE_PRIV se_rights;
 	bool can_add_accounts;
-	NTSTATUS ret;
+	NTSTATUS status;
 	DISP_INFO *disp_info = NULL;
 
 	/* Find the policy handle. Open a policy on it. */
-	if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted, &disp_info)) 
+	if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &alias_sid, &acc_granted, &disp_info))
 		return NT_STATUS_INVALID_HANDLE;
-	
-	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_REMOVE_MEMBER, "_samr_del_aliasmem"))) {
-		return r_u->status;
+
+	status = access_check_samr_function(acc_granted,
+					    SA_RIGHT_ALIAS_REMOVE_MEMBER,
+					    "_samr_DeleteAliasMember");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
-	
+
 	DEBUG(10, ("_samr_del_aliasmem:sid is %s\n",
 		   sid_string_dbg(&alias_sid)));
 
@@ -4054,30 +4520,32 @@ NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DE
 	can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
 
 	/******** BEGIN SeAddUsers BLOCK *********/
-	
+
 	if ( can_add_accounts )
 		become_root();
 
-	ret = pdb_del_aliasmem(&alias_sid, &q_u->sid.sid);
-	
+	status = pdb_del_aliasmem(&alias_sid, r->in.sid);
+
 	if ( can_add_accounts )
 		unbecome_root();
-		
+
 	/******** END SeAddUsers BLOCK *********/
-	
-	if (NT_STATUS_IS_OK(ret)) {
+
+	if (NT_STATUS_IS_OK(status)) {
 		force_flush_samr_cache(disp_info);
 	}
 
-	return ret;
+	return status;
 }
 
 /*********************************************************************
- _samr_add_groupmem
+ _samr_AddGroupMember
 *********************************************************************/
 
-NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_ADD_GROUPMEM *r_u)
+NTSTATUS _samr_AddGroupMember(pipes_struct *p,
+			      struct samr_AddGroupMember *r)
 {
+	NTSTATUS status;
 	DOM_SID group_sid;
 	uint32 group_rid;
 	uint32 acc_granted;
@@ -4086,11 +4554,14 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD
 	DISP_INFO *disp_info = NULL;
 
 	/* Find the policy handle. Open a policy on it. */
-	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted, &disp_info)) 
+	if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, &disp_info))
 		return NT_STATUS_INVALID_HANDLE;
-	
-	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_ADD_MEMBER, "_samr_add_groupmem"))) {
-		return r_u->status;
+
+	status = access_check_samr_function(acc_granted,
+					    SA_RIGHT_GROUP_ADD_MEMBER,
+					    "_samr_AddGroupMember");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
 
 	DEBUG(10, ("sid is %s\n", sid_string_dbg(&group_sid)));
@@ -4104,28 +4575,31 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD
 	can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
 
 	/******** BEGIN SeAddUsers BLOCK *********/
-	
+
 	if ( can_add_accounts )
 		become_root();
 
-	r_u->status = pdb_add_groupmem(p->mem_ctx, group_rid, q_u->rid);
-		
+	status = pdb_add_groupmem(p->mem_ctx, group_rid, r->in.rid);
+
 	if ( can_add_accounts )
 		unbecome_root();
-		
+
 	/******** END SeAddUsers BLOCK *********/
-	
+
 	force_flush_samr_cache(disp_info);
 
-	return r_u->status;
+	return status;
 }
 
 /*********************************************************************
- _samr_del_groupmem
+ _samr_DeleteGroupMember
 *********************************************************************/
 
-NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DEL_GROUPMEM *r_u)
+NTSTATUS _samr_DeleteGroupMember(pipes_struct *p,
+				 struct samr_DeleteGroupMember *r)
+
 {
+	NTSTATUS status;
 	DOM_SID group_sid;
 	uint32 group_rid;
 	uint32 acc_granted;
@@ -4134,17 +4608,20 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE
 	DISP_INFO *disp_info = NULL;
 
 	/*
-	 * delete the group member named q_u->rid
+	 * delete the group member named r->in.rid
 	 * who is a member of the sid associated with the handle
 	 * the rid is a user's rid as the group is a domain group.
 	 */
 
 	/* Find the policy handle. Open a policy on it. */
-	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted, &disp_info)) 
+	if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, &disp_info))
 		return NT_STATUS_INVALID_HANDLE;
-	
-	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_REMOVE_MEMBER, "_samr_del_groupmem"))) {
-		return r_u->status;
+
+	status = access_check_samr_function(acc_granted,
+					    SA_RIGHT_GROUP_REMOVE_MEMBER,
+					    "_samr_DeleteGroupMember");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
 
 	if (!sid_peek_check_rid(get_global_sam_sid(), &group_sid,
@@ -4156,28 +4633,30 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE
 	can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
 
 	/******** BEGIN SeAddUsers BLOCK *********/
-	
+
 	if ( can_add_accounts )
 		become_root();
-		
-	r_u->status = pdb_del_groupmem(p->mem_ctx, group_rid, q_u->rid);
+
+	status = pdb_del_groupmem(p->mem_ctx, group_rid, r->in.rid);
 
 	if ( can_add_accounts )
 		unbecome_root();
-		
+
 	/******** END SeAddUsers BLOCK *********/
-	
+
 	force_flush_samr_cache(disp_info);
 
-	return r_u->status;
+	return status;
 }
 
 /*********************************************************************
- _samr_delete_dom_user
+ _samr_DeleteUser
 *********************************************************************/
 
-NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAMR_R_DELETE_DOM_USER *r_u )
+NTSTATUS _samr_DeleteUser(pipes_struct *p,
+			  struct samr_DeleteUser *r)
 {
+	NTSTATUS status;
 	DOM_SID user_sid;
 	struct samu *sam_pass=NULL;
 	uint32 acc_granted;
@@ -4186,16 +4665,19 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM
 	DISP_INFO *disp_info = NULL;
 	bool ret;
 
-	DEBUG(5, ("_samr_delete_dom_user: %d\n", __LINE__));
+	DEBUG(5, ("_samr_DeleteUser: %d\n", __LINE__));
 
 	/* Find the policy handle. Open a policy on it. */
-	if (!get_lsa_policy_samr_sid(p, &q_u->user_pol, &user_sid, &acc_granted, &disp_info)) 
+	if (!get_lsa_policy_samr_sid(p, r->in.user_handle, &user_sid, &acc_granted, &disp_info))
 		return NT_STATUS_INVALID_HANDLE;
-		
-	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_user"))) {
-		return r_u->status;
+
+	status = access_check_samr_function(acc_granted,
+					    STD_RIGHT_DELETE_ACCESS,
+					    "_samr_DeleteUser");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
-		
+
 	if (!sid_check_is_in_our_domain(&user_sid))
 		return NT_STATUS_CANNOT_DELETE;
 
@@ -4209,12 +4691,12 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM
 	unbecome_root();
 
 	if( !ret ) {
-		DEBUG(5,("_samr_delete_dom_user:User %s doesn't exist.\n", 
+		DEBUG(5,("_samr_DeleteUser: User %s doesn't exist.\n",
 			sid_string_dbg(&user_sid)));
 		TALLOC_FREE(sam_pass);
 		return NT_STATUS_NO_SUCH_USER;
 	}
-	
+
 	acb_info = pdb_get_acct_ctrl(sam_pass);
 
 	/* For machine accounts it's the SeMachineAccountPrivilege that counts. */
@@ -4222,32 +4704,32 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM
 		can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_machine_account );
 	} else {
 		can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users );
-	} 
+	}
 
 	/******** BEGIN SeAddUsers BLOCK *********/
-	
+
 	if ( can_add_accounts )
 		become_root();
 
-	r_u->status = pdb_delete_user(p->mem_ctx, sam_pass);
+	status = pdb_delete_user(p->mem_ctx, sam_pass);
 
 	if ( can_add_accounts )
 		unbecome_root();
-		
+
 	/******** END SeAddUsers BLOCK *********/
-		
-	if ( !NT_STATUS_IS_OK(r_u->status) ) {
-		DEBUG(5,("_samr_delete_dom_user: Failed to delete entry for "
+
+	if ( !NT_STATUS_IS_OK(status) ) {
+		DEBUG(5,("_samr_DeleteUser: Failed to delete entry for "
 			 "user %s: %s.\n", pdb_get_username(sam_pass),
-			 nt_errstr(r_u->status)));
+			 nt_errstr(status)));
 		TALLOC_FREE(sam_pass);
-		return r_u->status;
+		return status;
 	}
 
 
 	TALLOC_FREE(sam_pass);
 
-	if (!close_policy_hnd(p, &q_u->user_pol))
+	if (!close_policy_hnd(p, r->in.user_handle))
 		return NT_STATUS_OBJECT_NAME_INVALID;
 
 	force_flush_samr_cache(disp_info);
@@ -4256,11 +4738,13 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM
 }
 
 /*********************************************************************
- _samr_delete_dom_group
+ _samr_DeleteDomainGroup
 *********************************************************************/
 
-NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, SAMR_R_DELETE_DOM_GROUP *r_u)
+NTSTATUS _samr_DeleteDomainGroup(pipes_struct *p,
+				 struct samr_DeleteDomainGroup *r)
 {
+	NTSTATUS status;
 	DOM_SID group_sid;
 	uint32 group_rid;
 	uint32 acc_granted;
@@ -4268,14 +4752,17 @@ NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, S
 	bool can_add_accounts;
 	DISP_INFO *disp_info = NULL;
 
-	DEBUG(5, ("samr_delete_dom_group: %d\n", __LINE__));
+	DEBUG(5, ("samr_DeleteDomainGroup: %d\n", __LINE__));
 
 	/* Find the policy handle. Open a policy on it. */
-	if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid, &acc_granted, &disp_info)) 
+	if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, &disp_info))
 		return NT_STATUS_INVALID_HANDLE;
-		
-	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_group"))) {
-		return r_u->status;
+
+	status = access_check_samr_function(acc_granted,
+					    STD_RIGHT_DELETE_ACCESS,
+					    "_samr_DeleteDomainGroup");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
 
 	DEBUG(10, ("sid is %s\n", sid_string_dbg(&group_sid)));
@@ -4289,26 +4776,26 @@ NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, S
 	can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
 
 	/******** BEGIN SeAddUsers BLOCK *********/
-	
+
 	if ( can_add_accounts )
 		become_root();
 
-	r_u->status = pdb_delete_dom_group(p->mem_ctx, group_rid);
+	status = pdb_delete_dom_group(p->mem_ctx, group_rid);
 
 	if ( can_add_accounts )
 		unbecome_root();
-		
+
 	/******** END SeAddUsers BLOCK *********/
-	
-	if ( !NT_STATUS_IS_OK(r_u->status) ) {
-		DEBUG(5,("_samr_delete_dom_group: Failed to delete mapping "
+
+	if ( !NT_STATUS_IS_OK(status) ) {
+		DEBUG(5,("_samr_DeleteDomainGroup: Failed to delete mapping "
 			 "entry for group %s: %s\n",
 			 sid_string_dbg(&group_sid),
-			 nt_errstr(r_u->status)));
-		return r_u->status;
+			 nt_errstr(status)));
+		return status;
 	}
-	
-	if (!close_policy_hnd(p, &q_u->group_pol))
+
+	if (!close_policy_hnd(p, r->in.group_handle))
 		return NT_STATUS_OBJECT_NAME_INVALID;
 
 	force_flush_samr_cache(disp_info);
@@ -4317,10 +4804,11 @@ NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, S
 }
 
 /*********************************************************************
- _samr_delete_dom_alias
+ _samr_DeleteDomAlias
 *********************************************************************/
 
-NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, SAMR_R_DELETE_DOM_ALIAS *r_u)
+NTSTATUS _samr_DeleteDomAlias(pipes_struct *p,
+			      struct samr_DeleteDomAlias *r)
 {
 	DOM_SID alias_sid;
 	uint32 acc_granted;
@@ -4329,18 +4817,21 @@ NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, S
 	NTSTATUS status;
 	DISP_INFO *disp_info = NULL;
 
-	DEBUG(5, ("_samr_delete_dom_alias: %d\n", __LINE__));
+	DEBUG(5, ("_samr_DeleteDomAlias: %d\n", __LINE__));
 
 	/* Find the policy handle. Open a policy on it. */
-	if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted, &disp_info)) 
+	if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &alias_sid, &acc_granted, &disp_info))
 		return NT_STATUS_INVALID_HANDLE;
-	
+
 	/* copy the handle to the outgoing reply */
 
-	memcpy( &r_u->pol, &q_u->alias_pol, sizeof(r_u->pol) );
+	memcpy(r->out.alias_handle, r->in.alias_handle, sizeof(r->out.alias_handle));
 
-	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_alias"))) {
-		return r_u->status;
+	status = access_check_samr_function(acc_granted,
+					    STD_RIGHT_DELETE_ACCESS,
+					    "_samr_DeleteDomAlias");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
 
 	DEBUG(10, ("sid is %s\n", sid_string_dbg(&alias_sid)));
@@ -4353,29 +4844,29 @@ NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, S
 
 	if (!sid_check_is_in_our_domain(&alias_sid))
 		return NT_STATUS_NO_SUCH_ALIAS;
-		
+
 	DEBUG(10, ("lookup on Local SID\n"));
 
 	se_priv_copy( &se_rights, &se_add_users );
 	can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
 
 	/******** BEGIN SeAddUsers BLOCK *********/
-	
+
 	if ( can_add_accounts )
 		become_root();
 
 	/* Have passdb delete the alias */
 	status = pdb_delete_alias(&alias_sid);
-	
+
 	if ( can_add_accounts )
 		unbecome_root();
-		
+
 	/******** END SeAddUsers BLOCK *********/
 
 	if ( !NT_STATUS_IS_OK(status))
 		return status;
 
-	if (!close_policy_hnd(p, &q_u->alias_pol))
+	if (!close_policy_hnd(p, r->in.alias_handle))
 		return NT_STATUS_OBJECT_NAME_INVALID;
 
 	force_flush_samr_cache(disp_info);
@@ -4384,11 +4875,14 @@ NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, S
 }
 
 /*********************************************************************
- _samr_create_dom_group
+ _samr_CreateDomainGroup
 *********************************************************************/
 
-NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, SAMR_R_CREATE_DOM_GROUP *r_u)
+NTSTATUS _samr_CreateDomainGroup(pipes_struct *p,
+				 struct samr_CreateDomainGroup *r)
+
 {
+	NTSTATUS status;
 	DOM_SID dom_sid;
 	DOM_SID info_sid;
 	const char *name;
@@ -4399,50 +4893,53 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S
 	DISP_INFO *disp_info = NULL;
 
 	/* Find the policy handle. Open a policy on it. */
-	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &dom_sid, &acc_granted, &disp_info)) 
+	if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &dom_sid, &acc_granted, &disp_info))
 		return NT_STATUS_INVALID_HANDLE;
-	
-	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_GROUP, "_samr_create_dom_group"))) {
-		return r_u->status;
+
+	status = access_check_samr_function(acc_granted,
+					    SA_RIGHT_DOMAIN_CREATE_GROUP,
+					    "_samr_CreateDomainGroup");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
-		
+
 	if (!sid_equal(&dom_sid, get_global_sam_sid()))
 		return NT_STATUS_ACCESS_DENIED;
 
-	name = rpcstr_pull_unistr2_talloc(p->mem_ctx, &q_u->uni_acct_desc);
+	name = r->in.name->string;
 	if (name == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	r_u->status = can_create(p->mem_ctx, name);
-	if (!NT_STATUS_IS_OK(r_u->status)) {
-		return r_u->status;
+	status = can_create(p->mem_ctx, name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
 
 	se_priv_copy( &se_rights, &se_add_users );
 	can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
 
 	/******** BEGIN SeAddUsers BLOCK *********/
-	
+
 	if ( can_add_accounts )
 		become_root();
-	
+
 	/* check that we successfully create the UNIX group */
-	
-	r_u->status = pdb_create_dom_group(p->mem_ctx, name, &r_u->rid);
+
+	status = pdb_create_dom_group(p->mem_ctx, name, r->out.rid);
 
 	if ( can_add_accounts )
 		unbecome_root();
-		
+
 	/******** END SeAddUsers BLOCK *********/
-	
+
 	/* check if we should bail out here */
-	
-	if ( !NT_STATUS_IS_OK(r_u->status) )
-		return r_u->status;
 
-	sid_compose(&info_sid, get_global_sam_sid(), r_u->rid);
-	
+	if ( !NT_STATUS_IS_OK(status) )
+		return status;
+
+	sid_compose(&info_sid, get_global_sam_sid(), *r->out.rid);
+
 	if ((info = get_samr_info_by_sid(&info_sid)) == NULL)
 		return NT_STATUS_NO_MEMORY;
 
@@ -4451,7 +4948,7 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S
 	info->acc_granted = GENERIC_RIGHTS_GROUP_ALL_ACCESS;
 
 	/* get a (unique) handle.  open a policy on it. */
-	if (!create_policy_hnd(p, &r_u->pol, free_samr_info, (void *)info))
+	if (!create_policy_hnd(p, r->out.group_handle, free_samr_info, (void *)info))
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 
 	force_flush_samr_cache(disp_info);
@@ -4460,14 +4957,15 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S
 }
 
 /*********************************************************************
- _samr_create_dom_alias
+ _samr_CreateDomAlias
 *********************************************************************/
 
-NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, SAMR_R_CREATE_DOM_ALIAS *r_u)
+NTSTATUS _samr_CreateDomAlias(pipes_struct *p,
+			      struct samr_CreateDomAlias *r)
 {
 	DOM_SID dom_sid;
 	DOM_SID info_sid;
-	fstring name;
+	const char *name = NULL;
 	struct samr_info *info;
 	uint32 acc_granted;
 	gid_t gid;
@@ -4477,17 +4975,20 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
 	DISP_INFO *disp_info = NULL;
 
 	/* Find the policy handle. Open a policy on it. */
-	if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid, &acc_granted, &disp_info)) 
+	if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &dom_sid, &acc_granted, &disp_info))
 		return NT_STATUS_INVALID_HANDLE;
-		
-	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_ALIAS, "_samr_create_alias"))) {
-		return r_u->status;
+
+	result = access_check_samr_function(acc_granted,
+					    SA_RIGHT_DOMAIN_CREATE_ALIAS,
+					    "_samr_CreateDomAlias");
+	if (!NT_STATUS_IS_OK(result)) {
+		return result;
 	}
-		
+
 	if (!sid_equal(&dom_sid, get_global_sam_sid()))
 		return NT_STATUS_ACCESS_DENIED;
 
-	unistr2_to_ascii(name, &q_u->uni_acct_desc, sizeof(name));
+	name = r->in.alias_name->string;
 
 	se_priv_copy( &se_rights, &se_add_users );
 	can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights );
@@ -4498,16 +4999,16 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
 	}
 
 	/******** BEGIN SeAddUsers BLOCK *********/
-	
+
 	if ( can_add_accounts )
 		become_root();
 
 	/* Have passdb create the alias */
-	result = pdb_create_alias(name, &r_u->rid);
+	result = pdb_create_alias(name, r->out.rid);
 
 	if ( can_add_accounts )
 		unbecome_root();
-		
+
 	/******** END SeAddUsers BLOCK *********/
 
 	if (!NT_STATUS_IS_OK(result)) {
@@ -4517,7 +5018,7 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
 	}
 
 	sid_copy(&info_sid, get_global_sam_sid());
-	sid_append_rid(&info_sid, r_u->rid);
+	sid_append_rid(&info_sid, *r->out.rid);
 
 	if (!sid_to_gid(&info_sid, &gid)) {
 		DEBUG(10, ("Could not find alias just created\n"));
@@ -4539,7 +5040,7 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
 	info->acc_granted = GENERIC_RIGHTS_ALIAS_ALL_ACCESS;
 
 	/* get a (unique) handle.  open a policy on it. */
-	if (!create_policy_hnd(p, &r_u->alias_pol, free_samr_info, (void *)info))
+	if (!create_policy_hnd(p, r->out.alias_handle, free_samr_info, (void *)info))
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 
 	force_flush_samr_cache(disp_info);
@@ -4548,68 +5049,81 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S
 }
 
 /*********************************************************************
- _samr_query_groupinfo
-
-sends the name/comment pair of a domain group
-level 1 send also the number of users of that group
+ _samr_QueryGroupInfo
 *********************************************************************/
 
-NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAMR_R_QUERY_GROUPINFO *r_u)
+NTSTATUS _samr_QueryGroupInfo(pipes_struct *p,
+			      struct samr_QueryGroupInfo *r)
 {
+	NTSTATUS status;
 	DOM_SID group_sid;
 	GROUP_MAP map;
-	GROUP_INFO_CTR *ctr;
+	union samr_GroupInfo *info = NULL;
 	uint32 acc_granted;
 	bool ret;
+	uint32_t attributes = SE_GROUP_MANDATORY |
+			      SE_GROUP_ENABLED_BY_DEFAULT |
+			      SE_GROUP_ENABLED;
+	const char *group_name = NULL;
+	const char *group_description = NULL;
 
-	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted, NULL)) 
+	if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, NULL))
 		return NT_STATUS_INVALID_HANDLE;
-	
-	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_LOOKUP_INFO, "_samr_query_groupinfo"))) {
-		return r_u->status;
+
+	status = access_check_samr_function(acc_granted,
+					    SA_RIGHT_GROUP_LOOKUP_INFO,
+					    "_samr_QueryGroupInfo");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
-		
+
 	become_root();
 	ret = get_domain_group_from_sid(group_sid, &map);
 	unbecome_root();
 	if (!ret)
 		return NT_STATUS_INVALID_HANDLE;
 
-	ctr=TALLOC_ZERO_P(p->mem_ctx, GROUP_INFO_CTR);
-	if (ctr==NULL)
+	/* FIXME: map contains fstrings */
+	group_name = talloc_strdup(r, map.nt_name);
+	group_description = talloc_strdup(r, map.comment);
+
+	info = TALLOC_ZERO_P(p->mem_ctx, union samr_GroupInfo);
+	if (!info) {
 		return NT_STATUS_NO_MEMORY;
+	}
 
-	switch (q_u->switch_level) {
+	switch (r->in.level) {
 		case 1: {
 			uint32 *members;
 			size_t num_members;
 
-			ctr->switch_value1 = 1;
-
 			become_root();
-			r_u->status = pdb_enum_group_members(
+			status = pdb_enum_group_members(
 				p->mem_ctx, &group_sid, &members, &num_members);
 			unbecome_root();
-	
-			if (!NT_STATUS_IS_OK(r_u->status)) {
-				return r_u->status;
+
+			if (!NT_STATUS_IS_OK(status)) {
+				return status;
 			}
 
-			init_samr_group_info1(&ctr->group.info1, map.nt_name,
-				      map.comment, num_members);
+			init_samr_group_info1(&info->all,
+					      group_name,
+					      attributes,
+					      num_members,
+					      group_description);
 			break;
 		}
 		case 2:
-			ctr->switch_value1 = 2;
-			init_samr_group_info2(&ctr->group.info2, map.nt_name);
+			init_samr_group_info2(&info->name,
+					      group_name);
 			break;
 		case 3:
-			ctr->switch_value1 = 3;
-			init_samr_group_info3(&ctr->group.info3);
+			init_samr_group_info3(&info->attributes,
+					      attributes);
 			break;
 		case 4:
-			ctr->switch_value1 = 4;
-			init_samr_group_info4(&ctr->group.info4, map.comment);
+			init_samr_group_info4(&info->description,
+					      group_description);
 			break;
 		case 5: {
 			/*
@@ -4617,69 +5131,70 @@ NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAM
 			size_t num_members;
 			*/
 
-			ctr->switch_value1 = 5;
-
 			/*
 			become_root();
-			r_u->status = pdb_enum_group_members(
+			status = pdb_enum_group_members(
 				p->mem_ctx, &group_sid, &members, &num_members);
 			unbecome_root();
-	
-			if (!NT_STATUS_IS_OK(r_u->status)) {
-				return r_u->status;
+
+			if (!NT_STATUS_IS_OK(status)) {
+				return status;
 			}
 			*/
-			init_samr_group_info5(&ctr->group.info5, map.nt_name,
-				      map.comment, 0 /* num_members */); /* in w2k3 this is always 0 */
+			init_samr_group_info5(&info->all2,
+					      group_name,
+					      attributes,
+					      0, /* num_members - in w2k3 this is always 0 */
+					      group_description);
+
 			break;
 		}
 		default:
 			return NT_STATUS_INVALID_INFO_CLASS;
 	}
 
-	init_samr_r_query_groupinfo(r_u, ctr, NT_STATUS_OK);
+	*r->out.info = info;
 
 	return NT_STATUS_OK;
 }
 
 /*********************************************************************
- _samr_set_groupinfo
- 
- update a domain group's comment.
+ _samr_SetGroupInfo
 *********************************************************************/
 
-NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_SET_GROUPINFO *r_u)
+NTSTATUS _samr_SetGroupInfo(pipes_struct *p,
+			    struct samr_SetGroupInfo *r)
 {
 	DOM_SID group_sid;
 	GROUP_MAP map;
-	GROUP_INFO_CTR *ctr;
 	uint32 acc_granted;
-	NTSTATUS ret;
-	bool result;
+	NTSTATUS status;
+	bool ret;
 	bool can_mod_accounts;
 	DISP_INFO *disp_info = NULL;
 
-	if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted, &disp_info))
+	if (!get_lsa_policy_samr_sid(p, r->in.group_handle, &group_sid, &acc_granted, &disp_info))
 		return NT_STATUS_INVALID_HANDLE;
-	
-	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_SET_INFO, "_samr_set_groupinfo"))) {
-		return r_u->status;
+
+	status = access_check_samr_function(acc_granted,
+					    SA_RIGHT_GROUP_SET_INFO,
+					    "_samr_SetGroupInfo");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
 
 	become_root();
-	result = get_domain_group_from_sid(group_sid, &map);
+	ret = get_domain_group_from_sid(group_sid, &map);
 	unbecome_root();
-	if (!result)
+	if (!ret)
 		return NT_STATUS_NO_SUCH_GROUP;
-	
-	ctr=q_u->ctr;
 
-	switch (ctr->switch_value1) {
+	switch (r->in.level) {
 		case 1:
-			unistr2_to_ascii(map.comment, &(ctr->group.info1.uni_acct_desc), sizeof(map.comment));
+			fstrcpy(map.comment, r->in.info->all.description.string);
 			break;
 		case 4:
-			unistr2_to_ascii(map.comment, &(ctr->group.info4.uni_acct_desc), sizeof(map.comment));
+			fstrcpy(map.comment, r->in.info->description.string);
 			break;
 		default:
 			return NT_STATUS_INVALID_INFO_CLASS;
@@ -4691,45 +5206,44 @@ NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_
 
 	if ( can_mod_accounts )
 		become_root();
-	  
-	ret = pdb_update_group_mapping_entry(&map);
+
+	status = pdb_update_group_mapping_entry(&map);
 
 	if ( can_mod_accounts )
 		unbecome_root();
 
 	/******** End SeAddUsers BLOCK *********/
 
-	if (NT_STATUS_IS_OK(ret)) {
+	if (NT_STATUS_IS_OK(status)) {
 		force_flush_samr_cache(disp_info);
 	}
 
-	return ret;
+	return status;
 }
 
 /*********************************************************************
- _samr_set_aliasinfo
- 
- update an alias's comment.
+ _samr_SetAliasInfo
 *********************************************************************/
 
-NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_SET_ALIASINFO *r_u)
+NTSTATUS _samr_SetAliasInfo(pipes_struct *p,
+			    struct samr_SetAliasInfo *r)
 {
 	DOM_SID group_sid;
 	struct acct_info info;
-	ALIAS_INFO_CTR *ctr;
 	uint32 acc_granted;
 	bool can_mod_accounts;
 	NTSTATUS status;
 	DISP_INFO *disp_info = NULL;
 
-	if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &group_sid, &acc_granted, &disp_info))
+	if (!get_lsa_policy_samr_sid(p, r->in.alias_handle, &group_sid, &acc_granted, &disp_info))
 		return NT_STATUS_INVALID_HANDLE;
-	
-	if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_SET_INFO, "_samr_set_aliasinfo"))) {
-		return r_u->status;
+
+	status = access_check_samr_function(acc_granted,
+					    SA_RIGHT_ALIAS_SET_INFO,
+					    "_samr_SetAliasInfo");
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
-		
-	ctr=&q_u->ctr;
 
 	/* get the current group information */
 
@@ -4740,13 +5254,13 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_
 	if ( !NT_STATUS_IS_OK(status))
 		return status;
 
-	switch (ctr->level) {
-		case 2:
+	switch (r->in.level) {
+		case ALIASINFONAME:
 		{
-			fstring group_name, acct_name;
+			fstring group_name;
 
 			/* We currently do not support renaming groups in the
-			   the BUILTIN domain.  Refer to util_builtin.c to understand 
+			   the BUILTIN domain.  Refer to util_builtin.c to understand
 			   why.  The eventually needs to be fixed to be like Windows
 			   where you can rename builtin groups, just not delete them */
 
@@ -4756,37 +5270,33 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_
 
 			/* There has to be a valid name (and it has to be different) */
 
-			if ( !ctr->alias.info2.name.string ) 
+			if ( !r->in.info->name.string )
 				return NT_STATUS_INVALID_PARAMETER;
 
-			unistr2_to_ascii( acct_name, ctr->alias.info2.name.string, 
-				sizeof(acct_name));
-
 			/* If the name is the same just reply "ok".  Yes this
 			   doesn't allow you to change the case of a group name. */
 
-			if ( strequal( acct_name, info.acct_name ) )
+			if ( strequal( r->in.info->name.string, info.acct_name ) )
 				return NT_STATUS_OK;
 
-			fstrcpy( info.acct_name, acct_name );
+			fstrcpy( info.acct_name, r->in.info->name.string);
 
-			/* make sure the name doesn't already exist as a user 
+			/* make sure the name doesn't already exist as a user
 			   or local group */
 
 			fstr_sprintf( group_name, "%s\\%s", global_myname(), info.acct_name );
 			status = can_create( p->mem_ctx, group_name );
-			if ( !NT_STATUS_IS_OK( status ) ) 
+			if ( !NT_STATUS_IS_OK( status ) )
 				return status;
 			break;
 		}
-		case 3:
-			if ( ctr->alias.info3.description.string ) {
-				unistr2_to_ascii( info.acct_desc, 
-					ctr->alias.info3.description.string, 
-					sizeof(info.acct_desc));
-			}
-			else
+		case ALIASINFODESCRIPTION:
+			if (r->in.info->description.string) {
+				fstrcpy(info.acct_desc,
+					r->in.info->description.string);
+			} else {
 				fstrcpy( info.acct_desc, "" );
+			}
 			break;
 		default:
 			return NT_STATUS_INVALID_INFO_CLASS;
@@ -4812,32 +5322,35 @@ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_
 	return status;
 }
 
-/*********************************************************************
- _samr_get_dom_pwinfo
-*********************************************************************/
+/****************************************************************
+ _samr_GetDomPwInfo
+****************************************************************/
 
-NTSTATUS _samr_get_dom_pwinfo(pipes_struct *p, SAMR_Q_GET_DOM_PWINFO *q_u, SAMR_R_GET_DOM_PWINFO *r_u)
+NTSTATUS _samr_GetDomPwInfo(pipes_struct *p,
+			    struct samr_GetDomPwInfo *r)
 {
 	/* Perform access check.  Since this rpc does not require a
 	   policy handle it will not be caught by the access checks on
 	   SAMR_CONNECT or SAMR_CONNECT_ANON. */
 
 	if (!pipe_access_check(p)) {
-		DEBUG(3, ("access denied to samr_get_dom_pwinfo\n"));
-		r_u->status = NT_STATUS_ACCESS_DENIED;
-		return r_u->status;
+		DEBUG(3, ("access denied to _samr_GetDomPwInfo\n"));
+		return NT_STATUS_ACCESS_DENIED;
 	}
 
 	/* Actually, returning zeros here works quite well :-). */
+	ZERO_STRUCTP(r->out.info);
 
 	return NT_STATUS_OK;
 }
 
 /*********************************************************************
- _samr_open_group
+ _samr_OpenGroup
 *********************************************************************/
 
-NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_GROUP *r_u)
+NTSTATUS _samr_OpenGroup(pipes_struct *p,
+			 struct samr_OpenGroup *r)
+
 {
 	DOM_SID sid;
 	DOM_SID info_sid;
@@ -4845,50 +5358,51 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G
 	struct samr_info *info;
 	SEC_DESC         *psd = NULL;
 	uint32            acc_granted;
-	uint32            des_access = q_u->access_mask;
+	uint32            des_access = r->in.access_mask;
 	size_t            sd_size;
 	NTSTATUS          status;
 	fstring sid_string;
 	bool ret;
 	SE_PRIV se_rights;
 
-	if (!get_lsa_policy_samr_sid(p, &q_u->domain_pol, &sid, &acc_granted, NULL)) 
+	if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &sid, &acc_granted, NULL))
 		return NT_STATUS_INVALID_HANDLE;
-	
-	status = access_check_samr_function(acc_granted, 
-		SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_group");
-		
+
+	status = access_check_samr_function(acc_granted,
+					    SA_RIGHT_DOMAIN_OPEN_ACCOUNT,
+					    "_samr_OpenGroup");
+
 	if ( !NT_STATUS_IS_OK(status) )
 		return status;
-		
+
 	/*check if access can be granted as requested by client. */
 	make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &grp_generic_mapping, NULL, 0);
 	se_map_generic(&des_access,&grp_generic_mapping);
 
 	se_priv_copy( &se_rights, &se_add_users );
 
-	status = access_check_samr_object(psd, p->pipe_user.nt_user_token, 
-		&se_rights, GENERIC_RIGHTS_GROUP_WRITE, des_access, 
-		&acc_granted, "_samr_open_group");
-		
-	if ( !NT_STATUS_IS_OK(status) ) 
+	status = access_check_samr_object(psd, p->pipe_user.nt_user_token,
+		&se_rights, GENERIC_RIGHTS_GROUP_WRITE, des_access,
+		&acc_granted, "_samr_OpenGroup");
+
+	if ( !NT_STATUS_IS_OK(status) )
 		return status;
 
 	/* this should not be hard-coded like this */
-	
+
 	if (!sid_equal(&sid, get_global_sam_sid()))
 		return NT_STATUS_ACCESS_DENIED;
 
 	sid_copy(&info_sid, get_global_sam_sid());
-	sid_append_rid(&info_sid, q_u->rid_group);
+	sid_append_rid(&info_sid, r->in.rid);
 	sid_to_fstring(sid_string, &info_sid);
 
 	if ((info = get_samr_info_by_sid(&info_sid)) == NULL)
 		return NT_STATUS_NO_MEMORY;
-		
+
 	info->acc_granted = acc_granted;
 
-	DEBUG(10, ("_samr_open_group:Opening SID: %s\n", sid_string));
+	DEBUG(10, ("_samr_OpenGroup:Opening SID: %s\n", sid_string));
 
 	/* check if that group really exists */
 	become_root();
@@ -4898,46 +5412,46 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G
 		return NT_STATUS_NO_SUCH_GROUP;
 
 	/* get a (unique) handle.  open a policy on it. */
-	if (!create_policy_hnd(p, &r_u->pol, free_samr_info, (void *)info))
+	if (!create_policy_hnd(p, r->out.group_handle, free_samr_info, (void *)info))
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 
 	return NT_STATUS_OK;
 }
 
 /*********************************************************************
- _samr_remove_sid_foreign_domain
+ _samr_RemoveMemberFromForeignDomain
 *********************************************************************/
 
-NTSTATUS _samr_remove_sid_foreign_domain(pipes_struct *p, 
-                                          SAMR_Q_REMOVE_SID_FOREIGN_DOMAIN *q_u, 
-                                          SAMR_R_REMOVE_SID_FOREIGN_DOMAIN *r_u)
+NTSTATUS _samr_RemoveMemberFromForeignDomain(pipes_struct *p,
+					     struct samr_RemoveMemberFromForeignDomain *r)
 {
 	DOM_SID			delete_sid, domain_sid;
 	uint32 			acc_granted;
 	NTSTATUS		result;
 	DISP_INFO *disp_info = NULL;
 
-	sid_copy( &delete_sid, &q_u->sid.sid );
+	sid_copy( &delete_sid, r->in.sid );
 
-	DEBUG(5,("_samr_remove_sid_foreign_domain: removing SID [%s]\n",
+	DEBUG(5,("_samr_RemoveMemberFromForeignDomain: removing SID [%s]\n",
 		sid_string_dbg(&delete_sid)));
 
 	/* Find the policy handle. Open a policy on it. */
 
-	if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &domain_sid,
-				     &acc_granted, &disp_info)) 
+	if (!get_lsa_policy_samr_sid(p, r->in.domain_handle, &domain_sid,
+				     &acc_granted, &disp_info))
 		return NT_STATUS_INVALID_HANDLE;
-	
-	result = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, 
-		"_samr_remove_sid_foreign_domain");
-		
-	if (!NT_STATUS_IS_OK(result)) 
+
+	result = access_check_samr_function(acc_granted,
+					    STD_RIGHT_DELETE_ACCESS,
+					    "_samr_RemoveMemberFromForeignDomain");
+
+	if (!NT_STATUS_IS_OK(result))
 		return result;
-			
-	DEBUG(8, ("_samr_remove_sid_foreign_domain:sid is %s\n",
+
+	DEBUG(8, ("_samr_RemoveMemberFromForeignDomain: sid is %s\n",
 		  sid_string_dbg(&domain_sid)));
 
-	/* we can only delete a user from a group since we don't have 
+	/* we can only delete a user from a group since we don't have
 	   nested groups anyways.  So in the latter case, just say OK */
 
 	/* TODO: The above comment nowadays is bogus. Since we have nested
@@ -4952,7 +5466,7 @@ NTSTATUS _samr_remove_sid_foreign_domain(pipes_struct *p,
 	 * other cases. */
 
 	if (!sid_check_is_builtin(&domain_sid)) {
-		DEBUG(1,("_samr_remove_sid_foreign_domain: domain_sid = %s, "
+		DEBUG(1,("_samr_RemoveMemberFromForeignDomain: domain_sid = %s, "
 			 "global_sam_sid() = %s\n",
 			 sid_string_dbg(&domain_sid),
 			 sid_string_dbg(get_global_sam_sid())));
@@ -4968,68 +5482,52 @@ NTSTATUS _samr_remove_sid_foreign_domain(pipes_struct *p,
 }
 
 /*******************************************************************
- _samr_query_domain_info2
+ _samr_QueryDomainInfo2
  ********************************************************************/
 
-NTSTATUS _samr_query_domain_info2(pipes_struct *p,
-				  SAMR_Q_QUERY_DOMAIN_INFO2 *q_u,
-				  SAMR_R_QUERY_DOMAIN_INFO2 *r_u)
+NTSTATUS _samr_QueryDomainInfo2(pipes_struct *p,
+				struct samr_QueryDomainInfo2 *r)
 {
-	SAMR_Q_QUERY_DOMAIN_INFO q;
-	SAMR_R_QUERY_DOMAIN_INFO r;
-
-	ZERO_STRUCT(q);
-	ZERO_STRUCT(r);
-
-	DEBUG(5,("_samr_query_domain_info2: %d\n", __LINE__));
-
-	q.domain_pol = q_u->domain_pol;
-	q.switch_value = q_u->switch_value;
-
-	r_u->status = _samr_query_domain_info(p, &q, &r);
-
-	r_u->ptr_0 		= r.ptr_0;
-	r_u->switch_value	= r.switch_value;
-	r_u->ctr		= r.ctr;
-
-	return r_u->status;
+	return samr_QueryDomainInfo_internal("_samr_QueryDomainInfo2",
+					     p,
+					     r->in.domain_handle,
+					     r->in.level,
+					     r->out.info);
 }
 
 /*******************************************************************
- _samr_set_dom_info
+ _samr_SetDomainInfo
  ********************************************************************/
 
-NTSTATUS _samr_set_dom_info(pipes_struct *p, SAMR_Q_SET_DOMAIN_INFO *q_u, SAMR_R_SET_DOMAIN_INFO *r_u)
+NTSTATUS _samr_SetDomainInfo(pipes_struct *p,
+			     struct samr_SetDomainInfo *r)
 {
 	time_t u_expire, u_min_age;
 	time_t u_logout;
 	time_t u_lock_duration, u_reset_time;
 
-	r_u->status = NT_STATUS_OK;
-
-	DEBUG(5,("_samr_set_dom_info: %d\n", __LINE__));
+	DEBUG(5,("_samr_SetDomainInfo: %d\n", __LINE__));
 
 	/* find the policy handle.  open a policy on it. */
-	if (!find_policy_by_hnd(p, &q_u->domain_pol, NULL))
+	if (!find_policy_by_hnd(p, r->in.domain_handle, NULL))
 		return NT_STATUS_INVALID_HANDLE;
 
-	DEBUG(5,("_samr_set_dom_info: switch_value: %d\n", q_u->switch_value));
+	DEBUG(5,("_samr_SetDomainInfo: level: %d\n", r->in.level));
 
-	switch (q_u->switch_value) {
+	switch (r->in.level) {
         	case 0x01:
-			u_expire=nt_time_to_unix_abs(&q_u->ctr->info.inf1.expire);
-			u_min_age=nt_time_to_unix_abs(&q_u->ctr->info.inf1.min_passwordage);
-			
-			pdb_set_account_policy(AP_MIN_PASSWORD_LEN, (uint32)q_u->ctr->info.inf1.min_length_password);
-			pdb_set_account_policy(AP_PASSWORD_HISTORY, (uint32)q_u->ctr->info.inf1.password_history);
-			pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, (uint32)q_u->ctr->info.inf1.password_properties);
+			u_expire=nt_time_to_unix_abs((NTTIME *)&r->in.info->info1.max_password_age);
+			u_min_age=nt_time_to_unix_abs((NTTIME *)&r->in.info->info1.min_password_age);
+			pdb_set_account_policy(AP_MIN_PASSWORD_LEN, (uint32)r->in.info->info1.min_password_length);
+			pdb_set_account_policy(AP_PASSWORD_HISTORY, (uint32)r->in.info->info1.password_history_length);
+			pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, (uint32)r->in.info->info1.password_properties);
 			pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (int)u_expire);
 			pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (int)u_min_age);
             		break;
         	case 0x02:
 			break;
 		case 0x03:
-			u_logout=nt_time_to_unix_abs(&q_u->ctr->info.inf3.logout);
+			u_logout=nt_time_to_unix_abs((NTTIME *)&r->in.info->info3.force_logoff_time);
 			pdb_set_account_policy(AP_TIME_TO_LOGOUT, (int)u_logout);
 			break;
 		case 0x05:
@@ -5039,23 +5537,201 @@ NTSTATUS _samr_set_dom_info(pipes_struct *p, SAMR_Q_SET_DOMAIN_INFO *q_u, SAMR_R
 		case 0x07:
 			break;
 		case 0x0c:
-			u_lock_duration=nt_time_to_unix_abs(&q_u->ctr->info.inf12.duration);
+			u_lock_duration=nt_time_to_unix_abs((NTTIME *)&r->in.info->info12.lockout_duration);
 			if (u_lock_duration != -1)
 				u_lock_duration /= 60;
 
-			u_reset_time=nt_time_to_unix_abs(&q_u->ctr->info.inf12.reset_count)/60;
-			
+			u_reset_time=nt_time_to_unix_abs((NTTIME *)&r->in.info->info12.lockout_window)/60;
+
 			pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (int)u_lock_duration);
 			pdb_set_account_policy(AP_RESET_COUNT_TIME, (int)u_reset_time);
-			pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, (uint32)q_u->ctr->info.inf12.bad_attempt_lockout);
+			pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, (uint32)r->in.info->info12.lockout_threshold);
 			break;
 		default:
 			return NT_STATUS_INVALID_INFO_CLASS;
 	}
 
-	init_samr_r_set_domain_info(r_u, NT_STATUS_OK);
+	DEBUG(5,("_samr_SetDomainInfo: %d\n", __LINE__));
+
+	return NT_STATUS_OK;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_Shutdown(pipes_struct *p,
+			struct samr_Shutdown *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_CreateUser(pipes_struct *p,
+			  struct samr_CreateUser *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_SetMemberAttributesOfGroup(pipes_struct *p,
+					  struct samr_SetMemberAttributesOfGroup *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_ChangePasswordUser(pipes_struct *p,
+				  struct samr_ChangePasswordUser *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_GetDisplayEnumerationIndex(pipes_struct *p,
+					  struct samr_GetDisplayEnumerationIndex *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
 
-	DEBUG(5,("_samr_set_dom_info: %d\n", __LINE__));
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_TestPrivateFunctionsDomain(pipes_struct *p,
+					  struct samr_TestPrivateFunctionsDomain *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_TestPrivateFunctionsUser(pipes_struct *p,
+					struct samr_TestPrivateFunctionsUser *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
 
-	return r_u->status;
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_QueryUserInfo2(pipes_struct *p,
+			      struct samr_QueryUserInfo2 *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_GetDisplayEnumerationIndex2(pipes_struct *p,
+					   struct samr_GetDisplayEnumerationIndex2 *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_AddMultipleMembersToAlias(pipes_struct *p,
+					 struct samr_AddMultipleMembersToAlias *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_RemoveMultipleMembersFromAlias(pipes_struct *p,
+					      struct samr_RemoveMultipleMembersFromAlias *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_OemChangePasswordUser2(pipes_struct *p,
+				      struct samr_OemChangePasswordUser2 *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_SetBootKeyInformation(pipes_struct *p,
+				     struct samr_SetBootKeyInformation *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_GetBootKeyInformation(pipes_struct *p,
+				     struct samr_GetBootKeyInformation *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_Connect3(pipes_struct *p,
+			struct samr_Connect3 *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_RidToSid(pipes_struct *p,
+			struct samr_RidToSid *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_SetDsrmPassword(pipes_struct *p,
+			       struct samr_SetDsrmPassword *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+/****************************************************************
+****************************************************************/
+
+NTSTATUS _samr_ValidatePassword(pipes_struct *p,
+				struct samr_ValidatePassword *r)
+{
+	p->rng_fault_state = true;
+	return NT_STATUS_NOT_IMPLEMENTED;
 }
diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c
index bde7936343..688d72064f 100644
--- a/source3/rpc_server/srv_samr_util.c
+++ b/source3/rpc_server/srv_samr_util.c
@@ -1,22 +1,23 @@
-/* 
+/*
    Unix SMB/CIFS implementation.
    SAMR Pipe utility functions.
-   
+
    Copyright (C) Luke Kenneth Casson Leighton 	1996-1998
    Copyright (C) Gerald (Jerry) Carter		2000-2001
    Copyright (C) Andrew Bartlett		2001-2002
    Copyright (C) Stefan (metze) Metzmacher	2002
-      
+   Copyright (C) Guenther Deschner		2008
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -35,682 +36,340 @@
 		((s1) && (s2) && (strcmp((s1), (s2)) != 0))
 
 /*************************************************************
- Copies a SAM_USER_INFO_20 to a struct samu
+ Copies a struct samr_UserInfo20 to a struct samu
 **************************************************************/
 
-void copy_id20_to_sam_passwd(struct samu *to, SAM_USER_INFO_20 *from)
+void copy_id20_to_sam_passwd(struct samu *to,
+			     struct samr_UserInfo20 *from)
 {
 	const char *old_string;
 	char *new_string;
 	DATA_BLOB mung;
 
-	if (from == NULL || to == NULL) 
+	if (from == NULL || to == NULL) {
 		return;
-	
-	if (from->hdr_munged_dial.buffer) {
+	}
+
+	if (from->parameters.string) {
 		old_string = pdb_get_munged_dial(to);
-		mung.length = from->hdr_munged_dial.uni_str_len;
-		mung.data = (uint8 *) from->uni_munged_dial.buffer;
+		mung.length = from->parameters.length;
+		mung.data = (uint8_t *)from->parameters.string;
 		mung.free = NULL;
 		new_string = (mung.length == 0) ?
-			NULL : base64_encode_data_blob(mung);
-		DEBUG(10,("INFO_20 UNI_MUNGED_DIAL: %s -> %s\n",old_string, new_string));
-		if (STRING_CHANGED_NC(old_string,new_string))
-			pdb_set_munged_dial(to   , new_string, PDB_CHANGED);
+			NULL : base64_encode_data_blob(talloc_tos(), mung);
+		DEBUG(10,("INFO_20 PARAMETERS: %s -> %s\n",
+			old_string, new_string));
+		if (STRING_CHANGED_NC(old_string,new_string)) {
+			pdb_set_munged_dial(to, new_string, PDB_CHANGED);
+		}
 
 		TALLOC_FREE(new_string);
 	}
 }
 
 /*************************************************************
- Copies a SAM_USER_INFO_21 to a struct samu
+ Copies a struct samr_UserInfo21 to a struct samu
 **************************************************************/
 
-void copy_id21_to_sam_passwd(struct samu *to, SAM_USER_INFO_21 *from)
+void copy_id21_to_sam_passwd(const char *log_prefix,
+			     struct samu *to,
+			     struct samr_UserInfo21 *from)
 {
 	time_t unix_time, stored_time;
 	const char *old_string, *new_string;
 	DATA_BLOB mung;
+	const char *l;
 
-	if (from == NULL || to == NULL) 
+	if (from == NULL || to == NULL) {
 		return;
+	}
+
+	if (log_prefix) {
+		l = log_prefix;
+	} else {
+		l = "INFO_21";
+	}
 
-	if (from->fields_present & ACCT_LAST_LOGON) {
-		unix_time=nt_time_to_unix(from->logon_time);
+	if (from->fields_present & SAMR_FIELD_LAST_LOGON) {
+		unix_time = nt_time_to_unix(from->last_logon);
 		stored_time = pdb_get_logon_time(to);
-		DEBUG(10,("INFO_21 LOGON_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
-		if (stored_time != unix_time) 
+		DEBUG(10,("%s SAMR_FIELD_LAST_LOGON: %lu -> %lu\n", l,
+			(long unsigned int)stored_time,
+			(long unsigned int)unix_time));
+		if (stored_time != unix_time) {
 			pdb_set_logon_time(to, unix_time, PDB_CHANGED);
+		}
 	}
 
-	if (from->fields_present & ACCT_LAST_LOGOFF) {
-		unix_time=nt_time_to_unix(from->logoff_time);
+	if (from->fields_present & SAMR_FIELD_LAST_LOGOFF) {
+		unix_time = nt_time_to_unix(from->last_logoff);
 		stored_time = pdb_get_logoff_time(to);
-		DEBUG(10,("INFO_21 LOGOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
-		if (stored_time != unix_time) 
+		DEBUG(10,("%s SAMR_FIELD_LAST_LOGOFF: %lu -> %lu\n", l,
+			(long unsigned int)stored_time,
+			(long unsigned int)unix_time));
+		if (stored_time != unix_time) {
 			pdb_set_logoff_time(to, unix_time, PDB_CHANGED);
+		}
 	}
 
-	if (from->fields_present & ACCT_EXPIRY) {
-		unix_time=nt_time_to_unix(from->kickoff_time);
+	if (from->fields_present & SAMR_FIELD_ACCT_EXPIRY) {
+		unix_time = nt_time_to_unix(from->acct_expiry);
 		stored_time = pdb_get_kickoff_time(to);
-		DEBUG(10,("INFO_21 KICKOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
-		if (stored_time != unix_time) 
+		DEBUG(10,("%s SAMR_FIELD_ACCT_EXPIRY: %lu -> %lu\n", l,
+			(long unsigned int)stored_time,
+			(long unsigned int)unix_time));
+		if (stored_time != unix_time) {
 			pdb_set_kickoff_time(to, unix_time , PDB_CHANGED);
-	}	
+		}
+	}
 
-	if (from->fields_present & ACCT_LAST_PWD_CHANGE) {
-		unix_time=nt_time_to_unix(from->pass_last_set_time);
+	if (from->fields_present & SAMR_FIELD_LAST_PWD_CHANGE) {
+		unix_time = nt_time_to_unix(from->last_password_change);
 		stored_time = pdb_get_pass_last_set_time(to);
-		DEBUG(10,("INFO_21 PASS_LAST_SET: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
-		if (stored_time != unix_time) 
+		DEBUG(10,("%s SAMR_FIELD_LAST_PWD_CHANGE: %lu -> %lu\n", l,
+			(long unsigned int)stored_time,
+			(long unsigned int)unix_time));
+		if (stored_time != unix_time) {
 			pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED);
+		}
 	}
 
-	if ((from->fields_present & ACCT_USERNAME) &&
-	    (from->hdr_user_name.buffer)) {
+	if ((from->fields_present & SAMR_FIELD_ACCOUNT_NAME) &&
+	    (from->account_name.string)) {
 		old_string = pdb_get_username(to);
-		new_string = unistr2_static(&from->uni_user_name);
-		DEBUG(10,("INFO_21 UNI_USER_NAME: %s -> %s\n", old_string, new_string));
-		if (STRING_CHANGED)
-		    pdb_set_username(to      , new_string, PDB_CHANGED);
+		new_string = from->account_name.string;
+		DEBUG(10,("%s SAMR_FIELD_ACCOUNT_NAME: %s -> %s\n", l,
+			old_string, new_string));
+		if (STRING_CHANGED) {
+			pdb_set_username(to, new_string, PDB_CHANGED);
+		}
 	}
 
-	if ((from->fields_present & ACCT_FULL_NAME) &&
-	    (from->hdr_full_name.buffer)) {
+	if ((from->fields_present & SAMR_FIELD_FULL_NAME) &&
+	    (from->full_name.string)) {
 		old_string = pdb_get_fullname(to);
-		new_string = unistr2_static(&from->uni_full_name);
-		DEBUG(10,("INFO_21 UNI_FULL_NAME: %s -> %s\n",old_string, new_string));
-		if (STRING_CHANGED)
-			pdb_set_fullname(to      , new_string, PDB_CHANGED);
+		new_string = from->full_name.string;
+		DEBUG(10,("%s SAMR_FIELD_FULL_NAME: %s -> %s\n", l,
+			old_string, new_string));
+		if (STRING_CHANGED) {
+			pdb_set_fullname(to, new_string, PDB_CHANGED);
+		}
 	}
-	
-	if ((from->fields_present & ACCT_HOME_DIR) &&
-	    (from->hdr_home_dir.buffer)) {
+
+	if ((from->fields_present & SAMR_FIELD_HOME_DIRECTORY) &&
+	    (from->home_directory.string)) {
 		old_string = pdb_get_homedir(to);
-		new_string = unistr2_static(&from->uni_home_dir);
-		DEBUG(10,("INFO_21 UNI_HOME_DIR: %s -> %s\n",old_string,new_string));
-		if (STRING_CHANGED)
-			pdb_set_homedir(to       , new_string, PDB_CHANGED);
+		new_string = from->home_directory.string;
+		DEBUG(10,("%s SAMR_FIELD_HOME_DIRECTORY: %s -> %s\n", l,
+			old_string, new_string));
+		if (STRING_CHANGED) {
+			pdb_set_homedir(to, new_string, PDB_CHANGED);
+		}
 	}
 
-	if ((from->fields_present & ACCT_HOME_DRIVE) &&
-	    (from->hdr_dir_drive.buffer)) {
+	if ((from->fields_present & SAMR_FIELD_HOME_DRIVE) &&
+	    (from->home_drive.string)) {
 		old_string = pdb_get_dir_drive(to);
-		new_string = unistr2_static(&from->uni_dir_drive);
-		DEBUG(10,("INFO_21 UNI_DIR_DRIVE: %s -> %s\n",old_string,new_string));
-		if (STRING_CHANGED)
-			pdb_set_dir_drive(to     , new_string, PDB_CHANGED);
+		new_string = from->home_drive.string;
+		DEBUG(10,("%s SAMR_FIELD_HOME_DRIVE: %s -> %s\n", l,
+			old_string, new_string));
+		if (STRING_CHANGED) {
+			pdb_set_dir_drive(to, new_string, PDB_CHANGED);
+		}
 	}
 
-	if ((from->fields_present & ACCT_LOGON_SCRIPT) &&
-	    (from->hdr_logon_script.buffer)) {
+	if ((from->fields_present & SAMR_FIELD_LOGON_SCRIPT) &&
+	    (from->logon_script.string)) {
 		old_string = pdb_get_logon_script(to);
-		new_string = unistr2_static(&from->uni_logon_script);
-		DEBUG(10,("INFO_21 UNI_LOGON_SCRIPT: %s -> %s\n",old_string,new_string));
-		if (STRING_CHANGED)
+		new_string = from->logon_script.string;
+		DEBUG(10,("%s SAMR_FIELD_LOGON_SCRIPT: %s -> %s\n", l,
+			old_string, new_string));
+		if (STRING_CHANGED) {
 			pdb_set_logon_script(to  , new_string, PDB_CHANGED);
+		}
 	}
 
-	if ((from->fields_present & ACCT_PROFILE) &&
-	    (from->hdr_profile_path.buffer)) {
+	if ((from->fields_present & SAMR_FIELD_PROFILE_PATH) &&
+	    (from->profile_path.string)) {
 		old_string = pdb_get_profile_path(to);
-		new_string = unistr2_static(&from->uni_profile_path);
-		DEBUG(10,("INFO_21 UNI_PROFILE_PATH: %s -> %s\n",old_string, new_string));
-		if (STRING_CHANGED)
+		new_string = from->profile_path.string;
+		DEBUG(10,("%s SAMR_FIELD_PROFILE_PATH: %s -> %s\n", l,
+			old_string, new_string));
+		if (STRING_CHANGED) {
 			pdb_set_profile_path(to  , new_string, PDB_CHANGED);
+		}
 	}
-	
-	if ((from->fields_present & ACCT_DESCRIPTION) &&
-	    (from->hdr_acct_desc.buffer)) {
+
+	if ((from->fields_present & SAMR_FIELD_DESCRIPTION) &&
+	    (from->description.string)) {
 		old_string = pdb_get_acct_desc(to);
-		new_string = unistr2_static(&from->uni_acct_desc);
-		DEBUG(10,("INFO_21 UNI_ACCT_DESC: %s -> %s\n",old_string,new_string));
-		if (STRING_CHANGED)
-			pdb_set_acct_desc(to     , new_string, PDB_CHANGED);
+		new_string = from->description.string;
+		DEBUG(10,("%s SAMR_FIELD_DESCRIPTION: %s -> %s\n", l,
+			old_string, new_string));
+		if (STRING_CHANGED) {
+			pdb_set_acct_desc(to, new_string, PDB_CHANGED);
+		}
 	}
-	
-	if ((from->fields_present & ACCT_WORKSTATIONS) &&
-	    (from->hdr_workstations.buffer)) {
+
+	if ((from->fields_present & SAMR_FIELD_WORKSTATIONS) &&
+	    (from->workstations.string)) {
 		old_string = pdb_get_workstations(to);
-		new_string = unistr2_static(&from->uni_workstations);
-		DEBUG(10,("INFO_21 UNI_WORKSTATIONS: %s -> %s\n",old_string, new_string));
-		if (STRING_CHANGED)
+		new_string = from->workstations.string;
+		DEBUG(10,("%s SAMR_FIELD_WORKSTATIONS: %s -> %s\n", l,
+			old_string, new_string));
+		if (STRING_CHANGED) {
 			pdb_set_workstations(to  , new_string, PDB_CHANGED);
+		}
 	}
 
-	if ((from->fields_present & ACCT_COMMENT) &&
-	    (from->hdr_comment.buffer)) {
+	if ((from->fields_present & SAMR_FIELD_COMMENT) &&
+	    (from->comment.string)) {
 		old_string = pdb_get_comment(to);
-		new_string = unistr2_static(&from->uni_comment);
-		DEBUG(10,("INFO_21 UNI_COMMENT: %s -> %s\n",old_string, new_string));
-		if (STRING_CHANGED)
+		new_string = from->comment.string;
+		DEBUG(10,("%s SAMR_FIELD_COMMENT: %s -> %s\n", l,
+			old_string, new_string));
+		if (STRING_CHANGED) {
 			pdb_set_comment(to, new_string, PDB_CHANGED);
+		}
 	}
-	
-	if ((from->fields_present & ACCT_CALLBACK) &&
-	    (from->hdr_munged_dial.buffer)) {
+
+	if ((from->fields_present & SAMR_FIELD_PARAMETERS) &&
+	    (from->parameters.string)) {
 		char *newstr;
 		old_string = pdb_get_munged_dial(to);
-		mung.length = from->hdr_munged_dial.uni_str_len;
-		mung.data = (uint8 *) from->uni_munged_dial.buffer;
+		mung.length = from->parameters.length;
+		mung.data = (uint8_t *)from->parameters.string;
 		mung.free = NULL;
 		newstr = (mung.length == 0) ?
-			NULL : base64_encode_data_blob(mung);
-		DEBUG(10,("INFO_21 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr));
-		if (STRING_CHANGED_NC(old_string,newstr))
-			pdb_set_munged_dial(to   , newstr, PDB_CHANGED);
+			NULL : base64_encode_data_blob(talloc_tos(), mung);
+		DEBUG(10,("%s SAMR_FIELD_PARAMETERS: %s -> %s\n", l,
+			old_string, newstr));
+		if (STRING_CHANGED_NC(old_string,newstr)) {
+			pdb_set_munged_dial(to, newstr, PDB_CHANGED);
+		}
 
 		TALLOC_FREE(newstr);
 	}
-	
-	if (from->fields_present & ACCT_RID) {
-		if (from->user_rid == 0) {
-			DEBUG(10, ("INFO_21: Asked to set User RID to 0 !? Skipping change!\n"));
-		} else if (from->user_rid != pdb_get_user_rid(to)) {
-			DEBUG(10,("INFO_21 USER_RID: %u -> %u NOT UPDATED!\n",pdb_get_user_rid(to),from->user_rid));
+
+	if (from->fields_present & SAMR_FIELD_RID) {
+		if (from->rid == 0) {
+			DEBUG(10,("%s: Asked to set User RID to 0 !? Skipping change!\n", l));
+		} else if (from->rid != pdb_get_user_rid(to)) {
+			DEBUG(10,("%s SAMR_FIELD_RID: %u -> %u NOT UPDATED!\n", l,
+				pdb_get_user_rid(to), from->rid));
 		}
 	}
-	
-	if (from->fields_present & ACCT_PRIMARY_GID) {
-		if (from->group_rid == 0) {
-			DEBUG(10, ("INFO_21: Asked to set Group RID to 0 !? Skipping change!\n"));
-		} else if (from->group_rid != pdb_get_group_rid(to)) {
-			DEBUG(10,("INFO_21 GROUP_RID: %u -> %u\n",pdb_get_group_rid(to),from->group_rid));
-			pdb_set_group_sid_from_rid(to, from->group_rid, PDB_CHANGED);
+
+	if (from->fields_present & SAMR_FIELD_PRIMARY_GID) {
+		if (from->primary_gid == 0) {
+			DEBUG(10,("%s: Asked to set Group RID to 0 !? Skipping change!\n", l));
+		} else if (from->primary_gid != pdb_get_group_rid(to)) {
+			DEBUG(10,("%s SAMR_FIELD_PRIMARY_GID: %u -> %u\n", l,
+				pdb_get_group_rid(to), from->primary_gid));
+			pdb_set_group_sid_from_rid(to,
+				from->primary_gid, PDB_CHANGED);
 		}
 	}
-	
-	if (from->fields_present & ACCT_FLAGS) {
-		DEBUG(10,("INFO_21 ACCT_CTRL: %08X -> %08X\n",pdb_get_acct_ctrl(to),from->acb_info));
-		if (from->acb_info != pdb_get_acct_ctrl(to)) {
-			if (!(from->acb_info & ACB_AUTOLOCK) && (pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) {
+
+	if (from->fields_present & SAMR_FIELD_ACCT_FLAGS) {
+		DEBUG(10,("%s SAMR_FIELD_ACCT_FLAGS: %08X -> %08X\n", l,
+			pdb_get_acct_ctrl(to), from->acct_flags));
+		if (from->acct_flags != pdb_get_acct_ctrl(to)) {
+			if (!(from->acct_flags & ACB_AUTOLOCK) &&
+			     (pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) {
 				/* We're unlocking a previously locked user. Reset bad password counts.
 				   Patch from Jianliang Lu. <Jianliang.Lu@getronics.com> */
 				pdb_set_bad_password_count(to, 0, PDB_CHANGED);
 				pdb_set_bad_password_time(to, 0, PDB_CHANGED);
 			}
-			pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED);
+			pdb_set_acct_ctrl(to, from->acct_flags, PDB_CHANGED);
 		}
 	}
 
-	if (from->fields_present & ACCT_LOGON_HOURS) {
+	if (from->fields_present & SAMR_FIELD_LOGON_HOURS) {
 		char oldstr[44]; /* hours strings are 42 bytes. */
 		char newstr[44];
-		DEBUG(15,("INFO_21 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs));
-		if (from->logon_divs != pdb_get_logon_divs(to)) {
-			pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED);
+		DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (units_per_week): %08X -> %08X\n", l,
+			pdb_get_logon_divs(to), from->logon_hours.units_per_week));
+		if (from->logon_hours.units_per_week != pdb_get_logon_divs(to)) {
+			pdb_set_logon_divs(to,
+				from->logon_hours.units_per_week, PDB_CHANGED);
 		}
 
-		DEBUG(15,("INFO_21 LOGON_HRS.LEN: %08X -> %08X\n",pdb_get_hours_len(to),from->logon_hrs.len));
-		if (from->logon_hrs.len != pdb_get_hours_len(to)) {
-			pdb_set_hours_len(to, from->logon_hrs.len, PDB_CHANGED);
+		DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (units_per_week/8): %08X -> %08X\n", l,
+			pdb_get_hours_len(to),
+			from->logon_hours.units_per_week/8));
+		if (from->logon_hours.units_per_week/8 != pdb_get_hours_len(to)) {
+			pdb_set_hours_len(to,
+				from->logon_hours.units_per_week/8, PDB_CHANGED);
 		}
 
-		DEBUG(15,("INFO_21 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours));
+		DEBUG(15,("%s SAMR_FIELD_LOGON_HOURS (bits): %s -> %s\n", l,
+			pdb_get_hours(to), from->logon_hours.bits));
 		pdb_sethexhours(oldstr, pdb_get_hours(to));
-		pdb_sethexhours(newstr, from->logon_hrs.hours);
+		pdb_sethexhours(newstr, from->logon_hours.bits);
 		if (!strequal(oldstr, newstr)) {
-			pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
+			pdb_set_hours(to, from->logon_hours.bits, PDB_CHANGED);
 		}
 	}
 
-	if (from->fields_present & ACCT_BAD_PWD_COUNT) {
-		DEBUG(10,("INFO_21 BAD_PASSWORD_COUNT: %08X -> %08X\n",pdb_get_bad_password_count(to),from->bad_password_count));
+	if (from->fields_present & SAMR_FIELD_BAD_PWD_COUNT) {
+		DEBUG(10,("%s SAMR_FIELD_BAD_PWD_COUNT: %08X -> %08X\n", l,
+			pdb_get_bad_password_count(to), from->bad_password_count));
 		if (from->bad_password_count != pdb_get_bad_password_count(to)) {
-			pdb_set_bad_password_count(to, from->bad_password_count, PDB_CHANGED);
+			pdb_set_bad_password_count(to,
+				from->bad_password_count, PDB_CHANGED);
 		}
 	}
 
-	if (from->fields_present & ACCT_NUM_LOGONS) {
-		DEBUG(10,("INFO_21 LOGON_COUNT: %08X -> %08X\n",pdb_get_logon_count(to),from->logon_count));
+	if (from->fields_present & SAMR_FIELD_NUM_LOGONS) {
+		DEBUG(10,("%s SAMR_FIELD_NUM_LOGONS: %08X -> %08X\n", l,
+			pdb_get_logon_count(to), from->logon_count));
 		if (from->logon_count != pdb_get_logon_count(to)) {
 			pdb_set_logon_count(to, from->logon_count, PDB_CHANGED);
 		}
 	}
 
 	/* If the must change flag is set, the last set time goes to zero.
-	   the must change and can change fields also do, but they are 
+	   the must change and can change fields also do, but they are
 	   calculated from policy, not set from the wire */
 
-	if (from->fields_present & ACCT_EXPIRED_FLAG) {
-		DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
-		if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
-			pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);		
+	if (from->fields_present & SAMR_FIELD_EXPIRED_FLAG) {
+		DEBUG(10,("%s SAMR_FIELD_EXPIRED_FLAG: %02X\n", l,
+			from->password_expired));
+		if (from->password_expired == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
+			pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);
 		} else {
 			pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED);
 		}
 	}
-
-	DEBUG(10,("INFO_21 PADDING_2: %02X\n",from->padding2));
 }
 
 
 /*************************************************************
- Copies a SAM_USER_INFO_23 to a struct samu
+ Copies a struct samr_UserInfo23 to a struct samu
 **************************************************************/
 
-void copy_id23_to_sam_passwd(struct samu *to, SAM_USER_INFO_23 *from)
+void copy_id23_to_sam_passwd(struct samu *to,
+			     struct samr_UserInfo23 *from)
 {
-	time_t unix_time, stored_time;
-	const char *old_string, *new_string;
-	DATA_BLOB mung;
-
-	if (from == NULL || to == NULL) 
+	if (from == NULL || to == NULL) {
 		return;
-
-	if (from->fields_present & ACCT_LAST_LOGON) {
-		unix_time=nt_time_to_unix(from->logon_time);
-		stored_time = pdb_get_logon_time(to);
-		DEBUG(10,("INFO_23 LOGON_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
-		if (stored_time != unix_time) 
-			pdb_set_logon_time(to, unix_time, PDB_CHANGED);
-	}
-
-	if (from->fields_present & ACCT_LAST_LOGOFF) {
-		unix_time=nt_time_to_unix(from->logoff_time);
-		stored_time = pdb_get_logoff_time(to);
-		DEBUG(10,("INFO_23 LOGOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
-		if (stored_time != unix_time) 
-			pdb_set_logoff_time(to, unix_time, PDB_CHANGED);
-	}
-	
-	if (from->fields_present & ACCT_EXPIRY) {
-		unix_time=nt_time_to_unix(from->kickoff_time);
-		stored_time = pdb_get_kickoff_time(to);
-		DEBUG(10,("INFO_23 KICKOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
-		if (stored_time != unix_time) 
-			pdb_set_kickoff_time(to, unix_time , PDB_CHANGED);
-	}	
-
-	if (from->fields_present & ACCT_LAST_PWD_CHANGE) {
-		unix_time=nt_time_to_unix(from->pass_last_set_time);
-		stored_time = pdb_get_pass_last_set_time(to);
-		DEBUG(10,("INFO_23 PASS_LAST_SET: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
-		if (stored_time != unix_time) 
-			pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED);
 	}
 
-	/* Backend should check this for sanity */
-	if ((from->fields_present & ACCT_USERNAME) &&
-	    (from->hdr_user_name.buffer)) {
-		old_string = pdb_get_username(to);
-		new_string = unistr2_static(&from->uni_user_name);
-		DEBUG(10,("INFO_23 UNI_USER_NAME: %s -> %s\n", old_string, new_string));
-		if (STRING_CHANGED)
-		    pdb_set_username(to      , new_string, PDB_CHANGED);
-	}
-
-	if ((from->fields_present & ACCT_FULL_NAME) &&
-	    (from->hdr_full_name.buffer)) {
-		old_string = pdb_get_fullname(to);
-		new_string = unistr2_static(&from->uni_full_name);
-		DEBUG(10,("INFO_23 UNI_FULL_NAME: %s -> %s\n",old_string, new_string));
-		if (STRING_CHANGED)
-			pdb_set_fullname(to      , new_string, PDB_CHANGED);
-	}
-	
-	if ((from->fields_present & ACCT_HOME_DIR) &&
-	    (from->hdr_home_dir.buffer)) {
-		old_string = pdb_get_homedir(to);
-		new_string = unistr2_static(&from->uni_home_dir);
-		DEBUG(10,("INFO_23 UNI_HOME_DIR: %s -> %s\n",old_string,new_string));
-		if (STRING_CHANGED)
-			pdb_set_homedir(to       , new_string, PDB_CHANGED);
-	}
-
-	if ((from->fields_present & ACCT_HOME_DRIVE) &&
-	    (from->hdr_dir_drive.buffer)) {
-		old_string = pdb_get_dir_drive(to);
-		new_string = unistr2_static(&from->uni_dir_drive);
-		DEBUG(10,("INFO_23 UNI_DIR_DRIVE: %s -> %s\n",old_string,new_string));
-		if (STRING_CHANGED)
-			pdb_set_dir_drive(to     , new_string, PDB_CHANGED);
-	}
-
-	if ((from->fields_present & ACCT_LOGON_SCRIPT) &&
-	    (from->hdr_logon_script.buffer)) {
-		old_string = pdb_get_logon_script(to);
-		new_string = unistr2_static(&from->uni_logon_script);
-		DEBUG(10,("INFO_23 UNI_LOGON_SCRIPT: %s -> %s\n",old_string,new_string));
-		if (STRING_CHANGED)
-			pdb_set_logon_script(to  , new_string, PDB_CHANGED);
-	}
-
-	if ((from->fields_present & ACCT_PROFILE) &&
-	    (from->hdr_profile_path.buffer)) {
-		old_string = pdb_get_profile_path(to);
-		new_string = unistr2_static(&from->uni_profile_path);
-		DEBUG(10,("INFO_23 UNI_PROFILE_PATH: %s -> %s\n",old_string, new_string));
-		if (STRING_CHANGED)
-			pdb_set_profile_path(to  , new_string, PDB_CHANGED);
-	}
-	
-	if ((from->fields_present & ACCT_DESCRIPTION) &&
-	    (from->hdr_acct_desc.buffer)) {
-		old_string = pdb_get_acct_desc(to);
-		new_string = unistr2_static(&from->uni_acct_desc);
-		DEBUG(10,("INFO_23 UNI_ACCT_DESC: %s -> %s\n",old_string,new_string));
-		if (STRING_CHANGED)
-			pdb_set_acct_desc(to     , new_string, PDB_CHANGED);
-	}
-	
-	if ((from->fields_present & ACCT_WORKSTATIONS) &&
-	    (from->hdr_workstations.buffer)) {
-		old_string = pdb_get_workstations(to);
-		new_string = unistr2_static(&from->uni_workstations);
-		DEBUG(10,("INFO_23 UNI_WORKSTATIONS: %s -> %s\n",old_string, new_string));
-		if (STRING_CHANGED)
-			pdb_set_workstations(to  , new_string, PDB_CHANGED);
-	}
-
-	if ((from->fields_present & ACCT_COMMENT) &&
-	    (from->hdr_comment.buffer)) {
-		old_string = pdb_get_comment(to);
-		new_string = unistr2_static(&from->uni_comment);
-		DEBUG(10,("INFO_23 UNI_UNKNOWN_STR: %s -> %s\n",old_string, new_string));
-		if (STRING_CHANGED)
-			pdb_set_comment(to   , new_string, PDB_CHANGED);
-	}
-	
-	if ((from->fields_present & ACCT_CALLBACK) &&
-	    (from->hdr_munged_dial.buffer)) {
-		char *newstr;
-		old_string = pdb_get_munged_dial(to);
-		mung.length = from->hdr_munged_dial.uni_str_len;
-		mung.data = (uint8 *) from->uni_munged_dial.buffer;
-		mung.free = NULL;
-		newstr = (mung.length == 0) ?
-			NULL : base64_encode_data_blob(mung);
-		DEBUG(10,("INFO_23 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr));
-		if (STRING_CHANGED_NC(old_string, newstr))
-			pdb_set_munged_dial(to   , newstr, PDB_CHANGED);
-
-		TALLOC_FREE(newstr);
-	}
-	
-	if (from->fields_present & ACCT_RID) {
-		if (from->user_rid == 0) {
-			DEBUG(10, ("INFO_23: Asked to set User RID to 0 !? Skipping change!\n"));
-		} else if (from->user_rid != pdb_get_user_rid(to)) {
-			DEBUG(10,("INFO_23 USER_RID: %u -> %u NOT UPDATED!\n",pdb_get_user_rid(to),from->user_rid));
-		}
-	}
-
-	if (from->fields_present & ACCT_PRIMARY_GID) {
-		if  (from->group_rid == 0) {
-			DEBUG(10, ("INFO_23: Asked to set Group RID to 0 !? Skipping change!\n"));
-		} else if (from->group_rid != pdb_get_group_rid(to)) {
-			DEBUG(10,("INFO_23 GROUP_RID: %u -> %u\n",pdb_get_group_rid(to),from->group_rid));
-			pdb_set_group_sid_from_rid(to, from->group_rid, PDB_CHANGED);
-		}
-	}
-	
-	if (from->fields_present & ACCT_FLAGS) {
-		DEBUG(10,("INFO_23 ACCT_CTRL: %08X -> %08X\n",pdb_get_acct_ctrl(to),from->acb_info));
-		if (from->acb_info != pdb_get_acct_ctrl(to)) {
-			pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED);
-		}
-	}
-
-	if (from->fields_present & ACCT_LOGON_HOURS) {
-		DEBUG(15,("INFO_23 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs));
-		if (from->logon_divs != pdb_get_logon_divs(to)) {
-			pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED);
-		}
-
-		DEBUG(15,("INFO_23 LOGON_HRS.LEN: %08X -> %08X\n",pdb_get_hours_len(to),from->logon_hrs.len));
-		if (from->logon_hrs.len != pdb_get_hours_len(to)) {
-			pdb_set_hours_len(to, from->logon_hrs.len, PDB_CHANGED);
-		}
-
-		DEBUG(15,("INFO_23 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours));
-		/* Fix me: only update if it changes --metze */
-		pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
-	}
-
-	if (from->fields_present & ACCT_BAD_PWD_COUNT) {
-		DEBUG(10,("INFO_23 BAD_PASSWORD_COUNT: %08X -> %08X\n",pdb_get_bad_password_count(to),from->bad_password_count));
-		if (from->bad_password_count != pdb_get_bad_password_count(to)) {
-			pdb_set_bad_password_count(to, from->bad_password_count, PDB_CHANGED);
-		}
-	}
-
-	if (from->fields_present & ACCT_NUM_LOGONS) {
-		DEBUG(10,("INFO_23 LOGON_COUNT: %08X -> %08X\n",pdb_get_logon_count(to),from->logon_count));
-		if (from->logon_count != pdb_get_logon_count(to)) {
-			pdb_set_logon_count(to, from->logon_count, PDB_CHANGED);
-		}
-	}
-
-	/* If the must change flag is set, the last set time goes to zero.
-	   the must change and can change fields also do, but they are 
-	   calculated from policy, not set from the wire */
-
-	if (from->fields_present & ACCT_EXPIRED_FLAG) {
-		DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
-		if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
-			pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);		
-		} else {
-			pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED);
-		}
-	}
-
-	DEBUG(10,("INFO_23 PADDING_2: %02X\n",from->padding2));
+	copy_id21_to_sam_passwd("INFO 23", to, &from->info);
 }
 
 /*************************************************************
- Copies a SAM_USER_INFO_25 to a struct samu
+ Copies a struct samr_UserInfo25 to a struct samu
 **************************************************************/
 
-void copy_id25_to_sam_passwd(struct samu *to, SAM_USER_INFO_25 *from)
+void copy_id25_to_sam_passwd(struct samu *to,
+			     struct samr_UserInfo25 *from)
 {
-	time_t unix_time, stored_time;
-	const char *old_string, *new_string;
-	DATA_BLOB mung;
-
-	if (from == NULL || to == NULL) 
+	if (from == NULL || to == NULL) {
 		return;
-
-	if (from->fields_present & ACCT_LAST_LOGON) {
-		unix_time=nt_time_to_unix(from->logon_time);
-		stored_time = pdb_get_logon_time(to);
-		DEBUG(10,("INFO_25 LOGON_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
-		if (stored_time != unix_time) 
-			pdb_set_logon_time(to, unix_time, PDB_CHANGED);
-	}
-
-	if (from->fields_present & ACCT_LAST_LOGOFF) {
-		unix_time=nt_time_to_unix(from->logoff_time);
-		stored_time = pdb_get_logoff_time(to);
-		DEBUG(10,("INFO_25 LOGOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
-		if (stored_time != unix_time) 
-			pdb_set_logoff_time(to, unix_time, PDB_CHANGED);
 	}
 
-	if (from->fields_present & ACCT_EXPIRY) {
-		unix_time=nt_time_to_unix(from->kickoff_time);
-		stored_time = pdb_get_kickoff_time(to);
-		DEBUG(10,("INFO_25 KICKOFF_TIME: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
-		if (stored_time != unix_time) 
-			pdb_set_kickoff_time(to, unix_time , PDB_CHANGED);
-	}	
-
-	if (from->fields_present & ACCT_LAST_PWD_CHANGE) {
-		unix_time=nt_time_to_unix(from->pass_last_set_time);
-		stored_time = pdb_get_pass_last_set_time(to);
-		DEBUG(10,("INFO_25 PASS_LAST_SET: %lu -> %lu\n",(long unsigned int)stored_time, (long unsigned int)unix_time));
-		if (stored_time != unix_time) 
-			pdb_set_pass_last_set_time(to, unix_time, PDB_CHANGED);
-	}
-
-	if ((from->fields_present & ACCT_USERNAME) &&
-	    (from->hdr_user_name.buffer)) {
-		old_string = pdb_get_username(to);
-		new_string = unistr2_static(&from->uni_user_name);
-		DEBUG(10,("INFO_25 UNI_USER_NAME: %s -> %s\n", old_string, new_string));
-		if (STRING_CHANGED)
-		    pdb_set_username(to      , new_string, PDB_CHANGED);
-	}
-
-	if ((from->fields_present & ACCT_FULL_NAME) &&
-	    (from->hdr_full_name.buffer)) {
-		old_string = pdb_get_fullname(to);
-		new_string = unistr2_static(&from->uni_full_name);
-		DEBUG(10,("INFO_25 UNI_FULL_NAME: %s -> %s\n",old_string, new_string));
-		if (STRING_CHANGED)
-			pdb_set_fullname(to      , new_string, PDB_CHANGED);
-	}
-	
-	if ((from->fields_present & ACCT_HOME_DIR) &&
-	    (from->hdr_home_dir.buffer)) {
-		old_string = pdb_get_homedir(to);
-		new_string = unistr2_static(&from->uni_home_dir);
-		DEBUG(10,("INFO_25 UNI_HOME_DIR: %s -> %s\n",old_string,new_string));
-		if (STRING_CHANGED)
-			pdb_set_homedir(to       , new_string, PDB_CHANGED);
-	}
-
-	if ((from->fields_present & ACCT_HOME_DRIVE) &&
-	    (from->hdr_dir_drive.buffer)) {
-		old_string = pdb_get_dir_drive(to);
-		new_string = unistr2_static(&from->uni_dir_drive);
-		DEBUG(10,("INFO_25 UNI_DIR_DRIVE: %s -> %s\n",old_string,new_string));
-		if (STRING_CHANGED)
-			pdb_set_dir_drive(to     , new_string, PDB_CHANGED);
-	}
-
-	if ((from->fields_present & ACCT_LOGON_SCRIPT) &&
-	    (from->hdr_logon_script.buffer)) {
-		old_string = pdb_get_logon_script(to);
-		new_string = unistr2_static(&from->uni_logon_script);
-		DEBUG(10,("INFO_25 UNI_LOGON_SCRIPT: %s -> %s\n",old_string,new_string));
-		if (STRING_CHANGED)
-			pdb_set_logon_script(to  , new_string, PDB_CHANGED);
-	}
-
-	if ((from->fields_present & ACCT_PROFILE) &&
-	    (from->hdr_profile_path.buffer)) {
-		old_string = pdb_get_profile_path(to);
-		new_string = unistr2_static(&from->uni_profile_path);
-		DEBUG(10,("INFO_25 UNI_PROFILE_PATH: %s -> %s\n",old_string, new_string));
-		if (STRING_CHANGED)
-			pdb_set_profile_path(to  , new_string, PDB_CHANGED);
-	}
-	
-	if ((from->fields_present & ACCT_DESCRIPTION) &&
-	    (from->hdr_acct_desc.buffer)) {
-		old_string = pdb_get_acct_desc(to);
-		new_string = unistr2_static(&from->uni_acct_desc);
-		DEBUG(10,("INFO_25 UNI_ACCT_DESC: %s -> %s\n",old_string,new_string));
-		if (STRING_CHANGED)
-			pdb_set_acct_desc(to     , new_string, PDB_CHANGED);
-	}
-	
-	if ((from->fields_present & ACCT_WORKSTATIONS) &&
-	    (from->hdr_workstations.buffer)) {
-		old_string = pdb_get_workstations(to);
-		new_string = unistr2_static(&from->uni_workstations);
-		DEBUG(10,("INFO_25 UNI_WORKSTATIONS: %s -> %s\n",old_string, new_string));
-		if (STRING_CHANGED)
-			pdb_set_workstations(to  , new_string, PDB_CHANGED);
-	}
-
-	if ((from->fields_present & ACCT_COMMENT) &&
-	    (from->hdr_comment.buffer)) {
-		old_string = pdb_get_comment(to);
-		new_string = unistr2_static(&from->uni_comment);
-		DEBUG(10,("INFO_25 UNI_UNKNOWN_STR: %s -> %s\n",old_string, new_string));
-		if (STRING_CHANGED)
-			pdb_set_comment(to   , new_string, PDB_CHANGED);
-	}
-	
-	if ((from->fields_present & ACCT_CALLBACK) &&
-	    (from->hdr_munged_dial.buffer)) {
-		char *newstr;
-		old_string = pdb_get_munged_dial(to);
-		mung.length = from->hdr_munged_dial.uni_str_len;
-		mung.data = (uint8 *) from->uni_munged_dial.buffer;
-		mung.free = NULL;
-		newstr = (mung.length == 0) ?
-			NULL : base64_encode_data_blob(mung);
-		DEBUG(10,("INFO_25 UNI_MUNGED_DIAL: %s -> %s\n",old_string, newstr));
-		if (STRING_CHANGED_NC(old_string,newstr))
-			pdb_set_munged_dial(to   , newstr, PDB_CHANGED);
-
-		TALLOC_FREE(newstr);
-	}
-	
-	if (from->fields_present & ACCT_RID) {
-		if (from->user_rid == 0) {
-			DEBUG(10, ("INFO_25: Asked to set User RID to 0 !? Skipping change!\n"));
-		} else if (from->user_rid != pdb_get_user_rid(to)) {
-			DEBUG(10,("INFO_25 USER_RID: %u -> %u NOT UPDATED!\n",pdb_get_user_rid(to),from->user_rid));
-		}
-	}
-	
-	if (from->fields_present & ACCT_PRIMARY_GID) {
-		if (from->group_rid == 0) {
-			DEBUG(10, ("INFO_25: Asked to set Group RID to 0 !? Skipping change!\n"));
-		} else if (from->group_rid != pdb_get_group_rid(to)) {
-			DEBUG(10,("INFO_25 GROUP_RID: %u -> %u\n",pdb_get_group_rid(to),from->group_rid));
-			pdb_set_group_sid_from_rid(to, from->group_rid, PDB_CHANGED);
-		}
-	}
-	
-	if (from->fields_present & ACCT_FLAGS) {
-		DEBUG(10,("INFO_25 ACCT_CTRL: %08X -> %08X\n",pdb_get_acct_ctrl(to),from->acb_info));
-		if (from->acb_info != pdb_get_acct_ctrl(to)) {
-			if (!(from->acb_info & ACB_AUTOLOCK) && (pdb_get_acct_ctrl(to) & ACB_AUTOLOCK)) {
-				/* We're unlocking a previously locked user. Reset bad password counts.
-				   Patch from Jianliang Lu. <Jianliang.Lu@getronics.com> */
-				pdb_set_bad_password_count(to, 0, PDB_CHANGED);
-				pdb_set_bad_password_time(to, 0, PDB_CHANGED);
-			}
-			pdb_set_acct_ctrl(to, from->acb_info, PDB_CHANGED);
-		}
-	}
-
-	if (from->fields_present & ACCT_LOGON_HOURS) {
-		DEBUG(15,("INFO_25 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs));
-		if (from->logon_divs != pdb_get_logon_divs(to)) {
-			pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED);
-		}
-
-		DEBUG(15,("INFO_25 LOGON_HRS.LEN: %08X -> %08X\n",pdb_get_hours_len(to),from->logon_hrs.len));
-		if (from->logon_hrs.len != pdb_get_hours_len(to)) {
-			pdb_set_hours_len(to, from->logon_hrs.len, PDB_CHANGED);
-		}
-
-		DEBUG(15,("INFO_25 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours));
-		/* Fix me: only update if it changes --metze */
-		pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
-	}
-
-	if (from->fields_present & ACCT_BAD_PWD_COUNT) {
-		DEBUG(10,("INFO_25 BAD_PASSWORD_COUNT: %08X -> %08X\n",pdb_get_bad_password_count(to),from->bad_password_count));
-		if (from->bad_password_count != pdb_get_bad_password_count(to)) {
-			pdb_set_bad_password_count(to, from->bad_password_count, PDB_CHANGED);
-		}
-	}
-
-	if (from->fields_present & ACCT_NUM_LOGONS) {
-		DEBUG(10,("INFO_25 LOGON_COUNT: %08X -> %08X\n",pdb_get_logon_count(to),from->logon_count));
-		if (from->logon_count != pdb_get_logon_count(to)) {
-			pdb_set_logon_count(to, from->logon_count, PDB_CHANGED);
-		}
-	}
-
-	/* If the must change flag is set, the last set time goes to zero.
-	   the must change and can change fields also do, but they are 
-	   calculated from policy, not set from the wire */
-
-	if (from->fields_present & ACCT_EXPIRED_FLAG) {
-		DEBUG(10,("INFO_25 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
-		if (from->passmustchange == PASS_MUST_CHANGE_AT_NEXT_LOGON) {
-			pdb_set_pass_last_set_time(to, 0, PDB_CHANGED);		
-		} else {
-			pdb_set_pass_last_set_time(to, time(NULL),PDB_CHANGED);
-		}
-	}
+	copy_id21_to_sam_passwd("INFO_25", to, &from->info);
 }
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 1b877ee5b4..37bd204f75 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -225,9 +225,6 @@ static WERROR net_enum_files( TALLOC_CTX *ctx, const char *username,
  ********************************************************************/
 static uint32 get_share_type(int snum)
 {
-	char *net_name = lp_servicename(snum);
-	int len_net_name = strlen(net_name);
-
 	/* work out the share type */
 	uint32 type = STYPE_DISKTREE;
 
@@ -235,7 +232,7 @@ static uint32 get_share_type(int snum)
 		type = STYPE_PRINTQ;
 	if (strequal(lp_fstype(snum), "IPC"))
 		type = STYPE_IPC;
-	if (net_name[len_net_name-1] == '$')
+	if (lp_hidden(snum))
 		type |= STYPE_HIDDEN;
 
 	return type;
@@ -1219,17 +1216,20 @@ done:
 
 WERROR _srv_net_file_enum(pipes_struct *p, SRV_Q_NET_FILE_ENUM *q_u, SRV_R_NET_FILE_ENUM *r_u)
 {
+	const char *username = NULL;
+
 	switch ( q_u->level ) {
-	case 3: {
-		char *username;
-		if (!(username = rpcstr_pull_unistr2_talloc(
-			      p->mem_ctx, q_u->username))) {
-			return WERR_NOMEM;
+	case 3:
+		if (q_u->username) {
+			username = rpcstr_pull_unistr2_talloc(
+				p->mem_ctx, q_u->username);
+			if (!username) {
+				return WERR_NOMEM;
+			}
 		}
 
 		return net_file_enum_3(username, r_u,
 				       get_enum_hnd(&q_u->enum_hnd));
-	}
 	default:
 		return WERR_UNKNOWN_LEVEL;
 	}
diff --git a/source3/rpc_server/srv_svcctl.c b/source3/rpc_server/srv_svcctl.c
index ce81a24202..5e125145d6 100644
--- a/source3/rpc_server/srv_svcctl.c
+++ b/source3/rpc_server/srv_svcctl.c
@@ -53,23 +53,7 @@ static bool api_svcctl_close_service(pipes_struct *p)
 
 static bool api_svcctl_open_scmanager(pipes_struct *p)
 {
-	SVCCTL_Q_OPEN_SCMANAGER q_u;
-	SVCCTL_R_OPEN_SCMANAGER r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!svcctl_io_q_open_scmanager("", &q_u, data, 0))
-		return False;
-
-	r_u.status = _svcctl_open_scmanager(p, &q_u, &r_u);
-
-	if(!svcctl_io_r_open_scmanager("", &r_u, rdata, 0))
-		return False;
-
-	return True;
+	return proxy_svcctl_call(p, NDR_SVCCTL_OPENSCMANAGERW);
 }
 
 /*******************************************************************
@@ -77,23 +61,7 @@ static bool api_svcctl_open_scmanager(pipes_struct *p)
 
 static bool api_svcctl_open_service(pipes_struct *p)
 {
-	SVCCTL_Q_OPEN_SERVICE q_u;
-	SVCCTL_R_OPEN_SERVICE r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!svcctl_io_q_open_service("", &q_u, data, 0))
-		return False;
-
-	r_u.status = _svcctl_open_service(p, &q_u, &r_u);
-
-	if(!svcctl_io_r_open_service("", &r_u, rdata, 0))
-		return False;
-
-	return True;
+	return proxy_svcctl_call(p, NDR_SVCCTL_OPENSERVICEW);
 }
 
 /*******************************************************************
@@ -101,23 +69,7 @@ static bool api_svcctl_open_service(pipes_struct *p)
 
 static bool api_svcctl_get_display_name(pipes_struct *p)
 {
-	SVCCTL_Q_GET_DISPLAY_NAME q_u;
-	SVCCTL_R_GET_DISPLAY_NAME r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!svcctl_io_q_get_display_name("", &q_u, data, 0))
-		return False;
-
-	r_u.status = _svcctl_get_display_name(p, &q_u, &r_u);
-
-	if(!svcctl_io_r_get_display_name("", &r_u, rdata, 0))
-		return False;
-
-	return True;
+	return proxy_svcctl_call(p, NDR_SVCCTL_GETSERVICEDISPLAYNAMEW);
 }
 
 /*******************************************************************
@@ -125,23 +77,7 @@ static bool api_svcctl_get_display_name(pipes_struct *p)
 
 static bool api_svcctl_query_status(pipes_struct *p)
 {
-	SVCCTL_Q_QUERY_STATUS q_u;
-	SVCCTL_R_QUERY_STATUS r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!svcctl_io_q_query_status("", &q_u, data, 0))
-		return False;
-
-	r_u.status = _svcctl_query_status(p, &q_u, &r_u);
-
-	if(!svcctl_io_r_query_status("", &r_u, rdata, 0))
-		return False;
-
-	return True;
+	return proxy_svcctl_call(p, NDR_SVCCTL_QUERYSERVICESTATUS);
 }
 
 /*******************************************************************
@@ -219,23 +155,7 @@ static bool api_svcctl_enum_dependent_services(pipes_struct *p)
 
 static bool api_svcctl_start_service(pipes_struct *p)
 {
-	SVCCTL_Q_START_SERVICE q_u;
-	SVCCTL_R_START_SERVICE r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!svcctl_io_q_start_service("", &q_u, data, 0))
-		return False;
-
-	r_u.status = _svcctl_start_service(p, &q_u, &r_u);
-
-	if(!svcctl_io_r_start_service("", &r_u, rdata, 0))
-		return False;
-
-	return True;
+	return proxy_svcctl_call(p, NDR_SVCCTL_STARTSERVICEW);
 }
 
 /*******************************************************************
@@ -243,23 +163,7 @@ static bool api_svcctl_start_service(pipes_struct *p)
 
 static bool api_svcctl_control_service(pipes_struct *p)
 {
-	SVCCTL_Q_CONTROL_SERVICE q_u;
-	SVCCTL_R_CONTROL_SERVICE r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!svcctl_io_q_control_service("", &q_u, data, 0))
-		return False;
-
-	r_u.status = _svcctl_control_service(p, &q_u, &r_u);
-
-	if(!svcctl_io_r_control_service("", &r_u, rdata, 0))
-		return False;
-
-	return True;
+	return proxy_svcctl_call(p, NDR_SVCCTL_CONTROLSERVICE);
 }
 
 /*******************************************************************
@@ -315,23 +219,7 @@ static bool api_svcctl_query_service_config2(pipes_struct *p)
 
 static bool api_svcctl_lock_service_db(pipes_struct *p)
 {
-	SVCCTL_Q_LOCK_SERVICE_DB q_u;
-	SVCCTL_R_LOCK_SERVICE_DB r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!svcctl_io_q_lock_service_db("", &q_u, data, 0))
-		return False;
-
-	r_u.status = _svcctl_lock_service_db(p, &q_u, &r_u);
-
-	if(!svcctl_io_r_lock_service_db("", &r_u, rdata, 0))
-		return False;
-
-	return True;
+	return proxy_svcctl_call(p, NDR_SVCCTL_LOCKSERVICEDATABASE);
 }
 
 
@@ -340,23 +228,7 @@ static bool api_svcctl_lock_service_db(pipes_struct *p)
 
 static bool api_svcctl_unlock_service_db(pipes_struct *p)
 {
-	SVCCTL_Q_UNLOCK_SERVICE_DB q_u;
-	SVCCTL_R_UNLOCK_SERVICE_DB r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!svcctl_io_q_unlock_service_db("", &q_u, data, 0))
-		return False;
-
-	r_u.status = _svcctl_unlock_service_db(p, &q_u, &r_u);
-
-	if(!svcctl_io_r_unlock_service_db("", &r_u, rdata, 0))
-		return False;
-
-	return True;
+	return proxy_svcctl_call(p, NDR_SVCCTL_UNLOCKSERVICEDATABASE);
 }
 
 /*******************************************************************
@@ -364,23 +236,7 @@ static bool api_svcctl_unlock_service_db(pipes_struct *p)
 
 static bool api_svcctl_query_security_sec(pipes_struct *p)
 {
-	SVCCTL_Q_QUERY_SERVICE_SEC q_u;
-	SVCCTL_R_QUERY_SERVICE_SEC r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!svcctl_io_q_query_service_sec("", &q_u, data, 0))
-		return False;
-
-	r_u.status = _svcctl_query_service_sec(p, &q_u, &r_u);
-
-	if(!svcctl_io_r_query_service_sec("", &r_u, rdata, 0))
-		return False;
-
-	return True;
+	return proxy_svcctl_call(p, NDR_SVCCTL_QUERYSERVICEOBJECTSECURITY);
 }
 
 /*******************************************************************
@@ -388,23 +244,7 @@ static bool api_svcctl_query_security_sec(pipes_struct *p)
 
 static bool api_svcctl_set_security_sec(pipes_struct *p)
 {
-	SVCCTL_Q_SET_SERVICE_SEC q_u;
-	SVCCTL_R_SET_SERVICE_SEC r_u;
-	prs_struct *data = &p->in_data.data;
-	prs_struct *rdata = &p->out_data.rdata;
-
-	ZERO_STRUCT(q_u);
-	ZERO_STRUCT(r_u);
-
-	if(!svcctl_io_q_set_service_sec("", &q_u, data, 0))
-		return False;
-
-	r_u.status = _svcctl_set_service_sec(p, &q_u, &r_u);
-
-	if(!svcctl_io_r_set_service_sec("", &r_u, rdata, 0))
-		return False;
-
-	return True;
+	return proxy_svcctl_call(p, NDR_SVCCTL_SETSERVICEOBJECTSECURITY);
 }
 
 
diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c
index ac45d8bf75..73d09b1bbb 100644
--- a/source3/rpc_server/srv_svcctl_nt.c
+++ b/source3/rpc_server/srv_svcctl_nt.c
@@ -1,22 +1,22 @@
-/* 
+/*
  *  Unix SMB/CIFS implementation.
  *  RPC Pipe client / server routines
  *
  *  Copyright (C) Marcin Krzysztof Porwit           2005.
- * 
+ *
  *  Largely Rewritten (Again) by:
  *  Copyright (C) Gerald (Jerry) Carter             2005.
- *  
+ *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
  *  the Free Software Foundation; either version 3 of the License, or
  *  (at your option) any later version.
- *  
+ *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
- *  
+ *
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  */
@@ -63,42 +63,42 @@ bool init_service_op_table( void )
 	const char **service_list = lp_svcctl_list();
 	int num_services = SVCCTL_NUM_INTERNAL_SERVICES + str_list_count( service_list );
 	int i;
-	
+
 	if ( !(svcctl_ops = TALLOC_ARRAY( NULL, struct service_control_op, num_services+1)) ) {
 		DEBUG(0,("init_service_op_table: talloc() failed!\n"));
 		return False;
 	}
 
 	/* services listed in smb.conf get the rc.init interface */
-	
+
 	for ( i=0; service_list && service_list[i]; i++ ) {
 		svcctl_ops[i].name = talloc_strdup( svcctl_ops, service_list[i] );
 		svcctl_ops[i].ops  = &rcinit_svc_ops;
 	}
-	
+
 	/* add builtin services */
-	
+
 	svcctl_ops[i].name = talloc_strdup( svcctl_ops, "Spooler" );
 	svcctl_ops[i].ops  = &spoolss_svc_ops;
 	i++;
-	
+
 	svcctl_ops[i].name = talloc_strdup( svcctl_ops, "NETLOGON" );
 	svcctl_ops[i].ops  = &netlogon_svc_ops;
 	i++;
-	
+
 	svcctl_ops[i].name = talloc_strdup( svcctl_ops, "RemoteRegistry" );
 	svcctl_ops[i].ops  = &winreg_svc_ops;
 	i++;
-	
+
 	svcctl_ops[i].name = talloc_strdup( svcctl_ops, "WINS" );
 	svcctl_ops[i].ops  = &wins_svc_ops;
 	i++;
-	
+
 	/* NULL terminate the array */
-	
+
 	svcctl_ops[i].name = NULL;
 	svcctl_ops[i].ops  = NULL;
-	
+
 	return True;
 }
 
@@ -119,7 +119,7 @@ static struct service_control_op* find_service_by_name( const char *name )
 /********************************************************************
 ********************************************************************/
 
-static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token, 
+static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
                                      uint32 access_desired, uint32 *access_granted )
 {
 	NTSTATUS result;
@@ -128,7 +128,7 @@ static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
 		DEBUG(5,("svcctl_access_check: using root's token\n"));
 		token = get_root_nt_token();
 	}
-	
+
 	se_access_check( sec_desc, token, access_desired, access_granted, &result );
 
 	return result;
@@ -139,7 +139,7 @@ static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token,
 
 static SEC_DESC* construct_scm_sd( TALLOC_CTX *ctx )
 {
-	SEC_ACE ace[2];	
+	SEC_ACE ace[2];
 	SEC_ACCESS mask;
 	size_t i = 0;
 	SEC_DESC *sd;
@@ -147,18 +147,18 @@ static SEC_DESC* construct_scm_sd( TALLOC_CTX *ctx )
 	size_t sd_size;
 
 	/* basic access for Everyone */
-	
+
 	init_sec_access(&mask, SC_MANAGER_READ_ACCESS );
 	init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
-	
+
 	/* Full Access 'BUILTIN\Administrators' */
-	
+
 	init_sec_access(&mask,SC_MANAGER_ALL_ACCESS );
 	init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
-	
-	
+
+
 	/* create the security descriptor */
-	
+
 	if ( !(acl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) )
 		return NULL;
 
@@ -173,7 +173,7 @@ static SEC_DESC* construct_scm_sd( TALLOC_CTX *ctx )
 /******************************************************************
  free() function for REGISTRY_KEY
  *****************************************************************/
- 
+
 static void free_service_handle_info(void *ptr)
 {
 	TALLOC_FREE( ptr );
@@ -197,21 +197,21 @@ static SERVICE_INFO *find_service_info_by_hnd(pipes_struct *p, POLICY_HND *hnd)
 
 /******************************************************************
  *****************************************************************/
- 
+
 static WERROR create_open_service_handle( pipes_struct *p, POLICY_HND *handle, uint32 type,
                                           const char *service, uint32 access_granted )
 {
 	SERVICE_INFO *info = NULL;
 	WERROR result = WERR_OK;
 	struct service_control_op *s_op;
-	
+
 	if ( !(info = TALLOC_ZERO_P( NULL, SERVICE_INFO )) )
 		return WERR_NOMEM;
 
 	/* the Service Manager has a NULL name */
-	
+
 	info->type = SVC_HANDLE_IS_SCM;
-	
+
 	switch ( type ) {
 	case SVC_HANDLE_IS_SCM:
 		info->type = SVC_HANDLE_IS_SCM;
@@ -220,17 +220,17 @@ static WERROR create_open_service_handle( pipes_struct *p, POLICY_HND *handle, u
 	case SVC_HANDLE_IS_DBLOCK:
 		info->type = SVC_HANDLE_IS_DBLOCK;
 		break;
-		
+
 	case SVC_HANDLE_IS_SERVICE:
 		info->type = SVC_HANDLE_IS_SERVICE;
-		
+
 		/* lookup the SERVICE_CONTROL_OPS */
 
 		if ( !(s_op = find_service_by_name( service )) ) {
 			result = WERR_NO_SUCH_SERVICE;
 			goto done;
 		}
-		
+
 		info->ops = s_op->ops;
 
 		if ( !(info->name  = talloc_strdup( info, s_op->name )) ) {
@@ -244,15 +244,15 @@ static WERROR create_open_service_handle( pipes_struct *p, POLICY_HND *handle, u
 		goto done;
 	}
 
-	info->access_granted = access_granted;	
-	
+	info->access_granted = access_granted;
+
 	/* store the SERVICE_INFO and create an open handle */
-	
+
 	if ( !create_policy_hnd( p, handle, free_service_handle_info, info ) ) {
 		result = WERR_ACCESS_DENIED;
 		goto done;
 	}
-		
+
 done:
 	if ( !W_ERROR_IS_OK(result) )
 		free_service_handle_info( info );
@@ -263,62 +263,61 @@ done:
 /********************************************************************
 ********************************************************************/
 
-WERROR _svcctl_open_scmanager(pipes_struct *p, SVCCTL_Q_OPEN_SCMANAGER *q_u, SVCCTL_R_OPEN_SCMANAGER *r_u)
+WERROR _svcctl_OpenSCManagerW(pipes_struct *p,
+			      struct svcctl_OpenSCManagerW *r)
 {
 	SEC_DESC *sec_desc;
 	uint32 access_granted = 0;
 	NTSTATUS status;
-	
+
 	/* perform access checks */
-	
+
 	if ( !(sec_desc = construct_scm_sd( p->mem_ctx )) )
 		return WERR_NOMEM;
-		
-	se_map_generic( &q_u->access, &scm_generic_map );
-	status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted );
+
+	se_map_generic( &r->in.access_mask, &scm_generic_map );
+	status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, r->in.access_mask, &access_granted );
 	if ( !NT_STATUS_IS_OK(status) )
 		return ntstatus_to_werror( status );
-		
-	return create_open_service_handle( p, &r_u->handle, SVC_HANDLE_IS_SCM, NULL, access_granted );
+
+	return create_open_service_handle( p, r->out.handle, SVC_HANDLE_IS_SCM, NULL, access_granted );
 }
 
 /********************************************************************
+ _svcctl_OpenServiceW
 ********************************************************************/
 
-WERROR _svcctl_open_service(pipes_struct *p, SVCCTL_Q_OPEN_SERVICE *q_u, SVCCTL_R_OPEN_SERVICE *r_u)
+WERROR _svcctl_OpenServiceW(pipes_struct *p,
+			    struct svcctl_OpenServiceW *r)
 {
 	SEC_DESC *sec_desc;
 	uint32 access_granted = 0;
 	NTSTATUS status;
-	char *service = NULL;
-	size_t ret = rpcstr_pull_talloc(p->mem_ctx,
-					&service,
-					q_u->servicename.buffer,
-					q_u->servicename.uni_str_len*2,
-					0);
-
-	if (ret == (size_t)-1 || !service) {
+	const char *service = NULL;
+
+	service = r->in.ServiceName;
+	if (!service) {
 		return WERR_NOMEM;
 	}
-  	DEBUG(5, ("_svcctl_open_service: Attempting to open Service [%s], \n", service));
+	DEBUG(5, ("_svcctl_OpenServiceW: Attempting to open Service [%s], \n", service));
 
 	/* based on my tests you can open a service if you have a valid scm handle */
 
-	if ( !find_service_info_by_hnd( p, &q_u->handle ) )
+	if ( !find_service_info_by_hnd( p, r->in.scmanager_handle) )
 		return WERR_BADFID;
 
-	/* perform access checks.  Use the root token in order to ensure that we 
+	/* perform access checks.  Use the root token in order to ensure that we
 	   retrieve the security descriptor */
 
 	if ( !(sec_desc = svcctl_get_secdesc( p->mem_ctx, service, get_root_nt_token() )) )
 		return WERR_NOMEM;
 
-	se_map_generic( &q_u->access, &svc_generic_map );
-	status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted );
+	se_map_generic( &r->in.access_mask, &svc_generic_map );
+	status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, r->in.access_mask, &access_granted );
 	if ( !NT_STATUS_IS_OK(status) )
 		return ntstatus_to_werror( status );
 
-	return create_open_service_handle( p, &r_u->handle, SVC_HANDLE_IS_SERVICE, service, access_granted );
+	return create_open_service_handle( p, r->out.handle, SVC_HANDLE_IS_SERVICE, service, access_granted );
 }
 
 /********************************************************************
@@ -329,49 +328,58 @@ WERROR _svcctl_CloseServiceHandle(pipes_struct *p, struct svcctl_CloseServiceHan
 	if ( !close_policy_hnd( p, r->in.handle ) )
 		return  WERR_BADFID;
 
-	return WERR_OK;	
+	return WERR_OK;
 }
 
 /********************************************************************
+ _svcctl_GetServiceDisplayNameW
 ********************************************************************/
 
-WERROR _svcctl_get_display_name(pipes_struct *p, SVCCTL_Q_GET_DISPLAY_NAME *q_u, SVCCTL_R_GET_DISPLAY_NAME *r_u)
+WERROR _svcctl_GetServiceDisplayNameW(pipes_struct *p,
+				      struct svcctl_GetServiceDisplayNameW *r)
 {
-	fstring service;
+	const char *service;
 	const char *display_name;
-	SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
-	
+	SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
+
 	/* can only use an SCM handle here */
-	
+
 	if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
 		return WERR_BADFID;
-		
-	rpcstr_pull(service, q_u->servicename.buffer, sizeof(service), q_u->servicename.uni_str_len*2, 0);
-	
+
+	service = r->in.service_name;
+
 	display_name = svcctl_lookup_dispname(p->mem_ctx, service, p->pipe_user.nt_user_token );
-	init_svcctl_r_get_display_name( r_u, display_name ? display_name : "");
+	if (!display_name) {
+		display_name = "";
+	}
+
+	*r->out.display_name = display_name;
+	*r->out.display_name_length = strlen(display_name);
 
 	return WERR_OK;
 }
 
 /********************************************************************
+ _svcctl_QueryServiceStatus
 ********************************************************************/
 
-WERROR _svcctl_query_status(pipes_struct *p, SVCCTL_Q_QUERY_STATUS *q_u, SVCCTL_R_QUERY_STATUS *r_u)
+WERROR _svcctl_QueryServiceStatus(pipes_struct *p,
+				  struct svcctl_QueryServiceStatus *r)
 {
-	SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
-	
+	SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
+
 	/* perform access checks */
 
 	if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
 		return WERR_BADFID;
-		
+
 	if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
 		return WERR_ACCESS_DENIED;
-		
+
 	/* try the service specific status call */
 
-	return info->ops->service_status( info->name, &r_u->svc_status );
+	return info->ops->service_status( info->name, r->out.service_status );
 }
 
 /********************************************************************
@@ -383,7 +391,7 @@ static int enumerate_status( TALLOC_CTX *ctx, ENUM_SERVICES_STATUS **status, NT_
 	int i;
 	ENUM_SERVICES_STATUS *st;
 	const char *display_name;
-	
+
 	/* just count */
 	while ( svcctl_ops[num_services].name )
 		num_services++;
@@ -392,16 +400,16 @@ static int enumerate_status( TALLOC_CTX *ctx, ENUM_SERVICES_STATUS **status, NT_
 		DEBUG(0,("enumerate_status: talloc() failed!\n"));
 		return -1;
 	}
-	
+
 	for ( i=0; i<num_services; i++ ) {
 		init_unistr( &st[i].servicename, svcctl_ops[i].name );
-		
+
 		display_name = svcctl_lookup_dispname(ctx, svcctl_ops[i].name, token );
 		init_unistr( &st[i].displayname, display_name ? display_name : "");
-		
+
 		svcctl_ops[i].ops->service_status( svcctl_ops[i].name, &st[i].status );
 	}
-	
+
 	*status = st;
 
 	return num_services;
@@ -419,12 +427,12 @@ WERROR _svcctl_enum_services_status(pipes_struct *p, SVCCTL_Q_ENUM_SERVICES_STAT
 	WERROR result = WERR_OK;
 	SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
 	NT_USER_TOKEN *token = p->pipe_user.nt_user_token;
-	
+
 	/* perform access checks */
 
 	if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
 		return WERR_BADFID;
-		
+
 	if ( !(info->access_granted & SC_RIGHT_MGR_ENUMERATE_SERVICE) ) {
 		return WERR_ACCESS_DENIED;
 	}
@@ -464,51 +472,57 @@ WERROR _svcctl_enum_services_status(pipes_struct *p, SVCCTL_Q_ENUM_SERVICES_STAT
 }
 
 /********************************************************************
+ _svcctl_StartServiceW
 ********************************************************************/
 
-WERROR _svcctl_start_service(pipes_struct *p, SVCCTL_Q_START_SERVICE *q_u, SVCCTL_R_START_SERVICE *r_u)
+WERROR _svcctl_StartServiceW(pipes_struct *p,
+			     struct svcctl_StartServiceW *r)
 {
-	SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
-	
+	SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
+
 	/* perform access checks */
 
 	if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
 		return WERR_BADFID;
-	
+
 	if ( !(info->access_granted & SC_RIGHT_SVC_START) )
 		return WERR_ACCESS_DENIED;
-		
+
 	return info->ops->start_service( info->name );
 }
 
 /********************************************************************
+ _svcctl_ControlService
 ********************************************************************/
 
-WERROR _svcctl_control_service(pipes_struct *p, SVCCTL_Q_CONTROL_SERVICE *q_u, SVCCTL_R_CONTROL_SERVICE *r_u)
+WERROR _svcctl_ControlService(pipes_struct *p,
+			      struct svcctl_ControlService *r)
 {
-	SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
-	
+	SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
+
 	/* perform access checks */
-	
+
 	if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
-		return WERR_BADFID;	
-	
-	switch ( q_u->control ) {
+		return WERR_BADFID;
+
+	switch ( r->in.control ) {
 	case SVCCTL_CONTROL_STOP:
 		if ( !(info->access_granted & SC_RIGHT_SVC_STOP) )
 			return WERR_ACCESS_DENIED;
-			
-		return info->ops->stop_service( info->name, &r_u->svc_status );
-		
+
+		return info->ops->stop_service( info->name,
+						r->out.service_status );
+
 	case SVCCTL_CONTROL_INTERROGATE:
 		if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
 			return WERR_ACCESS_DENIED;
-			
-		return info->ops->service_status( info->name, &r_u->svc_status );
+
+		return info->ops->service_status( info->name,
+						  r->out.service_status );
 	}
-	
+
 	/* default control action */
-	
+
 	return WERR_ACCESS_DENIED;
 }
 
@@ -518,22 +532,22 @@ WERROR _svcctl_control_service(pipes_struct *p, SVCCTL_Q_CONTROL_SERVICE *q_u, S
 WERROR _svcctl_enum_dependent_services( pipes_struct *p, SVCCTL_Q_ENUM_DEPENDENT_SERVICES *q_u, SVCCTL_R_ENUM_DEPENDENT_SERVICES *r_u )
 {
 	SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
-	
+
 	/* perform access checks */
 
 	if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
-		return WERR_BADFID;	
-	
+		return WERR_BADFID;
+
 	if ( !(info->access_granted & SC_RIGHT_SVC_ENUMERATE_DEPENDENTS) )
 		return WERR_ACCESS_DENIED;
-			
-	/* we have to set the outgoing buffer size to the same as the 
+
+	/* we have to set the outgoing buffer size to the same as the
 	   incoming buffer size (even in the case of failure */
 
 	rpcbuf_init( &r_u->buffer, q_u->buffer_size, p->mem_ctx );
-				
+
 	r_u->needed      = q_u->buffer_size;
-	
+
 	/* no dependent services...basically a stub function */
 	r_u->returned    = 0;
 
@@ -547,21 +561,21 @@ WERROR _svcctl_query_service_status_ex( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_
 {
 	SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
 	uint32 buffer_size;
-	
+
 	/* perform access checks */
 
 	if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
-		return WERR_BADFID;	
-	
+		return WERR_BADFID;
+
 	if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_STATUS) )
 		return WERR_ACCESS_DENIED;
 
-	/* we have to set the outgoing buffer size to the same as the 
+	/* we have to set the outgoing buffer size to the same as the
 	   incoming buffer size (even in the case of failure) */
 
 	rpcbuf_init( &r_u->buffer, q_u->buffer_size, p->mem_ctx );
 	r_u->needed = q_u->buffer_size;
-	
+
 	switch ( q_u->level ) {
 		case SVC_STATUS_PROCESS_INFO:
 		{
@@ -576,18 +590,18 @@ WERROR _svcctl_query_service_status_ex( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_
 	                buffer_size = sizeof(SERVICE_STATUS_PROCESS);
 			break;
 		}
-			
+
 		default:
-			return WERR_UNKNOWN_LEVEL; 
+			return WERR_UNKNOWN_LEVEL;
 	}
 
-	
+
         buffer_size += buffer_size % 4;
 	r_u->needed = (buffer_size > q_u->buffer_size) ? buffer_size : q_u->buffer_size;
 
-        if (buffer_size > q_u->buffer_size ) 
+        if (buffer_size > q_u->buffer_size )
                 return WERR_MORE_DATA;
-	
+
 	return WERR_OK;
 }
 
@@ -600,12 +614,12 @@ static WERROR fill_svc_config( TALLOC_CTX *ctx, const char *name, SERVICE_CONFIG
 	REGISTRY_VALUE *val;
 
 	/* retrieve the registry values for this service */
-	
+
 	if ( !(values = svcctl_fetch_regvalues( name, token )) )
 		return WERR_REG_CORRUPT;
-	
+
 	/* now fill in the individual values */
-		
+
 	config->displayname = TALLOC_ZERO_P( ctx, UNISTR2 );
 	if ( (val = regval_ctr_getvalue( values, "DisplayName" )) != NULL )
 		init_unistr2( config->displayname, regval_sz( val ), UNI_STR_TERMINATE );
@@ -613,23 +627,23 @@ static WERROR fill_svc_config( TALLOC_CTX *ctx, const char *name, SERVICE_CONFIG
 		init_unistr2( config->displayname, name, UNI_STR_TERMINATE );
 
 	if ( (val = regval_ctr_getvalue( values, "ObjectName" )) != NULL ) {
-		config->startname = TALLOC_ZERO_P( ctx, UNISTR2 );		
+		config->startname = TALLOC_ZERO_P( ctx, UNISTR2 );
 		init_unistr2( config->startname, regval_sz( val ), UNI_STR_TERMINATE );
 	}
-		
+
 	if ( (val = regval_ctr_getvalue( values, "ImagePath" )) != NULL ) {
-		config->executablepath = TALLOC_ZERO_P( ctx, UNISTR2 );		
+		config->executablepath = TALLOC_ZERO_P( ctx, UNISTR2 );
 		init_unistr2( config->executablepath, regval_sz( val ), UNI_STR_TERMINATE );
 	}
 
 	/* a few hard coded values */
 	/* loadordergroup and dependencies are empty */
-	
+
 	config->tag_id           = 0x00000000;			/* unassigned loadorder group */
 	config->service_type     = SVCCTL_WIN32_OWN_PROC;
 	config->error_control    = SVCCTL_SVC_ERROR_NORMAL;
 
-	/* set the start type.  NetLogon and WINS are disabled to prevent 
+	/* set the start type.  NetLogon and WINS are disabled to prevent
 	   the client from showing the "Start" button (if of course the services
 	   are not running */
 
@@ -639,7 +653,7 @@ static WERROR fill_svc_config( TALLOC_CTX *ctx, const char *name, SERVICE_CONFIG
 		config->start_type = SVCCTL_DISABLED;
 	else
 		config->start_type = SVCCTL_DEMAND_START;
-	
+
 
 	TALLOC_FREE( values );
 
@@ -654,24 +668,24 @@ WERROR _svcctl_query_service_config( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_CON
 	SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
 	uint32 buffer_size;
 	WERROR wresult;
-	
+
 	/* perform access checks */
 
 	if ( !info || (info->type != SVC_HANDLE_IS_SERVICE) )
-		return WERR_BADFID;	
-	
+		return WERR_BADFID;
+
 	if ( !(info->access_granted & SC_RIGHT_SVC_QUERY_CONFIG) )
 		return WERR_ACCESS_DENIED;
 
-	/* we have to set the outgoing buffer size to the same as the 
+	/* we have to set the outgoing buffer size to the same as the
 	   incoming buffer size (even in the case of failure */
 
 	r_u->needed      = q_u->buffer_size;
-	
+
 	wresult = fill_svc_config( p->mem_ctx, info->name, &r_u->config, p->pipe_user.nt_user_token );
 	if ( !W_ERROR_IS_OK(wresult) )
 		return wresult;
-	
+
 	buffer_size = svcctl_sizeof_service_config( &r_u->config );
 	r_u->needed = (buffer_size > q_u->buffer_size) ? buffer_size : q_u->buffer_size;
 
@@ -679,7 +693,7 @@ WERROR _svcctl_query_service_config( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_CON
 		ZERO_STRUCTP( &r_u->config );
                 return WERR_INSUFFICIENT_BUFFER;
 	}
-		
+
 	return WERR_OK;
 }
 
@@ -750,53 +764,61 @@ WERROR _svcctl_query_service_config2( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_CO
 }
 
 /********************************************************************
+ _svcctl_LockServiceDatabase
 ********************************************************************/
 
-WERROR _svcctl_lock_service_db( pipes_struct *p, SVCCTL_Q_LOCK_SERVICE_DB *q_u, SVCCTL_R_LOCK_SERVICE_DB *r_u )
+WERROR _svcctl_LockServiceDatabase(pipes_struct *p,
+				   struct svcctl_LockServiceDatabase *r)
 {
-	SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
-	
+	SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
+
 	/* perform access checks */
 
 	if ( !info || (info->type != SVC_HANDLE_IS_SCM) )
-		return WERR_BADFID;	
-	
+		return WERR_BADFID;
+
 	if ( !(info->access_granted & SC_RIGHT_MGR_LOCK) )
 		return WERR_ACCESS_DENIED;
 
 	/* Just open a handle.  Doesn't actually lock anything */
-	
-	return create_open_service_handle( p, &r_u->h_lock, SVC_HANDLE_IS_DBLOCK, NULL, 0 );
-;
+
+	return create_open_service_handle( p, r->out.lock, SVC_HANDLE_IS_DBLOCK, NULL, 0 );
 }
 
 /********************************************************************
+ _svcctl_UnlockServiceDatabase
 ********************************************************************/
 
-WERROR _svcctl_unlock_service_db( pipes_struct *p, SVCCTL_Q_UNLOCK_SERVICE_DB *q_u, SVCCTL_R_UNLOCK_SERVICE_DB *r_u )
+WERROR _svcctl_UnlockServiceDatabase(pipes_struct *p,
+				     struct svcctl_UnlockServiceDatabase *r)
 {
-	SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->h_lock );
+	SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.lock );
 
 
 	if ( !info || (info->type != SVC_HANDLE_IS_DBLOCK) )
-		return WERR_BADFID;	
-		
-	return close_policy_hnd( p, &q_u->h_lock) ? WERR_OK : WERR_BADFID;
+		return WERR_BADFID;
+
+	return close_policy_hnd( p, r->out.lock) ? WERR_OK : WERR_BADFID;
 }
 
 /********************************************************************
+ _svcctl_QueryServiceObjectSecurity
 ********************************************************************/
 
-WERROR _svcctl_query_service_sec( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_SEC *q_u, SVCCTL_R_QUERY_SERVICE_SEC *r_u )
+WERROR _svcctl_QueryServiceObjectSecurity(pipes_struct *p,
+					  struct svcctl_QueryServiceObjectSecurity *r)
 {
-	SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
+	SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
 	SEC_DESC *sec_desc;
+	NTSTATUS status;
+	uint8_t *buffer = NULL;
+	size_t len = 0;
 
 
 	/* only support the SCM and individual services */
 
 	if ( !info || !(info->type & (SVC_HANDLE_IS_SERVICE|SVC_HANDLE_IS_SCM)) )
-		return WERR_BADFID;	
+		return WERR_BADFID;
 
 	/* check access reights (according to MSDN) */
 
@@ -805,7 +827,7 @@ WERROR _svcctl_query_service_sec( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_SEC *q
 
 	/* TODO: handle something besides DACL_SECURITY_INFORMATION */
 
-	if ( (q_u->security_flags & DACL_SECURITY_INFORMATION) != DACL_SECURITY_INFORMATION )
+	if ( (r->in.security_flags & DACL_SECURITY_INFORMATION) != DACL_SECURITY_INFORMATION )
 		return WERR_INVALID_PARAM;
 
 	/* lookup the security descriptor and marshall it up for a reply */
@@ -813,29 +835,35 @@ WERROR _svcctl_query_service_sec( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_SEC *q
 	if ( !(sec_desc = svcctl_get_secdesc( p->mem_ctx, info->name, get_root_nt_token() )) )
                 return WERR_NOMEM;
 
-	r_u->needed = ndr_size_security_descriptor( sec_desc, 0 );
+	*r->out.needed = ndr_size_security_descriptor( sec_desc, 0 );
 
-	if ( r_u->needed > q_u->buffer_size ) {
-		ZERO_STRUCTP( &r_u->buffer );
+	if ( *r->out.needed > r->in.buffer_size ) {
+		ZERO_STRUCTP( &r->out.buffer );
 		return WERR_INSUFFICIENT_BUFFER;
 	}
 
-	rpcbuf_init( &r_u->buffer, q_u->buffer_size, p->mem_ctx );
+	status = marshall_sec_desc(p->mem_ctx, sec_desc, &buffer, &len);
+	if (!NT_STATUS_IS_OK(status)) {
+		return ntstatus_to_werror(status);
+	}
+
+	*r->out.needed = len;
+	r->out.buffer = buffer;
 
-	if ( !sec_io_desc("", &sec_desc, &r_u->buffer.prs, 0 ) )
-		return WERR_NOMEM;
-		
 	return WERR_OK;
 }
 
 /********************************************************************
+ _svcctl_SetServiceObjectSecurity
 ********************************************************************/
 
-WERROR _svcctl_set_service_sec( pipes_struct *p, SVCCTL_Q_SET_SERVICE_SEC *q_u, SVCCTL_R_SET_SERVICE_SEC *r_u )
+WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p,
+					struct svcctl_SetServiceObjectSecurity *r)
 {
-	SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle );
+	SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
 	SEC_DESC *sec_desc = NULL;
 	uint32 required_access;
+	NTSTATUS status;
 
 	if ( !info || !(info->type & (SVC_HANDLE_IS_SERVICE|SVC_HANDLE_IS_SCM))  )
 		return WERR_BADFID;
@@ -843,298 +871,242 @@ WERROR _svcctl_set_service_sec( pipes_struct *p, SVCCTL_Q_SET_SERVICE_SEC *q_u,
 	/* can't set the security de4scriptor on the ServiceControlManager */
 
 	if ( info->type == SVC_HANDLE_IS_SCM )
-		return WERR_ACCESS_DENIED;	
+		return WERR_ACCESS_DENIED;
 
 	/* check the access on the open handle */
-	
-	switch ( q_u->security_flags ) {
+
+	switch ( r->in.security_flags ) {
 		case DACL_SECURITY_INFORMATION:
 			required_access = STD_RIGHT_WRITE_DAC_ACCESS;
 			break;
-			
+
 		case OWNER_SECURITY_INFORMATION:
 		case GROUP_SECURITY_INFORMATION:
 			required_access = STD_RIGHT_WRITE_OWNER_ACCESS;
 			break;
-			
+
 		case SACL_SECURITY_INFORMATION:
 			return WERR_INVALID_PARAM;
 		default:
 			return WERR_INVALID_PARAM;
 	}
-	
+
 	if ( !(info->access_granted & required_access) )
 		return WERR_ACCESS_DENIED;
-	
+
 	/* read the security descfriptor */
-		
-	if ( !sec_io_desc("", &sec_desc, &q_u->buffer.prs, 0 ) )
-		return WERR_NOMEM;
-		
+
+	status = unmarshall_sec_desc(p->mem_ctx,
+				     r->in.buffer, r->in.buffer_size,
+				     &sec_desc);
+	if (!NT_STATUS_IS_OK(status)) {
+		return ntstatus_to_werror(status);
+	}
+
 	/* store the new SD */
 
-	if ( !svcctl_set_secdesc( p->mem_ctx, info->name, sec_desc, p->pipe_user.nt_user_token ) ) 
+	if ( !svcctl_set_secdesc( p->mem_ctx, info->name, sec_desc, p->pipe_user.nt_user_token ) )
 		return WERR_ACCESS_DENIED;
 
 	return WERR_OK;
 }
 
 
-WERROR _svcctl_ControlService(pipes_struct *p, struct svcctl_ControlService *r)
-{
-	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
-}
-
 WERROR _svcctl_DeleteService(pipes_struct *p, struct svcctl_DeleteService *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
-}
-
-WERROR _svcctl_LockServiceDatabase(pipes_struct *p, struct svcctl_LockServiceDatabase *r)
-{
-	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
-}
-
-WERROR _svcctl_QueryServiceObjectSecurity(pipes_struct *p, struct svcctl_QueryServiceObjectSecurity *r)
-{
-	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
-}
-
-WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p, struct svcctl_SetServiceObjectSecurity *r)
-{
-	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
-}
-
-WERROR _svcctl_QueryServiceStatus(pipes_struct *p, struct svcctl_QueryServiceStatus *r)
-{
-	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_SetServiceStatus(pipes_struct *p, struct svcctl_SetServiceStatus *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
-}
-
-WERROR _svcctl_UnlockServiceDatabase(pipes_struct *p, struct svcctl_UnlockServiceDatabase *r)
-{
-	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_NotifyBootConfigStatus(pipes_struct *p, struct svcctl_NotifyBootConfigStatus *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_SCSetServiceBitsW(pipes_struct *p, struct svcctl_SCSetServiceBitsW *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_ChangeServiceConfigW(pipes_struct *p, struct svcctl_ChangeServiceConfigW *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_CreateServiceW(pipes_struct *p, struct svcctl_CreateServiceW *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_EnumDependentServicesW(pipes_struct *p, struct svcctl_EnumDependentServicesW *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_EnumServicesStatusW(pipes_struct *p, struct svcctl_EnumServicesStatusW *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
-}
-
-WERROR _svcctl_OpenSCManagerW(pipes_struct *p, struct svcctl_OpenSCManagerW *r)
-{
-	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
-}
-
-WERROR _svcctl_OpenServiceW(pipes_struct *p, struct svcctl_OpenServiceW *r)
-{
-	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_QueryServiceConfigW(pipes_struct *p, struct svcctl_QueryServiceConfigW *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_QueryServiceLockStatusW(pipes_struct *p, struct svcctl_QueryServiceLockStatusW *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
-}
-
-WERROR _svcctl_StartServiceW(pipes_struct *p, struct svcctl_StartServiceW *r)
-{
-	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
-}
-
-WERROR _svcctl_GetServiceDisplayNameW(pipes_struct *p, struct svcctl_GetServiceDisplayNameW *r)
-{
-	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_GetServiceKeyNameW(pipes_struct *p, struct svcctl_GetServiceKeyNameW *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_SCSetServiceBitsA(pipes_struct *p, struct svcctl_SCSetServiceBitsA *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_ChangeServiceConfigA(pipes_struct *p, struct svcctl_ChangeServiceConfigA *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_CreateServiceA(pipes_struct *p, struct svcctl_CreateServiceA *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_EnumDependentServicesA(pipes_struct *p, struct svcctl_EnumDependentServicesA *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_EnumServicesStatusA(pipes_struct *p, struct svcctl_EnumServicesStatusA *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_OpenSCManagerA(pipes_struct *p, struct svcctl_OpenSCManagerA *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_OpenServiceA(pipes_struct *p, struct svcctl_OpenServiceA *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_QueryServiceConfigA(pipes_struct *p, struct svcctl_QueryServiceConfigA *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_QueryServiceLockStatusA(pipes_struct *p, struct svcctl_QueryServiceLockStatusA *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_StartServiceA(pipes_struct *p, struct svcctl_StartServiceA *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_GetServiceDisplayNameA(pipes_struct *p, struct svcctl_GetServiceDisplayNameA *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_GetServiceKeyNameA(pipes_struct *p, struct svcctl_GetServiceKeyNameA *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_GetCurrentGroupeStateW(pipes_struct *p, struct svcctl_GetCurrentGroupeStateW *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_EnumServiceGroupW(pipes_struct *p, struct svcctl_EnumServiceGroupW *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_ChangeServiceConfig2A(pipes_struct *p, struct svcctl_ChangeServiceConfig2A *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_ChangeServiceConfig2W(pipes_struct *p, struct svcctl_ChangeServiceConfig2W *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_QueryServiceConfig2A(pipes_struct *p, struct svcctl_QueryServiceConfig2A *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_QueryServiceConfig2W(pipes_struct *p, struct svcctl_QueryServiceConfig2W *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_QueryServiceStatusEx(pipes_struct *p, struct svcctl_QueryServiceStatusEx *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _EnumServicesStatusExA(pipes_struct *p, struct EnumServicesStatusExA *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _EnumServicesStatusExW(pipes_struct *p, struct EnumServicesStatusExW *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
 WERROR _svcctl_SCSendTSMessage(pipes_struct *p, struct svcctl_SCSendTSMessage *r)
 {
 	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;	
+	return WERR_NOT_SUPPORTED;
 }
 
diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c
index 74ee94cf75..7ff93e0b07 100644
--- a/source3/rpc_server/srv_winreg_nt.c
+++ b/source3/rpc_server/srv_winreg_nt.c
@@ -21,14 +21,10 @@
 /* Implementation of registry functions. */
 
 #include "includes.h"
-#include "regfio.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_SRV
 
-static const struct generic_mapping reg_generic_map =
-	{ REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL };
-
 /******************************************************************
  free() function for struct registry_key
  *****************************************************************/
@@ -40,7 +36,7 @@ static void free_regkey(void *ptr)
 }
 
 /******************************************************************
- Find a registry key handle and return a REGISTRY_KEY
+ Find a registry key handle and return a struct registry_key *
  *****************************************************************/
 
 static struct registry_key *find_regkey_by_hnd(pipes_struct *p,
@@ -370,9 +366,7 @@ WERROR _winreg_GetVersion(pipes_struct *p, struct winreg_GetVersion *r)
 	if ( !regkey )
 		return WERR_BADFID;
 	
-	*r->out.version = 0x00000005;	/* Windows 2000 registry API version */
-	
-	return WERR_OK;
+	return reg_getversion(r->out.version);
 }
 
 
@@ -657,125 +651,6 @@ static int validate_reg_filename(TALLOC_CTX *ctx, char **pp_fname )
 }
 
 /*******************************************************************
- Note: topkeypat is the *full* path that this *key will be
- loaded into (including the name of the key)
- ********************************************************************/
-
-static WERROR reg_load_tree( REGF_FILE *regfile, const char *topkeypath,
-                             REGF_NK_REC *key )
-{
-	REGF_NK_REC *subkey;
-	REGISTRY_KEY registry_key;
-	REGVAL_CTR *values;
-	REGSUBKEY_CTR *subkeys;
-	int i;
-	char *path = NULL;
-	WERROR result = WERR_OK;
-
-	/* initialize the REGISTRY_KEY structure */
-
-	if ( !(registry_key.hook = reghook_cache_find(topkeypath)) ) {
-		DEBUG(0,("reg_load_tree: Failed to assigned a REGISTRY_HOOK to [%s]\n",
-			topkeypath ));
-		return WERR_BADFILE;
-	}
-
-	registry_key.name = talloc_strdup( regfile->mem_ctx, topkeypath );
-	if ( !registry_key.name ) {
-		DEBUG(0,("reg_load_tree: Talloc failed for reg_key.name!\n"));
-		return WERR_NOMEM;
-	}
-
-	/* now start parsing the values and subkeys */
-
-	if ( !(subkeys = TALLOC_ZERO_P( regfile->mem_ctx, REGSUBKEY_CTR )) )
-		return WERR_NOMEM;
-
-	if ( !(values = TALLOC_ZERO_P( subkeys, REGVAL_CTR )) )
-		return WERR_NOMEM;
-
-	/* copy values into the REGVAL_CTR */
-
-	for ( i=0; i<key->num_values; i++ ) {
-		regval_ctr_addvalue( values, key->values[i].valuename, key->values[i].type,
-			(char*)key->values[i].data, (key->values[i].data_size & ~VK_DATA_IN_OFFSET) );
-	}
-
-	/* copy subkeys into the REGSUBKEY_CTR */
-
-	key->subkey_index = 0;
-	while ( (subkey = regfio_fetch_subkey( regfile, key )) ) {
-		regsubkey_ctr_addkey( subkeys, subkey->keyname );
-	}
-
-	/* write this key and values out */
-
-	if ( !store_reg_values( &registry_key, values )
-		|| !store_reg_keys( &registry_key, subkeys ) )
-	{
-		DEBUG(0,("reg_load_tree: Failed to load %s!\n", topkeypath));
-		result = WERR_REG_IO_FAILURE;
-	}
-
-	TALLOC_FREE( subkeys );
-
-	if ( !W_ERROR_IS_OK(result) )
-		return result;
-
-	/* now continue to load each subkey registry tree */
-
-	key->subkey_index = 0;
-	while ( (subkey = regfio_fetch_subkey( regfile, key )) ) {
-		path = talloc_asprintf(regfile->mem_ctx,
-				"%s\\%s",
-				topkeypath,
-				subkey->keyname);
-		if (!path) {
-			return WERR_NOMEM;
-		}
-		result = reg_load_tree( regfile, path, subkey );
-		if ( !W_ERROR_IS_OK(result) )
-			break;
-	}
-
-	return result;
-}
-
-/*******************************************************************
- ********************************************************************/
-
-static WERROR restore_registry_key ( REGISTRY_KEY *krecord, const char *fname )
-{
-	REGF_FILE *regfile;
-	REGF_NK_REC *rootkey;
-	WERROR result;
-		
-	/* open the registry file....fail if the file already exists */
-	
-	if ( !(regfile = regfio_open( fname, (O_RDONLY), 0 )) ) {
-                DEBUG(0,("restore_registry_key: failed to open \"%s\" (%s)\n", 
-			fname, strerror(errno) ));
-		return ( ntstatus_to_werror(map_nt_error_from_unix( errno )) );
-        }
-	
-	/* get the rootkey from the regf file and then load the tree
-	   via recursive calls */
-	   
-	if ( !(rootkey = regfio_rootkey( regfile )) ) {
-		regfio_close( regfile );
-		return WERR_REG_FILE_INVALID;
-	}
-
-	result = reg_load_tree( regfile, krecord->name, rootkey );
-
-	/* cleanup */
-
-	regfio_close( regfile );
-
-	return result;
-}
-
-/*******************************************************************
  ********************************************************************/
 
 WERROR _winreg_RestoreKey(pipes_struct *p, struct winreg_RestoreKey *r)
@@ -809,175 +684,9 @@ WERROR _winreg_RestoreKey(pipes_struct *p, struct winreg_RestoreKey *r)
 	DEBUG(2,("_winreg_RestoreKey: Restoring [%s] from %s in share %s\n",
 		 regkey->key->name, fname, lp_servicename(snum) ));
 
-	return restore_registry_key( regkey->key, fname );
-}
-
-/********************************************************************
-********************************************************************/
-
-static WERROR reg_write_tree( REGF_FILE *regfile, const char *keypath,
-                              REGF_NK_REC *parent, SEC_DESC *sec_desc )
-{
-	REGF_NK_REC *key;
-	REGVAL_CTR *values;
-	REGSUBKEY_CTR *subkeys;
-	int i, num_subkeys;
-	char *key_tmp = NULL;
-	char *keyname, *parentpath;
-	char *subkeypath = NULL;
-	char *subkeyname;
-	REGISTRY_KEY registry_key;
-	WERROR result = WERR_OK;
-
-	if (!regfile)
-		return WERR_GENERAL_FAILURE;
-
-	if (!keypath)
-		return WERR_OBJECT_PATH_INVALID;
-
-	/* split up the registry key path */
-
-	key_tmp = talloc_strdup(regfile->mem_ctx, keypath);
-	if (!key_tmp) {
-		return WERR_NOMEM;
-	}
-	if (!reg_split_key( key_tmp, &parentpath, &keyname ) )
-		return WERR_OBJECT_PATH_INVALID;
-
-	if ( !keyname )
-		keyname = parentpath;
-
-	/* we need a REGISTRY_KEY object here to enumerate subkeys and values */
-
-	ZERO_STRUCT( registry_key );
-
-	if ( (registry_key.name = talloc_strdup(regfile->mem_ctx, keypath)) == NULL )
-		return WERR_NOMEM;
-
-	if ( (registry_key.hook = reghook_cache_find( registry_key.name )) == NULL )
-		return WERR_BADFILE;
-
-	/* lookup the values and subkeys */
-
-	if ( !(subkeys = TALLOC_ZERO_P( regfile->mem_ctx, REGSUBKEY_CTR )) )
-		return WERR_NOMEM;
-
-	if ( !(values = TALLOC_ZERO_P( subkeys, REGVAL_CTR )) )
-		return WERR_NOMEM;
-
-	fetch_reg_keys( &registry_key, subkeys );
-	fetch_reg_values( &registry_key, values );
-
-	/* write out this key */
-
-	if ( !(key = regfio_write_key( regfile, keyname, values, subkeys, sec_desc, parent )) ) {
-		result = WERR_CAN_NOT_COMPLETE;
-		goto done;
-	}
-
-	/* write each one of the subkeys out */
-
-	num_subkeys = regsubkey_ctr_numkeys( subkeys );
-	for ( i=0; i<num_subkeys; i++ ) {
-		subkeyname = regsubkey_ctr_specific_key( subkeys, i );
-		subkeypath = talloc_asprintf(regfile->mem_ctx,
-					"%s\\%s", keypath, subkeyname);
-		if (!subkeypath) {
-			result = WERR_NOMEM;
-			goto done;
-		}
-		result = reg_write_tree( regfile, subkeypath, key, sec_desc );
-		if ( !W_ERROR_IS_OK(result) )
-			goto done;
-	}
-
-	DEBUG(6,("reg_write_tree: wrote key [%s]\n", keypath ));
-
-done:
-	TALLOC_FREE( subkeys );
-	TALLOC_FREE( registry_key.name );
-
-	return result;
-}
-
-/*******************************************************************
- ********************************************************************/
-
-static WERROR make_default_reg_sd( TALLOC_CTX *ctx, SEC_DESC **psd )
-{
-	DOM_SID adm_sid, owner_sid;
-	SEC_ACE ace[2];         /* at most 2 entries */
-	SEC_ACCESS mask;
-	SEC_ACL *psa = NULL;
-	size_t sd_size;
-
-	/* set the owner to BUILTIN\Administrator */
-
-	sid_copy(&owner_sid, &global_sid_Builtin);
-	sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN );
-	
-
-	/* basic access for Everyone */
-
-	init_sec_access(&mask, reg_generic_map.generic_execute | reg_generic_map.generic_read );
-	init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
-
-	/* add Full Access 'BUILTIN\Administrators' */
-
-	init_sec_access(&mask, reg_generic_map.generic_all);
-	sid_copy(&adm_sid, &global_sid_Builtin);
-	sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS);
-	init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
-
-        /* create the security descriptor */
-
-        if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 2, ace)) == NULL)
-                return WERR_NOMEM;
-
-        if ((*psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
-				  SEC_DESC_SELF_RELATIVE, &owner_sid, NULL,
-				  NULL, psa, &sd_size)) == NULL)
-                return WERR_NOMEM;
-
-	return WERR_OK;
+	return reg_restorekey(regkey, fname);
 }
 
-/*******************************************************************
- ********************************************************************/
-
-static WERROR backup_registry_key ( REGISTRY_KEY *krecord, const char *fname )
-{
-	REGF_FILE *regfile;
-	WERROR result;
-	SEC_DESC *sd = NULL;
-	
-	/* open the registry file....fail if the file already exists */
-
-	if ( !(regfile = regfio_open( fname, (O_RDWR|O_CREAT|O_EXCL), (S_IREAD|S_IWRITE) )) ) {
-                DEBUG(0,("backup_registry_key: failed to open \"%s\" (%s)\n",
-			fname, strerror(errno) ));
-		return ( ntstatus_to_werror(map_nt_error_from_unix( errno )) );
-        }
-
-	if ( !W_ERROR_IS_OK(result = make_default_reg_sd( regfile->mem_ctx, &sd )) ) {
-		regfio_close( regfile );
-		return result;
-	}
-
-	/* write the registry tree to the file  */
-
-	result = reg_write_tree( regfile, krecord->name, NULL, sd );
-
-	/* cleanup */
-
-	regfio_close( regfile );
-
-	return result;
-}
-
-/*******************************************************************
- ********************************************************************/
-
 WERROR _winreg_SaveKey(pipes_struct *p, struct winreg_SaveKey *r)
 {
 	struct registry_key *regkey = find_regkey_by_hnd( p, r->in.handle );
@@ -1004,7 +713,7 @@ WERROR _winreg_SaveKey(pipes_struct *p, struct winreg_SaveKey *r)
 	DEBUG(2,("_winreg_SaveKey: Saving [%s] to %s in share %s\n",
 		 regkey->key->name, fname, lp_servicename(snum) ));
 
-	return backup_registry_key( regkey->key, fname );
+	return reg_savekey(regkey, fname);
 }
 
 /*******************************************************************
@@ -1115,7 +824,7 @@ WERROR _winreg_GetKeySecurity(pipes_struct *p, struct winreg_GetKeySecurity *r)
 	if ( !(key->key->access_granted & STD_RIGHT_READ_CONTROL_ACCESS) )
 		return WERR_ACCESS_DENIED;
 
-	err = regkey_get_secdesc(p->mem_ctx, key->key, &secdesc);
+	err = reg_getkeysecurity(p->mem_ctx, key, &secdesc);
 	if (!W_ERROR_IS_OK(err)) {
 		return err;
 	}
@@ -1161,7 +870,7 @@ WERROR _winreg_SetKeySecurity(pipes_struct *p, struct winreg_SetKeySecurity *r)
 		return err;
 	}
 
-	return regkey_set_secdesc(key->key, secdesc);
+	return reg_setkeysecurity(key, secdesc);
 }
 
 /*******************************************************************
diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c
index 849ec9c4eb..6d03009d00 100644
--- a/source3/rpc_server/srv_wkssvc_nt.c
+++ b/source3/rpc_server/srv_wkssvc_nt.c
@@ -281,19 +281,20 @@ WERROR _wkssvc_NetrGetJoinableOus(pipes_struct *p, struct wkssvc_NetrGetJoinable
 }
 
 /********************************************************************
+ _wkssvc_NetrJoinDomain2
  ********************************************************************/
 
-WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, struct wkssvc_NetrJoinDomain2 *r)
+WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p,
+			       struct wkssvc_NetrJoinDomain2 *r)
 {
-#if 0
 	struct libnet_JoinCtx *j = NULL;
-	char *pwd = NULL;
+	char *cleartext_pwd = NULL;
 	char *admin_domain = NULL;
 	char *admin_account = NULL;
 	WERROR werr;
 	NTSTATUS status;
 	struct nt_user_token *token = p->pipe_user.nt_user_token;
-	struct DS_DOMAIN_CONTROLLER_INFO *info = NULL;
+	struct netr_DsRGetDCNameInfo *info = NULL;
 
 	if (!r->in.domain_name) {
 		return WERR_INVALID_PARAM;
@@ -302,18 +303,15 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, struct wkssvc_NetrJoinDomain2 *r
 	if (!user_has_privileges(token, &se_machine_account) &&
 	    !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
 	    !nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) {
+		DEBUG(5,("_wkssvc_NetrJoinDomain2: account doesn't have "
+			"sufficient privileges\n"));
 		return WERR_ACCESS_DENIED;
 	}
 
 	werr = decode_wkssvc_join_password_buffer(p->mem_ctx,
 						  r->in.encrypted_password,
 						  &p->session_key,
-						  &pwd);
-	if (!W_ERROR_IS_OK(werr)) {
-		return werr;
-	}
-
-	werr = libnet_init_JoinCtx(p->mem_ctx, &j);
+						  &cleartext_pwd);
 	if (!W_ERROR_IS_OK(werr)) {
 		return werr;
 	}
@@ -323,8 +321,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, struct wkssvc_NetrJoinDomain2 *r
 			  &admin_domain,
 			  &admin_account);
 
-	status = DsGetDcName(p->mem_ctx,
-			     NULL,
+	status = dsgetdcname(p->mem_ctx,
 			     r->in.domain_name,
 			     NULL,
 			     NULL,
@@ -336,33 +333,101 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, struct wkssvc_NetrJoinDomain2 *r
 		return ntstatus_to_werror(status);
 	}
 
-	j->in.server_name	= info->domain_controller_name;
+	werr = libnet_init_JoinCtx(p->mem_ctx, &j);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	j->in.dc_name		= info->dc_unc;
 	j->in.domain_name	= r->in.domain_name;
 	j->in.account_ou	= r->in.account_ou;
 	j->in.join_flags	= r->in.join_flags;
-
-	j->in.admin_account = admin_account;
-	j->in.password = pwd;
-	j->in.modify_config = true;
+	j->in.admin_account	= admin_account;
+	j->in.admin_password	= cleartext_pwd;
+	j->in.debug		= true;
 
 	become_root();
 	werr = libnet_Join(p->mem_ctx, j);
 	unbecome_root();
 
+	if (!W_ERROR_IS_OK(werr)) {
+		DEBUG(5,("_wkssvc_NetrJoinDomain2: libnet_Join gave %s\n",
+			j->out.error_string ? j->out.error_string :
+			dos_errstr(werr)));
+	}
+
+	TALLOC_FREE(j);
 	return werr;
-#endif
-	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;
 }
 
 /********************************************************************
+ _wkssvc_NetrUnjoinDomain2
  ********************************************************************/
 
-WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p, struct wkssvc_NetrUnjoinDomain2 *r)
+WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p,
+				 struct wkssvc_NetrUnjoinDomain2 *r)
 {
-	/* FIXME: Add implementation code here */
-	p->rng_fault_state = True;
-	return WERR_NOT_SUPPORTED;
+	struct libnet_UnjoinCtx *u = NULL;
+	char *cleartext_pwd = NULL;
+	char *admin_domain = NULL;
+	char *admin_account = NULL;
+	WERROR werr;
+	NTSTATUS status;
+	struct nt_user_token *token = p->pipe_user.nt_user_token;
+	struct netr_DsRGetDCNameInfo *info = NULL;
+
+	if (!user_has_privileges(token, &se_machine_account) &&
+	    !nt_token_check_domain_rid(token, DOMAIN_GROUP_RID_ADMINS) &&
+	    !nt_token_check_domain_rid(token, BUILTIN_ALIAS_RID_ADMINS)) {
+		DEBUG(5,("_wkssvc_NetrUnjoinDomain2: account doesn't have "
+			"sufficient privileges\n"));
+		return WERR_ACCESS_DENIED;
+	}
+
+	werr = decode_wkssvc_join_password_buffer(p->mem_ctx,
+						  r->in.encrypted_password,
+						  &p->session_key,
+						  &cleartext_pwd);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	split_domain_user(p->mem_ctx,
+			  r->in.account,
+			  &admin_domain,
+			  &admin_account);
+
+	status = dsgetdcname(p->mem_ctx,
+			     lp_realm(),
+			     NULL,
+			     NULL,
+			     DS_DIRECTORY_SERVICE_REQUIRED |
+			     DS_WRITABLE_REQUIRED |
+			     DS_RETURN_DNS_NAME,
+			     &info);
+	if (!NT_STATUS_IS_OK(status)) {
+		return ntstatus_to_werror(status);
+	}
+
+	werr = libnet_init_UnjoinCtx(p->mem_ctx, &u);
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	u->in.dc_name		= info->dc_unc;
+	u->in.domain_name	= lp_realm();
+	u->in.unjoin_flags	= r->in.unjoin_flags |
+				  WKSSVC_JOIN_FLAGS_JOIN_TYPE;
+	u->in.admin_account	= admin_account;
+	u->in.admin_password	= cleartext_pwd;
+	u->in.debug		= true;
+
+	become_root();
+	werr = libnet_Unjoin(p->mem_ctx, u);
+	unbecome_root();
+
+	TALLOC_FREE(u);
+	return werr;
 }
 
 /********************************************************************
diff --git a/source3/rpcclient/cmd_ds.c b/source3/rpcclient/cmd_ds.c
deleted file mode 100644
index 1f36dc3b45..0000000000
--- a/source3/rpcclient/cmd_ds.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   RPC pipe client
-
-   Copyright (C) Gerald Carter 2002
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "rpcclient.h"
-
-/* Look up domain related information on a remote host */
-
-static NTSTATUS cmd_ds_dsrole_getprimarydominfo(struct rpc_pipe_client *cli, 
-				     TALLOC_CTX *mem_ctx, int argc, 
-				     const char **argv) 
-{
-	NTSTATUS result;
-	DS_DOMINFO_CTR	ctr;
-	
-	result = rpccli_ds_getprimarydominfo( cli, mem_ctx, DsRolePrimaryDomainInfoBasic, &ctr );
-	if ( NT_STATUS_IS_OK(result) )
-	{
-		printf ("Machine Role = [%d]\n", ctr.basic->machine_role);
-		
-		if ( ctr.basic->flags & DSROLE_PRIMARY_DS_RUNNING )	{
-			printf( "Directory Service is running.\n");
-			printf( "Domain is in %s mode.\n", (ctr.basic->flags & DSROLE_PRIMARY_DS_MIXED_MODE) ? "mixed" : "native" );
-		}
-		else
-			printf( "Directory Service not running on server\n");
-	}
-	
-	return result;
-}
-
-static NTSTATUS cmd_ds_enum_domain_trusts(struct rpc_pipe_client *cli,
-				     TALLOC_CTX *mem_ctx, int argc, 
-				     const char **argv) 
-{
-	NTSTATUS 		result;
-	uint32 			flags = DS_DOMAIN_IN_FOREST;
-	struct ds_domain_trust	 *trusts = NULL;
-	unsigned int 			num_domains = 0;
-	int i;
-	
-	if (argc > 1) {
-		flags = atoi(argv[1]);
-	}
-
-	result = rpccli_ds_enum_domain_trusts( cli, mem_ctx, cli->cli->desthost, flags, 
-		&trusts, &num_domains );
-	
-	printf( "%d domains returned\n", num_domains );
-
-	for (i=0; i<num_domains; i++ ) 
-		printf("%s (%s)\n", trusts[i].dns_domain, trusts[i].netbios_domain);
-	
-	return result;
-}
-
-/* List of commands exported by this module */
-
-struct cmd_set ds_commands[] = {
-
-	{ "LSARPC-DS" },
-
-	{ "dsroledominfo",   RPC_RTYPE_NTSTATUS, cmd_ds_dsrole_getprimarydominfo, NULL, PI_LSARPC_DS, NULL, "Get Primary Domain Information", "" },
-	{ "dsenumdomtrusts", RPC_RTYPE_NTSTATUS, cmd_ds_enum_domain_trusts,       NULL, PI_NETLOGON,  NULL, "Enumerate all trusted domains in an AD forest", "" },
-
-{ NULL }
-};
diff --git a/source3/rpcclient/cmd_dssetup.c b/source3/rpcclient/cmd_dssetup.c
new file mode 100644
index 0000000000..6ec58e9388
--- /dev/null
+++ b/source3/rpcclient/cmd_dssetup.c
@@ -0,0 +1,69 @@
+/* 
+   Unix SMB/CIFS implementation.
+   RPC pipe client
+
+   Copyright (C) Gerald Carter 2002
+   Copyright (C) Guenther Deschner 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "rpcclient.h"
+
+/* Look up domain related information on a remote host */
+
+static WERROR cmd_ds_dsrole_getprimarydominfo(struct rpc_pipe_client *cli,
+					      TALLOC_CTX *mem_ctx, int argc,
+					      const char **argv)
+{
+	NTSTATUS status;
+	WERROR werr;
+	union dssetup_DsRoleInfo info;
+
+	status = rpccli_dssetup_DsRoleGetPrimaryDomainInformation(cli, mem_ctx,
+								  DS_ROLE_BASIC_INFORMATION,
+								  &info,
+								  &werr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return ntstatus_to_werror(status);
+	}
+
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
+
+	printf ("Machine Role = [%d]\n", info.basic.role);
+
+	if (info.basic.flags & DS_ROLE_PRIMARY_DS_RUNNING) {
+		printf("Directory Service is running.\n");
+		printf("Domain is in %s mode.\n",
+			(info.basic.flags & DS_ROLE_PRIMARY_DS_MIXED_MODE) ? "mixed" : "native" );
+	} else {
+		printf("Directory Service not running on server\n");
+	}
+
+	return werr;
+}
+
+/* List of commands exported by this module */
+
+struct cmd_set ds_commands[] = {
+
+	{ "LSARPC-DS" },
+
+	{ "dsroledominfo",   RPC_RTYPE_WERROR, NULL, cmd_ds_dsrole_getprimarydominfo, PI_DSSETUP, NULL, "Get Primary Domain Information", "" },
+
+{ NULL }
+};
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
index 05269d7711..90f8646810 100644
--- a/source3/rpcclient/cmd_lsarpc.c
+++ b/source3/rpcclient/cmd_lsarpc.c
@@ -4,6 +4,7 @@
 
    Copyright (C) Tim Potter              2000
    Copyright (C) Rafal Szczesniak        2002
+   Copyright (C) Guenther Deschner	 2008
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -22,7 +23,6 @@
 #include "includes.h"
 #include "rpcclient.h"
 
-
 /* useful function to allow entering a name instead of a SID and
  * looking it up automatically */
 static NTSTATUS name_to_sid(struct rpc_pipe_client *cli, 
@@ -58,107 +58,91 @@ done:
 	return result;
 }
 
-static void display_query_info_1(DOM_QUERY_1 d)
+static void display_query_info_1(struct lsa_AuditLogInfo *r)
 {
-	d_printf("percent_full:\t%d\n", d.percent_full);
-	d_printf("log_size:\t%d\n", d.log_size);
-	d_printf("retention_time:\t%lld\n", (long long)d.retention_time);
-	d_printf("shutdown_in_progress:\t%d\n", d.shutdown_in_progress);
-	d_printf("time_to_shutdown:\t%lld\n", (long long)d.time_to_shutdown);
-	d_printf("next_audit_record:\t%d\n", d.next_audit_record);
-	d_printf("unknown:\t%d\n", d.unknown);
+	d_printf("percent_full:\t%d\n", r->percent_full);
+	d_printf("log_size:\t%d\n", r->log_size);
+	d_printf("retention_time:\t%lld\n", (long long)r->retention_time);
+	d_printf("shutdown_in_progress:\t%d\n", r->shutdown_in_progress);
+	d_printf("time_to_shutdown:\t%lld\n", (long long)r->time_to_shutdown);
+	d_printf("next_audit_record:\t%d\n", r->next_audit_record);
+	d_printf("unknown:\t%d\n", r->unknown);
 }
 
-static void display_query_info_2(DOM_QUERY_2 d, TALLOC_CTX *mem_ctx)
+static void display_query_info_2(struct lsa_AuditEventsInfo *r)
 {
 	int i;
-	d_printf("Auditing enabled:\t%d\n", d.auditing_enabled);
-	d_printf("Auditing categories:\t%d\n", d.count1);
+	d_printf("Auditing enabled:\t%d\n", r->auditing_mode);
+	d_printf("Auditing categories:\t%d\n", r->count);
 	d_printf("Auditsettings:\n");
-	for (i=0; i<d.count1; i++) {
-		const char *val = audit_policy_str(mem_ctx, d.auditsettings[i]);
+	for (i=0; i<r->count; i++) {
+		const char *val = audit_policy_str(talloc_tos(), r->settings[i]);
 		const char *policy = audit_description_str(i);
 		d_printf("%s:\t%s\n", policy, val);
 	}
 }
 
-static void display_query_info_3(DOM_QUERY_3 d)
+static void display_query_info_3(struct lsa_DomainInfo *r)
 {
-	fstring name;
-
-	unistr2_to_ascii(name, &d.uni_domain_name, sizeof(name));
-
-	d_printf("Domain Name: %s\n", name);
-	d_printf("Domain Sid: %s\n", sid_string_tos(&d.dom_sid.sid));
+	d_printf("Domain Name: %s\n", r->name.string);
+	d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
 }
 
-static void display_query_info_5(DOM_QUERY_5 d)
+static void display_query_info_5(struct lsa_DomainInfo *r)
 {
-	fstring name;
-
-	unistr2_to_ascii(name, &d.uni_domain_name, sizeof(name));
-
-	d_printf("Domain Name: %s\n", name);
-	d_printf("Domain Sid: %s\n", sid_string_tos(&d.dom_sid.sid));
+	d_printf("Domain Name: %s\n", r->name.string);
+	d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
 }
 
-static void display_query_info_10(DOM_QUERY_10 d)
+static void display_query_info_10(struct lsa_AuditFullSetInfo *r)
 {
-	d_printf("Shutdown on full: %d\n", d.shutdown_on_full);
+	d_printf("Shutdown on full: %d\n", r->shutdown_on_full);
 }
 
-static void display_query_info_11(DOM_QUERY_11 d)
+static void display_query_info_11(struct lsa_AuditFullQueryInfo *r)
 {
-	d_printf("Shutdown on full: %d\n", d.shutdown_on_full);
-	d_printf("Log is full: %d\n", d.log_is_full);
-	d_printf("Unknown: %d\n", d.unknown);
+	d_printf("Shutdown on full: %d\n", r->shutdown_on_full);
+	d_printf("Log is full: %d\n", r->log_is_full);
+	d_printf("Unknown: %d\n", r->unknown);
 }
 
-static void display_query_info_12(DOM_QUERY_12 d)
+static void display_query_info_12(struct lsa_DnsDomainInfo *r)
 {
-	fstring dom_name, dns_dom_name, forest_name;
-
-	unistr2_to_ascii(dom_name, &d.uni_nb_dom_name, sizeof(dom_name));
-	unistr2_to_ascii(dns_dom_name, &d.uni_dns_dom_name, sizeof(dns_dom_name));
-	unistr2_to_ascii(forest_name, &d.uni_forest_name, sizeof(forest_name));
-
-	d_printf("Domain NetBios Name: %s\n", dom_name);
-	d_printf("Domain DNS Name: %s\n", dns_dom_name);
-	d_printf("Domain Forest Name: %s\n", forest_name);
-	d_printf("Domain Sid: %s\n", sid_string_tos(&d.dom_sid.sid));
+	d_printf("Domain NetBios Name: %s\n", r->name.string);
+	d_printf("Domain DNS Name: %s\n", r->dns_domain.string);
+	d_printf("Domain Forest Name: %s\n", r->dns_forest.string);
+	d_printf("Domain Sid: %s\n", sid_string_tos(r->sid));
 	d_printf("Domain GUID: %s\n", smb_uuid_string(talloc_tos(),
-						      d.dom_guid));
-
+						      r->domain_guid));
 }
 
-
-
-static void display_lsa_query_info(LSA_INFO_CTR *dom, TALLOC_CTX *mem_ctx)
+static void display_lsa_query_info(union lsa_PolicyInformation *info,
+				   enum lsa_PolicyInfo level)
 {
-	switch (dom->info_class) {
+	switch (level) {
 		case 1:
-			display_query_info_1(dom->info.id1);
+			display_query_info_1(&info->audit_log);
 			break;
 		case 2:
-			display_query_info_2(dom->info.id2, mem_ctx);
+			display_query_info_2(&info->audit_events);
 			break;
 		case 3:
-			display_query_info_3(dom->info.id3);
+			display_query_info_3(&info->domain);
 			break;
 		case 5:
-			display_query_info_5(dom->info.id5);
+			display_query_info_5(&info->account_domain);
 			break;
 		case 10:
-			display_query_info_10(dom->info.id10);
+			display_query_info_10(&info->auditfullset);
 			break;
 		case 11:
-			display_query_info_11(dom->info.id11);
+			display_query_info_11(&info->auditfullquery);
 			break;
 		case 12:
-			display_query_info_12(dom->info.id12);
+			display_query_info_12(&info->dns);
 			break;
 		default:
-			printf("can't display info level: %d\n", dom->info_class);
+			printf("can't display info level: %d\n", level);
 			break;
 	}
 }
@@ -169,7 +153,7 @@ static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
 {
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	LSA_INFO_CTR dom;
+	union lsa_PolicyInformation *info = NULL;
 
 	uint32 info_class = 3;
 
@@ -190,8 +174,10 @@ static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
 		if (!NT_STATUS_IS_OK(result))
 			goto done;
 			
-		result = rpccli_lsa_query_info_policy2_new(cli, mem_ctx, &pol,
-							   info_class, &dom);
+		result = rpccli_lsa_QueryInfoPolicy2(cli, mem_ctx,
+						     &pol,
+						     info_class,
+						     &info);
 		break;
 	default:
 		result = rpccli_lsa_open_policy(cli, mem_ctx, True, 
@@ -201,12 +187,15 @@ static NTSTATUS cmd_lsa_query_info_policy(struct rpc_pipe_client *cli,
 		if (!NT_STATUS_IS_OK(result))
 			goto done;
 		
-		result = rpccli_lsa_query_info_policy_new(cli, mem_ctx, &pol, 
-							  info_class, &dom);
+		result = rpccli_lsa_QueryInfoPolicy(cli, mem_ctx,
+						    &pol,
+						    info_class,
+						    &info);
 	}
 
-
-	display_lsa_query_info(&dom, mem_ctx);
+	if (NT_STATUS_IS_OK(result)) {
+		display_lsa_query_info(info, info_class);
+	}
 
 	rpccli_lsa_Close(cli, mem_ctx, &pol);
 
@@ -389,13 +378,12 @@ static NTSTATUS cmd_lsa_enum_trust_dom(struct rpc_pipe_client *cli,
 {
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	DOM_SID *domain_sids;
-	char **domain_names;
+	struct lsa_DomainList domain_list;
 
 	/* defaults, but may be changed using params */
 	uint32 enum_ctx = 0;
-	uint32 num_domains = 0;
 	int i;
+	uint32_t max_size = (uint32_t)-1;
 
 	if (argc > 2) {
 		printf("Usage: %s [enum context (0)]\n", argv[0]);
@@ -407,7 +395,7 @@ static NTSTATUS cmd_lsa_enum_trust_dom(struct rpc_pipe_client *cli,
 	}	
 
 	result = rpccli_lsa_open_policy(cli, mem_ctx, True, 
-				     POLICY_VIEW_LOCAL_INFORMATION,
+				     LSA_POLICY_VIEW_LOCAL_INFORMATION,
 				     &pol);
 
 	if (!NT_STATUS_IS_OK(result))
@@ -419,9 +407,11 @@ static NTSTATUS cmd_lsa_enum_trust_dom(struct rpc_pipe_client *cli,
 
 		/* Lookup list of trusted domains */
 
-		result = rpccli_lsa_enum_trust_dom(cli, mem_ctx, &pol, &enum_ctx,
-						&num_domains,
-						&domain_names, &domain_sids);
+		result = rpccli_lsa_EnumTrustDom(cli, mem_ctx,
+						 &pol,
+						 &enum_ctx,
+						 &domain_list,
+						 max_size);
 		if (!NT_STATUS_IS_OK(result) &&
 		    !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
 		    !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
@@ -429,12 +419,14 @@ static NTSTATUS cmd_lsa_enum_trust_dom(struct rpc_pipe_client *cli,
 
 		/* Print results: list of names and sids returned in this
 		 * response. */	 
-		for (i = 0; i < num_domains; i++) {
+		for (i = 0; i < domain_list.count; i++) {
 			fstring sid_str;
 
-			sid_to_fstring(sid_str, &domain_sids[i]);
-			printf("%s %s\n", domain_names[i] ? domain_names[i] : 
-			       "*unknown*", sid_str);
+			sid_to_fstring(sid_str, domain_list.domains[i].sid);
+			printf("%s %s\n",
+				domain_list.domains[i].name.string ?
+				domain_list.domains[i].name.string : "*unknown*",
+				sid_str);
 		}
 	}
 
@@ -451,13 +443,10 @@ static NTSTATUS cmd_lsa_enum_privilege(struct rpc_pipe_client *cli,
 {
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	struct lsa_PrivArray priv_array;
 
 	uint32 enum_context=0;
 	uint32 pref_max_length=0x1000;
-	uint32 count=0;
-	char   **privs_name;
-	uint32 *privs_high;
-	uint32 *privs_low;
 	int i;
 
 	if (argc > 3) {
@@ -478,18 +467,24 @@ static NTSTATUS cmd_lsa_enum_privilege(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_lsa_enum_privilege(cli, mem_ctx, &pol, &enum_context, pref_max_length,
-					&count, &privs_name, &privs_high, &privs_low);
-
+	result = rpccli_lsa_EnumPrivs(cli, mem_ctx,
+				      &pol,
+				      &enum_context,
+				      &priv_array,
+				      pref_max_length);
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
 	/* Print results */
-	printf("found %d privileges\n\n", count);
-
-	for (i = 0; i < count; i++) {
-		printf("%s \t\t%d:%d (0x%x:0x%x)\n", privs_name[i] ? privs_name[i] : "*unknown*",
-		       privs_high[i], privs_low[i], privs_high[i], privs_low[i]);
+	printf("found %d privileges\n\n", priv_array.count);
+
+	for (i = 0; i < priv_array.count; i++) {
+		printf("%s \t\t%d:%d (0x%x:0x%x)\n",
+		       priv_array.privs[i].name.string ? priv_array.privs[i].name.string : "*unknown*",
+		       priv_array.privs[i].luid.high,
+		       priv_array.privs[i].luid.low,
+		       priv_array.privs[i].luid.high,
+		       priv_array.privs[i].luid.low);
 	}
 
 	rpccli_lsa_Close(cli, mem_ctx, &pol);
@@ -509,7 +504,8 @@ static NTSTATUS cmd_lsa_get_dispname(struct rpc_pipe_client *cli,
 	uint16 lang_id=0;
 	uint16 lang_id_sys=0;
 	uint16 lang_id_desc;
-	fstring description;
+	struct lsa_String lsa_name;
+	struct lsa_StringLarge *description = NULL;
 
 	if (argc != 2) {
 		printf("Usage: %s privilege name\n", argv[0]);
@@ -523,13 +519,21 @@ static NTSTATUS cmd_lsa_get_dispname(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_lsa_get_dispname(cli, mem_ctx, &pol, argv[1], lang_id, lang_id_sys, description, &lang_id_desc);
+	init_lsa_String(&lsa_name, argv[1]);
+
+	result = rpccli_lsa_LookupPrivDisplayName(cli, mem_ctx,
+						  &pol,
+						  &lsa_name,
+						  lang_id,
+						  lang_id_sys,
+						  &description,
+						  &lang_id_desc);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
 	/* Print results */
-	printf("%s -> %s (language: 0x%x)\n", argv[1], description, lang_id_desc);
+	printf("%s -> %s (language: 0x%x)\n", argv[1], description->string, lang_id_desc);
 
 	rpccli_lsa_Close(cli, mem_ctx, &pol);
  done:
@@ -547,8 +551,7 @@ static NTSTATUS cmd_lsa_enum_sids(struct rpc_pipe_client *cli,
 
 	uint32 enum_context=0;
 	uint32 pref_max_length=0x1000;
-	DOM_SID *sids;
-	uint32 count=0;
+	struct lsa_SidArray sid_array;
 	int i;
 
 	if (argc > 3) {
@@ -569,19 +572,22 @@ static NTSTATUS cmd_lsa_enum_sids(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_lsa_enum_sids(cli, mem_ctx, &pol, &enum_context, pref_max_length,
-					&count, &sids);
+	result = rpccli_lsa_EnumAccounts(cli, mem_ctx,
+					 &pol,
+					 &enum_context,
+					 &sid_array,
+					 pref_max_length);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
 	/* Print results */
-	printf("found %d SIDs\n\n", count);
+	printf("found %d SIDs\n\n", sid_array.num_sids);
 
-	for (i = 0; i < count; i++) {
+	for (i = 0; i < sid_array.num_sids; i++) {
 		fstring sid_str;
 
-		sid_to_fstring(sid_str, &sids[i]);
+		sid_to_fstring(sid_str, sid_array.sids[i].sid);
 		printf("%s\n", sid_str);
 	}
 
@@ -619,7 +625,11 @@ static NTSTATUS cmd_lsa_create_account(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_lsa_create_account(cli, mem_ctx, &dom_pol, &sid, des_access, &user_pol);
+	result = rpccli_lsa_CreateAccount(cli, mem_ctx,
+					  &dom_pol,
+					  &sid,
+					  des_access,
+					  &user_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
@@ -643,10 +653,8 @@ static NTSTATUS cmd_lsa_enum_privsaccounts(struct rpc_pipe_client *cli,
 	POLICY_HND user_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	uint32 access_desired = 0x000f000f;
-	
 	DOM_SID sid;
-	uint32 count=0;
-	LUID_ATTR *set;
+	struct lsa_PrivilegeSet *privs = NULL;
 	int i;
 
 	if (argc != 2 ) {
@@ -665,22 +673,31 @@ static NTSTATUS cmd_lsa_enum_privsaccounts(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_lsa_open_account(cli, mem_ctx, &dom_pol, &sid, access_desired, &user_pol);
+	result = rpccli_lsa_OpenAccount(cli, mem_ctx,
+					&dom_pol,
+					&sid,
+					access_desired,
+					&user_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_lsa_enum_privsaccount(cli, mem_ctx, &user_pol, &count, &set);
+	result = rpccli_lsa_EnumPrivsAccount(cli, mem_ctx,
+					     &user_pol,
+					     &privs);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
 	/* Print results */
-	printf("found %d privileges for SID %s\n\n", count, argv[1]);
+	printf("found %d privileges for SID %s\n\n", privs->count, argv[1]);
 	printf("high\tlow\tattribute\n");
 
-	for (i = 0; i < count; i++) {
-		printf("%u\t%u\t%u\n", set[i].luid.high, set[i].luid.low, set[i].attr);
+	for (i = 0; i < privs->count; i++) {
+		printf("%u\t%u\t%u\n",
+			privs->set[i].luid.high,
+			privs->set[i].luid.low,
+			privs->set[i].attribute);
 	}
 
 	rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
@@ -697,10 +714,8 @@ static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli,
 {
 	POLICY_HND dom_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
 	DOM_SID sid;
-	uint32 count;
-	char **rights;
+	struct lsa_RightSet rights;
 
 	int i;
 
@@ -720,16 +735,19 @@ static NTSTATUS cmd_lsa_enum_acct_rights(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_lsa_enum_account_rights(cli, mem_ctx, &dom_pol, &sid, &count, &rights);
+	result = rpccli_lsa_EnumAccountRights(cli, mem_ctx,
+					      &dom_pol,
+					      &sid,
+					      &rights);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	printf("found %d privileges for SID %s\n", count,
+	printf("found %d privileges for SID %s\n", rights.count,
 	       sid_string_tos(&sid));
 
-	for (i = 0; i < count; i++) {
-		printf("\t%s\n", rights[i]);
+	for (i = 0; i < rights.count; i++) {
+		printf("\t%s\n", rights.names[i].string);
 	}
 
 	rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
@@ -746,8 +764,9 @@ static NTSTATUS cmd_lsa_add_acct_rights(struct rpc_pipe_client *cli,
 {
 	POLICY_HND dom_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
+	struct lsa_RightSet rights;
 	DOM_SID sid;
+	int i;
 
 	if (argc < 3 ) {
 		printf("Usage: %s SID [rights...]\n", argv[0]);
@@ -765,8 +784,21 @@ static NTSTATUS cmd_lsa_add_acct_rights(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_lsa_add_account_rights(cli, mem_ctx, &dom_pol, sid, 
-					    argc-2, argv+2);
+	rights.count = argc-2;
+	rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge,
+				    rights.count);
+	if (!rights.names) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0; i<argc-1; i++) {
+		init_lsa_StringLarge(&rights.names[i], argv[i+2]);
+	}
+
+	result = rpccli_lsa_AddAccountRights(cli, mem_ctx,
+					     &dom_pol,
+					     &sid,
+					     &rights);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
@@ -785,8 +817,9 @@ static NTSTATUS cmd_lsa_remove_acct_rights(struct rpc_pipe_client *cli,
 {
 	POLICY_HND dom_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
+	struct lsa_RightSet rights;
 	DOM_SID sid;
+	int i;
 
 	if (argc < 3 ) {
 		printf("Usage: %s SID [rights...]\n", argv[0]);
@@ -804,8 +837,22 @@ static NTSTATUS cmd_lsa_remove_acct_rights(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_lsa_remove_account_rights(cli, mem_ctx, &dom_pol, sid, 
-					       False, argc-2, argv+2);
+	rights.count = argc-2;
+	rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge,
+				    rights.count);
+	if (!rights.names) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0; i<argc-2; i++) {
+		init_lsa_StringLarge(&rights.names[i], argv[i+2]);
+	}
+
+	result = rpccli_lsa_RemoveAccountRights(cli, mem_ctx,
+						&dom_pol,
+						&sid,
+						false,
+						&rights);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
@@ -825,7 +872,8 @@ static NTSTATUS cmd_lsa_lookup_priv_value(struct rpc_pipe_client *cli,
 {
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	LUID luid;
+	struct lsa_LUID luid;
+	struct lsa_String name;
 
 	if (argc != 2 ) {
 		printf("Usage: %s name\n", argv[0]);
@@ -839,7 +887,12 @@ static NTSTATUS cmd_lsa_lookup_priv_value(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_lsa_lookup_priv_value(cli, mem_ctx, &pol, argv[1], &luid);
+	init_lsa_String(&name, argv[1]);
+
+	result = rpccli_lsa_LookupPrivValue(cli, mem_ctx,
+					    &pol,
+					    &name,
+					    &luid);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
@@ -879,8 +932,10 @@ static NTSTATUS cmd_lsa_query_secobj(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_lsa_query_secobj(cli, mem_ctx, &pol, sec_info, &sdb);
-
+	result = rpccli_lsa_QuerySecurity(cli, mem_ctx,
+					  &pol,
+					  sec_info,
+					  &sdb);
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
@@ -976,17 +1031,11 @@ static NTSTATUS cmd_lsa_query_trustdominfobysid(struct rpc_pipe_client *cli,
 	display_trust_dom_info(mem_ctx, &info, info_class, cli->pwd.password);
 
  done:
-	if (&pol)
-		rpccli_lsa_Close(cli, mem_ctx, &pol);
+	rpccli_lsa_Close(cli, mem_ctx, &pol);
 
 	return result;
 }
 
-static void init_lsa_String(struct lsa_String *name, const char *s)
-{
-	name->string = s;
-}
-
 static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
 						 TALLOC_CTX *mem_ctx, int argc,
 						 const char **argv) 
@@ -1015,7 +1064,7 @@ static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
 
 	result = rpccli_lsa_QueryTrustedDomainInfoByName(cli, mem_ctx,
 							 &pol,
-							 trusted_domain,
+							 &trusted_domain,
 							 info_class,
 							 &info);
 	if (!NT_STATUS_IS_OK(result))
@@ -1024,8 +1073,7 @@ static NTSTATUS cmd_lsa_query_trustdominfobyname(struct rpc_pipe_client *cli,
 	display_trust_dom_info(mem_ctx, &info, info_class, cli->pwd.password);
 
  done:
-	if (&pol)
-		rpccli_lsa_Close(cli, mem_ctx, &pol);
+	rpccli_lsa_Close(cli, mem_ctx, &pol);
 
 	return result;
 }
@@ -1078,12 +1126,221 @@ static NTSTATUS cmd_lsa_query_trustdominfo(struct rpc_pipe_client *cli,
 	display_trust_dom_info(mem_ctx, &info, info_class, cli->pwd.password);
 
  done:
-	if (&pol)
-		rpccli_lsa_Close(cli, mem_ctx, &pol);
+	rpccli_lsa_Close(cli, mem_ctx, &pol);
 
 	return result;
 }
 
+static NTSTATUS cmd_lsa_get_username(struct rpc_pipe_client *cli,
+                                     TALLOC_CTX *mem_ctx, int argc,
+                                     const char **argv)
+{
+	POLICY_HND pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	const char *servername = cli->cli->desthost;
+	struct lsa_String *account_name = NULL;
+	struct lsa_String *authority_name = NULL;
+
+	if (argc > 2) {
+		printf("Usage: %s servername\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	result = rpccli_lsa_open_policy(cli, mem_ctx, true,
+					SEC_RIGHTS_MAXIMUM_ALLOWED,
+					&pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	result = rpccli_lsa_GetUserName(cli, mem_ctx,
+					servername,
+					&account_name,
+					&authority_name);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Print results */
+
+	printf("Account Name: %s, Authority Name: %s\n",
+		account_name->string, authority_name->string);
+
+	rpccli_lsa_Close(cli, mem_ctx, &pol);
+ done:
+	return result;
+}
+
+static NTSTATUS cmd_lsa_add_priv(struct rpc_pipe_client *cli,
+				 TALLOC_CTX *mem_ctx, int argc,
+				 const char **argv)
+{
+	POLICY_HND dom_pol, user_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	struct lsa_PrivilegeSet privs;
+	struct lsa_LUIDAttribute *set = NULL;
+	DOM_SID sid;
+	int i;
+
+	ZERO_STRUCT(privs);
+
+	if (argc < 3 ) {
+		printf("Usage: %s SID [rights...]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
+					 SEC_RIGHTS_MAXIMUM_ALLOWED,
+					 &dom_pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	result = rpccli_lsa_OpenAccount(cli, mem_ctx,
+					&dom_pol,
+					&sid,
+					SEC_RIGHTS_MAXIMUM_ALLOWED,
+					&user_pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	for (i=2; i<argc; i++) {
+
+		struct lsa_String priv_name;
+		struct lsa_LUID luid;
+
+		init_lsa_String(&priv_name, argv[i]);
+
+		result = rpccli_lsa_LookupPrivValue(cli, mem_ctx,
+						    &dom_pol,
+						    &priv_name,
+						    &luid);
+		if (!NT_STATUS_IS_OK(result)) {
+			continue;
+		}
+
+		privs.count++;
+		set = TALLOC_REALLOC_ARRAY(mem_ctx, set,
+					   struct lsa_LUIDAttribute,
+					   privs.count);
+		if (!set) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		set[privs.count-1].luid = luid;
+		set[privs.count-1].attribute = 0;
+	}
+
+	privs.set = set;
+
+	result = rpccli_lsa_AddPrivilegesToAccount(cli, mem_ctx,
+						   &user_pol,
+						   &privs);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	rpccli_lsa_Close(cli, mem_ctx, &user_pol);
+	rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
+ done:
+	return result;
+}
+
+static NTSTATUS cmd_lsa_del_priv(struct rpc_pipe_client *cli,
+				 TALLOC_CTX *mem_ctx, int argc,
+				 const char **argv)
+{
+	POLICY_HND dom_pol, user_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	struct lsa_PrivilegeSet privs;
+	struct lsa_LUIDAttribute *set = NULL;
+	DOM_SID sid;
+	int i;
+
+	ZERO_STRUCT(privs);
+
+	if (argc < 3 ) {
+		printf("Usage: %s SID [rights...]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	result = name_to_sid(cli, mem_ctx, &sid, argv[1]);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	result = rpccli_lsa_open_policy2(cli, mem_ctx, True,
+					 SEC_RIGHTS_MAXIMUM_ALLOWED,
+					 &dom_pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	result = rpccli_lsa_OpenAccount(cli, mem_ctx,
+					&dom_pol,
+					&sid,
+					SEC_RIGHTS_MAXIMUM_ALLOWED,
+					&user_pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	for (i=2; i<argc; i++) {
+
+		struct lsa_String priv_name;
+		struct lsa_LUID luid;
+
+		init_lsa_String(&priv_name, argv[i]);
+
+		result = rpccli_lsa_LookupPrivValue(cli, mem_ctx,
+						    &dom_pol,
+						    &priv_name,
+						    &luid);
+		if (!NT_STATUS_IS_OK(result)) {
+			continue;
+		}
+
+		privs.count++;
+		set = TALLOC_REALLOC_ARRAY(mem_ctx, set,
+					   struct lsa_LUIDAttribute,
+					   privs.count);
+		if (!set) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		set[privs.count-1].luid = luid;
+		set[privs.count-1].attribute = 0;
+	}
+
+	privs.set = set;
+
+
+	result = rpccli_lsa_RemovePrivilegesFromAccount(cli, mem_ctx,
+							&user_pol,
+							false,
+							&privs);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	rpccli_lsa_Close(cli, mem_ctx, &user_pol);
+	rpccli_lsa_Close(cli, mem_ctx, &dom_pol);
+ done:
+	return result;
+}
 
 
 /* List of commands exported by this module */
@@ -1103,10 +1360,8 @@ struct cmd_set lsarpc_commands[] = {
 	{ "lsacreateaccount",    RPC_RTYPE_NTSTATUS, cmd_lsa_create_account,     NULL, PI_LSARPC, NULL, "Create a new lsa account",   "" },
 	{ "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, PI_LSARPC, NULL, "Enumerate the privileges of an SID",   "" },
 	{ "lsaenumacctrights",   RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights,   NULL, PI_LSARPC, NULL, "Enumerate the rights of an SID",   "" },
-#if 0
-	{ "lsaaddpriv",          RPC_RTYPE_NTSTATUS, cmd_lsa_add_priv,           NULL, PI_LSARPC, "Assign a privilege to a SID", "" },
-	{ "lsadelpriv",          RPC_RTYPE_NTSTATUS, cmd_lsa_del_priv,           NULL, PI_LSARPC, "Revoke a privilege from a SID", "" },
-#endif
+	{ "lsaaddpriv",          RPC_RTYPE_NTSTATUS, cmd_lsa_add_priv,           NULL, PI_LSARPC, NULL, "Assign a privilege to a SID", "" },
+	{ "lsadelpriv",          RPC_RTYPE_NTSTATUS, cmd_lsa_del_priv,           NULL, PI_LSARPC, NULL, "Revoke a privilege from a SID", "" },
 	{ "lsaaddacctrights",    RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights,    NULL, PI_LSARPC, NULL, "Add rights to an account",   "" },
 	{ "lsaremoveacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_remove_acct_rights, NULL, PI_LSARPC, NULL, "Remove rights from an account",   "" },
 	{ "lsalookupprivvalue",  RPC_RTYPE_NTSTATUS, cmd_lsa_lookup_priv_value,  NULL, PI_LSARPC, NULL, "Get a privilege value given its name", "" },
@@ -1114,6 +1369,7 @@ struct cmd_set lsarpc_commands[] = {
 	{ "lsaquerytrustdominfo",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfo, NULL, PI_LSARPC, NULL, "Query LSA trusted domains info (given a SID)", "" },
 	{ "lsaquerytrustdominfobyname",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobyname, NULL, PI_LSARPC, NULL, "Query LSA trusted domains info (given a name), only works for Windows > 2k", "" },
 	{ "lsaquerytrustdominfobysid",RPC_RTYPE_NTSTATUS, cmd_lsa_query_trustdominfobysid, NULL, PI_LSARPC, NULL, "Query LSA trusted domains info (given a SID)", "" },
+	{ "getusername",          RPC_RTYPE_NTSTATUS, cmd_lsa_get_username, NULL, PI_LSARPC, NULL, "Get username", "" },
 
 	{ NULL }
 };
diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
index 2c1f7e0f11..95d79b5825 100644
--- a/source3/rpcclient/cmd_netlogon.c
+++ b/source3/rpcclient/cmd_netlogon.c
@@ -3,6 +3,7 @@
    RPC pipe client
 
    Copyright (C) Tim Potter 2000
+   Copyright (C) Guenther Deschner 2008
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -21,35 +22,77 @@
 #include "includes.h"
 #include "rpcclient.h"
 
-static NTSTATUS cmd_netlogon_logon_ctrl2(struct rpc_pipe_client *cli, 
-                                         TALLOC_CTX *mem_ctx, int argc, 
-                                         const char **argv)
+static WERROR cmd_netlogon_logon_ctrl2(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx, int argc,
+				       const char **argv)
 {
-	uint32 query_level = 1;
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	WERROR werr;
+	const char *logon_server = cli->cli->desthost;
+	enum netr_LogonControlCode function_code = NETLOGON_CONTROL_REDISCOVER;
+	uint32_t level = 1;
+	union netr_CONTROL_DATA_INFORMATION data;
+	union netr_CONTROL_QUERY_INFORMATION query;
+	const char *domain = lp_workgroup();
+
+	if (argc > 5) {
+		fprintf(stderr, "Usage: %s <logon_server> <function_code> "
+			"<level> <domain>\n", argv[0]);
+		return WERR_OK;
+	}
 
-	if (argc > 1) {
-		fprintf(stderr, "Usage: %s\n", argv[0]);
-		return NT_STATUS_OK;
+	if (argc >= 2) {
+		logon_server = argv[1];
 	}
 
-	result = rpccli_netlogon_logon_ctrl2(cli, mem_ctx, query_level);
+	if (argc >= 3) {
+		function_code = atoi(argv[2]);
+	}
 
-	if (!NT_STATUS_IS_OK(result))
-		goto done;
+	if (argc >= 4) {
+		level = atoi(argv[3]);
+	}
+
+	if (argc >= 5) {
+		domain = argv[4];
+	}
+
+	switch (function_code) {
+		case NETLOGON_CONTROL_REDISCOVER:
+		case NETLOGON_CONTROL_TC_QUERY:
+			data.domain = domain;
+			break;
+		default:
+			break;
+	}
+
+	status = rpccli_netr_LogonControl2(cli, mem_ctx,
+					  logon_server,
+					  function_code,
+					  level,
+					  &data,
+					  &query,
+					  &werr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return ntstatus_to_werror(status);
+	}
+
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
 
 	/* Display results */
 
- done:
-	return result;
+	return werr;
 }
 
 static WERROR cmd_netlogon_getanydcname(struct rpc_pipe_client *cli, 
 					TALLOC_CTX *mem_ctx, int argc, 
 					const char **argv)
 {
-	char *dcname = NULL;
-	WERROR result = WERR_GENERAL_FAILURE;
+	const char *dcname = NULL;
+	WERROR werr;
+	NTSTATUS status;
 	int old_timeout;
 
 	if (argc != 2) {
@@ -60,27 +103,35 @@ static WERROR cmd_netlogon_getanydcname(struct rpc_pipe_client *cli,
 	/* Make sure to wait for our DC's reply */
 	old_timeout = cli_set_timeout(cli->cli, MAX(cli->cli->timeout,30000)); /* 30 seconds. */
 
-	result = rpccli_netlogon_getanydcname(cli, mem_ctx, cli->cli->desthost, argv[1], &dcname);
-
+	status = rpccli_netr_GetAnyDCName(cli, mem_ctx,
+					  cli->cli->desthost,
+					  argv[1],
+					  &dcname,
+					  &werr);
 	cli_set_timeout(cli->cli, old_timeout);
 
-	if (!W_ERROR_IS_OK(result))
-		goto done;
+	if (!NT_STATUS_IS_OK(status)) {
+		return ntstatus_to_werror(status);
+	}
+
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
 
 	/* Display results */
 
 	printf("%s\n", dcname);
 
- done:
-	return result;
+	return werr;
 }
 
-static WERROR cmd_netlogon_getdcname(struct rpc_pipe_client *cli, 
-				     TALLOC_CTX *mem_ctx, int argc, 
+static WERROR cmd_netlogon_getdcname(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx, int argc,
 				     const char **argv)
 {
-	char *dcname = NULL;
-	WERROR result = WERR_GENERAL_FAILURE;
+	const char *dcname = NULL;
+	NTSTATUS status;
+	WERROR werr;
 	int old_timeout;
 
 	if (argc != 2) {
@@ -91,32 +142,40 @@ static WERROR cmd_netlogon_getdcname(struct rpc_pipe_client *cli,
 	/* Make sure to wait for our DC's reply */
 	old_timeout = cli_set_timeout(cli->cli, MAX(cli->cli->timeout,30000)); /* 30 seconds. */
 
-	result = rpccli_netlogon_getdcname(cli, mem_ctx, cli->cli->desthost, argv[1], &dcname);
-
+	status = rpccli_netr_GetDcName(cli, mem_ctx,
+				       cli->cli->desthost,
+				       argv[1],
+				       &dcname,
+				       &werr);
 	cli_set_timeout(cli->cli, old_timeout);
 
-	if (!W_ERROR_IS_OK(result))
-		goto done;
+	if (!NT_STATUS_IS_OK(status)) {
+		return ntstatus_to_werror(status);
+	}
+
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
+	}
 
 	/* Display results */
 
 	printf("%s\n", dcname);
 
- done:
-	return result;
+	return werr;
 }
 
 static WERROR cmd_netlogon_dsr_getdcname(struct rpc_pipe_client *cli,
 					 TALLOC_CTX *mem_ctx, int argc,
 					 const char **argv)
 {
-	WERROR result;
+	NTSTATUS result;
+	WERROR werr = WERR_OK;
 	uint32 flags = DS_RETURN_DNS_NAME;
 	const char *server_name = cli->cli->desthost;
 	const char *domain_name;
 	struct GUID domain_guid = GUID_zero();
 	struct GUID site_guid = GUID_zero();
-	struct DS_DOMAIN_CONTROLLER_INFO *info = NULL;
+	struct netr_DsRGetDCNameInfo *info = NULL;
 
 	if (argc < 2) {
 		fprintf(stderr, "Usage: %s [domain_name] [domain_guid] "
@@ -144,20 +203,25 @@ static WERROR cmd_netlogon_dsr_getdcname(struct rpc_pipe_client *cli,
 
 	debug_dsdcinfo_flags(1,flags);
 
-	result = rpccli_netlogon_dsr_getdcname(cli, mem_ctx, server_name, domain_name, 
-					       &domain_guid, &site_guid, flags,
-					       &info);
-
-	if (W_ERROR_IS_OK(result)) {
-		d_printf("DsGetDcName gave\n");
-		display_ds_domain_controller_info(mem_ctx, info);
+	result = rpccli_netr_DsRGetDCName(cli, mem_ctx,
+					  server_name,
+					  domain_name,
+					  &domain_guid,
+					  &site_guid,
+					  flags,
+					  &info,
+					  &werr);
+
+	if (W_ERROR_IS_OK(werr)) {
+		d_printf("DsGetDcName gave: %s\n",
+		NDR_PRINT_STRUCT_STRING(mem_ctx, netr_DsRGetDCNameInfo, info));
 		return WERR_OK;
 	}
 
 	printf("rpccli_netlogon_dsr_getdcname returned %s\n",
-	       dos_errstr(result));
+	       dos_errstr(werr));
 
-	return result;
+	return werr;
 }
 
 static WERROR cmd_netlogon_dsr_getdcnameex(struct rpc_pipe_client *cli,
@@ -165,12 +229,13 @@ static WERROR cmd_netlogon_dsr_getdcnameex(struct rpc_pipe_client *cli,
 					   const char **argv)
 {
 	WERROR result;
-	uint32 flags = DS_RETURN_DNS_NAME;
+	NTSTATUS status;
+	uint32_t flags = DS_RETURN_DNS_NAME;
 	const char *server_name = cli->cli->desthost;
 	const char *domain_name;
 	const char *site_name = NULL;
 	struct GUID domain_guid = GUID_zero();
-	struct DS_DOMAIN_CONTROLLER_INFO *info = NULL;
+	struct netr_DsRGetDCNameInfo *info = NULL;
 
 	if (argc < 2) {
 		fprintf(stderr, "Usage: %s [domain_name] [domain_guid] "
@@ -178,8 +243,7 @@ static WERROR cmd_netlogon_dsr_getdcnameex(struct rpc_pipe_client *cli,
 		return WERR_OK;
 	}
 
-	if (argc >= 2)
-		domain_name = argv[1];
+	domain_name = argv[1];
 
 	if (argc >= 3) {
 		if (!NT_STATUS_IS_OK(GUID_from_string(argv[2], &domain_guid))) {
@@ -187,26 +251,34 @@ static WERROR cmd_netlogon_dsr_getdcnameex(struct rpc_pipe_client *cli,
 		}
 	}
 
-	if (argc >= 4)
+	if (argc >= 4) {
 		site_name = argv[3];
+	}
 
-	if (argc >= 5)
+	if (argc >= 5) {
 		sscanf(argv[4], "%x", &flags);
+	}
 
 	debug_dsdcinfo_flags(1,flags);
 
-	result = rpccli_netlogon_dsr_getdcnameex(cli, mem_ctx, server_name, domain_name, 
-						 &domain_guid, site_name, flags,
-						 &info);
+	status = rpccli_netr_DsRGetDCNameEx(cli, mem_ctx,
+					    server_name,
+					    domain_name,
+					    &domain_guid,
+					    site_name,
+					    flags,
+					    &info,
+					    &result);
+	if (!NT_STATUS_IS_OK(status)) {
+		return ntstatus_to_werror(status);
+	}
 
-	if (W_ERROR_IS_OK(result)) {
-		d_printf("DsGetDcNameEx gave\n");
-		display_ds_domain_controller_info(mem_ctx, info);
-		return WERR_OK;
+	if (!W_ERROR_IS_OK(result)) {
+		return result;
 	}
 
-	printf("rpccli_netlogon_dsr_getdcnameex returned %s\n",
-	       dos_errstr(result));
+	d_printf("DsRGetDCNameEx gave %s\n",
+		NDR_PRINT_STRUCT_STRING(mem_ctx, netr_DsRGetDCNameInfo, info));
 
 	return result;
 }
@@ -216,14 +288,15 @@ static WERROR cmd_netlogon_dsr_getdcnameex2(struct rpc_pipe_client *cli,
 					    const char **argv)
 {
 	WERROR result;
-	uint32 flags = DS_RETURN_DNS_NAME;
+	NTSTATUS status;
+	uint32_t flags = DS_RETURN_DNS_NAME;
 	const char *server_name = cli->cli->desthost;
 	const char *domain_name = NULL;
 	const char *client_account = NULL;
-	uint32 mask = 0;
+	uint32_t mask = 0;
 	const char *site_name = NULL;
 	struct GUID domain_guid = GUID_zero();
-	struct DS_DOMAIN_CONTROLLER_INFO *info = NULL;
+	struct netr_DsRGetDCNameInfo *info = NULL;
 
 	if (argc < 2) {
 		fprintf(stderr, "Usage: %s [client_account] [acb_mask] "
@@ -232,14 +305,17 @@ static WERROR cmd_netlogon_dsr_getdcnameex2(struct rpc_pipe_client *cli,
 		return WERR_OK;
 	}
 
-	if (argc >= 2)
+	if (argc >= 2) {
 		client_account = argv[1];
+	}
 
-	if (argc >= 3)
+	if (argc >= 3) {
 		mask = atoi(argv[2]);
+	}
 
-	if (argc >= 4)
+	if (argc >= 4) {
 		domain_name = argv[3];
+	}
 
 	if (argc >= 5) {
 		if (!NT_STATUS_IS_OK(GUID_from_string(argv[4], &domain_guid))) {
@@ -247,28 +323,36 @@ static WERROR cmd_netlogon_dsr_getdcnameex2(struct rpc_pipe_client *cli,
 		}
 	}
 
-	if (argc >= 6)
+	if (argc >= 6) {
 		site_name = argv[5];
+	}
 
-	if (argc >= 7)
+	if (argc >= 7) {
 		sscanf(argv[6], "%x", &flags);
+	}
 
 	debug_dsdcinfo_flags(1,flags);
 
-	result = rpccli_netlogon_dsr_getdcnameex2(cli, mem_ctx, server_name, 
-						  client_account, mask,
-						  domain_name, &domain_guid,
-						  site_name, flags,
-						  &info);
+	status = rpccli_netr_DsRGetDCNameEx2(cli, mem_ctx,
+					     server_name,
+					     client_account,
+					     mask,
+					     domain_name,
+					     &domain_guid,
+					     site_name,
+					     flags,
+					     &info,
+					     &result);
+	if (!NT_STATUS_IS_OK(status)) {
+		return ntstatus_to_werror(status);
+	}
 
-	if (W_ERROR_IS_OK(result)) {
-		d_printf("DsGetDcNameEx2 gave\n");
-		display_ds_domain_controller_info(mem_ctx, info);
-		return WERR_OK;
+	if (!W_ERROR_IS_OK(result)) {
+		return result;
 	}
 
-	printf("rpccli_netlogon_dsr_getdcnameex2 returned %s\n",
-	       dos_errstr(result));
+	d_printf("DsRGetDCNameEx2 gave %s\n",
+		NDR_PRINT_STRUCT_STRING(mem_ctx, netr_DsRGetDCNameInfo, info));
 
 	return result;
 }
@@ -278,20 +362,27 @@ static WERROR cmd_netlogon_dsr_getsitename(struct rpc_pipe_client *cli,
 					   TALLOC_CTX *mem_ctx, int argc,
 					   const char **argv)
 {
-	WERROR result;
-	char *sitename;
+	WERROR werr;
+	NTSTATUS status;
+	const char *sitename = NULL;
 
 	if (argc != 2) {
 		fprintf(stderr, "Usage: %s computername\n", argv[0]);
 		return WERR_OK;
 	}
 
-	result = rpccli_netlogon_dsr_getsitename(cli, mem_ctx, argv[1], &sitename);
+	status = rpccli_netr_DsRGetSiteName(cli, mem_ctx,
+					    argv[1],
+					    &sitename,
+					    &werr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return ntstatus_to_werror(status);
+	}
 
-	if (!W_ERROR_IS_OK(result)) {
+	if (!W_ERROR_IS_OK(werr)) {
 		printf("rpccli_netlogon_dsr_gesitename returned %s\n",
-		       nt_errstr(werror_to_ntstatus(result)));
-		return result;
+		       nt_errstr(werror_to_ntstatus(werr)));
+		return werr;
 	}
 
 	printf("Computer %s is on Site: %s\n", argv[1], sitename);
@@ -299,169 +390,292 @@ static WERROR cmd_netlogon_dsr_getsitename(struct rpc_pipe_client *cli,
 	return WERR_OK;
 }
 
-static NTSTATUS cmd_netlogon_logon_ctrl(struct rpc_pipe_client *cli, 
-                                        TALLOC_CTX *mem_ctx, int argc, 
-                                        const char **argv)
+static WERROR cmd_netlogon_logon_ctrl(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx, int argc,
+				      const char **argv)
 {
-#if 0
-	uint32 query_level = 1;
-#endif
-	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	WERROR werr;
+	const char *logon_server = cli->cli->desthost;
+	enum netr_LogonControlCode function_code = 1;
+	uint32_t level = 1;
+	union netr_CONTROL_QUERY_INFORMATION info;
+
+	if (argc > 4) {
+		fprintf(stderr, "Usage: %s <logon_server> <function_code> "
+			"<level>\n", argv[0]);
+		return WERR_OK;
+	}
 
-	if (argc > 1) {
-		fprintf(stderr, "Usage: %s\n", argv[0]);
-		return NT_STATUS_OK;
+	if (argc >= 2) {
+		logon_server = argv[1];
 	}
 
-#if 0
-	result = cli_netlogon_logon_ctrl(cli, mem_ctx, query_level);
-	if (!NT_STATUS_IS_OK(result)) {
-		goto done;
+	if (argc >= 3) {
+		function_code = atoi(argv[2]);
+	}
+
+	if (argc >= 4) {
+		level = atoi(argv[3]);
+	}
+
+	status = rpccli_netr_LogonControl(cli, mem_ctx,
+					  logon_server,
+					  function_code,
+					  level,
+					  &info,
+					  &werr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return ntstatus_to_werror(status);
+	}
+
+	if (!W_ERROR_IS_OK(werr)) {
+		return werr;
 	}
-#endif
 
 	/* Display results */
 
-	return result;
+	return werr;
 }
 
 /* Display sam synchronisation information */
 
-static void display_sam_sync(uint32 num_deltas, SAM_DELTA_HDR *hdr_deltas,
-                             SAM_DELTA_CTR *deltas)
+static void display_sam_sync(struct netr_DELTA_ENUM_ARRAY *r)
 {
-        fstring name;
-        uint32 i, j;
-
-        for (i = 0; i < num_deltas; i++) {
-                switch (hdr_deltas[i].type) {
-                case SAM_DELTA_DOMAIN_INFO:
-                        unistr2_to_ascii(name,
-                                         &deltas[i].domain_info.uni_dom_name,
-                                         sizeof(name));
-                        printf("Domain: %s\n", name);
-                        break;
-                case SAM_DELTA_GROUP_INFO:
-                        unistr2_to_ascii(name,
-                                         &deltas[i].group_info.uni_grp_name,
-                                         sizeof(name));
-                        printf("Group: %s\n", name);
-                        break;
-                case SAM_DELTA_ACCOUNT_INFO:
-                        unistr2_to_ascii(name, 
-                                         &deltas[i].account_info.uni_acct_name,
-                                         sizeof(name));
-                        printf("Account: %s\n", name);
-                        break;
-                case SAM_DELTA_ALIAS_INFO:
-                        unistr2_to_ascii(name, 
-                                         &deltas[i].alias_info.uni_als_name,
-                                         sizeof(name));
-                        printf("Alias: %s\n", name);
-                        break;
-                case SAM_DELTA_ALIAS_MEM: {
-                        SAM_ALIAS_MEM_INFO *alias = &deltas[i].als_mem_info;
-
-                        for (j = 0; j < alias->num_members; j++) {
-                                fstring sid_str;
-
-                                sid_to_fstring(sid_str, &alias->sids[j].sid);
-
-                                printf("%s\n", sid_str);
-                        }
-                        break;
-                }
-                case SAM_DELTA_GROUP_MEM: {
-                        SAM_GROUP_MEM_INFO *group = &deltas[i].grp_mem_info;
-
-                        for (j = 0; j < group->num_members; j++)
-                                printf("rid 0x%x, attrib 0x%08x\n", 
-                                          group->rids[j], group->attribs[j]);
-                        break;
-                }
-                case SAM_DELTA_MODIFIED_COUNT: {
-                        SAM_DELTA_MOD_COUNT *mc = &deltas[i].mod_count;
-
-                        printf("sam sequence update: 0x%04x\n", mc->seqnum);
-                        break;
-                }                                  
-                default:
-                        printf("unknown delta type 0x%02x\n", 
-                                  hdr_deltas[i].type);
-                        break;
-                }
-        }
+	uint32_t i, j;
+
+	for (i=0; i < r->num_deltas; i++) {
+
+		union netr_DELTA_UNION u = r->delta_enum[i].delta_union;
+		union netr_DELTA_ID_UNION id = r->delta_enum[i].delta_id_union;
+
+		switch (r->delta_enum[i].delta_type) {
+		case NETR_DELTA_DOMAIN:
+			printf("Domain: %s\n",
+				u.domain->domain_name.string);
+			break;
+		case NETR_DELTA_GROUP:
+			printf("Group: %s\n",
+				u.group->group_name.string);
+			break;
+		case NETR_DELTA_DELETE_GROUP:
+			printf("Delete Group: %d\n",
+				u.delete_account.unknown);
+			break;
+		case NETR_DELTA_RENAME_GROUP:
+			printf("Rename Group: %s -> %s\n",
+				u.rename_group->OldName.string,
+				u.rename_group->NewName.string);
+			break;
+		case NETR_DELTA_USER:
+			printf("Account: %s\n",
+				u.user->account_name.string);
+			break;
+		case NETR_DELTA_DELETE_USER:
+			printf("Delete User: %d\n",
+				id.rid);
+			break;
+		case NETR_DELTA_RENAME_USER:
+			printf("Rename user: %s -> %s\n",
+				u.rename_user->OldName.string,
+				u.rename_user->NewName.string);
+			break;
+		case NETR_DELTA_GROUP_MEMBER:
+			for (j=0; j < u.group_member->num_rids; j++) {
+				printf("rid 0x%x, attrib 0x%08x\n",
+					u.group_member->rids[j],
+					u.group_member->attribs[j]);
+			}
+			break;
+		case NETR_DELTA_ALIAS:
+			printf("Alias: %s\n",
+				u.alias->alias_name.string);
+			break;
+		case NETR_DELTA_DELETE_ALIAS:
+			printf("Delete Alias: %d\n",
+				r->delta_enum[i].delta_id_union.rid);
+			break;
+		case NETR_DELTA_RENAME_ALIAS:
+			printf("Rename alias: %s -> %s\n",
+				u.rename_alias->OldName.string,
+				u.rename_alias->NewName.string);
+			break;
+		case NETR_DELTA_ALIAS_MEMBER:
+			for (j=0; j < u.alias_member->sids.num_sids; j++) {
+				fstring sid_str;
+				sid_to_fstring(sid_str,
+					u.alias_member->sids.sids[j].sid);
+				printf("%s\n", sid_str);
+			}
+			break;
+		case NETR_DELTA_POLICY:
+			printf("Policy\n");
+			break;
+		case NETR_DELTA_TRUSTED_DOMAIN:
+			printf("Trusted Domain: %s\n",
+				u.trusted_domain->domain_name.string);
+			break;
+		case NETR_DELTA_DELETE_TRUST:
+			printf("Delete Trust: %d\n",
+				u.delete_trust.unknown);
+			break;
+		case NETR_DELTA_ACCOUNT:
+			printf("Account\n");
+			break;
+		case NETR_DELTA_DELETE_ACCOUNT:
+			printf("Delete Account: %d\n",
+				u.delete_account.unknown);
+			break;
+		case NETR_DELTA_SECRET:
+			printf("Secret\n");
+			break;
+		case NETR_DELTA_DELETE_SECRET:
+			printf("Delete Secret: %d\n",
+				u.delete_secret.unknown);
+			break;
+		case NETR_DELTA_DELETE_GROUP2:
+			printf("Delete Group2: %s\n",
+				u.delete_group->account_name);
+			break;
+		case NETR_DELTA_DELETE_USER2:
+			printf("Delete User2: %s\n",
+				u.delete_user->account_name);
+			break;
+		case NETR_DELTA_MODIFY_COUNT:
+			printf("sam sequence update: 0x%016llx\n",
+				(unsigned long long) *u.modified_count);
+			break;
+		default:
+			printf("unknown delta type 0x%02x\n",
+				r->delta_enum[i].delta_type);
+			break;
+		}
+	}
 }
 
 /* Perform sam synchronisation */
 
-static NTSTATUS cmd_netlogon_sam_sync(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_netlogon_sam_sync(struct rpc_pipe_client *cli,
                                       TALLOC_CTX *mem_ctx, int argc,
                                       const char **argv)
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-        uint32 database_id = 0, num_deltas;
-        SAM_DELTA_HDR *hdr_deltas;
-        SAM_DELTA_CTR *deltas;
+	const char *logon_server = cli->cli->desthost;
+	const char *computername = global_myname();
+	struct netr_Authenticator credential;
+	struct netr_Authenticator return_authenticator;
+	enum netr_SamDatabaseID database_id = SAM_DATABASE_DOMAIN;
+	uint16_t restart_state = 0;
+	uint32_t sync_context = 0;
 
         if (argc > 2) {
                 fprintf(stderr, "Usage: %s [database_id]\n", argv[0]);
                 return NT_STATUS_OK;
         }
 
-        if (argc == 2)
-                database_id = atoi(argv[1]);
+	if (argc == 2) {
+		database_id = atoi(argv[1]);
+	}
 
-        /* Synchronise sam database */
+	/* Synchronise sam database */
+
+	do {
+		struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
+
+		netlogon_creds_client_step(cli->dc, &credential);
+
+		result = rpccli_netr_DatabaseSync2(cli, mem_ctx,
+						   logon_server,
+						   computername,
+						   &credential,
+						   &return_authenticator,
+						   database_id,
+						   restart_state,
+						   &sync_context,
+						   &delta_enum_array,
+						   0xffff);
+
+		/* Check returned credentials. */
+		if (!netlogon_creds_client_check(cli->dc,
+						 &return_authenticator.cred)) {
+			DEBUG(0,("credentials chain check failed\n"));
+			return NT_STATUS_ACCESS_DENIED;
+		}
 
-	result = rpccli_netlogon_sam_sync(cli, mem_ctx, database_id,
-				       0, &num_deltas, &hdr_deltas, &deltas);
+		if (NT_STATUS_IS_ERR(result)) {
+			break;
+		}
 
-	if (!NT_STATUS_IS_OK(result))
-		goto done;
+		/* Display results */
 
-        /* Display results */
+		display_sam_sync(delta_enum_array);
 
-        display_sam_sync(num_deltas, hdr_deltas, deltas);
+		TALLOC_FREE(delta_enum_array);
 
- done:
-        return result;
+	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
+
+	return result;
 }
 
 /* Perform sam delta synchronisation */
 
-static NTSTATUS cmd_netlogon_sam_deltas(struct rpc_pipe_client *cli, 
-                                        TALLOC_CTX *mem_ctx, int argc,
-                                        const char **argv)
+static NTSTATUS cmd_netlogon_sam_deltas(struct rpc_pipe_client *cli,
+					TALLOC_CTX *mem_ctx, int argc,
+					const char **argv)
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-        uint32 database_id, num_deltas, tmp;
-        SAM_DELTA_HDR *hdr_deltas;
-        SAM_DELTA_CTR *deltas;
-        uint64 seqnum;
+	uint32_t tmp;
+	const char *logon_server = cli->cli->desthost;
+	const char *computername = global_myname();
+	struct netr_Authenticator credential;
+	struct netr_Authenticator return_authenticator;
+	enum netr_SamDatabaseID database_id = SAM_DATABASE_DOMAIN;
+	uint64_t sequence_num;
+
+	if (argc != 3) {
+		fprintf(stderr, "Usage: %s database_id seqnum\n", argv[0]);
+		return NT_STATUS_OK;
+	}
 
-        if (argc != 3) {
-                fprintf(stderr, "Usage: %s database_id seqnum\n", argv[0]);
-                return NT_STATUS_OK;
-        }
+	database_id = atoi(argv[1]);
+	tmp = atoi(argv[2]);
 
-        database_id = atoi(argv[1]);
-        tmp = atoi(argv[2]);
+	sequence_num = tmp & 0xffff;
 
-        seqnum = tmp & 0xffff;
+	do {
+		struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
 
-	result = rpccli_netlogon_sam_deltas(cli, mem_ctx, database_id,
-					 seqnum, &num_deltas, 
-					 &hdr_deltas, &deltas);
+		netlogon_creds_client_step(cli->dc, &credential);
 
-	if (!NT_STATUS_IS_OK(result))
-		goto done;
+		result = rpccli_netr_DatabaseDeltas(cli, mem_ctx,
+						    logon_server,
+						    computername,
+						    &credential,
+						    &return_authenticator,
+						    database_id,
+						    &sequence_num,
+						    &delta_enum_array,
+						    0xffff);
 
-        /* Display results */
+		/* Check returned credentials. */
+		if (!netlogon_creds_client_check(cli->dc,
+						 &return_authenticator.cred)) {
+			DEBUG(0,("credentials chain check failed\n"));
+			return NT_STATUS_ACCESS_DENIED;
+		}
+
+		if (NT_STATUS_IS_ERR(result)) {
+			break;
+		}
+
+		/* Display results */
+
+		display_sam_sync(delta_enum_array);
+
+		TALLOC_FREE(delta_enum_array);
+
+	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
 
-        display_sam_sync(num_deltas, hdr_deltas, deltas);
-        
- done:
         return result;
 }
 
@@ -539,6 +753,254 @@ static NTSTATUS cmd_netlogon_change_trust_pw(struct rpc_pipe_client *cli,
         return result;
 }
 
+static WERROR cmd_netlogon_gettrustrid(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx, int argc,
+				       const char **argv)
+{
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	WERROR werr = WERR_GENERAL_FAILURE;
+	const char *server_name = cli->cli->desthost;
+	const char *domain_name = lp_workgroup();
+	uint32_t rid = 0;
+
+	if (argc < 1 || argc > 3) {
+		fprintf(stderr, "Usage: %s <server_name> <domain_name>\n",
+			argv[0]);
+		return WERR_OK;
+	}
+
+	if (argc >= 2) {
+		server_name = argv[1];
+	}
+
+	if (argc >= 3) {
+		domain_name = argv[2];
+	}
+
+	status = rpccli_netr_LogonGetTrustRid(cli, mem_ctx,
+					      server_name,
+					      domain_name,
+					      &rid,
+					      &werr);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	if (W_ERROR_IS_OK(werr)) {
+		printf("Rid: %d\n", rid);
+	}
+ done:
+	return werr;
+}
+
+static WERROR cmd_netlogon_dsr_enumtrustdom(struct rpc_pipe_client *cli,
+					    TALLOC_CTX *mem_ctx, int argc,
+					    const char **argv)
+{
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	WERROR werr = WERR_GENERAL_FAILURE;
+	const char *server_name = cli->cli->desthost;
+	uint32_t trust_flags = NETR_TRUST_FLAG_IN_FOREST;
+	struct netr_DomainTrustList trusts;
+
+	if (argc < 1 || argc > 3) {
+		fprintf(stderr, "Usage: %s <server_name> <trust_flags>\n",
+			argv[0]);
+		return WERR_OK;
+	}
+
+	if (argc >= 2) {
+		server_name = argv[1];
+	}
+
+	if (argc >= 3) {
+		sscanf(argv[2], "%x", &trust_flags);
+	}
+
+	status = rpccli_netr_DsrEnumerateDomainTrusts(cli, mem_ctx,
+						      server_name,
+						      trust_flags,
+						      &trusts,
+						      &werr);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	if (W_ERROR_IS_OK(werr)) {
+		int i;
+
+		printf("%d domains returned\n", trusts.count);
+
+		for (i=0; i<trusts.count; i++ ) {
+			printf("%s (%s)\n",
+				trusts.array[i].dns_name,
+				trusts.array[i].netbios_name);
+		}
+	}
+ done:
+	return werr;
+}
+
+static WERROR cmd_netlogon_deregisterdnsrecords(struct rpc_pipe_client *cli,
+						TALLOC_CTX *mem_ctx, int argc,
+						const char **argv)
+{
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	WERROR werr = WERR_GENERAL_FAILURE;
+	const char *server_name = cli->cli->desthost;
+	const char *domain = lp_workgroup();
+	const char *dns_host = NULL;
+
+	if (argc < 1 || argc > 4) {
+		fprintf(stderr, "Usage: %s <server_name> <domain_name> "
+			"<dns_host>\n", argv[0]);
+		return WERR_OK;
+	}
+
+	if (argc >= 2) {
+		server_name = argv[1];
+	}
+
+	if (argc >= 3) {
+		domain = argv[2];
+	}
+
+	if (argc >= 4) {
+		dns_host = argv[3];
+	}
+
+	status = rpccli_netr_DsrDeregisterDNSHostRecords(cli, mem_ctx,
+							 server_name,
+							 domain,
+							 NULL,
+							 NULL,
+							 dns_host,
+							 &werr);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	if (W_ERROR_IS_OK(werr)) {
+		printf("success\n");
+	}
+ done:
+	return werr;
+}
+
+static WERROR cmd_netlogon_dsr_getforesttrustinfo(struct rpc_pipe_client *cli,
+						  TALLOC_CTX *mem_ctx, int argc,
+						  const char **argv)
+{
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	WERROR werr = WERR_GENERAL_FAILURE;
+	const char *server_name = cli->cli->desthost;
+	const char *trusted_domain_name = NULL;
+	struct lsa_ForestTrustInformation *info = NULL;
+	uint32_t flags = 0;
+
+	if (argc < 1 || argc > 4) {
+		fprintf(stderr, "Usage: %s <server_name> <trusted_domain_name> "
+			"<flags>\n", argv[0]);
+		return WERR_OK;
+	}
+
+	if (argc >= 2) {
+		server_name = argv[1];
+	}
+
+	if (argc >= 3) {
+		trusted_domain_name = argv[2];
+	}
+
+	if (argc >= 4) {
+		sscanf(argv[3], "%x", &flags);
+	}
+
+	status = rpccli_netr_DsRGetForestTrustInformation(cli, mem_ctx,
+							 server_name,
+							 trusted_domain_name,
+							 flags,
+							 &info,
+							 &werr);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	if (W_ERROR_IS_OK(werr)) {
+		printf("success\n");
+	}
+ done:
+	return werr;
+}
+
+static WERROR cmd_netlogon_enumtrusteddomains(struct rpc_pipe_client *cli,
+					      TALLOC_CTX *mem_ctx, int argc,
+					      const char **argv)
+{
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	WERROR werr = WERR_GENERAL_FAILURE;
+	const char *server_name = cli->cli->desthost;
+	struct netr_Blob blob;
+
+
+	if (argc < 1 || argc > 3) {
+		fprintf(stderr, "Usage: %s <server_name>\n", argv[0]);
+		return WERR_OK;
+	}
+
+	if (argc >= 2) {
+		server_name = argv[1];
+	}
+
+	status = rpccli_netr_NetrEnumerateTrustedDomains(cli, mem_ctx,
+							 server_name,
+							 &blob,
+							 &werr);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	if (W_ERROR_IS_OK(werr)) {
+		printf("success\n");
+		dump_data(1, blob.data, blob.length);
+	}
+ done:
+	return werr;
+}
+
+static WERROR cmd_netlogon_enumtrusteddomainsex(struct rpc_pipe_client *cli,
+						TALLOC_CTX *mem_ctx, int argc,
+						const char **argv)
+{
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	WERROR werr = WERR_GENERAL_FAILURE;
+	const char *server_name = cli->cli->desthost;
+	struct netr_DomainTrustList list;
+
+	if (argc < 1 || argc > 3) {
+		fprintf(stderr, "Usage: %s <server_name>\n", argv[0]);
+		return WERR_OK;
+	}
+
+	if (argc >= 2) {
+		server_name = argv[1];
+	}
+
+	status = rpccli_netr_NetrEnumerateTrustedDomainsEx(cli, mem_ctx,
+							   server_name,
+							   &list,
+							   &werr);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
+	if (W_ERROR_IS_OK(werr)) {
+		printf("success\n");
+	}
+ done:
+	return werr;
+}
+
 
 /* List of commands exported by this module */
 
@@ -546,18 +1008,25 @@ struct cmd_set netlogon_commands[] = {
 
 	{ "NETLOGON" },
 
-	{ "logonctrl2", RPC_RTYPE_NTSTATUS, cmd_netlogon_logon_ctrl2, NULL, PI_NETLOGON, NULL, "Logon Control 2",     "" },
+	{ "logonctrl2", RPC_RTYPE_WERROR, NULL, cmd_netlogon_logon_ctrl2, PI_NETLOGON, NULL, "Logon Control 2",     "" },
 	{ "getanydcname", RPC_RTYPE_WERROR, NULL, cmd_netlogon_getanydcname, PI_NETLOGON, NULL, "Get trusted DC name",     "" },
 	{ "getdcname", RPC_RTYPE_WERROR, NULL, cmd_netlogon_getdcname, PI_NETLOGON, NULL, "Get trusted PDC name",     "" },
 	{ "dsr_getdcname", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getdcname, PI_NETLOGON, NULL, "Get trusted DC name",     "" },
 	{ "dsr_getdcnameex", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getdcnameex, PI_NETLOGON, NULL, "Get trusted DC name",     "" },
 	{ "dsr_getdcnameex2", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getdcnameex2, PI_NETLOGON, NULL, "Get trusted DC name",     "" },
 	{ "dsr_getsitename", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getsitename, PI_NETLOGON, NULL, "Get sitename",     "" },
-	{ "logonctrl",  RPC_RTYPE_NTSTATUS, cmd_netlogon_logon_ctrl,  NULL, PI_NETLOGON, NULL, "Logon Control",       "" },
+	{ "dsr_getforesttrustinfo", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_getforesttrustinfo, PI_NETLOGON, NULL, "Get Forest Trust Info",     "" },
+	{ "logonctrl",  RPC_RTYPE_WERROR, NULL, cmd_netlogon_logon_ctrl, PI_NETLOGON, NULL, "Logon Control",       "" },
 	{ "samsync",    RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_sync,    NULL, PI_NETLOGON, NULL, "Sam Synchronisation", "" },
 	{ "samdeltas",  RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_deltas,  NULL, PI_NETLOGON, NULL, "Query Sam Deltas",    "" },
 	{ "samlogon",   RPC_RTYPE_NTSTATUS, cmd_netlogon_sam_logon,   NULL, PI_NETLOGON, NULL, "Sam Logon",           "" },
 	{ "change_trust_pw",   RPC_RTYPE_NTSTATUS, cmd_netlogon_change_trust_pw,   NULL, PI_NETLOGON, NULL, "Change Trust Account Password",           "" },
+	{ "gettrustrid", RPC_RTYPE_WERROR, NULL, cmd_netlogon_gettrustrid, PI_NETLOGON, NULL, "Get trust rid",     "" },
+	{ "dsr_enumtrustdom", RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_enumtrustdom, PI_NETLOGON, NULL, "Enumerate trusted domains",     "" },
+	{ "dsenumdomtrusts",  RPC_RTYPE_WERROR, NULL, cmd_netlogon_dsr_enumtrustdom, PI_NETLOGON, NULL, "Enumerate all trusted domains in an AD forest",     "" },
+	{ "deregisterdnsrecords", RPC_RTYPE_WERROR, NULL, cmd_netlogon_deregisterdnsrecords, PI_NETLOGON, NULL, "Deregister DNS records",     "" },
+	{ "netrenumtrusteddomains", RPC_RTYPE_WERROR, NULL, cmd_netlogon_enumtrusteddomains, PI_NETLOGON, NULL, "Enumerate trusted domains",     "" },
+	{ "netrenumtrusteddomainsex", RPC_RTYPE_WERROR, NULL, cmd_netlogon_enumtrusteddomainsex, PI_NETLOGON, NULL, "Enumerate trusted domains",     "" },
 
 	{ NULL }
 };
diff --git a/source3/rpcclient/cmd_ntsvcs.c b/source3/rpcclient/cmd_ntsvcs.c
new file mode 100644
index 0000000000..b7b37e2fa6
--- /dev/null
+++ b/source3/rpcclient/cmd_ntsvcs.c
@@ -0,0 +1,189 @@
+/*
+   Unix SMB/CIFS implementation.
+   RPC pipe client
+
+   Copyright (C) Günther Deschner 2008
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "rpcclient.h"
+
+static WERROR cmd_ntsvcs_get_version(struct rpc_pipe_client *cli,
+				     TALLOC_CTX *mem_ctx,
+				     int argc,
+				     const char **argv)
+{
+	NTSTATUS status;
+	WERROR werr;
+	uint16_t version;
+
+	status = rpccli_PNP_GetVersion(cli, mem_ctx,
+				       &version, &werr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return ntstatus_to_werror(status);
+	}
+
+	if (W_ERROR_IS_OK(werr)) {
+		printf("version: %d\n", version);
+	}
+
+	return werr;
+}
+
+static WERROR cmd_ntsvcs_validate_dev_inst(struct rpc_pipe_client *cli,
+					   TALLOC_CTX *mem_ctx,
+					   int argc,
+					   const char **argv)
+{
+	NTSTATUS status;
+	WERROR werr;
+	const char *devicepath = NULL;
+	uint32_t flags = 0;
+
+	if (argc < 2 || argc > 3) {
+		printf("usage: %s [devicepath] <flags>\n", argv[0]);
+		return WERR_OK;
+	}
+
+	devicepath = argv[1];
+
+	if (argc >= 3) {
+		flags = atoi(argv[2]);
+	}
+
+	status = rpccli_PNP_ValidateDeviceInstance(cli, mem_ctx,
+						   devicepath,
+						   flags,
+						   &werr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return ntstatus_to_werror(status);
+	}
+
+	return werr;
+}
+
+static WERROR cmd_ntsvcs_get_device_list_size(struct rpc_pipe_client *cli,
+					      TALLOC_CTX *mem_ctx,
+					      int argc,
+					      const char **argv)
+{
+	NTSTATUS status;
+	WERROR werr;
+	const char *devicename = NULL;
+	uint32_t flags = 0;
+	uint32_t size = 0;
+
+	if (argc < 2 || argc > 4) {
+		printf("usage: %s [devicename] <flags>\n", argv[0]);
+		return WERR_OK;
+	}
+
+	devicename = argv[1];
+
+	if (argc >= 3) {
+		flags = atoi(argv[2]);
+	}
+
+	status = rpccli_PNP_GetDeviceListSize(cli, mem_ctx,
+					      devicename,
+					      &size,
+					      flags,
+					      &werr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return ntstatus_to_werror(status);
+	}
+
+	if (W_ERROR_IS_OK(werr)) {
+		printf("size: %d\n", size);
+	}
+
+	return werr;
+}
+
+static WERROR cmd_ntsvcs_hw_prof_flags(struct rpc_pipe_client *cli,
+				       TALLOC_CTX *mem_ctx,
+				       int argc,
+				       const char **argv)
+{
+	NTSTATUS status;
+	WERROR werr;
+	const char *devicepath = NULL;
+	uint32_t unk3 = 0;
+	uint16_t unk4 = 0;
+	const char *unk5 = NULL;
+	const char *unk5a = NULL;
+
+	if (argc < 2) {
+		printf("usage: %s [devicepath]\n", argv[0]);
+		return WERR_OK;
+	}
+
+	devicepath = argv[1];
+
+	status = rpccli_PNP_HwProfFlags(cli, mem_ctx,
+					0,
+					devicepath,
+					0,
+					&unk3,
+					&unk4,
+					unk5,
+					&unk5a,
+					0,
+					0,
+					&werr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return ntstatus_to_werror(status);
+	}
+
+	return werr;
+}
+
+static WERROR cmd_ntsvcs_get_hw_prof_info(struct rpc_pipe_client *cli,
+					  TALLOC_CTX *mem_ctx,
+					  int argc,
+					  const char **argv)
+{
+	NTSTATUS status;
+	WERROR werr;
+	uint32_t idx = 0;
+	struct PNP_HwProfInfo info;
+	uint32_t unknown1 = 0, unknown2 = 0;
+
+	ZERO_STRUCT(info);
+
+	status = rpccli_PNP_GetHwProfInfo(cli, mem_ctx,
+					  idx,
+					  &info,
+					  unknown1,
+					  unknown2,
+					  &werr);
+	if (!NT_STATUS_IS_OK(status)) {
+		return ntstatus_to_werror(status);
+	}
+
+	return werr;
+}
+
+struct cmd_set ntsvcs_commands[] = {
+
+	{ "NTSVCS" },
+	{ "ntsvcs_getversion", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_version, PI_NTSVCS, NULL, "Query NTSVCS version", "" },
+	{ "ntsvcs_validatedevinst", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_validate_dev_inst, PI_NTSVCS, NULL, "Query NTSVCS device instance", "" },
+	{ "ntsvcs_getdevlistsize", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_device_list_size, PI_NTSVCS, NULL, "Query NTSVCS get device list", "" },
+	{ "ntsvcs_hwprofflags", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_hw_prof_flags, PI_NTSVCS, NULL, "Query NTSVCS HW prof flags", "" },
+	{ "ntsvcs_hwprofinfo", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_hw_prof_info, PI_NTSVCS, NULL, "Query NTSVCS HW prof info", "" },
+	{ NULL }
+};
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 15e180df01..2d20afeb13 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -1,4 +1,4 @@
-/* 
+/*
    Unix SMB/CIFS implementation.
    RPC pipe client
 
@@ -6,17 +6,18 @@
    Copyright (C) Luke Kenneth Casson Leighton 1996-2000,
    Copyright (C) Elrond                            2000,
    Copyright (C) Tim Potter                        2000
+   Copyright (C) Guenther Deschner		   2008
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -27,381 +28,327 @@
 extern DOM_SID domain_sid;
 
 /****************************************************************************
- display sam_user_info_7 structure
+ display samr_user_info_7 structure
  ****************************************************************************/
-static void display_sam_user_info_7(SAM_USER_INFO_7 *usr)
+static void display_samr_user_info_7(struct samr_UserInfo7 *r)
 {
-	fstring temp;
-
-	unistr2_to_ascii(temp, &usr->uni_name, sizeof(temp));
-	printf("\tUser Name   :\t%s\n", temp);
+	printf("\tUser Name   :\t%s\n", r->account_name.string);
 }
 
 /****************************************************************************
- display sam_user_info_9 structure
+ display samr_user_info_9 structure
  ****************************************************************************/
-static void display_sam_user_info_9(SAM_USER_INFO_9 *usr)
+static void display_samr_user_info_9(struct samr_UserInfo9 *r)
 {
-	printf("\tPrimary group RID   :\tox%x\n", usr->rid_group);
+	printf("\tPrimary group RID   :\tox%x\n", r->primary_gid);
 }
 
 /****************************************************************************
- display sam_user_info_16 structure
+ display samr_user_info_16 structure
  ****************************************************************************/
-static void display_sam_user_info_16(SAM_USER_INFO_16 *usr)
+static void display_samr_user_info_16(struct samr_UserInfo16 *r)
 {
-	printf("\tAcct Flags   :\tox%x\n", usr->acb_info);
+	printf("\tAcct Flags   :\tox%x\n", r->acct_flags);
 }
 
 /****************************************************************************
- display sam_user_info_21 structure
+ display samr_user_info_21 structure
  ****************************************************************************/
-static void display_sam_user_info_21(SAM_USER_INFO_21 *usr)
+static void display_samr_user_info_21(struct samr_UserInfo21 *r)
 {
-	fstring temp;
-
-	unistr2_to_ascii(temp, &usr->uni_user_name, sizeof(temp));
-	printf("\tUser Name   :\t%s\n", temp);
-	
-	unistr2_to_ascii(temp, &usr->uni_full_name, sizeof(temp));
-	printf("\tFull Name   :\t%s\n", temp);
-	
-	unistr2_to_ascii(temp, &usr->uni_home_dir, sizeof(temp));
-	printf("\tHome Drive  :\t%s\n", temp);
-	
-	unistr2_to_ascii(temp, &usr->uni_dir_drive, sizeof(temp));
-	printf("\tDir Drive   :\t%s\n", temp);
-	
-	unistr2_to_ascii(temp, &usr->uni_profile_path, sizeof(temp));
-	printf("\tProfile Path:\t%s\n", temp);
-	
-	unistr2_to_ascii(temp, &usr->uni_logon_script, sizeof(temp));
-	printf("\tLogon Script:\t%s\n", temp);
-	
-	unistr2_to_ascii(temp, &usr->uni_acct_desc, sizeof(temp));
-	printf("\tDescription :\t%s\n", temp);
-	
-	unistr2_to_ascii(temp, &usr->uni_workstations, sizeof(temp));
-	printf("\tWorkstations:\t%s\n", temp);
-	
-	unistr2_to_ascii(temp, &usr->uni_comment, sizeof(temp));
-	printf("\tUnknown Str :\t%s\n", temp);
-	
-	unistr2_to_ascii(temp, &usr->uni_munged_dial, sizeof(temp));
-	printf("\tRemote Dial :\t%s\n", temp);
-	
-	printf("\tLogon Time               :\t%s\n", 
-	       http_timestring(nt_time_to_unix(usr->logon_time)));
-	printf("\tLogoff Time              :\t%s\n", 
-	       http_timestring(nt_time_to_unix(usr->logoff_time)));
-	printf("\tKickoff Time             :\t%s\n", 
-	       http_timestring(nt_time_to_unix(usr->kickoff_time)));
-	printf("\tPassword last set Time   :\t%s\n", 
-	       http_timestring(nt_time_to_unix(usr->pass_last_set_time)));
-	printf("\tPassword can change Time :\t%s\n", 
-	       http_timestring(nt_time_to_unix(usr->pass_can_change_time)));
-	printf("\tPassword must change Time:\t%s\n", 
-	       http_timestring(nt_time_to_unix(usr->pass_must_change_time)));
-	
+	printf("\tUser Name   :\t%s\n", r->account_name.string);
+	printf("\tFull Name   :\t%s\n", r->full_name.string);
+	printf("\tHome Drive  :\t%s\n", r->home_directory.string);
+	printf("\tDir Drive   :\t%s\n", r->home_drive.string);
+	printf("\tProfile Path:\t%s\n", r->profile_path.string);
+	printf("\tLogon Script:\t%s\n", r->logon_script.string);
+	printf("\tDescription :\t%s\n", r->description.string);
+	printf("\tWorkstations:\t%s\n", r->workstations.string);
+	printf("\tComment     :\t%s\n", r->comment.string);
+	printf("\tRemote Dial :\t%s\n", r->parameters.string);
+
+	printf("\tLogon Time               :\t%s\n",
+	       http_timestring(nt_time_to_unix(r->last_logon)));
+	printf("\tLogoff Time              :\t%s\n",
+	       http_timestring(nt_time_to_unix(r->last_logoff)));
+	printf("\tKickoff Time             :\t%s\n",
+	       http_timestring(nt_time_to_unix(r->acct_expiry)));
+	printf("\tPassword last set Time   :\t%s\n",
+	       http_timestring(nt_time_to_unix(r->last_password_change)));
+	printf("\tPassword can change Time :\t%s\n",
+	       http_timestring(nt_time_to_unix(r->allow_password_change)));
+	printf("\tPassword must change Time:\t%s\n",
+	       http_timestring(nt_time_to_unix(r->force_password_change)));
+
 	printf("\tunknown_2[0..31]...\n"); /* user passwords? */
-	
-	printf("\tuser_rid :\t0x%x\n"  , usr->user_rid ); /* User ID */
-	printf("\tgroup_rid:\t0x%x\n"  , usr->group_rid); /* Group ID */
-	printf("\tacb_info :\t0x%08x\n", usr->acb_info ); /* Account Control Info */
-	
-	printf("\tfields_present:\t0x%08x\n", usr->fields_present); /* 0x00ff ffff */
-	printf("\tlogon_divs:\t%d\n", usr->logon_divs); /* 0x0000 00a8 which is 168 which is num hrs in a week */
-	printf("\tbad_password_count:\t0x%08x\n", usr->bad_password_count);
-	printf("\tlogon_count:\t0x%08x\n", usr->logon_count);
-	
+
+	printf("\tuser_rid :\t0x%x\n"  , r->rid); /* User ID */
+	printf("\tgroup_rid:\t0x%x\n"  , r->primary_gid); /* Group ID */
+	printf("\tacb_info :\t0x%08x\n", r->acct_flags); /* Account Control Info */
+
+	printf("\tfields_present:\t0x%08x\n", r->fields_present); /* 0x00ff ffff */
+	printf("\tlogon_divs:\t%d\n", r->logon_hours.units_per_week); /* 0x0000 00a8 which is 168 which is num hrs in a week */
+	printf("\tbad_password_count:\t0x%08x\n", r->bad_password_count);
+	printf("\tlogon_count:\t0x%08x\n", r->logon_count);
+
 	printf("\tpadding1[0..7]...\n");
-	
-	if (usr->ptr_logon_hrs) {
-		printf("\tlogon_hrs[0..%d]...\n", usr->logon_hrs.len);
+
+	if (r->logon_hours.bits) {
+		printf("\tlogon_hrs[0..%d]...\n", r->logon_hours.units_per_week/8);
 	}
 }
 
 
-static void display_password_properties(uint32 password_properties) 
+static void display_password_properties(uint32_t password_properties)
 {
 	printf("password_properties: 0x%08x\n", password_properties);
-		
+
 	if (password_properties & DOMAIN_PASSWORD_COMPLEX)
 		printf("\tDOMAIN_PASSWORD_COMPLEX\n");
-			
+
 	if (password_properties & DOMAIN_PASSWORD_NO_ANON_CHANGE)
 		printf("\tDOMAIN_PASSWORD_NO_ANON_CHANGE\n");
-			
+
 	if (password_properties & DOMAIN_PASSWORD_NO_CLEAR_CHANGE)
 		printf("\tDOMAIN_PASSWORD_NO_CLEAR_CHANGE\n");
-			
-	if (password_properties & DOMAIN_LOCKOUT_ADMINS)
-		printf("\tDOMAIN_LOCKOUT_ADMINS\n");
-			
+
+	if (password_properties & DOMAIN_PASSWORD_LOCKOUT_ADMINS)
+		printf("\tDOMAIN_PASSWORD_LOCKOUT_ADMINS\n");
+
 	if (password_properties & DOMAIN_PASSWORD_STORE_CLEARTEXT)
 		printf("\tDOMAIN_PASSWORD_STORE_CLEARTEXT\n");
-			
+
 	if (password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE)
 		printf("\tDOMAIN_REFUSE_PASSWORD_CHANGE\n");
 }
 
-static void display_sam_unk_info_1(SAM_UNK_INFO_1 *info1)
+static void display_sam_dom_info_1(struct samr_DomInfo1 *info1)
 {
-	
-	printf("Minimum password length:\t\t\t%d\n", info1->min_length_password);
-	printf("Password uniqueness (remember x passwords):\t%d\n", info1->password_history);
+	printf("Minimum password length:\t\t\t%d\n",
+		info1->min_password_length);
+	printf("Password uniqueness (remember x passwords):\t%d\n",
+		info1->password_history_length);
 	display_password_properties(info1->password_properties);
-	printf("password expire in:\t\t\t\t%s\n", display_time(info1->expire));
-	printf("Min password age (allow changing in x days):\t%s\n", display_time(info1->min_passwordage));
+	printf("password expire in:\t\t\t\t%s\n",
+		display_time(info1->max_password_age));
+	printf("Min password age (allow changing in x days):\t%s\n",
+		display_time(info1->min_password_age));
 }
 
-static void display_sam_unk_info_2(SAM_UNK_INFO_2 *info2)
+static void display_sam_dom_info_2(struct samr_DomInfo2 *info2)
 {
-	fstring name;
-
-	unistr2_to_ascii(name, &info2->uni_domain, sizeof(name));
-	printf("Domain:\t\t%s\n", name);
-
-	unistr2_to_ascii(name, &info2->uni_server, sizeof(name));
-	printf("Server:\t\t%s\n", name);
+	printf("Domain:\t\t%s\n", info2->domain_name.string);
+	printf("Server:\t\t%s\n", info2->primary.string);
+	printf("Comment:\t%s\n", info2->comment.string);
 
-	unistr2_to_ascii(name, &info2->uni_comment, sizeof(name));
-	printf("Comment:\t%s\n", name);
+	printf("Total Users:\t%d\n", info2->num_users);
+	printf("Total Groups:\t%d\n", info2->num_groups);
+	printf("Total Aliases:\t%d\n", info2->num_aliases);
 
-	printf("Total Users:\t%d\n", info2->num_domain_usrs);
-	printf("Total Groups:\t%d\n", info2->num_domain_grps);
-	printf("Total Aliases:\t%d\n", info2->num_local_grps);
-	
-	printf("Sequence No:\t%llu\n", (unsigned long long)info2->seq_num);
+	printf("Sequence No:\t%llu\n", (unsigned long long)info2->sequence_num);
 
-	printf("Force Logoff:\t%d\n", (int)nt_time_to_unix_abs(&info2->logout));
+	printf("Force Logoff:\t%d\n",
+		(int)nt_time_to_unix_abs(&info2->force_logoff_time));
 
-	printf("Unknown 4:\t0x%x\n", info2->unknown_4);
-	printf("Server Role:\t%s\n", server_role_str(info2->server_role));
-	printf("Unknown 6:\t0x%x\n", info2->unknown_6);
+	printf("Unknown 2:\t0x%x\n", info2->unknown2);
+	printf("Server Role:\t%s\n", server_role_str(info2->role));
+	printf("Unknown 3:\t0x%x\n", info2->unknown3);
 }
 
-static void display_sam_unk_info_3(SAM_UNK_INFO_3 *info3)
+static void display_sam_dom_info_3(struct samr_DomInfo3 *info3)
 {
-	printf("Force Logoff:\t%d\n", (int)nt_time_to_unix_abs(&info3->logout));
+	printf("Force Logoff:\t%d\n",
+		(int)nt_time_to_unix_abs(&info3->force_logoff_time));
 }
 
-static void display_sam_unk_info_4(SAM_UNK_INFO_4 *info4)
+static void display_sam_dom_info_4(struct samr_DomInfo4 *info4)
 {
-	fstring name;
-
-	unistr2_to_ascii(name, &info4->uni_comment, sizeof(name));
-	printf("Comment:\t%s\n", name);
+	printf("Comment:\t%s\n", info4->comment.string);
 }
 
-static void display_sam_unk_info_5(SAM_UNK_INFO_5 *info5)
+static void display_sam_dom_info_5(struct samr_DomInfo5 *info5)
 {
-	fstring name;
-
-	unistr2_to_ascii(name, &info5->uni_domain, sizeof(name));
-	printf("Domain:\t\t%s\n", name);
+	printf("Domain:\t\t%s\n", info5->domain_name.string);
 }
 
-static void display_sam_unk_info_6(SAM_UNK_INFO_6 *info6)
+static void display_sam_dom_info_6(struct samr_DomInfo6 *info6)
 {
-	fstring name;
-
-	unistr2_to_ascii(name, &info6->uni_server, sizeof(name));
-	printf("Server:\t\t%s\n", name);
+	printf("Server:\t\t%s\n", info6->primary.string);
 }
 
-static void display_sam_unk_info_7(SAM_UNK_INFO_7 *info7)
+static void display_sam_dom_info_7(struct samr_DomInfo7 *info7)
 {
-	printf("Server Role:\t%s\n", server_role_str(info7->server_role));
+	printf("Server Role:\t%s\n", server_role_str(info7->role));
 }
 
-static void display_sam_unk_info_8(SAM_UNK_INFO_8 *info8)
+static void display_sam_dom_info_8(struct samr_DomInfo8 *info8)
 {
-	printf("Sequence No:\t%llu\n", (unsigned long long)info8->seq_num);
-	printf("Domain Create Time:\t%s\n", 
+	printf("Sequence No:\t%llu\n", (unsigned long long)info8->sequence_num);
+	printf("Domain Create Time:\t%s\n",
 		http_timestring(nt_time_to_unix(info8->domain_create_time)));
 }
 
-static void display_sam_unk_info_9(SAM_UNK_INFO_9 *info9)
+static void display_sam_dom_info_9(struct samr_DomInfo9 *info9)
 {
 	printf("unknown:\t%d (0x%08x)\n", info9->unknown, info9->unknown);
 }
 
-static void display_sam_unk_info_12(SAM_UNK_INFO_12 *info12)
+static void display_sam_dom_info_12(struct samr_DomInfo12 *info12)
 {
-	printf("Bad password lockout duration:               %s\n", display_time(info12->duration));
-	printf("Reset Lockout after:                         %s\n", display_time(info12->reset_count));
-	printf("Lockout after bad attempts:                  %d\n", info12->bad_attempt_lockout);
+	printf("Bad password lockout duration:               %s\n",
+		display_time(info12->lockout_duration));
+	printf("Reset Lockout after:                         %s\n",
+		display_time(info12->lockout_window));
+	printf("Lockout after bad attempts:                  %d\n",
+		info12->lockout_threshold);
 }
 
-static void display_sam_unk_info_13(SAM_UNK_INFO_13 *info13)
+static void display_sam_dom_info_13(struct samr_DomInfo13 *info13)
 {
-	printf("Sequence No:\t%llu\n", (unsigned long long)info13->seq_num);
-	printf("Domain Create Time:\t%s\n", 
+	printf("Sequence No:\t%llu\n", (unsigned long long)info13->sequence_num);
+	printf("Domain Create Time:\t%s\n",
 		http_timestring(nt_time_to_unix(info13->domain_create_time)));
 	printf("Unknown1:\t%d\n", info13->unknown1);
 	printf("Unknown2:\t%d\n", info13->unknown2);
 
 }
 
-static void display_sam_info_1(SAM_ENTRY1 *e1, SAM_STR1 *s1)
+static void display_sam_info_1(struct samr_DispEntryGeneral *r)
 {
-	fstring tmp;
-
-	printf("index: 0x%x ", e1->user_idx);
-	printf("RID: 0x%x ", e1->rid_user);
-	printf("acb: 0x%x ", e1->acb_info);
-
-	unistr2_to_ascii(tmp, &s1->uni_acct_name, sizeof(tmp));
-	printf("Account: %s\t", tmp);
-
-	unistr2_to_ascii(tmp, &s1->uni_full_name, sizeof(tmp));
-	printf("Name: %s\t", tmp);
-
-	unistr2_to_ascii(tmp, &s1->uni_acct_desc, sizeof(tmp));
-	printf("Desc: %s\n", tmp);
+	printf("index: 0x%x ", r->idx);
+	printf("RID: 0x%x ", r->rid);
+	printf("acb: 0x%08x ", r->acct_flags);
+	printf("Account: %s\t", r->account_name.string);
+	printf("Name: %s\t", r->full_name.string);
+	printf("Desc: %s\n", r->description.string);
 }
 
-static void display_sam_info_2(SAM_ENTRY2 *e2, SAM_STR2 *s2)
+static void display_sam_info_2(struct samr_DispEntryFull *r)
 {
-	fstring tmp;
-
-	printf("index: 0x%x ", e2->user_idx);
-	printf("RID: 0x%x ", e2->rid_user);
-	printf("acb: 0x%x ", e2->acb_info);
-	
-	unistr2_to_ascii(tmp, &s2->uni_srv_name, sizeof(tmp));
-	printf("Account: %s\t", tmp);
-
-	unistr2_to_ascii(tmp, &s2->uni_srv_desc, sizeof(tmp));
-	printf("Name: %s\n", tmp);
-
+	printf("index: 0x%x ", r->idx);
+	printf("RID: 0x%x ", r->rid);
+	printf("acb: 0x%08x ", r->acct_flags);
+	printf("Account: %s\t", r->account_name.string);
+	printf("Desc: %s\n", r->description.string);
 }
 
-static void display_sam_info_3(SAM_ENTRY3 *e3, SAM_STR3 *s3)
+static void display_sam_info_3(struct samr_DispEntryFullGroup *r)
 {
-	fstring tmp;
-
-	printf("index: 0x%x ", e3->grp_idx);
-	printf("RID: 0x%x ", e3->rid_grp);
-	printf("attr: 0x%x ", e3->attr);
-	
-	unistr2_to_ascii(tmp, &s3->uni_grp_name, sizeof(tmp));
-	printf("Account: %s\t", tmp);
-
-	unistr2_to_ascii(tmp, &s3->uni_grp_desc, sizeof(tmp));
-	printf("Name: %s\n", tmp);
-
+	printf("index: 0x%x ", r->idx);
+	printf("RID: 0x%x ", r->rid);
+	printf("acb: 0x%08x ", r->acct_flags);
+	printf("Account: %s\t", r->account_name.string);
+	printf("Desc: %s\n", r->description.string);
 }
 
-static void display_sam_info_4(SAM_ENTRY4 *e4, SAM_STR4 *s4)
+static void display_sam_info_4(struct samr_DispEntryAscii *r)
 {
-	int i;
-
-	printf("index: %d ", e4->user_idx);
-	
-	printf("Account: ");
-	for (i=0; i<s4->acct_name.str_str_len; i++)
-		printf("%c", s4->acct_name.buffer[i]);
-	printf("\n");
-
+	printf("index: 0x%x ", r->idx);
+	printf("Account: %s\n", r->account_name.string);
 }
 
-static void display_sam_info_5(SAM_ENTRY5 *e5, SAM_STR5 *s5)
+static void display_sam_info_5(struct samr_DispEntryAscii *r)
 {
-	int i;
-
-	printf("index: 0x%x ", e5->grp_idx);
-	
-	printf("Account: ");
-	for (i=0; i<s5->grp_name.str_str_len; i++)
-		printf("%c", s5->grp_name.buffer[i]);
-	printf("\n");
-
+	printf("index: 0x%x ", r->idx);
+	printf("Account: %s\n", r->account_name.string);
 }
 
 /****************************************************************************
- Try samr_connect4 first, then samr_conenct if it fails
+ Try samr_connect4 first, then samr_connect2 if it fails
  ****************************************************************************/
-static NTSTATUS try_samr_connects(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, 
+static NTSTATUS try_samr_connects(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
 				  uint32 access_mask, POLICY_HND *connect_pol)
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	
-	result = rpccli_samr_connect4(cli, mem_ctx, access_mask, connect_pol);
+
+	result = rpccli_samr_Connect4(cli, mem_ctx,
+				      cli->cli->desthost,
+				      SAMR_CONNECT_W2K,
+				      access_mask,
+				      connect_pol);
 	if (!NT_STATUS_IS_OK(result)) {
-		result = rpccli_samr_connect(cli, mem_ctx, access_mask,
-					  connect_pol);
+		result = rpccli_samr_Connect2(cli, mem_ctx,
+					      cli->cli->desthost,
+					      access_mask,
+					      connect_pol);
 	}
 	return result;
 }
 
 /**********************************************************************
- * Query user information 
+ * Query user information
  */
-static NTSTATUS cmd_samr_query_user(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_query_user(struct rpc_pipe_client *cli,
                                     TALLOC_CTX *mem_ctx,
-                                    int argc, const char **argv) 
+                                    int argc, const char **argv)
 {
 	POLICY_HND connect_pol, domain_pol, user_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	uint32 info_level = 21;
 	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
-	SAM_USERINFO_CTR *user_ctr;
+	union samr_UserInfo *info = NULL;
 	fstring server;
 	uint32 user_rid = 0;
-	
+
 	if ((argc < 2) || (argc > 4)) {
 		printf("Usage: %s rid [info level] [access mask] \n", argv[0]);
 		return NT_STATUS_OK;
 	}
-	
+
 	sscanf(argv[1], "%i", &user_rid);
-	
+
 	if (argc > 2)
 		sscanf(argv[2], "%i", &info_level);
-		
+
 	if (argc > 3)
 		sscanf(argv[3], "%x", &access_mask);
-	
+
 
 	slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
 	strupper_m(server);
-	
+
 	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 				   &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      &domain_sid, &domain_pol);
-
+	result = rpccli_samr_OpenDomain(cli, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					&domain_sid,
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
-				    access_mask,
-				    user_rid, &user_pol);
+	result = rpccli_samr_OpenUser(cli, mem_ctx,
+				      &domain_pol,
+				      access_mask,
+				      user_rid,
+				      &user_pol);
 
 	if (NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_USER) &&
 	    (user_rid == 0)) {
 
 		/* Probably this was a user name, try lookupnames */
-		uint32 num_rids;
-		uint32 *rids, *types;
-		
-		result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
-						  1000, 1, &argv[1],
-						  &num_rids, &rids,
-						  &types);
+		struct samr_Ids rids, types;
+		struct lsa_String lsa_acct_name;
+
+		init_lsa_String(&lsa_acct_name, argv[1]);
+
+		result = rpccli_samr_LookupNames(cli, mem_ctx,
+						 &domain_pol,
+						 1,
+						 &lsa_acct_name,
+						 &rids,
+						 &types);
 
 		if (NT_STATUS_IS_OK(result)) {
-			result = rpccli_samr_open_user(cli, mem_ctx,
-						       &domain_pol,
-						       access_mask,
-						       rids[0], &user_pol);
+			result = rpccli_samr_OpenUser(cli, mem_ctx,
+						      &domain_pol,
+						      access_mask,
+						      rids.ids[0],
+						      &user_pol);
 		}
 	}
 
@@ -409,35 +356,35 @@ static NTSTATUS cmd_samr_query_user(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	ZERO_STRUCT(user_ctr);
-
-	result = rpccli_samr_query_userinfo(cli, mem_ctx, &user_pol, 
-					 info_level, &user_ctr);
+	result = rpccli_samr_QueryUserInfo(cli, mem_ctx,
+					   &user_pol,
+					   info_level,
+					   &info);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	switch (user_ctr->switch_value) {
+	switch (info_level) {
 	case 7:
-		display_sam_user_info_7(user_ctr->info.id7);
+		display_samr_user_info_7(&info->info7);
 		break;
 	case 9:
-		display_sam_user_info_9(user_ctr->info.id9);
+		display_samr_user_info_9(&info->info9);
 		break;
 	case 16:
-		display_sam_user_info_16(user_ctr->info.id16);
+		display_samr_user_info_16(&info->info16);
 		break;
 	case 21:
-		display_sam_user_info_21(user_ctr->info.id21);
+		display_samr_user_info_21(&info->info21);
 		break;
 	default:
 		printf("Unsupported infolevel: %d\n", info_level);
 		break;
 	}
 
-	rpccli_samr_close(cli, mem_ctx, &user_pol);
-	rpccli_samr_close(cli, mem_ctx, &domain_pol);
-	rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	rpccli_samr_Close(cli, mem_ctx, &user_pol);
+	rpccli_samr_Close(cli, mem_ctx, &domain_pol);
+	rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 
 done:
 	return result;
@@ -446,115 +393,101 @@ done:
 /****************************************************************************
  display group info
  ****************************************************************************/
-static void display_group_info1(GROUP_INFO1 *info1)
+static void display_group_info1(struct samr_GroupInfoAll *info1)
 {
-	fstring temp;
-
-	unistr2_to_ascii(temp, &info1->uni_acct_name, sizeof(temp));
-	printf("\tGroup Name:\t%s\n", temp);
-	unistr2_to_ascii(temp, &info1->uni_acct_desc, sizeof(temp));
-	printf("\tDescription:\t%s\n", temp);
-	printf("\tGroup Attribute:%d\n", info1->group_attr);
+	printf("\tGroup Name:\t%s\n", info1->name.string);
+	printf("\tDescription:\t%s\n", info1->description.string);
+	printf("\tGroup Attribute:%d\n", info1->attributes);
 	printf("\tNum Members:%d\n", info1->num_members);
 }
 
 /****************************************************************************
  display group info
  ****************************************************************************/
-static void display_group_info2(GROUP_INFO2 *info2)
+static void display_group_info2(struct lsa_String *info2)
 {
-	fstring name;
-
-	unistr2_to_ascii(name, &info2->uni_acct_name, sizeof(name));
-	printf("\tGroup Description:%s\n", name);
+	printf("\tGroup Description:%s\n", info2->string);
 }
 
 
 /****************************************************************************
  display group info
  ****************************************************************************/
-static void display_group_info3(GROUP_INFO3 *info3)
+static void display_group_info3(struct samr_GroupInfoAttributes *info3)
 {
-	printf("\tGroup Attribute:%d\n", info3->group_attr);
+	printf("\tGroup Attribute:%d\n", info3->attributes);
 }
 
 
 /****************************************************************************
  display group info
  ****************************************************************************/
-static void display_group_info4(GROUP_INFO4 *info4)
+static void display_group_info4(struct lsa_String *info4)
 {
-	fstring desc;
-
-	unistr2_to_ascii(desc, &info4->uni_acct_desc, sizeof(desc));
-	printf("\tGroup Description:%s\n", desc);
+	printf("\tGroup Description:%s\n", info4->string);
 }
 
 /****************************************************************************
  display group info
  ****************************************************************************/
-static void display_group_info5(GROUP_INFO5 *info5)
+static void display_group_info5(struct samr_GroupInfoAll *info5)
 {
-	fstring temp;
-
-	unistr2_to_ascii(temp, &info5->uni_acct_name, sizeof(temp));
-	printf("\tGroup Name:\t%s\n", temp);
-	unistr2_to_ascii(temp, &info5->uni_acct_desc, sizeof(temp));
-	printf("\tDescription:\t%s\n", temp);
-	printf("\tGroup Attribute:%d\n", info5->group_attr);
+	printf("\tGroup Name:\t%s\n", info5->name.string);
+	printf("\tDescription:\t%s\n", info5->description.string);
+	printf("\tGroup Attribute:%d\n", info5->attributes);
 	printf("\tNum Members:%d\n", info5->num_members);
 }
 
 /****************************************************************************
  display sam sync structure
  ****************************************************************************/
-static void display_group_info_ctr(GROUP_INFO_CTR *ctr)
+static void display_group_info(union samr_GroupInfo *info,
+			       enum samr_GroupInfoEnum level)
 {
-	switch (ctr->switch_value1) {
+	switch (level) {
 		case 1:
-			display_group_info1(&ctr->group.info1);
+			display_group_info1(&info->all);
 			break;
 		case 2:
-			display_group_info2(&ctr->group.info2);
+			display_group_info2(&info->name);
 			break;
 		case 3:
-			display_group_info3(&ctr->group.info3);
+			display_group_info3(&info->attributes);
 			break;
 		case 4:
-			display_group_info4(&ctr->group.info4);
+			display_group_info4(&info->description);
 			break;
 		case 5:
-			display_group_info5(&ctr->group.info5);
+			display_group_info5(&info->all2);
 			break;
-
 	}
 }
 
 /***********************************************************************
- * Query group information 
+ * Query group information
  */
-static NTSTATUS cmd_samr_query_group(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_query_group(struct rpc_pipe_client *cli,
                                      TALLOC_CTX *mem_ctx,
-                                     int argc, const char **argv) 
+                                     int argc, const char **argv)
 {
 	POLICY_HND connect_pol, domain_pol, group_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	uint32 info_level = 1;
+	enum samr_GroupInfoEnum info_level = GROUPINFOALL;
 	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
-	GROUP_INFO_CTR *group_ctr;
-	fstring			server;	
+	union samr_GroupInfo *group_info = NULL;
+	fstring			server;
 	uint32 group_rid;
-	
+
 	if ((argc < 2) || (argc > 4)) {
 		printf("Usage: %s rid [info level] [access mask]\n", argv[0]);
 		return NT_STATUS_OK;
 	}
 
         sscanf(argv[1], "%i", &group_rid);
-	
+
 	if (argc > 2)
-		sscanf(argv[2], "%i", &info_level);
-	
+		info_level = atoi(argv[2]);
+
 	if (argc > 3)
 		sscanf(argv[3], "%x", &access_mask);
 
@@ -567,118 +500,128 @@ static NTSTATUS cmd_samr_query_group(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      &domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(cli, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					&domain_sid,
+					&domain_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_open_group(cli, mem_ctx, &domain_pol,
-				     access_mask,
-				     group_rid, &group_pol);
+	result = rpccli_samr_OpenGroup(cli, mem_ctx,
+				       &domain_pol,
+				       access_mask,
+				       group_rid,
+				       &group_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_query_groupinfo(cli, mem_ctx, &group_pol, 
-					  info_level, &group_ctr);
+	result = rpccli_samr_QueryGroupInfo(cli, mem_ctx,
+					    &group_pol,
+					    info_level,
+					    &group_info);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
-	display_group_info_ctr(group_ctr);
+	display_group_info(group_info, info_level);
 
-	rpccli_samr_close(cli, mem_ctx, &group_pol);
-	rpccli_samr_close(cli, mem_ctx, &domain_pol);
-	rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	rpccli_samr_Close(cli, mem_ctx, &group_pol);
+	rpccli_samr_Close(cli, mem_ctx, &domain_pol);
+	rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 done:
 	return result;
 }
 
 /* Query groups a user is a member of */
 
-static NTSTATUS cmd_samr_query_usergroups(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_query_usergroups(struct rpc_pipe_client *cli,
                                           TALLOC_CTX *mem_ctx,
-                                          int argc, const char **argv) 
+                                          int argc, const char **argv)
 {
-	POLICY_HND 		connect_pol, 
-				domain_pol, 
+	POLICY_HND 		connect_pol,
+				domain_pol,
 				user_pol;
 	NTSTATUS		result = NT_STATUS_UNSUCCESSFUL;
-	uint32 			num_groups, 
-				user_rid;
+	uint32 			user_rid;
 	uint32			access_mask = MAXIMUM_ALLOWED_ACCESS;
-	DOM_GID 		*user_gids;
 	int 			i;
 	fstring			server;
-	
+	struct samr_RidWithAttributeArray *rid_array = NULL;
+
 	if ((argc < 2) || (argc > 3)) {
 		printf("Usage: %s rid [access mask]\n", argv[0]);
 		return NT_STATUS_OK;
 	}
 
 	sscanf(argv[1], "%i", &user_rid);
-	
+
 	if (argc > 2)
 		sscanf(argv[2], "%x", &access_mask);
 
 	slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
 	strupper_m(server);
-		
+
 	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 				   &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      &domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(cli, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					&domain_sid, &domain_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
-				    access_mask,
-				    user_rid, &user_pol);
+	result = rpccli_samr_OpenUser(cli, mem_ctx,
+				      &domain_pol,
+				      access_mask,
+				      user_rid,
+				      &user_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_query_usergroups(cli, mem_ctx, &user_pol,
-					   &num_groups, &user_gids);
+	result = rpccli_samr_GetGroupsForUser(cli, mem_ctx,
+					      &user_pol,
+					      &rid_array);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	for (i = 0; i < num_groups; i++) {
-		printf("\tgroup rid:[0x%x] attr:[0x%x]\n", 
-		       user_gids[i].g_rid, user_gids[i].attr);
+	for (i = 0; i < rid_array->count; i++) {
+		printf("\tgroup rid:[0x%x] attr:[0x%x]\n",
+		       rid_array->rids[i].rid,
+		       rid_array->rids[i].attributes);
 	}
 
-	rpccli_samr_close(cli, mem_ctx, &user_pol);
-	rpccli_samr_close(cli, mem_ctx, &domain_pol);
-	rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	rpccli_samr_Close(cli, mem_ctx, &user_pol);
+	rpccli_samr_Close(cli, mem_ctx, &domain_pol);
+	rpccli_samr_Close(cli, mem_ctx, &connect_pol);
  done:
 	return result;
 }
 
 /* Query aliases a user is a member of */
 
-static NTSTATUS cmd_samr_query_useraliases(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_query_useraliases(struct rpc_pipe_client *cli,
 					   TALLOC_CTX *mem_ctx,
-					   int argc, const char **argv) 
+					   int argc, const char **argv)
 {
 	POLICY_HND 		connect_pol, domain_pol;
 	NTSTATUS		result = NT_STATUS_UNSUCCESSFUL;
 	DOM_SID                *sids;
 	size_t                     num_sids;
-	uint32 			num_aliases, *alias_rids;
 	uint32			access_mask = MAXIMUM_ALLOWED_ACCESS;
 	int 			i;
 	fstring			server;
-	DOM_SID2	       *sid2;
+	struct lsa_SidArray sid_array;
+	struct samr_Ids alias_rids;
 
 	if (argc < 3) {
 		printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
@@ -701,21 +644,25 @@ static NTSTATUS cmd_samr_query_useraliases(struct rpc_pipe_client *cli,
 	}
 
 	if (num_sids) {
-		sid2 = TALLOC_ARRAY(mem_ctx, DOM_SID2, num_sids);
-		if (sid2 == NULL)
+		sid_array.sids = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_SidPtr, num_sids);
+		if (sid_array.sids == NULL)
 			return NT_STATUS_NO_MEMORY;
 	} else {
-		sid2 = NULL;
+		sid_array.sids = NULL;
 	}
 
 	for (i=0; i<num_sids; i++) {
-		sid_copy(&sid2[i].sid, &sids[i]);
-		sid2[i].num_auths = sid2[i].sid.num_auths;
+		sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[i]);
+		if (!sid_array.sids[i].sid) {
+			return NT_STATUS_NO_MEMORY;
+		}
 	}
 
+	sid_array.num_sids = num_sids;
+
 	slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
 	strupper_m(server);
-		
+
 	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 				   &connect_pol);
 
@@ -723,14 +670,16 @@ static NTSTATUS cmd_samr_query_useraliases(struct rpc_pipe_client *cli,
 		goto done;
 
 	if (StrCaseCmp(argv[1], "domain")==0)
-		result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-					      access_mask,
-					      &domain_sid, &domain_pol);
+		result = rpccli_samr_OpenDomain(cli, mem_ctx,
+						&connect_pol,
+						access_mask,
+						&domain_sid, &domain_pol);
 	else if (StrCaseCmp(argv[1], "builtin")==0)
-		result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-					      access_mask,
-					      &global_sid_Builtin,
-					      &domain_pol);
+		result = rpccli_samr_OpenDomain(cli, mem_ctx,
+						&connect_pol,
+						access_mask,
+						CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
+						&domain_pol);
 	else {
 		printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
 		return NT_STATUS_INVALID_PARAMETER;
@@ -739,44 +688,45 @@ static NTSTATUS cmd_samr_query_useraliases(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_query_useraliases(cli, mem_ctx, &domain_pol,
-					    num_sids, sid2,
-					    &num_aliases, &alias_rids);
-
+	result = rpccli_samr_GetAliasMembership(cli, mem_ctx,
+						&domain_pol,
+						&sid_array,
+						&alias_rids);
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	for (i = 0; i < num_aliases; i++) {
-		printf("\tgroup rid:[0x%x]\n", alias_rids[i]);
+	for (i = 0; i < alias_rids.count; i++) {
+		printf("\tgroup rid:[0x%x]\n", alias_rids.ids[i]);
 	}
 
-	rpccli_samr_close(cli, mem_ctx, &domain_pol);
-	rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	rpccli_samr_Close(cli, mem_ctx, &domain_pol);
+	rpccli_samr_Close(cli, mem_ctx, &connect_pol);
  done:
 	return result;
 }
 
 /* Query members of a group */
 
-static NTSTATUS cmd_samr_query_groupmem(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_query_groupmem(struct rpc_pipe_client *cli,
                                         TALLOC_CTX *mem_ctx,
-                                        int argc, const char **argv) 
+                                        int argc, const char **argv)
 {
 	POLICY_HND connect_pol, domain_pol, group_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	uint32 num_members, *group_rids, *group_attrs, group_rid;
+	uint32 group_rid;
 	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
 	int i;
 	fstring			server;
 	unsigned int old_timeout;
-	
+	struct samr_RidTypeArray *rids = NULL;
+
 	if ((argc < 2) || (argc > 3)) {
 		printf("Usage: %s rid [access mask]\n", argv[0]);
 		return NT_STATUS_OK;
 	}
 
 	sscanf(argv[1], "%i", &group_rid);
-	
+
 	if (argc > 2)
 		sscanf(argv[2], "%x", &access_mask);
 
@@ -789,16 +739,20 @@ static NTSTATUS cmd_samr_query_groupmem(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      &domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(cli, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					&domain_sid,
+					&domain_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_open_group(cli, mem_ctx, &domain_pol,
-				     access_mask,
-				     group_rid, &group_pol);
+	result = rpccli_samr_OpenGroup(cli, mem_ctx,
+				       &domain_pol,
+				       access_mask,
+				       group_rid,
+				       &group_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
@@ -806,38 +760,37 @@ static NTSTATUS cmd_samr_query_groupmem(struct rpc_pipe_client *cli,
 	/* Make sure to wait for our DC's reply */
 	old_timeout = cli_set_timeout(cli->cli, MAX(cli->cli->timeout,30000)); /* 30 seconds. */
 
-	result = rpccli_samr_query_groupmem(cli, mem_ctx, &group_pol,
-					 &num_members, &group_rids,
-					 &group_attrs);
+	result = rpccli_samr_QueryGroupMember(cli, mem_ctx,
+					      &group_pol,
+					      &rids);
 
 	cli_set_timeout(cli->cli, old_timeout);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	for (i = 0; i < num_members; i++) {
-		printf("\trid:[0x%x] attr:[0x%x]\n", group_rids[i],
-		       group_attrs[i]);
+	for (i = 0; i < rids->count; i++) {
+		printf("\trid:[0x%x] attr:[0x%x]\n", rids->rids[i],
+		       rids->types[i]);
 	}
 
-	rpccli_samr_close(cli, mem_ctx, &group_pol);
-	rpccli_samr_close(cli, mem_ctx, &domain_pol);
-	rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	rpccli_samr_Close(cli, mem_ctx, &group_pol);
+	rpccli_samr_Close(cli, mem_ctx, &domain_pol);
+	rpccli_samr_Close(cli, mem_ctx, &connect_pol);
  done:
 	return result;
 }
 
 /* Enumerate domain users */
 
-static NTSTATUS cmd_samr_enum_dom_users(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_enum_dom_users(struct rpc_pipe_client *cli,
 					TALLOC_CTX *mem_ctx,
-					int argc, const char **argv) 
+					int argc, const char **argv)
 {
 	POLICY_HND connect_pol, domain_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	uint32 start_idx, size, num_dom_users, i;
-	char **dom_users;
-	uint32 *dom_rids;
+	struct samr_SamArray *dom_users = NULL;
 	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
 	uint32 acb_mask = ACB_NORMAL;
 	bool got_connect_pol = False, got_domain_pol = False;
@@ -846,7 +799,7 @@ static NTSTATUS cmd_samr_enum_dom_users(struct rpc_pipe_client *cli,
 		printf("Usage: %s [access_mask] [acb_mask]\n", argv[0]);
 		return NT_STATUS_OK;
 	}
-	
+
 	if (argc > 1)
 		sscanf(argv[1], "%x", &access_mask);
 
@@ -855,7 +808,7 @@ static NTSTATUS cmd_samr_enum_dom_users(struct rpc_pipe_client *cli,
 
 	/* Get sam policy handle */
 
-	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 				   &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
@@ -865,9 +818,11 @@ static NTSTATUS cmd_samr_enum_dom_users(struct rpc_pipe_client *cli,
 
 	/* Get domain policy handle */
 
-	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-				      access_mask,
-				      &domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(cli, mem_ctx,
+					&connect_pol,
+					access_mask,
+					&domain_sid,
+					&domain_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
@@ -880,54 +835,59 @@ static NTSTATUS cmd_samr_enum_dom_users(struct rpc_pipe_client *cli,
 	size = 0xffff;
 
 	do {
-		result = rpccli_samr_enum_dom_users(
-			cli, mem_ctx, &domain_pol, &start_idx, acb_mask,
-			size, &dom_users, &dom_rids, &num_dom_users);
+		result = rpccli_samr_EnumDomainUsers(cli, mem_ctx,
+						     &domain_pol,
+						     &start_idx,
+						     acb_mask,
+						     &dom_users,
+						     size,
+						     &num_dom_users);
 
 		if (NT_STATUS_IS_OK(result) ||
 		    NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
 
 			for (i = 0; i < num_dom_users; i++)
-                               printf("user:[%s] rid:[0x%x]\n", 
-				       dom_users[i], dom_rids[i]);
+                               printf("user:[%s] rid:[0x%x]\n",
+				       dom_users->entries[i].name.string,
+				       dom_users->entries[i].idx);
 		}
 
 	} while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
 
  done:
 	if (got_domain_pol)
-		rpccli_samr_close(cli, mem_ctx, &domain_pol);
+		rpccli_samr_Close(cli, mem_ctx, &domain_pol);
 
 	if (got_connect_pol)
-		rpccli_samr_close(cli, mem_ctx, &connect_pol);
+		rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 
 	return result;
 }
 
 /* Enumerate domain groups */
 
-static NTSTATUS cmd_samr_enum_dom_groups(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_enum_dom_groups(struct rpc_pipe_client *cli,
                                          TALLOC_CTX *mem_ctx,
-                                         int argc, const char **argv) 
+                                         int argc, const char **argv)
 {
 	POLICY_HND connect_pol, domain_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	uint32 start_idx, size, num_dom_groups, i;
 	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
-	struct acct_info *dom_groups;
+	struct samr_SamArray *dom_groups = NULL;
 	bool got_connect_pol = False, got_domain_pol = False;
 
 	if ((argc < 1) || (argc > 2)) {
 		printf("Usage: %s [access_mask]\n", argv[0]);
 		return NT_STATUS_OK;
 	}
-	
+
 	if (argc > 1)
 		sscanf(argv[1], "%x", &access_mask);
 
 	/* Get sam policy handle */
 
-	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 				   &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
@@ -937,9 +897,11 @@ static NTSTATUS cmd_samr_enum_dom_groups(struct rpc_pipe_client *cli,
 
 	/* Get domain policy handle */
 
-	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-				      access_mask,
-				      &domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(cli, mem_ctx,
+					&connect_pol,
+					access_mask,
+					&domain_sid,
+					&domain_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
@@ -952,55 +914,57 @@ static NTSTATUS cmd_samr_enum_dom_groups(struct rpc_pipe_client *cli,
 	size = 0xffff;
 
 	do {
-		result = rpccli_samr_enum_dom_groups(
-			cli, mem_ctx, &domain_pol, &start_idx, size,
-			&dom_groups, &num_dom_groups);
-
+		result = rpccli_samr_EnumDomainGroups(cli, mem_ctx,
+						      &domain_pol,
+						      &start_idx,
+						      &dom_groups,
+						      size,
+						      &num_dom_groups);
 		if (NT_STATUS_IS_OK(result) ||
 		    NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
 
 			for (i = 0; i < num_dom_groups; i++)
-				printf("group:[%s] rid:[0x%x]\n", 
-				       dom_groups[i].acct_name,
-				       dom_groups[i].rid);
+				printf("group:[%s] rid:[0x%x]\n",
+				       dom_groups->entries[i].name.string,
+				       dom_groups->entries[i].idx);
 		}
 
 	} while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
 
  done:
 	if (got_domain_pol)
-		rpccli_samr_close(cli, mem_ctx, &domain_pol);
+		rpccli_samr_Close(cli, mem_ctx, &domain_pol);
 
 	if (got_connect_pol)
-		rpccli_samr_close(cli, mem_ctx, &connect_pol);
+		rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 
 	return result;
 }
 
 /* Enumerate alias groups */
 
-static NTSTATUS cmd_samr_enum_als_groups(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_enum_als_groups(struct rpc_pipe_client *cli,
                                          TALLOC_CTX *mem_ctx,
-                                         int argc, const char **argv) 
+                                         int argc, const char **argv)
 {
 	POLICY_HND connect_pol, domain_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	uint32 start_idx, size, num_als_groups, i;
 	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
-	struct acct_info *als_groups;
+	struct samr_SamArray *als_groups = NULL;
 	bool got_connect_pol = False, got_domain_pol = False;
 
 	if ((argc < 2) || (argc > 3)) {
 		printf("Usage: %s builtin|domain [access mask]\n", argv[0]);
 		return NT_STATUS_OK;
 	}
-	
+
 	if (argc > 2)
 		sscanf(argv[2], "%x", &access_mask);
 
 	/* Get sam policy handle */
 
-	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 				   &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
@@ -1011,13 +975,17 @@ static NTSTATUS cmd_samr_enum_als_groups(struct rpc_pipe_client *cli,
 	/* Get domain policy handle */
 
 	if (StrCaseCmp(argv[1], "domain")==0)
-		result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-					      access_mask,
-					      &domain_sid, &domain_pol);
+		result = rpccli_samr_OpenDomain(cli, mem_ctx,
+						&connect_pol,
+						access_mask,
+						&domain_sid,
+						&domain_pol);
 	else if (StrCaseCmp(argv[1], "builtin")==0)
-		result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-					      access_mask,
-					      &global_sid_Builtin, &domain_pol);
+		result = rpccli_samr_OpenDomain(cli, mem_ctx,
+						&connect_pol,
+						access_mask,
+						CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
+						&domain_pol);
 	else
 		return NT_STATUS_OK;
 
@@ -1032,41 +1000,110 @@ static NTSTATUS cmd_samr_enum_als_groups(struct rpc_pipe_client *cli,
 	size = 0xffff;		/* Number of groups to retrieve */
 
 	do {
-		result = rpccli_samr_enum_als_groups(
-			cli, mem_ctx, &domain_pol, &start_idx, size,
-			&als_groups, &num_als_groups);
+		result = rpccli_samr_EnumDomainAliases(cli, mem_ctx,
+						       &domain_pol,
+						       &start_idx,
+						       &als_groups,
+						       size,
+						       &num_als_groups);
 
 		if (NT_STATUS_IS_OK(result) ||
 		    NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
 
 			for (i = 0; i < num_als_groups; i++)
-				printf("group:[%s] rid:[0x%x]\n", 
-				       als_groups[i].acct_name,
-				       als_groups[i].rid);
+				printf("group:[%s] rid:[0x%x]\n",
+				       als_groups->entries[i].name.string,
+				       als_groups->entries[i].idx);
 		}
 	} while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
 
  done:
 	if (got_domain_pol)
-		rpccli_samr_close(cli, mem_ctx, &domain_pol);
-	
+		rpccli_samr_Close(cli, mem_ctx, &domain_pol);
+
 	if (got_connect_pol)
-		rpccli_samr_close(cli, mem_ctx, &connect_pol);
-	
+		rpccli_samr_Close(cli, mem_ctx, &connect_pol);
+
+	return result;
+}
+
+/* Enumerate domains */
+
+static NTSTATUS cmd_samr_enum_domains(struct rpc_pipe_client *cli,
+				      TALLOC_CTX *mem_ctx,
+				      int argc, const char **argv)
+{
+	POLICY_HND connect_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32 start_idx, size, num_entries, i;
+	uint32 access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	bool got_connect_pol = false;
+	struct samr_SamArray *sam = NULL;
+
+	if ((argc < 1) || (argc > 2)) {
+		printf("Usage: %s [access mask]\n", argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	if (argc > 1) {
+		sscanf(argv[1], "%x", &access_mask);
+	}
+
+	/* Get sam policy handle */
+
+	result = try_samr_connects(cli, mem_ctx,
+				   access_mask,
+				   &connect_pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	got_connect_pol = true;
+
+	/* Enumerate alias groups */
+
+	start_idx = 0;
+	size = 0xffff;
+
+	do {
+		result = rpccli_samr_EnumDomains(cli, mem_ctx,
+						 &connect_pol,
+						 &start_idx,
+						 &sam,
+						 size,
+						 &num_entries);
+
+		if (NT_STATUS_IS_OK(result) ||
+		    NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES)) {
+
+			for (i = 0; i < num_entries; i++)
+				printf("name:[%s] idx:[0x%x]\n",
+				       sam->entries[i].name.string,
+				       sam->entries[i].idx);
+		}
+	} while (NT_STATUS_V(result) == NT_STATUS_V(STATUS_MORE_ENTRIES));
+
+ done:
+	if (got_connect_pol) {
+		rpccli_samr_Close(cli, mem_ctx, &connect_pol);
+	}
+
 	return result;
 }
 
+
 /* Query alias membership */
 
-static NTSTATUS cmd_samr_query_aliasmem(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_query_aliasmem(struct rpc_pipe_client *cli,
                                         TALLOC_CTX *mem_ctx,
-                                        int argc, const char **argv) 
+                                        int argc, const char **argv)
 {
 	POLICY_HND connect_pol, domain_pol, alias_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	uint32 alias_rid, num_members, i;
+	uint32 alias_rid, i;
 	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
-	DOM_SID *alias_sids;
+	struct lsa_SidArray sid_array;
 
 	if ((argc < 3) || (argc > 4)) {
 		printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]);
@@ -1074,28 +1111,32 @@ static NTSTATUS cmd_samr_query_aliasmem(struct rpc_pipe_client *cli,
 	}
 
 	sscanf(argv[2], "%i", &alias_rid);
-	
+
 	if (argc > 3)
 		sscanf(argv[3], "%x", &access_mask);
 
 	/* Open SAMR handle */
 
-	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 				   &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
 	/* Open handle on domain */
-	
+
 	if (StrCaseCmp(argv[1], "domain")==0)
-		result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-					      MAXIMUM_ALLOWED_ACCESS,
-					      &domain_sid, &domain_pol);
+		result = rpccli_samr_OpenDomain(cli, mem_ctx,
+						&connect_pol,
+						MAXIMUM_ALLOWED_ACCESS,
+						&domain_sid,
+						&domain_pol);
 	else if (StrCaseCmp(argv[1], "builtin")==0)
-		result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-					      MAXIMUM_ALLOWED_ACCESS,
-					      &global_sid_Builtin, &domain_pol);
+		result = rpccli_samr_OpenDomain(cli, mem_ctx,
+						&connect_pol,
+						MAXIMUM_ALLOWED_ACCESS,
+						CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
+						&domain_pol);
 	else
 		return NT_STATUS_OK;
 
@@ -1104,37 +1145,149 @@ static NTSTATUS cmd_samr_query_aliasmem(struct rpc_pipe_client *cli,
 
 	/* Open handle on alias */
 
-	result = rpccli_samr_open_alias(cli, mem_ctx, &domain_pol,
-				     access_mask,
-				     alias_rid, &alias_pol);
+	result = rpccli_samr_OpenAlias(cli, mem_ctx,
+				       &domain_pol,
+				       access_mask,
+				       alias_rid,
+				       &alias_pol);
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_query_aliasmem(cli, mem_ctx, &alias_pol,
-					 &num_members, &alias_sids);
+	result = rpccli_samr_GetMembersInAlias(cli, mem_ctx,
+					       &alias_pol,
+					       &sid_array);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	for (i = 0; i < num_members; i++) {
+	for (i = 0; i < sid_array.num_sids; i++) {
 		fstring sid_str;
 
-		sid_to_fstring(sid_str, &alias_sids[i]);
+		sid_to_fstring(sid_str, sid_array.sids[i].sid);
 		printf("\tsid:[%s]\n", sid_str);
 	}
 
-	rpccli_samr_close(cli, mem_ctx, &alias_pol);
-	rpccli_samr_close(cli, mem_ctx, &domain_pol);
-	rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	rpccli_samr_Close(cli, mem_ctx, &alias_pol);
+	rpccli_samr_Close(cli, mem_ctx, &domain_pol);
+	rpccli_samr_Close(cli, mem_ctx, &connect_pol);
  done:
 	return result;
 }
 
+/* Query alias info */
+
+static NTSTATUS cmd_samr_query_aliasinfo(struct rpc_pipe_client *cli,
+					 TALLOC_CTX *mem_ctx,
+					 int argc, const char **argv)
+{
+	POLICY_HND connect_pol, domain_pol, alias_pol;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	uint32_t alias_rid;
+	uint32_t access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+	union samr_AliasInfo *info = NULL;
+	enum samr_AliasInfoEnum level = ALIASINFOALL;
+
+	if ((argc < 3) || (argc > 4)) {
+		printf("Usage: %s builtin|domain rid [level] [access mask]\n",
+			argv[0]);
+		return NT_STATUS_OK;
+	}
+
+	sscanf(argv[2], "%i", &alias_rid);
+
+	if (argc > 2) {
+		level = atoi(argv[3]);
+	}
+
+	if (argc > 3) {
+		sscanf(argv[4], "%x", &access_mask);
+	}
+
+	/* Open SAMR handle */
+
+	result = try_samr_connects(cli, mem_ctx,
+				   SEC_FLAG_MAXIMUM_ALLOWED,
+				   &connect_pol);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Open handle on domain */
+
+	if (strequal(argv[1], "domain")) {
+
+		result = rpccli_samr_OpenDomain(cli, mem_ctx,
+						&connect_pol,
+						SEC_FLAG_MAXIMUM_ALLOWED,
+						&domain_sid,
+						&domain_pol);
+
+	} else if (strequal(argv[1], "builtin")) {
+
+		result = rpccli_samr_OpenDomain(cli, mem_ctx,
+						&connect_pol,
+						SEC_FLAG_MAXIMUM_ALLOWED,
+						CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
+						&domain_pol);
+
+	} else {
+		return NT_STATUS_OK;
+	}
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	/* Open handle on alias */
+
+	result = rpccli_samr_OpenAlias(cli, mem_ctx,
+				       &domain_pol,
+				       access_mask,
+				       alias_rid,
+				       &alias_pol);
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	result = rpccli_samr_QueryAliasInfo(cli, mem_ctx,
+					    &alias_pol,
+					    level,
+					    &info);
+
+	if (!NT_STATUS_IS_OK(result)) {
+		goto done;
+	}
+
+	switch (level) {
+		case ALIASINFOALL:
+			printf("Name: %s\n", info->all.name.string);
+			printf("Description: %s\n", info->all.description.string);
+			printf("Num Members: %d\n", info->all.num_members);
+			break;
+		case ALIASINFONAME:
+			printf("Name: %s\n", info->name.string);
+			break;
+		case ALIASINFODESCRIPTION:
+			printf("Description: %s\n", info->description.string);
+			break;
+		default:
+			break;
+	}
+
+	rpccli_samr_Close(cli, mem_ctx, &alias_pol);
+	rpccli_samr_Close(cli, mem_ctx, &domain_pol);
+	rpccli_samr_Close(cli, mem_ctx, &connect_pol);
+ done:
+	return result;
+}
+
+
 /* Query delete an alias membership */
 
-static NTSTATUS cmd_samr_delete_alias(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_delete_alias(struct rpc_pipe_client *cli,
 				      TALLOC_CTX *mem_ctx,
-				      int argc, const char **argv) 
+				      int argc, const char **argv)
 {
 	POLICY_HND connect_pol, domain_pol, alias_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -1147,25 +1300,29 @@ static NTSTATUS cmd_samr_delete_alias(struct rpc_pipe_client *cli,
 	}
 
 	alias_rid = strtoul(argv[2], NULL, 10);
-	
+
 	/* Open SAMR handle */
 
-	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 				   &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
 	/* Open handle on domain */
-	
+
 	if (StrCaseCmp(argv[1], "domain")==0)
-		result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-					      MAXIMUM_ALLOWED_ACCESS,
-					      &domain_sid, &domain_pol);
+		result = rpccli_samr_OpenDomain(cli, mem_ctx,
+						&connect_pol,
+						MAXIMUM_ALLOWED_ACCESS,
+						&domain_sid,
+						&domain_pol);
 	else if (StrCaseCmp(argv[1], "builtin")==0)
-		result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-					      MAXIMUM_ALLOWED_ACCESS,
-					      &global_sid_Builtin, &domain_pol);
+		result = rpccli_samr_OpenDomain(cli, mem_ctx,
+						&connect_pol,
+						MAXIMUM_ALLOWED_ACCESS,
+						CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
+						&domain_pol);
 	else
 		return NT_STATUS_INVALID_PARAMETER;
 
@@ -1174,57 +1331,62 @@ static NTSTATUS cmd_samr_delete_alias(struct rpc_pipe_client *cli,
 
 	/* Open handle on alias */
 
-	result = rpccli_samr_open_alias(cli, mem_ctx, &domain_pol,
-				     access_mask,
-				     alias_rid, &alias_pol);
+	result = rpccli_samr_OpenAlias(cli, mem_ctx,
+				       &domain_pol,
+				       access_mask,
+				       alias_rid,
+				       &alias_pol);
 	if (!NT_STATUS_IS_OK(result) && (alias_rid == 0)) {
 		/* Probably this was a user name, try lookupnames */
-		uint32 num_rids;
-		uint32 *rids, *types;
-		
-		result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
-						  1000, 1, &argv[2],
-						  &num_rids, &rids,
-						  &types);
+		struct samr_Ids rids, types;
+		struct lsa_String lsa_acct_name;
+
+		init_lsa_String(&lsa_acct_name, argv[2]);
+
+		result = rpccli_samr_LookupNames(cli, mem_ctx,
+						 &domain_pol,
+						 1,
+						 &lsa_acct_name,
+						 &rids,
+						 &types);
 
 		if (NT_STATUS_IS_OK(result)) {
-			result = rpccli_samr_open_alias(cli, mem_ctx,
+			result = rpccli_samr_OpenAlias(cli, mem_ctx,
 						       &domain_pol,
 						       access_mask,
-						       rids[0], &alias_pol);
+						       rids.ids[0],
+						       &alias_pol);
 		}
 	}
 
-	result = rpccli_samr_delete_dom_alias(cli, mem_ctx, &alias_pol);
+	result = rpccli_samr_DeleteDomAlias(cli, mem_ctx,
+					    &alias_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	rpccli_samr_close(cli, mem_ctx, &domain_pol);
-	rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	rpccli_samr_Close(cli, mem_ctx, &domain_pol);
+	rpccli_samr_Close(cli, mem_ctx, &connect_pol);
  done:
 	return result;
 }
 
 /* Query display info */
 
-static NTSTATUS cmd_samr_query_dispinfo(struct rpc_pipe_client *cli, 
-                                        TALLOC_CTX *mem_ctx,
-                                        int argc, const char **argv) 
+static NTSTATUS cmd_samr_query_dispinfo_internal(struct rpc_pipe_client *cli,
+						 TALLOC_CTX *mem_ctx,
+						 int argc, const char **argv,
+						 uint32_t opcode)
 {
 	POLICY_HND connect_pol, domain_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	uint32 start_idx=0, max_entries=250, max_size = 0xffff, num_entries, i;
+	uint32 start_idx=0, max_entries=250, max_size = 0xffff, num_entries = 0, i;
 	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
 	uint32 info_level = 1;
-	SAM_DISPINFO_CTR ctr;
-	SAM_DISPINFO_1 info1;
-	SAM_DISPINFO_2 info2;
-	SAM_DISPINFO_3 info3;
-	SAM_DISPINFO_4 info4;
-	SAM_DISPINFO_5 info5;
+	union samr_DispInfo info;
 	int loop_count = 0;
 	bool got_params = False; /* Use get_query_dispinfo_params() or not? */
+	uint32_t total_size, returned_size;
 
 	if (argc > 6) {
 		printf("Usage: %s [info level] [start index] [max entries] [max size] [access mask]\n", argv[0]);
@@ -1233,26 +1395,26 @@ static NTSTATUS cmd_samr_query_dispinfo(struct rpc_pipe_client *cli,
 
 	if (argc >= 2)
                 sscanf(argv[1], "%i", &info_level);
-        
+
 	if (argc >= 3)
                 sscanf(argv[2], "%i", &start_idx);
-        
+
 	if (argc >= 4) {
                 sscanf(argv[3], "%i", &max_entries);
 		got_params = True;
 	}
-	
+
 	if (argc >= 5) {
                 sscanf(argv[4], "%i", &max_size);
 		got_params = True;
 	}
-	
+
 	if (argc >= 6)
                 sscanf(argv[5], "%x", &access_mask);
 
 	/* Get sam policy handle */
 
-	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 				   &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
@@ -1260,99 +1422,158 @@ static NTSTATUS cmd_samr_query_dispinfo(struct rpc_pipe_client *cli,
 
 	/* Get domain policy handle */
 
-	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-				      access_mask, 
-				      &domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(cli, mem_ctx,
+					&connect_pol,
+					access_mask,
+					&domain_sid,
+					&domain_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
 	/* Query display info */
 
-	ZERO_STRUCT(ctr);
-	ZERO_STRUCT(info1);
-	
-	switch (info_level) {
-	case 1:
-		ZERO_STRUCT(info1);
-		ctr.sam.info1 = &info1;
-		break;
-	case 2:
-		ZERO_STRUCT(info2);
-		ctr.sam.info2 = &info2;
-		break;
-	case 3:
-		ZERO_STRUCT(info3);
-		ctr.sam.info3 = &info3;
-		break;
-	case 4:
-		ZERO_STRUCT(info4);
-		ctr.sam.info4 = &info4;
-		break;
-	case 5:
-		ZERO_STRUCT(info5);
-		ctr.sam.info5 = &info5;
-		break;
-	}
-
-
 	do {
 
 		if (!got_params)
 			get_query_dispinfo_params(
 				loop_count, &max_entries, &max_size);
-		
-		result = rpccli_samr_query_dispinfo(cli, mem_ctx, &domain_pol,
-						 &start_idx, info_level,
-						 &num_entries, max_entries, 
-						 max_size, &ctr);
 
-		loop_count++;
+		switch (opcode) {
+		case NDR_SAMR_QUERYDISPLAYINFO:
+			result = rpccli_samr_QueryDisplayInfo(cli, mem_ctx,
+							      &domain_pol,
+							      info_level,
+							      start_idx,
+							      max_entries,
+							      max_size,
+							      &total_size,
+							      &returned_size,
+							      &info);
+			break;
+		case NDR_SAMR_QUERYDISPLAYINFO2:
+			result = rpccli_samr_QueryDisplayInfo2(cli, mem_ctx,
+							       &domain_pol,
+							       info_level,
+							       start_idx,
+							       max_entries,
+							       max_size,
+							       &total_size,
+							       &returned_size,
+							       &info);
+
+			break;
+		case NDR_SAMR_QUERYDISPLAYINFO3:
+			result = rpccli_samr_QueryDisplayInfo3(cli, mem_ctx,
+							       &domain_pol,
+							       info_level,
+							       start_idx,
+							       max_entries,
+							       max_size,
+							       &total_size,
+							       &returned_size,
+							       &info);
 
-		if (NT_STATUS_IS_ERR(result))
 			break;
+		default:
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		if (!NT_STATUS_IS_OK(result) &&
+		    !NT_STATUS_EQUAL(result, NT_STATUS_NO_MORE_ENTRIES) &&
+		    !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
+			break;
+		}
+
+		loop_count++;
+
+		switch (info_level) {
+			case 1:
+				num_entries = info.info1.count;
+				break;
+			case 2:
+				num_entries = info.info2.count;
+				break;
+			case 3:
+				num_entries = info.info3.count;
+				break;
+			case 4:
+				num_entries = info.info4.count;
+				break;
+			case 5:
+				num_entries = info.info5.count;
+				break;
+			default:
+				break;
+		}
 
-		if (num_entries == 0) 
+		start_idx += num_entries;
+
+		if (num_entries == 0)
 			break;
 
 		for (i = 0; i < num_entries; i++) {
 			switch (info_level) {
 			case 1:
-				display_sam_info_1(&ctr.sam.info1->sam[i], &ctr.sam.info1->str[i]);
+				display_sam_info_1(&info.info1.entries[i]);
 				break;
 			case 2:
-				display_sam_info_2(&ctr.sam.info2->sam[i], &ctr.sam.info2->str[i]);
+				display_sam_info_2(&info.info2.entries[i]);
 				break;
 			case 3:
-				display_sam_info_3(&ctr.sam.info3->sam[i], &ctr.sam.info3->str[i]);
+				display_sam_info_3(&info.info3.entries[i]);
 				break;
 			case 4:
-				display_sam_info_4(&ctr.sam.info4->sam[i], &ctr.sam.info4->str[i]);
+				display_sam_info_4(&info.info4.entries[i]);
 				break;
 			case 5:
-				display_sam_info_5(&ctr.sam.info5->sam[i], &ctr.sam.info5->str[i]);
+				display_sam_info_5(&info.info5.entries[i]);
 				break;
 			}
 		}
 	} while ( NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
 
-	rpccli_samr_close(cli, mem_ctx, &domain_pol);
-	rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	rpccli_samr_Close(cli, mem_ctx, &domain_pol);
+	rpccli_samr_Close(cli, mem_ctx, &connect_pol);
  done:
 	return result;
 }
 
+static NTSTATUS cmd_samr_query_dispinfo(struct rpc_pipe_client *cli,
+					TALLOC_CTX *mem_ctx,
+					int argc, const char **argv)
+{
+	return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
+						NDR_SAMR_QUERYDISPLAYINFO);
+}
+
+static NTSTATUS cmd_samr_query_dispinfo2(struct rpc_pipe_client *cli,
+					 TALLOC_CTX *mem_ctx,
+					 int argc, const char **argv)
+{
+	return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
+						NDR_SAMR_QUERYDISPLAYINFO2);
+}
+
+static NTSTATUS cmd_samr_query_dispinfo3(struct rpc_pipe_client *cli,
+					 TALLOC_CTX *mem_ctx,
+					 int argc, const char **argv)
+{
+	return cmd_samr_query_dispinfo_internal(cli, mem_ctx, argc, argv,
+						NDR_SAMR_QUERYDISPLAYINFO3);
+}
+
 /* Query domain info */
 
-static NTSTATUS cmd_samr_query_dominfo(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_query_dominfo(struct rpc_pipe_client *cli,
                                        TALLOC_CTX *mem_ctx,
-                                       int argc, const char **argv) 
+                                       int argc, const char **argv)
 {
 	POLICY_HND connect_pol, domain_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	uint32 switch_level = 2;
 	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
-	SAM_UNK_CTR ctr;
+	union samr_DomainInfo *info = NULL;
 
 	if (argc > 3) {
 		printf("Usage: %s [info level] [access mask]\n", argv[0]);
@@ -1361,13 +1582,13 @@ static NTSTATUS cmd_samr_query_dominfo(struct rpc_pipe_client *cli,
 
 	if (argc > 1)
                 sscanf(argv[1], "%i", &switch_level);
-	
+
 	if (argc > 2)
                 sscanf(argv[2], "%x", &access_mask);
 
 	/* Get sam policy handle */
 
-	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 				   &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
@@ -1375,17 +1596,21 @@ static NTSTATUS cmd_samr_query_dominfo(struct rpc_pipe_client *cli,
 
 	/* Get domain policy handle */
 
-	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-				      access_mask,
-				      &domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(cli, mem_ctx,
+					&connect_pol,
+					access_mask,
+					&domain_sid,
+					&domain_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
 	/* Query domain info */
 
-	result = rpccli_samr_query_dom_info(cli, mem_ctx, &domain_pol,
-					 switch_level, &ctr);
+	result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+					     &domain_pol,
+					     switch_level,
+					     &info);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
@@ -1394,37 +1619,37 @@ static NTSTATUS cmd_samr_query_dominfo(struct rpc_pipe_client *cli,
 
 	switch (switch_level) {
 	case 1:
-		display_sam_unk_info_1(&ctr.info.inf1);
+		display_sam_dom_info_1(&info->info1);
 		break;
 	case 2:
-		display_sam_unk_info_2(&ctr.info.inf2);
+		display_sam_dom_info_2(&info->info2);
 		break;
 	case 3:
-		display_sam_unk_info_3(&ctr.info.inf3);
+		display_sam_dom_info_3(&info->info3);
 		break;
 	case 4:
-		display_sam_unk_info_4(&ctr.info.inf4);
+		display_sam_dom_info_4(&info->info4);
 		break;
 	case 5:
-		display_sam_unk_info_5(&ctr.info.inf5);
+		display_sam_dom_info_5(&info->info5);
 		break;
 	case 6:
-		display_sam_unk_info_6(&ctr.info.inf6);
+		display_sam_dom_info_6(&info->info6);
 		break;
 	case 7:
-		display_sam_unk_info_7(&ctr.info.inf7);
+		display_sam_dom_info_7(&info->info7);
 		break;
 	case 8:
-		display_sam_unk_info_8(&ctr.info.inf8);
+		display_sam_dom_info_8(&info->info8);
 		break;
 	case 9:
-		display_sam_unk_info_9(&ctr.info.inf9);
+		display_sam_dom_info_9(&info->info9);
 		break;
 	case 12:
-		display_sam_unk_info_12(&ctr.info.inf12);
+		display_sam_dom_info_12(&info->info12);
 		break;
 	case 13:
-		display_sam_unk_info_13(&ctr.info.inf13);
+		display_sam_dom_info_13(&info->info13);
 		break;
 
 	default:
@@ -1434,38 +1659,39 @@ static NTSTATUS cmd_samr_query_dominfo(struct rpc_pipe_client *cli,
 	}
 
  done:
- 
- 	rpccli_samr_close(cli, mem_ctx, &domain_pol);
- 	rpccli_samr_close(cli, mem_ctx, &connect_pol);
+
+	rpccli_samr_Close(cli, mem_ctx, &domain_pol);
+	rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 	return result;
 }
 
 /* Create domain user */
 
-static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
                                          TALLOC_CTX *mem_ctx,
-                                         int argc, const char **argv) 
+                                         int argc, const char **argv)
 {
 	POLICY_HND connect_pol, domain_pol, user_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	const char *acct_name;
+	struct lsa_String acct_name;
 	uint32 acb_info;
-	uint32 user_rid;
+	uint32 acct_flags, user_rid;
 	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
+	uint32_t access_granted = 0;
 
 	if ((argc < 2) || (argc > 3)) {
 		printf("Usage: %s username [access mask]\n", argv[0]);
 		return NT_STATUS_OK;
 	}
 
-	acct_name = argv[1];
-	
+	init_lsa_String(&acct_name, argv[1]);
+
 	if (argc > 2)
                 sscanf(argv[2], "%x", &access_mask);
 
 	/* Get sam policy handle */
 
-	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 				   &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
@@ -1473,9 +1699,11 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
 
 	/* Get domain policy handle */
 
-	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-				      access_mask,
-				      &domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(cli, mem_ctx,
+					&connect_pol,
+					access_mask,
+					&domain_sid,
+					&domain_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
@@ -1483,22 +1711,31 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
 	/* Create domain user */
 
 	acb_info = ACB_NORMAL;
-	access_mask = 0xe005000b;
+	acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+		     SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+		     SAMR_USER_ACCESS_SET_PASSWORD |
+		     SAMR_USER_ACCESS_GET_ATTRIBUTES |
+		     SAMR_USER_ACCESS_SET_ATTRIBUTES;
 
-	result = rpccli_samr_create_dom_user(cli, mem_ctx, &domain_pol,
-					  acct_name, acb_info, access_mask,
-					  &user_pol, &user_rid);
+	result = rpccli_samr_CreateUser2(cli, mem_ctx,
+					 &domain_pol,
+					 &acct_name,
+					 acb_info,
+					 acct_flags,
+					 &user_pol,
+					 &access_granted,
+					 &user_rid);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_close(cli, mem_ctx, &user_pol);
+	result = rpccli_samr_Close(cli, mem_ctx, &user_pol);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
-	result = rpccli_samr_close(cli, mem_ctx, &domain_pol);
+	result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
-	result = rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
  done:
@@ -1507,28 +1744,29 @@ static NTSTATUS cmd_samr_create_dom_user(struct rpc_pipe_client *cli,
 
 /* Create domain group */
 
-static NTSTATUS cmd_samr_create_dom_group(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_create_dom_group(struct rpc_pipe_client *cli,
                                           TALLOC_CTX *mem_ctx,
-                                          int argc, const char **argv) 
+                                          int argc, const char **argv)
 {
 	POLICY_HND connect_pol, domain_pol, group_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	const char *grp_name;
+	struct lsa_String grp_name;
 	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
+	uint32_t rid = 0;
 
 	if ((argc < 2) || (argc > 3)) {
 		printf("Usage: %s groupname [access mask]\n", argv[0]);
 		return NT_STATUS_OK;
 	}
 
-	grp_name = argv[1];
-	
+	init_lsa_String(&grp_name, argv[1]);
+
 	if (argc > 2)
                 sscanf(argv[2], "%x", &access_mask);
 
 	/* Get sam policy handle */
 
-	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 				   &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
@@ -1536,29 +1774,33 @@ static NTSTATUS cmd_samr_create_dom_group(struct rpc_pipe_client *cli,
 
 	/* Get domain policy handle */
 
-	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-				      access_mask,
-				      &domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(cli, mem_ctx,
+					&connect_pol,
+					access_mask,
+					&domain_sid,
+					&domain_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
 	/* Create domain user */
-
-	result = rpccli_samr_create_dom_group(cli, mem_ctx, &domain_pol,
-					   grp_name, MAXIMUM_ALLOWED_ACCESS,
-					   &group_pol);
+	result = rpccli_samr_CreateDomainGroup(cli, mem_ctx,
+					       &domain_pol,
+					       &grp_name,
+					       MAXIMUM_ALLOWED_ACCESS,
+					       &group_pol,
+					       &rid);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_close(cli, mem_ctx, &group_pol);
+	result = rpccli_samr_Close(cli, mem_ctx, &group_pol);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
-	result = rpccli_samr_close(cli, mem_ctx, &domain_pol);
+	result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
-	result = rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
  done:
@@ -1567,28 +1809,29 @@ static NTSTATUS cmd_samr_create_dom_group(struct rpc_pipe_client *cli,
 
 /* Create domain alias */
 
-static NTSTATUS cmd_samr_create_dom_alias(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_create_dom_alias(struct rpc_pipe_client *cli,
                                           TALLOC_CTX *mem_ctx,
-                                          int argc, const char **argv) 
+                                          int argc, const char **argv)
 {
 	POLICY_HND connect_pol, domain_pol, alias_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	const char *alias_name;
+	struct lsa_String alias_name;
 	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
+	uint32_t rid = 0;
 
 	if ((argc < 2) || (argc > 3)) {
 		printf("Usage: %s aliasname [access mask]\n", argv[0]);
 		return NT_STATUS_OK;
 	}
 
-	alias_name = argv[1];
-	
+	init_lsa_String(&alias_name, argv[1]);
+
 	if (argc > 2)
                 sscanf(argv[2], "%x", &access_mask);
 
 	/* Get sam policy handle */
 
-	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 				   &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
@@ -1596,28 +1839,34 @@ static NTSTATUS cmd_samr_create_dom_alias(struct rpc_pipe_client *cli,
 
 	/* Get domain policy handle */
 
-	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-					 access_mask,
-					 &domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(cli, mem_ctx,
+					&connect_pol,
+					access_mask,
+					&domain_sid,
+					&domain_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
 	/* Create domain user */
 
-	result = rpccli_samr_create_dom_alias(cli, mem_ctx, &domain_pol,
-					      alias_name, &alias_pol);
+	result = rpccli_samr_CreateDomAlias(cli, mem_ctx,
+					    &domain_pol,
+					    &alias_name,
+					    MAXIMUM_ALLOWED_ACCESS,
+					    &alias_pol,
+					    &rid);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_close(cli, mem_ctx, &alias_pol);
+	result = rpccli_samr_Close(cli, mem_ctx, &alias_pol);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
-	result = rpccli_samr_close(cli, mem_ctx, &domain_pol);
+	result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
-	result = rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
  done:
@@ -1626,16 +1875,16 @@ static NTSTATUS cmd_samr_create_dom_alias(struct rpc_pipe_client *cli,
 
 /* Lookup sam names */
 
-static NTSTATUS cmd_samr_lookup_names(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_lookup_names(struct rpc_pipe_client *cli,
                                       TALLOC_CTX *mem_ctx,
-                                      int argc, const char **argv) 
+                                      int argc, const char **argv)
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	POLICY_HND connect_pol, domain_pol;
-	uint32 flags = 0x000003e8; /* Unknown */
-	uint32 num_rids, num_names, *name_types, *rids;
-	const char **names;
+	uint32 num_names;
+	struct samr_Ids rids, name_types;
 	int i;
+	struct lsa_String *names = NULL;;
 
 	if (argc < 3) {
 		printf("Usage: %s  domain|builtin name1 [name2 [name3] [...]]\n", argv[0]);
@@ -1646,20 +1895,24 @@ static NTSTATUS cmd_samr_lookup_names(struct rpc_pipe_client *cli,
 
 	/* Get sam policy and domain handles */
 
-	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 				   &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
 	if (StrCaseCmp(argv[1], "domain")==0)
-		result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-					      MAXIMUM_ALLOWED_ACCESS,
-					      &domain_sid, &domain_pol);
+		result = rpccli_samr_OpenDomain(cli, mem_ctx,
+						&connect_pol,
+						MAXIMUM_ALLOWED_ACCESS,
+						&domain_sid,
+						&domain_pol);
 	else if (StrCaseCmp(argv[1], "builtin")==0)
-		result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-					      MAXIMUM_ALLOWED_ACCESS,
-					      &global_sid_Builtin, &domain_pol);
+		result = rpccli_samr_OpenDomain(cli, mem_ctx,
+						&connect_pol,
+						MAXIMUM_ALLOWED_ACCESS,
+						CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
+						&domain_pol);
 	else
 		return NT_STATUS_OK;
 
@@ -1670,19 +1923,23 @@ static NTSTATUS cmd_samr_lookup_names(struct rpc_pipe_client *cli,
 
 	num_names = argc - 2;
 
-	if ((names = TALLOC_ARRAY(mem_ctx, const char *, num_names)) == NULL) {
-		rpccli_samr_close(cli, mem_ctx, &domain_pol);
-		rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	if ((names = TALLOC_ARRAY(mem_ctx, struct lsa_String, num_names)) == NULL) {
+		rpccli_samr_Close(cli, mem_ctx, &domain_pol);
+		rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 		result = NT_STATUS_NO_MEMORY;
 		goto done;
 	}
 
-	for (i = 0; i < num_names; i++)
-		names[i] = argv[i + 2];
+	for (i = 0; i < num_names; i++) {
+		init_lsa_String(&names[i], argv[i + 2]);
+	}
 
-	result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
-				       flags, num_names, names,
-				       &num_rids, &rids, &name_types);
+	result = rpccli_samr_LookupNames(cli, mem_ctx,
+					 &domain_pol,
+					 num_names,
+					 names,
+					 &rids,
+					 &name_types);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
@@ -1690,25 +1947,27 @@ static NTSTATUS cmd_samr_lookup_names(struct rpc_pipe_client *cli,
 	/* Display results */
 
 	for (i = 0; i < num_names; i++)
-		printf("name %s: 0x%x (%d)\n", names[i], rids[i], 
-		       name_types[i]);
+		printf("name %s: 0x%x (%d)\n", names[i].string, rids.ids[i],
+		       name_types.ids[i]);
 
-	rpccli_samr_close(cli, mem_ctx, &domain_pol);
-	rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	rpccli_samr_Close(cli, mem_ctx, &domain_pol);
+	rpccli_samr_Close(cli, mem_ctx, &connect_pol);
  done:
 	return result;
 }
 
 /* Lookup sam rids */
 
-static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli,
                                      TALLOC_CTX *mem_ctx,
-                                     int argc, const char **argv) 
+                                     int argc, const char **argv)
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	POLICY_HND connect_pol, domain_pol;
-	uint32 num_rids, num_names, *rids, *name_types;
-	char **names;
+	uint32_t num_rids, *rids;
+	struct lsa_Strings names;
+	struct samr_Ids types;
+
 	int i;
 
 	if (argc < 3) {
@@ -1718,20 +1977,24 @@ static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli,
 
 	/* Get sam policy and domain handles */
 
-	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 				   &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
 	if (StrCaseCmp(argv[1], "domain")==0)
-		result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-					      MAXIMUM_ALLOWED_ACCESS,
-					      &domain_sid, &domain_pol);
+		result = rpccli_samr_OpenDomain(cli, mem_ctx,
+						&connect_pol,
+						MAXIMUM_ALLOWED_ACCESS,
+						&domain_sid,
+						&domain_pol);
 	else if (StrCaseCmp(argv[1], "builtin")==0)
-		result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-					      MAXIMUM_ALLOWED_ACCESS,
-					      &global_sid_Builtin, &domain_pol);
+		result = rpccli_samr_OpenDomain(cli, mem_ctx,
+						&connect_pol,
+						MAXIMUM_ALLOWED_ACCESS,
+						CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
+						&domain_pol);
 	else
 		return NT_STATUS_OK;
 
@@ -1743,8 +2006,8 @@ static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli,
 	num_rids = argc - 2;
 
 	if ((rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids)) == NULL) {
-		rpccli_samr_close(cli, mem_ctx, &domain_pol);
-		rpccli_samr_close(cli, mem_ctx, &connect_pol);
+		rpccli_samr_Close(cli, mem_ctx, &domain_pol);
+		rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 		result = NT_STATUS_NO_MEMORY;
 		goto done;
 	}
@@ -1752,8 +2015,12 @@ static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli,
 	for (i = 0; i < argc - 2; i++)
                 sscanf(argv[i + 2], "%i", &rids[i]);
 
-	result = rpccli_samr_lookup_rids(cli, mem_ctx, &domain_pol, num_rids, rids,
-				      &num_names, &names, &name_types);
+	result = rpccli_samr_LookupRids(cli, mem_ctx,
+					&domain_pol,
+					num_rids,
+					rids,
+					&names,
+					&types);
 
 	if (!NT_STATUS_IS_OK(result) &&
 	    !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
@@ -1761,20 +2028,22 @@ static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli,
 
 	/* Display results */
 
-	for (i = 0; i < num_names; i++)
-		printf("rid 0x%x: %s (%d)\n", rids[i], names[i], name_types[i]);
+	for (i = 0; i < num_rids; i++) {
+		printf("rid 0x%x: %s (%d)\n",
+			rids[i], names.names[i].string, types.ids[i]);
+	}
 
-	rpccli_samr_close(cli, mem_ctx, &domain_pol);
-	rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	rpccli_samr_Close(cli, mem_ctx, &domain_pol);
+	rpccli_samr_Close(cli, mem_ctx, &connect_pol);
  done:
 	return result;
 }
 
 /* Delete domain group */
 
-static NTSTATUS cmd_samr_delete_dom_group(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_delete_dom_group(struct rpc_pipe_client *cli,
                                          TALLOC_CTX *mem_ctx,
-                                         int argc, const char **argv) 
+                                         int argc, const char **argv)
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	POLICY_HND connect_pol, domain_pol, group_pol;
@@ -1784,21 +2053,23 @@ static NTSTATUS cmd_samr_delete_dom_group(struct rpc_pipe_client *cli,
 		printf("Usage: %s groupname\n", argv[0]);
 		return NT_STATUS_OK;
 	}
-	
+
 	if (argc > 2)
                 sscanf(argv[2], "%x", &access_mask);
 
 	/* Get sam policy and domain handles */
 
-	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 				   &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      &domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(cli, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					&domain_sid,
+					&domain_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
@@ -1806,37 +2077,43 @@ static NTSTATUS cmd_samr_delete_dom_group(struct rpc_pipe_client *cli,
 	/* Get handle on group */
 
 	{
-		uint32 *group_rids, num_rids, *name_types;
-		uint32 flags = 0x000003e8; /* Unknown */
+		struct samr_Ids group_rids, name_types;
+		struct lsa_String lsa_acct_name;
 
-		result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
-					       flags, 1, (const char **)&argv[1],
-					       &num_rids, &group_rids,
-					       &name_types);
+		init_lsa_String(&lsa_acct_name, argv[1]);
 
+		result = rpccli_samr_LookupNames(cli, mem_ctx,
+						 &domain_pol,
+						 1,
+						 &lsa_acct_name,
+						 &group_rids,
+						 &name_types);
 		if (!NT_STATUS_IS_OK(result))
 			goto done;
 
-		result = rpccli_samr_open_group(cli, mem_ctx, &domain_pol,
-						access_mask,
-						group_rids[0], &group_pol);
+		result = rpccli_samr_OpenGroup(cli, mem_ctx,
+					       &domain_pol,
+					       access_mask,
+					       group_rids.ids[0],
+					       &group_pol);
 
 		if (!NT_STATUS_IS_OK(result))
 			goto done;
 	}
 
-	/* Delete user */
+	/* Delete group */
 
-	result = rpccli_samr_delete_dom_group(cli, mem_ctx, &group_pol);
+	result = rpccli_samr_DeleteDomainGroup(cli, mem_ctx,
+					       &group_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
 	/* Display results */
 
-	rpccli_samr_close(cli, mem_ctx, &group_pol);
-	rpccli_samr_close(cli, mem_ctx, &domain_pol);
-	rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	rpccli_samr_Close(cli, mem_ctx, &group_pol);
+	rpccli_samr_Close(cli, mem_ctx, &domain_pol);
+	rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 
  done:
 	return result;
@@ -1844,9 +2121,9 @@ static NTSTATUS cmd_samr_delete_dom_group(struct rpc_pipe_client *cli,
 
 /* Delete domain user */
 
-static NTSTATUS cmd_samr_delete_dom_user(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_delete_dom_user(struct rpc_pipe_client *cli,
                                          TALLOC_CTX *mem_ctx,
-                                         int argc, const char **argv) 
+                                         int argc, const char **argv)
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	POLICY_HND connect_pol, domain_pol, user_pol;
@@ -1856,21 +2133,23 @@ static NTSTATUS cmd_samr_delete_dom_user(struct rpc_pipe_client *cli,
 		printf("Usage: %s username\n", argv[0]);
 		return NT_STATUS_OK;
 	}
-	
+
 	if (argc > 2)
                 sscanf(argv[2], "%x", &access_mask);
 
 	/* Get sam policy and domain handles */
 
-	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 				   &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      &domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(cli, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					&domain_sid,
+					&domain_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
@@ -1878,20 +2157,26 @@ static NTSTATUS cmd_samr_delete_dom_user(struct rpc_pipe_client *cli,
 	/* Get handle on user */
 
 	{
-		uint32 *user_rids, num_rids, *name_types;
-		uint32 flags = 0x000003e8; /* Unknown */
+		struct samr_Ids user_rids, name_types;
+		struct lsa_String lsa_acct_name;
 
-		result = rpccli_samr_lookup_names(cli, mem_ctx, &domain_pol,
-					       flags, 1, (const char **)&argv[1],
-					       &num_rids, &user_rids,
-					       &name_types);
+		init_lsa_String(&lsa_acct_name, argv[1]);
+
+		result = rpccli_samr_LookupNames(cli, mem_ctx,
+						 &domain_pol,
+						 1,
+						 &lsa_acct_name,
+						 &user_rids,
+						 &name_types);
 
 		if (!NT_STATUS_IS_OK(result))
 			goto done;
 
-		result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
-					    access_mask,
-					    user_rids[0], &user_pol);
+		result = rpccli_samr_OpenUser(cli, mem_ctx,
+					      &domain_pol,
+					      access_mask,
+					      user_rids.ids[0],
+					      &user_pol);
 
 		if (!NT_STATUS_IS_OK(result))
 			goto done;
@@ -1899,27 +2184,28 @@ static NTSTATUS cmd_samr_delete_dom_user(struct rpc_pipe_client *cli,
 
 	/* Delete user */
 
-	result = rpccli_samr_delete_dom_user(cli, mem_ctx, &user_pol);
+	result = rpccli_samr_DeleteUser(cli, mem_ctx,
+					&user_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
 	/* Display results */
 
-	rpccli_samr_close(cli, mem_ctx, &user_pol);
-	rpccli_samr_close(cli, mem_ctx, &domain_pol);
-	rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	rpccli_samr_Close(cli, mem_ctx, &user_pol);
+	rpccli_samr_Close(cli, mem_ctx, &domain_pol);
+	rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 
  done:
 	return result;
 }
 
 /**********************************************************************
- * Query user security object 
+ * Query user security object
  */
-static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
                                     TALLOC_CTX *mem_ctx,
-                                    int argc, const char **argv) 
+                                    int argc, const char **argv)
 {
 	POLICY_HND connect_pol, domain_pol, user_pol, *pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -1931,14 +2217,14 @@ static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
 	bool domain = False;
 
 	ctx=talloc_init("cmd_samr_query_sec_obj");
-	
+
 	if ((argc < 1) || (argc > 3)) {
 		printf("Usage: %s [rid|-d] [sec_info]\n", argv[0]);
 		printf("\tSpecify rid for security on user, -d for security on domain\n");
 		talloc_destroy(ctx);
 		return NT_STATUS_OK;
 	}
-	
+
 	if (argc > 1) {
 		if (strcmp(argv[1], "-d") == 0)
 			domain = True;
@@ -1949,7 +2235,7 @@ static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
 	if (argc == 3) {
 		sec_info = atoi(argv[2]);
 	}
-	
+
 	slprintf(server, sizeof(fstring)-1, "\\\\%s", cli->cli->desthost);
 	strupper_m(server);
 	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
@@ -1959,17 +2245,21 @@ static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
 		goto done;
 
 	if (domain || user_rid)
-		result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-					      MAXIMUM_ALLOWED_ACCESS,
-					      &domain_sid, &domain_pol);
+		result = rpccli_samr_OpenDomain(cli, mem_ctx,
+						&connect_pol,
+						MAXIMUM_ALLOWED_ACCESS,
+						&domain_sid,
+						&domain_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
 	if (user_rid)
-		result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
-					    MAXIMUM_ALLOWED_ACCESS,
-					    user_rid, &user_pol);
+		result = rpccli_samr_OpenUser(cli, mem_ctx,
+					      &domain_pol,
+					      MAXIMUM_ALLOWED_ACCESS,
+					      user_rid,
+					      &user_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
@@ -1986,97 +2276,103 @@ static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli,
 
 	/* Query SAM security object */
 
-	result = rpccli_samr_query_sec_obj(cli, mem_ctx, pol, sec_info, ctx, 
-					&sec_desc_buf);
+	result = rpccli_samr_QuerySecurity(cli, mem_ctx,
+					   pol,
+					   sec_info,
+					   &sec_desc_buf);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
 	display_sec_desc(sec_desc_buf->sd);
 
-	rpccli_samr_close(cli, mem_ctx, &user_pol);
-	rpccli_samr_close(cli, mem_ctx, &domain_pol);
-	rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	rpccli_samr_Close(cli, mem_ctx, &user_pol);
+	rpccli_samr_Close(cli, mem_ctx, &domain_pol);
+	rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 done:
 	talloc_destroy(ctx);
 	return result;
 }
 
-static NTSTATUS cmd_samr_get_usrdom_pwinfo(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_get_usrdom_pwinfo(struct rpc_pipe_client *cli,
 					   TALLOC_CTX *mem_ctx,
-					   int argc, const char **argv) 
+					   int argc, const char **argv)
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	POLICY_HND connect_pol, domain_pol, user_pol;
-	uint16 min_pwd_length;
-	uint32 password_properties, unknown1, rid;
+	struct samr_PwInfo info;
+	uint32_t rid;
 
 	if (argc != 2) {
 		printf("Usage: %s rid\n", argv[0]);
 		return NT_STATUS_OK;
 	}
-	
+
 	sscanf(argv[1], "%i", &rid);
 
-	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 				   &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
-	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-					 MAXIMUM_ALLOWED_ACCESS, &domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(cli, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					&domain_sid,
+					&domain_pol);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
-	result = rpccli_samr_open_user(cli, mem_ctx, &domain_pol,
-				       MAXIMUM_ALLOWED_ACCESS,
-				       rid, &user_pol);
+	result = rpccli_samr_OpenUser(cli, mem_ctx,
+				      &domain_pol,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      rid,
+				      &user_pol);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
-	result = rpccli_samr_get_usrdom_pwinfo(cli, mem_ctx, &user_pol,
-					       &min_pwd_length, &password_properties, 
-					       &unknown1) ;
-
+	result = rpccli_samr_GetUserPwInfo(cli, mem_ctx, &user_pol, &info);
 	if (NT_STATUS_IS_OK(result)) {
-		printf("min_pwd_length: %d\n", min_pwd_length);
-		printf("unknown1: %d\n", unknown1);
-		display_password_properties(password_properties);
+		printf("min_password_length: %d\n", info.min_password_length);
+		printf("%s\n",
+			NDR_PRINT_STRUCT_STRING(mem_ctx,
+				samr_PasswordProperties, &info.password_properties));
 	}
 
  done:
-	rpccli_samr_close(cli, mem_ctx, &user_pol);
-	rpccli_samr_close(cli, mem_ctx, &domain_pol);
-	rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	rpccli_samr_Close(cli, mem_ctx, &user_pol);
+	rpccli_samr_Close(cli, mem_ctx, &domain_pol);
+	rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 
 	return result;
 }
 
-
-static NTSTATUS cmd_samr_get_dom_pwinfo(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_get_dom_pwinfo(struct rpc_pipe_client *cli,
 					TALLOC_CTX *mem_ctx,
-					int argc, const char **argv) 
+					int argc, const char **argv)
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	uint16 min_pwd_length;
-	uint32 password_properties;
+	struct lsa_String domain_name;
+	struct samr_PwInfo info;
 
-	if (argc != 1) {
-		printf("Usage: %s\n", argv[0]);
+	if (argc < 1 || argc > 3) {
+		printf("Usage: %s <domain>\n", argv[0]);
 		return NT_STATUS_OK;
 	}
 
-	result = rpccli_samr_get_dom_pwinfo(cli, mem_ctx, &min_pwd_length, &password_properties) ;
-	
+	init_lsa_String(&domain_name, argv[1]);
+
+	result = rpccli_samr_GetDomPwInfo(cli, mem_ctx, &domain_name, &info);
+
 	if (NT_STATUS_IS_OK(result)) {
-		printf("min_pwd_length: %d\n", min_pwd_length);
-		display_password_properties(password_properties);
+		printf("min_password_length: %d\n", info.min_password_length);
+		display_password_properties(info.password_properties);
 	}
 
 	return result;
@@ -2084,54 +2380,60 @@ static NTSTATUS cmd_samr_get_dom_pwinfo(struct rpc_pipe_client *cli,
 
 /* Look up domain name */
 
-static NTSTATUS cmd_samr_lookup_domain(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_lookup_domain(struct rpc_pipe_client *cli,
 				       TALLOC_CTX *mem_ctx,
-				       int argc, const char **argv) 
+				       int argc, const char **argv)
 {
 	POLICY_HND connect_pol, domain_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
-	fstring domain_name,sid_string;
-	DOM_SID sid;
-	
+	fstring sid_string;
+	struct lsa_String domain_name;
+	DOM_SID *sid = NULL;
+
 	if (argc != 2) {
 		printf("Usage: %s domain_name\n", argv[0]);
 		return NT_STATUS_OK;
 	}
-	
-	sscanf(argv[1], "%s", domain_name);
-	
+
+	init_lsa_String(&domain_name, argv[1]);
+
 	result = try_samr_connects(cli, mem_ctx, access_mask, &connect_pol);
-	
+
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-				      access_mask, &domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(cli, mem_ctx,
+					&connect_pol,
+					access_mask,
+					&domain_sid,
+					&domain_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
-	
-	result = rpccli_samr_lookup_domain(
-		cli, mem_ctx, &connect_pol, domain_name, &sid);
+
+	result = rpccli_samr_LookupDomain(cli, mem_ctx,
+					  &connect_pol,
+					  &domain_name,
+					  &sid);
 
 	if (NT_STATUS_IS_OK(result)) {
-		sid_to_fstring(sid_string,&sid);
+		sid_to_fstring(sid_string, sid);
 		printf("SAMR_LOOKUP_DOMAIN: Domain Name: %s Domain SID: %s\n",
-		       domain_name,sid_string);
+		       argv[1], sid_string);
 	}
 
-	rpccli_samr_close(cli, mem_ctx, &domain_pol);
-	rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	rpccli_samr_Close(cli, mem_ctx, &domain_pol);
+	rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 done:
 	return result;
 }
 
 /* Change user password */
 
-static NTSTATUS cmd_samr_chgpasswd2(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_chgpasswd2(struct rpc_pipe_client *cli,
 				    TALLOC_CTX *mem_ctx,
-				    int argc, const char **argv) 
+				    int argc, const char **argv)
 {
 	POLICY_HND connect_pol, domain_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -2146,10 +2448,10 @@ static NTSTATUS cmd_samr_chgpasswd2(struct rpc_pipe_client *cli,
 	user = argv[1];
 	oldpass = argv[2];
 	newpass = argv[3];
-	
+
 	/* Get sam policy handle */
 
-	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 				   &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
@@ -2157,9 +2459,11 @@ static NTSTATUS cmd_samr_chgpasswd2(struct rpc_pipe_client *cli,
 
 	/* Get domain policy handle */
 
-	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-				      access_mask,
-				      &domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(cli, mem_ctx,
+					&connect_pol,
+					access_mask,
+					&domain_sid,
+					&domain_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
@@ -2170,10 +2474,10 @@ static NTSTATUS cmd_samr_chgpasswd2(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_close(cli, mem_ctx, &domain_pol);
+	result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
-	result = rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
  done:
@@ -2183,16 +2487,16 @@ static NTSTATUS cmd_samr_chgpasswd2(struct rpc_pipe_client *cli,
 
 /* Change user password */
 
-static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli, 
+static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
 				    TALLOC_CTX *mem_ctx,
-				    int argc, const char **argv) 
+				    int argc, const char **argv)
 {
 	POLICY_HND connect_pol, domain_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	const char *user, *oldpass, *newpass;
 	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
-	SAM_UNK_INFO_1 info;
-	SAMR_CHANGE_REJECT reject;
+	struct samr_DomInfo1 *info = NULL;
+	struct samr_ChangeReject *reject = NULL;
 
 	if (argc < 3) {
 		printf("Usage: %s username oldpass newpass\n", argv[0]);
@@ -2202,10 +2506,10 @@ static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
 	user = argv[1];
 	oldpass = argv[2];
 	newpass = argv[3];
-	
+
 	/* Get sam policy handle */
 
-	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
+	result = try_samr_connects(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
 				   &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
@@ -2213,35 +2517,43 @@ static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
 
 	/* Get domain policy handle */
 
-	result = rpccli_samr_open_domain(cli, mem_ctx, &connect_pol,
-				      access_mask,
-				      &domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(cli, mem_ctx,
+					&connect_pol,
+					access_mask,
+					&domain_sid,
+					&domain_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
 	/* Change user password */
-	result = rpccli_samr_chgpasswd3(cli, mem_ctx, user, newpass, oldpass, &info, &reject);
+	result = rpccli_samr_chgpasswd3(cli, mem_ctx,
+					user,
+					newpass,
+					oldpass,
+					&info,
+					&reject);
 
 	if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION)) {
-	
-		display_sam_unk_info_1(&info);
 
-		switch (reject.reject_reason) {
-			case REJECT_REASON_TOO_SHORT:
-				d_printf("REJECT_REASON_TOO_SHORT\n");
+		display_sam_dom_info_1(info);
+
+		switch (reject->reason) {
+			case SAMR_REJECT_TOO_SHORT:
+				d_printf("SAMR_REJECT_TOO_SHORT\n");
 				break;
-			case REJECT_REASON_IN_HISTORY:
-				d_printf("REJECT_REASON_IN_HISTORY\n");
+			case SAMR_REJECT_IN_HISTORY:
+				d_printf("SAMR_REJECT_IN_HISTORY\n");
 				break;
-			case REJECT_REASON_NOT_COMPLEX:
-				d_printf("REJECT_REASON_NOT_COMPLEX\n");
+			case SAMR_REJECT_COMPLEXITY:
+				d_printf("SAMR_REJECT_COMPLEXITY\n");
 				break;
-			case REJECT_REASON_OTHER:
-				d_printf("REJECT_REASON_OTHER\n");
+			case SAMR_REJECT_OTHER:
+				d_printf("SAMR_REJECT_OTHER\n");
 				break;
 			default:
-				d_printf("unknown reject reason: %d\n", reject.reject_reason);
+				d_printf("unknown reject reason: %d\n",
+					reject->reason);
 				break;
 		}
 	}
@@ -2249,10 +2561,10 @@ static NTSTATUS cmd_samr_chgpasswd3(struct rpc_pipe_client *cli,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_close(cli, mem_ctx, &domain_pol);
+	result = rpccli_samr_Close(cli, mem_ctx, &domain_pol);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
-	result = rpccli_samr_close(cli, mem_ctx, &connect_pol);
+	result = rpccli_samr_Close(cli, mem_ctx, &connect_pol);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
  done:
@@ -2271,12 +2583,16 @@ struct cmd_set samr_commands[] = {
 	{ "queryuseraliases", 	RPC_RTYPE_NTSTATUS, cmd_samr_query_useraliases, 	NULL, PI_SAMR, NULL,	"Query user aliases",      "" },
 	{ "querygroupmem", 	RPC_RTYPE_NTSTATUS, cmd_samr_query_groupmem, 	NULL, PI_SAMR, NULL,	"Query group membership",  "" },
 	{ "queryaliasmem", 	RPC_RTYPE_NTSTATUS, cmd_samr_query_aliasmem, 	NULL, PI_SAMR, NULL,	"Query alias membership",  "" },
+	{ "queryaliasinfo", 	RPC_RTYPE_NTSTATUS, cmd_samr_query_aliasinfo, 	NULL, PI_SAMR, NULL,	"Query alias info",       "" },
 	{ "deletealias", 	RPC_RTYPE_NTSTATUS, cmd_samr_delete_alias, 	NULL, PI_SAMR, NULL,	"Delete an alias",  "" },
 	{ "querydispinfo", 	RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo, 	NULL, PI_SAMR, NULL,	"Query display info",      "" },
+	{ "querydispinfo2", 	RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo2, 	NULL, PI_SAMR, NULL,	"Query display info",      "" },
+	{ "querydispinfo3", 	RPC_RTYPE_NTSTATUS, cmd_samr_query_dispinfo3, 	NULL, PI_SAMR, NULL,	"Query display info",      "" },
 	{ "querydominfo", 	RPC_RTYPE_NTSTATUS, cmd_samr_query_dominfo, 	NULL, PI_SAMR, NULL,	"Query domain info",       "" },
-	{ "enumdomusers",      RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_users,       NULL, PI_SAMR, NULL,	"Enumerate domain users", "" },
+	{ "enumdomusers",       RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_users,       NULL, PI_SAMR, NULL,	"Enumerate domain users", "" },
 	{ "enumdomgroups",      RPC_RTYPE_NTSTATUS, cmd_samr_enum_dom_groups,       NULL, PI_SAMR, NULL,	"Enumerate domain groups", "" },
 	{ "enumalsgroups",      RPC_RTYPE_NTSTATUS, cmd_samr_enum_als_groups,       NULL, PI_SAMR, NULL,	"Enumerate alias groups",  "" },
+	{ "enumdomains",        RPC_RTYPE_NTSTATUS, cmd_samr_enum_domains,          NULL, PI_SAMR, NULL,	"Enumerate domains",  "" },
 
 	{ "createdomuser",      RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_user,       NULL, PI_SAMR, NULL,	"Create domain user",      "" },
 	{ "createdomgroup",     RPC_RTYPE_NTSTATUS, cmd_samr_create_dom_group,      NULL, PI_SAMR, NULL,	"Create domain group",     "" },
diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c
index a7969bddd1..e923302f4e 100644
--- a/source3/rpcclient/cmd_spoolss.c
+++ b/source3/rpcclient/cmd_spoolss.c
@@ -1222,9 +1222,10 @@ void set_drv_info_3_env (DRIVER_INFO_3 *info, const char *arch)
 static char* get_driver_3_param (char* str, const char* delim, UNISTR* dest)
 {
 	char	*ptr;
+	char *saveptr;
 
 	/* get the next token */
-	ptr = strtok(str, delim);
+	ptr = strtok_r(str, delim, &saveptr);
 
 	/* a string of 'NULL' is used to represent an empty
 	   parameter because two consecutive delimiters
@@ -1251,7 +1252,8 @@ static bool init_drv_info_3_members ( TALLOC_CTX *mem_ctx, DRIVER_INFO_3 *info,
 {
 	char	*str, *str2;
 	uint32	len, i;
-	
+	char *saveptr = NULL;
+
 	/* fill in the UNISTR fields */
 	str = get_driver_3_param (args, ":", &info->name);
 	str = get_driver_3_param (NULL, ":", &info->driverpath);
@@ -1266,13 +1268,13 @@ static bool init_drv_info_3_members ( TALLOC_CTX *mem_ctx, DRIVER_INFO_3 *info,
 	str = str2;			
 
 	/* begin to strip out each filename */
-	str = strtok(str, ",");		
+	str = strtok_r(str, ",", &saveptr);
 	len = 0;
 	while (str != NULL)
 	{
 		/* keep a cumlative count of the str lengths */
 		len += strlen(str)+1;
-		str = strtok(NULL, ",");
+		str = strtok_r(NULL, ",", &saveptr);
 	}
 
 	/* allocate the space; add one extra slot for a terminating NULL.
@@ -1481,7 +1483,7 @@ static WERROR cmd_spoolss_setdriver(struct rpc_pipe_client *cli,
 		goto done;;
 	}
 
-	printf("Succesfully set %s to driver %s.\n", argv[1], argv[2]);
+	printf("Successfully set %s to driver %s.\n", argv[1], argv[2]);
 
 done:
 	/* Cleanup */
diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c
index 081e0fb15e..5e87058111 100644
--- a/source3/rpcclient/rpcclient.c
+++ b/source3/rpcclient/rpcclient.c
@@ -133,12 +133,10 @@ static void fetch_machine_sid(struct cli_state *cli)
 {
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_OK;
-	uint32 info_class = 5;
-	const char *domain_name = NULL;
 	static bool got_domain_sid;
 	TALLOC_CTX *mem_ctx;
-	DOM_SID *dom_sid = NULL;
 	struct rpc_pipe_client *lsapipe = NULL;
+	union lsa_PolicyInformation *info = NULL;
 
 	if (got_domain_sid) return;
 
@@ -159,14 +157,16 @@ static void fetch_machine_sid(struct cli_state *cli)
 		goto error;
 	}
 
-	result = rpccli_lsa_query_info_policy(lsapipe, mem_ctx, &pol, info_class, 
-					   &domain_name, &dom_sid);
+	result = rpccli_lsa_QueryInfoPolicy(lsapipe, mem_ctx,
+					    &pol,
+					    LSA_POLICY_INFO_ACCOUNT_DOMAIN,
+					    &info);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto error;
 	}
 
 	got_domain_sid = True;
-	sid_copy( &domain_sid, dom_sid );
+	sid_copy(&domain_sid, info->account_domain.sid);
 
 	rpccli_lsa_Close(lsapipe, mem_ctx, &pol);
 	cli_rpc_pipe_close(lsapipe);
@@ -503,6 +503,7 @@ extern struct cmd_set echo_commands[];
 extern struct cmd_set shutdown_commands[];
 extern struct cmd_set test_commands[];
 extern struct cmd_set wkssvc_commands[];
+extern struct cmd_set ntsvcs_commands[];
 
 static struct cmd_set *rpcclient_command_list[] = {
 	rpcclient_commands,
@@ -517,6 +518,7 @@ static struct cmd_set *rpcclient_command_list[] = {
 	shutdown_commands,
  	test_commands,
 	wkssvc_commands,
+	ntsvcs_commands,
 	NULL
 };
 
@@ -605,7 +607,7 @@ static NTSTATUS do_cmd(struct cli_state *cli,
 		}
 
 		if (cmd_entry->pipe_idx == PI_NETLOGON) {
-			uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+			uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
 			uint32 sec_channel_type;
 			uchar trust_password[16];
 	
diff --git a/source3/script/build_idl.sh b/source3/script/build_idl.sh
index 7aaddc70c7..39a63573b9 100755
--- a/source3/script/build_idl.sh
+++ b/source3/script/build_idl.sh
@@ -23,7 +23,7 @@ for f in ${IDL_FILES}; do
 	basename=`basename $f .idl`
 	ndr="librpc/gen_ndr/ndr_$basename.c"
 
-	if [ -f $ndr ] && false; then
+	if [ -f $ndr ] ; then
 		if [ "x`find librpc/idl/$f -newer $ndr -print`" = "xlibrpc/idl/$f" ]; then
 			list="$list librpc/idl/$f"
 		fi
diff --git a/source3/script/installbin.sh.in b/source3/script/installbin.sh.in
index 59a6c31ca8..c607d9e445 100755
--- a/source3/script/installbin.sh.in
+++ b/source3/script/installbin.sh.in
@@ -19,15 +19,6 @@ for p in $*; do
  fi
  cp $p $DESTDIR/$BINDIR/
  chmod $INSTALLPERMS $DESTDIR/$BINDIR/$p2
-
- # this is a special case, mount needs this in a specific location
- if [ $p2 = smbmount ]; then
-   if [ ! -d $DESTDIR/@rootsbindir@ ]; then
-      mkdir $DESTDIR/@rootsbindir@
-   fi
-   echo "Creating sym link $DESTDIR/@rootsbindir@/mount.smbfs to $BINDIR/$p2 "
-   ln -sf $BINDIR/$p2 $DESTDIR/@rootsbindir@/mount.smbfs
- fi
 done
 
 
diff --git a/source3/script/installman.sh b/source3/script/installman.sh
index 7edc707ab0..869ce6ee38 100755
--- a/source3/script/installman.sh
+++ b/source3/script/installman.sh
@@ -49,7 +49,6 @@ for lang in $langs; do
 	    # Check if this man page if required by the configured feature set
 	    case "${MP_BASENAME}" in
 	    	smbsh.1) test -z "${SMBWRAPPER}" && continue ;;
-		smbmnt.8|smbmount.8|smbumount.8) test -z "${SMBMOUNT_PROGS}" && continue ;;
 		*) ;;
 	    esac
 
diff --git a/source3/script/mkproto.sh b/source3/script/mkproto.sh
index e46e73e3e9..8561f42dff 100755
--- a/source3/script/mkproto.sh
+++ b/source3/script/mkproto.sh
@@ -25,7 +25,7 @@ header="$1"
 shift
 headertmp="$header.$$.tmp~"
 
-proto_src="`echo $@ | tr ' ' '\n' | sed -e 's/\.o/\.c/g' | sort | uniq | egrep -v 'tdb/|wrapped|modules/getdate'`"
+proto_src="`echo $@ | tr ' ' '\n' | sed -e 's/\.o/\.c/g' | sort | uniq | egrep -v 'tdb/|wrapped|modules/getdate' | egrep -v '\.a$'`"
 
 echo creating $header
 
diff --git a/source3/script/mksyms.awk b/source3/script/mksyms.awk
new file mode 100644
index 0000000000..a30bea4d34
--- /dev/null
+++ b/source3/script/mksyms.awk
@@ -0,0 +1,76 @@
+#
+# mksyms.awk
+#
+# Extract symbols to export from C-header files.
+# output in version-script format for linking shared libraries.
+#
+# Copyright (C) 2008 Micheal Adam <obnox@samba.org>
+#
+BEGIN {
+	inheader=0;
+	current_file="";
+	print "#"
+	print "# This file is automatically generated with \"make symbols\". DO NOT EDIT "
+	print "#"
+	print "{"
+	print "\tglobal:"
+}
+
+END {
+	print""
+	print "\tlocal: *;"
+	print "};"
+}
+
+{
+	if (FILENAME!=current_file) {
+		print "\t\t# The following definitions come from",FILENAME
+		current_file=FILENAME
+	}
+	if (inheader) {
+		if (match($0,"[)][ \t]*[;][ \t]*$")) {
+			inheader = 0;
+		}
+		next;
+	}
+}
+
+/^static/ || /^[ \t]*typedef/ || !/^[a-zA-Z\_]/ {
+	next;
+}
+
+/^extern[ \t]+[^()]+[;][ \t]*$/ {
+	gsub(/[^ \t]+[ \t]+/, "");
+	sub(/[;][ \t]*$/, "");
+	printf "\t\t%s;\n", $0;
+	next;
+}
+
+# look for function headers:
+{
+	gotstart = 0;
+	if ($0 ~ /^[A-Za-z_][A-Za-z0-9_]+/) {
+	gotstart = 1;
+	}
+	if(!gotstart) {
+		next;
+	}
+}
+
+/[_A-Za-z0-9]+[ \t]*[(].*[)][ \t]*;[ \t]*$/ {
+	sub(/[(].*$/, "");
+	gsub(/[^ \t]+[ \t]+/, "");
+	gsub(/^[*]/, "");
+	printf "\t\t%s;\n",$0;
+	next;
+}
+
+/[_A-Za-z0-9]+[ \t]*[(]/ {
+	inheader=1;
+	sub(/[(].*$/, "");
+	gsub(/[^ \t]+[ \t]+/, "");
+	gsub(/^[*]/, "");
+	printf "\t\t%s;\n",$0;
+	next;
+}
+
diff --git a/source3/script/mksyms.sh b/source3/script/mksyms.sh
new file mode 100755
index 0000000000..637ec5027c
--- /dev/null
+++ b/source3/script/mksyms.sh
@@ -0,0 +1,45 @@
+#! /bin/sh
+
+#
+# mksyms.sh
+#
+# Extract symbols to export from C-header files.
+# output in version-script format for linking shared libraries.
+#
+# This is the shell warpper for the mksyms.awk core script.
+#
+# Copyright (C) 2008 Micheal Adam <obnox@samba.org>
+#
+
+LANG=C; export LANG
+LC_ALL=C; export LC_ALL
+LC_COLLATE=C; export LC_COLLATE
+
+if [ $# -lt 2 ]
+then
+  echo "Usage: $0 awk output_file header_files"
+  exit 1
+fi
+
+awk="$1"
+shift
+
+symsfile="$1"
+shift
+symsfile_tmp="$symsfile.$$.tmp~"
+
+proto_src="`echo $@ | tr ' ' '\n' | sort | uniq `"
+
+echo creating $symsfile
+
+mkdir -p `dirname $symsfile`
+
+${awk} -f script/mksyms.awk $proto_src > $symsfile_tmp
+
+if cmp -s $symsfile $symsfile_tmp 2>/dev/null
+then
+  echo "$symsfile unchanged"
+  rm $symsfile_tmp
+else
+  mv $symsfile_tmp $symsfile
+fi
diff --git a/source3/script/tests/selftest.sh b/source3/script/tests/selftest.sh
index 5a170b2117..c6232cf301 100755
--- a/source3/script/tests/selftest.sh
+++ b/source3/script/tests/selftest.sh
@@ -186,7 +186,7 @@ cat >$SERVERCONFFILE<<EOF
 	map hidden = yes
 	map system = yes
 	create mask = 755
-	vfs objects = $BINDIR/xattr_tdb.so
+	vfs objects = $BINDIR/xattr_tdb.so $BINDIR/streams_xattr.so
 [hideunread]
 	copy = tmp
 	hide unreadable = yes
diff --git a/source3/script/tests/test_ntlm_auth_s3.sh b/source3/script/tests/test_ntlm_auth_s3.sh
new file mode 100755
index 0000000000..6c97f2e650
--- /dev/null
+++ b/source3/script/tests/test_ntlm_auth_s3.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+incdir=`dirname $0`
+. $incdir/test_functions.sh
+
+failed=0
+
+(/usr/bin/env python --version > /dev/null 2>&1)
+
+if test $? -ne 0;
+then
+	echo "Python binary not found in path. Skipping ntlm_auth tests."
+	exit 0
+fi
+
+testit "ntlm_auth" $VALGRIND $SRCDIR/torture/test_ntlm_auth.py $BINDIR/ntlm_auth --configfile=$CONFFILE || failed=`expr $failed + 1`
+# This should work even with NTLMv2
+testit "ntlm_auth" $VALGRIND $SRCDIR/torture/test_ntlm_auth.py $BINDIR/ntlm_auth --configfile=$CONFFILE --client-domain=fOo --server-domain=fOo || failed=`expr $failed + 1`
+
+
+testok $0 $failed
diff --git a/source3/script/tests/test_posix_s3.sh b/source3/script/tests/test_posix_s3.sh
index 0b4a52d4b5..7b4c0224ba 100755
--- a/source3/script/tests/test_posix_s3.sh
+++ b/source3/script/tests/test_posix_s3.sh
@@ -50,10 +50,12 @@ skipped="BASE-CHARSET BASE-DELAYWRITE BASE-TCONDEV"
 skipped="$skipped RAW-ACLS RAW-COMPOSITE RAW-CONTEXT"
 skipped="$skipped RAW-IOCTL"
 skipped="$skipped RAW-QFILEINFO RAW-QFSINFO RAW-SEARCH"
-skipped="$skipped RAW-SFILEINFO RAW-STREAMS"
+skipped="$skipped RAW-SFILEINFO"
 
 echo "WARNING: Skipping tests $skipped"
 
+ADDARGS="$ADDARGS --option=torture:sharedelay=100000"
+
 failed=0
 for t in $tests; do
     if [ ! -z "$start" -a "$start" != $t ]; then
diff --git a/source3/script/tests/tests_all.sh b/source3/script/tests/tests_all.sh
index 259e28e6e7..369cf3ebe3 100755
--- a/source3/script/tests/tests_all.sh
+++ b/source3/script/tests/tests_all.sh
@@ -6,6 +6,7 @@ $SCRIPTDIR/test_smbclient_s3.sh $SERVER $SERVER_IP || failed=`expr $failed + $?`
 echo "Testing encrypted"
 $SCRIPTDIR/test_smbclient_s3.sh $SERVER $SERVER_IP "-e" || failed=`expr $failed + $?`
 $SCRIPTDIR/test_wbinfo_s3.sh $WORKGROUP $SERVER $USERNAME $PASSWORD || failed=`expr $failed + $?`
+$SCRIPTDIR/test_ntlm_auth_s3.sh || failed=`expr $failed + $?`
 
 eval "$LIB_PATH_VAR="\$SAMBA4SHAREDDIR:\$$LIB_PATH_VAR"; export $LIB_PATH_VAR"
 eval echo "$LIB_PATH_VAR=\$$LIB_PATH_VAR"
diff --git a/source3/script/uninstallbin.sh.in b/source3/script/uninstallbin.sh.in
index e1bbf6ecb1..8064db8d95 100755
--- a/source3/script/uninstallbin.sh.in
+++ b/source3/script/uninstallbin.sh.in
@@ -26,12 +26,6 @@ for p in $*; do
       echo "Cannot remove $DESTDIR/$BINDIR/$p2 ... does $USER have privileges? "
     fi
   fi
-
-  # this is a special case, mount needs this in a specific location
-  if test "$p2" = smbmount -a -f "$DESTDIR/sbin/mount.smbfs"; then
-    echo "Removing $DESTDIR/sbin/mount.smbfs "
-    rm -f "$DESTDIR/@rootsbindir@/sbin/mount.smbfs"
-  fi
 done
 
 
diff --git a/source3/services/services_db.c b/source3/services/services_db.c
index b1daae4df8..ae83e72697 100644
--- a/source3/services/services_db.c
+++ b/source3/services/services_db.c
@@ -469,7 +469,7 @@ void svcctl_init_keys( void )
 
 	fetch_reg_keys( key, subkeys );
 
-	/* the builting services exist */
+	/* the builtin services exist */
 
 	for ( i=0; builtin_svcs[i].servicename; i++ )
 		add_new_svc_name( key, subkeys, builtin_svcs[i].servicename );
@@ -520,25 +520,21 @@ SEC_DESC *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *
 	if ( !W_ERROR_IS_OK(wresult) ) {
 		DEBUG(0,("svcctl_get_secdesc: key lookup failed! [%s] (%s)\n",
 			path, dos_errstr(wresult)));
-		SAFE_FREE(path);
-		return NULL;
+		goto done;
 	}
-	SAFE_FREE(path);
 
 	if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) {
-		DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
-		TALLOC_FREE( key );
-		return NULL;
+		DEBUG(0,("svcctl_get_secdesc: talloc() failed!\n"));
+		goto done;
 	}
 
-	fetch_reg_values( key, values );
-
-	TALLOC_FREE(key);
+	if (fetch_reg_values( key, values ) == -1) {
+		DEBUG(0, ("Error getting registry values\n"));
+		goto done;
+	}
 
 	if ( !(val = regval_ctr_getvalue( values, "Security" )) ) {
-		DEBUG(6,("svcctl_get_secdesc: constructing default secdesc for service [%s]\n", 
-			name));
-		return construct_service_sd( ctx );
+		goto fallback_to_default_sd;
 	}
 
 	/* stream the service security descriptor */
@@ -546,10 +542,18 @@ SEC_DESC *svcctl_get_secdesc( TALLOC_CTX *ctx, const char *name, NT_USER_TOKEN *
 	status = unmarshall_sec_desc(ctx, regval_data_p(val),
 				     regval_size(val), &ret_sd);
 
-	if (!NT_STATUS_IS_OK(status)) {
-		return construct_service_sd( ctx );
+	if (NT_STATUS_IS_OK(status)) {
+		goto done;
 	}
 
+fallback_to_default_sd:
+	DEBUG(6, ("svcctl_get_secdesc: constructing default secdesc for "
+		  "service [%s]\n", name));
+	ret_sd = construct_service_sd(ctx);
+
+done:
+	SAFE_FREE(path);
+	TALLOC_FREE(key);
 	return ret_sd;
 }
 
@@ -582,7 +586,7 @@ bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, SEC_DESC *sec_desc,
 	SAFE_FREE(path);
 
 	if ( !(values = TALLOC_ZERO_P( key, REGVAL_CTR )) ) {
-		DEBUG(0,("add_new_svc_name: talloc() failed!\n"));
+		DEBUG(0,("svcctl_set_secdesc: talloc() failed!\n"));
 		TALLOC_FREE( key );
 		return False;
 	}
diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c
index 9c25f69c97..2889e3c13f 100644
--- a/source3/smbd/aio.c
+++ b/source3/smbd/aio.c
@@ -141,21 +141,27 @@ static struct aio_extra *find_aio_ex(uint16 mid)
  We can have these many aio buffers in flight.
 *****************************************************************************/
 
-#define AIO_PENDING_SIZE 10
+static int aio_pending_size;
 static sig_atomic_t signals_received;
 static int outstanding_aio_calls;
-static uint16 aio_pending_array[AIO_PENDING_SIZE];
+static uint16 *aio_pending_array;
 
 /****************************************************************************
  Signal handler when an aio request completes.
 *****************************************************************************/
 
-static void signal_handler(int sig, siginfo_t *info, void *unused)
+void aio_request_done(uint16_t mid)
 {
-	if (signals_received < AIO_PENDING_SIZE) {
-		aio_pending_array[signals_received] = info->si_value.sival_int;
+	if (signals_received < aio_pending_size) {
+		aio_pending_array[signals_received] = mid;
 		signals_received++;
-	} /* Else signal is lost. */
+	}
+	/* Else signal is lost. */
+}
+
+static void signal_handler(int sig, siginfo_t *info, void *unused)
+{
+	aio_request_done(info->si_value.sival_int);
 	sys_select_signal(RT_SIGNAL_AIO);
 }
 
@@ -176,6 +182,10 @@ void initialize_async_io_handler(void)
 {
 	struct sigaction act;
 
+	aio_pending_size = lp_maxmux();
+	aio_pending_array = SMB_MALLOC_ARRAY(uint16, aio_pending_size);
+	SMB_ASSERT(aio_pending_array != NULL);
+
 	ZERO_STRUCT(act);
 	act.sa_sigaction = signal_handler;
 	act.sa_flags = SA_SIGINFO;
@@ -202,7 +212,14 @@ bool schedule_aio_read_and_X(connection_struct *conn,
 	size_t bufsize;
 	size_t min_aio_read_size = lp_aio_read_size(SNUM(conn));
 
-	if (!min_aio_read_size || (smb_maxcnt < min_aio_read_size)) {
+	if (fsp->base_fsp != NULL) {
+		/* No AIO on streams yet */
+		DEBUG(10, ("AIO on streams not yet supported\n"));
+		return false;
+	}
+
+	if ((!min_aio_read_size || (smb_maxcnt < min_aio_read_size))
+	    && !SMB_VFS_AIO_FORCE(fsp)) {
 		/* Too small a read for aio request. */
 		DEBUG(10,("schedule_aio_read_and_X: read size (%u) too small "
 			  "for minimum aio_read of %u\n",
@@ -218,7 +235,7 @@ bool schedule_aio_read_and_X(connection_struct *conn,
 		return False;
 	}
 
-	if (outstanding_aio_calls >= AIO_PENDING_SIZE) {
+	if (outstanding_aio_calls >= aio_pending_size) {
 		DEBUG(10,("schedule_aio_read_and_X: Already have %d aio "
 			  "activities outstanding.\n",
 			  outstanding_aio_calls ));
@@ -284,7 +301,14 @@ bool schedule_aio_write_and_X(connection_struct *conn,
 	bool write_through = BITSETW(req->inbuf+smb_vwv7,0);
 	size_t min_aio_write_size = lp_aio_write_size(SNUM(conn));
 
-	if (!min_aio_write_size || (numtowrite < min_aio_write_size)) {
+	if (fsp->base_fsp != NULL) {
+		/* No AIO on streams yet */
+		DEBUG(10, ("AIO on streams not yet supported\n"));
+		return false;
+	}
+
+	if ((!min_aio_write_size || (numtowrite < min_aio_write_size))
+	    && !SMB_VFS_AIO_FORCE(fsp)) {
 		/* Too small a write for aio request. */
 		DEBUG(10,("schedule_aio_write_and_X: write size (%u) too "
 			  "small for minimum aio_write of %u\n",
@@ -300,7 +324,7 @@ bool schedule_aio_write_and_X(connection_struct *conn,
 		return False;
 	}
 
-	if (outstanding_aio_calls >= AIO_PENDING_SIZE) {
+	if (outstanding_aio_calls >= aio_pending_size) {
 		DEBUG(3,("schedule_aio_write_and_X: Already have %d aio "
 			 "activities outstanding.\n",
 			  outstanding_aio_calls ));
@@ -349,6 +373,8 @@ bool schedule_aio_write_and_X(connection_struct *conn,
 		return False;
 	}
 
+	release_level_2_oplocks_on_change(fsp);
+
 	if (!write_through && !lp_syncalways(SNUM(fsp->conn))
 	    && fsp->aio_write_behind) {
 		/* Lie to the client and immediately claim we finished the
@@ -419,6 +445,9 @@ static int handle_aio_read_complete(struct aio_extra *aio_ex)
 		SSVAL(outbuf,smb_vwv7,((nread >> 16) & 1));
 		SSVAL(smb_buf(outbuf),-2,nread);
 
+		aio_ex->fsp->fh->pos = aio_ex->acb.aio_offset + nread;
+		aio_ex->fsp->fh->position_information = aio_ex->fsp->fh->pos;
+
 		DEBUG( 3, ( "handle_aio_read_complete file %s max=%d "
 			    "nread=%d\n",
 			    aio_ex->fsp->fsp_name,
@@ -520,6 +549,8 @@ static int handle_aio_write_complete(struct aio_extra *aio_ex)
                 	DEBUG(5,("handle_aio_write: sync_file for %s returned %s\n",
 				fsp->fsp_name, nt_errstr(status) ));
 		}
+
+		aio_ex->fsp->fh->pos = aio_ex->acb.aio_offset + nwritten;
 	}
 
 	show_msg(outbuf);
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index fb228f9e2a..e7ab60d22f 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -239,7 +239,8 @@ static int dochild(int master, const char *slavedev, const struct passwd *pass,
 static int expect(int master, char *issue, char *expected)
 {
 	char buffer[1024];
-	int attempts, timeout, nread, len;
+	int attempts, timeout, nread;
+	size_t len;
 	bool match = False;
 
 	for (attempts = 0; attempts < 2; attempts++) {
@@ -248,7 +249,8 @@ static int expect(int master, char *issue, char *expected)
 				DEBUG(100, ("expect: sending [%s]\n", issue));
 
 			if ((len = sys_write(master, issue, strlen(issue))) != strlen(issue)) {
-				DEBUG(2,("expect: (short) write returned %d\n", len ));
+				DEBUG(2,("expect: (short) write returned %d\n",
+					 (int)len ));
 				return False;
 			}
 		}
@@ -261,9 +263,16 @@ static int expect(int master, char *issue, char *expected)
 		nread = 0;
 		buffer[nread] = 0;
 
-		while ((len = read_socket_with_timeout(master, buffer + nread, 1,
-						       sizeof(buffer) - nread - 1,
-						       timeout, NULL)) > 0) {
+		while (True) {
+			NTSTATUS status;
+			status = read_socket_with_timeout(
+				master, buffer + nread, 1,
+				sizeof(buffer) - nread - 1,
+				timeout, &len);
+
+			if (!NT_STATUS_IS_OK(status)) {
+				break;
+			}
 			nread += len;
 			buffer[nread] = 0;
 
@@ -1092,7 +1101,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
 	if (!pdb_get_pass_can_change(hnd)) {
 		DEBUG(1, ("user %s does not have permissions to change password\n", username));
 		if (samr_reject_reason) {
-			*samr_reject_reason = REJECT_REASON_OTHER;
+			*samr_reject_reason = SAMR_REJECT_OTHER;
 		}
 		return NT_STATUS_ACCOUNT_RESTRICTION;
 	}
@@ -1106,7 +1115,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
 				  "denied by Refuse Machine Password Change policy\n",
 				  username));
 			if (samr_reject_reason) {
-				*samr_reject_reason = REJECT_REASON_OTHER;
+				*samr_reject_reason = SAMR_REJECT_OTHER;
 			}
 			return NT_STATUS_ACCOUNT_RESTRICTION;
 		}
@@ -1119,7 +1128,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
 			  "wait until %s\n", username,
 			  http_timestring(can_change_time)));
 		if (samr_reject_reason) {
-			*samr_reject_reason = REJECT_REASON_OTHER;
+			*samr_reject_reason = SAMR_REJECT_OTHER;
 		}
 		return NT_STATUS_ACCOUNT_RESTRICTION;
 	}
@@ -1129,7 +1138,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
 			  username));
 		DEBUGADD(1, (" account policy min password len = %d\n", min_len));
 		if (samr_reject_reason) {
-			*samr_reject_reason = REJECT_REASON_TOO_SHORT;
+			*samr_reject_reason = SAMR_REJECT_TOO_SHORT;
 		}
 		return NT_STATUS_PASSWORD_RESTRICTION;
 /* 		return NT_STATUS_PWD_TOO_SHORT; */
@@ -1137,7 +1146,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
 
 	if (check_passwd_history(hnd,new_passwd)) {
 		if (samr_reject_reason) {
-			*samr_reject_reason = REJECT_REASON_IN_HISTORY;
+			*samr_reject_reason = SAMR_REJECT_IN_HISTORY;
 		}
 		return NT_STATUS_PASSWORD_RESTRICTION;
 	}
@@ -1158,7 +1167,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
 		if (check_ret != 0) {
 			DEBUG(1, ("change_oem_password: check password script said new password is not good enough!\n"));
 			if (samr_reject_reason) {
-				*samr_reject_reason = REJECT_REASON_NOT_COMPLEX;
+				*samr_reject_reason = SAMR_REJECT_COMPLEXITY;
 			}
 			TALLOC_FREE(pass);
 			return NT_STATUS_PASSWORD_RESTRICTION;
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 4c385d7611..4bd23a35fc 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -156,6 +156,75 @@ static void notify_deferred_opens(struct share_mode_lock *lck)
 }
 
 /****************************************************************************
+ Delete all streams
+****************************************************************************/
+
+static NTSTATUS delete_all_streams(connection_struct *conn, const char *fname)
+{
+	struct stream_struct *stream_info;
+	int i;
+	unsigned int num_streams;
+	TALLOC_CTX *frame = talloc_stackframe();
+	NTSTATUS status;
+
+	status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
+				    &num_streams, &stream_info);
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
+		DEBUG(10, ("no streams around\n"));
+		TALLOC_FREE(frame);
+		return NT_STATUS_OK;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
+			   nt_errstr(status)));
+		goto fail;
+	}
+
+	DEBUG(10, ("delete_all_streams found %d streams\n",
+		   num_streams));
+
+	if (num_streams == 0) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_OK;
+	}
+
+	for (i=0; i<num_streams; i++) {
+		int res;
+		char *streamname;
+
+		if (strequal(stream_info[i].name, "::$DATA")) {
+			continue;
+		}
+
+		streamname = talloc_asprintf(talloc_tos(), "%s%s", fname,
+					     stream_info[i].name);
+
+		if (streamname == NULL) {
+			DEBUG(0, ("talloc_aprintf failed\n"));
+			status = NT_STATUS_NO_MEMORY;
+			goto fail;
+		}
+
+		res = SMB_VFS_UNLINK(conn, streamname);
+
+		TALLOC_FREE(streamname);
+
+		if (res == -1) {
+			status = map_nt_error_from_unix(errno);
+			DEBUG(10, ("Could not delete stream %s: %s\n",
+				   streamname, strerror(errno)));
+			break;
+		}
+	}
+
+ fail:
+	TALLOC_FREE(frame);
+	return status;
+}
+
+/****************************************************************************
  Deal with removing a share mode on last close.
 ****************************************************************************/
 
@@ -305,6 +374,19 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
 		goto done;
 	}
 
+	if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
+	    && !is_ntfs_stream_name(fsp->fsp_name)) {
+
+		status = delete_all_streams(conn, fsp->fsp_name);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(5, ("delete_all_streams failed: %s\n",
+				  nt_errstr(status)));
+			goto done;
+		}
+	}
+
+
 	if (SMB_VFS_UNLINK(conn,fsp->fsp_name) != 0) {
 		/*
 		 * This call can potentially fail as another smbd may
@@ -570,12 +652,37 @@ static NTSTATUS close_stat(files_struct *fsp)
   
 NTSTATUS close_file(files_struct *fsp, enum file_close_type close_type)
 {
+	NTSTATUS status;
+	struct files_struct *base_fsp = fsp->base_fsp;
+
 	if(fsp->is_directory) {
-		return close_directory(fsp, close_type);
+		status = close_directory(fsp, close_type);
 	} else if (fsp->is_stat) {
-		return close_stat(fsp);
+		status = close_stat(fsp);
 	} else if (fsp->fake_file_handle != NULL) {
-		return close_fake_file(fsp);
+		status = close_fake_file(fsp);
+	} else {
+		status = close_normal_file(fsp, close_type);
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
-	return close_normal_file(fsp, close_type);
+
+	if ((base_fsp != NULL) && (close_type != SHUTDOWN_CLOSE)) {
+
+		/*
+		 * fsp was a stream, the base fsp can't be a stream as well
+		 *
+		 * For SHUTDOWN_CLOSE this is not possible here, because
+		 * SHUTDOWN_CLOSE only happens from files.c which walks the
+		 * complete list of files. If we mess with more than one fsp
+		 * those loops will become confused.
+		 */
+
+		SMB_ASSERT(base_fsp->base_fsp == NULL);
+		close_file(base_fsp, close_type);
+	}
+
+	return status;
 }
diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c
index 016c8adb1b..d7063c9989 100644
--- a/source3/smbd/connection.c
+++ b/source3/smbd/connection.c
@@ -118,6 +118,15 @@ int count_current_connections( const char *sharename, bool clear  )
 }
 
 /****************************************************************************
+ Count the number of connections open across all shares.
+****************************************************************************/
+
+int count_all_current_connections(void)
+{
+        return count_current_connections(NULL, True /* clear stale entries */);
+}
+
+/****************************************************************************
  Claim an entry in the connections database.
 ****************************************************************************/
 
diff --git a/source3/smbd/dmapi.c b/source3/smbd/dmapi.c
index 05e9138ea9..fab0d5f9ef 100644
--- a/source3/smbd/dmapi.c
+++ b/source3/smbd/dmapi.c
@@ -25,9 +25,9 @@
 
 #ifndef USE_DMAPI
 
-int dmapi_init_session(void) { return -1; }
 uint32 dmapi_file_flags(const char * const path) { return 0; }
 bool dmapi_have_session(void) { return False; }
+const void * dmapi_get_current_session(void) { return NULL; }
 
 #else /* USE_DMAPI */
 
@@ -46,100 +46,77 @@ bool dmapi_have_session(void) { return False; }
 #define DMAPI_SESSION_NAME "samba"
 #define DMAPI_TRACE 10
 
-static dm_sessid_t dmapi_session = DM_NO_SESSION;
+static dm_sessid_t samba_dmapi_session = DM_NO_SESSION;
+static unsigned session_num;
 
-/* Initialise the DMAPI interface. Make sure that we only end up initialising
- * once per process to avoid resource leaks across different DMAPI
- * implementations.
- */
-static int init_dmapi_service(void)
-{
-	static pid_t lastpid;
-
-	pid_t mypid;
-
-	mypid = sys_getpid();
-	if (mypid != lastpid) {
-		char *version;
-
-		lastpid = mypid;
-		if (dm_init_service(&version) < 0) {
-			return -1;
-		}
-
-		DEBUG(0, ("Initializing DMAPI: %s\n", version));
-	}
-
-	return 0;
-}
-
-bool dmapi_have_session(void)
-{
-	return dmapi_session != DM_NO_SESSION;
-}
-
-static dm_sessid_t *realloc_session_list(dm_sessid_t * sessions, int count)
-{
-	dm_sessid_t *nsessions;
-
-	nsessions = TALLOC_REALLOC_ARRAY(NULL, sessions, dm_sessid_t, count);
-	if (nsessions == NULL) {
-		TALLOC_FREE(sessions);
-		return NULL;
-	}
-
-	return nsessions;
-}
-
-/* Initialise DMAPI session. The session is persistant kernel state, so it
- * might already exist, in which case we merely want to reconnect to it. This
- * function should be called as root.
- */
-int dmapi_init_session(void)
+/* 
+   Initialise DMAPI session. The session is persistant kernel state, 
+   so it might already exist, in which case we merely want to 
+   reconnect to it. This function should be called as root.
+*/
+static int dmapi_init_session(void)
 {
 	char	buf[DM_SESSION_INFO_LEN];
 	size_t	buflen;
-
-	uint	    nsessions = 10;
+	uint	    nsessions = 5;
 	dm_sessid_t *sessions = NULL;
+	char    *version;
+	char    *session_name;
+	TALLOC_CTX *tmp_ctx = talloc_new(NULL);
 
 	int i, err;
 
-	/* If we aren't root, something in the following will fail due to lack
-	 * of privileges. Aborting seems a little extreme.
-	 */
-	SMB_WARN(getuid() == 0, "dmapi_init_session must be called as root");
+	if (session_num == 0) {
+		session_name = DMAPI_SESSION_NAME;
+	} else {
+		session_name = talloc_asprintf(tmp_ctx, "%s%u", DMAPI_SESSION_NAME,
+					       session_num);
+	}
 
-	dmapi_session = DM_NO_SESSION;
-	if (init_dmapi_service() < 0) {
+	if (session_name == NULL) {
+		DEBUG(0,("Out of memory in dmapi_init_session\n"));
+		talloc_free(tmp_ctx);
 		return -1;
 	}
+ 
 
-retry:
-
-	if ((sessions = realloc_session_list(sessions, nsessions)) == NULL) {
+	if (dm_init_service(&version) < 0) {
+		DEBUG(0, ("dm_init_service failed - disabling DMAPI\n"));
+		talloc_free(tmp_ctx);
 		return -1;
 	}
 
-	err = dm_getall_sessions(nsessions, sessions, &nsessions);
-	if (err < 0) {
-		if (errno == E2BIG) {
-			nsessions *= 2;
-			goto retry;
+	ZERO_STRUCT(buf);
+
+	/* Fetch kernel DMAPI sessions until we get any of them */
+	do {
+		dm_sessid_t *new_sessions;
+		nsessions *= 2;
+		new_sessions = TALLOC_REALLOC_ARRAY(tmp_ctx, sessions, 
+						    dm_sessid_t, nsessions);
+		if (new_sessions == NULL) {
+			talloc_free(tmp_ctx);
+			return -1;
 		}
 
+		sessions = new_sessions;
+		err = dm_getall_sessions(nsessions, sessions, &nsessions);
+	} while (err == -1 && errno == E2BIG);
+
+	if (err == -1) {
 		DEBUGADD(DMAPI_TRACE,
 			("failed to retrieve DMAPI sessions: %s\n",
 			strerror(errno)));
-		TALLOC_FREE(sessions);
+		talloc_free(tmp_ctx);
 		return -1;
 	}
 
+	/* Look through existing kernel DMAPI sessions to find out ours */
 	for (i = 0; i < nsessions; ++i) {
 		err = dm_query_session(sessions[i], sizeof(buf), buf, &buflen);
 		buf[sizeof(buf) - 1] = '\0';
-		if (err == 0 && strcmp(DMAPI_SESSION_NAME, buf) == 0) {
-			dmapi_session = sessions[i];
+		if (err == 0 && strcmp(session_name, buf) == 0) {
+			samba_dmapi_session = sessions[i];
 			DEBUGADD(DMAPI_TRACE,
 				("attached to existing DMAPI session "
 				 "named '%s'\n", buf));
@@ -147,100 +124,123 @@ retry:
 		}
 	}
 
-	TALLOC_FREE(sessions);
-
 	/* No session already defined. */
-	if (dmapi_session == DM_NO_SESSION) {
-		err = dm_create_session(DM_NO_SESSION,
-					CONST_DISCARD(char *,
-						      DMAPI_SESSION_NAME),
-					&dmapi_session);
+	if (samba_dmapi_session == DM_NO_SESSION) {
+		err = dm_create_session(DM_NO_SESSION, 
+					session_name,
+					&samba_dmapi_session);
 		if (err < 0) {
 			DEBUGADD(DMAPI_TRACE,
 				("failed to create new DMAPI session: %s\n",
 				strerror(errno)));
-			dmapi_session = DM_NO_SESSION;
+			samba_dmapi_session = DM_NO_SESSION;
+			talloc_free(tmp_ctx);
 			return -1;
 		}
 
-		DEBUGADD(DMAPI_TRACE,
-			("created new DMAPI session named '%s'\n",
-			DMAPI_SESSION_NAME));
+		DEBUG(0, ("created new DMAPI session named '%s' for %s\n",
+			  session_name, version));
+	}
+
+	if (samba_dmapi_session != DM_NO_SESSION) {
+		set_effective_capability(DMAPI_ACCESS_CAPABILITY);
 	}
 
-	/* Note that we never end the DMAPI session. This enables child
-	 * processes to continue to use the session after we exit. It also lets
-	 * you run a second Samba server on different ports without any
-	 * conflict.
+	/* 
+	   Note that we never end the DMAPI session. It gets re-used if possiblie. 
+	   DMAPI session is a kernel resource that is usually lives until server reboot
+	   and doesn't get destroed when an application finishes.
+
+	   However, we free list of references to DMAPI sessions we've got from the kernel
+	   as it is not needed anymore once we have found (or created) our session.
 	 */
 
+	talloc_free(tmp_ctx);
 	return 0;
 }
 
-/* Reattach to an existing dmapi session. Called from service processes that
- * might not be running as root.
- */
-static int reattach_dmapi_session(void)
+/*
+  Return a pointer to our DMAPI session, if available.
+  This assumes that you have called dmapi_have_session() first.
+*/
+const void *dmapi_get_current_session(void)
 {
-	char	buf[DM_SESSION_INFO_LEN];
-	size_t	buflen;
-
-	if (dmapi_session != DM_NO_SESSION ) {
-		become_root();
-
-		/* NOTE: On Linux, this call opens /dev/dmapi, costing us a
-		 * file descriptor. Ideally, we would close this when we fork.
-		 */
-		if (init_dmapi_service() < 0) {
-			dmapi_session = DM_NO_SESSION;
-			unbecome_root();
-			return -1;
-		}
+	if (samba_dmapi_session == DM_NO_SESSION) {
+		return NULL;
+	}
 
-		if (dm_query_session(dmapi_session, sizeof(buf),
-			    buf, &buflen) < 0) {
-			/* Session is stale. Disable DMAPI. */
-			dmapi_session = DM_NO_SESSION;
-			unbecome_root();
-			return -1;
-		}
+	return (void *)&samba_dmapi_session;
+}
+	
+/*
+  dmapi_have_session() must be the first DMAPI call you make in Samba. It will
+  initialize DMAPI, if available, and tell you if you can get a DMAPI session.
+  This should be called in the client-specific child process.
+*/
 
-		set_effective_capability(DMAPI_ACCESS_CAPABILITY);
+bool dmapi_have_session(void)
+{
+	static bool initialized;
+	if (!initialized) {
+		initialized = true;
 
-		DEBUG(DMAPI_TRACE, ("reattached DMAPI session\n"));
+		become_root();
+		dmapi_init_session();
 		unbecome_root();
+
 	}
 
-	return 0;
+	return samba_dmapi_session != DM_NO_SESSION;
 }
 
-uint32 dmapi_file_flags(const char * const path)
+/*
+  only call this when you get back an EINVAL error indicating that the
+  session you are using is invalid. This destroys the existing session
+  and creates a new one.
+ */
+bool dmapi_new_session(void)
 {
-	static int attached = 0;
+	if (dmapi_have_session()) {
+		/* try to destroy the old one - this may not succeed */
+		dm_destroy_session(samba_dmapi_session);
+	}
+	samba_dmapi_session = DM_NO_SESSION;
+	become_root();
+	session_num++;
+	dmapi_init_session();
+	unbecome_root();
+	return samba_dmapi_session != DM_NO_SESSION;    
+}
 
+/* 
+   This is default implementation of dmapi_file_flags() that is 
+   called from VFS is_offline() call to know whether file is offline.
+   For GPFS-specific version see modules/vfs_tsmsm.c. It might be
+   that approach on quering existence of a specific attribute that
+   is used in vfs_tsmsm.c will work with other DMAPI-based HSM 
+   implementations as well.
+*/
+uint32 dmapi_file_flags(const char * const path)
+{
 	int		err;
 	dm_eventset_t   events = {0};
 	uint		nevents;
 
-	void	*dm_handle;
-	size_t	dm_handle_len;
+	dm_sessid_t     dmapi_session;
+	const void      *dmapi_session_ptr;
+	void	        *dm_handle = NULL;
+	size_t	        dm_handle_len = 0;
 
-	uint32	flags = 0;
+	uint32	        flags = 0;
 
-	/* If a DMAPI session has been initialised, then we need to make sure
-	 * we are attached to it and have the correct privileges. This is
-	 * necessary to be able to do DMAPI operations across a fork(2). If
-	 * it fails, there is no liklihood of that failure being transient.
-	 *
-	 * Note that this use of the static attached flag relies on the fact
-	 * that dmapi_file_flags() is never called prior to forking the
-	 * per-client server process.
-	 */
-	if (dmapi_have_session() && !attached) {
-		attached++;
-		if (reattach_dmapi_session() < 0) {
-			return 0;
-		}
+	dmapi_session_ptr = dmapi_get_current_session();
+	if (dmapi_session_ptr == NULL) {
+		return 0;
+	}
+
+	dmapi_session = *(dm_sessid_t *)dmapi_session_ptr;
+	if (dmapi_session == DM_NO_SESSION) {
+		return 0;
 	}
 
 	/* AIX has DMAPI but no POSIX capablities support. In this case,
@@ -292,8 +292,7 @@ uint32 dmapi_file_flags(const char * const path)
 	 * interested in trapping read events is that part of the file is
 	 * offline.
 	 */
-	DEBUG(DMAPI_TRACE, ("DMAPI event list for %s is %#llx\n",
-		    path, events));
+	DEBUG(DMAPI_TRACE, ("DMAPI event list for %s\n", path));
 	if (DMEV_ISSET(DM_EVENT_READ, events)) {
 		flags = FILE_ATTRIBUTE_OFFLINE;
 	}
@@ -313,4 +312,5 @@ done:
 	return flags;
 }
 
+
 #endif /* USE_DMAPI */
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index d3813f9b41..a2e617c117 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -31,23 +31,6 @@ static int set_sparse_flag(const SMB_STRUCT_STAT * const sbuf)
 }
 
 /****************************************************************************
- Work out whether this file is offline
-****************************************************************************/
-
-static uint32 set_offline_flag(connection_struct *conn, const char *const path)
-{
-	if (ISDOT(path) || ISDOTDOT(path)) {
-		return 0;
-	}
-
-	if (!lp_dmapi_support(SNUM(conn)) || !dmapi_have_session()) {
-		return 0;
-	}
-
-	return dmapi_file_flags(path);
-}
-
-/****************************************************************************
  Change a dos mode to a unix mode.
     Base permission for files:
          if creating file and inheriting (i.e. parent_dir != NULL)
@@ -366,6 +349,7 @@ uint32 dos_mode_msdfs(connection_struct *conn, const char *path,SMB_STRUCT_STAT
 uint32 dos_mode(connection_struct *conn, const char *path,SMB_STRUCT_STAT *sbuf)
 {
 	uint32 result = 0;
+	bool offline;
 
 	DEBUG(8,("dos_mode: %s\n", path));
 
@@ -395,8 +379,10 @@ uint32 dos_mode(connection_struct *conn, const char *path,SMB_STRUCT_STAT *sbuf)
 		result |= dos_mode_from_sbuf(conn, path, sbuf);
 	}
 
-	if (S_ISREG(sbuf->st_mode)) {
-		result |= set_offline_flag(conn, path);
+	
+	offline = SMB_VFS_IS_OFFLINE(conn, path, sbuf);
+	if (S_ISREG(sbuf->st_mode) && offline) {
+		result |= FILE_ATTRIBUTE_OFFLINE;
 	}
 
 	/* Optimization : Only call is_hidden_path if it's not already
@@ -432,10 +418,11 @@ int file_set_dosmode(connection_struct *conn, const char *fname,
 	int mask=0;
 	mode_t tmp;
 	mode_t unixmode;
-	int ret = -1;
+	int ret = -1, lret = -1;
+	uint32_t old_mode;
 
 	/* We only allow READONLY|HIDDEN|SYSTEM|DIRECTORY|ARCHIVE here. */
-	dosmode &= SAMBA_ATTRIBUTES_MASK;
+	dosmode &= (SAMBA_ATTRIBUTES_MASK | FILE_ATTRIBUTE_OFFLINE);
 
 	DEBUG(10,("file_set_dosmode: setting dos mode 0x%x on file %s\n", dosmode, fname));
 
@@ -458,7 +445,24 @@ int file_set_dosmode(connection_struct *conn, const char *fname,
 	else
 		dosmode &= ~aDIR;
 
-	if (dos_mode(conn,fname,st) == dosmode) {
+	old_mode = dos_mode(conn,fname,st);
+	
+	if (dosmode & FILE_ATTRIBUTE_OFFLINE) {
+		if (!(old_mode & FILE_ATTRIBUTE_OFFLINE)) {
+			lret = SMB_VFS_SET_OFFLINE(conn, fname);
+			if (lret == -1) {
+				DEBUG(0, ("set_dos_mode: client has asked to set "
+					  "FILE_ATTRIBUTE_OFFLINE to %s/%s but there was "
+					  "an error while setting it or it is not supported.\n",
+					  parent_dir, fname));
+			}
+		}
+	}
+
+	dosmode  &= ~FILE_ATTRIBUTE_OFFLINE;
+	old_mode &= ~FILE_ATTRIBUTE_OFFLINE;
+
+	if (old_mode == dosmode) {
 		st->st_mode = unixmode;
 		return(0);
 	}
@@ -505,10 +509,11 @@ int file_set_dosmode(connection_struct *conn, const char *fname,
 		unixmode |= (st->st_mode & (S_IWUSR|S_IWGRP|S_IWOTH));
 	}
 
-	if ((ret = SMB_VFS_CHMOD(conn,fname,unixmode)) == 0) {
-		if (!newfile) {
+	ret = SMB_VFS_CHMOD(conn, fname, unixmode);
+	if (ret == 0) {
+		if(!newfile || (lret != -1)) {
 			notify_fname(conn, NOTIFY_ACTION_MODIFIED,
-				FILE_NOTIFY_CHANGE_ATTRIBUTES, fname);
+				     FILE_NOTIFY_CHANGE_ATTRIBUTES, fname);
 		}
 		st->st_mode = unixmode;
 		return 0;
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index be4960cab8..10e9583049 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -28,6 +28,13 @@
 
 static bool scan_directory(connection_struct *conn, const char *path,
 			   char *name, char **found_name);
+static NTSTATUS build_stream_path(TALLOC_CTX *mem_ctx,
+				  connection_struct *conn,
+				  const char *orig_path,
+				  const char *basepath,
+				  const char *streamname,
+				  SMB_STRUCT_STAT *pst,
+				  char **path);
 
 /****************************************************************************
  Mangle the 2nd name and check if it is then equal to the first name.
@@ -119,6 +126,7 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
 	char *start, *end;
 	char *dirpath = NULL;
 	char *name = NULL;
+	char *stream = NULL;
 	bool component_was_mangled = False;
 	bool name_has_wildcard = False;
 	NTSTATUS result;
@@ -206,6 +214,20 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
 		return NT_STATUS_NO_MEMORY;
 	}
 
+	if (!lp_posix_pathnames()) {
+		stream = strchr_m(name, ':');
+
+		if (stream != NULL) {
+			char *tmp = talloc_strdup(ctx, stream);
+			if (tmp == NULL) {
+				TALLOC_FREE(name);
+				return NT_STATUS_NO_MEMORY;
+			}
+			*stream = '\0';
+			stream = tmp;
+		}
+	}
+
 	/*
 	 * Large directory fix normalization. If we're case sensitive, and
 	 * the case preserving parameters are set to "no", normalize the case of
@@ -653,6 +675,20 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
 	DEBUG(5,("conversion finished %s -> %s\n",orig_path, name));
 
  done:
+	if (stream != NULL) {
+		char *tmp = NULL;
+
+		result = build_stream_path(ctx, conn, orig_path, name, stream,
+					   pst, &tmp);
+		if (!NT_STATUS_IS_OK(result)) {
+			goto fail;
+		}
+
+		DEBUG(10, ("build_stream_path returned %s\n", tmp));
+
+		TALLOC_FREE(name);
+		name = tmp;
+	}
 	*pp_conv_path = name;
 	TALLOC_FREE(dirpath);
 	return NT_STATUS_OK;
@@ -823,3 +859,90 @@ static bool scan_directory(connection_struct *conn, const char *path,
 	errno = ENOENT;
 	return False;
 }
+
+static NTSTATUS build_stream_path(TALLOC_CTX *mem_ctx,
+				  connection_struct *conn,
+				  const char *orig_path,
+				  const char *basepath,
+				  const char *streamname,
+				  SMB_STRUCT_STAT *pst,
+				  char **path)
+{
+	SMB_STRUCT_STAT st;
+	char *result = NULL;
+	NTSTATUS status;
+	unsigned int i, num_streams;
+	struct stream_struct *streams = NULL;
+
+	result = talloc_asprintf(mem_ctx, "%s%s", basepath, streamname);
+	if (result == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (SMB_VFS_STAT(conn, result, &st) == 0) {
+		*pst = st;
+		*path = result;
+		return NT_STATUS_OK;
+	}
+
+	if (errno != ENOENT) {
+		status = map_nt_error_from_unix(errno);
+		DEBUG(10, ("vfs_stat failed: %s\n", nt_errstr(status)));
+		goto fail;
+	}
+
+	status = SMB_VFS_STREAMINFO(conn, NULL, basepath, mem_ctx,
+				    &num_streams, &streams);
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+		SET_STAT_INVALID(*pst);
+		*path = result;
+		return NT_STATUS_OK;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(10, ("vfs_streaminfo failed: %s\n", nt_errstr(status)));
+		goto fail;
+	}
+
+	for (i=0; i<num_streams; i++) {
+		DEBUG(10, ("comparing [%s] and [%s]: ",
+			   streamname, streams[i].name));
+		if (fname_equal(streamname, streams[i].name,
+				conn->case_sensitive)) {
+			DEBUGADD(10, ("equal\n"));
+			break;
+		}
+		DEBUGADD(10, ("not equal\n"));
+	}
+
+	if (i == num_streams) {
+		SET_STAT_INVALID(*pst);
+		*path = result;
+		TALLOC_FREE(streams);
+		return NT_STATUS_OK;
+	}
+
+	TALLOC_FREE(result);
+
+	result = talloc_asprintf(mem_ctx, "%s%s", basepath, streams[i].name);
+	if (result == NULL) {
+		status = NT_STATUS_NO_MEMORY;
+		goto fail;
+	}
+
+	SET_STAT_INVALID(*pst);
+
+	if (SMB_VFS_STAT(conn, result, pst) == 0) {
+		stat_cache_add(orig_path, result, conn->case_sensitive);
+	}
+
+	*path = result;
+	TALLOC_FREE(streams);
+	return NT_STATUS_OK;
+
+ fail:
+	TALLOC_FREE(result);
+	TALLOC_FREE(streams);
+	return status;
+}
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 5a6df1f139..18e6bf9f7b 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -3175,7 +3175,7 @@ static bool api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid,
 
 where:
 
-  usri11_name specifies the user name for which information is retireved
+  usri11_name specifies the user name for which information is retrieved
 
   usri11_pad aligns the next data structure element to a word boundary
 
diff --git a/source3/smbd/map_username.c b/source3/smbd/map_username.c
index 7290f70547..7536758bcb 100644
--- a/source3/smbd/map_username.c
+++ b/source3/smbd/map_username.c
@@ -178,7 +178,7 @@ bool map_username(fstring user)
 
 		/* skip lines like 'user = ' */
 
-		dosuserlist = str_list_make(dosname, NULL);
+		dosuserlist = str_list_make(talloc_tos(), dosname, NULL);
 		if (!dosuserlist) {
 			DEBUG(0,("Bad username map entry.  Unable to build user list.  Ignoring.\n"));
 			continue;
@@ -193,13 +193,13 @@ bool map_username(fstring user)
 			fstrcpy( user, unixname );
 
 			if ( return_if_mapped ) {
-				str_list_free (&dosuserlist);
+				TALLOC_FREE(dosuserlist);
 				x_fclose(f);
 				return True;
 			}
 		}
 
-		str_list_free (&dosuserlist);
+		TALLOC_FREE(dosuserlist);
 	}
 
 	x_fclose(f);
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index 4ae735633b..8ffa0f7751 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -288,12 +288,13 @@ static bool parse_msdfs_symlink(TALLOC_CTX *ctx,
 	char **alt_path = NULL;
 	int count = 0, i;
 	struct referral *reflist;
+	char *saveptr;
 
 	temp = talloc_strdup(ctx, target);
 	if (!temp) {
 		return False;
 	}
-	prot = strtok(temp,":");
+	prot = strtok_r(temp, ":", &saveptr);
 	if (!prot) {
 		DEBUG(0,("parse_msdfs_symlink: invalid path !\n"));
 		return False;
@@ -306,7 +307,7 @@ static bool parse_msdfs_symlink(TALLOC_CTX *ctx,
 
 	/* parse out the alternate paths */
 	while((count<MAX_REFERRAL_COUNT) &&
-	      ((alt_path[count] = strtok(NULL,",")) != NULL)) {
+	      ((alt_path[count] = strtok_r(NULL, ",", &saveptr)) != NULL)) {
 		count++;
 	}
 
diff --git a/source3/smbd/notify_inotify.c b/source3/smbd/notify_inotify.c
index 73cee440d4..fa0f0ed51d 100644
--- a/source3/smbd/notify_inotify.c
+++ b/source3/smbd/notify_inotify.c
@@ -29,10 +29,12 @@
 #include <asm/types.h>
 #endif
 
+#ifndef HAVE_INOTIFY_INIT
+
 #include <linux/inotify.h>
 #include <asm/unistd.h>
 
-#ifndef HAVE_INOTIFY_INIT
+
 /*
   glibc doesn't define these functions yet (as of March 2006)
 */
@@ -50,6 +52,10 @@ static int inotify_rm_watch(int fd, int wd)
 {
 	return syscall(__NR_inotify_rm_watch, fd, wd);
 }
+#else
+
+#include <sys/inotify.h>
+
 #endif
 
 
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index e8df732ea2..5293ca5347 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -271,6 +271,9 @@ void send_nt_replies(connection_struct *conn,
 
 /****************************************************************************
  Is it an NTFS stream name ?
+ An NTFS file name is <path>.<extention>:<stream name>:<stream type>
+ $DATA can be used as both a stream name and a stream type. A missing stream
+ name or type implies $DATA.
 ****************************************************************************/
 
 bool is_ntfs_stream_name(const char *fname)
@@ -555,7 +558,7 @@ void reply_ntcreate_and_X(struct smb_request *req)
 	}
 
 	file_len = sbuf.st_size;
-	fattr = dos_mode(conn,fname,&sbuf);
+	fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
 	if (fattr == 0) {
 		fattr = FILE_ATTRIBUTE_NORMAL;
 	}
@@ -623,7 +626,7 @@ void reply_ntcreate_and_X(struct smb_request *req)
 		uint32 perms = 0;
 		p += 25;
 		if (fsp->is_directory
-		    || can_write_to_file(conn, fname, &sbuf)) {
+		    || can_write_to_file(conn, fsp->fsp_name, &sbuf)) {
 			perms = FILE_GENERIC_ALL;
 		} else {
 			perms = FILE_GENERIC_READ|FILE_EXECUTE;
@@ -1004,7 +1007,7 @@ static void call_nt_transact_create(connection_struct *conn,
 	}
 
 	file_len = sbuf.st_size;
-	fattr = dos_mode(conn,fname,&sbuf);
+	fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
 	if (fattr == 0) {
 		fattr = FILE_ATTRIBUTE_NORMAL;
 	}
@@ -1072,7 +1075,7 @@ static void call_nt_transact_create(connection_struct *conn,
 		uint32 perms = 0;
 		p += 25;
 		if (fsp->is_directory
-		    || can_write_to_file(conn, fname, &sbuf)) {
+		    || can_write_to_file(conn, fsp->fsp_name, &sbuf)) {
 			perms = FILE_GENERIC_ALL;
 		} else {
 			perms = FILE_GENERIC_READ|FILE_EXECUTE;
@@ -1080,7 +1083,7 @@ static void call_nt_transact_create(connection_struct *conn,
 		SIVAL(p,0,perms);
 	}
 
-	DEBUG(5,("call_nt_transact_create: open name = %s\n", fname));
+	DEBUG(5,("call_nt_transact_create: open name = %s\n", fsp->fsp_name));
 
 	/* Send the required number of replies */
 	send_nt_replies(conn, req, NT_STATUS_OK, params, param_len, *ppdata, 0);
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 9d48bcc98b..cc78503379 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1842,7 +1842,9 @@ NTSTATUS open_file_ntcreate(connection_struct *conn,
 	set_share_mode(lck, fsp, current_user.ut.uid, 0, fsp->oplock_type, new_file_created);
 
 	/* Handle strange delete on close create semantics. */
-	if ((create_options & FILE_DELETE_ON_CLOSE) && can_set_initial_delete_on_close(lck)) {
+	if ((create_options & FILE_DELETE_ON_CLOSE)
+	    && (is_ntfs_stream_name(fname)
+		|| can_set_initial_delete_on_close(lck))) {
 		status = can_set_delete_on_close(fsp, True, new_dos_attributes);
 
 		if (!NT_STATUS_IS_OK(status)) {
@@ -2104,7 +2106,7 @@ NTSTATUS open_directory(connection_struct *conn,
 		 (unsigned int)create_disposition,
 		 (unsigned int)file_attributes));
 
-	if (is_ntfs_stream_name(fname)) {
+	if (!(file_attributes & FILE_FLAG_POSIX_SEMANTICS) && is_ntfs_stream_name(fname)) {
 		DEBUG(2, ("open_directory: %s is a stream name!\n", fname));
 		return NT_STATUS_NOT_A_DIRECTORY;
 	}
@@ -2444,6 +2446,116 @@ static struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx
 }
 
 /*
+ * If a main file is opened for delete, all streams need to be checked for
+ * !FILE_SHARE_DELETE. Do this by opening with DELETE_ACCESS.
+ * If that works, delete them all by setting the delete on close and close.
+ */
+
+static NTSTATUS open_streams_for_delete(connection_struct *conn,
+					const char *fname)
+{
+	struct stream_struct *stream_info;
+	files_struct **streams;
+	int i;
+	unsigned int num_streams;
+	TALLOC_CTX *frame = talloc_stackframe();
+	NTSTATUS status;
+
+	status = SMB_VFS_STREAMINFO(conn, NULL, fname, talloc_tos(),
+				    &num_streams, &stream_info);
+
+	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)
+	    || NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+		DEBUG(10, ("no streams around\n"));
+		TALLOC_FREE(frame);
+		return NT_STATUS_OK;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(10, ("SMB_VFS_STREAMINFO failed: %s\n",
+			   nt_errstr(status)));
+		goto fail;
+	}
+
+	DEBUG(10, ("open_streams_for_delete found %d streams\n",
+		   num_streams));
+
+	if (num_streams == 0) {
+		TALLOC_FREE(frame);
+		return NT_STATUS_OK;
+	}
+
+	streams = TALLOC_ARRAY(talloc_tos(), files_struct *, num_streams);
+	if (streams == NULL) {
+		DEBUG(0, ("talloc failed\n"));
+		status = NT_STATUS_NO_MEMORY;
+		goto fail;
+	}
+
+	for (i=0; i<num_streams; i++) {
+		char *streamname;
+
+		if (strequal(stream_info[i].name, "::$DATA")) {
+			streams[i] = NULL;
+			continue;
+		}
+
+		streamname = talloc_asprintf(talloc_tos(), "%s%s", fname,
+					     stream_info[i].name);
+
+		if (streamname == NULL) {
+			DEBUG(0, ("talloc_aprintf failed\n"));
+			status = NT_STATUS_NO_MEMORY;
+			goto fail;
+		}
+
+		status = create_file_unixpath
+			(conn,			/* conn */
+			 NULL,			/* req */
+			 streamname,		/* fname */
+			 DELETE_ACCESS,		/* access_mask */
+			 FILE_SHARE_READ | FILE_SHARE_WRITE
+			 | FILE_SHARE_DELETE,	/* share_access */
+			 FILE_OPEN,		/* create_disposition*/
+			 NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */
+			 FILE_ATTRIBUTE_NORMAL,	/* file_attributes */
+			 0,			/* oplock_request */
+			 0,			/* allocation_size */
+			 NULL,			/* sd */
+			 NULL,			/* ea_list */
+			 &streams[i],		/* result */
+			 NULL,			/* pinfo */
+			 NULL);			/* psbuf */
+
+		TALLOC_FREE(streamname);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(10, ("Could not open stream %s: %s\n",
+				   streamname, nt_errstr(status)));
+			break;
+		}
+	}
+
+	/*
+	 * don't touch the variable "status" beyond this point :-)
+	 */
+
+	for (i -= 1 ; i >= 0; i--) {
+		if (streams[i] == NULL) {
+			continue;
+		}
+
+		DEBUG(10, ("Closing stream # %d, %s\n", i,
+			   streams[i]->fsp_name));
+		close_file(streams[i], NORMAL_CLOSE);
+	}
+
+ fail:
+	TALLOC_FREE(frame);
+	return status;
+}
+
+/*
  * Wrapper around open_file_ntcreate and open_directory
  */
 
@@ -2466,6 +2578,7 @@ NTSTATUS create_file_unixpath(connection_struct *conn,
 {
 	SMB_STRUCT_STAT sbuf;
 	int info = FILE_WAS_OPENED;
+	files_struct *base_fsp = NULL;
 	files_struct *fsp = NULL;
 	NTSTATUS status;
 
@@ -2495,7 +2608,23 @@ NTSTATUS create_file_unixpath(connection_struct *conn,
 		sbuf = *psbuf;
 	}
 	else {
-		SET_STAT_INVALID(sbuf);
+		if (SMB_VFS_STAT(conn, fname, &sbuf) == -1) {
+			SET_STAT_INVALID(sbuf);
+		}
+	}
+
+	if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
+	    && (access_mask & DELETE_ACCESS)
+	    && !is_ntfs_stream_name(fname)) {
+		/*
+		 * We can't open a file with DELETE access if any of the
+		 * streams is open without FILE_SHARE_DELETE
+		 */
+		status = open_streams_for_delete(conn, fname);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			goto fail;
+		}
 	}
 
 	/* This is the correct thing to do (check every time) but can_delete
@@ -2528,12 +2657,62 @@ NTSTATUS create_file_unixpath(connection_struct *conn,
 	}
 #endif
 
+	if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
+	    && is_ntfs_stream_name(fname)
+	    && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
+		char *base;
+		uint32 base_create_disposition;
+
+		if (create_options & FILE_DIRECTORY_FILE) {
+			status = NT_STATUS_NOT_A_DIRECTORY;
+			goto fail;
+		}
+
+		status = split_ntfs_stream_name(talloc_tos(), fname,
+						&base, NULL);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(10, ("create_file_unixpath: "
+				"split_ntfs_stream_name failed: %s\n",
+				nt_errstr(status)));
+			goto fail;
+		}
+
+		SMB_ASSERT(!is_ntfs_stream_name(base));	/* paranoia.. */
+
+		switch (create_disposition) {
+		case FILE_OPEN:
+			base_create_disposition = FILE_OPEN;
+			break;
+		default:
+			base_create_disposition = FILE_OPEN_IF;
+			break;
+		}
+
+		status = create_file_unixpath(conn, NULL, base, 0,
+					      FILE_SHARE_READ
+					      | FILE_SHARE_WRITE
+					      | FILE_SHARE_DELETE,
+					      base_create_disposition,
+					      0, 0, 0, 0, NULL, NULL,
+					      &base_fsp, NULL, NULL);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(10, ("create_file_unixpath for base %s failed: "
+				   "%s\n", base, nt_errstr(status)));
+			goto fail;
+		}
+	}
+
 	/*
 	 * If it's a request for a directory open, deal with it separately.
 	 */
 
 	if (create_options & FILE_DIRECTORY_FILE) {
 
+		if (create_options & FILE_NON_DIRECTORY_FILE) {
+			status = NT_STATUS_INVALID_PARAMETER;
+			goto fail;
+		}
+
 		/* Can't open a temp directory. IFS kit test. */
 		if (file_attributes & FILE_ATTRIBUTE_TEMPORARY) {
 			status = NT_STATUS_INVALID_PARAMETER;
@@ -2662,7 +2841,17 @@ NTSTATUS create_file_unixpath(connection_struct *conn,
 		}
 	}
 
-	DEBUG(10, ("create_file: info=%d\n", info));
+	DEBUG(10, ("create_file_unixpath: info=%d\n", info));
+
+	/*
+	 * Set fsp->base_fsp late enough that we can't "goto fail" anymore. In
+	 * the fail: branch we call close_file(fsp, ERROR_CLOSE) which would
+	 * also close fsp->base_fsp which we have to also do explicitly in
+	 * this routine here, as not in all "goto fail:" we have the fsp set
+	 * up already to be initialized with the base_fsp.
+	 */
+
+	fsp->base_fsp = base_fsp;
 
 	*result = fsp;
 	if (pinfo != NULL) {
@@ -2679,12 +2868,16 @@ NTSTATUS create_file_unixpath(connection_struct *conn,
 	return NT_STATUS_OK;
 
  fail:
-	DEBUG(10, ("create_file: %s\n", nt_errstr(status)));
+	DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status)));
 
 	if (fsp != NULL) {
 		close_file(fsp, ERROR_CLOSE);
 		fsp = NULL;
 	}
+	if (base_fsp != NULL) {
+		close_file(base_fsp, ERROR_CLOSE);
+		base_fsp = NULL;
+	}
 	return status;
 }
 
@@ -2812,19 +3005,18 @@ NTSTATUS create_file(connection_struct *conn,
 			status = NT_STATUS_NO_MEMORY;
 			goto fail;
 		}
-	} else {
-		/*
-		 * Check to see if this is a mac fork of some kind.
-		 */
+	}
 
-		if (is_ntfs_stream_name(fname)) {
-			enum FAKE_FILE_TYPE fake_file_type;
+	/*
+	 * Check to see if this is a mac fork of some kind.
+	 */
 
-			fake_file_type = is_fake_file(fname);
+	if (is_ntfs_stream_name(fname)) {
+		enum FAKE_FILE_TYPE fake_file_type;
 
-			if (fake_file_type == FAKE_FILE_TYPE_NONE) {
-				return NT_STATUS_OBJECT_PATH_NOT_FOUND;
-			}
+		fake_file_type = is_fake_file(fname);
+
+		if (fake_file_type != FAKE_FILE_TYPE_NONE) {
 
 			/*
 			 * Here we go! support for changing the disk quotas
@@ -2843,8 +3035,7 @@ NTSTATUS create_file(connection_struct *conn,
 				goto fail;
 			}
 
-			SET_STAT_INVALID(sbuf);
-
+			ZERO_STRUCT(sbuf);
 			goto done;
 		}
 	}
@@ -2889,6 +3080,8 @@ NTSTATUS create_file(connection_struct *conn,
 		fname = converted_fname;
 	}
 
+	TALLOC_FREE(case_state);
+
 	/* All file access must go through check_name() */
 
 	status = check_name(conn, fname);
diff --git a/source3/smbd/oplock_irix.c b/source3/smbd/oplock_irix.c
index a4ea63bc0a..788cd04c17 100644
--- a/source3/smbd/oplock_irix.c
+++ b/source3/smbd/oplock_irix.c
@@ -121,7 +121,6 @@ static files_struct *irix_oplock_receive_message(fd_set *fds)
 		DEBUG(0,("irix_oplock_receive_message: read of kernel "
 			 "notification failed. Error was %s.\n",
 			 strerror(errno) ));
-		set_smb_read_error(get_srv_read_error(), SMB_READ_ERROR);
 		return NULL;
 	}
 
@@ -141,7 +140,6 @@ static files_struct *irix_oplock_receive_message(fd_set *fds)
 			 */
 			return NULL;
 		}
-		set_smb_read_error(get_srv_read_error(), SMB_READ_ERROR);
 		return NULL;
 	}
 
diff --git a/source3/smbd/oplock_linux.c b/source3/smbd/oplock_linux.c
index 05021b6c74..fa7cb42bc6 100644
--- a/source3/smbd/oplock_linux.c
+++ b/source3/smbd/oplock_linux.c
@@ -93,17 +93,27 @@ static void set_capability(unsigned capability)
 		return;
 	}
 
-	data.effective |= (1<<capability);
+	if (0 == (data.effective & (1<<capability))) {
+		data.effective |= (1<<capability);
 
-	if (capset(&header, &data) == -1) {
-		DEBUG(3,("Unable to set %d capability (%s)\n", 
-			 capability, strerror(errno)));
+		if (capset(&header, &data) == -1) {
+			DEBUG(3,("Unable to set %d capability (%s)\n", 
+				 capability, strerror(errno)));
+		}
 	}
 }
 
 /*
- Call to set the kernel lease signal handler
-*/
+ * public function to get linux lease capability. Needed by some VFS modules (eg. gpfs.c)
+ */
+void linux_set_lease_capability(void)
+{
+	set_capability(CAP_LEASE);
+}
+
+/* 
+ * Call to set the kernel lease signal handler
+ */
 int linux_set_lease_sighandler(int fd)
 {
         if (fcntl(fd, F_SETSIG, RT_SIGNAL_LEASE) == -1) {
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 6b517c3d86..80eba562c5 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -121,6 +121,10 @@ void invalidate_vuid(uint16 vuid)
 
 	data_blob_free(&vuser->session_key);
 
+	if (vuser->auth_ntlmssp_state) {
+		auth_ntlmssp_end(&vuser->auth_ntlmssp_state);
+	}
+
 	DLIST_REMOVE(validated_users, vuser);
 
 	/* clear the vuid from the 'cache' on each connection, and
@@ -582,7 +586,7 @@ static bool user_ok(const char *user, int snum)
 	ret = True;
 
 	if (lp_invalid_users(snum)) {
-		str_list_copy(&invalid, lp_invalid_users(snum));
+		str_list_copy(talloc_tos(), &invalid, lp_invalid_users(snum));
 		if (invalid &&
 		    str_list_substitute(invalid, "%S", lp_servicename(snum))) {
 
@@ -595,11 +599,10 @@ static bool user_ok(const char *user, int snum)
 			}
 		}
 	}
-	if (invalid)
-		str_list_free (&invalid);
+	TALLOC_FREE(invalid);
 
 	if (ret && lp_valid_users(snum)) {
-		str_list_copy(&valid, lp_valid_users(snum));
+		str_list_copy(talloc_tos(), &valid, lp_valid_users(snum));
 		if ( valid &&
 		     str_list_substitute(valid, "%S", lp_servicename(snum)) ) {
 
@@ -611,17 +614,17 @@ static bool user_ok(const char *user, int snum)
 			}
 		}
 	}
-	if (valid)
-		str_list_free (&valid);
+	TALLOC_FREE(valid);
 
 	if (ret && lp_onlyuser(snum)) {
-		char **user_list = str_list_make (lp_username(snum), NULL);
+		char **user_list = str_list_make(
+			talloc_tos(), lp_username(snum), NULL);
 		if (user_list &&
 		    str_list_substitute(user_list, "%S",
 					lp_servicename(snum))) {
 			ret = user_in_list(user, (const char **)user_list);
 		}
-		if (user_list) str_list_free (&user_list);
+		TALLOC_FREE(user_list);
 	}
 
 	return(ret);
@@ -759,6 +762,7 @@ bool authorise_login(int snum, fstring user, DATA_BLOB password,
 	if (!ok) {
 		char *auser;
 		char *user_list = NULL;
+		char *saveptr;
 
 		if ( session_userlist )
 			user_list = SMB_STRDUP(session_userlist);
@@ -768,8 +772,9 @@ bool authorise_login(int snum, fstring user, DATA_BLOB password,
 		if (!user_list)
 			return(False);
 
-		for (auser=strtok(user_list,LIST_SEP); !ok && auser;
-		     auser = strtok(NULL,LIST_SEP)) {
+		for (auser = strtok_r(user_list, LIST_SEP, &saveptr);
+		     !ok && auser;
+		     auser = strtok_r(NULL, LIST_SEP, &saveptr)) {
 			fstring user2;
 			fstrcpy(user2,auser);
 			if (!user_ok(user2,snum))
@@ -792,6 +797,7 @@ bool authorise_login(int snum, fstring user, DATA_BLOB password,
 		TALLOC_CTX *ctx = talloc_tos();
 		char *auser;
 		char *user_list = talloc_strdup(ctx, lp_username(snum));
+		char *saveptr;
 
 		if (!user_list) {
 			goto check_guest;
@@ -806,8 +812,9 @@ bool authorise_login(int snum, fstring user, DATA_BLOB password,
 			goto check_guest;
 		}
 
-		for (auser=strtok(user_list,LIST_SEP); auser && !ok;
-		     auser = strtok(NULL,LIST_SEP)) {
+		for (auser = strtok_r(user_list, LIST_SEP, &saveptr);
+		     auser && !ok;
+		     auser = strtok_r(NULL, LIST_SEP, &saveptr)) {
 			if (*auser == '@') {
 				auser = validate_group(auser+1,password,snum);
 				if (auser) {
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 5f18615f66..f60329a039 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1408,12 +1408,12 @@ static bool create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
 
 				psa1->flags |= (psa2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
 				psa2->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
-				
+
 			} else if (psa2->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
 
 				psa2->flags |= (psa1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
 				psa1->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
-				
+
 			}
 		}
 	}
@@ -1474,10 +1474,22 @@ static bool create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
 
 		} else if (sid_to_uid( &current_ace->trustee, &current_ace->unix_ug.uid)) {
 			current_ace->owner_type = UID_ACE;
-			current_ace->type = SMB_ACL_USER;
+			/* If it's the owning user, this is a user_obj, not
+			 * a user. */
+			if (current_ace->unix_ug.uid == pst->st_uid) {
+				current_ace->type = SMB_ACL_USER_OBJ;
+			} else {
+				current_ace->type = SMB_ACL_USER;
+			}
 		} else if (sid_to_gid( &current_ace->trustee, &current_ace->unix_ug.gid)) {
 			current_ace->owner_type = GID_ACE;
-			current_ace->type = SMB_ACL_GROUP;
+			/* If it's the primary group, this is a group_obj, not
+			 * a group. */
+			if (current_ace->unix_ug.gid == pst->st_gid) {
+				current_ace->type = SMB_ACL_GROUP_OBJ;
+			} else {
+				current_ace->type = SMB_ACL_GROUP;
+			}
 		} else {
 			/*
 			 * Silently ignore map failures in non-mappable SIDs (NT Authority, BUILTIN etc).
@@ -3202,57 +3214,8 @@ int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid)
 	return ret;
 }
 
-static NTSTATUS append_ugw_ace(files_struct *fsp,
-			SMB_STRUCT_STAT *psbuf,
-			mode_t unx_mode,
-			int ugw,
-			SEC_ACE *se)
-{
-	mode_t perms;
-	SEC_ACCESS acc;
-	enum security_ace_type nt_acl_type;
-	DOM_SID trustee;
-
-	switch (ugw) {
-		case S_IRUSR:
-			perms = unix_perms_to_acl_perms(unx_mode,
-							S_IRUSR,
-							S_IWUSR,
-							S_IXUSR);
-			uid_to_sid(&trustee, psbuf->st_uid );
-			break;
-		case S_IRGRP:
-			perms = unix_perms_to_acl_perms(unx_mode,
-							S_IRGRP,
-							S_IWGRP,
-							S_IXGRP);
-			gid_to_sid(&trustee, psbuf->st_gid );
-			break;
-		case S_IROTH:
-			perms = unix_perms_to_acl_perms(unx_mode,
-							S_IROTH,
-							S_IWOTH,
-							S_IXOTH);
-			sid_copy(&trustee, &global_sid_World);
-			break;
-		default:
-			return NT_STATUS_INVALID_PARAMETER;
-	}
-	acc = map_canon_ace_perms(SNUM(fsp->conn),
-				&nt_acl_type,
-				perms,
-				fsp->is_directory);
-
-	init_sec_ace(se,
-		&trustee,
-		nt_acl_type,
-		acc,
-		0);
-	return NT_STATUS_OK;
-}
-
 /****************************************************************************
- If this is an
+ Take care of parent ACL inheritance.
 ****************************************************************************/
 
 static NTSTATUS append_parent_acl(files_struct *fsp,
@@ -3270,7 +3233,7 @@ static NTSTATUS append_parent_acl(files_struct *fsp,
 	NTSTATUS status;
 	int info;
 	unsigned int i, j;
-	mode_t unx_mode;
+	bool is_dacl_protected = (psd->type & SE_DESC_DACL_PROTECTED);
 
 	ZERO_STRUCT(sbuf);
 
@@ -3285,12 +3248,6 @@ static NTSTATUS append_parent_acl(files_struct *fsp,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	/* Create a default mode for u/g/w. */
-	unx_mode = unix_mode(fsp->conn,
-			aARCH | (fsp->is_directory ? aDIR : 0),
-			fsp->fsp_name,
-			parent_name);
-
 	status = open_directory(fsp->conn,
 				NULL,
 				parent_name,
@@ -3318,20 +3275,23 @@ static NTSTATUS append_parent_acl(files_struct *fsp,
 
 	/*
 	 * Make room for potentially all the ACLs from
-	 * the parent, plus the user/group/other triple.
+	 * the parent. We used to add the ugw triple here,
+	 * as we knew we were dealing with POSIX ACLs.
+	 * We no longer need to do so as we can guarentee
+	 * that a default ACL from the parent directory will
+	 * be well formed for POSIX ACLs if it came from a
+	 * POSIX ACL source, and if we're not writing to a
+	 * POSIX ACL sink then we don't care if it's not well
+	 * formed. JRA.
 	 */
 
-	num_aces += parent_sd->dacl->num_aces + 3;
+	num_aces += parent_sd->dacl->num_aces;
 
 	if((new_ace = TALLOC_ZERO_ARRAY(mem_ctx, SEC_ACE,
 					num_aces)) == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	DEBUG(10,("append_parent_acl: parent ACL has %u entries. New "
-		"ACL has %u entries\n",
-		parent_sd->dacl->num_aces, num_aces ));
-
 	/* Start by copying in all the given ACE entries. */
 	for (i = 0; i < psd->dacl->num_aces; i++) {
 		sec_ace_copy(&new_ace[i], &psd->dacl->aces[i]);
@@ -3342,49 +3302,95 @@ static NTSTATUS append_parent_acl(files_struct *fsp,
 	 * as that really only applies to newly created files. JRA.
 	 */
 
-	 /*
-	  * Append u/g/w.
-	  */
-
-	status = append_ugw_ace(fsp, psbuf, unx_mode, S_IRUSR, &new_ace[i++]);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-	status = append_ugw_ace(fsp, psbuf, unx_mode, S_IRGRP, &new_ace[i++]);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-	status = append_ugw_ace(fsp, psbuf, unx_mode, S_IROTH, &new_ace[i++]);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
 	/* Finally append any inherited ACEs. */
 	for (j = 0; j < parent_sd->dacl->num_aces; j++) {
 		SEC_ACE *se = &parent_sd->dacl->aces[j];
-		uint32 i_flags = se->flags & (SEC_ACE_FLAG_OBJECT_INHERIT|
-					SEC_ACE_FLAG_CONTAINER_INHERIT|
-					SEC_ACE_FLAG_INHERIT_ONLY);
 
 		if (fsp->is_directory) {
-			if (i_flags == SEC_ACE_FLAG_OBJECT_INHERIT) {
-				/* Should only apply to a file - ignore. */
+			if (!(se->flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) {
+				/* Doesn't apply to a directory - ignore. */
+				DEBUG(10,("append_parent_acl: directory %s "
+					"ignoring non container "
+					"inherit flags %u on ACE with sid %s "
+					"from parent %s\n",
+					fsp->fsp_name,
+					(unsigned int)se->flags,
+					sid_string_dbg(&se->trustee),
+					parent_name));
 				continue;
 			}
 		} else {
-			if ((i_flags & (SEC_ACE_FLAG_OBJECT_INHERIT|
-					SEC_ACE_FLAG_INHERIT_ONLY)) !=
-					SEC_ACE_FLAG_OBJECT_INHERIT) {
-				/* Should not apply to a file - ignore. */
+			if (!(se->flags & SEC_ACE_FLAG_OBJECT_INHERIT)) {
+				/* Doesn't apply to a file - ignore. */
+				DEBUG(10,("append_parent_acl: file %s "
+					"ignoring non object "
+					"inherit flags %u on ACE with sid %s "
+					"from parent %s\n",
+					fsp->fsp_name,
+					(unsigned int)se->flags,
+					sid_string_dbg(&se->trustee),
+					parent_name));
+				continue;
+			}
+		}
+
+		if (is_dacl_protected) {
+			/* If the DACL is protected it means we must
+			 * not overwrite an existing ACE entry with the
+			 * same SID. This is order N^2. Ouch :-(. JRA. */
+			unsigned int k;
+			for (k = 0; k < psd->dacl->num_aces; k++) {
+				if (sid_equal(&psd->dacl->aces[k].trustee,
+						&se->trustee)) {
+					break;
+				}
+			}
+			if (k < psd->dacl->num_aces) {
+				/* SID matched. Ignore. */
+				DEBUG(10,("append_parent_acl: path %s "
+					"ignoring ACE with protected sid %s "
+					"from parent %s\n",
+					fsp->fsp_name,
+					sid_string_dbg(&se->trustee),
+					parent_name));
 				continue;
 			}
 		}
+
 		sec_ace_copy(&new_ace[i], se);
 		if (se->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
 			new_ace[i].flags &= ~(SEC_ACE_FLAG_VALID_INHERIT);
 		}
 		new_ace[i].flags |= SEC_ACE_FLAG_INHERITED_ACE;
+
+		if (fsp->is_directory) {
+			/*
+			 * Strip off any inherit only. It's applied.
+			 */
+			new_ace[i].flags &= ~(SEC_ACE_FLAG_INHERIT_ONLY);
+			if (se->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) {
+				/* No further inheritance. */
+				new_ace[i].flags &=
+					~(SEC_ACE_FLAG_CONTAINER_INHERIT|
+					SEC_ACE_FLAG_OBJECT_INHERIT);
+			}
+		} else {
+			/*
+			 * Strip off any container or inherit
+			 * flags, they can't apply to objects.
+			 */
+			new_ace[i].flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|
+						SEC_ACE_FLAG_INHERIT_ONLY|
+						SEC_ACE_FLAG_NO_PROPAGATE_INHERIT);
+		}
 		i++;
+
+		DEBUG(10,("append_parent_acl: path %s "
+			"inheriting ACE with sid %s "
+			"from parent %s\n",
+			fsp->fsp_name,
+			sid_string_dbg(&se->trustee),
+			parent_name));
 	}
 
 	parent_sd->dacl->aces = new_ace;
@@ -3413,6 +3419,9 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 	bool acl_perms = False;
 	mode_t orig_mode = (mode_t)0;
 	NTSTATUS status;
+	uid_t orig_uid;
+	gid_t orig_gid;
+	bool need_chown = False;
 
 	DEBUG(10,("set_nt_acl: called for file %s\n", fsp->fsp_name ));
 
@@ -3435,6 +3444,8 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 
 	/* Save the original elements we check against. */
 	orig_mode = sbuf.st_mode;
+	orig_uid = sbuf.st_uid;
+	orig_gid = sbuf.st_gid;
 
 	/*
 	 * Unpack the user/group/world id's.
@@ -3449,7 +3460,11 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 	 * Do we need to chown ?
 	 */
 
-	if (((user != (uid_t)-1) && (sbuf.st_uid != user)) || (( grp != (gid_t)-1) && (sbuf.st_gid != grp))) {
+	if (((user != (uid_t)-1) && (orig_uid != user)) || (( grp != (gid_t)-1) && (orig_gid != grp))) {
+		need_chown = True;
+	}
+
+	if (need_chown && (user == (uid_t)-1 || user == current_user.ut.uid)) {
 
 		DEBUG(3,("set_nt_acl: chown %s. uid = %u, gid = %u.\n",
 				fsp->fsp_name, (unsigned int)user, (unsigned int)grp ));
@@ -3487,6 +3502,11 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 
 		/* Save the original elements we check against. */
 		orig_mode = sbuf.st_mode;
+		orig_uid = sbuf.st_uid;
+		orig_gid = sbuf.st_gid;
+
+		/* We did chown already, drop the flag */
+		need_chown = False;
 	}
 
 	create_file_sids(&sbuf, &file_owner_sid, &file_grp_sid);
@@ -3630,6 +3650,21 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 		free_canon_ace_list(dir_ace_list); 
 	}
 
+	/* Any chown pending? */
+	if (need_chown) {
+		DEBUG(3,("set_nt_acl: chown %s. uid = %u, gid = %u.\n",
+			 fsp->fsp_name, (unsigned int)user, (unsigned int)grp ));
+		
+		if(try_chown( fsp->conn, fsp->fsp_name, user, grp) == -1) {
+			DEBUG(3,("set_nt_acl: chown %s, %u, %u failed. Error = %s.\n",
+				 fsp->fsp_name, (unsigned int)user, (unsigned int)grp, strerror(errno) ));
+			if (errno == EPERM) {
+				return NT_STATUS_INVALID_OWNER;
+			}
+			return map_nt_error_from_unix(errno);
+		}
+	}
+	
 	return NT_STATUS_OK;
 }
 
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index a5bdb96650..68bec7830a 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -20,12 +20,8 @@
 
 #include "includes.h"
 
-extern struct auth_context *negprot_global_auth_context;
 extern int smb_echo_count;
 
-const int total_buffer_size = (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN);
-static enum smb_read_errors smb_read_error = SMB_READ_OK;
-
 /*
  * Size of data we can send to client. Set
  *  by the client for all protocols above CORE.
@@ -45,11 +41,6 @@ extern int max_send;
 
 /* Accessor function for smb_read_error for smbd functions. */
 
-enum smb_read_errors *get_srv_read_error(void)
-{
-	return &smb_read_error;
-}
-
 /****************************************************************************
  Send an smb to a fd.
 ****************************************************************************/
@@ -130,50 +121,20 @@ static bool valid_packet_size(size_t len)
 		DEBUG(0,("Invalid packet length! (%lu bytes).\n",
 					(unsigned long)len));
 		if (len > BUFFER_SIZE + (SAFETY_MARGIN/2)) {
-
-			/*
-			 * Correct fix. smb_read_error may have already been
-			 * set. Only set it here if not already set. Global
-			 * variables still suck :-). JRA.
-			 */
-
-			cond_set_smb_read_error(get_srv_read_error(),
-						SMB_READ_ERROR);
 			return false;
 		}
 	}
 	return true;
 }
 
-static ssize_t read_packet_remainder(int fd,
-					char *buffer,
-					unsigned int timeout,
-					ssize_t len)
+static NTSTATUS read_packet_remainder(int fd, char *buffer,
+				      unsigned int timeout, ssize_t len)
 {
-	ssize_t ret;
-
-	if(len <= 0) {
-		return len;
-	}
-
-	if (timeout > 0) {
-		ret = read_socket_with_timeout(fd,
-						buffer,
-						len,
-						len,
-						timeout,
-						get_srv_read_error());
-	} else {
-		ret = read_data(fd, buffer, len, get_srv_read_error());
-	}
-
-	if (ret != len) {
-		cond_set_smb_read_error(get_srv_read_error(),
-					SMB_READ_ERROR);
-		return -1;
+	if (len <= 0) {
+		return NT_STATUS_OK;
 	}
 
-	return len;
+	return read_socket_with_timeout(fd, buffer, len, len, timeout, NULL);
 }
 
 /****************************************************************************
@@ -192,39 +153,29 @@ static ssize_t read_packet_remainder(int fd,
 				(2*14) + /* word count (including bcc) */ \
 				1 /* pad byte */)
 
-static ssize_t receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
-					const char lenbuf[4],
-					int fd,
-					char **buffer,
-					unsigned int timeout,
-					size_t *p_unread)
+static NTSTATUS receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
+						    const char lenbuf[4],
+						    int fd, char **buffer,
+						    unsigned int timeout,
+						    size_t *p_unread,
+						    size_t *len_ret)
 {
 	/* Size of a WRITEX call (+4 byte len). */
 	char writeX_header[4 + STANDARD_WRITE_AND_X_HEADER_SIZE];
 	ssize_t len = smb_len_large(lenbuf); /* Could be a UNIX large writeX. */
 	ssize_t toread;
-	ssize_t ret;
+	NTSTATUS status;
 
 	memcpy(writeX_header, lenbuf, sizeof(lenbuf));
 
-	if (timeout > 0) {
-		ret = read_socket_with_timeout(fd,
-					writeX_header + 4,
-					STANDARD_WRITE_AND_X_HEADER_SIZE,
-					STANDARD_WRITE_AND_X_HEADER_SIZE,
-					timeout,
-					get_srv_read_error());
-	} else {
-		ret = read_data(fd,
-				writeX_header+4,
-				STANDARD_WRITE_AND_X_HEADER_SIZE,
-				get_srv_read_error());
-	}
+	status = read_socket_with_timeout(
+		fd, writeX_header + 4,
+		STANDARD_WRITE_AND_X_HEADER_SIZE,
+		STANDARD_WRITE_AND_X_HEADER_SIZE,
+		timeout, NULL);
 
-	if (ret != STANDARD_WRITE_AND_X_HEADER_SIZE) {
-		cond_set_smb_read_error(get_srv_read_error(),
-					SMB_READ_ERROR);
-		return -1;
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
 
 	/*
@@ -263,19 +214,17 @@ static ssize_t receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
 		if (*buffer == NULL) {
 			DEBUG(0, ("Could not allocate inbuf of length %d\n",
 				  (int)sizeof(writeX_header)));
-			cond_set_smb_read_error(get_srv_read_error(),
-						SMB_READ_ERROR);
-			return -1;
+			return NT_STATUS_NO_MEMORY;
 		}
 
 		/* Work out the remaining bytes. */
 		*p_unread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
-
-		return newlen + 4;
+		*len_ret = newlen + 4;
+		return NT_STATUS_OK;
 	}
 
 	if (!valid_packet_size(len)) {
-		return -1;
+		return NT_STATUS_INVALID_PARAMETER;
 	}
 
 	/*
@@ -288,9 +237,7 @@ static ssize_t receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
 	if (*buffer == NULL) {
 		DEBUG(0, ("Could not allocate inbuf of length %d\n",
 			  (int)len+4));
-		cond_set_smb_read_error(get_srv_read_error(),
-					SMB_READ_ERROR);
-		return -1;
+		return NT_STATUS_NO_MEMORY;
 	}
 
 	/* Copy in what we already read. */
@@ -300,44 +247,34 @@ static ssize_t receive_smb_raw_talloc_partial_read(TALLOC_CTX *mem_ctx,
 	toread = len - STANDARD_WRITE_AND_X_HEADER_SIZE;
 
 	if(toread > 0) {
-		ret = read_packet_remainder(fd,
-			(*buffer) + 4 + STANDARD_WRITE_AND_X_HEADER_SIZE,
-					timeout,
-					toread);
-		if (ret != toread) {
-			return -1;
+		status = read_packet_remainder(
+			fd, (*buffer) + 4 + STANDARD_WRITE_AND_X_HEADER_SIZE,
+			timeout, toread);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
 		}
 	}
 
-	return len + 4;
+	*len_ret = len + 4;
+	return NT_STATUS_OK;
 }
 
-static ssize_t receive_smb_raw_talloc(TALLOC_CTX *mem_ctx,
-					int fd,
-					char **buffer,
-					unsigned int timeout,
-					size_t *p_unread)
+static NTSTATUS receive_smb_raw_talloc(TALLOC_CTX *mem_ctx, int fd,
+				       char **buffer, unsigned int timeout,
+				       size_t *p_unread, size_t *plen)
 {
 	char lenbuf[4];
-	ssize_t len,ret;
+	size_t len;
 	int min_recv_size = lp_min_receive_file_size();
+	NTSTATUS status;
 
-	set_smb_read_error(get_srv_read_error(),SMB_READ_OK);
 	*p_unread = 0;
 
-	len = read_smb_length_return_keepalive(fd, lenbuf,
-			timeout, get_srv_read_error());
-	if (len < 0) {
-		DEBUG(10,("receive_smb_raw: length < 0!\n"));
-
-		/*
-		 * Correct fix. smb_read_error may have already been
-		 * set. Only set it here if not already set. Global
-		 * variables still suck :-). JRA.
-		 */
-
-		cond_set_smb_read_error(get_srv_read_error(),SMB_READ_ERROR);
-		return -1;
+	status = read_smb_length_return_keepalive(fd, lenbuf, timeout, &len);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(10, ("receive_smb_raw: %s\n", nt_errstr(status)));
+		return status;
 	}
 
 	if (CVAL(lenbuf,0) == 0 &&
@@ -345,16 +282,18 @@ static ssize_t receive_smb_raw_talloc(TALLOC_CTX *mem_ctx,
 			smb_len_large(lenbuf) > min_recv_size && /* Could be a UNIX large writeX. */
 			!srv_is_signing_active()) {
 
-		return receive_smb_raw_talloc_partial_read(mem_ctx,
-							lenbuf,
-							fd,
-							buffer,
-							timeout,
-							p_unread);
+		status = receive_smb_raw_talloc_partial_read(
+			mem_ctx, lenbuf, fd, buffer, timeout, p_unread, &len);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(10, ("receive_smb_raw: %s\n",
+				   nt_errstr(status)));
+			return status;
+		}
 	}
 
 	if (!valid_packet_size(len)) {
-		return -1;
+		return NT_STATUS_INVALID_PARAMETER;
 	}
 
 	/*
@@ -366,46 +305,43 @@ static ssize_t receive_smb_raw_talloc(TALLOC_CTX *mem_ctx,
 	if (*buffer == NULL) {
 		DEBUG(0, ("Could not allocate inbuf of length %d\n",
 			  (int)len+4));
-		cond_set_smb_read_error(get_srv_read_error(),SMB_READ_ERROR);
-		return -1;
+		return NT_STATUS_NO_MEMORY;
 	}
 
 	memcpy(*buffer, lenbuf, sizeof(lenbuf));
 
-	ret = read_packet_remainder(fd, (*buffer)+4, timeout, len);
-	if (ret != len) {
-		return -1;
+	status = read_packet_remainder(fd, (*buffer)+4, timeout, len);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
 
-	return len + 4;
+	*plen = len + 4;
+	return NT_STATUS_OK;
 }
 
-static ssize_t receive_smb_talloc(TALLOC_CTX *mem_ctx,
-				int fd,
-				char **buffer,
-				unsigned int timeout,
-				size_t *p_unread,
-				bool *p_encrypted)
+static NTSTATUS receive_smb_talloc(TALLOC_CTX *mem_ctx,	int fd,
+				   char **buffer, unsigned int timeout,
+				   size_t *p_unread, bool *p_encrypted,
+				   size_t *p_len)
 {
-	ssize_t len;
+	size_t len = 0;
+	NTSTATUS status;
 
 	*p_encrypted = false;
 
-	len = receive_smb_raw_talloc(mem_ctx, fd, buffer, timeout, p_unread);
-
-	if (len < 0) {
-		return -1;
+	status = receive_smb_raw_talloc(mem_ctx, fd, buffer, timeout,
+					p_unread, &len);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
 
 	if (is_encrypted_packet((uint8_t *)*buffer)) {
-		NTSTATUS status = srv_decrypt_buffer(*buffer);
+		status = srv_decrypt_buffer(*buffer);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(0, ("receive_smb_talloc: SMB decryption failed on "
 				"incoming packet! Error %s\n",
 				nt_errstr(status) ));
-			cond_set_smb_read_error(get_srv_read_error(),
-					SMB_READ_BAD_DECRYPT);
-			return -1;
+			return status;
 		}
 		*p_encrypted = true;
 	}
@@ -414,11 +350,11 @@ static ssize_t receive_smb_talloc(TALLOC_CTX *mem_ctx,
 	if (!srv_check_sign_mac(*buffer, true)) {
 		DEBUG(0, ("receive_smb: SMB Signature verification failed on "
 			  "incoming packet!\n"));
-		cond_set_smb_read_error(get_srv_read_error(),SMB_READ_BAD_SIG);
-		return -1;
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
 	}
 
-	return len;
+	*p_len = len;
+	return NT_STATUS_OK;
 }
 
 /*
@@ -775,21 +711,18 @@ static int select_on_fd(int fd, int maxfd, fd_set *fds)
 The timeout is in milliseconds
 ****************************************************************************/
 
-static bool receive_message_or_smb(TALLOC_CTX *mem_ctx,
-				char **buffer,
-				size_t *buffer_len,
-				int timeout,
-				size_t *p_unread,
-				bool *p_encrypted)
+static NTSTATUS receive_message_or_smb(TALLOC_CTX *mem_ctx, char **buffer,
+				       size_t *buffer_len, int timeout,
+				       size_t *p_unread, bool *p_encrypted)
 {
 	fd_set r_fds, w_fds;
 	int selrtn;
 	struct timeval to;
 	int maxfd = 0;
-	ssize_t len;
+	size_t len = 0;
+	NTSTATUS status;
 
 	*p_unread = 0;
-	set_smb_read_error(get_srv_read_error(),SMB_READ_OK);
 
  again:
 
@@ -843,8 +776,7 @@ static bool receive_message_or_smb(TALLOC_CTX *mem_ctx,
 							msg->buf.length);
 			if (*buffer == NULL) {
 				DEBUG(0, ("talloc failed\n"));
-				set_smb_read_error(get_srv_read_error(),SMB_READ_ERROR);
-				return False;
+				return NT_STATUS_NO_MEMORY;
 			}
 			*buffer_len = msg->buf.length;
 			*p_encrypted = msg->encrypted;
@@ -852,7 +784,7 @@ static bool receive_message_or_smb(TALLOC_CTX *mem_ctx,
 			/* We leave this message on the queue so the open code can
 			   know this is a retry. */
 			DEBUG(5,("receive_message_or_smb: returning deferred open smb message.\n"));
-			return True;
+			return NT_STATUS_OK;
 		}
 	}
 
@@ -938,14 +870,12 @@ static bool receive_message_or_smb(TALLOC_CTX *mem_ctx,
 	/* Check if error */
 	if (selrtn == -1) {
 		/* something is wrong. Maybe the socket is dead? */
-		set_smb_read_error(get_srv_read_error(),SMB_READ_ERROR);
-		return False;
+		return map_nt_error_from_unix(errno);
 	} 
     
 	/* Did we timeout ? */
 	if (selrtn == 0) {
-		set_smb_read_error(get_srv_read_error(),SMB_READ_TIMEOUT);
-		return False;
+		return NT_STATUS_IO_TIMEOUT;
 	}
 
 	/*
@@ -964,16 +894,16 @@ static bool receive_message_or_smb(TALLOC_CTX *mem_ctx,
 		goto again;
 	}
 
-	len = receive_smb_talloc(mem_ctx, smbd_server_fd(),
-				buffer, 0, p_unread, p_encrypted);
+	status = receive_smb_talloc(mem_ctx, smbd_server_fd(), buffer, 0,
+				    p_unread, p_encrypted, &len);
 
-	if (len == -1) {
-		return False;
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}
 
-	*buffer_len = (size_t)len;
+	*buffer_len = len;
 
-	return True;
+	return NT_STATUS_OK;
 }
 
 /*
@@ -1951,27 +1881,11 @@ void check_reload(time_t t)
  Process any timeout housekeeping. Return False if the caller should exit.
 ****************************************************************************/
 
-static bool timeout_processing(int *select_timeout,
+static void timeout_processing(int *select_timeout,
 			       time_t *last_timeout_processing_time)
 {
 	time_t t;
 
-	if (*get_srv_read_error() == SMB_READ_EOF) {
-		DEBUG(3,("timeout_processing: End of file from client (client has disconnected).\n"));
-		return false;
-	}
-
-	if (*get_srv_read_error() == SMB_READ_ERROR) {
-		DEBUG(3,("timeout_processing: receive_smb error (%s) Exiting\n",
-			strerror(errno)));
-		return false;
-	}
-
-	if (*get_srv_read_error() == SMB_READ_BAD_SIG) {
-		DEBUG(3,("timeout_processing: receive_smb error bad smb signature. Exiting\n"));
-		return false;
-	}
-
 	*last_timeout_processing_time = t = time(NULL);
 
 	/* become root again if waiting */
@@ -2001,14 +1915,14 @@ static bool timeout_processing(int *select_timeout,
 		if (secrets_lock_trust_account_password(lp_workgroup(), True) == False) {
 			DEBUG(0,("process: unable to lock the machine account password for \
 machine %s in domain %s.\n", global_myname(), lp_workgroup() ));
-			return True;
+			return;
 		}
 
 		if(!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd_hash, &lct, NULL)) {
 			DEBUG(0,("process: unable to read the machine account password for \
 machine %s in domain %s.\n", global_myname(), lp_workgroup()));
 			secrets_lock_trust_account_password(lp_workgroup(), False);
-			return True;
+			return;
 		}
 
 		/*
@@ -2018,7 +1932,7 @@ machine %s in domain %s.\n", global_myname(), lp_workgroup()));
 		if(t < lct + lp_machine_password_timeout()) {
 			global_machine_password_needs_changing = False;
 			secrets_lock_trust_account_password(lp_workgroup(), False);
-			return True;
+			return;
 		}
 
 		/* always just contact the PDC here */
@@ -2050,7 +1964,7 @@ machine %s in domain %s.\n", global_myname(), lp_workgroup()));
 
 	*select_timeout = setup_select_timeout();
 
-	return True;
+	return;
 }
 
 /****************************************************************************
@@ -2068,8 +1982,8 @@ void smbd_process(void)
 	while (True) {
 		int select_timeout = setup_select_timeout();
 		int num_echos;
-		char *inbuf;
-		size_t inbuf_len;
+		char *inbuf = NULL;
+		size_t inbuf_len = 0;
 		bool encrypted = false;
 		TALLOC_CTX *frame = talloc_stackframe_pool(8192);
 
@@ -2077,21 +1991,35 @@ void smbd_process(void)
 
 		/* Did someone ask for immediate checks on things like blocking locks ? */
 		if (select_timeout == 0) {
-			if(!timeout_processing(&select_timeout,
-					       &last_timeout_processing_time))
-				return;
+			timeout_processing(&select_timeout,
+					   &last_timeout_processing_time);
 			num_smbs = 0; /* Reset smb counter. */
 		}
 
 		run_events(smbd_event_context(), 0, NULL, NULL);
 
-		while (!receive_message_or_smb(talloc_tos(), &inbuf, &inbuf_len,
-						select_timeout,
-						&unread_bytes,
-						&encrypted)) {
-			if(!timeout_processing(&select_timeout,
-					       &last_timeout_processing_time))
-				return;
+		while (True) {
+			NTSTATUS status;
+
+			status = receive_message_or_smb(
+				talloc_tos(), &inbuf, &inbuf_len,
+				select_timeout,	&unread_bytes, &encrypted);
+
+			if (NT_STATUS_IS_OK(status)) {
+				break;
+			}
+
+			if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
+				timeout_processing(
+					&select_timeout,
+					&last_timeout_processing_time);
+				continue;
+			}
+
+			DEBUG(3, ("receive_message_or_smb failed: %s, "
+				  "exiting\n", nt_errstr(status)));
+			return;
+
 			num_smbs = 0; /* Reset smb counter. */
 		}
 
@@ -2112,8 +2040,8 @@ void smbd_process(void)
 		TALLOC_FREE(inbuf);
 
 		if (smb_echo_count != num_echos) {
-			if(!timeout_processing( &select_timeout, &last_timeout_processing_time))
-				return;
+			timeout_processing(&select_timeout,
+					   &last_timeout_processing_time);
 			num_smbs = 0; /* Reset smb counter. */
 		}
 
@@ -2129,10 +2057,9 @@ void smbd_process(void)
 		if ((num_smbs % 200) == 0) {
 			time_t new_check_time = time(NULL);
 			if(new_check_time - last_timeout_processing_time >= (select_timeout/1000)) {
-				if(!timeout_processing(
-					   &select_timeout,
-					   &last_timeout_processing_time))
-					return;
+				timeout_processing(
+					&select_timeout,
+					&last_timeout_processing_time);
 				num_smbs = 0; /* Reset smb counter. */
 				last_timeout_processing_time = new_check_time; /* Reset time. */
 			}
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index e2316ef120..818ff319e4 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -167,6 +167,7 @@ static NTSTATUS check_path_syntax_internal(char *path,
 	}
 
 	*d = '\0';
+
 	return ret;
 }
 
@@ -1109,6 +1110,12 @@ void reply_setatr(struct smb_request *req)
 	mode = SVAL(req->inbuf,smb_vwv0);
 	mtime = srv_make_unix_date3(req->inbuf+smb_vwv1);
 
+	if (!set_filetime(conn,fname,convert_time_t_to_timespec(mtime))) {
+		reply_unixerror(req, ERRDOS, ERRnoaccess);
+		END_PROFILE(SMBsetatr);
+		return;
+	}
+
 	if (mode != FILE_ATTRIBUTE_NORMAL) {
 		if (VALID_STAT_OF_DIR(sbuf))
 			mode |= aDIR;
@@ -1122,12 +1129,6 @@ void reply_setatr(struct smb_request *req)
 		}
 	}
 
-	if (!set_filetime(conn,fname,convert_time_t_to_timespec(mtime))) {
-		reply_unixerror(req, ERRDOS, ERRnoaccess);
-		END_PROFILE(SMBsetatr);
-		return;
-	}
-
 	reply_outbuf(req, 0, 0);
  
 	DEBUG( 3, ( "setatr name=%s mode=%d\n", fname, mode ) );
@@ -1638,11 +1639,11 @@ void reply_open(struct smb_request *req)
 	}
 
 	size = sbuf.st_size;
-	fattr = dos_mode(conn,fname,&sbuf);
+	fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
 	mtime = sbuf.st_mtime;
 
 	if (fattr & aDIR) {
-		DEBUG(3,("attempt to open a directory %s\n",fname));
+		DEBUG(3,("attempt to open a directory %s\n",fsp->fsp_name));
 		close_file(fsp,ERROR_CLOSE);
 		reply_doserror(req, ERRDOS,ERRnoaccess);
 		END_PROFILE(SMBopen);
@@ -1801,7 +1802,7 @@ void reply_open_and_X(struct smb_request *req)
 		sbuf.st_size = get_allocation_size(conn,fsp,&sbuf);
 	}
 
-	fattr = dos_mode(conn,fname,&sbuf);
+	fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
 	mtime = sbuf.st_mtime;
 	if (fattr & aDIR) {
 		close_file(fsp,ERROR_CLOSE);
@@ -1984,7 +1985,7 @@ void reply_mknew(struct smb_request *req)
 	}
 
 	ts[0] = get_atimespec(&sbuf); /* atime. */
-	file_ntimes(conn, fname, ts);
+	file_ntimes(conn, fsp->fsp_name, ts);
 
 	reply_outbuf(req, 1, 0);
 	SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
@@ -1999,9 +2000,9 @@ void reply_mknew(struct smb_request *req)
 				CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
 	}
 
-	DEBUG( 2, ( "reply_mknew: file %s\n", fname ) );
+	DEBUG( 2, ( "reply_mknew: file %s\n", fsp->fsp_name ) );
 	DEBUG( 3, ( "reply_mknew %s fd=%d dmode=0x%x\n",
-				fname, fsp->fh->fd, (unsigned int)fattr ) );
+		    fsp->fsp_name, fsp->fh->fd, (unsigned int)fattr ) );
 
 	END_PROFILE(SMBcreate);
 	return;
@@ -2124,9 +2125,9 @@ void reply_ctemp(struct smb_request *req)
 	SSVAL(req->outbuf,smb_vwv0,fsp->fnum);
 
 	/* the returned filename is relative to the directory */
-	s = strrchr_m(fname, '/');
+	s = strrchr_m(fsp->fsp_name, '/');
 	if (!s) {
-		s = fname;
+		s = fsp->fsp_name;
 	} else {
 		s++;
 	}
@@ -2153,9 +2154,9 @@ void reply_ctemp(struct smb_request *req)
 		      CVAL(req->outbuf,smb_flg)|CORE_OPLOCK_GRANTED);
 	}
 
-	DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fname ) );
-	DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fname, fsp->fh->fd,
-			(unsigned int)sbuf.st_mode ) );
+	DEBUG( 2, ( "reply_ctemp: created temp file %s\n", fsp->fsp_name ) );
+	DEBUG( 3, ( "reply_ctemp %s fd=%d umode=0%o\n", fsp->fsp_name,
+		    fsp->fh->fd, (unsigned int)sbuf.st_mode ) );
 
 	END_PROFILE(SMBctemp);
 	return;
@@ -2289,14 +2290,22 @@ static NTSTATUS do_unlink(connection_struct *conn,
 	/* On open checks the open itself will check the share mode, so
 	   don't do it here as we'll get it wrong. */
 
-	status = open_file_ntcreate(conn, req, fname, &sbuf,
-				    DELETE_ACCESS,
-				    FILE_SHARE_NONE,
-				    FILE_OPEN,
-				    0,
-				    FILE_ATTRIBUTE_NORMAL,
-				    req != NULL ? 0 : INTERNAL_OPEN_ONLY,
-				    NULL, &fsp);
+	status = create_file_unixpath
+		(conn,			/* conn */
+		 req,			/* req */
+		 fname,			/* fname */
+		 DELETE_ACCESS,		/* access_mask */
+		 FILE_SHARE_NONE,	/* share_access */
+		 FILE_OPEN,		/* create_disposition*/
+		 FILE_NON_DIRECTORY_FILE, /* create_options */
+		 FILE_ATTRIBUTE_NORMAL,	/* file_attributes */
+		 0,			/* oplock_request */
+		 0,			/* allocation_size */
+		 NULL,			/* sd */
+		 NULL,			/* ea_list */
+		 &fsp,			/* result */
+		 NULL,			/* pinfo */
+		 &sbuf);		/* psbuf */
 
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(10, ("open_file_ntcreate failed: %s\n",
@@ -2460,7 +2469,7 @@ NTSTATUS unlink_internals(connection_struct *conn, struct smb_request *req,
 			}
 
 			count++;
-			DEBUG(3,("unlink_internals: succesful unlink [%s]\n",
+			DEBUG(3,("unlink_internals: successful unlink [%s]\n",
 				 fname));
 
 			TALLOC_FREE(fname);
@@ -3329,8 +3338,8 @@ void reply_read_and_X(struct smb_request *req)
 		return;
 	}
 
-	if (!big_readX
-	    && schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
+	if (!big_readX &&
+	    schedule_aio_read_and_X(conn, req, fsp, startpos, smb_maxcnt)) {
 		END_PROFILE(SMBreadX);
 		return;
 	}
@@ -3362,7 +3371,6 @@ void error_to_writebrawerr(struct smb_request *req)
 void reply_writebraw(struct smb_request *req)
 {
 	connection_struct *conn = req->conn;
-	int outsize = 0;
 	char *buf = NULL;
 	ssize_t nwritten=0;
 	ssize_t total_written=0;
@@ -3472,8 +3480,7 @@ void reply_writebraw(struct smb_request *req)
 	 * it to send more bytes */
 
 	memcpy(buf, req->inbuf, smb_size);
-	outsize = srv_set_message(buf,
-			Protocol>PROTOCOL_COREPLUS?1:0,0,True);
+	srv_set_message(buf,Protocol>PROTOCOL_COREPLUS?1:0,0,True);
 	SCVAL(buf,smb_com,SMBwritebraw);
 	SSVALS(buf,smb_vwv0,0xFFFF);
 	show_msg(buf);
@@ -3485,18 +3492,12 @@ void reply_writebraw(struct smb_request *req)
 	}
 
 	/* Now read the raw data into the buffer and write it */
-	if (read_smb_length(smbd_server_fd(),buf,
-			SMB_SECONDARY_WAIT, get_srv_read_error()) == -1) {
+	status = read_smb_length(smbd_server_fd(), buf, SMB_SECONDARY_WAIT,
+				 &numtowrite);
+	if (!NT_STATUS_IS_OK(status)) {
 		exit_server_cleanly("secondary writebraw failed");
 	}
 
-	/*
-	 * Even though this is not an smb message,
-	 * smb_len returns the generic length of a packet.
-	 */
-
-	numtowrite = smb_len(buf);
-
 	/* Set up outbuf to return the correct size */
 	reply_outbuf(req, 1, 0);
 
@@ -3515,11 +3516,12 @@ void reply_writebraw(struct smb_request *req)
 				(int)tcount,(int)nwritten,(int)numtowrite));
 		}
 
-		if (read_data(smbd_server_fd(), buf+4, numtowrite,get_srv_read_error())
-					!= numtowrite ) {
+		status = read_data(smbd_server_fd(), buf+4, numtowrite);
+
+		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(0,("reply_writebraw: Oversize secondary write "
-				"raw read failed (%s). Terminating\n",
-				strerror(errno) ));
+				 "raw read failed (%s). Terminating\n",
+				 nt_errstr(status)));
 			exit_server_cleanly("secondary writebraw failed");
 		}
 
@@ -4001,13 +4003,13 @@ void reply_write_and_X(struct smb_request *req)
 		nwritten = 0;
 	} else {
 
-		if (req->unread_bytes == 0 &&
-				schedule_aio_write_and_X(conn, req, fsp, data,
-							startpos, numtowrite)) {
+		if ((req->unread_bytes == 0) &&
+		    schedule_aio_write_and_X(conn, req, fsp, data, startpos,
+					     numtowrite)) {
 			END_PROFILE(SMBwriteX);
 			return;
 		}
-
+		
 		nwritten = write_file(req,fsp,data,startpos,numtowrite);
 	}
 
diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c
index ea017e08d8..d4394e5bca 100644
--- a/source3/smbd/seal.c
+++ b/source3/smbd/seal.c
@@ -496,12 +496,15 @@ static NTSTATUS srv_enc_spnego_negotiate(connection_struct *conn,
 
 	srv_free_encryption_context(&partial_srv_trans_enc_ctx);
 
+	if (got_kerberos_mechanism) {
 #if defined(HAVE_GSSAPI) && defined(HAVE_KRB5)
-	if (got_kerberos_mechanism && lp_use_kerberos_keytab() ) {
 		status = srv_enc_spnego_gss_negotiate(ppdata, p_data_size, secblob);
-	} else 
+#else
+		/* Currently we don't SPNEGO negotiate
+		 * back to NTLMSSP as we do in sessionsetupX. We should... */
+		return NT_STATUS_LOGON_FAILURE;
 #endif
-	{
+	} else {
 		status = srv_enc_ntlm_negotiate(ppdata, p_data_size, secblob, true);
 	}
 
@@ -558,7 +561,16 @@ static NTSTATUS srv_enc_spnego_ntlm_auth(connection_struct *conn,
 	status = auth_ntlmssp_update(ec->auth_ntlmssp_state, auth, &auth_reply);
 	data_blob_free(&auth);
 
-	response = spnego_gen_auth_response(&auth_reply, status, OID_NTLMSSP);
+	/* From RFC4178.
+	 *
+	 *    supportedMech
+	 *
+	 *          This field SHALL only be present in the first reply from the
+	 *                target.
+	 * So set mechOID to NULL here.
+	 */
+
+	response = spnego_gen_auth_response(&auth_reply, status, NULL);
 	data_blob_free(&auth_reply);
 
 	if (NT_STATUS_IS_OK(status)) {
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 8371d17f10..7bf11abfbd 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -268,10 +268,20 @@ static void add_child_pid(pid_t pid)
 	num_children += 1;
 }
 
-static void remove_child_pid(pid_t pid)
+static void remove_child_pid(pid_t pid, bool unclean_shutdown)
 {
 	struct child_pid *child;
 
+	if (unclean_shutdown) {
+		/* a child terminated uncleanly so tickle all processes to see 
+		   if they can grab any of the pending locks
+		*/
+		messaging_send_buf(smbd_messaging_context(), procid_self(), 
+				   MSG_SMB_BRL_VALIDATE, NULL, 0);
+		message_send_all(smbd_messaging_context(), 
+				 MSG_SMB_UNLOCK, NULL, 0, NULL);
+	}
+
 	if (lp_max_smbd_processes() == 0) {
 		/* Don't bother with the child list if we don't care anyway */
 		return;
@@ -560,10 +570,27 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_
 
 		if (got_sig_cld) {
 			pid_t pid;
+			int status;
+
 			got_sig_cld = False;
 
-			while ((pid = sys_waitpid(-1, NULL, WNOHANG)) > 0) {
-				remove_child_pid(pid);
+			while ((pid = sys_waitpid(-1, &status, WNOHANG)) > 0) {
+				bool unclean_shutdown = False;
+				
+				/* If the child terminated normally, assume
+				   it was an unclean shutdown unless the
+				   status is 0 
+				*/
+				if (WIFEXITED(status)) {
+					unclean_shutdown = WEXITSTATUS(status);
+				}
+				/* If the child terminated due to a signal
+				   we always assume it was unclean.
+				*/
+				if (WIFSIGNALED(status)) {
+					unclean_shutdown = True;
+				}
+				remove_child_pid(pid, unclean_shutdown);
 			}
 		}
 
@@ -603,6 +630,15 @@ static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_
 
 			continue;
 		}
+		
+
+		/* If the idle timeout fired and we don't have any connected
+		 * users, exit gracefully. We should be running under a process
+		 * controller that will restart us if necessry.
+		 */
+		if (num == 0 && count_all_current_connections() == 0) {
+			exit_server_cleanly("idle timeout");
+		}
 
 		/* process pending nDNS responses */
 		if (dns_register_smbd_reply(dns_reg, &r_fds, &idle_timeout)) {
@@ -906,6 +942,29 @@ void exit_server_fault(void)
 	exit_server("critical server fault");
 }
 
+
+/****************************************************************************
+received when we should release a specific IP
+****************************************************************************/
+static void msg_release_ip(struct messaging_context *msg_ctx, void *private_data, 
+                    	   uint32_t msg_type, struct server_id server_id, DATA_BLOB *data)
+{
+	const char *ip = (const char *)data->data;
+	char addr[INET6_ADDRSTRLEN];
+
+	if (strcmp(client_socket_addr(get_client_fd(),addr,sizeof(addr)), ip) == 0) {
+		/* we can't afford to do a clean exit - that involves
+		   database writes, which would potentially mean we
+		   are still running after the failover has finished -
+		   we have to get rid of this process ID straight
+		   away */
+		DEBUG(0,("Got release IP message for our IP %s - exiting immediately\n",
+			ip));
+		_exit(0);
+	}
+}
+
+
 /****************************************************************************
  Initialise connect, service and file structs.
 ****************************************************************************/
@@ -929,7 +988,8 @@ static bool init_structs(void )
 
 	init_dptrs();
 
-	secrets_init();
+	if (!secrets_init())
+		return False;
 
 	return True;
 }
@@ -1254,12 +1314,6 @@ extern void build_options(bool screen);
 	if ( is_daemon && !interactive )
 		start_background_queue(); 
 
-	/* Always attempt to initialize DMAPI. We will only use it later if
-	 * lp_dmapi_support is set on the share, but we need a single global
-	 * session to work with.
-	 */
-	dmapi_init_session();
-
 	if (!open_sockets_smbd(is_daemon, interactive, ports))
 		exit(1);
 
@@ -1305,6 +1359,8 @@ extern void build_options(bool screen);
 	/* register our message handlers */
 	messaging_register(smbd_messaging_context(), NULL,
 			   MSG_SMB_FORCE_TDIS, msg_force_tdis);
+	messaging_register(smbd_messaging_context(), NULL,
+			   MSG_SMB_RELEASE_IP, msg_release_ip);
 
 	if ((lp_keepalive() != 0)
 	    && !(event_add_idle(smbd_event_context(), NULL,
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 2588a66b8b..a8aa25405a 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -219,44 +219,6 @@ bool set_current_service(connection_struct *conn, uint16 flags, bool do_chdir)
 	return(True);
 }
 
-/****************************************************************************
- Add a home service. Returns the new service number or -1 if fail.
-****************************************************************************/
-
-int add_home_service(const char *service, const char *username, const char *homedir)
-{
-	int iHomeService;
-
-	if (!service || !homedir)
-		return -1;
-
-	if ((iHomeService = lp_servicenumber(HOMES_NAME)) < 0)
-		return -1;
-
-	/*
-	 * If this is a winbindd provided username, remove
-	 * the domain component before adding the service.
-	 * Log a warning if the "path=" parameter does not
-	 * include any macros.
-	 */
-
-	{
-		const char *p = strchr(service,*lp_winbind_separator());
-
-		/* We only want the 'user' part of the string */
-		if (p) {
-			service = p + 1;
-		}
-	}
-
-	if (!lp_add_home(service, iHomeService, username, homedir)) {
-		return -1;
-	}
-	
-	return lp_servicenumber(service);
-
-}
-
 static int load_registry_service(const char *servicename)
 {
 	struct registry_key *key;
@@ -348,6 +310,47 @@ void load_registry_shares(void)
 	return;
 }
 
+/****************************************************************************
+ Add a home service. Returns the new service number or -1 if fail.
+****************************************************************************/
+
+int add_home_service(const char *service, const char *username, const char *homedir)
+{
+	int iHomeService;
+
+	if (!service || !homedir)
+		return -1;
+
+	if ((iHomeService = lp_servicenumber(HOMES_NAME)) < 0) {
+		if ((iHomeService = load_registry_service(HOMES_NAME)) < 0) {
+			return -1;
+		}
+	}
+
+	/*
+	 * If this is a winbindd provided username, remove
+	 * the domain component before adding the service.
+	 * Log a warning if the "path=" parameter does not
+	 * include any macros.
+	 */
+
+	{
+		const char *p = strchr(service,*lp_winbind_separator());
+
+		/* We only want the 'user' part of the string */
+		if (p) {
+			service = p + 1;
+		}
+	}
+
+	if (!lp_add_home(service, iHomeService, username, homedir)) {
+		return -1;
+	}
+	
+	return lp_servicenumber(service);
+
+}
+
 /**
  * Find a service entry.
  *
@@ -386,7 +389,10 @@ int find_service(fstring service)
 	if (iService < 0) {
 		int iPrinterService;
 
-		if ((iPrinterService = lp_servicenumber(PRINTERS_NAME)) >= 0) {
+		if ((iPrinterService = lp_servicenumber(PRINTERS_NAME)) < 0) {
+			iPrinterService = load_registry_service(PRINTERS_NAME);
+		}
+		if (iPrinterService) {
 			DEBUG(3,("checking whether %s is a valid printer name...\n", service));
 			if (pcap_printername_ok(service)) {
 				DEBUG(3,("%s is a valid printer name\n", service));
@@ -1165,16 +1171,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
 	 * assumes that all the filesystem mounted withing a share path have
 	 * the same characteristics, which is likely but not guaranteed.
 	 */
-	{
-		vfs_statvfs_struct svfs;
-
-		conn->fs_capabilities =
-		    FILE_CASE_SENSITIVE_SEARCH | FILE_CASE_PRESERVED_NAMES;
 
-		if (SMB_VFS_STATVFS(conn, conn->connectpath, &svfs) == 0) {
-			conn->fs_capabilities = svfs.FsCapabilities;
-		}
-	}
+	conn->fs_capabilities = SMB_VFS_FS_CAPABILITIES(conn);
 
 	/*
 	 * Print out the 'connected as' stuff here as we need
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index aee8e498e9..9baa02977a 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -259,7 +259,7 @@ static void reply_spnego_kerberos(struct smb_request *req,
 	fstring user;
 	int sess_vuid = req->vuid;
 	NTSTATUS ret = NT_STATUS_OK;
-	PAC_DATA *pac_data = NULL;
+	struct PAC_DATA *pac_data = NULL;
 	DATA_BLOB ap_rep, ap_rep_wrapped, response;
 	auth_serversupplied_info *server_info = NULL;
 	DATA_BLOB session_key = data_blob_null;
@@ -268,7 +268,7 @@ static void reply_spnego_kerberos(struct smb_request *req,
 	fstring real_username;
 	bool map_domainuser_to_guest = False;
 	bool username_was_mapped;
-	PAC_LOGON_INFO *logon_info = NULL;
+	struct PAC_LOGON_INFO *logon_info = NULL;
 
 	ZERO_STRUCT(ticket);
 	ZERO_STRUCT(ap_rep);
@@ -394,10 +394,9 @@ static void reply_spnego_kerberos(struct smb_request *req,
 
 	domain = p+1;
 
-	if (logon_info && logon_info->info3.hdr_logon_dom.uni_str_len) {
-		unistr2_to_ascii(netbios_domain_name,
-				&logon_info->info3.uni_logon_dom,
-				sizeof(netbios_domain_name));
+	if (logon_info && logon_info->info3.base.domain.string) {
+		fstrcpy(netbios_domain_name,
+			logon_info->info3.base.domain.string);
 		domain = netbios_domain_name;
 		DEBUG(10, ("Mapped to [%s] (using PAC)\n", domain));
 
@@ -410,30 +409,24 @@ static void reply_spnego_kerberos(struct smb_request *req,
 		   name. And even w2k3 does use ntlmssp if you for example
 		   connect to an ip address. */
 
-		struct winbindd_request wb_request;
-		struct winbindd_response wb_response;
-		NSS_STATUS wb_result;
-
-		ZERO_STRUCT(wb_request);
-		ZERO_STRUCT(wb_response);
+		wbcErr wbc_status;
+		struct wbcDomainInfo *info = NULL;
 
 		DEBUG(10, ("Mapping [%s] to short name\n", domain));
 
-		fstrcpy(wb_request.domain_name, domain);
-
-		wb_result = winbindd_request_response(WINBINDD_DOMAIN_INFO,
-					     &wb_request, &wb_response);
+		wbc_status = wbcDomainInfo(domain, &info);
 
-		if (wb_result == NSS_STATUS_SUCCESS) {
+		if (WBC_ERROR_IS_OK(wbc_status)) {
 
 			fstrcpy(netbios_domain_name,
-				wb_response.data.domain_info.name);
-			domain = netbios_domain_name;
+				info->short_name);
 
+			wbcFreeMemory(info);
+			domain = netbios_domain_name;
 			DEBUG(10, ("Mapped to [%s] (using Winbind)\n", domain));
 		} else {
-			DEBUG(3, ("Could not find short name -- winbind "
-				  "not running?\n"));
+			DEBUG(3, ("Could not find short name: %s\n",
+				wbcErrorString(wbc_status)));
 		}
 	}
 
@@ -626,6 +619,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
 				 uint16 vuid,
 				 AUTH_NTLMSSP_STATE **auth_ntlmssp_state,
 				 DATA_BLOB *ntlmssp_blob, NTSTATUS nt_status,
+				 const char *OID,
 				 bool wrap)
 {
 	DATA_BLOB response;
@@ -686,7 +680,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
 
 	if (wrap) {
 		response = spnego_gen_auth_response(ntlmssp_blob,
-				nt_status, OID_NTLMSSP);
+				nt_status, OID);
 	} else {
 		response = *ntlmssp_blob;
 	}
@@ -751,6 +745,28 @@ NTSTATUS parse_spnego_mechanisms(DATA_BLOB blob_in, DATA_BLOB *pblob_out,
 }
 
 /****************************************************************************
+ Fall back from krb5 to NTLMSSP.
+****************************************************************************/
+
+static void reply_spnego_downgrade_to_ntlmssp(struct smb_request *req,
+						uint16 vuid)
+{
+	DATA_BLOB response;
+
+	reply_outbuf(req, 4, 0);
+        SSVAL(req->outbuf,smb_uid,vuid);
+
+	DEBUG(3,("reply_spnego_downgrade_to_ntlmssp: Got krb5 ticket in SPNEGO "
+		"but set to downgrade to NTLMSSP\n"));
+
+	response = spnego_gen_auth_response(NULL,
+			NT_STATUS_MORE_PROCESSING_REQUIRED,
+			OID_NTLMSSP);
+	reply_sesssetup_blob(req, response, NT_STATUS_MORE_PROCESSING_REQUIRED);
+	data_blob_free(&response);
+}
+
+/****************************************************************************
  Reply to a session setup spnego negotiate packet.
 ****************************************************************************/
 
@@ -795,6 +811,15 @@ static void reply_spnego_negotiate(struct smb_request *req,
 		auth_ntlmssp_end(auth_ntlmssp_state);
 	}
 
+	if (got_kerberos_mechanism) {
+		data_blob_free(&secblob);
+		/* The mechtoken is a krb5 ticket, but
+		 * we need to fall back to NTLM. */
+		reply_spnego_downgrade_to_ntlmssp(req,
+					vuid);
+		return;
+	}
+
 	status = auth_ntlmssp_start(auth_ntlmssp_state);
 	if (!NT_STATUS_IS_OK(status)) {
 		/* Kill the intermediate vuid */
@@ -809,7 +834,7 @@ static void reply_spnego_negotiate(struct smb_request *req,
 	data_blob_free(&secblob);
 
 	reply_spnego_ntlmssp(req, vuid, auth_ntlmssp_state,
-			     &chal, status, True);
+			     &chal, status, OID_NTLMSSP, true);
 
 	data_blob_free(&chal);
 
@@ -829,7 +854,7 @@ static void reply_spnego_auth(struct smb_request *req,
 	DATA_BLOB auth = data_blob_null;
 	DATA_BLOB auth_reply = data_blob_null;
 	DATA_BLOB secblob = data_blob_null;
-	NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
+	NTSTATUS status = NT_STATUS_LOGON_FAILURE;
 
 	if (!spnego_parse_auth(blob1, &auth)) {
 #if 0
@@ -839,7 +864,7 @@ static void reply_spnego_auth(struct smb_request *req,
 		invalidate_vuid(vuid);
 
 		reply_nterror(req, nt_status_squash(
-				      NT_STATUS_INVALID_PARAMETER));
+				      NT_STATUS_LOGON_FAILURE));
 		return;
 	}
 
@@ -849,24 +874,43 @@ static void reply_spnego_auth(struct smb_request *req,
 		bool got_krb5_mechanism = False;
 		status = parse_spnego_mechanisms(auth, &secblob,
 				&got_krb5_mechanism);
-		if (NT_STATUS_IS_OK(status)) {
-			DEBUG(3,("reply_spnego_auth: Got secblob of size %lu\n",
-					(unsigned long)secblob.length));
+
+		if (!NT_STATUS_IS_OK(status)) {
+			/* Kill the intermediate vuid */
+			invalidate_vuid(vuid);
+			reply_nterror(req, nt_status_squash(status));
+			return;
+		}
+
+		DEBUG(3,("reply_spnego_auth: Got secblob of size %lu\n",
+				(unsigned long)secblob.length));
 #ifdef HAVE_KRB5
-			if ( got_krb5_mechanism && ((lp_security()==SEC_ADS) ||
-						lp_use_kerberos_keytab()) ) {
-				bool destroy_vuid = True;
-				reply_spnego_kerberos(req, &secblob,
-						      vuid, &destroy_vuid);
-				data_blob_free(&secblob);
-				data_blob_free(&auth);
-				if (destroy_vuid) {
-					/* Kill the intermediate vuid */
-					invalidate_vuid(vuid);
-				}
-				return;
+		if ( got_krb5_mechanism && ((lp_security()==SEC_ADS) ||
+					lp_use_kerberos_keytab()) ) {
+			bool destroy_vuid = True;
+			reply_spnego_kerberos(req, &secblob,
+					      vuid, &destroy_vuid);
+			data_blob_free(&secblob);
+			data_blob_free(&auth);
+			if (destroy_vuid) {
+				/* Kill the intermediate vuid */
+				invalidate_vuid(vuid);
 			}
+			return;
+		}
 #endif
+		/* Can't blunder into NTLMSSP auth if we have
+		 * a krb5 ticket. */
+
+		if (got_krb5_mechanism) {
+			/* Kill the intermediate vuid */
+			invalidate_vuid(vuid);
+			DEBUG(3,("reply_spnego_auth: network "
+				"misconfiguration, client sent us a "
+				"krb5 ticket and kerberos security "
+				"not enabled"));
+			reply_nterror(req, nt_status_squash(
+					NT_STATUS_LOGON_FAILURE));
 		}
 	}
 
@@ -874,13 +918,13 @@ static void reply_spnego_auth(struct smb_request *req,
 	data_blob_free(&secblob);
 
 	if (!*auth_ntlmssp_state) {
-		/* Kill the intermediate vuid */
-		invalidate_vuid(vuid);
-
-		/* auth before negotiatiate? */
-		reply_nterror(req, nt_status_squash(
-				      NT_STATUS_INVALID_PARAMETER));
-		return;
+		status = auth_ntlmssp_start(auth_ntlmssp_state);
+		if (!NT_STATUS_IS_OK(status)) {
+			/* Kill the intermediate vuid */
+			invalidate_vuid(vuid);
+			reply_nterror(req, nt_status_squash(status));
+			return;
+		}
 	}
 
 	status = auth_ntlmssp_update(*auth_ntlmssp_state,
@@ -888,9 +932,11 @@ static void reply_spnego_auth(struct smb_request *req,
 
 	data_blob_free(&auth);
 
+	/* Don't send the mechid as we've already sent this (RFC4178). */
+
 	reply_spnego_ntlmssp(req, vuid,
 			     auth_ntlmssp_state,
-			     &auth_reply, status, True);
+			     &auth_reply, status, NULL, true);
 
 	data_blob_free(&auth_reply);
 
@@ -1257,7 +1303,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
 
 		reply_spnego_ntlmssp(req, vuid,
 				     &vuser->auth_ntlmssp_state,
-				     &chal, status, False);
+				     &chal, status, OID_NTLMSSP, false);
 		data_blob_free(&chal);
 		return;
 	}
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index bf6802f2a6..dc908846b3 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -5,7 +5,7 @@
    Copyright (C) Stefan (metze) Metzmacher	2003
    Copyright (C) Volker Lendecke		2005-2007
    Copyright (C) Steve French			2005
-   Copyright (C) James Peach			2007
+   Copyright (C) James Peach			2006-2007
 
    Extensively modified by Andrew Tridgell, 1995
 
@@ -105,17 +105,22 @@ static bool samba_private_attr_name(const char *unix_ea_name)
 
 	for (i = 0; prohibited_ea_names[i]; i++) {
 		if (strequal( prohibited_ea_names[i], unix_ea_name))
-			return True;
+			return true;
 	}
-	return False;
+	if (StrnCaseCmp(unix_ea_name, SAMBA_XATTR_DOSSTREAM_PREFIX,
+			strlen(SAMBA_XATTR_DOSSTREAM_PREFIX)) == 0) {
+		return true;
+	}
+	return false;
 }
 
 /****************************************************************************
  Get one EA value. Fill in a struct ea_struct.
 ****************************************************************************/
 
-static bool get_ea_value(TALLOC_CTX *mem_ctx, connection_struct *conn, files_struct *fsp,
-				const char *fname, char *ea_name, struct ea_struct *pea)
+NTSTATUS get_ea_value(TALLOC_CTX *mem_ctx, connection_struct *conn,
+		      files_struct *fsp, const char *fname,
+		      const char *ea_name, struct ea_struct *pea)
 {
 	/* Get the value of this xattr. Max size is 64k. */
 	size_t attr_size = 256;
@@ -126,7 +131,7 @@ static bool get_ea_value(TALLOC_CTX *mem_ctx, connection_struct *conn, files_str
 
 	val = TALLOC_REALLOC_ARRAY(mem_ctx, val, char, attr_size);
 	if (!val) {
-		return False;
+		return NT_STATUS_NO_MEMORY;
 	}
 
 	if (fsp && fsp->fh->fd != -1) {
@@ -141,7 +146,7 @@ static bool get_ea_value(TALLOC_CTX *mem_ctx, connection_struct *conn, files_str
 	}
 
 	if (sizeret == -1) {
-		return False;
+		return map_nt_error_from_unix(errno);
 	}
 
 	DEBUG(10,("get_ea_value: EA %s is of length %u\n", ea_name, (unsigned int)sizeret));
@@ -149,93 +154,192 @@ static bool get_ea_value(TALLOC_CTX *mem_ctx, connection_struct *conn, files_str
 
 	pea->flags = 0;
 	if (strnequal(ea_name, "user.", 5)) {
-		pea->name = &ea_name[5];
+		pea->name = talloc_strdup(mem_ctx, &ea_name[5]);
 	} else {
-		pea->name = ea_name;
+		pea->name = talloc_strdup(mem_ctx, ea_name);
+	}
+	if (pea->name == NULL) {
+		TALLOC_FREE(val);
+		return NT_STATUS_NO_MEMORY;
 	}
 	pea->value.data = (unsigned char *)val;
 	pea->value.length = (size_t)sizeret;
-	return True;
+	return NT_STATUS_OK;
 }
 
-/****************************************************************************
- Return a linked list of the total EA's. Plus the total size
-****************************************************************************/
-
-static struct ea_list *get_ea_list_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, files_struct *fsp,
-					const char *fname, size_t *pea_total_len)
+NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
+				files_struct *fsp, const char *fname,
+				char ***pnames, size_t *pnum_names)
 {
 	/* Get a list of all xattrs. Max namesize is 64k. */
 	size_t ea_namelist_size = 1024;
-	char *ea_namelist;
+	char *ea_namelist = NULL;
+
 	char *p;
+	char **names, **tmp;
+	size_t num_names;
 	ssize_t sizeret;
-	int i;
-	struct ea_list *ea_list_head = NULL;
-
-	*pea_total_len = 0;
 
 	if (!lp_ea_support(SNUM(conn))) {
-		return NULL;
+		*pnames = NULL;
+		*pnum_names = 0;
+		return NT_STATUS_OK;
 	}
 
-	for (i = 0, ea_namelist = TALLOC_ARRAY(mem_ctx, char, ea_namelist_size); i < 6;
-	     ea_namelist = TALLOC_REALLOC_ARRAY(mem_ctx, ea_namelist, char, ea_namelist_size), i++) {
+	/*
+	 * TALLOC the result early to get the talloc hierarchy right.
+	 */
 
-		if (!ea_namelist) {
-			return NULL;
+	names = TALLOC_ARRAY(mem_ctx, char *, 1);
+	if (names == NULL) {
+		DEBUG(0, ("talloc failed\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	while (ea_namelist_size <= 65536) {
+
+		ea_namelist = TALLOC_REALLOC_ARRAY(
+			names, ea_namelist, char, ea_namelist_size);
+		if (ea_namelist == NULL) {
+			DEBUG(0, ("talloc failed\n"));
+			TALLOC_FREE(names);
+			return NT_STATUS_NO_MEMORY;
 		}
 
 		if (fsp && fsp->fh->fd != -1) {
-			sizeret = SMB_VFS_FLISTXATTR(fsp, ea_namelist, ea_namelist_size);
+			sizeret = SMB_VFS_FLISTXATTR(fsp, ea_namelist,
+						     ea_namelist_size);
 		} else {
-			sizeret = SMB_VFS_LISTXATTR(conn, fname, ea_namelist, ea_namelist_size);
+			sizeret = SMB_VFS_LISTXATTR(conn, fname, ea_namelist,
+						    ea_namelist_size);
 		}
 
-		if (sizeret == -1 && errno == ERANGE) {
+		if ((sizeret == -1) && (errno == ERANGE)) {
 			ea_namelist_size *= 2;
-		} else {
+		}
+		else {
 			break;
 		}
 	}
 
-	if (sizeret == -1)
-		return NULL;
+	if (sizeret == -1) {
+		TALLOC_FREE(names);
+		return map_nt_error_from_unix(errno);
+	}
 
-	DEBUG(10,("get_ea_list_from_file: ea_namelist size = %u\n", (unsigned int)sizeret ));
+	DEBUG(10, ("get_ea_list_from_file: ea_namelist size = %u\n",
+		   (unsigned int)sizeret));
 
-	if (sizeret) {
-		for (p = ea_namelist; p - ea_namelist < sizeret; p += strlen(p) + 1) {
-			struct ea_list *listp;
+	if (sizeret == 0) {
+		TALLOC_FREE(names);
+		*pnames = NULL;
+		*pnum_names = 0;
+		return NT_STATUS_OK;
+	}
 
-			if (strnequal(p, "system.", 7) || samba_private_attr_name(p))
-				continue;
+	/*
+	 * Ensure the result is 0-terminated
+	 */
 
-			listp = TALLOC_P(mem_ctx, struct ea_list);
-			if (!listp)
-				return NULL;
+	if (ea_namelist[sizeret-1] != '\0') {
+		TALLOC_FREE(names);
+		return NT_STATUS_INTERNAL_ERROR;
+	}
 
-			if (!get_ea_value(mem_ctx, conn, fsp, fname, p, &listp->ea)) {
-				return NULL;
-			}
+	/*
+	 * count the names
+	 */
+	num_names = 0;
 
-			{
-				fstring dos_ea_name;
-				push_ascii_fstring(dos_ea_name, listp->ea.name);
-				*pea_total_len += 4 + strlen(dos_ea_name) + 1 + listp->ea.value.length;
-				DEBUG(10,("get_ea_list_from_file: total_len = %u, %s, val len = %u\n",
-					(unsigned int)*pea_total_len, dos_ea_name,
-					(unsigned int)listp->ea.value.length ));
-			}
-			DLIST_ADD_END(ea_list_head, listp, struct ea_list *);
+	for (p = ea_namelist; p - ea_namelist < sizeret; p += strlen(p)+1) {
+		num_names += 1;
+	}
+
+	tmp = TALLOC_REALLOC_ARRAY(mem_ctx, names, char *, num_names);
+	if (tmp == NULL) {
+		DEBUG(0, ("talloc failed\n"));
+		TALLOC_FREE(names);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	names = tmp;
+	num_names = 0;
+
+	for (p = ea_namelist; p - ea_namelist < sizeret; p += strlen(p)+1) {
+		names[num_names++] = p;
+	}
+
+	*pnames = names;
+	*pnum_names = num_names;
+	return NT_STATUS_OK;
+}
+
+/****************************************************************************
+ Return a linked list of the total EA's. Plus the total size
+****************************************************************************/
+
+static struct ea_list *get_ea_list_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn, files_struct *fsp,
+					const char *fname, size_t *pea_total_len)
+{
+	/* Get a list of all xattrs. Max namesize is 64k. */
+	size_t i, num_names;
+	char **names;
+	struct ea_list *ea_list_head = NULL;
+	NTSTATUS status;
+
+	*pea_total_len = 0;
+
+	if (!lp_ea_support(SNUM(conn))) {
+		return NULL;
+	}
+
+	status = get_ea_names_from_file(talloc_tos(), conn, fsp, fname,
+					&names, &num_names);
+
+	if (!NT_STATUS_IS_OK(status) || (num_names == 0)) {
+		return NULL;
+	}
+
+	for (i=0; i<num_names; i++) {
+		struct ea_list *listp;
+		fstring dos_ea_name;
+
+		if (strnequal(names[i], "system.", 7)
+		    || samba_private_attr_name(names[i]))
+			continue;
+
+		listp = TALLOC_P(mem_ctx, struct ea_list);
+		if (listp == NULL) {
+			return NULL;
 		}
-		/* Add on 4 for total length. */
-		if (*pea_total_len) {
-			*pea_total_len += 4;
+
+		if (!NT_STATUS_IS_OK(get_ea_value(mem_ctx, conn, fsp,
+						  fname, names[i],
+						  &listp->ea))) {
+			return NULL;
 		}
+
+		push_ascii_fstring(dos_ea_name, listp->ea.name);
+
+		*pea_total_len +=
+			4 + strlen(dos_ea_name) + 1 + listp->ea.value.length;
+
+		DEBUG(10,("get_ea_list_from_file: total_len = %u, %s, val len "
+			  "= %u\n", (unsigned int)*pea_total_len, dos_ea_name,
+			  (unsigned int)listp->ea.value.length));
+
+		DLIST_ADD_END(ea_list_head, listp, struct ea_list *);
+
+	}
+
+	/* Add on 4 for total length. */
+	if (*pea_total_len) {
+		*pea_total_len += 4;
 	}
 
-	DEBUG(10,("get_ea_list_from_file: total_len = %u\n", (unsigned int)*pea_total_len));
+	DEBUG(10, ("get_ea_list_from_file: total_len = %u\n",
+		   (unsigned int)*pea_total_len));
+
 	return ea_list_head;
 }
 
@@ -913,7 +1017,7 @@ static void call_trans2open(connection_struct *conn,
 	}
 
 	size = get_file_size(sbuf);
-	fattr = dos_mode(conn,fname,&sbuf);
+	fattr = dos_mode(conn,fsp->fsp_name,&sbuf);
 	mtime = sbuf.st_mtime;
 	inode = sbuf.st_ino;
 	if (fattr & aDIR) {
@@ -950,7 +1054,7 @@ static void call_trans2open(connection_struct *conn,
 	SIVAL(params,20,inode);
 	SSVAL(params,24,0); /* Padding. */
 	if (flags & 8) {
-		uint32 ea_size = estimate_ea_size(conn, fsp, fname);
+		uint32 ea_size = estimate_ea_size(conn, fsp, fsp->fsp_name);
 		SIVAL(params, 26, ea_size);
 	} else {
 		SIVAL(params, 26, 0);
@@ -2355,6 +2459,41 @@ unsigned char *create_volume_objectid(connection_struct *conn, unsigned char obj
 	return objid;
 }
 
+static void samba_extended_info_version(struct smb_extended_info *extended_info)
+{
+	SMB_ASSERT(extended_info != NULL);
+
+	extended_info->samba_magic = SAMBA_EXTENDED_INFO_MAGIC;
+	extended_info->samba_version = ((SAMBA_VERSION_MAJOR & 0xff) << 24)
+				       | ((SAMBA_VERSION_MINOR & 0xff) << 16)
+				       | ((SAMBA_VERSION_RELEASE & 0xff) << 8);
+#ifdef SAMBA_VERSION_REVISION
+	extended_info->samba_version |= (tolower(*SAMBA_VERSION_REVISION) - 'a' + 1) & 0xff;
+#endif
+	extended_info->samba_subversion = 0;
+#ifdef SAMBA_VERSION_RC_RELEASE
+	extended_info->samba_subversion |= (SAMBA_VERSION_RC_RELEASE & 0xff) << 24;
+#else
+#ifdef SAMBA_VERSION_PRE_RELEASE
+	extended_info->samba_subversion |= (SAMBA_VERSION_PRE_RELEASE & 0xff) << 16;
+#endif
+#endif
+#ifdef SAMBA_VERSION_VENDOR_PATCH
+	extended_info->samba_subversion |= (SAMBA_VERSION_VENDOR_PATCH & 0xffff);
+#endif
+	extended_info->samba_gitcommitdate = 0;
+#ifdef SAMBA_VERSION_GIT_COMMIT_TIME
+	unix_to_nt_time(&extended_info->samba_gitcommitdate, SAMBA_VERSION_GIT_COMMIT_TIME);
+#endif
+
+	memset(extended_info->samba_version_string, 0,
+	       sizeof(extended_info->samba_version_string));
+
+	snprintf (extended_info->samba_version_string,
+		  sizeof(extended_info->samba_version_string),
+		  "%s", samba_version_string());
+}
+
 /****************************************************************************
  Reply to a TRANS2_QFSINFO (query filesystem info).
 ****************************************************************************/
@@ -2373,8 +2512,8 @@ static void call_trans2qfsinfo(connection_struct *conn,
 	const char *vname = volume_label(SNUM(conn));
 	int snum = SNUM(conn);
 	char *fstype = lp_fstype(SNUM(conn));
-	int quota_flag = 0;
-
+	uint32 additional_flags = 0;
+	
 	if (total_params < 2) {
 		reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
 		return;
@@ -2487,16 +2626,21 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)st.st_dev, (unsi
 		case SMB_QUERY_FS_ATTRIBUTE_INFO:
 		case SMB_FS_ATTRIBUTE_INFORMATION:
 
-
+			additional_flags = 0;
 #if defined(HAVE_SYS_QUOTAS)
-			quota_flag = FILE_VOLUME_QUOTAS;
+			additional_flags |= FILE_VOLUME_QUOTAS;
 #endif
 
+			if(lp_nt_acl_support(SNUM(conn))) {
+				additional_flags |= FILE_PERSISTENT_ACLS;
+			}
+
+			/* Capabilities are filled in at connection time through STATVFS call */
+			additional_flags |= conn->fs_capabilities;
+
 			SIVAL(pdata,0,FILE_CASE_PRESERVED_NAMES|FILE_CASE_SENSITIVE_SEARCH|
-				(lp_nt_acl_support(SNUM(conn)) ? FILE_PERSISTENT_ACLS : 0)|
-				FILE_SUPPORTS_OBJECT_IDS|
-				FILE_UNICODE_ON_DISK|
-				quota_flag); /* FS ATTRIBUTES */
+				FILE_SUPPORTS_OBJECT_IDS|FILE_UNICODE_ON_DISK|
+				additional_flags); /* FS ATTRIBUTES */
 
 			SIVAL(pdata,4,255); /* Max filename component length */
 			/* NOTE! the fstype must *not* be null terminated or win98 won't recognise it
@@ -2688,7 +2832,14 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
 		case SMB_FS_OBJECTID_INFORMATION:
 		{
 			unsigned char objid[16];
+			struct smb_extended_info extended_info;
 			memcpy(pdata,create_volume_objectid(conn, objid),16);
+			samba_extended_info_version (&extended_info);
+			SIVAL(pdata,16,extended_info.samba_magic);
+			SIVAL(pdata,20,extended_info.samba_version);
+			SIVAL(pdata,24,extended_info.samba_subversion);
+			SBIG_UINT(pdata,28,extended_info.samba_gitcommitdate);
+			memcpy(pdata+36,extended_info.samba_version_string,28);
 			data_len = 64;
 			break;
 		}
@@ -3463,6 +3614,72 @@ static char *store_file_unix_basic_info2(connection_struct *conn,
 	return pdata;
 }
 
+static NTSTATUS marshall_stream_info(unsigned int num_streams,
+				     const struct stream_struct *streams,
+				     char *data,
+				     unsigned int max_data_bytes,
+				     unsigned int *data_size)
+{
+	unsigned int i;
+	unsigned int ofs = 0;
+
+	for (i=0; i<num_streams; i++) {
+		unsigned int next_offset;
+		size_t namelen;
+		smb_ucs2_t *namebuf;
+
+		namelen = push_ucs2_talloc(talloc_tos(), &namebuf,
+					    streams[i].name);
+
+		if ((namelen == (size_t)-1) || (namelen <= 2)) {
+			return NT_STATUS_INVALID_PARAMETER;
+		}
+
+		/*
+		 * name_buf is now null-terminated, we need to marshall as not
+		 * terminated
+		 */
+
+		namelen -= 2;
+
+		if (ofs + 24 + namelen > max_data_bytes) {
+			TALLOC_FREE(namebuf);
+			return NT_STATUS_BUFFER_TOO_SMALL;
+		}
+
+		SIVAL(data, ofs+4, namelen);
+		SOFF_T(data, ofs+8, streams[i].size);
+		SOFF_T(data, ofs+16, streams[i].alloc_size);
+		memcpy(data+ofs+24, namebuf, namelen);
+		TALLOC_FREE(namebuf);
+
+		next_offset = ofs + 24 + namelen;
+
+		if (i == num_streams-1) {
+			SIVAL(data, ofs, 0);
+		}
+		else {
+			unsigned int align = ndr_align_size(next_offset, 8);
+
+			if (next_offset + align > max_data_bytes) {
+				return NT_STATUS_BUFFER_TOO_SMALL;
+			}
+
+			memset(data+next_offset, 0, align);
+			next_offset += align;
+
+			SIVAL(data, ofs, next_offset - ofs);
+			ofs = next_offset;
+		}
+
+		ofs = next_offset;
+	}
+
+	*data_size = ofs;
+
+	return NT_STATUS_OK;
+}
+
 /****************************************************************************
  Reply to a TRANSACT2_QFILEINFO on a PIPE !
 ****************************************************************************/
@@ -3738,17 +3955,6 @@ static void call_trans2qfilepathinfo(connection_struct *conn,
 		}
 	}
 
-	nlink = sbuf.st_nlink;
-
-	if ((nlink > 0) && S_ISDIR(sbuf.st_mode)) {
-		/* NTFS does not seem to count ".." */
-		nlink -= 1;
-	}
-
-	if ((nlink > 0) && delete_pending) {
-		nlink -= 1;
-	}
-
 	if (INFO_LEVEL_IS_UNIX(info_level) && !lp_unix_extensions()) {
 		reply_nterror(req, NT_STATUS_INVALID_LEVEL);
 		return;
@@ -3767,6 +3973,16 @@ static void call_trans2qfilepathinfo(connection_struct *conn,
 	if (!mode)
 		mode = FILE_ATTRIBUTE_NORMAL;
 
+	nlink = sbuf.st_nlink;
+
+	if (nlink && (mode&aDIR)) {
+		nlink = 1;
+	}
+
+	if ((nlink > 0) && delete_pending) {
+		nlink -= 1;
+	}
+
 	fullpathname = fname;
 	if (!(mode & aDIR))
 		file_size = get_file_size(sbuf);
@@ -4161,28 +4377,49 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
 			data_size = 4;
 			break;
 
-#if 0
 		/*
-		 * NT4 server just returns "invalid query" to this - if we try to answer
-		 * it then NTws gets a BSOD! (tridge).
-		 * W2K seems to want this. JRA.
+		 * NT4 server just returns "invalid query" to this - if we try
+		 * to answer it then NTws gets a BSOD! (tridge).  W2K seems to
+		 * want this. JRA.
+		 */
+		/* The first statement above is false - verified using Thursby
+		 * client against NT4 -- gcolley.
 		 */
 		case SMB_QUERY_FILE_STREAM_INFO:
-#endif
-		case SMB_FILE_STREAM_INFORMATION:
-			DEBUG(10,("call_trans2qfilepathinfo: SMB_FILE_STREAM_INFORMATION\n"));
-			if (mode & aDIR) {
-				data_size = 0;
-			} else {
-				size_t byte_len = dos_PutUniCode(pdata+24,"::$DATA", (size_t)0xE, False);
-				SIVAL(pdata,0,0); /* ??? */
-				SIVAL(pdata,4,byte_len); /* Byte length of unicode string ::$DATA */
-				SOFF_T(pdata,8,file_size);
-				SOFF_T(pdata,16,allocation_size);
-				data_size = 24 + byte_len;
+		case SMB_FILE_STREAM_INFORMATION: {
+			unsigned int num_streams;
+			struct stream_struct *streams;
+			NTSTATUS status;
+
+			DEBUG(10,("call_trans2qfilepathinfo: "
+				  "SMB_FILE_STREAM_INFORMATION\n"));
+
+			status = SMB_VFS_STREAMINFO(
+				conn, fsp, fname, talloc_tos(),
+				&num_streams, &streams);
+
+			if (!NT_STATUS_IS_OK(status)) {
+				DEBUG(10, ("could not get stream info: %s\n",
+					   nt_errstr(status)));
+				reply_nterror(req, status);
+				return;
 			}
-			break;
 
+			status = marshall_stream_info(num_streams, streams,
+						      pdata, max_data_bytes,
+						      &data_size);
+
+			if (!NT_STATUS_IS_OK(status)) {
+				DEBUG(10, ("marshall_stream_info failed: %s\n",
+					   nt_errstr(status)));
+				reply_nterror(req, status);
+				return;
+			}
+
+			TALLOC_FREE(streams);
+
+			break;
+		}
 		case SMB_QUERY_COMPRESSION_INFO:
 		case SMB_FILE_COMPRESSION_INFORMATION:
 			DEBUG(10,("call_trans2qfilepathinfo: SMB_FILE_COMPRESSION_INFORMATION\n"));
diff --git a/source3/smbd/utmp.c b/source3/smbd/utmp.c
index e82bbea3b3..5931b2b1d0 100644
--- a/source3/smbd/utmp.c
+++ b/source3/smbd/utmp.c
@@ -223,7 +223,7 @@ static char *uw_pathname(TALLOC_CTX *ctx,
 	}
 
 	/* For u-files and non-explicit w-dir, look for "utmp dir" */
-	if (!dirname == 0 || strlen(dirname) == 0) {
+	if ((dirname == NULL) || (strlen(dirname) == 0)) {
 		dirname = talloc_strdup(ctx, lp_utmpdir());
 		if (!dirname) {
 			return NULL;
diff --git a/source3/tests/os2_delete.c b/source3/tests/os2_delete.c
deleted file mode 100644
index b3aaf67f41..0000000000
--- a/source3/tests/os2_delete.c
+++ /dev/null
@@ -1,214 +0,0 @@
-/*
-  test readdir/unlink pattern that OS/2 uses
-  tridge@samba.org July 2005
-*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <dirent.h>
-#include <errno.h>
-#include <string.h>
-#include <fcntl.h>
-
-#define NUM_FILES 700
-#define READDIR_SIZE 100
-#define DELETE_SIZE 4
-
-#define TESTDIR "test.dir"
-
-#define FAILED(d) (fprintf(stderr, "Failed for %s - %s\n", d, strerror(errno)), exit(1), 1)
-
-#ifndef MIN
-#define MIN(a,b) ((a)<(b)?(a):(b))
-#endif
-
-static void cleanup(void)
-{
-	/* I'm a lazy bastard */
-	system("rm -rf " TESTDIR);
-	mkdir(TESTDIR, 0700) == 0 || FAILED("mkdir");
-}
-
-static void create_files()
-{
-	int i;
-	for (i=0;i<NUM_FILES;i++) {
-		char fname[40];
-		sprintf(fname, TESTDIR "/test%u.txt", i);
-		close(open(fname, O_CREAT|O_RDWR, 0600)) == 0 || FAILED("close");
-	}
-}
-
-static int os2_delete(DIR *d)
-{
-	off_t offsets[READDIR_SIZE];
-	int i, j;
-	struct dirent *de;
-	char names[READDIR_SIZE][30];
-
-	/* scan, remembering offsets */
-	for (i=0, de=readdir(d); 
-	     de && i < READDIR_SIZE; 
-	     de=readdir(d), i++) {
-		offsets[i] = telldir(d);
-		strcpy(names[i], de->d_name);
-	}
-
-	if (i == 0) {
-		return 0;
-	}
-
-	/* delete the first few */
-	for (j=0; j<MIN(i, DELETE_SIZE); j++) {
-		char fname[40];
-		sprintf(fname, TESTDIR "/%s", names[j]);
-		unlink(fname) == 0 || FAILED("unlink");
-	}
-
-	/* seek to just after the deletion */
-	seekdir(d, offsets[j-1]);
-
-	/* return number deleted */
-	return j;
-}
-
-int main(void)
-{
-	int total_deleted = 0;
-	DIR *d;
-	struct dirent *de;
-
-	cleanup();
-	create_files();
-	
-	d = opendir(TESTDIR);
-
-	/* skip past . and .. */
-	de = readdir(d);
-	strcmp(de->d_name, ".") == 0 || FAILED("match .");
-	de = readdir(d);
-	strcmp(de->d_name, "..") == 0 || FAILED("match ..");
-
-	while (1) {
-		int n = os2_delete(d);
-		if (n == 0) break;
-		total_deleted += n;
-	}
-	closedir(d);
-
-	printf("Deleted %d files of %d\n", total_deleted, NUM_FILES);
-
-	rmdir(TESTDIR) == 0 || FAILED("rmdir");
-
-	return 0;
-}
-/*
-  test readdir/unlink pattern that OS/2 uses
-  tridge@samba.org July 2005
-*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <dirent.h>
-#include <errno.h>
-#include <string.h>
-#include <fcntl.h>
-
-#define NUM_FILES 700
-#define READDIR_SIZE 100
-#define DELETE_SIZE 4
-
-#define TESTDIR "test.dir"
-
-#define FAILED(d) (fprintf(stderr, "Failed for %s - %s\n", d, strerror(errno)), exit(1), 1)
-
-#ifndef MIN
-#define MIN(a,b) ((a)<(b)?(a):(b))
-#endif
-
-static void cleanup(void)
-{
-	/* I'm a lazy bastard */
-	system("rm -rf " TESTDIR);
-	mkdir(TESTDIR, 0700) == 0 || FAILED("mkdir");
-}
-
-static void create_files()
-{
-	int i;
-	for (i=0;i<NUM_FILES;i++) {
-		char fname[40];
-		sprintf(fname, TESTDIR "/test%u.txt", i);
-		close(open(fname, O_CREAT|O_RDWR, 0600)) == 0 || FAILED("close");
-	}
-}
-
-static int os2_delete(DIR *d)
-{
-	off_t offsets[READDIR_SIZE];
-	int i, j;
-	struct dirent *de;
-	char names[READDIR_SIZE][30];
-
-	/* scan, remembering offsets */
-	for (i=0, de=readdir(d); 
-	     de && i < READDIR_SIZE; 
-	     de=readdir(d), i++) {
-		offsets[i] = telldir(d);
-		strcpy(names[i], de->d_name);
-	}
-
-	if (i == 0) {
-		return 0;
-	}
-
-	/* delete the first few */
-	for (j=0; j<MIN(i, DELETE_SIZE); j++) {
-		char fname[40];
-		sprintf(fname, TESTDIR "/%s", names[j]);
-		unlink(fname) == 0 || FAILED("unlink");
-	}
-
-	/* seek to just after the deletion */
-	seekdir(d, offsets[j-1]);
-
-	/* return number deleted */
-	return j;
-}
-
-int main(void)
-{
-	int total_deleted = 0;
-	DIR *d;
-	struct dirent *de;
-
-	cleanup();
-	create_files();
-	
-	d = opendir(TESTDIR);
-
-	/* skip past . and .. */
-	de = readdir(d);
-	strcmp(de->d_name, ".") == 0 || FAILED("match .");
-	de = readdir(d);
-	strcmp(de->d_name, "..") == 0 || FAILED("match ..");
-
-	while (1) {
-		int n = os2_delete(d);
-		if (n == 0) break;
-		total_deleted += n;
-	}
-	closedir(d);
-
-	printf("Deleted %d files of %d\n", total_deleted, NUM_FILES);
-
-	rmdir(TESTDIR) == 0 || FAILED("rmdir");
-
-	return 0;
-}
diff --git a/source3/tests/shared_mmap.c b/source3/tests/shared_mmap.c
deleted file mode 100644
index fcef75d0d6..0000000000
--- a/source3/tests/shared_mmap.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/* this tests whether we can use a shared writeable mmap on a file -
-   as needed for the mmap varient of FAST_SHARE_MODES */
-
-#if defined(HAVE_UNISTD_H)
-#include <unistd.h>
-#endif
-#include <sys/mman.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-
-#define DATA "conftest.mmap"
-
-#ifndef MAP_FILE
-#define MAP_FILE 0
-#endif
-
-main()
-{
-	int *buf;
-	int i; 
-	int fd = open(DATA,O_RDWR|O_CREAT|O_TRUNC,0666);
-	int count=7;
-
-	if (fd == -1) exit(1);
-
-	for (i=0;i<10000;i++) {
-		write(fd,&i,sizeof(i));
-	}
-
-	close(fd);
-
-	if (fork() == 0) {
-		fd = open(DATA,O_RDWR);
-		if (fd == -1) exit(1);
-
-		buf = (int *)mmap(NULL, 10000*sizeof(int), 
-				   (PROT_READ | PROT_WRITE), 
-				   MAP_FILE | MAP_SHARED, 
-				   fd, 0);
-
-		while (count-- && buf[9124] != 55732) sleep(1);
-
-		if (count <= 0) exit(1);
-
-		buf[1763] = 7268;
-		exit(0);
-	}
-
-	fd = open(DATA,O_RDWR);
-	if (fd == -1) exit(1);
-
-	buf = (int *)mmap(NULL, 10000*sizeof(int), 
-			   (PROT_READ | PROT_WRITE), 
-			   MAP_FILE | MAP_SHARED, 
-			   fd, 0);
-
-	if (buf == (int *)-1) exit(1);
-
-	buf[9124] = 55732;
-
-	while (count-- && buf[1763] != 7268) sleep(1);
-
-	unlink(DATA);
-		
-	if (count > 0) exit(0);
-	exit(1);
-}
diff --git a/source3/torture/cmd_vfs.c b/source3/torture/cmd_vfs.c
index f3b98862fe..9359b58599 100644
--- a/source3/torture/cmd_vfs.c
+++ b/source3/torture/cmd_vfs.c
@@ -575,7 +575,7 @@ static NTSTATUS cmd_fstat(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc,
 	}
 
 	fd = atoi(argv[1]);
-	if (fd < 0 || fd > 1024) {
+	if (fd < 0 || fd >= 1024) {
 		printf("fstat: error=%d (file descriptor out of range)\n", EBADF);
 		return NT_STATUS_OK;
 	}
@@ -710,7 +710,7 @@ static NTSTATUS cmd_fchmod(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc,
 
 	fd = atoi(argv[1]);
 	mode = atoi(argv[2]);
-	if (fd < 0 || fd > 1024) {
+	if (fd < 0 || fd >= 1024) {
 		printf("fchmod: error=%d (file descriptor out of range)\n", EBADF);
 		return NT_STATUS_OK;
 	}
@@ -763,7 +763,7 @@ static NTSTATUS cmd_fchown(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc,
 	uid = atoi(argv[2]);
 	gid = atoi(argv[3]);
 	fd = atoi(argv[1]);
-	if (fd < 0 || fd > 1024) {
+	if (fd < 0 || fd >= 1024) {
 		printf("fchown: faliure=%d (file descriptor out of range)\n", EBADF);
 		return NT_STATUS_OK;
 	}
@@ -822,7 +822,7 @@ static NTSTATUS cmd_ftruncate(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int ar
 
 	fd = atoi(argv[1]);
 	off = atoi(argv[2]);
-	if (fd < 0 || fd > 1024) {
+	if (fd < 0 || fd >= 1024) {
 		printf("ftruncate: error=%d (file descriptor out of range)\n", EBADF);
 		return NT_STATUS_OK;
 	}
@@ -842,7 +842,6 @@ static NTSTATUS cmd_ftruncate(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int ar
 
 static NTSTATUS cmd_lock(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, const char **argv)
 {
-	bool ret;
 	int fd;
 	int op;
 	long offset;
@@ -914,7 +913,7 @@ static NTSTATUS cmd_lock(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, int argc, c
 
 	printf("lock: debug lock(fd=%d, op=%d, offset=%ld, count=%ld, type=%d))\n", fd, op, offset, count, type);
 
-	if ((ret = SMB_VFS_LOCK(vfs->files[fd], op, offset, count, type)) == False) {
+	if (SMB_VFS_LOCK(vfs->files[fd], op, offset, count, type) == False) {
 		printf("lock: error=%d (%s)\n", errno, strerror(errno));
 		return NT_STATUS_UNSUCCESSFUL;
 	}
diff --git a/source3/torture/smbiconv.c b/source3/torture/smbiconv.c
index 05a8c3d815..72fbdc470f 100644
--- a/source3/torture/smbiconv.c
+++ b/source3/torture/smbiconv.c
@@ -21,6 +21,7 @@
 */
 
 #include "includes.h"
+#undef realloc
 
 static int
 process_block (smb_iconv_t cd, const char *addr, size_t len, FILE *output)
@@ -85,7 +86,7 @@ incomplete character or shift sequence at end of buffer"));
 
 
 static int
-process_fd (iconv_t cd, int fd, FILE *output)
+process_fd (smb_iconv_t cd, int fd, FILE *output)
 {
   /* we have a problem with reading from a descriptor since we must not
      provide the iconv() function an incomplete character or shift
@@ -167,8 +168,8 @@ process_fd (iconv_t cd, int fd, FILE *output)
 int main(int argc, char *argv[])
 {
 	const char *file = NULL;
-	char *from = "";
-	char *to = "";
+	const char *from = "";
+	const char *to = "";
 	char *output = NULL;
 	const char *preload_modules[] = {NULL, NULL};
 	FILE *out = stdout;
@@ -213,7 +214,7 @@ int main(int argc, char *argv[])
 	}
 
 	cd = smb_iconv_open(to, from);
-	if((int)cd == -1) {
+	if (cd == (smb_iconv_t)-1) {
 		DEBUG(0,("unable to find from or to encoding, exiting...\n"));
 		return 1;
 	}
diff --git a/source3/torture/test_ntlm_auth.py b/source3/torture/test_ntlm_auth.py
new file mode 100755
index 0000000000..12a4dae398
--- /dev/null
+++ b/source3/torture/test_ntlm_auth.py
@@ -0,0 +1,218 @@
+#!/usr/bin/env python
+
+# Unix SMB/CIFS implementation.
+# A test for the ntlm_auth tool
+# Copyright (C) Kai Blin <kai@samba.org> 2008
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+"""Test ntlm_auth
+This test program will start ntlm_auth with the given command line switches and
+see if it will get the expected results.
+"""
+
+import os
+import sys
+from optparse import OptionParser
+
+class ReadChildError(Exception):
+	pass
+
+class WriteChildError(Exception):
+	pass
+
+def readLine(pipe):
+	"""readLine(pipe) -> str
+	Read a line from the child's pipe, returns the string read.
+	Throws ReadChildError if the read fails.
+	"""
+	buf = os.read(pipe, 2047)
+	newline = buf.find('\n')
+	if newline == -1:
+		raise ReadChildError()
+	return buf[:newline]
+
+def writeLine(pipe, buf):
+	"""writeLine(pipe, buf) -> nul
+	Write a line to the child's pipe.
+	Raises WriteChildError if the write fails.
+	"""
+	written = os.write(pipe, buf)
+	if written != len(buf):
+		raise WriteChildError()
+	os.write(pipe, "\n")
+
+def parseCommandLine():
+	"""parseCommandLine() -> (opts, ntlm_auth_path)
+	Parse the command line.
+	Return a tuple consisting of the options and the path to ntlm_auth.
+	"""
+	usage = "usage: %prog [options] path/to/ntlm_auth"
+	parser = OptionParser(usage)
+
+	parser.set_defaults(client_username="foo")
+	parser.set_defaults(client_password="secret")
+	parser.set_defaults(client_domain="FOO")
+	parser.set_defaults(client_helper="ntlmssp-client-1")
+
+	parser.set_defaults(server_username="foo")
+	parser.set_defaults(server_password="secret")
+	parser.set_defaults(server_domain="FOO")
+	parser.set_defaults(server_helper="squid-2.5-ntlmssp")
+	parser.set_defaults(config_file="/etc/samba/smb.conf")
+
+	parser.add_option("--client-username", dest="client_username",\
+				help="User name for the client. [default: foo]")
+	parser.add_option("--client-password", dest="client_password",\
+				help="Password the client will send. [default: secret]")
+	parser.add_option("--client-domain", dest="client_domain",\
+				help="Domain the client authenticates for. [default: FOO]")
+	parser.add_option("--client-helper", dest="client_helper",\
+				help="Helper mode for the ntlm_auth client. [default: ntlmssp-client-1]")
+
+	parser.add_option("--server-username", dest="server_username",\
+				help="User name server uses for local auth. [default: foo]")
+	parser.add_option("--server-password", dest="server_password",\
+				help="Password server uses for local auth. [default: secret]")
+	parser.add_option("--server-domain", dest="server_domain",\
+				help="Domain server uses for local auth. [default: FOO]")
+	parser.add_option("--server-helper", dest="server_helper",\
+				help="Helper mode for the ntlm_auth server. [default: squid-2.5-server]")
+
+	parser.add_option("-s", "--configfile", dest="config_file",\
+				help="Path to smb.conf file. [default:/etc/samba/smb.conf")
+
+	(opts, args) = parser.parse_args()
+	if len(args) != 1:
+		parser.error("Invalid number of arguments.")
+
+	if not os.access(args[0], os.X_OK):
+		parser.error("%s is not executable." % args[0])
+
+	return (opts, args[0])
+
+
+def main():
+	"""main() -> int
+	Run the test.
+	Returns 0 if test succeeded, <>0 otherwise.
+	"""
+	(opts, ntlm_auth_path) = parseCommandLine()
+
+	(client_in_r,  client_in_w)  = os.pipe()
+	(client_out_r, client_out_w) = os.pipe()
+
+	client_pid = os.fork()
+
+	if not client_pid:
+		# We're in the client child
+		os.close(0)
+		os.close(1)
+
+		os.dup2(client_out_r, 0)
+		os.close(client_out_r)
+		os.close(client_out_w)
+
+		os.dup2(client_in_w, 1)
+		os.close(client_in_r)
+		os.close(client_in_w)
+
+		client_args = []
+		client_args.append("--helper-protocol=%s" % opts.client_helper)
+		client_args.append("--username=%s" % opts.client_username)
+		client_args.append("--password=%s" % opts.client_password)
+		client_args.append("--domain=%s" % opts.client_domain)
+		client_args.append("--configfile=%s" % opts.config_file)
+
+		os.execv(ntlm_auth_path, client_args)
+
+	client_in = client_in_r
+	os.close(client_in_w)
+
+	client_out = client_out_w
+	os.close(client_out_r)
+
+	(server_in_r,  server_in_w)  = os.pipe()
+	(server_out_r, server_out_w) = os.pipe()
+
+	server_pid = os.fork()
+
+	if not server_pid:
+		# We're in the server child
+		os.close(0)
+		os.close(1)
+
+		os.dup2(server_out_r, 0)
+		os.close(server_out_r)
+		os.close(server_out_w)
+
+		os.dup2(server_in_w, 1)
+		os.close(server_in_r)
+		os.close(server_in_w)
+
+		server_args = []
+		server_args.append("--helper-protocol=%s" % opts.server_helper)
+		server_args.append("--username=%s" % opts.server_username)
+		server_args.append("--password=%s" % opts.server_password)
+		server_args.append("--domain=%s" % opts.server_domain)
+		server_args.append("--configfile=%s" % opts.config_file)
+
+		os.execv(ntlm_auth_path, server_args)
+
+	server_in = server_in_r
+	os.close(server_in_w)
+
+	server_out = server_out_w
+	os.close(server_out_r)
+
+	# We're in the parent
+	writeLine(client_out, "YR")
+	buf = readLine(client_in)
+
+	if buf.count("YR ", 0, 3) != 1:
+		sys.exit(1)
+
+	writeLine(server_out, buf)
+	buf = readLine(server_in)
+
+	if buf.count("TT ", 0, 3) != 1:
+		sys.exit(2)
+
+	writeLine(client_out, buf)
+	buf = readLine(client_in)
+
+	if buf.count("AF ", 0, 3) != 1:
+		sys.exit(3)
+
+	# Client sends 'AF <base64 blob>' but server expects 'KK <abse64 blob>'
+	buf = buf.replace("AF", "KK", 1)
+
+	writeLine(server_out, buf)
+	buf = readLine(server_in)
+
+	if buf.count("AF ", 0, 3) != 1:
+		sys.exit(4)
+
+	os.close(server_in)
+	os.close(server_out)
+	os.close(client_in)
+	os.close(client_out)
+	os.waitpid(server_pid, 0)
+	os.waitpid(client_pid, 0)
+	sys.exit(0)
+
+if __name__ == "__main__":
+	main()
+
+
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 05b41413b4..8d67e512fe 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -890,6 +890,7 @@ static bool run_netbench(int client)
 	}
 
 	while (fgets(line, sizeof(line)-1, f)) {
+		char *saveptr;
 		line_count++;
 
 		line[strlen(line)-1] = 0;
@@ -899,9 +900,9 @@ static bool run_netbench(int client)
 		all_string_sub(line,"client1", cname, sizeof(line));
 
 		/* parse the command parameters */
-		params[0] = strtok(line," ");
+		params[0] = strtok_r(line, " ", &saveptr);
 		i = 0;
-		while (params[i]) params[++i] = strtok(NULL," ");
+		while (params[i]) params[++i] = strtok_r(NULL, " ", &saveptr);
 
 		params[i] = "";
 
@@ -5098,6 +5099,74 @@ static bool run_local_rbtree(int dummy)
 	return ret;
 }
 
+static bool test_stream_name(const char *fname, const char *expected_base,
+			     const char *expected_stream,
+			     NTSTATUS expected_status)
+{
+	NTSTATUS status;
+	char *base = NULL;
+	char *stream = NULL;
+
+	status = split_ntfs_stream_name(talloc_tos(), fname, &base, &stream);
+	if (!NT_STATUS_EQUAL(status, expected_status)) {
+		goto error;
+	}
+
+	if (!NT_STATUS_IS_OK(status)) {
+		return true;
+	}
+
+	if (base == NULL) goto error;
+
+	if (strcmp(expected_base, base) != 0) goto error;
+
+	if ((expected_stream != NULL) && (stream == NULL)) goto error;
+	if ((expected_stream == NULL) && (stream != NULL)) goto error;
+
+	if ((stream != NULL) && (strcmp(expected_stream, stream) != 0))
+		goto error;
+
+	TALLOC_FREE(base);
+	TALLOC_FREE(stream);
+	return true;
+
+ error:
+	d_fprintf(stderr, "test_stream(%s, %s, %s, %s)\n",
+		  fname, expected_base ? expected_base : "<NULL>",
+		  expected_stream ? expected_stream : "<NULL>",
+		  nt_errstr(expected_status));
+	d_fprintf(stderr, "-> base=%s, stream=%s, status=%s\n",
+		  base ? base : "<NULL>", stream ? stream : "<NULL>",
+		  nt_errstr(status));
+	TALLOC_FREE(base);
+	TALLOC_FREE(stream);
+	return false;
+}
+
+static bool run_local_stream_name(int dummy)
+{
+	bool ret = true;
+
+	ret &= test_stream_name(
+		"bla", "bla", NULL, NT_STATUS_OK);
+	ret &= test_stream_name(
+		"bla::$DATA", "bla", NULL, NT_STATUS_OK);
+	ret &= test_stream_name(
+		"bla:blub:", "bla", NULL, NT_STATUS_OBJECT_NAME_INVALID);
+	ret &= test_stream_name(
+		"bla::", NULL, NULL, NT_STATUS_OBJECT_NAME_INVALID);
+	ret &= test_stream_name(
+		"bla::123", "bla", NULL, NT_STATUS_OBJECT_NAME_INVALID);
+	ret &= test_stream_name(
+		"bla:$DATA", "bla", "$DATA:$DATA", NT_STATUS_OK);
+	ret &= test_stream_name(
+		"bla:x:$DATA", "bla", "x:$DATA", NT_STATUS_OK);
+	ret &= test_stream_name(
+		"bla:x", "bla", "x:$DATA", NT_STATUS_OK);
+
+	return ret;
+}
+
 static bool data_blob_equal(DATA_BLOB a, DATA_BLOB b)
 {
 	if (a.length != b.length) {
@@ -5328,6 +5397,7 @@ static struct {
 	{ "LOCAL-GENCACHE", run_local_gencache, 0},
 	{ "LOCAL-RBTREE", run_local_rbtree, 0},
 	{ "LOCAL-MEMCACHE", run_local_memcache, 0},
+	{ "LOCAL-STREAM-NAME", run_local_stream_name, 0},
 	{NULL, NULL, 0}};
 
 
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index 732ba8d8b6..9358a4f184 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -23,6 +23,8 @@
 #include "includes.h"
 #include "utils/net.h"
 
+#include "libnet/libnet.h"
+
 #ifdef HAVE_ADS
 
 int net_ads_usage(int argc, const char **argv)
@@ -810,76 +812,65 @@ static int net_ads_status(int argc, const char **argv)
 
 static int net_ads_leave(int argc, const char **argv)
 {
-	ADS_STRUCT *ads = NULL;
-	ADS_STATUS adsret;
-	NTSTATUS status;
-	int ret = -1;
-	struct cli_state *cli = NULL;
 	TALLOC_CTX *ctx;
-	DOM_SID *dom_sid = NULL;
-	const char *short_domain_name = NULL;
-
-	if (!secrets_init()) {
-		DEBUG(1,("Failed to initialise secrets database\n"));
-		return -1;
-	}
+	struct libnet_UnjoinCtx *r = NULL;
+	WERROR werr;
 
 	if (!(ctx = talloc_init("net_ads_leave"))) {
 		d_fprintf(stderr, "Could not initialise talloc context.\n");
 		return -1;
 	}
 
-	/* The finds a DC and takes care of getting the
-	   user creds if necessary */
+	use_in_memory_ccache();
 
-	if (!ADS_ERR_OK(ads_startup(True, &ads))) {
+	werr = libnet_init_UnjoinCtx(ctx, &r);
+	if (!W_ERROR_IS_OK(werr)) {
+		d_fprintf(stderr, "Could not initialise unjoin context.\n");
 		return -1;
 	}
 
-	/* make RPC calls here */
+	r->in.debug		= opt_verbose;
+	r->in.dc_name		= opt_host;
+	r->in.domain_name	= lp_realm();
+	r->in.admin_account	= opt_user_name;
+	r->in.admin_password	= net_prompt_pass(opt_user_name);
+	r->in.unjoin_flags	= WKSSVC_JOIN_FLAGS_JOIN_TYPE |
+				  WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE;
 
-	if ( !NT_STATUS_IS_OK(connect_to_ipc_krb5(&cli, &ads->ldap.ss,
-		ads->config.ldap_server_name)) )
-	{
+	werr = libnet_Unjoin(ctx, r);
+	if (!W_ERROR_IS_OK(werr)) {
+		d_printf("Failed to leave domain: %s\n",
+			 r->out.error_string ? r->out.error_string :
+			 get_friendly_werror_msg(werr));
 		goto done;
 	}
 
-	if ( !NT_STATUS_IS_OK(netdom_get_domain_sid( ctx, cli, &short_domain_name, &dom_sid )) ) {
+	if (W_ERROR_IS_OK(werr)) {
+		d_printf("Deleted account for '%s' in realm '%s'\n",
+			r->in.machine_name, r->out.dns_domain_name);
 		goto done;
 	}
 
-	saf_delete( short_domain_name );
-
-	status = netdom_leave_domain(ctx, cli, dom_sid);
-
-	/* Try and delete it via LDAP - the old way we used to. */
-
-	adsret = ads_leave_realm(ads, global_myname());
-	if (ADS_ERR_OK(adsret)) {
-		d_printf("Deleted account for '%s' in realm '%s'\n",
-			global_myname(), ads->config.realm);
-		ret = 0;
-	} else {
-		/* We couldn't delete it - see if the disable succeeded. */
-		if (NT_STATUS_IS_OK(status)) {
-			d_printf("Disabled account for '%s' in realm '%s'\n",
-				global_myname(), ads->config.realm);
-			ret = 0;
-		} else {
-			d_fprintf(stderr, "Failed to disable machine account for '%s' in realm '%s'\n",
-				global_myname(), ads->config.realm);
-		}
+	/* We couldn't delete it - see if the disable succeeded. */
+	if (r->out.disabled_machine_account) {
+		d_printf("Disabled account for '%s' in realm '%s'\n",
+			r->in.machine_name, r->out.dns_domain_name);
+		werr = WERR_OK;
+		goto done;
 	}
 
-done:
+	d_fprintf(stderr, "Failed to disable machine account for '%s' in realm '%s'\n",
+		  r->in.machine_name, r->out.dns_domain_name);
 
-	if ( cli )
-		cli_shutdown(cli);
+ done:
+	TALLOC_FREE(r);
+	TALLOC_FREE(ctx);
 
-	ads_destroy(&ads);
-	TALLOC_FREE( ctx );
+	if (W_ERROR_IS_OK(werr)) {
+		return 0;
+	}
 
-	return ret;
+	return -1;
 }
 
 static NTSTATUS net_ads_join_ok(void)
@@ -957,338 +948,6 @@ static NTSTATUS check_ads_config( void )
 }
 
 /*******************************************************************
- Do the domain join
- ********************************************************************/
-
-static NTSTATUS net_join_domain(TALLOC_CTX *ctx, const char *servername,
-				struct sockaddr_storage *pss,
-				const char **domain,
-				DOM_SID **dom_sid,
-				const char *password)
-{
-	NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-	struct cli_state *cli = NULL;
-
-	ret = connect_to_ipc_krb5(&cli, pss, servername);
-	if ( !NT_STATUS_IS_OK(ret) ) {
-		goto done;
-	}
-
-	ret = netdom_get_domain_sid( ctx, cli, domain, dom_sid );
-	if ( !NT_STATUS_IS_OK(ret) ) {
-		goto done;
-	}
-
-	/* cli->server_domain is not filled in when using krb5
-	   session setups */
-
-	saf_store( *domain, cli->desthost );
-
-	ret = netdom_join_domain( ctx, cli, *dom_sid, password, ND_TYPE_AD );
-
-done:
-	if ( cli )
-		cli_shutdown(cli);
-
-	return ret;
-}
-
-/*******************************************************************
- Set a machines dNSHostName and servicePrincipalName attributes
- ********************************************************************/
-
-static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s )
-{
-	ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN);
-	char *new_dn;
-	ADS_MODLIST mods;
-	const char *servicePrincipalName[3] = {NULL, NULL, NULL};
-	char *psp;
-	fstring my_fqdn;
-	LDAPMessage *res = NULL;
-	char *dn_string = NULL;
-	const char *machine_name = global_myname();
-	int count;
-
-	if ( !machine_name ) {
-		return ADS_ERROR(LDAP_NO_MEMORY);
-	}
-
-	/* Find our DN */
-
-	status = ads_find_machine_acct(ads_s, &res, machine_name);
-	if (!ADS_ERR_OK(status))
-		return status;
-
-	if ( (count = ads_count_replies(ads_s, res)) != 1 ) {
-		DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count));
-		return ADS_ERROR(LDAP_NO_MEMORY);
-	}
-
-	if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) {
-		DEBUG(1, ("ads_add_machine_acct: ads_get_dn returned NULL (malloc failure?)\n"));
-		goto done;
-	}
-
-	new_dn = talloc_strdup(ctx, dn_string);
-	ads_memfree(ads_s, dn_string);
-	if (!new_dn) {
-		return ADS_ERROR(LDAP_NO_MEMORY);
-	}
-
-	/* Windows only creates HOST/shortname & HOST/fqdn. */
-
-	if ( !(psp = talloc_asprintf(ctx, "HOST/%s", machine_name)) )
-		goto done;
-	strupper_m(psp);
-	servicePrincipalName[0] = psp;
-
-	name_to_fqdn(my_fqdn, machine_name);
-	strlower_m(my_fqdn);
-	if ( !(psp = talloc_asprintf(ctx, "HOST/%s", my_fqdn)) )
-		goto done;
-	servicePrincipalName[1] = psp;
-
-	if (!(mods = ads_init_mods(ctx))) {
-		goto done;
-	}
-
-	/* fields of primary importance */
-
-	ads_mod_str(ctx, &mods, "dNSHostName", my_fqdn);
-	ads_mod_strlist(ctx, &mods, "servicePrincipalName", servicePrincipalName);
-
-	status = ads_gen_mod(ads_s, new_dn, mods);
-
-done:
-	ads_msgfree(ads_s, res);
-
-	return status;
-}
-
-/*******************************************************************
- Set a machines dNSHostName and servicePrincipalName attributes
- ********************************************************************/
-
-static ADS_STATUS net_set_machine_upn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s, const char *upn )
-{
-	ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN);
-	char *new_dn;
-	ADS_MODLIST mods;
-	LDAPMessage *res = NULL;
-	char *dn_string = NULL;
-	const char *machine_name = global_myname();
-	int count;
-
-	if ( !machine_name ) {
-		return ADS_ERROR(LDAP_NO_MEMORY);
-	}
-
-	/* Find our DN */
-
-	status = ads_find_machine_acct(ads_s, &res, machine_name);
-	if (!ADS_ERR_OK(status))
-		return status;
-
-	if ( (count = ads_count_replies(ads_s, res)) != 1 ) {
-		DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count));
-		return ADS_ERROR(LDAP_NO_MEMORY);
-	}
-
-	if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) {
-		DEBUG(1, ("ads_add_machine_acct: ads_get_dn returned NULL (malloc failure?)\n"));
-		goto done;
-	}
-
-	new_dn = talloc_strdup(ctx, dn_string);
-	ads_memfree(ads_s, dn_string);
-	if (!new_dn) {
-		return ADS_ERROR(LDAP_NO_MEMORY);
-	}
-
-	/* now do the mods */
-
-	if (!(mods = ads_init_mods(ctx))) {
-		goto done;
-	}
-
-	/* fields of primary importance */
-
-	ads_mod_str(ctx, &mods, "userPrincipalName", upn);
-
-	status = ads_gen_mod(ads_s, new_dn, mods);
-
-done:
-	ads_msgfree(ads_s, res);
-
-	return status;
-}
-
-/*******************************************************************
- Set a machines dNSHostName and servicePrincipalName attributes
- ********************************************************************/
-
-static ADS_STATUS net_set_os_attributes(TALLOC_CTX *ctx, ADS_STRUCT *ads_s,
-					const char *os_name, const char *os_version )
-{
-	ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN);
-	char *new_dn;
-	ADS_MODLIST mods;
-	LDAPMessage *res = NULL;
-	char *dn_string = NULL;
-	const char *machine_name = global_myname();
-	int count;
-	char *os_sp = NULL;
-
-	if ( !os_name || !os_version ) {
-		return ADS_ERROR(LDAP_NO_MEMORY);
-	}
-
-	/* Find our DN */
-
-	status = ads_find_machine_acct(ads_s, &res, machine_name);
-	if (!ADS_ERR_OK(status))
-		return status;
-
-	if ( (count = ads_count_replies(ads_s, res)) != 1 ) {
-		DEBUG(1,("net_set_machine_spn: %d entries returned!\n", count));
-		return ADS_ERROR(LDAP_NO_MEMORY);
-	}
-
-	if ( (dn_string = ads_get_dn(ads_s, res)) == NULL ) {
-		DEBUG(1, ("ads_add_machine_acct: ads_get_dn returned NULL (malloc failure?)\n"));
-		goto done;
-	}
-
-	new_dn = talloc_strdup(ctx, dn_string);
-	ads_memfree(ads_s, dn_string);
-	if (!new_dn) {
-		return ADS_ERROR(LDAP_NO_MEMORY);
-	}
-
-	/* now do the mods */
-
-	if (!(mods = ads_init_mods(ctx))) {
-		goto done;
-	}
-
-	os_sp = talloc_asprintf( ctx, "Samba %s", SAMBA_VERSION_STRING );
-
-	/* fields of primary importance */
-
-	ads_mod_str(ctx, &mods, "operatingSystem", os_name);
-	ads_mod_str(ctx, &mods, "operatingSystemVersion", os_version);
-	if ( os_sp )
-		ads_mod_str(ctx, &mods, "operatingSystemServicePack", os_sp);
-
-	status = ads_gen_mod(ads_s, new_dn, mods);
-
-done:
-	ads_msgfree(ads_s, res);
-	TALLOC_FREE( os_sp );
-
-	return status;
-}
-
-/*******************************************************************
-  join a domain using ADS (LDAP mods)
- ********************************************************************/
-
-static ADS_STATUS net_precreate_machine_acct( ADS_STRUCT *ads, const char *ou )
-{
-	ADS_STATUS rc = ADS_ERROR(LDAP_SERVER_DOWN);
-	char *ou_str = NULL;
-	char *dn = NULL;
-	LDAPMessage *res = NULL;
-	bool moved;
-
-	ou_str = ads_ou_string(ads, ou);
-	if (asprintf(&dn, "%s,%s", ou_str, ads->config.bind_path) == -1) {
-		rc = ADS_ERROR(LDAP_NO_MEMORY);
-		goto done;
-	}
-
-	rc = ads_search_dn(ads, &res, dn, NULL);
-	if (!ADS_ERR_OK(rc)) {
-		d_fprintf(stderr, "The specified OU does not exist.\n");
-		goto done;
-	}
-
-		/* Attempt to create the machine account and bail if this fails.
-		   Assume that the admin wants exactly what they requested */
-
-		rc = ads_create_machine_acct( ads, global_myname(), dn );
-	if (ADS_ERR_OK(rc)) {
-		DEBUG(1, ("machine account created\n"));
-		goto done;
-		}
-	if ( !(rc.error_type == ENUM_ADS_ERROR_LDAP && rc.err.rc == LDAP_ALREADY_EXISTS) ) {
-		DEBUG(1, ("machine account creation failed\n"));
-		goto done;
-	}
-
-	rc = ads_move_machine_acct(ads, global_myname(), dn, &moved);
-	if (!ADS_ERR_OK(rc)) {
-		DEBUG(1, ("failure to locate/move pre-existing machine account\n"));
-		goto done;
-	}
-
-	if (moved) {
-		d_printf("The machine account was moved into the specified OU.\n");
-	} else {
-		d_printf("The machine account already exists in the specified OU.\n");
-	}
-
-done:
-	ads_msgfree(ads, res);
-	SAFE_FREE( ou_str );
-	SAFE_FREE( dn );
-
-	return rc;
-}
-
-/************************************************************************
- ************************************************************************/
-
-static bool net_derive_salting_principal( TALLOC_CTX *ctx, ADS_STRUCT *ads )
-{
-	uint32 domain_func;
-	ADS_STATUS status;
-	fstring salt;
-	char *std_salt;
-	const char *machine_name = global_myname();
-
-	status = ads_domain_func_level( ads, &domain_func );
-	if ( !ADS_ERR_OK(status) ) {
-		DEBUG(2,("Failed to determine domain functional level!\n"));
-		return False;
-	}
-
-	/* go ahead and setup the default salt */
-
-	if ( (std_salt = kerberos_standard_des_salt()) == NULL ) {
-		d_fprintf(stderr, "net_derive_salting_principal: failed to obtain stanard DES salt\n");
-		return False;
-	}
-
-	fstrcpy( salt, std_salt );
-	SAFE_FREE( std_salt );
-
-	/* if it's a Windows functional domain, we have to look for the UPN */
-
-	if ( domain_func == DS_DOMAIN_FUNCTION_2000 ) {
-		char *upn;
-
-		upn = ads_get_upn(ads, ctx, machine_name);
-		if ( upn ) {
-			fstrcpy( salt, upn );
-		}
-	}
-
-	return kerberos_secrets_store_des_salt( salt );
-}
-
-/*******************************************************************
  Send a DNS update request
 *******************************************************************/
 
@@ -1443,50 +1102,35 @@ static int net_ads_join_usage(int argc, const char **argv)
 
 int net_ads_join(int argc, const char **argv)
 {
-	ADS_STRUCT *ads = NULL;
-	ADS_STATUS status;
 	NTSTATUS nt_status;
-	const char *short_domain_name = NULL;
-	char *tmp_password, *password;
 	TALLOC_CTX *ctx = NULL;
-	DOM_SID *domain_sid = NULL;
+	struct libnet_JoinCtx *r = NULL;
+	const char *domain = lp_realm();
+	WERROR werr = WERR_SETUP_NOT_JOINED;
 	bool createupn = False;
 	const char *machineupn = NULL;
 	const char *create_in_ou = NULL;
 	int i;
-	fstring dc_name;
-	struct sockaddr_storage dcss;
 	const char *os_name = NULL;
 	const char *os_version = NULL;
 
 	nt_status = check_ads_config();
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		d_fprintf(stderr, "Invalid configuration.  Exiting....\n");
+		werr = ntstatus_to_werror(nt_status);
 		goto fail;
 	}
 
-	/* find a DC to initialize the server affinity cache */
-
-	get_dc_name( lp_workgroup(), lp_realm(), dc_name, &dcss );
-
-	status = ads_startup(True, &ads);
-	if (!ADS_ERR_OK(status)) {
-		DEBUG(1, ("error on ads_startup: %s\n", ads_errstr(status)));
-		nt_status = ads_ntstatus(status);
-		goto fail;
-	}
+	use_in_memory_ccache();
 
-	if (strcmp(ads->config.realm, lp_realm()) != 0) {
-		d_fprintf(stderr, "realm of remote server (%s) and realm in %s "
-			"(%s) DO NOT match.  Aborting join\n",
-			ads->config.realm, get_dyn_CONFIGFILE(), lp_realm());
-		nt_status = NT_STATUS_INVALID_PARAMETER;
+	werr = libnet_init_JoinCtx(ctx, &r);
+	if (!W_ERROR_IS_OK(werr)) {
 		goto fail;
 	}
 
 	if (!(ctx = talloc_init("net_ads_join"))) {
 		d_fprintf(stderr, "Could not initialise talloc context.\n");
-		nt_status = NT_STATUS_NO_MEMORY;
+		werr = WERR_NOMEM;
 		goto fail;
 	}
 
@@ -1500,203 +1144,102 @@ int net_ads_join(int argc, const char **argv)
 		else if ( !StrnCaseCmp(argv[i], "createcomputer", strlen("createcomputer")) ) {
 			if ( (create_in_ou = get_string_param(argv[i])) == NULL ) {
 				d_fprintf(stderr, "Please supply a valid OU path.\n");
-				nt_status = NT_STATUS_INVALID_PARAMETER;
+				werr = WERR_INVALID_PARAM;
 				goto fail;
 			}
 		}
 		else if ( !StrnCaseCmp(argv[i], "osName", strlen("osName")) ) {
 			if ( (os_name = get_string_param(argv[i])) == NULL ) {
 				d_fprintf(stderr, "Please supply a operating system name.\n");
-				nt_status = NT_STATUS_INVALID_PARAMETER;
+				werr = WERR_INVALID_PARAM;
 				goto fail;
 			}
 		}
 		else if ( !StrnCaseCmp(argv[i], "osVer", strlen("osVer")) ) {
 			if ( (os_version = get_string_param(argv[i])) == NULL ) {
 				d_fprintf(stderr, "Please supply a valid operating system version.\n");
-				nt_status = NT_STATUS_INVALID_PARAMETER;
+				werr = WERR_INVALID_PARAM;
 				goto fail;
 			}
 		}
 		else {
-			d_fprintf(stderr, "Bad option: %s\n", argv[i]);
-			nt_status = NT_STATUS_INVALID_PARAMETER;
-			goto fail;
-		}
-	}
-
-	/* If we were given an OU, try to create the machine in
-	   the OU account first and then do the normal RPC join */
-
-	if  ( create_in_ou ) {
-		status = net_precreate_machine_acct( ads, create_in_ou );
-		if ( !ADS_ERR_OK(status) ) {
-			d_fprintf( stderr, "Failed to pre-create the machine object "
-				"in OU %s.\n", create_in_ou);
-			DEBUG(1, ("error calling net_precreate_machine_acct: %s\n", 
-				  ads_errstr(status)));
-			nt_status = ads_ntstatus(status);
-			goto fail;
+			domain = argv[i];
 		}
 	}
 
 	/* Do the domain join here */
 
-	tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
-	password = talloc_strdup(ctx, tmp_password);
-
-	nt_status = net_join_domain(ctx, ads->config.ldap_server_name,
-				    &ads->ldap.ss, &short_domain_name, &domain_sid, password);
-	if ( !NT_STATUS_IS_OK(nt_status) ) {
-		DEBUG(1, ("call of net_join_domain failed: %s\n",
-			  get_friendly_nt_error_msg(nt_status)));
+	r->in.domain_name	= domain;
+	r->in.create_upn	= createupn;
+	r->in.upn		= machineupn;
+	r->in.account_ou	= create_in_ou;
+	r->in.os_name		= os_name;
+	r->in.os_version	= os_version;
+	r->in.dc_name		= opt_host;
+	r->in.admin_account	= opt_user_name;
+	r->in.admin_password	= net_prompt_pass(opt_user_name);
+	r->in.debug		= opt_verbose;
+	r->in.join_flags	= WKSSVC_JOIN_FLAGS_JOIN_TYPE |
+				  WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE |
+				  WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED;
+
+	werr = libnet_Join(ctx, r);
+	if (!W_ERROR_IS_OK(werr)) {
 		goto fail;
 	}
 
 	/* Check the short name of the domain */
 
-	if ( !strequal(lp_workgroup(), short_domain_name) ) {
+	if (!strequal(lp_workgroup(), r->out.netbios_domain_name)) {
 		d_printf("The workgroup in %s does not match the short\n", get_dyn_CONFIGFILE());
 		d_printf("domain name obtained from the server.\n");
-		d_printf("Using the name [%s] from the server.\n", short_domain_name);
+		d_printf("Using the name [%s] from the server.\n", r->out.netbios_domain_name);
 		d_printf("You should set \"workgroup = %s\" in %s.\n",
-			 short_domain_name, get_dyn_CONFIGFILE());
+			 r->out.netbios_domain_name, get_dyn_CONFIGFILE());
 	}
 
-	d_printf("Using short domain name -- %s\n", short_domain_name);
+	d_printf("Using short domain name -- %s\n", r->out.netbios_domain_name);
 
-	/*  HACK ALERT!  Store the sid and password under both the lp_workgroup() 
-	    value from smb.conf and the string returned from the server.  The former is
-	    neede to bootstrap winbindd's first connection to the DC to get the real 
-	    short domain name   --jerry */
+	d_printf("Joined '%s' to realm '%s'\n", r->in.machine_name,
+		r->out.dns_domain_name);
 
-	if ( (netdom_store_machine_account( lp_workgroup(), domain_sid, password ) == -1)
-		|| (netdom_store_machine_account( short_domain_name, domain_sid, password ) == -1) )
+#if defined(WITH_DNS_UPDATES)
 	{
-		/* issue an internal error here for now.
-		 * everything else would mean changing tdb routines. */
-		nt_status = NT_STATUS_INTERNAL_ERROR;
-		goto fail;
-	}
-
-	/* Verify that everything is ok */
-
-	nt_status = net_rpc_join_ok(short_domain_name,
-				    ads->config.ldap_server_name, &ads->ldap.ss);
-	if (!NT_STATUS_IS_OK(nt_status)) {
-		d_fprintf(stderr,
-			  "Failed to verify membership in domain: %s!\n",
-			  nt_errstr(nt_status));
-		goto fail;
-	}
-
-	/* create the dNSHostName & servicePrincipalName values */
-
-	status = net_set_machine_spn( ctx, ads );
-	if ( !ADS_ERR_OK(status) )  {
-
-		d_fprintf(stderr, "Failed to set servicePrincipalNames. Please ensure that\n");
-		d_fprintf(stderr, "the DNS domain of this server matches the AD domain,\n");
-		d_fprintf(stderr, "Or rejoin with using Domain Admin credentials.\n");
-
-		/* Disable the machine account in AD.  Better to fail than to leave 
-		   a confused admin.  */
-
-		if ( net_ads_leave( 0, NULL ) != 0 ) {
-			d_fprintf( stderr, "Failed to disable machine account in AD.  Please do so manually.\n");
+		/* We enter this block with user creds */
+		ADS_STRUCT *ads_dns = NULL;
+
+		if ( (ads_dns = ads_init( lp_realm(), NULL, NULL )) != NULL ) {
+			/* kinit with the machine password */
+
+			use_in_memory_ccache();
+			asprintf( &ads_dns->auth.user_name, "%s$", global_myname() );
+			ads_dns->auth.password = secrets_fetch_machine_password(
+				lp_workgroup(), NULL, NULL );
+			ads_dns->auth.realm = SMB_STRDUP( lp_realm() );
+			ads_kinit_password( ads_dns );
 		}
 
-		/* clear out the machine password */
-
-		netdom_store_machine_account( lp_workgroup(), domain_sid, "" );
-		netdom_store_machine_account( short_domain_name, domain_sid, "" );
-
-		nt_status = ads_ntstatus(status);
-		goto fail;
-	}
-
-	if ( !net_derive_salting_principal( ctx, ads ) ) {
-		DEBUG(1,("Failed to determine salting principal\n"));
-		goto fail;
-	}
-
-	if ( createupn ) {
-		char *upn;
-
-		/* default to using the short UPN name */
-		if (!machineupn ) {
-			upn = talloc_asprintf(ctx,
-					"host/%s@%s", global_myname(),
-					ads->config.realm );
-			if (!upn) {
-				nt_status = NT_STATUS_NO_MEMORY;
-				goto fail;
-			}
-			machineupn = upn;
-		}
-
-		status = net_set_machine_upn( ctx, ads, machineupn );
-		if ( !ADS_ERR_OK(status) )  {
-			d_fprintf(stderr, "Failed to set userPrincipalName.  Are you a Domain Admin?\n");
-		}
-	}
-
-	/* Try to set the operatingSystem attributes if asked */
-
-	if ( os_name && os_version ) {
-		status = net_set_os_attributes( ctx, ads, os_name, os_version );
-		if ( !ADS_ERR_OK(status) )  {
-			d_fprintf(stderr, "Failed to set operatingSystem attributes.  "
-				  "Are you a Domain Admin?\n");
+		if ( !ads_dns || !NT_STATUS_IS_OK(net_update_dns( ctx, ads_dns )) ) {
+			d_fprintf( stderr, "DNS update failed!\n" );
 		}
-	}
 
-	/* Now build the keytab, using the same ADS connection */
-
-	if (lp_use_kerberos_keytab() && ads_keytab_create_default(ads)) {
-		DEBUG(1,("Error creating host keytab!\n"));
+		/* exit from this block using machine creds */
+		ads_destroy(&ads_dns);
 	}
-
-#if defined(WITH_DNS_UPDATES)
-	/* We enter this block with user creds */
-	ads_kdestroy( NULL );
-	ads_destroy(&ads);
-	ads = NULL;
-
-	if ( (ads = ads_init( lp_realm(), NULL, NULL )) != NULL ) {
-		/* kinit with the machine password */
-
-		use_in_memory_ccache();
-		asprintf( &ads->auth.user_name, "%s$", global_myname() );
-		ads->auth.password = secrets_fetch_machine_password(
-			lp_workgroup(), NULL, NULL );
-		ads->auth.realm = SMB_STRDUP( lp_realm() );
-		ads_kinit_password( ads );
-	}
-
-	if ( !ads || !NT_STATUS_IS_OK(net_update_dns( ctx, ads )) ) {
-		d_fprintf( stderr, "DNS update failed!\n" );
-	}
-
-	/* exit from this block using machine creds */
 #endif
-
-	d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->server.realm);
-
+	TALLOC_FREE(r);
 	TALLOC_FREE( ctx );
-	ads_destroy(&ads);
 
 	return 0;
 
 fail:
 	/* issue an overall failure message at the end. */
-	d_printf("Failed to join domain: %s\n", get_friendly_nt_error_msg(nt_status));
-
+	d_printf("Failed to join domain: %s\n",
+		r && r->out.error_string ? r->out.error_string :
+		get_friendly_werror_msg(werr));
 	TALLOC_FREE( ctx );
-        ads_destroy(&ads);
 
         return -1;
-
 }
 
 /*******************************************************************
@@ -2519,8 +2062,8 @@ static int net_ads_kerberos_renew(int argc, const char **argv)
 
 static int net_ads_kerberos_pac(int argc, const char **argv)
 {
-	PAC_DATA *pac = NULL;
-	PAC_LOGON_INFO *info = NULL;
+	struct PAC_DATA *pac = NULL;
+	struct PAC_LOGON_INFO *info = NULL;
 	TALLOC_CTX *mem_ctx = NULL;
 	NTSTATUS status;
 	int ret = -1;
@@ -2551,7 +2094,9 @@ static int net_ads_kerberos_pac(int argc, const char **argv)
 
 	info = get_logon_info_from_pac(pac);
 	if (info) {
-		dump_pac_logon_info(0, info);
+		const char *s;
+		s = NDR_PRINT_STRUCT_STRING(mem_ctx, PAC_LOGON_INFO, info);
+		d_printf("The Pac: %s\n", s);
 	}
 
 	ret = 0;
diff --git a/source3/utils/net_dom.c b/source3/utils/net_dom.c
index 30993ae2fa..e88bbdb276 100644
--- a/source3/utils/net_dom.c
+++ b/source3/utils/net_dom.c
@@ -101,7 +101,7 @@ static int net_dom_unjoin(int argc, const char **argv)
 	status = NetUnjoinDomain(server_name, account, password, unjoin_flags);
 	if (status != 0) {
 		printf("Failed to unjoin domain: %s\n",
-			libnetapi_errstr(status));
+			libnetapi_get_error_string(ctx, status));
 		goto done;
 	}
 
@@ -215,7 +215,7 @@ static int net_dom_join(int argc, const char **argv)
 			       Account, password, join_flags);
 	if (status != 0) {
 		printf("Failed to join domain: %s\n",
-			libnetapi_errstr(status));
+			libnetapi_get_error_string(ctx, status));
 		goto done;
 	}
 
diff --git a/source3/utils/net_domain.c b/source3/utils/net_domain.c
deleted file mode 100644
index da5e61caf0..0000000000
--- a/source3/utils/net_domain.c
+++ /dev/null
@@ -1,344 +0,0 @@
-/* 
-   Samba Unix/Linux SMB client library 
-   net ads commands
-   Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
-   Copyright (C) 2001 Remus Koos (remuskoos@yahoo.com)
-   Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
-   Copyright (C) 2006 Gerald (Jerry) Carter (jerry@samba.org)
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.  
-*/
-
-#include "includes.h"
-#include "utils/net.h"
-
-/* Macro for checking RPC error codes to make things more readable */
-
-#define CHECK_RPC_ERR(rpc, msg) \
-        if (!NT_STATUS_IS_OK(result = rpc)) { \
-                DEBUG(0, (msg ": %s\n", nt_errstr(result))); \
-                goto done; \
-        }
-
-#define CHECK_RPC_ERR_DEBUG(rpc, debug_args) \
-        if (!NT_STATUS_IS_OK(result = rpc)) { \
-                DEBUG(0, debug_args); \
-                goto done; \
-        }
-
-/*******************************************************************
- Leave an AD domain.  Windows XP disables the machine account.
- We'll try the same.  The old code would do an LDAP delete.
- That only worked using the machine creds because added the machine
- with full control to the computer object's ACL.
-*******************************************************************/
-
-NTSTATUS netdom_leave_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, 
-                         DOM_SID *dom_sid )
-{	
-	struct rpc_pipe_client *pipe_hnd = NULL;
-	POLICY_HND sam_pol, domain_pol, user_pol;
-	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
-	char *acct_name;
-	uint32 flags = 0x3e8;
-	const char *const_acct_name;
-	uint32 user_rid;
-	uint32 num_rids, *name_types, *user_rids;
-	SAM_USERINFO_CTR ctr, *qctr = NULL;
-	SAM_USER_INFO_16 p16;
-
-	/* Open the domain */
-	
-	if ( (pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &status)) == NULL ) {
-		DEBUG(0, ("Error connecting to SAM pipe. Error was %s\n",
-			nt_errstr(status) ));
-		return status;
-	}
-
-	status = rpccli_samr_connect(pipe_hnd, mem_ctx, 
-			SEC_RIGHTS_MAXIMUM_ALLOWED, &sam_pol);
-	if ( !NT_STATUS_IS_OK(status) )
-		return status;
-
-	
-	status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &sam_pol,
-			SEC_RIGHTS_MAXIMUM_ALLOWED, dom_sid, &domain_pol);
-	if ( !NT_STATUS_IS_OK(status) )
-		return status;
-
-	/* Create domain user */
-	
-	acct_name = talloc_asprintf(mem_ctx, "%s$", global_myname()); 
-	strlower_m(acct_name);
-	const_acct_name = acct_name;
-
-	status = rpccli_samr_lookup_names(pipe_hnd, mem_ctx,
-			&domain_pol, flags, 1, &const_acct_name, 
-			&num_rids, &user_rids, &name_types);
-	if ( !NT_STATUS_IS_OK(status) )
-		return status;
-
-	if ( name_types[0] != SID_NAME_USER) {
-		DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name, name_types[0]));
-		return NT_STATUS_INVALID_WORKSTATION;
-	}
-
-	user_rid = user_rids[0];
-		
-	/* Open handle on user */
-
-	status = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
-			SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, &user_pol);
-	if ( !NT_STATUS_IS_OK(status) ) {
-		goto done;
-	}
-	
-	/* Get user info */
-
-	status = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, &user_pol, 16, &qctr);
-	if ( !NT_STATUS_IS_OK(status) ) {
-		rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
-		goto done;
-	}
-
-	/* now disable and setuser info */
-	
-	ZERO_STRUCT(ctr);
-	ctr.switch_value = 16;
-	ctr.info.id16 = &p16;
-
-	p16.acb_info = qctr->info.id16->acb_info | ACB_DISABLED;
-
-	status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, 16, 
-					&cli->user_session_key, &ctr);
-
-	rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
-
-done:
-	rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
-	rpccli_samr_close(pipe_hnd, mem_ctx, &sam_pol);
-	
-	cli_rpc_pipe_close(pipe_hnd); /* Done with this pipe */
-	
-	return status;
-}
-
-/*******************************************************************
- Store the machine password and domain SID
- ********************************************************************/
-
-int netdom_store_machine_account( const char *domain, DOM_SID *sid, const char *pw )
-{
-	if (!secrets_store_domain_sid(domain, sid)) {
-		DEBUG(1,("Failed to save domain sid\n"));
-		return -1;
-	}
-
-	if (!secrets_store_machine_password(pw, domain, SEC_CHAN_WKSTA)) {
-		DEBUG(1,("Failed to save machine password\n"));
-		return -1;
-	}
-
-	return 0;
-}
-
-/*******************************************************************
- ********************************************************************/
-
-NTSTATUS netdom_get_domain_sid( TALLOC_CTX *mem_ctx, struct cli_state *cli, 
-				const char **domain, DOM_SID **sid )
-{
-	struct rpc_pipe_client *pipe_hnd = NULL;
-	POLICY_HND lsa_pol;
-	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
-
-	if ( (pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &status)) == NULL ) {
-		DEBUG(0, ("Error connecting to LSA pipe. Error was %s\n",
-			nt_errstr(status) ));
-		return status;
-	}
-
-	status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True,
-			SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol);
-	if ( !NT_STATUS_IS_OK(status) )
-		return status;
-
-	status = rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx, 
-			&lsa_pol, 5, domain, sid);
-	if ( !NT_STATUS_IS_OK(status) )
-		return status;
-
-	rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);
-	cli_rpc_pipe_close(pipe_hnd); /* Done with this pipe */
-
-	/* Bail out if domain didn't get set. */
-	if (!domain) {
-		DEBUG(0, ("Could not get domain name.\n"));
-		return NT_STATUS_UNSUCCESSFUL;
-	}
-	
-	return NT_STATUS_OK;
-}
-
-/*******************************************************************
- Do the domain join
- ********************************************************************/
- 
-NTSTATUS netdom_join_domain( TALLOC_CTX *mem_ctx, struct cli_state *cli, 
-                           DOM_SID *dom_sid, const char *clear_pw,
-                           enum netdom_domain_t dom_type )
-{	
-	struct rpc_pipe_client *pipe_hnd = NULL;
-	POLICY_HND sam_pol, domain_pol, user_pol;
-	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
-	char *acct_name;
-	const char *const_acct_name;
-	uint32 user_rid;
-	uint32 num_rids, *name_types, *user_rids;
-	uint32 flags = 0x3e8;
-	uint32 acb_info = ACB_WSTRUST;
-	uint32 fields_present;
-	uchar pwbuf[532];
-	SAM_USERINFO_CTR ctr;
-	SAM_USER_INFO_25 p25;
-	const int infolevel = 25;
-	struct MD5Context md5ctx;
-	uchar md5buffer[16];
-	DATA_BLOB digested_session_key;
-	uchar md4_trust_password[16];
-
-	/* Open the domain */
-	
-	if ( (pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &status)) == NULL ) {
-		DEBUG(0, ("Error connecting to SAM pipe. Error was %s\n",
-			nt_errstr(status) ));
-		return status;
-	}
-
-	status = rpccli_samr_connect(pipe_hnd, mem_ctx, 
-			SEC_RIGHTS_MAXIMUM_ALLOWED, &sam_pol);
-	if ( !NT_STATUS_IS_OK(status) )
-		return status;
-
-	
-	status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &sam_pol,
-			SEC_RIGHTS_MAXIMUM_ALLOWED, dom_sid, &domain_pol);
-	if ( !NT_STATUS_IS_OK(status) )
-		return status;
-
-	/* Create domain user */
-	
-	acct_name = talloc_asprintf(mem_ctx, "%s$", global_myname()); 
-	strlower_m(acct_name);
-	const_acct_name = acct_name;
-
-	/* Don't try to set any acb_info flags other than ACB_WSTRUST */
-
-	status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
-			acct_name, acb_info, 0xe005000b, &user_pol, &user_rid);
-
-	if ( !NT_STATUS_IS_OK(status) 
-		&& !NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) 
-	{
-		d_fprintf(stderr, "Creation of workstation account failed\n");
-
-		/* If NT_STATUS_ACCESS_DENIED then we have a valid
-		   username/password combo but the user does not have
-		   administrator access. */
-
-		if (NT_STATUS_V(status) == NT_STATUS_V(NT_STATUS_ACCESS_DENIED))
-			d_fprintf(stderr, "User specified does not have administrator privileges\n");
-
-		return status;
-	}
-
-	/* We *must* do this.... don't ask... */
-
-	if (NT_STATUS_IS_OK(status)) {
-		rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
-	}
-
-	status = rpccli_samr_lookup_names(pipe_hnd, mem_ctx,
-			&domain_pol, flags, 1, &const_acct_name, 
-			&num_rids, &user_rids, &name_types);
-	if ( !NT_STATUS_IS_OK(status) )
-		return status;
-
-	if ( name_types[0] != SID_NAME_USER) {
-		DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name, name_types[0]));
-		return NT_STATUS_INVALID_WORKSTATION;
-	}
-
-	user_rid = user_rids[0];
-		
-	/* Open handle on user */
-
-	status = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
-			SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, &user_pol);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-	
-	/* Create a random machine account password and generate the hash */
-
-	E_md4hash(clear_pw, md4_trust_password);
-	encode_pw_buffer(pwbuf, clear_pw, STR_UNICODE);
-	
-	generate_random_buffer((uint8*)md5buffer, sizeof(md5buffer));
-	digested_session_key = data_blob_talloc(mem_ctx, 0, 16);
-	
-	MD5Init(&md5ctx);
-	MD5Update(&md5ctx, md5buffer, sizeof(md5buffer));
-	MD5Update(&md5ctx, cli->user_session_key.data, cli->user_session_key.length);
-	MD5Final(digested_session_key.data, &md5ctx);
-	
-	SamOEMhashBlob(pwbuf, sizeof(pwbuf), &digested_session_key);
-	memcpy(&pwbuf[516], md5buffer, sizeof(md5buffer));
-
-	/* Fill in the additional account flags now */
-
-	acb_info |= ACB_PWNOEXP;
-	if ( dom_type == ND_TYPE_AD ) {
-#if !defined(ENCTYPE_ARCFOUR_HMAC)
-		acb_info |= ACB_USE_DES_KEY_ONLY;
-#endif
-		;;
-	}
-
-	/* Set password and account flags on machine account */
-
-	ZERO_STRUCT(ctr);
-	ZERO_STRUCT(p25);
-
-	fields_present = ACCT_NT_PWD_SET | ACCT_LM_PWD_SET | ACCT_FLAGS;
-	init_sam_user_info25P(&p25, fields_present, acb_info, (char *)pwbuf);
-
-	ctr.switch_value = infolevel;
-	ctr.info.id25    = &p25;
-
-	status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol,
-					   infolevel, &cli->user_session_key, &ctr);
-
-	if ( !NT_STATUS_IS_OK(status) ) {
-		d_fprintf( stderr, "Failed to set password for machine account (%s)\n", 
-			nt_errstr(status));
-		return status;
-	}
-
-	rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
-	cli_rpc_pipe_close(pipe_hnd); /* Done with this pipe */
-	
-	return status;
-}
-
diff --git a/source3/utils/net_lookup.c b/source3/utils/net_lookup.c
index 765971fba3..e5d83bc891 100644
--- a/source3/utils/net_lookup.c
+++ b/source3/utils/net_lookup.c
@@ -366,8 +366,9 @@ static int net_lookup_dsgetdcname(int argc, const char **argv)
 	const char *domain_name = NULL;
 	char *site_name = NULL;
 	uint32_t flags = 0;
-	struct DS_DOMAIN_CONTROLLER_INFO *info = NULL;
+	struct netr_DsRGetDCNameInfo *info = NULL;
 	TALLOC_CTX *mem_ctx;
+	char *s = NULL;
 
 	if (argc < 1 || argc > 3) {
 		d_printf("usage: net lookup dsgetdcname "
@@ -401,7 +402,7 @@ static int net_lookup_dsgetdcname(int argc, const char **argv)
 		site_name = sitename_fetch(domain_name);
 	}
 
-	status = dsgetdcname(mem_ctx, NULL, domain_name, NULL, site_name,
+	status = dsgetdcname(mem_ctx, domain_name, NULL, site_name,
 			     flags, &info);
 	if (!NT_STATUS_IS_OK(status)) {
 		d_printf("failed with: %s\n", nt_errstr(status));
@@ -410,7 +411,9 @@ static int net_lookup_dsgetdcname(int argc, const char **argv)
 		return -1;
 	}
 
-	display_ds_domain_controller_info(mem_ctx, info);
+	s = NDR_PRINT_STRUCT_STRING(mem_ctx, netr_DsRGetDCNameInfo, info);
+	printf("%s\n", s);
+	TALLOC_FREE(s);
 
 	SAFE_FREE(site_name);
 	TALLOC_FREE(mem_ctx);
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 677924649c..f7fadb9520 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -3,7 +3,7 @@
    Distributed SMB/CIFS Server Management Utility 
    Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
    Copyright (C) 2002 Jim McDonough (jmcd@us.ibm.com)
-   Copyright (C) 2004 Guenther Deschner (gd@samba.org)
+   Copyright (C) 2004,2008 Guenther Deschner (gd@samba.org)
    Copyright (C) 2005 Jeremy Allison (jra@samba.org)
    Copyright (C) 2006 Jelmer Vernooij (jelmer@samba.org)
 
@@ -57,8 +57,8 @@ NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 	struct rpc_pipe_client *lsa_pipe;
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_OK;
-	uint32 info_class = 5;
-	
+	union lsa_PolicyInformation *info = NULL;
+
 	lsa_pipe = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &result);
 	if (!lsa_pipe) {
 		d_fprintf(stderr, "Could not initialise lsa pipe\n");
@@ -74,15 +74,19 @@ NTSTATUS net_get_remote_domain_sid(struct cli_state *cli, TALLOC_CTX *mem_ctx,
 		return result;
 	}
 
-	result = rpccli_lsa_query_info_policy(lsa_pipe, mem_ctx, &pol,
-					      info_class, domain_name,
-					      domain_sid);
+	result = rpccli_lsa_QueryInfoPolicy(lsa_pipe, mem_ctx,
+					    &pol,
+					    LSA_POLICY_INFO_ACCOUNT_DOMAIN,
+					    &info);
 	if (!NT_STATUS_IS_OK(result)) {
 		d_fprintf(stderr, "lsaquery failed: %s\n",
 			  nt_errstr(result));
 		return result;
 	}
 
+	*domain_name = info->account_domain.name.string;
+	*domain_sid = info->account_domain.sid;
+
 	rpccli_lsa_Close(lsa_pipe, mem_ctx, &pol);
 	cli_rpc_pipe_close(lsa_pipe);
 
@@ -388,7 +392,7 @@ static int rpc_join_usage(int argc, const char **argv)
  * @param argc  Standard main() style argv.  Initial components are already
  *              stripped
  *
- * Main 'net_rpc_join()' (where the admain username/password is used) is 
+ * Main 'net_rpc_join()' (where the admin username/password is used) is 
  * in net_rpc_join.c
  * Try to just change the password, but if that doesn't work, use/prompt
  * for a username/password.
@@ -440,40 +444,44 @@ NTSTATUS rpc_info_internals(const DOM_SID *domain_sid,
 {
 	POLICY_HND connect_pol, domain_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	SAM_UNK_CTR ctr;
+	union samr_DomainInfo *info = NULL;
 	fstring sid_str;
 
 	sid_to_fstring(sid_str, domain_sid);
 
-	/* Get sam policy handle */	
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
-				  &connect_pol);
+	/* Get sam policy handle */
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		d_fprintf(stderr, "Could not connect to SAM: %s\n", nt_errstr(result));
 		goto done;
 	}
-	
+
 	/* Get domain policy handle */
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					CONST_DISCARD(struct dom_sid2 *, domain_sid),
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		d_fprintf(stderr, "Could not open domain: %s\n", nt_errstr(result));
 		goto done;
 	}
 
-	ZERO_STRUCT(ctr);
-	result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol,
-					 2, &ctr);
+	result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
+					     &domain_pol,
+					     2,
+					     &info);
 	if (NT_STATUS_IS_OK(result)) {
-		TALLOC_CTX *ctx = talloc_init("rpc_info_internals");
-		d_printf("Domain Name: %s\n", unistr2_to_ascii_talloc(ctx, &ctr.info.inf2.uni_domain));
+		d_printf("Domain Name: %s\n", info->info2.domain_name.string);
 		d_printf("Domain SID: %s\n", sid_str);
-		d_printf("Sequence number: %llu\n", (unsigned long long)ctr.info.inf2.seq_num);
-		d_printf("Num users: %u\n", ctr.info.inf2.num_domain_usrs);
-		d_printf("Num domain groups: %u\n", ctr.info.inf2.num_domain_grps);
-		d_printf("Num local groups: %u\n", ctr.info.inf2.num_local_grps);
-		talloc_destroy(ctx);
+		d_printf("Sequence number: %llu\n",
+			(unsigned long long)info->info2.sequence_num);
+		d_printf("Num users: %u\n", info->info2.num_users);
+		d_printf("Num domain groups: %u\n", info->info2.num_groups);
+		d_printf("Num local groups: %u\n", info->info2.num_aliases);
 	}
 
  done:
@@ -587,8 +595,11 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
 	POLICY_HND connect_pol, domain_pol, user_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	const char *acct_name;
+	struct lsa_String lsa_acct_name;
 	uint32 acb_info;
-	uint32 access_mask, user_rid;
+	uint32 acct_flags, user_rid;
+	uint32_t access_granted = 0;
+	struct samr_Ids user_rids, name_types;
 
 	if (argc < 1) {
 		d_printf("User must be specified\n");
@@ -597,20 +608,25 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
 	}
 
 	acct_name = argv[0];
+	init_lsa_String(&lsa_acct_name, acct_name);
 
 	/* Get sam policy handle */
-	
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
-				  &connect_pol);
+
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 	
 	/* Get domain policy handle */
-	
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      domain_sid, &domain_pol);
+
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					CONST_DISCARD(struct dom_sid2 *, domain_sid),
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
@@ -618,35 +634,46 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
 	/* Create domain user */
 
 	acb_info = ACB_NORMAL;
-	access_mask = 0xe005000b;
+	acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+		     SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+		     SAMR_USER_ACCESS_SET_PASSWORD |
+		     SAMR_USER_ACCESS_GET_ATTRIBUTES |
+		     SAMR_USER_ACCESS_SET_ATTRIBUTES;
+
+	result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
+					 &domain_pol,
+					 &lsa_acct_name,
+					 acb_info,
+					 acct_flags,
+					 &user_pol,
+					 &access_granted,
+					 &user_rid);
 
-	result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
-					  acct_name, acb_info, access_mask,
-					  &user_pol, &user_rid);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
 	if (argc == 2) {
 
-		uint32 *user_rids, num_rids, *name_types;
-		uint32 flags = 0x000003e8; /* Unknown */
-		SAM_USERINFO_CTR ctr;
-		SAM_USER_INFO_24 p24;
+		union samr_UserInfo info;
 		uchar pwbuf[516];
 
-		result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
-						  flags, 1, &acct_name,
-						  &num_rids, &user_rids,
-						  &name_types);
+		result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+						 &domain_pol,
+						 1,
+						 &lsa_acct_name,
+						 &user_rids,
+						 &name_types);
 
 		if (!NT_STATUS_IS_OK(result)) {
 			goto done;
 		}
 
-		result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
-					       MAXIMUM_ALLOWED_ACCESS,
-					       user_rids[0], &user_pol);
+		result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+					      &domain_pol,
+					      MAXIMUM_ALLOWED_ACCESS,
+					      user_rids.ids[0],
+					      &user_pol);
 
 		if (!NT_STATUS_IS_OK(result)) {
 			goto done;
@@ -654,24 +681,24 @@ static NTSTATUS rpc_user_add_internals(const DOM_SID *domain_sid,
 
 		/* Set password on account */
 
-		ZERO_STRUCT(ctr);
-		ZERO_STRUCT(p24);
-
 		encode_pw_buffer(pwbuf, argv[1], STR_UNICODE);
 
-		init_sam_user_info24(&p24, (char *)pwbuf,24);
+		init_samr_user_info24(&info.info24, pwbuf, 24);
 
-		ctr.switch_value = 24;
-		ctr.info.id24 = &p24;
+		SamOEMhashBlob(info.info24.password.data, 516,
+			       &cli->user_session_key);
 
-		result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 24, 
-					       &cli->user_session_key, &ctr);
+		result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
+						  &user_pol,
+						  24,
+						  &info);
 
 		if (!NT_STATUS_IS_OK(result)) {
 			d_fprintf(stderr, "Failed to set password for user %s - %s\n", 
 				 acct_name, nt_errstr(result));
 
-			result = rpccli_samr_delete_dom_user(pipe_hnd, mem_ctx, &user_pol);
+			result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx,
+							&user_pol);
 
 			if (!NT_STATUS_IS_OK(result)) {
 				d_fprintf(stderr, "Failed to delete user %s - %s\n", 
@@ -745,16 +772,20 @@ static NTSTATUS rpc_user_del_internals(const DOM_SID *domain_sid,
 
 	/* Get sam policy and domain handles */
 
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
-				  &connect_pol);
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					CONST_DISCARD(struct dom_sid2 *, domain_sid),
+					&domain_pol);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
@@ -763,21 +794,27 @@ static NTSTATUS rpc_user_del_internals(const DOM_SID *domain_sid,
 	/* Get handle on user */
 
 	{
-		uint32 *user_rids, num_rids, *name_types;
-		uint32 flags = 0x000003e8; /* Unknown */
+		struct samr_Ids user_rids, name_types;
+		struct lsa_String lsa_acct_name;
 
-		result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
-					       flags, 1, &acct_name,
-					       &num_rids, &user_rids,
-					       &name_types);
+		init_lsa_String(&lsa_acct_name, acct_name);
+
+		result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+						 &domain_pol,
+						 1,
+						 &lsa_acct_name,
+						 &user_rids,
+						 &name_types);
 
 		if (!NT_STATUS_IS_OK(result)) {
 			goto done;
 		}
 
-		result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
-					    MAXIMUM_ALLOWED_ACCESS,
-					    user_rids[0], &user_pol);
+		result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+					      &domain_pol,
+					      MAXIMUM_ALLOWED_ACCESS,
+					      user_rids.ids[0],
+					      &user_pol);
 
 		if (!NT_STATUS_IS_OK(result)) {
 			goto done;
@@ -786,7 +823,8 @@ static NTSTATUS rpc_user_del_internals(const DOM_SID *domain_sid,
 
 	/* Delete user */
 
-	result = rpccli_samr_delete_dom_user(pipe_hnd, mem_ctx, &user_pol);
+	result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx,
+					&user_pol);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
@@ -831,14 +869,9 @@ static NTSTATUS rpc_user_rename_internals(const DOM_SID *domain_sid,
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	uint32 info_level = 7;
 	const char *old_name, *new_name;
-	uint32 *user_rid;
-	uint32 flags = 0x000003e8; /* Unknown */
-	uint32 num_rids, *name_types;
-	uint32 num_names = 1;
-	const char **names;
-	SAM_USERINFO_CTR *user_ctr;
-	SAM_USERINFO_CTR ctr;
-	SAM_USER_INFO_7 info7;
+	struct samr_Ids user_rids, name_types;
+	struct lsa_String lsa_acct_name;
+	union samr_UserInfo *info = NULL;
 
 	if (argc != 2) {
 		d_printf("Old and new username must be specified\n");
@@ -849,62 +882,68 @@ static NTSTATUS rpc_user_rename_internals(const DOM_SID *domain_sid,
 	old_name = argv[0];
 	new_name = argv[1];
 
-	ZERO_STRUCT(ctr);
-	ZERO_STRUCT(user_ctr);
-
 	/* Get sam policy handle */
-	
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
-				  &connect_pol);
+
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
+
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 	
 	/* Get domain policy handle */
-	
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      domain_sid, &domain_pol);
+
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					CONST_DISCARD(struct dom_sid2 *, domain_sid),
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
-	if ((names = TALLOC_ARRAY(mem_ctx, const char *, num_names)) == NULL) {
-		result = NT_STATUS_NO_MEMORY;
-		goto done;
-	}
-	names[0] = old_name;
-	result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
-				       flags, num_names, names,
-				       &num_rids, &user_rid, &name_types);
+	init_lsa_String(&lsa_acct_name, old_name);
+
+	result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+					 &domain_pol,
+					 1,
+					 &lsa_acct_name,
+					 &user_rids,
+					 &name_types);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
 	/* Open domain user */
-	result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
-				    MAXIMUM_ALLOWED_ACCESS, user_rid[0], &user_pol);
+	result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+				      &domain_pol,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      user_rids.ids[0],
+				      &user_pol);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
 	/* Query user info */
-	result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, &user_pol,
-					 info_level, &user_ctr);
+	result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
+					   &user_pol,
+					   info_level,
+					   &info);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
-	ctr.switch_value = info_level;
-	ctr.info.id7 = &info7;
-
-	init_sam_user_info7(&info7, new_name);
+	init_samr_user_info7(&info->info7, new_name);
 
 	/* Set new name */
-	result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol,
-				       info_level, &cli->user_session_key, &ctr);
+	result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
+					  &user_pol,
+					  info_level,
+					  info);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
@@ -978,12 +1017,11 @@ static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid,
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	POLICY_HND connect_pol, domain_pol, user_pol;
-	SAM_USERINFO_CTR ctr;
-	SAM_USER_INFO_24 p24;
 	uchar pwbuf[516];
 	const char *user;
 	const char *new_password;
 	char *prompt = NULL;
+	union samr_UserInfo info;
 
 	if (argc < 1) {
 		d_printf("User must be specified\n");
@@ -1003,16 +1041,20 @@ static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid,
 
 	/* Get sam policy and domain handles */
 
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
-				  &connect_pol);
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					CONST_DISCARD(struct dom_sid2 *, domain_sid),
+					&domain_pol);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
@@ -1021,21 +1063,26 @@ static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid,
 	/* Get handle on user */
 
 	{
-		uint32 *user_rids, num_rids, *name_types;
-		uint32 flags = 0x000003e8; /* Unknown */
+		struct samr_Ids user_rids, name_types;
+		struct lsa_String lsa_acct_name;
 
-		result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
-					       flags, 1, &user,
-					       &num_rids, &user_rids,
-					       &name_types);
+		init_lsa_String(&lsa_acct_name, user);
 
+		result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+						 &domain_pol,
+						 1,
+						 &lsa_acct_name,
+						 &user_rids,
+						 &name_types);
 		if (!NT_STATUS_IS_OK(result)) {
 			goto done;
 		}
 
-		result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
-					    MAXIMUM_ALLOWED_ACCESS,
-					    user_rids[0], &user_pol);
+		result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+					      &domain_pol,
+					      MAXIMUM_ALLOWED_ACCESS,
+					      user_rids.ids[0],
+					      &user_pol);
 
 		if (!NT_STATUS_IS_OK(result)) {
 			goto done;
@@ -1044,18 +1091,17 @@ static NTSTATUS rpc_user_password_internals(const DOM_SID *domain_sid,
 
 	/* Set password on account */
 
-	ZERO_STRUCT(ctr);
-	ZERO_STRUCT(p24);
-
 	encode_pw_buffer(pwbuf, new_password, STR_UNICODE);
 
-	init_sam_user_info24(&p24, (char *)pwbuf,24);
+	init_samr_user_info24(&info.info24, pwbuf, 24);
 
-	ctr.switch_value = 24;
-	ctr.info.id24 = &p24;
+	SamOEMhashBlob(info.info24.password.data, 516,
+		       &cli->user_session_key);
 
-	result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 24, 
-				       &cli->user_session_key, &ctr);
+	result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
+					  &user_pol,
+					  24,
+					  &info);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
@@ -1110,11 +1156,14 @@ static NTSTATUS rpc_user_info_internals(const DOM_SID *domain_sid,
 {
 	POLICY_HND connect_pol, domain_pol, user_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	uint32 *rids, num_rids, *name_types, num_names;
-	uint32 flags = 0x000003e8; /* Unknown */
 	int i;
-	char **names;
-	DOM_GID *user_gids;
+	struct samr_RidWithAttributeArray *rid_array = NULL;
+	struct lsa_Strings names;
+	struct samr_Ids types;
+	uint32_t *lrids = NULL;
+	struct samr_Ids rids, name_types;
+	struct lsa_String lsa_acct_name;
+
 
 	if (argc < 1) {
 		d_printf("User must be specified\n");
@@ -1122,50 +1171,65 @@ static NTSTATUS rpc_user_info_internals(const DOM_SID *domain_sid,
 		return NT_STATUS_OK;
 	}
 	/* Get sam policy handle */
-	
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
-				  &connect_pol);
+
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 	
 	/* Get domain policy handle */
-	
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      domain_sid, &domain_pol);
+
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					CONST_DISCARD(struct dom_sid2 *, domain_sid),
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
 	/* Get handle on user */
 
-	result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
-				       flags, 1, &argv[0],
-				       &num_rids, &rids, &name_types);
+	init_lsa_String(&lsa_acct_name, argv[0]);
+
+	result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+					 &domain_pol,
+					 1,
+					 &lsa_acct_name,
+					 &rids,
+					 &name_types);
 
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
-	result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
-				    MAXIMUM_ALLOWED_ACCESS,
-				    rids[0], &user_pol);
+	result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+				      &domain_pol,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      rids.ids[0],
+				      &user_pol);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
-	result = rpccli_samr_query_usergroups(pipe_hnd, mem_ctx, &user_pol,
-					   &num_rids, &user_gids);
+	result = rpccli_samr_GetGroupsForUser(pipe_hnd, mem_ctx,
+					      &user_pol,
+					      &rid_array);
 
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
 	/* Look up rids */
 
-	if (num_rids) {
-		if ((rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids)) == NULL) {
+	if (rid_array->count) {
+		if ((lrids = TALLOC_ARRAY(mem_ctx, uint32, rid_array->count)) == NULL) {
 			result = NT_STATUS_NO_MEMORY;
 			goto done;
 		}
 
-		for (i = 0; i < num_rids; i++)
-                	rids[i] = user_gids[i].g_rid;
+		for (i = 0; i < rid_array->count; i++)
+			lrids[i] = rid_array->rids[i].rid;
 
-		result = rpccli_samr_lookup_rids(pipe_hnd, mem_ctx, &domain_pol,
-				      	      num_rids, rids,
-				      	      &num_names, &names, &name_types);
+		result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx,
+						&domain_pol,
+						rid_array->count,
+						lrids,
+						&names,
+						&types);
 
 		if (!NT_STATUS_IS_OK(result)) {
 			goto done;
@@ -1173,8 +1237,8 @@ static NTSTATUS rpc_user_info_internals(const DOM_SID *domain_sid,
 
 		/* Display results */
 
-		for (i = 0; i < num_names; i++)
-			printf("%s\n", names[i]);
+		for (i = 0; i < names.count; i++)
+			printf("%s\n", names.names[i].string);
 	}
  done:
 	return result;
@@ -1223,50 +1287,59 @@ static NTSTATUS rpc_user_list_internals(const DOM_SID *domain_sid,
 	POLICY_HND connect_pol, domain_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	uint32 start_idx=0, num_entries, i, loop_count = 0;
-	SAM_DISPINFO_CTR ctr;
-	SAM_DISPINFO_1 info1;
 
 	/* Get sam policy handle */
-	
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
-				  &connect_pol);
+
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 	
 	/* Get domain policy handle */
-	
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      domain_sid, &domain_pol);
+
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					CONST_DISCARD(struct dom_sid2 *, domain_sid),
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
 	/* Query domain users */
-	ZERO_STRUCT(ctr);
-	ZERO_STRUCT(info1);
-	ctr.sam.info1 = &info1;
 	if (opt_long_list_entries)
 		d_printf("\nUser name             Comment"\
 			 "\n-----------------------------\n");
 	do {
-		fstring user, desc;
+		const char *user = NULL;
+		const char *desc = NULL;
 		uint32 max_entries, max_size;
+		uint32_t total_size, returned_size;
+		union samr_DispInfo info;
 
 		get_query_dispinfo_params(
 			loop_count, &max_entries, &max_size);
 
-		result = rpccli_samr_query_dispinfo(pipe_hnd, mem_ctx, &domain_pol,
-						 &start_idx, 1, &num_entries,
-						 max_entries, max_size, &ctr);
+		result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx,
+						      &domain_pol,
+						      1,
+						      start_idx,
+						      max_entries,
+						      max_size,
+						      &total_size,
+						      &returned_size,
+						      &info);
 		loop_count++;
+		start_idx += info.info1.count;
+		num_entries = info.info1.count;
 
 		for (i = 0; i < num_entries; i++) {
-			unistr2_to_ascii(user, &(&ctr.sam.info1->str[i])->uni_acct_name, sizeof(user));
-			if (opt_long_list_entries) 
-				unistr2_to_ascii(desc, &(&ctr.sam.info1->str[i])->uni_acct_desc, sizeof(desc));
-			
+			user = info.info1.entries[i].account_name.string;
+			if (opt_long_list_entries)
+				desc = info.info1.entries[i].description.string;
 			if (opt_long_list_entries)
 				printf("%-21.21s %s\n", user, desc);
 			else
@@ -1333,9 +1406,8 @@ static NTSTATUS rpc_sh_handle_user(TALLOC_CTX *mem_ctx,
 					   TALLOC_CTX *mem_ctx,
 					   struct rpc_sh_ctx *ctx,
 					   struct rpc_pipe_client *pipe_hnd,
-					   const POLICY_HND *user_hnd,
+					   POLICY_HND *user_hnd,
 					   int argc, const char **argv))
-					   
 {
 	POLICY_HND connect_pol, domain_pol, user_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -1373,22 +1445,28 @@ static NTSTATUS rpc_sh_handle_user(TALLOC_CTX *mem_ctx,
 		goto done;
 	}
 
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx,
-				     MAXIMUM_ALLOWED_ACCESS, &connect_pol);
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-					 MAXIMUM_ALLOWED_ACCESS,
-					 ctx->domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					ctx->domain_sid,
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
-	result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
-				       MAXIMUM_ALLOWED_ACCESS,
-				       rid, &user_pol);
+	result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+				      &domain_pol,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      rid,
+				      &user_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
@@ -1397,13 +1475,13 @@ static NTSTATUS rpc_sh_handle_user(TALLOC_CTX *mem_ctx,
 
  done:
 	if (is_valid_policy_hnd(&user_pol)) {
-		rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
+		rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
 	}
 	if (is_valid_policy_hnd(&domain_pol)) {
-		rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
+		rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
 	}
 	if (is_valid_policy_hnd(&connect_pol)) {
-		rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+		rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
 	}
 	return result;
 }
@@ -1411,28 +1489,28 @@ static NTSTATUS rpc_sh_handle_user(TALLOC_CTX *mem_ctx,
 static NTSTATUS rpc_sh_user_show_internals(TALLOC_CTX *mem_ctx,
 					   struct rpc_sh_ctx *ctx,
 					   struct rpc_pipe_client *pipe_hnd,
-					   const POLICY_HND *user_hnd,
+					   POLICY_HND *user_hnd,
 					   int argc, const char **argv)
 {
 	NTSTATUS result;
-	SAM_USERINFO_CTR *ctr;
-	SAM_USER_INFO_21 *info;
+	union samr_UserInfo *info = NULL;
 
 	if (argc != 0) {
 		d_fprintf(stderr, "usage: %s show <username>\n", ctx->whoami);
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, user_hnd,
-					    21, &ctr);
+	result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
+					   user_hnd,
+					   21,
+					   &info);
 	if (!NT_STATUS_IS_OK(result)) {
 		return result;
 	}
 
-	info = ctr->info.id21;
-
-	d_printf("user rid: %d, group rid: %d\n", info->user_rid,
-		 info->group_rid);
+	d_printf("user rid: %d, group rid: %d\n",
+		info->info21.rid,
+		info->info21.primary_gid);
 
 	return result;
 }
@@ -1448,27 +1526,25 @@ static NTSTATUS rpc_sh_user_show(TALLOC_CTX *mem_ctx,
 
 #define FETCHSTR(name, rec) \
 do { if (strequal(ctx->thiscmd, name)) { \
-	oldval = rpcstr_pull_unistr2_talloc(mem_ctx, &usr->uni_##rec); } \
+	oldval = talloc_strdup(mem_ctx, info->info21.rec.string); } \
 } while (0);
 
 #define SETSTR(name, rec, flag) \
 do { if (strequal(ctx->thiscmd, name)) { \
-	init_unistr2(&usr->uni_##rec, argv[0], UNI_STR_TERMINATE); \
-	init_uni_hdr(&usr->hdr_##rec, &usr->uni_##rec); \
-	usr->fields_present |= ACCT_##flag; } \
+	init_lsa_String(&(info->info21.rec), argv[0]); \
+	info->info21.fields_present |= SAMR_FIELD_##flag; } \
 } while (0);
 
 static NTSTATUS rpc_sh_user_str_edit_internals(TALLOC_CTX *mem_ctx,
 					       struct rpc_sh_ctx *ctx,
 					       struct rpc_pipe_client *pipe_hnd,
-					       const POLICY_HND *user_hnd,
+					       POLICY_HND *user_hnd,
 					       int argc, const char **argv)
 {
 	NTSTATUS result;
-	SAM_USERINFO_CTR *ctr;
-	SAM_USER_INFO_21 *usr;
 	const char *username;
 	const char *oldval = "";
+	union samr_UserInfo *info = NULL;
 
 	if (argc > 1) {
 		d_fprintf(stderr, "usage: %s <username> [new value|NULL]\n",
@@ -1476,44 +1552,45 @@ static NTSTATUS rpc_sh_user_str_edit_internals(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, user_hnd,
-					    21, &ctr);
+	result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
+					   user_hnd,
+					   21,
+					   &info);
 	if (!NT_STATUS_IS_OK(result)) {
 		return result;
 	}
 
-	usr = ctr->info.id21;
-
-	username = rpcstr_pull_unistr2_talloc(mem_ctx, &usr->uni_user_name);
+	username = talloc_strdup(mem_ctx, info->info21.account_name.string);
 
 	FETCHSTR("fullname", full_name);
-	FETCHSTR("homedir", home_dir);
-	FETCHSTR("homedrive", dir_drive);
+	FETCHSTR("homedir", home_directory);
+	FETCHSTR("homedrive", home_drive);
 	FETCHSTR("logonscript", logon_script);
 	FETCHSTR("profilepath", profile_path);
-	FETCHSTR("description", acct_desc);
+	FETCHSTR("description", description);
 
 	if (argc == 0) {
 		d_printf("%s's %s: [%s]\n", username, ctx->thiscmd, oldval);
 		goto done;
 	}
 
-	ZERO_STRUCTP(usr);
-
 	if (strcmp(argv[0], "NULL") == 0) {
 		argv[0] = "";
 	}
 
+	ZERO_STRUCT(info->info21);
+
 	SETSTR("fullname", full_name, FULL_NAME);
-	SETSTR("homedir", home_dir, HOME_DIR);
-	SETSTR("homedrive", dir_drive, HOME_DRIVE);
+	SETSTR("homedir", home_directory, HOME_DIRECTORY);
+	SETSTR("homedrive", home_drive, HOME_DRIVE);
 	SETSTR("logonscript", logon_script, LOGON_SCRIPT);
-	SETSTR("profilepath", profile_path, PROFILE);
-	SETSTR("description", acct_desc, DESCRIPTION);
+	SETSTR("profilepath", profile_path, PROFILE_PATH);
+	SETSTR("description", description, DESCRIPTION);
 
-	result = rpccli_samr_set_userinfo2(
-		pipe_hnd, mem_ctx, user_hnd, 21,
-		&pipe_hnd->cli->user_session_key, ctr);
+	result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
+					 user_hnd,
+					 21,
+					 info);
 
 	d_printf("Set %s's %s from [%s] to [%s]\n", username,
 		 ctx->thiscmd, oldval, argv[0]);
@@ -1544,16 +1621,15 @@ static NTSTATUS rpc_sh_user_str_edit(TALLOC_CTX *mem_ctx,
 static NTSTATUS rpc_sh_user_flag_edit_internals(TALLOC_CTX *mem_ctx,
 						struct rpc_sh_ctx *ctx,
 						struct rpc_pipe_client *pipe_hnd,
-						const POLICY_HND *user_hnd,
+						POLICY_HND *user_hnd,
 						int argc, const char **argv)
 {
 	NTSTATUS result;
-	SAM_USERINFO_CTR *ctr;
-	SAM_USER_INFO_21 *usr;
 	const char *username;
 	const char *oldval = "unknown";
 	uint32 oldflags, newflags;
 	bool newval;
+	union samr_UserInfo *info = NULL;
 
 	if ((argc > 1) ||
 	    ((argc == 1) && !strequal(argv[0], "yes") &&
@@ -1565,17 +1641,17 @@ static NTSTATUS rpc_sh_user_flag_edit_internals(TALLOC_CTX *mem_ctx,
 
 	newval = strequal(argv[0], "yes");
 
-	result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, user_hnd,
-					    21, &ctr);
+	result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
+					   user_hnd,
+					   21,
+					   &info);
 	if (!NT_STATUS_IS_OK(result)) {
 		return result;
 	}
 
-	usr = ctr->info.id21;
-
-	username = rpcstr_pull_unistr2_talloc(mem_ctx, &usr->uni_user_name);
-	oldflags = usr->acb_info;
-	newflags = usr->acb_info;
+	username = talloc_strdup(mem_ctx, info->info21.account_name.string);
+	oldflags = info->info21.acct_flags;
+	newflags = info->info21.acct_flags;
 
 	HANDLEFLG("disabled", DISABLED);
 	HANDLEFLG("pwnotreq", PWNOTREQ);
@@ -1587,14 +1663,15 @@ static NTSTATUS rpc_sh_user_flag_edit_internals(TALLOC_CTX *mem_ctx,
 		goto done;
 	}
 
-	ZERO_STRUCTP(usr);
+	ZERO_STRUCT(info->info21);
 
-	usr->acb_info = newflags;
-	usr->fields_present = ACCT_FLAGS;
+	info->info21.acct_flags = newflags;
+	info->info21.fields_present = SAMR_FIELD_ACCT_FLAGS;
 
-	result = rpccli_samr_set_userinfo2(
-		pipe_hnd, mem_ctx, user_hnd, 21,
-		&pipe_hnd->cli->user_session_key, ctr);
+	result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
+					 user_hnd,
+					 21,
+					 info);
 
 	if (NT_STATUS_IS_OK(result)) {
 		d_printf("Set %s's %s flag from [%s] to [%s]\n", username,
@@ -1720,15 +1797,15 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid,
 	POLICY_HND connect_pol, domain_pol, group_pol, user_pol;
 	bool group_is_primary = False;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
-	uint32 *group_rids, num_rids, *name_types, num_members, 
-               *group_attrs, group_rid;
-	uint32 flags = 0x000003e8; /* Unknown */
+	uint32_t group_rid;
+	struct samr_RidTypeArray *rids = NULL;
 	/* char **names; */
 	int i;
 	/* DOM_GID *user_gids; */
-	SAM_USERINFO_CTR *user_ctr;
-	fstring temp;
+
+	struct samr_Ids group_rids, name_types;
+	struct lsa_String lsa_acct_name;
+	union samr_UserInfo *info = NULL;
 
 	if (argc < 1) {
         	d_printf("specify group\n");
@@ -1736,50 +1813,59 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid,
 		return NT_STATUS_OK; /* ok? */
 	}
 
-        result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
-                                  &connect_pol);
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 
         if (!NT_STATUS_IS_OK(result)) {
-		d_fprintf(stderr, "Request samr_connect failed\n");
+		d_fprintf(stderr, "Request samr_Connect2 failed\n");
         	goto done;
         }
-        
-        result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-                                      MAXIMUM_ALLOWED_ACCESS,
-                                      domain_sid, &domain_pol);
-        
+
+        result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					CONST_DISCARD(struct dom_sid2 *, domain_sid),
+					&domain_pol);
+
         if (!NT_STATUS_IS_OK(result)) {
 		d_fprintf(stderr, "Request open_domain failed\n");
         	goto done;
         }
-	
-	result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
-				       flags, 1, &argv[0],
-				       &num_rids, &group_rids,
-				       &name_types);
 
+	init_lsa_String(&lsa_acct_name, argv[0]);
+
+	result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+					 &domain_pol,
+					 1,
+					 &lsa_acct_name,
+					 &group_rids,
+					 &name_types);
 	if (!NT_STATUS_IS_OK(result)) {
 		d_fprintf(stderr, "Lookup of '%s' failed\n",argv[0]);
    		goto done;
 	}
 
-	switch (name_types[0])
+	switch (name_types.ids[0])
 	{
 	case SID_NAME_DOM_GRP:
-		result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
-					     MAXIMUM_ALLOWED_ACCESS,
-					     group_rids[0], &group_pol);
+		result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
+					       &domain_pol,
+					       MAXIMUM_ALLOWED_ACCESS,
+					       group_rids.ids[0],
+					       &group_pol);
 		if (!NT_STATUS_IS_OK(result)) {
 			d_fprintf(stderr, "Request open_group failed");
    			goto done;
 		}
-                
-		group_rid = group_rids[0];
-                
-		result = rpccli_samr_query_groupmem(pipe_hnd, mem_ctx, &group_pol,
-                                 &num_members, &group_rids,
-                                 &group_attrs);
-		
+
+		group_rid = group_rids.ids[0];
+
+		result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
+						      &group_pol,
+						      &rids);
+
 		if (!NT_STATUS_IS_OK(result)) {
 			d_fprintf(stderr, "Unable to query group members of %s",argv[0]);
    			goto done;
@@ -1787,40 +1873,44 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid,
 		
 		if (opt_verbose) {
 			d_printf("Domain Group %s (rid: %d) has %d members\n",
-				argv[0],group_rid,num_members);
+				argv[0],group_rid, rids->count);
 		}
 
 		/* Check if group is anyone's primary group */
-                for (i = 0; i < num_members; i++)
+                for (i = 0; i < rids->count; i++)
 		{
-	                result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
-					            MAXIMUM_ALLOWED_ACCESS,
-					            group_rids[i], &user_pol);
+	                result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+						      &domain_pol,
+						      MAXIMUM_ALLOWED_ACCESS,
+						      rids->rids[i],
+						      &user_pol);
 	
 	        	if (!NT_STATUS_IS_OK(result)) {
-				d_fprintf(stderr, "Unable to open group member %d\n",group_rids[i]);
+				d_fprintf(stderr, "Unable to open group member %d\n",
+					rids->rids[i]);
 	           		goto done;
 	        	}
-	
-	                ZERO_STRUCT(user_ctr);
 
-	                result = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, &user_pol,
-	                                                 21, &user_ctr);
-	
+			result = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx,
+							   &user_pol,
+							   21,
+							   &info);
+
 	        	if (!NT_STATUS_IS_OK(result)) {
-				d_fprintf(stderr, "Unable to lookup userinfo for group member %d\n",group_rids[i]);
+				d_fprintf(stderr, "Unable to lookup userinfo for group member %d\n",
+					rids->rids[i]);
 	           		goto done;
 	        	}
-	
-			if (user_ctr->info.id21->group_rid == group_rid) {
-				unistr2_to_ascii(temp, &(user_ctr->info.id21)->uni_user_name, 
-						sizeof(temp));
-				if (opt_verbose) 
-					d_printf("Group is primary group of %s\n",temp);
+
+			if (info->info21.primary_gid == group_rid) {
+				if (opt_verbose) {
+					d_printf("Group is primary group of %s\n",
+						info->info21.account_name.string);
+				}
 				group_is_primary = True;
                         }
 
-			rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
+			rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
 		}
                 
 		if (group_is_primary) {
@@ -1831,11 +1921,14 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid,
 		}
      
 		/* remove all group members */
-		for (i = 0; i < num_members; i++)
+		for (i = 0; i < rids->count; i++)
 		{
 			if (opt_verbose) 
-				d_printf("Remove group member %d...",group_rids[i]);
-			result = rpccli_samr_del_groupmem(pipe_hnd, mem_ctx, &group_pol, group_rids[i]);
+				d_printf("Remove group member %d...",
+					rids->rids[i]);
+			result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
+							       &group_pol,
+							       rids->rids[i]);
 
 			if (NT_STATUS_IS_OK(result)) {
 				if (opt_verbose)
@@ -1847,25 +1940,29 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid,
 			}	
 		}
 
-		result = rpccli_samr_delete_dom_group(pipe_hnd, mem_ctx, &group_pol);
+		result = rpccli_samr_DeleteDomainGroup(pipe_hnd, mem_ctx,
+						       &group_pol);
 
 		break;
 	/* removing a local group is easier... */
 	case SID_NAME_ALIAS:
-		result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
-					     MAXIMUM_ALLOWED_ACCESS,
-					     group_rids[0], &group_pol);
+		result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+					       &domain_pol,
+					       MAXIMUM_ALLOWED_ACCESS,
+					       group_rids.ids[0],
+					       &group_pol);
 
 		if (!NT_STATUS_IS_OK(result)) {
 			d_fprintf(stderr, "Request open_alias failed\n");
    			goto done;
 		}
-		
-		result = rpccli_samr_delete_dom_alias(pipe_hnd, mem_ctx, &group_pol);
+
+		result = rpccli_samr_DeleteDomAlias(pipe_hnd, mem_ctx,
+						    &group_pol);
 		break;
 	default:
 		d_fprintf(stderr, "%s is of type %s. This command is only for deleting local or global groups\n",
-			argv[0],sid_type_lookup(name_types[0]));
+			argv[0],sid_type_lookup(name_types.ids[0]));
 		result = NT_STATUS_UNSUCCESSFUL;
 		goto done;
 	}
@@ -1873,7 +1970,7 @@ static NTSTATUS rpc_group_delete_internals(const DOM_SID *domain_sid,
 	
 	if (NT_STATUS_IS_OK(result)) {
 		if (opt_verbose)
-			d_printf("Deleted %s '%s'\n",sid_type_lookup(name_types[0]),argv[0]);
+			d_printf("Deleted %s '%s'\n",sid_type_lookup(name_types.ids[0]),argv[0]);
 	} else {
 		d_fprintf(stderr, "Deleting of %s failed: %s\n",argv[0],
 			get_friendly_nt_error_msg(result));
@@ -1900,7 +1997,9 @@ static NTSTATUS rpc_group_add_internals(const DOM_SID *domain_sid,
 {
 	POLICY_HND connect_pol, domain_pol, group_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	GROUP_INFO_CTR group_info;
+	union samr_GroupInfo group_info;
+	struct lsa_String grp_name;
+	uint32_t rid = 0;
 
 	if (argc != 1) {
 		d_printf("Group name must be specified\n");
@@ -1908,34 +2007,45 @@ static NTSTATUS rpc_group_add_internals(const DOM_SID *domain_sid,
 		return NT_STATUS_OK;
 	}
 
+	init_lsa_String(&grp_name, argv[0]);
+
 	/* Get sam policy handle */
-	
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
-				  &connect_pol);
+
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 	
 	/* Get domain policy handle */
-	
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      domain_sid, &domain_pol);
+
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					CONST_DISCARD(struct dom_sid2 *, domain_sid),
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
 	/* Create the group */
 
-	result = rpccli_samr_create_dom_group(pipe_hnd, mem_ctx, &domain_pol,
-					   argv[0], MAXIMUM_ALLOWED_ACCESS,
-					   &group_pol);
+	result = rpccli_samr_CreateDomainGroup(pipe_hnd, mem_ctx,
+					       &domain_pol,
+					       &grp_name,
+					       MAXIMUM_ALLOWED_ACCESS,
+					       &group_pol,
+					       &rid);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
 	if (strlen(opt_comment) == 0) goto done;
 
 	/* We've got a comment to set */
 
-	group_info.switch_value1 = 4;
-	init_samr_group_info4(&group_info.group.info4, opt_comment);
+	init_lsa_String(&group_info.description, opt_comment);
 
-	result = rpccli_samr_set_groupinfo(pipe_hnd, mem_ctx, &group_pol, &group_info);
+	result = rpccli_samr_SetGroupInfo(pipe_hnd, mem_ctx,
+					  &group_pol,
+					  4,
+					  &group_info);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 	
  done:
@@ -1957,7 +2067,9 @@ static NTSTATUS rpc_alias_add_internals(const DOM_SID *domain_sid,
 {
 	POLICY_HND connect_pol, domain_pol, alias_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	ALIAS_INFO_CTR alias_info;
+	union samr_AliasInfo alias_info;
+	struct lsa_String alias_name;
+	uint32_t rid = 0;
 
 	if (argc != 1) {
 		d_printf("Alias name must be specified\n");
@@ -1965,33 +2077,46 @@ static NTSTATUS rpc_alias_add_internals(const DOM_SID *domain_sid,
 		return NT_STATUS_OK;
 	}
 
+	init_lsa_String(&alias_name, argv[0]);
+
 	/* Get sam policy handle */
-	
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
-				  &connect_pol);
+
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 	
 	/* Get domain policy handle */
-	
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      domain_sid, &domain_pol);
+
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					CONST_DISCARD(struct dom_sid2 *, domain_sid),
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
 	/* Create the group */
 
-	result = rpccli_samr_create_dom_alias(pipe_hnd, mem_ctx, &domain_pol,
-					   argv[0], &alias_pol);
+	result = rpccli_samr_CreateDomAlias(pipe_hnd, mem_ctx,
+					    &domain_pol,
+					    &alias_name,
+					    MAXIMUM_ALLOWED_ACCESS,
+					    &alias_pol,
+					    &rid);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 
 	if (strlen(opt_comment) == 0) goto done;
 
 	/* We've got a comment to set */
 
-	alias_info.level = 3;
-	init_samr_alias_info3(&alias_info.alias.info3, opt_comment);
+	init_lsa_String(&alias_info.description, opt_comment);
+
+	result = rpccli_samr_SetAliasInfo(pipe_hnd, mem_ctx,
+					  &alias_pol,
+					  3,
+					  &alias_info);
 
-	result = rpccli_samr_set_aliasinfo(pipe_hnd, mem_ctx, &alias_pol, &alias_info);
 	if (!NT_STATUS_IS_OK(result)) goto done;
 	
  done:
@@ -2080,9 +2205,8 @@ static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd,
 	uint32 group_rid;
 	POLICY_HND group_pol;
 
-	uint32 num_rids;
-	uint32 *rids = NULL;
-	uint32 *rid_types = NULL;
+	struct samr_Ids rids, rid_types;
+	struct lsa_String lsa_acct_name;
 
 	DOM_SID sid;
 
@@ -2092,42 +2216,56 @@ static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd,
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	/* Get sam policy handle */	
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
-				  &connect_pol);
+	/* Get sam policy handle */
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		return result;
 	}
-	
+
 	/* Get domain policy handle */
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      &sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					&sid,
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		return result;
 	}
 
-	result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
-				       1, &member,
-				       &num_rids, &rids, &rid_types);
+	init_lsa_String(&lsa_acct_name, member);
+
+	result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+					 &domain_pol,
+					 1,
+					 &lsa_acct_name,
+					 &rids,
+					 &rid_types);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		d_fprintf(stderr, "Could not lookup up group member %s\n", member);
 		goto done;
 	}
 
-	result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
-				     MAXIMUM_ALLOWED_ACCESS,
-				     group_rid, &group_pol);
+	result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
+				       &domain_pol,
+				       MAXIMUM_ALLOWED_ACCESS,
+				       group_rid,
+				       &group_pol);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
-	result = rpccli_samr_add_groupmem(pipe_hnd, mem_ctx, &group_pol, rids[0]);
+	result = rpccli_samr_AddGroupMember(pipe_hnd, mem_ctx,
+					    &group_pol,
+					    rids.ids[0],
+					    0x0005); /* unknown flags */
 
  done:
-	rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+	rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
 	return result;
 }
 
@@ -2160,37 +2298,45 @@ static NTSTATUS rpc_add_aliasmem(struct rpc_pipe_client *pipe_hnd,
 		return result;
 	}
 
-	/* Get sam policy handle */	
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
-				  &connect_pol);
+	/* Get sam policy handle */
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
-	
+
 	/* Get domain policy handle */
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      &sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					&sid,
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
-	result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
-				     MAXIMUM_ALLOWED_ACCESS,
-				     alias_rid, &alias_pol);
+	result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+				       &domain_pol,
+				       MAXIMUM_ALLOWED_ACCESS,
+				       alias_rid,
+				       &alias_pol);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		return result;
 	}
 
-	result = rpccli_samr_add_aliasmem(pipe_hnd, mem_ctx, &alias_pol, &member_sid);
+	result = rpccli_samr_AddAliasMember(pipe_hnd, mem_ctx,
+					    &alias_pol,
+					    &member_sid);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		return result;
 	}
 
  done:
-	rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+	rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
 	return result;
 }
 
@@ -2261,9 +2407,8 @@ static NTSTATUS rpc_del_groupmem(struct rpc_pipe_client *pipe_hnd,
 	uint32 group_rid;
 	POLICY_HND group_pol;
 
-	uint32 num_rids;
-	uint32 *rids = NULL;
-	uint32 *rid_types = NULL;
+	struct samr_Ids rids, rid_types;
+	struct lsa_String lsa_acct_name;
 
 	DOM_SID sid;
 
@@ -2272,39 +2417,51 @@ static NTSTATUS rpc_del_groupmem(struct rpc_pipe_client *pipe_hnd,
 	if (!sid_split_rid(&sid, &group_rid))
 		return NT_STATUS_UNSUCCESSFUL;
 
-	/* Get sam policy handle */	
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
-				  &connect_pol);
+	/* Get sam policy handle */
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 	if (!NT_STATUS_IS_OK(result))
 		return result;
-	
+
 	/* Get domain policy handle */
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      &sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					&sid,
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(result))
 		return result;
 
-	result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
-				       1, &member,
-				       &num_rids, &rids, &rid_types);
+	init_lsa_String(&lsa_acct_name, member);
 
+	result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+					 &domain_pol,
+					 1,
+					 &lsa_acct_name,
+					 &rids,
+					 &rid_types);
 	if (!NT_STATUS_IS_OK(result)) {
 		d_fprintf(stderr, "Could not lookup up group member %s\n", member);
 		goto done;
 	}
 
-	result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
-				     MAXIMUM_ALLOWED_ACCESS,
-				     group_rid, &group_pol);
+	result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
+				       &domain_pol,
+				       MAXIMUM_ALLOWED_ACCESS,
+				       group_rid,
+				       &group_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 
-	result = rpccli_samr_del_groupmem(pipe_hnd, mem_ctx, &group_pol, rids[0]);
+	result = rpccli_samr_DeleteGroupMember(pipe_hnd, mem_ctx,
+					       &group_pol,
+					       rids.ids[0]);
 
  done:
-	rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+	rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
 	return result;
 }
 
@@ -2336,35 +2493,43 @@ static NTSTATUS rpc_del_aliasmem(struct rpc_pipe_client *pipe_hnd,
 		return result;
 	}
 
-	/* Get sam policy handle */	
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
-				  &connect_pol);
+	/* Get sam policy handle */
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
-	
+
 	/* Get domain policy handle */
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      &sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					&sid,
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
-	result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
-				     MAXIMUM_ALLOWED_ACCESS,
-				     alias_rid, &alias_pol);
+	result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+				       &domain_pol,
+				       MAXIMUM_ALLOWED_ACCESS,
+				       alias_rid,
+				       &alias_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		return result;
 
-	result = rpccli_samr_del_aliasmem(pipe_hnd, mem_ctx, &alias_pol, &member_sid);
+	result = rpccli_samr_DeleteAliasMember(pipe_hnd, mem_ctx,
+					       &alias_pol,
+					       &member_sid);
 
 	if (!NT_STATUS_IS_OK(result))
 		return result;
 
  done:
-	rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+	rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
 	return result;
 }
 
@@ -2452,7 +2617,7 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid,
 	POLICY_HND connect_pol, domain_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	uint32 start_idx=0, max_entries=250, num_entries, i, loop_count = 0;
-	struct acct_info *groups;
+	struct samr_SamArray *groups = NULL;
 	bool global = False;
 	bool local = False;
 	bool builtin = False;
@@ -2475,18 +2640,22 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid,
 	}
 
 	/* Get sam policy handle */
-	
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
-				  &connect_pol);
+
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 	
 	/* Get domain policy handle */
-	
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      domain_sid, &domain_pol);
+
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					CONST_DISCARD(struct dom_sid2 *, domain_sid),
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
@@ -2496,34 +2665,38 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid,
 		d_printf("\nGroup name            Comment"\
 			 "\n-----------------------------\n");
 	do {
-		SAM_DISPINFO_CTR ctr;
-		SAM_DISPINFO_3 info3;
-		uint32 max_size;
-
-		ZERO_STRUCT(ctr);
-		ZERO_STRUCT(info3);
-		ctr.sam.info3 = &info3;
+		uint32_t max_size, total_size, returned_size;
+		union samr_DispInfo info;
 
 		if (!global) break;
 
 		get_query_dispinfo_params(
 			loop_count, &max_entries, &max_size);
 
-		result = rpccli_samr_query_dispinfo(pipe_hnd, mem_ctx, &domain_pol,
-						 &start_idx, 3, &num_entries,
-						 max_entries, max_size, &ctr);
+		result = rpccli_samr_QueryDisplayInfo(pipe_hnd, mem_ctx,
+						      &domain_pol,
+						      3,
+						      start_idx,
+						      max_entries,
+						      max_size,
+						      &total_size,
+						      &returned_size,
+						      &info);
+		num_entries = info.info3.count;
+		start_idx += info.info3.count;
 
 		if (!NT_STATUS_IS_OK(result) &&
 		    !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
 			break;
-						 
+
 		for (i = 0; i < num_entries; i++) {
 
-			fstring group, desc;
+			const char *group = NULL;
+			const char *desc = NULL;
+
+			group = info.info3.entries[i].account_name.string;
+			desc = info.info3.entries[i].description.string;
 
-			unistr2_to_ascii(group, &(&ctr.sam.info3->str[i])->uni_grp_name, sizeof(group));
-			unistr2_to_ascii(desc, &(&ctr.sam.info3->str[i])->uni_grp_desc, sizeof(desc));
-			
 			if (opt_long_list_entries)
 				printf("%-21.21s %-50.50s\n",
 				       group, desc);
@@ -2536,59 +2709,57 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid,
 	do {
 		if (!local) break;
 
-		/* The max_size field in cli_samr_enum_als_groups is more like
-		 * an account_control field with indiviual bits what to
-		 * retrieve. Set this to 0xffff as NT4 usrmgr.exe does to get
-		 * everything. I'm too lazy (sorry) to get this through to
-		 * rpc_parse/ etc.  Volker */
-
-		result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol,
-						  &start_idx, 0xffff,
-						  &groups, &num_entries);
-
+		result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
+						       &domain_pol,
+						       &start_idx,
+						       &groups,
+						       0xffff,
+						       &num_entries);
 		if (!NT_STATUS_IS_OK(result) &&
 		    !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
 			break;
-						 
+
 		for (i = 0; i < num_entries; i++) {
 
-			char *description = NULL;
+			const char *description = NULL;
 
 			if (opt_long_list_entries) {
 
 				POLICY_HND alias_pol;
-				ALIAS_INFO_CTR ctr;
-
-				if ((NT_STATUS_IS_OK(rpccli_samr_open_alias(pipe_hnd, mem_ctx,
-									 &domain_pol,
-									 0x8,
-									 groups[i].rid,
-									 &alias_pol))) &&
-				    (NT_STATUS_IS_OK(rpccli_samr_query_alias_info(pipe_hnd, mem_ctx,
-									       &alias_pol, 3,
-									       &ctr))) &&
-				    (NT_STATUS_IS_OK(rpccli_samr_close(pipe_hnd, mem_ctx,
+				union samr_AliasInfo *info = NULL;
+
+				if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+									   &domain_pol,
+									   0x8,
+									   groups->entries[i].idx,
+									   &alias_pol))) &&
+				    (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
+										&alias_pol,
+										3,
+										&info))) &&
+				    (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
 								    &alias_pol)))) {
-					description = unistr2_to_ascii_talloc(mem_ctx,
-								   ctr.alias.info3.description.string);
+					description = info->description.string;
 				}
 			}
-			
+
 			if (description != NULL) {
-				printf("%-21.21s %-50.50s\n", 
-				       groups[i].acct_name,
+				printf("%-21.21s %-50.50s\n",
+				       groups->entries[i].name.string,
 				       description);
 			} else {
-				printf("%s\n", groups[i].acct_name);
+				printf("%s\n", groups->entries[i].name.string);
 			}
 		}
 	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
-	rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
+	rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
 	/* Get builtin policy handle */
-	
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      &global_sid_Builtin, &domain_pol);
+
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					CONST_DISCARD(struct dom_sid2 *, &global_sid_Builtin),
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
@@ -2597,44 +2768,46 @@ static NTSTATUS rpc_group_list_internals(const DOM_SID *domain_sid,
 	do {
 		if (!builtin) break;
 
-		result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol,
-						  &start_idx, max_entries,
-						  &groups, &num_entries);
-						 
+		result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
+						       &domain_pol,
+						       &start_idx,
+						       &groups,
+						       max_entries,
+						       &num_entries);
 		if (!NT_STATUS_IS_OK(result) &&
 		    !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
 			break;
-						 
+
 		for (i = 0; i < num_entries; i++) {
 
-			char *description = NULL;
+			const char *description = NULL;
 
 			if (opt_long_list_entries) {
 
 				POLICY_HND alias_pol;
-				ALIAS_INFO_CTR ctr;
-
-				if ((NT_STATUS_IS_OK(rpccli_samr_open_alias(pipe_hnd, mem_ctx,
-									 &domain_pol,
-									 0x8,
-									 groups[i].rid,
-									 &alias_pol))) &&
-				    (NT_STATUS_IS_OK(rpccli_samr_query_alias_info(pipe_hnd, mem_ctx,
-									       &alias_pol, 3,
-									       &ctr))) &&
-				    (NT_STATUS_IS_OK(rpccli_samr_close(pipe_hnd, mem_ctx,
+				union samr_AliasInfo *info = NULL;
+
+				if ((NT_STATUS_IS_OK(rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+									   &domain_pol,
+									   0x8,
+									   groups->entries[i].idx,
+									   &alias_pol))) &&
+				    (NT_STATUS_IS_OK(rpccli_samr_QueryAliasInfo(pipe_hnd, mem_ctx,
+										&alias_pol,
+										3,
+										&info))) &&
+				    (NT_STATUS_IS_OK(rpccli_samr_Close(pipe_hnd, mem_ctx,
 								    &alias_pol)))) {
-					description = unistr2_to_ascii_talloc(mem_ctx,
-								   ctr.alias.info3.description.string);
+					description = info->description.string;
 				}
 			}
-			
+
 			if (description != NULL) {
-				printf("%-21.21s %-50.50s\n", 
-				       groups[i].acct_name,
+				printf("%-21.21s %-50.50s\n",
+				       groups->entries[i].name.string,
 				       description);
 			} else {
-				printf("%s\n", groups[i].acct_name);
+				printf("%s\n", groups->entries[i].name.string);
 			}
 		}
 	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
@@ -2659,38 +2832,46 @@ static NTSTATUS rpc_list_group_members(struct rpc_pipe_client *pipe_hnd,
 {
 	NTSTATUS result;
 	POLICY_HND group_pol;
-	uint32 num_members, *group_rids, *group_attrs;
-	uint32 num_names;
-	char **names;
-	uint32 *name_types;
+	uint32 num_members, *group_rids;
 	int i;
+	struct samr_RidTypeArray *rids = NULL;
+	struct lsa_Strings names;
+	struct samr_Ids types;
 
 	fstring sid_str;
 	sid_to_fstring(sid_str, domain_sid);
 
-	result = rpccli_samr_open_group(pipe_hnd, mem_ctx, domain_pol,
-				     MAXIMUM_ALLOWED_ACCESS,
-				     rid, &group_pol);
+	result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
+				       domain_pol,
+				       MAXIMUM_ALLOWED_ACCESS,
+				       rid,
+				       &group_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		return result;
 
-	result = rpccli_samr_query_groupmem(pipe_hnd, mem_ctx, &group_pol,
-					 &num_members, &group_rids,
-					 &group_attrs);
+	result = rpccli_samr_QueryGroupMember(pipe_hnd, mem_ctx,
+					      &group_pol,
+					      &rids);
 
 	if (!NT_STATUS_IS_OK(result))
 		return result;
 
+	num_members = rids->count;
+	group_rids = rids->rids;
+
 	while (num_members > 0) {
 		int this_time = 512;
 
 		if (num_members < this_time)
 			this_time = num_members;
 
-		result = rpccli_samr_lookup_rids(pipe_hnd, mem_ctx, domain_pol,
-					      this_time, group_rids,
-					      &num_names, &names, &name_types);
+		result = rpccli_samr_LookupRids(pipe_hnd, mem_ctx,
+						domain_pol,
+						this_time,
+						group_rids,
+						&names,
+						&types);
 
 		if (!NT_STATUS_IS_OK(result))
 			return result;
@@ -2702,10 +2883,12 @@ static NTSTATUS rpc_list_group_members(struct rpc_pipe_client *pipe_hnd,
 
 			if (opt_long_list_entries) {
 				printf("%s-%d %s\\%s %d\n", sid_str,
-				       group_rids[i], domain_name, names[i],
+				       group_rids[i], domain_name,
+				       names.names[i].string,
 				       SID_NAME_USER);
 			} else {
-				printf("%s\\%s\n", domain_name, names[i]);
+				printf("%s\\%s\n", domain_name,
+					names.names[i].string);
 			}
 		}
 
@@ -2730,21 +2913,28 @@ static NTSTATUS rpc_list_alias_members(struct rpc_pipe_client *pipe_hnd,
 	char **names;
 	enum lsa_SidType *types;
 	int i;
+	struct lsa_SidArray sid_array;
 
-	result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, domain_pol,
-				     MAXIMUM_ALLOWED_ACCESS, rid, &alias_pol);
+	result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+				       domain_pol,
+				       MAXIMUM_ALLOWED_ACCESS,
+				       rid,
+				       &alias_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		return result;
 
-	result = rpccli_samr_query_aliasmem(pipe_hnd, mem_ctx, &alias_pol,
-					 &num_members, &alias_sids);
+	result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx,
+					       &alias_pol,
+					       &sid_array);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		d_fprintf(stderr, "Couldn't list alias members\n");
 		return result;
 	}
 
+	num_members = sid_array.num_sids;
+
 	if (num_members == 0) {
 		return NT_STATUS_OK;
 	}
@@ -2765,6 +2955,17 @@ static NTSTATUS rpc_list_alias_members(struct rpc_pipe_client *pipe_hnd,
 		return result;
 	}
 
+	alias_sids = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_members);
+	if (!alias_sids) {
+		d_fprintf(stderr, "Out of memory\n");
+		cli_rpc_pipe_close(lsa_pipe);
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0; i<num_members; i++) {
+		sid_copy(&alias_sids[i], sid_array.sids[i].sid);
+	}
+
 	result = rpccli_lsa_lookup_sids(lsa_pipe, mem_ctx, &lsa_pol, num_members,
 				     alias_sids, 
 				     &domains, &names, &types);
@@ -2806,27 +3007,38 @@ static NTSTATUS rpc_group_members_internals(const DOM_SID *domain_sid,
 {
 	NTSTATUS result;
 	POLICY_HND connect_pol, domain_pol;
-	uint32 num_rids, *rids, *rid_types;
+	struct samr_Ids rids, rid_types;
+	struct lsa_String lsa_acct_name;
 
 	/* Get sam policy handle */
-	
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
-				  &connect_pol);
+
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		return result;
 	
 	/* Get domain policy handle */
-	
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      domain_sid, &domain_pol);
+
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					CONST_DISCARD(struct dom_sid2 *, domain_sid),
+					&domain_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		return result;
 
-	result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
-				       1, argv, &num_rids, &rids, &rid_types);
+	init_lsa_String(&lsa_acct_name, argv[0]); /* sure? */
+
+	result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+					 &domain_pol,
+					 1,
+					 &lsa_acct_name,
+					 &rids,
+					 &rid_types);
 
 	if (!NT_STATUS_IS_OK(result)) {
 
@@ -2834,22 +3046,27 @@ static NTSTATUS rpc_group_members_internals(const DOM_SID *domain_sid,
 
 		DOM_SID sid_Builtin;
 
-		rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
+		rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
 
 		string_to_sid(&sid_Builtin, "S-1-5-32");		
 
-		result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-					      MAXIMUM_ALLOWED_ACCESS,
-					      &sid_Builtin, &domain_pol);
+		result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+						&connect_pol,
+						MAXIMUM_ALLOWED_ACCESS,
+						&sid_Builtin,
+						&domain_pol);
 
 		if (!NT_STATUS_IS_OK(result)) {
 			d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
 			return result;
 		}
 
-		result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
-					       1, argv, &num_rids,
-					       &rids, &rid_types);
+		result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+						 &domain_pol,
+						 1,
+						 &lsa_acct_name,
+						 &rids,
+						 &rid_types);
 
 		if (!NT_STATUS_IS_OK(result)) {
 			d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
@@ -2857,20 +3074,20 @@ static NTSTATUS rpc_group_members_internals(const DOM_SID *domain_sid,
 		}
 	}
 
-	if (num_rids != 1) {
+	if (rids.count != 1) {
 		d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
 		return result;
 	}
 
-	if (rid_types[0] == SID_NAME_DOM_GRP) {
+	if (rid_types.ids[0] == SID_NAME_DOM_GRP) {
 		return rpc_list_group_members(pipe_hnd, mem_ctx, domain_name,
 					      domain_sid, &domain_pol,
-					      rids[0]);
+					      rids.ids[0]);
 	}
 
-	if (rid_types[0] == SID_NAME_ALIAS) {
+	if (rid_types.ids[0] == SID_NAME_ALIAS) {
 		return rpc_list_alias_members(pipe_hnd, mem_ctx, &domain_pol,
-					      rids[0]);
+					      rids.ids[0]);
 	}
 
 	return NT_STATUS_NO_SUCH_GROUP;
@@ -2897,8 +3114,9 @@ static NTSTATUS rpc_group_rename_internals(const DOM_SID *domain_sid,
 {
 	NTSTATUS result;
 	POLICY_HND connect_pol, domain_pol, group_pol;
-	uint32 num_rids, *rids, *rid_types;
-	GROUP_INFO_CTR ctr;
+	union samr_GroupInfo group_info;
+	struct samr_Ids rids, rid_types;
+	struct lsa_String lsa_acct_name;
 
 	if (argc != 2) {
 		d_printf("Usage: 'net rpc group rename group newname'\n");
@@ -2906,48 +3124,60 @@ static NTSTATUS rpc_group_rename_internals(const DOM_SID *domain_sid,
 	}
 
 	/* Get sam policy handle */
-	
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
-				  &connect_pol);
+
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		return result;
 	
 	/* Get domain policy handle */
-	
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      domain_sid, &domain_pol);
+
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					CONST_DISCARD(struct dom_sid2 *, domain_sid),
+					&domain_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		return result;
 
-	result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, 1000,
-				       1, argv, &num_rids, &rids, &rid_types);
+	init_lsa_String(&lsa_acct_name, argv[0]);
 
-	if (num_rids != 1) {
+	result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+					 &domain_pol,
+					 1,
+					 &lsa_acct_name,
+					 &rids,
+					 &rid_types);
+
+	if (rids.count != 1) {
 		d_fprintf(stderr, "Couldn't find group %s\n", argv[0]);
 		return result;
 	}
 
-	if (rid_types[0] != SID_NAME_DOM_GRP) {
+	if (rid_types.ids[0] != SID_NAME_DOM_GRP) {
 		d_fprintf(stderr, "Can only rename domain groups\n");
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	result = rpccli_samr_open_group(pipe_hnd, mem_ctx, &domain_pol,
-				     MAXIMUM_ALLOWED_ACCESS,
-				     rids[0], &group_pol);
+	result = rpccli_samr_OpenGroup(pipe_hnd, mem_ctx,
+				       &domain_pol,
+				       MAXIMUM_ALLOWED_ACCESS,
+				       rids.ids[0],
+				       &group_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		return result;
 
-	ZERO_STRUCT(ctr);
+	init_lsa_String(&group_info.name, argv[1]);
 
-	ctr.switch_value1 = 2;
-	init_samr_group_info2(&ctr.group.info2, argv[1]);
-
-	result = rpccli_samr_set_groupinfo(pipe_hnd, mem_ctx, &group_pol, &ctr);
+	result = rpccli_samr_SetGroupInfo(pipe_hnd, mem_ctx,
+					  &group_pol,
+					  2,
+					  &group_info);
 
 	if (!NT_STATUS_IS_OK(result))
 		return result;
@@ -3370,14 +3600,14 @@ static bool check_share_sanity(struct cli_state *cli, fstring netname, uint32 ty
 }
 
 /** 
- * Migrate shares from a remote RPC server to the local RPC srever
+ * Migrate shares from a remote RPC server to the local RPC server
  *
  * All parameters are provided by the run_rpc_command function, except for
- * argc, argv which are passes through. 
+ * argc, argv which are passed through. 
  *
  * @param domain_sid The domain sid acquired from the remote server
  * @param cli A cli_state connected to the server.
- * @param mem_ctx Talloc context, destoyed on completion of the function.
+ * @param mem_ctx Talloc context, destroyed on completion of the function.
  * @param argc  Standard main() style argc
  * @param argv  Standard main() style argv.  Initial components are already
  *              stripped
@@ -4000,15 +4230,17 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd,
 					const DOM_SID *domain_sid)
 {
 	uint32 start_idx, max_entries, num_entries, i;
-	struct acct_info *groups;
+	struct samr_SamArray *groups = NULL;
 	NTSTATUS result;
 	POLICY_HND domain_pol;
 
 	/* Get domain policy handle */
-	
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      domain_sid, &domain_pol);
+
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					CONST_DISCARD(struct dom_sid2 *, domain_sid),
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(result))
 		return result;
 
@@ -4016,32 +4248,36 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd,
 	max_entries = 250;
 
 	do {
-		result = rpccli_samr_enum_als_groups(pipe_hnd, mem_ctx, &domain_pol,
-						  &start_idx, max_entries,
-						  &groups, &num_entries);
-
+		result = rpccli_samr_EnumDomainAliases(pipe_hnd, mem_ctx,
+						       &domain_pol,
+						       &start_idx,
+						       &groups,
+						       max_entries,
+						       &num_entries);
 		for (i = 0; i < num_entries; i++) {
 
 			POLICY_HND alias_pol;
 			struct full_alias alias;
-			DOM_SID *members;
+			struct lsa_SidArray sid_array;
 			int j;
 
-			result = rpccli_samr_open_alias(pipe_hnd, mem_ctx, &domain_pol,
-						     MAXIMUM_ALLOWED_ACCESS,
-						     groups[i].rid,
-						     &alias_pol);
+			result = rpccli_samr_OpenAlias(pipe_hnd, mem_ctx,
+						       &domain_pol,
+						       MAXIMUM_ALLOWED_ACCESS,
+						       groups->entries[i].idx,
+						       &alias_pol);
 			if (!NT_STATUS_IS_OK(result))
 				goto done;
 
-			result = rpccli_samr_query_aliasmem(pipe_hnd, mem_ctx,
-							 &alias_pol,
-							 &alias.num_members,
-							 &members);
+			result = rpccli_samr_GetMembersInAlias(pipe_hnd, mem_ctx,
+							       &alias_pol,
+							       &sid_array);
 			if (!NT_STATUS_IS_OK(result))
 				goto done;
 
-			result = rpccli_samr_close(pipe_hnd, mem_ctx, &alias_pol);
+			alias.num_members = sid_array.num_sids;
+
+			result = rpccli_samr_Close(pipe_hnd, mem_ctx, &alias_pol);
 			if (!NT_STATUS_IS_OK(result))
 				goto done;
 
@@ -4052,11 +4288,11 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd,
 
 				for (j = 0; j < alias.num_members; j++)
 					sid_copy(&alias.members[j],
-						 &members[j]);
+						 sid_array.sids[j].sid);
 			}
 
 			sid_copy(&alias.sid, domain_sid);
-			sid_append_rid(&alias.sid, groups[i].rid);
+			sid_append_rid(&alias.sid, groups->entries[i].idx);
 
 			push_alias(mem_ctx, &alias);
 		}
@@ -4065,7 +4301,7 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd,
 	result = NT_STATUS_OK;
 
  done:
-	rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
+	rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
 
 	return result;
 }
@@ -4150,8 +4386,10 @@ static NTSTATUS rpc_aliaslist_internals(const DOM_SID *domain_sid,
 	NTSTATUS result;
 	POLICY_HND connect_pol;
 
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
-				  &connect_pol);
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
@@ -4165,7 +4403,7 @@ static NTSTATUS rpc_aliaslist_internals(const DOM_SID *domain_sid,
 	result = rpc_fetch_domain_aliases(pipe_hnd, mem_ctx, &connect_pol,
 					  domain_sid);
 
-	rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+	rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
  done:
 	return result;
 }
@@ -5340,8 +5578,12 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
 	POLICY_HND connect_pol, domain_pol, user_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	char *acct_name;
+	struct lsa_String lsa_acct_name;
 	uint32 acb_info;
-	uint32 unknown, user_rid;
+	uint32 acct_flags=0;
+	uint32 user_rid;
+	uint32_t access_granted = 0;
+	union samr_UserInfo info;
 
 	if (argc != 2) {
 		d_printf("Usage: net rpc trustdom add <domain_name> <pw>\n");
@@ -5351,71 +5593,90 @@ static NTSTATUS rpc_trustdom_add_internals(const DOM_SID *domain_sid,
 	/* 
 	 * Make valid trusting domain account (ie. uppercased and with '$' appended)
 	 */
-	 
+
 	if (asprintf(&acct_name, "%s$", argv[0]) < 0) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
 	strupper_m(acct_name);
 
+	init_lsa_String(&lsa_acct_name, acct_name);
+
 	/* Get samr policy handle */
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
-				  &connect_pol);
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
-	
+
 	/* Get domain policy handle */
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					CONST_DISCARD(struct dom_sid2 *, domain_sid),
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
 	/* Create trusting domain's account */
-	acb_info = ACB_NORMAL; 
-	unknown = 0xe00500b0; /* No idea what this is - a permission mask?
-	                         mimir: yes, most probably it is */
-
-	result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
-					  acct_name, acb_info, unknown,
-					  &user_pol, &user_rid);
+	acb_info = ACB_NORMAL;
+	acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+		     SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+		     SAMR_USER_ACCESS_SET_PASSWORD |
+		     SAMR_USER_ACCESS_GET_ATTRIBUTES |
+		     SAMR_USER_ACCESS_SET_ATTRIBUTES;
+
+	result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
+					 &domain_pol,
+					 &lsa_acct_name,
+					 acb_info,
+					 acct_flags,
+					 &user_pol,
+					 &access_granted,
+					 &user_rid);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
 	{
-		SAM_USERINFO_CTR ctr;
-		SAM_USER_INFO_23 p23;
 		NTTIME notime;
-		char nostr[] = "";
-		LOGON_HRS hrs;
+		struct samr_LogonHours hours;
+		const int units_per_week = 168;
 		uchar pwbuf[516];
 
 		encode_pw_buffer(pwbuf, argv[1], STR_UNICODE);
 
-		ZERO_STRUCT(ctr);
-		ZERO_STRUCT(p23);
 		ZERO_STRUCT(notime);
-		hrs.max_len = 1260;
-		hrs.offset = 0;
-		hrs.len = 21;
-		memset(hrs.hours, 0xFF, sizeof(hrs.hours));
-		acb_info = ACB_DOMTRUST;
-
-		init_sam_user_info23A(&p23, &notime, &notime, &notime,
-				      &notime, &notime, &notime,
-				      nostr, nostr, nostr, nostr, nostr,
-				      nostr, nostr, nostr, nostr, nostr,
-				      0, 0, acb_info, ACCT_FLAGS, 168, &hrs, 
-				      0, 0, (char *)pwbuf);
-		ctr.switch_value = 23;
-		ctr.info.id23 = &p23;
-		p23.passmustchange = 0;
-
-		result = rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 23,
-					       &cli->user_session_key, &ctr);
+
+		ZERO_STRUCT(hours);
+		hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week);
+		if (!hours.bits) {
+			result = NT_STATUS_NO_MEMORY;
+			goto done;
+		}
+		hours.units_per_week = units_per_week;
+		memset(hours.bits, 0xFF, units_per_week);
+
+		init_samr_user_info23(&info.info23,
+				      notime, notime, notime,
+				      notime, notime, notime,
+				      NULL, NULL, NULL, NULL, NULL,
+				      NULL, NULL, NULL, NULL, NULL,
+				      0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS,
+				      hours,
+				      0, 0, 0, 0, 0, 0, 0,
+				      pwbuf, 24);
+
+		SamOEMhashBlob(info.info23.password.data, 516,
+			       &cli->user_session_key);
+
+		result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
+						  &user_pol,
+						  23,
+						  &info);
 
 		if (!NT_STATUS_IS_OK(result)) {
 			DEBUG(0,("Could not set trust account password: %s\n",
@@ -5476,10 +5737,9 @@ static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid,
 	POLICY_HND connect_pol, domain_pol, user_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	char *acct_name;
-	const char **names;
 	DOM_SID trust_acct_sid;
-	uint32 *user_rids, num_rids, *name_types;
-	uint32 flags = 0x000003e8; /* Unknown */
+	struct samr_Ids user_rids, name_types;
+	struct lsa_String lsa_acct_name;
 
 	if (argc != 1) {
 		d_printf("Usage: net rpc trustdom del <domain_name>\n");
@@ -5496,38 +5756,43 @@ static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid,
 
 	strupper_m(acct_name);
 
-	if ((names = TALLOC_ARRAY(mem_ctx, const char *, 1)) == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-	names[0] = acct_name;
-
-
 	/* Get samr policy handle */
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx, MAXIMUM_ALLOWED_ACCESS,
-				  &connect_pol);
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
-	
+
 	/* Get domain policy handle */
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-				      MAXIMUM_ALLOWED_ACCESS,
-				      domain_sid, &domain_pol);
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					CONST_DISCARD(struct dom_sid2 *, domain_sid),
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
-	result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol, flags, 1,
-				       names, &num_rids,
-				       &user_rids, &name_types);
-	
+	init_lsa_String(&lsa_acct_name, acct_name);
+
+	result = rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+					 &domain_pol,
+					 1,
+					 &lsa_acct_name,
+					 &user_rids,
+					 &name_types);
+
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
-	result = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
-				    MAXIMUM_ALLOWED_ACCESS,
-				    user_rids[0], &user_pol);
+	result = rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+				      &domain_pol,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      user_rids.ids[0],
+				      &user_pol);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
@@ -5535,22 +5800,23 @@ static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid,
 
 	/* append the rid to the domain sid */
 	sid_copy(&trust_acct_sid, domain_sid);
-	if (!sid_append_rid(&trust_acct_sid, user_rids[0])) {
+	if (!sid_append_rid(&trust_acct_sid, user_rids.ids[0])) {
 		goto done;
 	}
 
 	/* remove the sid */
 
-	result = rpccli_samr_remove_sid_foreign_domain(pipe_hnd, mem_ctx, &user_pol,
-						    &trust_acct_sid);
-
+	result = rpccli_samr_RemoveMemberFromForeignDomain(pipe_hnd, mem_ctx,
+							   &user_pol,
+							   &trust_acct_sid);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
 	/* Delete user */
 
-	result = rpccli_samr_delete_dom_user(pipe_hnd, mem_ctx, &user_pol);
+	result = rpccli_samr_DeleteUser(pipe_hnd, mem_ctx,
+					&user_pol);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
@@ -5608,10 +5874,10 @@ static int rpc_trustdom_establish(int argc, const char **argv)
 	DOM_SID *domain_sid;
 
 	char* domain_name;
-	const char* domain_name_pol;
 	char* acct_name;
 	fstring pdc_name;
 	char *dc_name;
+	union lsa_PolicyInformation *info = NULL;
 
 	/*
 	 * Connect to \\server\ipc$ as 'our domain' account with password
@@ -5713,10 +5979,11 @@ static int rpc_trustdom_establish(int argc, const char **argv)
 	}
 
 	/* Querying info level 5 */
-	
-	nt_status = rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx, &connect_hnd,
-	                                      5 /* info level */,
-					      &domain_name_pol, &domain_sid);
+
+	nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
+					       &connect_hnd,
+					       LSA_POLICY_INFO_ACCOUNT_DOMAIN,
+					       &info);
 	if (NT_STATUS_IS_ERR(nt_status)) {
 		DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
 			nt_errstr(nt_status)));
@@ -5725,6 +5992,8 @@ static int rpc_trustdom_establish(int argc, const char **argv)
 		return -1;
 	}
 
+	domain_sid = info->account_domain.sid;
+
 	/* There should be actually query info level 3 (following nt serv behaviour),
 	   but I still don't know if it's _really_ necessary */
 			
@@ -5911,14 +6180,13 @@ static int rpc_trustdom_vampire(int argc, const char **argv)
 	const char *domain_name = NULL;
 	DOM_SID *queried_dom_sid;
 	POLICY_HND connect_hnd;
+	union lsa_PolicyInformation *info = NULL;
 
 	/* trusted domains listing variables */
-	unsigned int num_domains, enum_ctx = 0;
+	unsigned int enum_ctx = 0;
 	int i;
-	DOM_SID *domain_sids;
-	char **trusted_dom_names;
+	struct lsa_DomainList dom_list;
 	fstring pdc_name;
-	const char *dummy;
 
 	/*
 	 * Listing trusted domains (stored in secrets.tdb, if local)
@@ -5969,9 +6237,10 @@ static int rpc_trustdom_vampire(int argc, const char **argv)
 	};
 
 	/* query info level 5 to obtain sid of a domain being queried */
-	nt_status = rpccli_lsa_query_info_policy(
-		pipe_hnd, mem_ctx, &connect_hnd, 5 /* info level */, 
-		&dummy, &queried_dom_sid);
+	nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
+					       &connect_hnd,
+					       LSA_POLICY_INFO_ACCOUNT_DOMAIN,
+					       &info);
 
 	if (NT_STATUS_IS_ERR(nt_status)) {
 		DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
@@ -5981,6 +6250,8 @@ static int rpc_trustdom_vampire(int argc, const char **argv)
 		return -1;
 	}
 
+	queried_dom_sid = info->account_domain.sid;
+
 	/*
 	 * Keep calling LsaEnumTrustdom over opened pipe until
 	 * the end of enumeration is reached
@@ -5989,10 +6260,11 @@ static int rpc_trustdom_vampire(int argc, const char **argv)
 	d_printf("Vampire trusted domains:\n\n");
 
 	do {
-		nt_status = rpccli_lsa_enum_trust_dom(pipe_hnd, mem_ctx, &connect_hnd, &enum_ctx,
-						   &num_domains,
-						   &trusted_dom_names, &domain_sids);
-		
+		nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx,
+						    &connect_hnd,
+						    &enum_ctx,
+						    &dom_list,
+						    (uint32_t)-1);
 		if (NT_STATUS_IS_ERR(nt_status)) {
 			DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
 				nt_errstr(nt_status)));
@@ -6000,13 +6272,15 @@ static int rpc_trustdom_vampire(int argc, const char **argv)
 			talloc_destroy(mem_ctx);
 			return -1;
 		};
-		
-		for (i = 0; i < num_domains; i++) {
 
-			print_trusted_domain(&(domain_sids[i]), trusted_dom_names[i]);
+		for (i = 0; i < dom_list.count; i++) {
+
+			print_trusted_domain(dom_list.domains[i].sid,
+					     dom_list.domains[i].name.string);
 
 			nt_status = vampire_trusted_domain(pipe_hnd, mem_ctx, &connect_hnd, 
-							   domain_sids[i], trusted_dom_names[i]);
+							   *dom_list.domains[i].sid,
+							   dom_list.domains[i].name.string);
 			if (!NT_STATUS_IS_OK(nt_status)) {
 				cli_shutdown(cli);
 				talloc_destroy(mem_ctx);
@@ -6018,7 +6292,7 @@ static int rpc_trustdom_vampire(int argc, const char **argv)
 		 * in case of no trusted domains say something rather
 		 * than just display blank line
 		 */
-		if (!num_domains) d_printf("none\n");
+		if (!dom_list.count) d_printf("none\n");
 
 	} while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
 
@@ -6051,20 +6325,18 @@ static int rpc_trustdom_list(int argc, const char **argv)
 	fstring padding;
 	int ascii_dom_name_len;
 	POLICY_HND connect_hnd;
-	
+	union lsa_PolicyInformation *info = NULL;
+
 	/* trusted domains listing variables */
 	unsigned int num_domains, enum_ctx = 0;
 	int i, pad_len, col_len = 20;
-	DOM_SID *domain_sids;
-	char **trusted_dom_names;
+	struct lsa_DomainList dom_list;
 	fstring pdc_name;
-	const char *dummy;
-	
+
 	/* trusting domains listing variables */
 	POLICY_HND domain_hnd;
-	char **trusting_dom_names;
-	uint32 *trusting_dom_rids;
-	
+	struct samr_SamArray *trusts = NULL;
+
 	/*
 	 * Listing trusted domains (stored in secrets.tdb, if local)
 	 */
@@ -6114,9 +6386,10 @@ static int rpc_trustdom_list(int argc, const char **argv)
 	};
 	
 	/* query info level 5 to obtain sid of a domain being queried */
-	nt_status = rpccli_lsa_query_info_policy(
-		pipe_hnd, mem_ctx, &connect_hnd, 5 /* info level */, 
-		&dummy, &queried_dom_sid);
+	nt_status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
+					       &connect_hnd,
+					       LSA_POLICY_INFO_ACCOUNT_DOMAIN,
+					       &info);
 
 	if (NT_STATUS_IS_ERR(nt_status)) {
 		DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
@@ -6125,7 +6398,9 @@ static int rpc_trustdom_list(int argc, const char **argv)
 		talloc_destroy(mem_ctx);
 		return -1;
 	}
-		
+
+	queried_dom_sid = info->account_domain.sid;
+
 	/*
 	 * Keep calling LsaEnumTrustdom over opened pipe until
 	 * the end of enumeration is reached
@@ -6134,10 +6409,11 @@ static int rpc_trustdom_list(int argc, const char **argv)
 	d_printf("Trusted domains list:\n\n");
 
 	do {
-		nt_status = rpccli_lsa_enum_trust_dom(pipe_hnd, mem_ctx, &connect_hnd, &enum_ctx,
-						   &num_domains,
-						   &trusted_dom_names, &domain_sids);
-		
+		nt_status = rpccli_lsa_EnumTrustDom(pipe_hnd, mem_ctx,
+						    &connect_hnd,
+						    &enum_ctx,
+						    &dom_list,
+						    (uint32_t)-1);
 		if (NT_STATUS_IS_ERR(nt_status)) {
 			DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
 				nt_errstr(nt_status)));
@@ -6145,16 +6421,17 @@ static int rpc_trustdom_list(int argc, const char **argv)
 			talloc_destroy(mem_ctx);
 			return -1;
 		};
-		
-		for (i = 0; i < num_domains; i++) {
-			print_trusted_domain(&(domain_sids[i]), trusted_dom_names[i]);
+
+		for (i = 0; i < dom_list.count; i++) {
+			print_trusted_domain(dom_list.domains[i].sid,
+					     dom_list.domains[i].name.string);
 		};
-		
+
 		/*
 		 * in case of no trusted domains say something rather
 		 * than just display blank line
 		 */
-		if (!num_domains) d_printf("none\n");
+		if (!dom_list.count) d_printf("none\n");
 
 	} while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
 
@@ -6186,10 +6463,12 @@ static int rpc_trustdom_list(int argc, const char **argv)
 		talloc_destroy(mem_ctx);
 		return -1;
 	};
-	
-	/* SamrConnect */
-	nt_status = rpccli_samr_connect(pipe_hnd, mem_ctx, SA_RIGHT_SAM_OPEN_DOMAIN,
-								 &connect_hnd);
+
+	/* SamrConnect2 */
+	nt_status = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+					 pipe_hnd->cli->desthost,
+					 SA_RIGHT_SAM_OPEN_DOMAIN,
+					 &connect_hnd);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
 			nt_errstr(nt_status)));
@@ -6197,12 +6476,14 @@ static int rpc_trustdom_list(int argc, const char **argv)
 		talloc_destroy(mem_ctx);
 		return -1;
 	};
-	
+
 	/* SamrOpenDomain - we have to open domain policy handle in order to be
 	   able to enumerate accounts*/
-	nt_status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_hnd,
-					 SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
-					 queried_dom_sid, &domain_hnd);									 
+	nt_status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					   &connect_hnd,
+					   SA_RIGHT_DOMAIN_ENUM_ACCOUNTS,
+					   queried_dom_sid,
+					   &domain_hnd);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(0, ("Couldn't open domain object. Error was %s\n",
 			nt_errstr(nt_status)));
@@ -6217,11 +6498,14 @@ static int rpc_trustdom_list(int argc, const char **argv)
 	 
 	enum_ctx = 0;	/* reset enumeration context from last enumeration */
 	do {
-			
-		nt_status = rpccli_samr_enum_dom_users(pipe_hnd, mem_ctx, &domain_hnd,
-		                                    &enum_ctx, ACB_DOMTRUST, 0xffff,
-		                                    &trusting_dom_names, &trusting_dom_rids,
-		                                    &num_domains);
+
+		nt_status = rpccli_samr_EnumDomainUsers(pipe_hnd, mem_ctx,
+							&domain_hnd,
+							&enum_ctx,
+							ACB_DOMTRUST,
+							&trusts,
+							0xffff,
+							&num_domains);
 		if (NT_STATUS_IS_ERR(nt_status)) {
 			DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n",
 				nt_errstr(nt_status)));
@@ -6229,9 +6513,11 @@ static int rpc_trustdom_list(int argc, const char **argv)
 			talloc_destroy(mem_ctx);
 			return -1;
 		};
-		
+
 		for (i = 0; i < num_domains; i++) {
 
+			char *str = CONST_DISCARD(char *, trusts->entries[i].name.string);
+
 			/*
 			 * get each single domain's sid (do we _really_ need this ?):
 			 *  1) connect to domain's pdc
@@ -6239,22 +6525,22 @@ static int rpc_trustdom_list(int argc, const char **argv)
 			 */
 
 			/* get rid of '$' tail */
-			ascii_dom_name_len = strlen(trusting_dom_names[i]);
+			ascii_dom_name_len = strlen(str);
 			if (ascii_dom_name_len && ascii_dom_name_len < FSTRING_LEN)
-				trusting_dom_names[i][ascii_dom_name_len - 1] = '\0';
-			
+				str[ascii_dom_name_len - 1] = '\0';
+
 			/* calculate padding space for d_printf to look nicer */
-			pad_len = col_len - strlen(trusting_dom_names[i]);
+			pad_len = col_len - strlen(str);
 			padding[pad_len] = 0;
 			do padding[--pad_len] = ' '; while (pad_len);
 
 			/* set opt_* variables to remote domain */
-			strupper_m(trusting_dom_names[i]);
-			opt_workgroup = talloc_strdup(mem_ctx, trusting_dom_names[i]);
+			strupper_m(str);
+			opt_workgroup = talloc_strdup(mem_ctx, str);
 			opt_target_workgroup = opt_workgroup;
-			
-			d_printf("%s%s", trusting_dom_names[i], padding);
-			
+
+			d_printf("%s%s", str, padding);
+
 			/* connect to remote domain controller */
 			nt_status = net_make_ipc_connection(
 					NET_FLAGS_PDC | NET_FLAGS_ANONYMOUS,
@@ -6278,12 +6564,12 @@ static int rpc_trustdom_list(int argc, const char **argv)
 	} while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
 
 	/* close opened samr and domain policy handles */
-	nt_status = rpccli_samr_close(pipe_hnd, mem_ctx, &domain_hnd);
+	nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_hnd);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(0, ("Couldn't properly close domain policy handle for domain %s\n", domain_name));
 	};
 	
-	nt_status = rpccli_samr_close(pipe_hnd, mem_ctx, &connect_hnd);
+	nt_status = rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_hnd);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(0, ("Couldn't properly close samr policy handle for domain %s\n", domain_name));
 	};
diff --git a/source3/utils/net_rpc_audit.c b/source3/utils/net_rpc_audit.c
index 50bd555f16..a846395bb8 100644
--- a/source3/utils/net_rpc_audit.c
+++ b/source3/utils/net_rpc_audit.c
@@ -1,7 +1,7 @@
 /*
    Samba Unix/Linux SMB client library
    Distributed SMB/CIFS Server Management Utility
-   Copyright (C) 2006 Guenther Deschner
+   Copyright (C) 2006,2008 Guenther Deschner
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -71,7 +71,7 @@ static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid,
 {
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	union lsa_PolicyInformation info;
+	union lsa_PolicyInformation *info = NULL;
 	int i;
 	uint32_t audit_category;
 
@@ -103,7 +103,7 @@ static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid,
 		goto done;
 	}
 
-	for (i=0; i < info.audit_events.count; i++) {
+	for (i=0; i < info->audit_events.count; i++) {
 
 		const char *val = NULL, *policy = NULL;
 
@@ -111,7 +111,7 @@ static NTSTATUS rpc_audit_get_internal(const DOM_SID *domain_sid,
 			continue;
 		}
 
-		val = audit_policy_str(mem_ctx, info.audit_events.settings[i]);
+		val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
 		policy = audit_description_str(i);
 		print_auditing_category(policy, val);
 	}
@@ -138,7 +138,7 @@ static NTSTATUS rpc_audit_set_internal(const DOM_SID *domain_sid,
 {
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	union lsa_PolicyInformation info;
+	union lsa_PolicyInformation *info = NULL;
 	uint32_t audit_policy, audit_category;
 
 	if (argc < 2 || argc > 3) {
@@ -184,12 +184,12 @@ static NTSTATUS rpc_audit_set_internal(const DOM_SID *domain_sid,
 		goto done;
 	}
 
-	info.audit_events.settings[audit_category] = audit_policy;
+	info->audit_events.settings[audit_category] = audit_policy;
 
 	result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
 					  &pol,
 					  LSA_POLICY_INFO_AUDIT_EVENTS,
-					  &info);
+					  info);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
@@ -200,7 +200,7 @@ static NTSTATUS rpc_audit_set_internal(const DOM_SID *domain_sid,
 					    LSA_POLICY_INFO_AUDIT_EVENTS,
 					    &info);
 	{
-		const char *val = audit_policy_str(mem_ctx, info.audit_events.settings[audit_category]);
+		const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[audit_category]);
 		const char *policy = audit_description_str(audit_category);
 		print_auditing_category(policy, val);
 	}
@@ -224,7 +224,7 @@ static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
 {
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	union lsa_PolicyInformation info;
+	union lsa_PolicyInformation *info = NULL;
 
 	result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
 					SEC_RIGHTS_MAXIMUM_ALLOWED,
@@ -242,12 +242,12 @@ static NTSTATUS rpc_audit_enable_internal_ext(struct rpc_pipe_client *pipe_hnd,
 		goto done;
 	}
 
-	info.audit_events.auditing_mode = enable;
+	info->audit_events.auditing_mode = enable;
 
 	result = rpccli_lsa_SetInfoPolicy(pipe_hnd, mem_ctx,
 					  &pol,
 					  LSA_POLICY_INFO_AUDIT_EVENTS,
-					  &info);
+					  info);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
@@ -305,7 +305,7 @@ static NTSTATUS rpc_audit_list_internal(const DOM_SID *domain_sid,
 {
 	POLICY_HND pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	union lsa_PolicyInformation info;
+	union lsa_PolicyInformation *info = NULL;
 	int i;
 
 	result = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true,
@@ -325,7 +325,7 @@ static NTSTATUS rpc_audit_list_internal(const DOM_SID *domain_sid,
 	}
 
 	printf("Auditing:\t\t");
-	switch (info.audit_events.auditing_mode) {
+	switch (info->audit_events.auditing_mode) {
 		case true:
 			printf("Enabled");
 			break;
@@ -333,16 +333,16 @@ static NTSTATUS rpc_audit_list_internal(const DOM_SID *domain_sid,
 			printf("Disabled");
 			break;
 		default:
-			printf("unknown (%d)", info.audit_events.auditing_mode);
+			printf("unknown (%d)", info->audit_events.auditing_mode);
 			break;
 	}
 	printf("\n");
 
-	printf("Auditing categories:\t%d\n", info.audit_events.count);
+	printf("Auditing categories:\t%d\n", info->audit_events.count);
 	printf("Auditing settings:\n");
 
-	for (i=0; i < info.audit_events.count; i++) {
-		const char *val = audit_policy_str(mem_ctx, info.audit_events.settings[i]);
+	for (i=0; i < info->audit_events.count; i++) {
+		const char *val = audit_policy_str(mem_ctx, info->audit_events.settings[i]);
 		const char *policy = audit_description_str(i);
 		print_auditing_category(policy, val);
 	}
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index 6e37f3c84c..8259ec46e6 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -3,6 +3,7 @@
    Distributed SMB/CIFS Server Management Utility 
    Copyright (C) 2001 Andrew Bartlett (abartlet@samba.org)
    Copyright (C) Tim Potter     2001
+   Copyright (C) 2008 Guenther Deschner
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -45,7 +46,7 @@ NTSTATUS net_rpc_join_ok(const char *domain, const char *server,
 {
 	enum security_types sec;
 	unsigned int conn_flags = NET_FLAGS_PDC;
-	uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+	uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
 	struct cli_state *cli = NULL;
 	struct rpc_pipe_client *pipe_hnd = NULL;
 	struct rpc_pipe_client *netlogon_pipe = NULL;
@@ -132,7 +133,7 @@ int net_rpc_join_newstyle(int argc, const char **argv)
 	struct cli_state *cli;
 	TALLOC_CTX *mem_ctx;
         uint32 acb_info = ACB_WSTRUST;
-	uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0);
+	uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0);
 	uint32 sec_channel_type;
 	struct rpc_pipe_client *pipe_hnd = NULL;
 
@@ -146,20 +147,21 @@ int net_rpc_join_newstyle(int argc, const char **argv)
 
 	char *clear_trust_password = NULL;
 	uchar pwbuf[516];
-	SAM_USERINFO_CTR ctr;
-	SAM_USER_INFO_24 p24;
-	SAM_USER_INFO_16 p16;
 	uchar md4_trust_password[16];
+	union samr_UserInfo set_info;
 
 	/* Misc */
 
 	NTSTATUS result;
 	int retval = 1;
 	const char *domain = NULL;
-	uint32 num_rids, *name_types, *user_rids;
-	uint32 flags = 0x3e8;
 	char *acct_name;
-	const char *const_acct_name;
+	struct lsa_String lsa_acct_name;
+	uint32 acct_flags=0;
+	uint32_t access_granted = 0;
+	union lsa_PolicyInformation *info = NULL;
+	struct samr_Ids user_rids;
+	struct samr_Ids name_types;
 
 	/* check what type of join */
 	if (argc >= 0) {
@@ -209,10 +211,15 @@ int net_rpc_join_newstyle(int argc, const char **argv)
 					  &lsa_pol),
 		      "error opening lsa policy handle");
 
-	CHECK_RPC_ERR(rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx, &lsa_pol,
-						5, &domain, &domain_sid),
+	CHECK_RPC_ERR(rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx,
+						 &lsa_pol,
+						 LSA_POLICY_INFO_ACCOUNT_DOMAIN,
+						 &info),
 		      "error querying info policy");
 
+	domain = info->account_domain.name.string;
+	domain_sid = info->account_domain.sid;
+
 	rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol);
 	cli_rpc_pipe_close(pipe_hnd); /* Done with this pipe */
 
@@ -230,15 +237,18 @@ int net_rpc_join_newstyle(int argc, const char **argv)
 		goto done;
 	}
 
-	CHECK_RPC_ERR(rpccli_samr_connect(pipe_hnd, mem_ctx, 
-				       SEC_RIGHTS_MAXIMUM_ALLOWED,
-				       &sam_pol),
+	CHECK_RPC_ERR(rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+					   pipe_hnd->cli->desthost,
+					   SEC_RIGHTS_MAXIMUM_ALLOWED,
+					   &sam_pol),
 		      "could not connect to SAM database");
 
-	
-	CHECK_RPC_ERR(rpccli_samr_open_domain(pipe_hnd, mem_ctx, &sam_pol,
-					   SEC_RIGHTS_MAXIMUM_ALLOWED,
-					   domain_sid, &domain_pol),
+
+	CHECK_RPC_ERR(rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					     &sam_pol,
+					     SEC_RIGHTS_MAXIMUM_ALLOWED,
+					     domain_sid,
+					     &domain_pol),
 		      "could not open domain");
 
 	/* Create domain user */
@@ -247,12 +257,25 @@ int net_rpc_join_newstyle(int argc, const char **argv)
 		goto done;
 	}
 	strlower_m(acct_name);
-	const_acct_name = acct_name;
 
-	result = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol,
-					  acct_name, acb_info,
-					  0xe005000b, &user_pol, 
-					  &user_rid);
+	init_lsa_String(&lsa_acct_name, acct_name);
+
+	acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE |
+		     SEC_STD_WRITE_DAC | SEC_STD_DELETE |
+		     SAMR_USER_ACCESS_SET_PASSWORD |
+		     SAMR_USER_ACCESS_GET_ATTRIBUTES |
+		     SAMR_USER_ACCESS_SET_ATTRIBUTES;
+
+	DEBUG(10, ("Creating account with flags: %d\n",acct_flags));
+
+	result = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx,
+					 &domain_pol,
+					 &lsa_acct_name,
+					 acb_info,
+					 acct_flags,
+					 &user_pol,
+					 &access_granted,
+					 &user_rid);
 
 	if (!NT_STATUS_IS_OK(result) && 
 	    !NT_STATUS_EQUAL(result, NT_STATUS_USER_EXISTS)) {
@@ -271,30 +294,33 @@ int net_rpc_join_newstyle(int argc, const char **argv)
 	/* We *must* do this.... don't ask... */
 
 	if (NT_STATUS_IS_OK(result)) {
-		rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
+		rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
 	}
 
-	CHECK_RPC_ERR_DEBUG(rpccli_samr_lookup_names(pipe_hnd, mem_ctx,
-						  &domain_pol, flags,
-						  1, &const_acct_name, 
-						  &num_rids,
-						  &user_rids, &name_types),
+	CHECK_RPC_ERR_DEBUG(rpccli_samr_LookupNames(pipe_hnd, mem_ctx,
+						    &domain_pol,
+						    1,
+						    &lsa_acct_name,
+						    &user_rids,
+						    &name_types),
 			    ("error looking up rid for user %s: %s\n",
 			     acct_name, nt_errstr(result)));
 
-	if (name_types[0] != SID_NAME_USER) {
-		DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name, name_types[0]));
+	if (name_types.ids[0] != SID_NAME_USER) {
+		DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name, name_types.ids[0]));
 		goto done;
 	}
 
-	user_rid = user_rids[0];
-		
+	user_rid = user_rids.ids[0];
+
 	/* Open handle on user */
 
 	CHECK_RPC_ERR_DEBUG(
-		rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol,
-				   SEC_RIGHTS_MAXIMUM_ALLOWED,
-				   user_rid, &user_pol),
+		rpccli_samr_OpenUser(pipe_hnd, mem_ctx,
+				     &domain_pol,
+				     SEC_RIGHTS_MAXIMUM_ALLOWED,
+				     user_rid,
+				     &user_pol),
 		("could not re-open existing user %s: %s\n",
 		 acct_name, nt_errstr(result)));
 	
@@ -311,16 +337,15 @@ int net_rpc_join_newstyle(int argc, const char **argv)
 
 	/* Set password on machine account */
 
-	ZERO_STRUCT(ctr);
-	ZERO_STRUCT(p24);
+	init_samr_user_info24(&set_info.info24, pwbuf, 24);
 
-	init_sam_user_info24(&p24, (char *)pwbuf,24);
+	SamOEMhashBlob(set_info.info24.password.data, 516,
+		       &cli->user_session_key);
 
-	ctr.switch_value = 24;
-	ctr.info.id24 = &p24;
-
-	CHECK_RPC_ERR(rpccli_samr_set_userinfo(pipe_hnd, mem_ctx, &user_pol, 24, 
-					    &cli->user_session_key, &ctr),
+	CHECK_RPC_ERR(rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx,
+					       &user_pol,
+					       24,
+					       &set_info),
 		      "error setting trust account password");
 
 	/* Why do we have to try to (re-)set the ACB to be the same as what
@@ -332,19 +357,17 @@ int net_rpc_join_newstyle(int argc, const char **argv)
 	   seems to cope with either value so don't bomb out if the set
 	   userinfo2 level 0x10 fails.  -tpot */
 
-	ZERO_STRUCT(ctr);
-	ctr.switch_value = 16;
-	ctr.info.id16 = &p16;
-
-	init_sam_user_info16(&p16, acb_info);
+	set_info.info16.acct_flags = acb_info;
 
 	/* Ignoring the return value is necessary for joining a domain
 	   as a normal user with "Add workstation to domain" privilege. */
 
-	result = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, 16, 
-					&cli->user_session_key, &ctr);
+	result = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx,
+					 &user_pol,
+					 16,
+					 &set_info);
 
-	rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol);
+	rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol);
 	cli_rpc_pipe_close(pipe_hnd); /* Done with this pipe */
 
 	/* Now check the whole process from top-to-bottom */
diff --git a/source3/utils/net_rpc_rights.c b/source3/utils/net_rpc_rights.c
index 5f222b8c7e..7857dbcbaf 100644
--- a/source3/utils/net_rpc_rights.c
+++ b/source3/utils/net_rpc_rights.c
@@ -2,6 +2,7 @@
    Samba Unix/Linux SMB client library 
    Distributed SMB/CIFS Server Management Utility 
    Copyright (C) Gerald (Jerry) Carter          2004
+   Copyright (C) Guenther Deschner              2008
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -94,37 +95,49 @@ static NTSTATUS enum_privileges(struct rpc_pipe_client *pipe_hnd,
 	NTSTATUS result;
 	uint32 enum_context = 0;
 	uint32 pref_max_length=0x1000;
-	uint32 count=0;
-	char   **privs_name;
-	uint32 *privs_high;
-	uint32 *privs_low;
 	int i;
 	uint16 lang_id=0;
 	uint16 lang_id_sys=0;
 	uint16 lang_id_desc;
-	fstring description;
+	struct lsa_StringLarge *description = NULL;
+	struct lsa_PrivArray priv_array;
 
-	result = rpccli_lsa_enum_privilege(pipe_hnd, ctx, pol, &enum_context, 
-		pref_max_length, &count, &privs_name, &privs_high, &privs_low);
+	result = rpccli_lsa_EnumPrivs(pipe_hnd, ctx,
+				      pol,
+				      &enum_context,
+				      &priv_array,
+				      pref_max_length);
 
 	if ( !NT_STATUS_IS_OK(result) )
 		return result;
 
 	/* Print results */
-	
-	for (i = 0; i < count; i++) {
-		d_printf("%30s  ", privs_name[i] ? privs_name[i] : "*unknown*" );
-		
+
+	for (i = 0; i < priv_array.count; i++) {
+
+		struct lsa_String lsa_name;
+
+		d_printf("%30s  ",
+			priv_array.privs[i].name.string ? priv_array.privs[i].name.string : "*unknown*" );
+
 		/* try to get the description */
-		
-		if ( !NT_STATUS_IS_OK(rpccli_lsa_get_dispname(pipe_hnd, ctx, pol, 
-			privs_name[i], lang_id, lang_id_sys, description, &lang_id_desc)) )
-		{
+
+		init_lsa_String(&lsa_name, priv_array.privs[i].name.string);
+
+		result = rpccli_lsa_LookupPrivDisplayName(pipe_hnd, ctx,
+							  pol,
+							  &lsa_name,
+							  lang_id,
+							  lang_id_sys,
+							  &description,
+							  &lang_id_desc);
+
+		if (!NT_STATUS_IS_OK(result)) {
 			d_printf("??????\n");
 			continue;
 		}
-		
-		d_printf("%s\n", description );		
+
+		d_printf("%s\n", description->string);
 	}
 
 	return NT_STATUS_OK;
@@ -140,22 +153,24 @@ static NTSTATUS check_privilege_for_user(struct rpc_pipe_client *pipe_hnd,
 					const char *right)
 {
 	NTSTATUS result;
-	uint32 count;
-	char **rights;
+	struct lsa_RightSet rights;
 	int i;
 
-	result = rpccli_lsa_enum_account_rights(pipe_hnd, ctx, pol, sid, &count, &rights);
+	result = rpccli_lsa_EnumAccountRights(pipe_hnd, ctx,
+					      pol,
+					      sid,
+					      &rights);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		return result;
 	}
 
-	if (count == 0) {
+	if (rights.count == 0) {
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 	}
-		
-	for (i = 0; i < count; i++) {
-		if (StrCaseCmp(rights[i], right) == 0) {
+
+	for (i = 0; i < rights.count; i++) {
+		if (StrCaseCmp(rights.names[i].string, right) == 0) {
 			return NT_STATUS_OK;
 		}
 	}
@@ -172,20 +187,23 @@ static NTSTATUS enum_privileges_for_user(struct rpc_pipe_client *pipe_hnd,
 					DOM_SID *sid )
 {
 	NTSTATUS result;
-	uint32 count;
-	char **rights;
+	struct lsa_RightSet rights;
 	int i;
 
-	result = rpccli_lsa_enum_account_rights(pipe_hnd, ctx, pol, sid, &count, &rights);
+	result = rpccli_lsa_EnumAccountRights(pipe_hnd, ctx,
+					      pol,
+					      sid,
+					      &rights);
 
 	if (!NT_STATUS_IS_OK(result))
 		return result;
 
-	if ( count == 0 )
+	if (rights.count == 0) {
 		d_printf("No privileges assigned\n");
-		
-	for (i = 0; i < count; i++) {
-		printf("%s\n", rights[i]);
+	}
+
+	for (i = 0; i < rights.count; i++) {
+		printf("%s\n", rights.names[i].string);
 	}
 
 	return NT_STATUS_OK;
@@ -202,24 +220,27 @@ static NTSTATUS enum_accounts_for_privilege(struct rpc_pipe_client *pipe_hnd,
 	NTSTATUS result;
 	uint32 enum_context=0;
 	uint32 pref_max_length=0x1000;
-	DOM_SID *sids = NULL;
-	uint32 count=0;
+	struct lsa_SidArray sid_array;
 	int i;
 	fstring name;
 
-	result = rpccli_lsa_enum_sids(pipe_hnd, ctx, pol, &enum_context, 
-		pref_max_length, &count, &sids);
+	result = rpccli_lsa_EnumAccounts(pipe_hnd, ctx,
+					 pol,
+					 &enum_context,
+					 &sid_array,
+					 pref_max_length);
 
 	if (!NT_STATUS_IS_OK(result))
 		return result;
 		
 	d_printf("%s:\n", privilege);
 
-	for ( i=0; i<count; i++ ) {
-	
-		   
-		result = check_privilege_for_user( pipe_hnd, ctx, pol, &sids[i], privilege);
-		
+	for ( i=0; i<sid_array.num_sids; i++ ) {
+
+		result = check_privilege_for_user(pipe_hnd, ctx, pol,
+						  sid_array.sids[i].sid,
+						  privilege);
+
 		if ( ! NT_STATUS_IS_OK(result)) {
 			if ( ! NT_STATUS_EQUAL(result, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
 				return result;
@@ -229,9 +250,9 @@ static NTSTATUS enum_accounts_for_privilege(struct rpc_pipe_client *pipe_hnd,
 
 		/* try to convert the SID to a name.  Fall back to 
 		   printing the raw SID if necessary */
-		result = sid_to_name( pipe_hnd, ctx, &sids[i], name );
+		result = sid_to_name( pipe_hnd, ctx, sid_array.sids[i].sid, name );
 		if ( !NT_STATUS_IS_OK (result) )
-			sid_to_fstring(name, &sids[i]);
+			sid_to_fstring(name, sid_array.sids[i].sid);
 
 		d_printf("  %s\n", name);
 	}
@@ -249,30 +270,32 @@ static NTSTATUS enum_privileges_for_accounts(struct rpc_pipe_client *pipe_hnd,
 	NTSTATUS result;
 	uint32 enum_context=0;
 	uint32 pref_max_length=0x1000;
-	DOM_SID *sids;
-	uint32 count=0;
+	struct lsa_SidArray sid_array;
 	int i;
 	fstring name;
 
-	result = rpccli_lsa_enum_sids(pipe_hnd, ctx, pol, &enum_context, 
-		pref_max_length, &count, &sids);
+	result = rpccli_lsa_EnumAccounts(pipe_hnd, ctx,
+					 pol,
+					 &enum_context,
+					 &sid_array,
+					 pref_max_length);
 
 	if (!NT_STATUS_IS_OK(result))
 		return result;
-		
-	for ( i=0; i<count; i++ ) {
-	
+
+	for ( i=0; i<sid_array.num_sids; i++ ) {
+
 		/* try to convert the SID to a name.  Fall back to 
 		   printing the raw SID if necessary */
-		   
-		result = sid_to_name(pipe_hnd, ctx, &sids[i], name );
+
+		result = sid_to_name(pipe_hnd, ctx, sid_array.sids[i].sid, name);
 		if ( !NT_STATUS_IS_OK (result) )
-			sid_to_fstring(name, &sids[i]);
-			
+			sid_to_fstring(name, sid_array.sids[i].sid);
+
 		d_printf("%s\n", name);
-		
-		result = enum_privileges_for_user(pipe_hnd, ctx, pol, &sids[i] );
-		
+
+		result = enum_privileges_for_user(pipe_hnd, ctx, pol,
+						  sid_array.sids[i].sid);
 		if ( !NT_STATUS_IS_OK(result) )
 			return result;
 
@@ -297,7 +320,8 @@ static NTSTATUS rpc_rights_list_internal(const DOM_SID *domain_sid,
 	NTSTATUS result;
 	DOM_SID sid;
 	fstring privname;
-	fstring description;
+	struct lsa_String lsa_name;
+	struct lsa_StringLarge *description = NULL;
 	uint16 lang_id = 0;
 	uint16 lang_id_sys = 0;
 	uint16 lang_id_desc;
@@ -325,14 +349,19 @@ static NTSTATUS rpc_rights_list_internal(const DOM_SID *domain_sid,
 		}
 
 		while ( argv[i] != NULL ) {
-			fstrcpy( privname, argv[i] );
+			fstrcpy(privname, argv[i]);
+			init_lsa_String(&lsa_name, argv[i]);
 			i++;
 		
 			/* verify that this is a valid privilege for error reporting */
-			
-			result = rpccli_lsa_get_dispname(pipe_hnd, mem_ctx, &pol, privname, lang_id, 
-				lang_id_sys, description, &lang_id_desc);
-			
+			result = rpccli_lsa_LookupPrivDisplayName(pipe_hnd, mem_ctx,
+								  &pol,
+								  &lsa_name,
+								  lang_id,
+								  lang_id_sys,
+								  &description,
+								  &lang_id_desc);
+
 			if ( !NT_STATUS_IS_OK(result) ) {
 				if ( NT_STATUS_EQUAL( result, NT_STATUS_NO_SUCH_PRIVILEGE ) ) 
 					d_fprintf(stderr, "No such privilege exists: %s.\n", privname);
@@ -408,6 +437,8 @@ static NTSTATUS rpc_rights_grant_internal(const DOM_SID *domain_sid,
 {
 	POLICY_HND dom_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	struct lsa_RightSet rights;
+	int i;
 
 	DOM_SID sid;
 
@@ -427,8 +458,21 @@ static NTSTATUS rpc_rights_grant_internal(const DOM_SID *domain_sid,
 	if (!NT_STATUS_IS_OK(result))
 		return result;	
 
-	result = rpccli_lsa_add_account_rights(pipe_hnd, mem_ctx, &dom_pol, sid, 
-					    argc-1, argv+1);
+	rights.count = argc-1;
+	rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge,
+				    rights.count);
+	if (!rights.names) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0; i<argc-1; i++) {
+		init_lsa_StringLarge(&rights.names[i], argv[i+1]);
+	}
+
+	result = rpccli_lsa_AddAccountRights(pipe_hnd, mem_ctx,
+					     &dom_pol,
+					     &sid,
+					     &rights);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
@@ -459,8 +503,9 @@ static NTSTATUS rpc_rights_revoke_internal(const DOM_SID *domain_sid,
 {
 	POLICY_HND dom_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-
+	struct lsa_RightSet rights;
 	DOM_SID sid;
+	int i;
 
 	if (argc < 2 ) {
 		d_printf("Usage: net rpc rights revoke <name|SID> <rights...>\n");
@@ -478,8 +523,22 @@ static NTSTATUS rpc_rights_revoke_internal(const DOM_SID *domain_sid,
 	if (!NT_STATUS_IS_OK(result))
 		return result;	
 
-	result = rpccli_lsa_remove_account_rights(pipe_hnd, mem_ctx, &dom_pol, sid, 
-					       False, argc-1, argv+1);
+	rights.count = argc-1;
+	rights.names = TALLOC_ARRAY(mem_ctx, struct lsa_StringLarge,
+				    rights.count);
+	if (!rights.names) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	for (i=0; i<argc-1; i++) {
+		init_lsa_StringLarge(&rights.names[i], argv[i+1]);
+	}
+
+	result = rpccli_lsa_RemoveAccountRights(pipe_hnd, mem_ctx,
+						&dom_pol,
+						&sid,
+						false,
+						&rights);
 
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index 779006884d..775270a69b 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -1,4 +1,4 @@
-/* 
+/*
    Unix SMB/CIFS implementation.
    dump the remote SAM using rpc samsync operations
 
@@ -7,17 +7,18 @@
    Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2005
    Modified by Volker Lendecke 2002
    Copyright (C) Jeremy Allison 2005.
+   Copyright (C) Guenther Deschner 2008.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -31,57 +32,62 @@ static uint32 ldif_uid = 999;
 /* Keep track of ldap initialization */
 static int init_ldap = 1;
 
-static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g)
+static void display_group_mem_info(uint32_t rid,
+				   struct netr_DELTA_GROUP_MEMBER *r)
 {
 	int i;
 	d_printf("Group mem %u: ", rid);
-	for (i=0;i<g->num_members;i++) {
-		d_printf("%u ", g->rids[i]);
+	for (i=0; i< r->num_rids; i++) {
+		d_printf("%u ", r->rids[i]);
 	}
 	d_printf("\n");
 }
 
-static void display_alias_info(uint32 rid, SAM_ALIAS_INFO *a)
+static void display_alias_info(uint32_t rid,
+			       struct netr_DELTA_ALIAS *r)
 {
-	d_printf("Alias '%s' ", unistr2_static(&a->uni_als_name));
-	d_printf("desc='%s' rid=%u\n", unistr2_static(&a->uni_als_desc), a->als_rid);
+	d_printf("Alias '%s' ", r->alias_name.string);
+	d_printf("desc='%s' rid=%u\n", r->description.string, r->rid);
 }
 
-static void display_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *a)
+static void display_alias_mem(uint32_t rid,
+			      struct netr_DELTA_ALIAS_MEMBER *r)
 {
 	int i;
 	d_printf("Alias rid %u: ", rid);
-	for (i=0;i<a->num_members;i++) {
-		d_printf("%s ", sid_string_tos(&a->sids[i].sid));
+	for (i=0; i< r->sids.num_sids; i++) {
+		d_printf("%s ", sid_string_tos(r->sids.sids[i].sid));
 	}
 	d_printf("\n");
 }
 
-static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a)
+static void display_account_info(uint32_t rid,
+				 struct netr_DELTA_USER *r)
 {
 	fstring hex_nt_passwd, hex_lm_passwd;
 	uchar lm_passwd[16], nt_passwd[16];
 	static uchar zero_buf[16];
 
 	/* Decode hashes from password hash (if they are not NULL) */
-	
-	if (memcmp(a->pass.buf_lm_pwd, zero_buf, 16) != 0) {
-		sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd, lm_passwd, 0);
-		pdb_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info);
+
+	if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) {
+		sam_pwd_hash(r->rid, r->lmpassword.hash, lm_passwd, 0);
+		pdb_sethexpwd(hex_lm_passwd, lm_passwd, r->acct_flags);
 	} else {
 		pdb_sethexpwd(hex_lm_passwd, NULL, 0);
 	}
 
-	if (memcmp(a->pass.buf_nt_pwd, zero_buf, 16) != 0) {
-		sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd, nt_passwd, 0);
-		pdb_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info);
+	if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) {
+		sam_pwd_hash(r->rid, r->ntpassword.hash, nt_passwd, 0);
+		pdb_sethexpwd(hex_nt_passwd, nt_passwd, r->acct_flags);
 	} else {
 		pdb_sethexpwd(hex_nt_passwd, NULL, 0);
 	}
-	
-	printf("%s:%d:%s:%s:%s:LCT-0\n", unistr2_static(&a->uni_acct_name),
-	       a->user_rid, hex_lm_passwd, hex_nt_passwd,
-	       pdb_encode_acct_ctrl(a->acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN));
+
+	printf("%s:%d:%s:%s:%s:LCT-0\n",
+		r->account_name.string,
+		r->rid, hex_lm_passwd, hex_nt_passwd,
+		pdb_encode_acct_ctrl(r->acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN));
 }
 
 static time_t uint64s_nt_time_to_unix_abs(const uint64 *src)
@@ -91,102 +97,201 @@ static time_t uint64s_nt_time_to_unix_abs(const uint64 *src)
 	return nt_time_to_unix_abs(&nttime);
 }
 
-static void display_domain_info(SAM_DOMAIN_INFO *a)
+static void display_domain_info(struct netr_DELTA_DOMAIN *r)
 {
 	time_t u_logout;
 
-	u_logout = uint64s_nt_time_to_unix_abs(&a->force_logoff);
+	u_logout = uint64s_nt_time_to_unix_abs((const uint64 *)&r->force_logoff_time);
 
-	d_printf("Domain name: %s\n", unistr2_static(&a->uni_dom_name));
+	d_printf("Domain name: %s\n", r->domain_name.string);
 
-	d_printf("Minimal Password Length: %d\n", a->min_pwd_len);
-	d_printf("Password History Length: %d\n", a->pwd_history_len);
+	d_printf("Minimal Password Length: %d\n", r->min_password_length);
+	d_printf("Password History Length: %d\n", r->password_history_length);
 
 	d_printf("Force Logoff: %d\n", (int)u_logout);
 
-	d_printf("Max Password Age: %s\n", display_time(a->max_pwd_age));
-	d_printf("Min Password Age: %s\n", display_time(a->min_pwd_age));
+	d_printf("Max Password Age: %s\n", display_time(r->max_password_age));
+	d_printf("Min Password Age: %s\n", display_time(r->min_password_age));
 
+#if 0
+	/* FIXME - gd */
 	d_printf("Lockout Time: %s\n", display_time(a->account_lockout.lockout_duration));
 	d_printf("Lockout Reset Time: %s\n", display_time(a->account_lockout.reset_count));
-
 	d_printf("Bad Attempt Lockout: %d\n", a->account_lockout.bad_attempt_lockout);
-	d_printf("User must logon to change password: %d\n", a->logon_chgpass);
+#endif
+	d_printf("User must logon to change password: %d\n", r->logon_to_chgpass);
 }
 
-static void display_group_info(uint32 rid, SAM_GROUP_INFO *a)
+static void display_group_info(uint32_t rid, struct netr_DELTA_GROUP *r)
 {
-	d_printf("Group '%s' ", unistr2_static(&a->uni_grp_name));
-	d_printf("desc='%s', rid=%u\n", unistr2_static(&a->uni_grp_desc), rid);
+	d_printf("Group '%s' ", r->group_name.string);
+	d_printf("desc='%s', rid=%u\n", r->description.string, rid);
 }
 
-static void display_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta)
+static void display_sam_entry(struct netr_DELTA_ENUM *r)
 {
-	switch (hdr_delta->type) {
-	case SAM_DELTA_ACCOUNT_INFO:
-		display_account_info(hdr_delta->target_rid, &delta->account_info);
+	union netr_DELTA_UNION u = r->delta_union;
+	union netr_DELTA_ID_UNION id = r->delta_id_union;
+
+	switch (r->delta_type) {
+	case NETR_DELTA_DOMAIN:
+		display_domain_info(u.domain);
+		break;
+	case NETR_DELTA_GROUP:
+		display_group_info(id.rid, u.group);
+		break;
+#if 0
+	case NETR_DELTA_DELETE_GROUP:
+		printf("Delete Group: %d\n",
+			u.delete_account.unknown);
+		break;
+	case NETR_DELTA_RENAME_GROUP:
+		printf("Rename Group: %s -> %s\n",
+			u.rename_group->OldName.string,
+			u.rename_group->NewName.string);
 		break;
-	case SAM_DELTA_GROUP_MEM:
-		display_group_mem_info(hdr_delta->target_rid, &delta->grp_mem_info);
+#endif
+	case NETR_DELTA_USER:
+		display_account_info(id.rid, u.user);
 		break;
-	case SAM_DELTA_ALIAS_INFO:
-		display_alias_info(hdr_delta->target_rid, &delta->alias_info);
+#if 0
+	case NETR_DELTA_DELETE_USER:
+		printf("Delete User: %d\n",
+			id.rid);
 		break;
-	case SAM_DELTA_ALIAS_MEM:
-		display_alias_mem(hdr_delta->target_rid, &delta->als_mem_info);
+	case NETR_DELTA_RENAME_USER:
+		printf("Rename user: %s -> %s\n",
+			u.rename_user->OldName.string,
+			u.rename_user->NewName.string);
 		break;
-	case SAM_DELTA_DOMAIN_INFO:
-		display_domain_info(&delta->domain_info);
+#endif
+	case NETR_DELTA_GROUP_MEMBER:
+		display_group_mem_info(id.rid, u.group_member);
 		break;
-	case SAM_DELTA_GROUP_INFO:
-		display_group_info(hdr_delta->target_rid, &delta->group_info);
+	case NETR_DELTA_ALIAS:
+		display_alias_info(id.rid, u.alias);
 		break;
-		/* The following types are recognised but not handled */
-	case SAM_DELTA_RENAME_GROUP:
-		d_printf("SAM_DELTA_RENAME_GROUP not handled\n");
+#if 0
+	case NETR_DELTA_DELETE_ALIAS:
+		printf("Delete Alias: %d\n",
+			id.rid);
 		break;
-	case SAM_DELTA_RENAME_USER:
-		d_printf("SAM_DELTA_RENAME_USER not handled\n");
+	case NETR_DELTA_RENAME_ALIAS:
+		printf("Rename alias: %s -> %s\n",
+			u.rename_alias->OldName.string,
+			u.rename_alias->NewName.string);
 		break;
-	case SAM_DELTA_RENAME_ALIAS:
-		d_printf("SAM_DELTA_RENAME_ALIAS not handled\n");
+#endif
+	case NETR_DELTA_ALIAS_MEMBER:
+		display_alias_mem(id.rid, u.alias_member);
+		break;
+#if 0
+	case NETR_DELTA_POLICY:
+		printf("Policy\n");
 		break;
-	case SAM_DELTA_POLICY_INFO:
-		d_printf("SAM_DELTA_POLICY_INFO not handled\n");
+	case NETR_DELTA_TRUSTED_DOMAIN:
+		printf("Trusted Domain: %s\n",
+			u.trusted_domain->domain_name.string);
 		break;
-	case SAM_DELTA_TRUST_DOMS:
-		d_printf("SAM_DELTA_TRUST_DOMS not handled\n");
+	case NETR_DELTA_DELETE_TRUST:
+		printf("Delete Trust: %d\n",
+			u.delete_trust.unknown);
 		break;
-	case SAM_DELTA_PRIVS_INFO:
-		d_printf("SAM_DELTA_PRIVS_INFO not handled\n");
+	case NETR_DELTA_ACCOUNT:
+		printf("Account\n");
 		break;
-	case SAM_DELTA_SECRET_INFO:
-		d_printf("SAM_DELTA_SECRET_INFO not handled\n");
+	case NETR_DELTA_DELETE_ACCOUNT:
+		printf("Delete Account: %d\n",
+			u.delete_account.unknown);
 		break;
-	case SAM_DELTA_DELETE_GROUP:
-		d_printf("SAM_DELTA_DELETE_GROUP not handled\n");
+	case NETR_DELTA_SECRET:
+		printf("Secret\n");
 		break;
-	case SAM_DELTA_DELETE_USER:
-		d_printf("SAM_DELTA_DELETE_USER not handled\n");
+	case NETR_DELTA_DELETE_SECRET:
+		printf("Delete Secret: %d\n",
+			u.delete_secret.unknown);
+		break;
+	case NETR_DELTA_DELETE_GROUP2:
+		printf("Delete Group2: %s\n",
+			u.delete_group->account_name);
+		break;
+	case NETR_DELTA_DELETE_USER2:
+		printf("Delete User2: %s\n",
+			u.delete_user->account_name);
+		break;
+	case NETR_DELTA_MODIFY_COUNT:
+		printf("sam sequence update: 0x%016llx\n",
+			(unsigned long long) *u.modified_count);
+		break;
+#endif
+	/* The following types are recognised but not handled */
+	case NETR_DELTA_RENAME_GROUP:
+		d_printf("NETR_DELTA_RENAME_GROUP not handled\n");
 		break;
-	case SAM_DELTA_MODIFIED_COUNT:
-		d_printf("SAM_DELTA_MODIFIED_COUNT not handled\n");
+	case NETR_DELTA_RENAME_USER:
+		d_printf("NETR_DELTA_RENAME_USER not handled\n");
+		break;
+	case NETR_DELTA_RENAME_ALIAS:
+		d_printf("NETR_DELTA_RENAME_ALIAS not handled\n");
+		break;
+	case NETR_DELTA_POLICY:
+		d_printf("NETR_DELTA_POLICY not handled\n");
+		break;
+	case NETR_DELTA_TRUSTED_DOMAIN:
+		d_printf("NETR_DELTA_TRUSTED_DOMAIN not handled\n");
+		break;
+	case NETR_DELTA_ACCOUNT:
+		d_printf("NETR_DELTA_ACCOUNT not handled\n");
+		break;
+	case NETR_DELTA_SECRET:
+		d_printf("NETR_DELTA_SECRET not handled\n");
+		break;
+	case NETR_DELTA_DELETE_GROUP:
+		d_printf("NETR_DELTA_DELETE_GROUP not handled\n");
+		break;
+	case NETR_DELTA_DELETE_USER:
+		d_printf("NETR_DELTA_DELETE_USER not handled\n");
+		break;
+	case NETR_DELTA_MODIFY_COUNT:
+		d_printf("NETR_DELTA_MODIFY_COUNT not handled\n");
+		break;
+	case NETR_DELTA_DELETE_ALIAS:
+		d_printf("NETR_DELTA_DELETE_ALIAS not handled\n");
+		break;
+	case NETR_DELTA_DELETE_TRUST:
+		d_printf("NETR_DELTA_DELETE_TRUST not handled\n");
+		break;
+	case NETR_DELTA_DELETE_ACCOUNT:
+		d_printf("NETR_DELTA_DELETE_ACCOUNT not handled\n");
+		break;
+	case NETR_DELTA_DELETE_SECRET:
+		d_printf("NETR_DELTA_DELETE_SECRET not handled\n");
+		break;
+	case NETR_DELTA_DELETE_GROUP2:
+		d_printf("NETR_DELTA_DELETE_GROUP2 not handled\n");
+		break;
+	case NETR_DELTA_DELETE_USER2:
+		d_printf("NETR_DELTA_DELETE_USER2 not handled\n");
 		break;
 	default:
-		d_printf("Unknown delta record type %d\n", hdr_delta->type);
+		printf("unknown delta type 0x%02x\n",
+			r->delta_type);
 		break;
 	}
 }
 
 static void dump_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type)
 {
-	uint32 sync_context = 0;
         NTSTATUS result;
 	int i;
         TALLOC_CTX *mem_ctx;
-        SAM_DELTA_HDR *hdr_deltas;
-        SAM_DELTA_CTR *deltas;
-        uint32 num_deltas;
+	const char *logon_server = pipe_hnd->cli->desthost;
+	const char *computername = global_myname();
+	struct netr_Authenticator credential;
+	struct netr_Authenticator return_authenticator;
+	enum netr_SamDatabaseID database_id = db_type;
+	uint16_t restart_state = 0;
+	uint32_t sync_context = 0;
 
 	if (!(mem_ctx = talloc_init("dump_database"))) {
 		return;
@@ -208,36 +313,59 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type)
 	}
 
 	do {
-		result = rpccli_netlogon_sam_sync(pipe_hnd, mem_ctx, db_type,
-					       sync_context,
-					       &num_deltas, &hdr_deltas, &deltas);
-		if (!NT_STATUS_IS_OK(result))
+		struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
+
+		netlogon_creds_client_step(pipe_hnd->dc, &credential);
+
+		result = rpccli_netr_DatabaseSync2(pipe_hnd, mem_ctx,
+						   logon_server,
+						   computername,
+						   &credential,
+						   &return_authenticator,
+						   database_id,
+						   restart_state,
+						   &sync_context,
+						   &delta_enum_array,
+						   0xffff);
+
+		/* Check returned credentials. */
+		if (!netlogon_creds_client_check(pipe_hnd->dc,
+						 &return_authenticator.cred)) {
+			DEBUG(0,("credentials chain check failed\n"));
+			return;
+		}
+
+		if (NT_STATUS_IS_ERR(result)) {
 			break;
+		}
 
-                for (i = 0; i < num_deltas; i++) {
-			display_sam_entry(&hdr_deltas[i], &deltas[i]);
+		/* Display results */
+		for (i = 0; i < delta_enum_array->num_deltas; i++) {
+			display_sam_entry(&delta_enum_array->delta_enum[i]);
                 }
-		sync_context += 1;
+
+		TALLOC_FREE(delta_enum_array);
+
 	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
 
 	talloc_destroy(mem_ctx);
 }
 
 /* dump sam database via samsync rpc calls */
-NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, 
-				const char *domain_name, 
+NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid,
+				const char *domain_name,
 				struct cli_state *cli,
 				struct rpc_pipe_client *pipe_hnd,
-				TALLOC_CTX *mem_ctx, 
+				TALLOC_CTX *mem_ctx,
 				int argc,
-				const char **argv) 
+				const char **argv)
 {
 #if 0
 	/* net_rpc.c now always tries to create an schannel pipe.. */
 
 	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
 	uchar trust_password[16];
-	uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+	uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
 	uint32 sec_channel_type = 0;
 
 	if (!secrets_fetch_trust_account_password(domain_name,
@@ -277,7 +405,8 @@ NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid,
 		    (!(s1) && (s2)) ||\
 		((s1) && (s2) && (strcmp((s1), (s2)) != 0))
 
-static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *delta)
+static NTSTATUS sam_account_from_delta(struct samu *account,
+				       struct netr_DELTA_USER *r)
 {
 	const char *old_string, *new_string;
 	time_t unix_time, stored_time;
@@ -287,15 +416,14 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d
 	/* Username, fullname, home dir, dir drive, logon script, acct
 	   desc, workstations, profile. */
 
-	if (delta->hdr_acct_name.buffer) {
+	if (r->account_name.string) {
 		old_string = pdb_get_nt_username(account);
-		new_string = unistr2_static(&delta->uni_acct_name);
+		new_string = r->account_name.string;
 
 		if (STRING_CHANGED) {
 			pdb_set_nt_username(account, new_string, PDB_CHANGED);
-              
 		}
-         
+
 		/* Unix username is the same - for sanity */
 		old_string = pdb_get_username( account );
 		if (STRING_CHANGED) {
@@ -303,69 +431,70 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d
 		}
 	}
 
-	if (delta->hdr_full_name.buffer) {
+	if (r->full_name.string) {
 		old_string = pdb_get_fullname(account);
-		new_string = unistr2_static(&delta->uni_full_name);
+		new_string = r->full_name.string;
 
 		if (STRING_CHANGED)
 			pdb_set_fullname(account, new_string, PDB_CHANGED);
 	}
 
-	if (delta->hdr_home_dir.buffer) {
+	if (r->home_directory.string) {
 		old_string = pdb_get_homedir(account);
-		new_string = unistr2_static(&delta->uni_home_dir);
+		new_string = r->home_directory.string;
 
 		if (STRING_CHANGED)
 			pdb_set_homedir(account, new_string, PDB_CHANGED);
 	}
 
-	if (delta->hdr_dir_drive.buffer) {
+	if (r->home_drive.string) {
 		old_string = pdb_get_dir_drive(account);
-		new_string = unistr2_static(&delta->uni_dir_drive);
+		new_string = r->home_drive.string;
 
 		if (STRING_CHANGED)
 			pdb_set_dir_drive(account, new_string, PDB_CHANGED);
 	}
 
-	if (delta->hdr_logon_script.buffer) {
+	if (r->logon_script.string) {
 		old_string = pdb_get_logon_script(account);
-		new_string = unistr2_static(&delta->uni_logon_script);
+		new_string = r->logon_script.string;
 
 		if (STRING_CHANGED)
 			pdb_set_logon_script(account, new_string, PDB_CHANGED);
 	}
 
-	if (delta->hdr_acct_desc.buffer) {
+	if (r->description.string) {
 		old_string = pdb_get_acct_desc(account);
-		new_string = unistr2_static(&delta->uni_acct_desc);
+		new_string = r->description.string;
 
 		if (STRING_CHANGED)
 			pdb_set_acct_desc(account, new_string, PDB_CHANGED);
 	}
 
-	if (delta->hdr_workstations.buffer) {
+	if (r->workstations.string) {
 		old_string = pdb_get_workstations(account);
-		new_string = unistr2_static(&delta->uni_workstations);
+		new_string = r->workstations.string;
 
 		if (STRING_CHANGED)
 			pdb_set_workstations(account, new_string, PDB_CHANGED);
 	}
 
-	if (delta->hdr_profile.buffer) {
+	if (r->profile_path.string) {
 		old_string = pdb_get_profile_path(account);
-		new_string = unistr2_static(&delta->uni_profile);
+		new_string = r->profile_path.string;
 
 		if (STRING_CHANGED)
 			pdb_set_profile_path(account, new_string, PDB_CHANGED);
 	}
 
-	if (delta->hdr_parameters.buffer) {
+	if (r->parameters.string) {
 		DATA_BLOB mung;
 		char *newstr;
 		old_string = pdb_get_munged_dial(account);
-		mung.length = delta->hdr_parameters.uni_str_len;
-		mung.data = (uint8 *) delta->uni_parameters.buffer;
-		newstr = (mung.length == 0) ? NULL : base64_encode_data_blob(mung);
+		mung.length = r->parameters.length;
+		mung.data = (uint8 *) r->parameters.string;
+		newstr = (mung.length == 0) ? NULL :
+			base64_encode_data_blob(talloc_tos(), mung);
 
 		if (STRING_CHANGED_NC(old_string, newstr))
 			pdb_set_munged_dial(account, newstr, PDB_CHANGED);
@@ -373,57 +502,59 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d
 	}
 
 	/* User and group sid */
-	if (pdb_get_user_rid(account) != delta->user_rid)
-		pdb_set_user_sid_from_rid(account, delta->user_rid, PDB_CHANGED);
-	if (pdb_get_group_rid(account) != delta->group_rid)
-		pdb_set_group_sid_from_rid(account, delta->group_rid, PDB_CHANGED);
+	if (pdb_get_user_rid(account) != r->rid)
+		pdb_set_user_sid_from_rid(account, r->rid, PDB_CHANGED);
+	if (pdb_get_group_rid(account) != r->primary_gid)
+		pdb_set_group_sid_from_rid(account, r->primary_gid, PDB_CHANGED);
 
 	/* Logon and password information */
-	if (!nt_time_is_zero(&delta->logon_time)) {
-		unix_time = nt_time_to_unix(delta->logon_time);
+	if (!nt_time_is_zero(&r->last_logon)) {
+		unix_time = nt_time_to_unix(r->last_logon);
 		stored_time = pdb_get_logon_time(account);
 		if (stored_time != unix_time)
 			pdb_set_logon_time(account, unix_time, PDB_CHANGED);
 	}
 
-	if (!nt_time_is_zero(&delta->logoff_time)) {
-		unix_time = nt_time_to_unix(delta->logoff_time);
+	if (!nt_time_is_zero(&r->last_logoff)) {
+		unix_time = nt_time_to_unix(r->last_logoff);
 		stored_time = pdb_get_logoff_time(account);
 		if (stored_time != unix_time)
 			pdb_set_logoff_time(account, unix_time,PDB_CHANGED);
 	}
 
 	/* Logon Divs */
-	if (pdb_get_logon_divs(account) != delta->logon_divs)
-		pdb_set_logon_divs(account, delta->logon_divs, PDB_CHANGED);
+	if (pdb_get_logon_divs(account) != r->logon_hours.units_per_week)
+		pdb_set_logon_divs(account, r->logon_hours.units_per_week, PDB_CHANGED);
 
+#if 0
+	/* no idea what to do with this one - gd */
 	/* Max Logon Hours */
 	if (delta->unknown1 != pdb_get_unknown_6(account)) {
 		pdb_set_unknown_6(account, delta->unknown1, PDB_CHANGED);
 	}
-
+#endif
 	/* Logon Hours Len */
-	if (delta->buf_logon_hrs.buf_len != pdb_get_hours_len(account)) {
-		pdb_set_hours_len(account, delta->buf_logon_hrs.buf_len, PDB_CHANGED);
+	if (r->logon_hours.units_per_week/8 != pdb_get_hours_len(account)) {
+		pdb_set_hours_len(account, r->logon_hours.units_per_week/8, PDB_CHANGED);
 	}
 
 	/* Logon Hours */
-	if (delta->buf_logon_hrs.buffer) {
+	if (r->logon_hours.bits) {
 		char oldstr[44], newstr[44];
 		pdb_sethexhours(oldstr, pdb_get_hours(account));
-		pdb_sethexhours(newstr, delta->buf_logon_hrs.buffer);
+		pdb_sethexhours(newstr, r->logon_hours.bits);
 		if (!strequal(oldstr, newstr))
-			pdb_set_hours(account, (const uint8 *)delta->buf_logon_hrs.buffer, PDB_CHANGED);
+			pdb_set_hours(account, r->logon_hours.bits, PDB_CHANGED);
 	}
 
-	if (pdb_get_bad_password_count(account) != delta->bad_pwd_count)
-		pdb_set_bad_password_count(account, delta->bad_pwd_count, PDB_CHANGED);
+	if (pdb_get_bad_password_count(account) != r->bad_password_count)
+		pdb_set_bad_password_count(account, r->bad_password_count, PDB_CHANGED);
 
-	if (pdb_get_logon_count(account) != delta->logon_count)
-		pdb_set_logon_count(account, delta->logon_count, PDB_CHANGED);
+	if (pdb_get_logon_count(account) != r->logon_count)
+		pdb_set_logon_count(account, r->logon_count, PDB_CHANGED);
 
-	if (!nt_time_is_zero(&delta->pwd_last_set_time)) {
-		unix_time = nt_time_to_unix(delta->pwd_last_set_time);
+	if (!nt_time_is_zero(&r->last_password_change)) {
+		unix_time = nt_time_to_unix(r->last_password_change);
 		stored_time = pdb_get_pass_last_set_time(account);
 		if (stored_time != unix_time)
 			pdb_set_pass_last_set_time(account, unix_time, PDB_CHANGED);
@@ -432,42 +563,41 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d
 		pdb_set_pass_last_set_time(account, time(NULL), PDB_CHANGED);
 	}
 
-#if 0
-/*	No kickoff time in the delta? */
-	if (!nt_time_is_zero(&delta->kickoff_time)) {
-		unix_time = nt_time_to_unix(&delta->kickoff_time);
+	if (!nt_time_is_zero(&r->acct_expiry)) {
+		unix_time = nt_time_to_unix(r->acct_expiry);
 		stored_time = pdb_get_kickoff_time(account);
 		if (stored_time != unix_time)
 			pdb_set_kickoff_time(account, unix_time, PDB_CHANGED);
 	}
-#endif
 
-	/* Decode hashes from password hash 
-	   Note that win2000 may send us all zeros for the hashes if it doesn't 
+	/* Decode hashes from password hash
+	   Note that win2000 may send us all zeros for the hashes if it doesn't
 	   think this channel is secure enough - don't set the passwords at all
 	   in that case
 	*/
-	if (memcmp(delta->pass.buf_lm_pwd, zero_buf, 16) != 0) {
-		sam_pwd_hash(delta->user_rid, delta->pass.buf_lm_pwd, lm_passwd, 0);
+	if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) {
+		sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0);
 		pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED);
 	}
 
-	if (memcmp(delta->pass.buf_nt_pwd, zero_buf, 16) != 0) {
-		sam_pwd_hash(delta->user_rid, delta->pass.buf_nt_pwd, nt_passwd, 0);
+	if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) {
+		sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0);
 		pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED);
 	}
 
 	/* TODO: account expiry time */
 
-	pdb_set_acct_ctrl(account, delta->acb_info, PDB_CHANGED);
+	pdb_set_acct_ctrl(account, r->acct_flags, PDB_CHANGED);
 
 	pdb_set_domain(account, lp_workgroup(), PDB_CHANGED);
 
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
+static NTSTATUS fetch_account_info(uint32_t rid,
+				   struct netr_DELTA_USER *r)
 {
+
 	NTSTATUS nt_ret = NT_STATUS_UNSUCCESSFUL;
 	fstring account;
 	char *add_script = NULL;
@@ -479,7 +609,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
 	struct passwd *passwd;
 	fstring sid_string;
 
-	fstrcpy(account, unistr2_static(&delta->uni_acct_name));
+	fstrcpy(account, r->account_name.string);
 	d_printf("Creating account: %s\n", account);
 
 	if ( !(sam_account = samu_new( NULL )) ) {
@@ -488,17 +618,17 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
 
 	if (!(passwd = Get_Pwnam_alloc(sam_account, account))) {
 		/* Create appropriate user */
-		if (delta->acb_info & ACB_NORMAL) {
+		if (r->acct_flags & ACB_NORMAL) {
 			add_script = talloc_strdup(sam_account,
 					lp_adduser_script());
-		} else if ( (delta->acb_info & ACB_WSTRUST) ||
-			    (delta->acb_info & ACB_SVRTRUST) ||
-			    (delta->acb_info & ACB_DOMTRUST) ) {
+		} else if ( (r->acct_flags & ACB_WSTRUST) ||
+			    (r->acct_flags & ACB_SVRTRUST) ||
+			    (r->acct_flags & ACB_DOMTRUST) ) {
 			add_script = talloc_strdup(sam_account,
 					lp_addmachine_script());
 		} else {
 			DEBUG(1, ("Unknown user type: %s\n",
-				  pdb_encode_acct_ctrl(delta->acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN)));
+				  pdb_encode_acct_ctrl(r->acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN)));
 			nt_ret = NT_STATUS_UNSUCCESSFUL;
 			goto done;
 		}
@@ -533,30 +663,30 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
 	}
 
 	sid_copy(&user_sid, get_global_sam_sid());
-	sid_append_rid(&user_sid, delta->user_rid);
+	sid_append_rid(&user_sid, r->rid);
 
 	DEBUG(3, ("Attempting to find SID %s for user %s in the passdb\n",
 		  sid_to_fstring(sid_string, &user_sid), account));
 	if (!pdb_getsampwsid(sam_account, &user_sid)) {
-		sam_account_from_delta(sam_account, delta);
-		DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n", 
+		sam_account_from_delta(sam_account, r);
+		DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n",
 			  sid_to_fstring(sid_string, &user_sid),
 			  pdb_get_username(sam_account)));
 		if (!NT_STATUS_IS_OK(pdb_add_sam_account(sam_account))) {
 			DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n",
 				  account));
-			return NT_STATUS_ACCESS_DENIED; 
+			return NT_STATUS_ACCESS_DENIED;
 		}
 	} else {
-		sam_account_from_delta(sam_account, delta);
-		DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n", 
+		sam_account_from_delta(sam_account, r);
+		DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n",
 			  sid_to_fstring(sid_string, &user_sid),
 			  pdb_get_username(sam_account)));
 		if (!NT_STATUS_IS_OK(pdb_update_sam_account(sam_account))) {
 			DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n",
 				  account));
 			TALLOC_FREE(sam_account);
-			return NT_STATUS_ACCESS_DENIED; 
+			return NT_STATUS_ACCESS_DENIED;
 		}
 	}
 
@@ -572,7 +702,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
 	} else {
 		if (map.gid != passwd->pw_gid) {
 			if (!(grp = getgrgid(map.gid))) {
-				DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n", 
+				DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n",
 					  (unsigned long)map.gid, pdb_get_username(sam_account), sid_string_tos(&group_sid)));
 			} else {
 				smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account));
@@ -581,7 +711,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
 	}
 
 	if ( !passwd ) {
-		DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", 
+		DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n",
 			pdb_get_username(sam_account)));
 	}
 
@@ -590,7 +720,8 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
 	return nt_ret;
 }
 
-static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta)
+static NTSTATUS fetch_group_info(uint32_t rid,
+				 struct netr_DELTA_GROUP *r)
 {
 	fstring name;
 	fstring comment;
@@ -600,8 +731,8 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta)
 	GROUP_MAP map;
 	bool insert = True;
 
-	unistr2_to_ascii(name, &delta->uni_grp_name, sizeof(name));
-	unistr2_to_ascii(comment, &delta->uni_grp_desc, sizeof(comment));
+	fstrcpy(name, r->group_name.string);
+	fstrcpy(comment, r->description.string);
 
 	/* add the group to the mapping table */
 	sid_copy(&group_sid, get_global_sam_sid());
@@ -619,14 +750,14 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta)
 
 		/* No group found from mapping, find it from its name. */
 		if ((grp = getgrnam(name)) == NULL) {
-		
+
 			/* No appropriate group found, create one */
-			
+
 			d_printf("Creating unix group: '%s'\n", name);
-			
+
 			if (smb_create_group(name, &gid) != 0)
 				return NT_STATUS_ACCESS_DENIED;
-				
+
 			if ((grp = getgrnam(name)) == NULL)
 				return NT_STATUS_ACCESS_DENIED;
 		}
@@ -636,7 +767,7 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta)
 	map.sid = group_sid;
 	map.sid_name_use = SID_NAME_DOM_GRP;
 	fstrcpy(map.nt_name, name);
-	if (delta->hdr_grp_desc.buffer) {
+	if (r->description.string) {
 		fstrcpy(map.comment, comment);
 	} else {
 		fstrcpy(map.comment, "");
@@ -650,7 +781,8 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta)
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta)
+static NTSTATUS fetch_group_mem_info(uint32_t rid,
+				     struct netr_DELTA_GROUP_MEMBER *r)
 {
 	int i;
 	TALLOC_CTX *t = NULL;
@@ -660,7 +792,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta)
 	GROUP_MAP map;
 	struct group *grp;
 
-	if (delta->num_members == 0) {
+	if (r->num_rids == 0) {
 		return NT_STATUS_OK;
 	}
 
@@ -684,8 +816,8 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta)
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (delta->num_members) {
-		if ((nt_members = TALLOC_ZERO_ARRAY(t, char *, delta->num_members)) == NULL) {
+	if (r->num_rids) {
+		if ((nt_members = TALLOC_ZERO_ARRAY(t, char *, r->num_rids)) == NULL) {
 			DEBUG(0, ("talloc failed\n"));
 			talloc_free(t);
 			return NT_STATUS_NO_MEMORY;
@@ -694,7 +826,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta)
 		nt_members = NULL;
 	}
 
-	for (i=0; i<delta->num_members; i++) {
+	for (i=0; i < r->num_rids; i++) {
 		struct samu *member = NULL;
 		DOM_SID member_sid;
 
@@ -704,11 +836,11 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta)
 		}
 
 		sid_copy(&member_sid, get_global_sam_sid());
-		sid_append_rid(&member_sid, delta->rids[i]);
+		sid_append_rid(&member_sid, r->rids[i]);
 
 		if (!pdb_getsampwsid(member, &member_sid)) {
 			DEBUG(1, ("Found bogus group member: %d (member_sid=%s group=%s)\n",
-				  delta->rids[i], sid_string_tos(&member_sid), grp->gr_name));
+				  r->rids[i], sid_string_tos(&member_sid), grp->gr_name));
 			TALLOC_FREE(member);
 			continue;
 		}
@@ -718,7 +850,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta)
 			TALLOC_FREE(member);
 			continue;
 		}
-		
+
 		d_printf("%s,", pdb_get_username(member));
 		nt_members[i] = talloc_strdup(t, pdb_get_username(member));
 		TALLOC_FREE(member);
@@ -730,7 +862,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta)
 
 	while (*unix_members) {
 		bool is_nt_member = False;
-		for (i=0; i<delta->num_members; i++) {
+		for (i=0; i < r->num_rids; i++) {
 			if (nt_members[i] == NULL) {
 				/* This was a primary group */
 				continue;
@@ -750,7 +882,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta)
 		unix_members += 1;
 	}
 
-	for (i=0; i<delta->num_members; i++) {
+	for (i=0; i < r->num_rids; i++) {
 		bool is_unix_member = False;
 
 		if (nt_members[i] == NULL) {
@@ -775,12 +907,13 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta)
 			smb_add_user_group(grp->gr_name, nt_members[i]);
 		}
 	}
-	
+
 	talloc_destroy(t);
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta,
+static NTSTATUS fetch_alias_info(uint32_t rid,
+				 struct netr_DELTA_ALIAS *r,
 				 DOM_SID dom_sid)
 {
 	fstring name;
@@ -791,8 +924,8 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta,
 	GROUP_MAP map;
 	bool insert = True;
 
-	unistr2_to_ascii(name, &delta->uni_als_name, sizeof(name));
-	unistr2_to_ascii(comment, &delta->uni_als_desc, sizeof(comment));
+	fstrcpy(name, r->alias_name.string);
+	fstrcpy(comment, r->description.string);
 
 	/* Find out whether the group is already mapped */
 	sid_copy(&alias_sid, &dom_sid);
@@ -837,24 +970,33 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta,
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS fetch_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *delta, DOM_SID dom_sid)
+static NTSTATUS fetch_alias_mem(uint32_t rid,
+				struct netr_DELTA_ALIAS_MEMBER *r,
+				DOM_SID dom_sid)
 {
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta)
+static NTSTATUS fetch_domain_info(uint32_t rid,
+				  struct netr_DELTA_DOMAIN *r)
 {
-	time_t u_max_age, u_min_age, u_logout, u_lockoutreset, u_lockouttime;
+	time_t u_max_age, u_min_age, u_logout;
+#if 0
+	/* FIXME: gd */
+	time_t u_lockoutreset, u_lockouttime;
+#endif
 	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
-	char *domname;
+	const char *domname;
 
-	u_max_age = uint64s_nt_time_to_unix_abs(&delta->max_pwd_age);
-	u_min_age = uint64s_nt_time_to_unix_abs(&delta->min_pwd_age);
-	u_logout = uint64s_nt_time_to_unix_abs(&delta->force_logoff);
+	u_max_age = uint64s_nt_time_to_unix_abs((uint64 *)&r->max_password_age);
+	u_min_age = uint64s_nt_time_to_unix_abs((uint64 *)&r->min_password_age);
+	u_logout = uint64s_nt_time_to_unix_abs((uint64 *)&r->force_logoff_time);
+#if 0
+	/* FIXME: gd */
 	u_lockoutreset = uint64s_nt_time_to_unix_abs(&delta->account_lockout.reset_count);
 	u_lockouttime = uint64s_nt_time_to_unix_abs(&delta->account_lockout.lockout_duration);
-
-	domname = unistr2_to_ascii_talloc(talloc_tos(), &delta->uni_dom_name);
+#endif
+	domname = r->domain_name.string;
 	if (!domname) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -866,10 +1008,12 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta)
 	}
 
 
-	if (!pdb_set_account_policy(AP_PASSWORD_HISTORY, delta->pwd_history_len))
+	if (!pdb_set_account_policy(AP_PASSWORD_HISTORY,
+				    r->password_history_length))
 		return nt_status;
 
-	if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN, delta->min_pwd_len))
+	if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN,
+				    r->min_password_length))
 		return nt_status;
 
 	if (!pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (uint32)u_max_age))
@@ -880,7 +1024,8 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta)
 
 	if (!pdb_set_account_policy(AP_TIME_TO_LOGOUT, (uint32)u_logout))
 		return nt_status;
-
+#if 0
+/* FIXME: gd */
 	if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout))
 		return nt_status;
 
@@ -892,88 +1037,111 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta)
 
 	if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime))
 		return nt_status;
+#endif
 
-	if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, delta->logon_chgpass))
+	if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS,
+				    r->logon_to_chgpass))
 		return nt_status;
 
 	return NT_STATUS_OK;
 }
 
-
-static void fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta,
-		DOM_SID dom_sid)
+static void fetch_sam_entry(struct netr_DELTA_ENUM *r, DOM_SID dom_sid)
 {
-	switch(hdr_delta->type) {
-	case SAM_DELTA_ACCOUNT_INFO:
-		fetch_account_info(hdr_delta->target_rid,
-				   &delta->account_info);
+	switch(r->delta_type) {
+	case NETR_DELTA_USER:
+		fetch_account_info(r->delta_id_union.rid,
+				   r->delta_union.user);
 		break;
-	case SAM_DELTA_GROUP_INFO:
-		fetch_group_info(hdr_delta->target_rid,
-				 &delta->group_info);
+	case NETR_DELTA_GROUP:
+		fetch_group_info(r->delta_id_union.rid,
+				 r->delta_union.group);
 		break;
-	case SAM_DELTA_GROUP_MEM:
-		fetch_group_mem_info(hdr_delta->target_rid,
-				     &delta->grp_mem_info);
+	case NETR_DELTA_GROUP_MEMBER:
+		fetch_group_mem_info(r->delta_id_union.rid,
+				     r->delta_union.group_member);
 		break;
-	case SAM_DELTA_ALIAS_INFO:
-		fetch_alias_info(hdr_delta->target_rid,
-				 &delta->alias_info, dom_sid);
+	case NETR_DELTA_ALIAS:
+		fetch_alias_info(r->delta_id_union.rid,
+				 r->delta_union.alias,
+				 dom_sid);
 		break;
-	case SAM_DELTA_ALIAS_MEM:
-		fetch_alias_mem(hdr_delta->target_rid,
-				&delta->als_mem_info, dom_sid);
+	case NETR_DELTA_ALIAS_MEMBER:
+		fetch_alias_mem(r->delta_id_union.rid,
+				r->delta_union.alias_member,
+				dom_sid);
 		break;
-	case SAM_DELTA_DOMAIN_INFO:
-		fetch_domain_info(hdr_delta->target_rid,
-				&delta->domain_info);
+	case NETR_DELTA_DOMAIN:
+		fetch_domain_info(r->delta_id_union.rid,
+				  r->delta_union.domain);
 		break;
 	/* The following types are recognised but not handled */
-	case SAM_DELTA_RENAME_GROUP:
-		d_printf("SAM_DELTA_RENAME_GROUP not handled\n");
+	case NETR_DELTA_RENAME_GROUP:
+		d_printf("NETR_DELTA_RENAME_GROUP not handled\n");
+		break;
+	case NETR_DELTA_RENAME_USER:
+		d_printf("NETR_DELTA_RENAME_USER not handled\n");
+		break;
+	case NETR_DELTA_RENAME_ALIAS:
+		d_printf("NETR_DELTA_RENAME_ALIAS not handled\n");
+		break;
+	case NETR_DELTA_POLICY:
+		d_printf("NETR_DELTA_POLICY not handled\n");
 		break;
-	case SAM_DELTA_RENAME_USER:
-		d_printf("SAM_DELTA_RENAME_USER not handled\n");
+	case NETR_DELTA_TRUSTED_DOMAIN:
+		d_printf("NETR_DELTA_TRUSTED_DOMAIN not handled\n");
 		break;
-	case SAM_DELTA_RENAME_ALIAS:
-		d_printf("SAM_DELTA_RENAME_ALIAS not handled\n");
+	case NETR_DELTA_ACCOUNT:
+		d_printf("NETR_DELTA_ACCOUNT not handled\n");
 		break;
-	case SAM_DELTA_POLICY_INFO:
-		d_printf("SAM_DELTA_POLICY_INFO not handled\n");
+	case NETR_DELTA_SECRET:
+		d_printf("NETR_DELTA_SECRET not handled\n");
 		break;
-	case SAM_DELTA_TRUST_DOMS:
-		d_printf("SAM_DELTA_TRUST_DOMS not handled\n");
+	case NETR_DELTA_DELETE_GROUP:
+		d_printf("NETR_DELTA_DELETE_GROUP not handled\n");
 		break;
-	case SAM_DELTA_PRIVS_INFO:
-		d_printf("SAM_DELTA_PRIVS_INFO not handled\n");
+	case NETR_DELTA_DELETE_USER:
+		d_printf("NETR_DELTA_DELETE_USER not handled\n");
 		break;
-	case SAM_DELTA_SECRET_INFO:
-		d_printf("SAM_DELTA_SECRET_INFO not handled\n");
+	case NETR_DELTA_MODIFY_COUNT:
+		d_printf("NETR_DELTA_MODIFY_COUNT not handled\n");
 		break;
-	case SAM_DELTA_DELETE_GROUP:
-		d_printf("SAM_DELTA_DELETE_GROUP not handled\n");
+	case NETR_DELTA_DELETE_ALIAS:
+		d_printf("NETR_DELTA_DELETE_ALIAS not handled\n");
 		break;
-	case SAM_DELTA_DELETE_USER:
-		d_printf("SAM_DELTA_DELETE_USER not handled\n");
+	case NETR_DELTA_DELETE_TRUST:
+		d_printf("NETR_DELTA_DELETE_TRUST not handled\n");
 		break;
-	case SAM_DELTA_MODIFIED_COUNT:
-		d_printf("SAM_DELTA_MODIFIED_COUNT not handled\n");
+	case NETR_DELTA_DELETE_ACCOUNT:
+		d_printf("NETR_DELTA_DELETE_ACCOUNT not handled\n");
+		break;
+	case NETR_DELTA_DELETE_SECRET:
+		d_printf("NETR_DELTA_DELETE_SECRET not handled\n");
+		break;
+	case NETR_DELTA_DELETE_GROUP2:
+		d_printf("NETR_DELTA_DELETE_GROUP2 not handled\n");
+		break;
+	case NETR_DELTA_DELETE_USER2:
+		d_printf("NETR_DELTA_DELETE_USER2 not handled\n");
 		break;
 	default:
-		d_printf("Unknown delta record type %d\n", hdr_delta->type);
+		d_printf("Unknown delta record type %d\n", r->delta_type);
 		break;
 	}
 }
 
 static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type, DOM_SID dom_sid)
 {
-	uint32 sync_context = 0;
         NTSTATUS result;
 	int i;
         TALLOC_CTX *mem_ctx;
-        SAM_DELTA_HDR *hdr_deltas;
-        SAM_DELTA_CTR *deltas;
-        uint32 num_deltas;
+	const char *logon_server = pipe_hnd->cli->desthost;
+	const char *computername = global_myname();
+	struct netr_Authenticator credential;
+	struct netr_Authenticator return_authenticator;
+	enum netr_SamDatabaseID database_id = db_type;
+	uint16_t restart_state = 0;
+	uint32_t sync_context = 0;
 
 	if (!(mem_ctx = talloc_init("fetch_database")))
 		return NT_STATUS_NO_MEMORY;
@@ -994,20 +1162,36 @@ static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type,
 	}
 
 	do {
-		result = rpccli_netlogon_sam_sync(pipe_hnd, mem_ctx,
-					       db_type, sync_context,
-					       &num_deltas,
-					       &hdr_deltas, &deltas);
-
-		if (NT_STATUS_IS_OK(result) ||
-		    NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
-			for (i = 0; i < num_deltas; i++) {
-				fetch_sam_entry(&hdr_deltas[i], &deltas[i], dom_sid);
-			}
-		} else
-			return result;
+		struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
+
+		netlogon_creds_client_step(pipe_hnd->dc, &credential);
+
+		result = rpccli_netr_DatabaseSync2(pipe_hnd, mem_ctx,
+						   logon_server,
+						   computername,
+						   &credential,
+						   &return_authenticator,
+						   database_id,
+						   restart_state,
+						   &sync_context,
+						   &delta_enum_array,
+						   0xffff);
+
+		/* Check returned credentials. */
+		if (!netlogon_creds_client_check(pipe_hnd->dc,
+						 &return_authenticator.cred)) {
+			DEBUG(0,("credentials chain check failed\n"));
+			return NT_STATUS_ACCESS_DENIED;
+		}
+
+		if (NT_STATUS_IS_ERR(result)) {
+			break;
+		}
+
+		for (i = 0; i < delta_enum_array->num_deltas; i++) {
+			fetch_sam_entry(&delta_enum_array->delta_enum[i], dom_sid);
+		}
 
-		sync_context += 1;
 	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
 
 	talloc_destroy(mem_ctx);
@@ -1015,7 +1199,7 @@ static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type,
 	return result;
 }
 
-static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const char 
+static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const char
 		       *builtin_sid, FILE *add_fd)
 {
 	const char *user_suffix, *group_suffix, *machine_suffix, *idmap_suffix;
@@ -1047,7 +1231,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch
 		SAFE_FREE(suffix_attr);
 		return NT_STATUS_NO_MEMORY;
 	}
-	/* If it exists and is distinct from other containers, 
+	/* If it exists and is distinct from other containers,
 	   Write the Users entity */
 	if (*user_suffix && strcmp(user_suffix, suffix)) {
 		user_attr = sstring_sub(lp_ldap_user_suffix(), '=', ',');
@@ -1066,7 +1250,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch
 		SAFE_FREE(user_attr);
 		return NT_STATUS_NO_MEMORY;
 	}
-	/* If it exists and is distinct from other containers, 
+	/* If it exists and is distinct from other containers,
 	   Write the Groups entity */
 	if (*group_suffix && strcmp(group_suffix, suffix)) {
 		group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ',');
@@ -1078,7 +1262,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch
 		fflush(add_fd);
 	}
 
-	/* If it exists and is distinct from other containers, 
+	/* If it exists and is distinct from other containers,
 	   Write the Computers entity */
 	machine_suffix = lp_ldap_machine_suffix();
 	if (machine_suffix == NULL) {
@@ -1102,7 +1286,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch
 		fflush(add_fd);
 	}
 
-	/* If it exists and is distinct from other containers, 
+	/* If it exists and is distinct from other containers,
 	   Write the IdMap entity */
 	idmap_suffix = lp_ldap_idmap_suffix();
 	if (idmap_suffix == NULL) {
@@ -1138,7 +1322,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch
 	fprintf(add_fd, "\n");
 	fflush(add_fd);
 
-	/* Write the Domain Admins entity */ 
+	/* Write the Domain Admins entity */
 	fprintf(add_fd, "# Domain Admins, %s, %s\n", group_attr,
 		suffix);
 	fprintf(add_fd, "dn: cn=Domain Admins,ou=%s,%s\n", group_attr,
@@ -1155,7 +1339,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch
 	fprintf(add_fd, "\n");
 	fflush(add_fd);
 
-	/* Write the Domain Users entity */ 
+	/* Write the Domain Users entity */
 	fprintf(add_fd, "# Domain Users, %s, %s\n", group_attr,
 		suffix);
 	fprintf(add_fd, "dn: cn=Domain Users,ou=%s,%s\n", group_attr,
@@ -1171,7 +1355,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch
 	fprintf(add_fd, "\n");
 	fflush(add_fd);
 
-	/* Write the Domain Guests entity */ 
+	/* Write the Domain Guests entity */
 	fprintf(add_fd, "# Domain Guests, %s, %s\n", group_attr,
 		suffix);
 	fprintf(add_fd, "dn: cn=Domain Guests,ou=%s,%s\n", group_attr,
@@ -1272,7 +1456,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS map_populate_groups(GROUPMAP *groupmap, ACCOUNTMAP *accountmap, fstring sid, 
+static NTSTATUS map_populate_groups(GROUPMAP *groupmap, ACCOUNTMAP *accountmap, fstring sid,
 		    const char *suffix, const char *builtin_sid)
 {
 	char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ',');
@@ -1422,16 +1606,15 @@ static int fprintf_attr(FILE *add_fd, const char *attr_name,
 	base64_blob.data = (unsigned char *)value;
 	base64_blob.length = strlen(value);
 
-	base64 = base64_encode_data_blob(base64_blob);
+	base64 = base64_encode_data_blob(value, base64_blob);
 	SMB_ASSERT(base64 != NULL);
 
 	res = fprintf(add_fd, "%s:: %s\n", attr_name, base64);
 	TALLOC_FREE(value);
-	TALLOC_FREE(base64);
 	return res;
 }
 
-static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupmap,
+static NTSTATUS fetch_group_info_to_ldif(struct netr_DELTA_GROUP *r, GROUPMAP *groupmap,
 			 FILE *add_fd, fstring sid, char *suffix)
 {
 	fstring groupname;
@@ -1439,9 +1622,7 @@ static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma
 	char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ',');
 
 	/* Get the group name */
-	unistr2_to_ascii(groupname,
-	  		 &delta->group_info.uni_grp_name,
-			 sizeof(groupname));
+	fstrcpy(groupname, r->group_name.string);
 
 	/* Set up the group type (always 2 for group info) */
 	grouptype = 2;
@@ -1463,7 +1644,7 @@ static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma
 	}
 
 	/* Map the group rid, gid, and dn */
-	g_rid = delta->group_info.gid.g_rid;
+	g_rid = r->rid;
 	groupmap->rid = g_rid;
 	groupmap->gidNumber = ldif_gid;
 	snprintf(groupmap->sambaSID, sizeof(groupmap->sambaSID),
@@ -1491,7 +1672,7 @@ static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta,
+static NTSTATUS fetch_account_info_to_ldif(struct netr_DELTA_USER *r,
 					   GROUPMAP *groupmap,
 					   ACCOUNTMAP *accountmap,
 					   FILE *add_fd,
@@ -1511,21 +1692,18 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta,
 	int i;
 
 	/* Get the username */
-	unistr2_to_ascii(username,
-			 &(delta->account_info.uni_acct_name),
-			 sizeof(username));
+	fstrcpy(username, r->account_name.string);
 
 	/* Get the rid */
-	rid = delta->account_info.user_rid;
+	rid = r->rid;
 
 	/* Map the rid and username for group member info later */
 	accountmap->rid = rid;
 	snprintf(accountmap->cn, sizeof(accountmap->cn), "%s", username);
 
 	/* Get the home directory */
-	if (delta->account_info.acb_info & ACB_NORMAL) {
-		unistr2_to_ascii(homedir, &(delta->account_info.uni_home_dir),
-				 sizeof(homedir));
+	if (r->acct_flags & ACB_NORMAL) {
+		fstrcpy(homedir, r->home_directory.string);
 		if (!*homedir) {
 			snprintf(homedir, sizeof(homedir), "/home/%s", username);
 		} else {
@@ -1538,60 +1716,48 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta,
 	}
 
         /* Get the logon script */
-        unistr2_to_ascii(logonscript, &(delta->account_info.uni_logon_script),
-			 sizeof(logonscript));
+	fstrcpy(logonscript, r->logon_script.string);
 
         /* Get the home drive */
-        unistr2_to_ascii(homedrive, &(delta->account_info.uni_dir_drive),
-			 sizeof(homedrive));
+	fstrcpy(homedrive, r->home_drive.string);
 
         /* Get the home path */
-        unistr2_to_ascii(homepath, &(delta->account_info.uni_home_dir),
-			 sizeof(homepath));
+	fstrcpy(homepath, r->home_directory.string);
 
 	/* Get the description */
-	unistr2_to_ascii(description, &(delta->account_info.uni_acct_desc),
-			 sizeof(description));
+	fstrcpy(description, r->description.string);
 
 	/* Get the display name */
-	unistr2_to_ascii(fullname, &(delta->account_info.uni_full_name),
-			 sizeof(fullname));
+	fstrcpy(fullname, r->full_name.string);
 
 	/* Get the profile path */
-	unistr2_to_ascii(profilepath, &(delta->account_info.uni_profile),
-			 sizeof(profilepath));
+	fstrcpy(profilepath, r->profile_path.string);
 
 	/* Get lm and nt password data */
-	if (memcmp(delta->account_info.pass.buf_lm_pwd, zero_buf, 16) != 0) {
-		sam_pwd_hash(delta->account_info.user_rid, 
-			     delta->account_info.pass.buf_lm_pwd, 
-			     lm_passwd, 0);
-		pdb_sethexpwd(hex_lm_passwd, lm_passwd, 
-			      delta->account_info.acb_info);
+	if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) {
+		sam_pwd_hash(r->rid, r->lmpassword.hash, lm_passwd, 0);
+		pdb_sethexpwd(hex_lm_passwd, lm_passwd, r->acct_flags);
 	} else {
 		pdb_sethexpwd(hex_lm_passwd, NULL, 0);
 	}
-	if (memcmp(delta->account_info.pass.buf_nt_pwd, zero_buf, 16) != 0) {
-		sam_pwd_hash(delta->account_info.user_rid, 
-			     delta->account_info.pass.buf_nt_pwd, 
-			     nt_passwd, 0);
-		pdb_sethexpwd(hex_nt_passwd, nt_passwd, 
-			      delta->account_info.acb_info);
+	if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) {
+		sam_pwd_hash(r->rid, r->ntpassword.hash, nt_passwd, 0);
+		pdb_sethexpwd(hex_nt_passwd, nt_passwd, r->acct_flags);
 	} else {
 		pdb_sethexpwd(hex_nt_passwd, NULL, 0);
 	}
-	unix_time = nt_time_to_unix(delta->account_info.pwd_last_set_time);
+	unix_time = nt_time_to_unix(r->last_password_change);
 
 	/* Increment the uid for the new user */
 	ldif_uid++;
 
 	/* Set up group id and sambaSID for the user */
-	group_rid = delta->account_info.group_rid;
+	group_rid = r->primary_gid;
 	for (i=0; i<alloced; i++) {
 		if (groupmap[i].rid == group_rid) break;
 	}
 	if (i == alloced){
-		DEBUG(1, ("Could not find rid %d in groupmap array\n", 
+		DEBUG(1, ("Could not find rid %d in groupmap array\n",
 			  group_rid));
 		return NT_STATUS_UNSUCCESSFUL;
 	}
@@ -1599,7 +1765,7 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta,
 	snprintf(sambaSID, sizeof(sambaSID), groupmap[i].sambaSID);
 
 	/* Set up sambaAcctFlags */
-	flags = pdb_encode_acct_ctrl(delta->account_info.acb_info,
+	flags = pdb_encode_acct_ctrl(r->acct_flags,
 				     NEW_PW_FORMAT_SPACE_PADDED_LEN);
 
 	/* Add the user to the temporary add ldif file */
@@ -1626,8 +1792,8 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta,
                 fprintf_attr(add_fd, "sambaHomeDrive", "%s", homedrive);
         if (*logonscript)
                 fprintf_attr(add_fd, "sambaLogonScript", "%s", logonscript);
-	fprintf(add_fd, "loginShell: %s\n", 
-		((delta->account_info.acb_info & ACB_NORMAL) ?
+	fprintf(add_fd, "loginShell: %s\n",
+		((r->acct_flags & ACB_NORMAL) ?
 		 "/bin/bash" : "/bin/false"));
 	fprintf(add_fd, "gecos: System User\n");
 	if (*description)
@@ -1651,10 +1817,10 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta,
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta,
+static NTSTATUS fetch_alias_info_to_ldif(struct netr_DELTA_ALIAS *r,
 					 GROUPMAP *groupmap,
 					 FILE *add_fd, fstring sid,
-					 char *suffix, 
+					 char *suffix,
 					 unsigned db_type)
 {
 	fstring aliasname, description;
@@ -1662,12 +1828,10 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta,
 	char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ',');
 
 	/* Get the alias name */
-	unistr2_to_ascii(aliasname, &(delta->alias_info.uni_als_name),
-			 sizeof(aliasname));
+	fstrcpy(aliasname, r->alias_name.string);
 
 	/* Get the alias description */
-	unistr2_to_ascii(description, &(delta->alias_info.uni_als_desc),
-			 sizeof(description));
+	fstrcpy(description, r->description.string);
 
 	/* Set up the group type */
 	switch (db_type) {
@@ -1684,7 +1848,7 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta,
 
 	/*
 	  These groups are entered by populate_ldap_for_ldif
-	  Note that populate creates a group called Relicators, 
+	  Note that populate creates a group called Relicators,
 	  but NT returns a group called Replicator
 	*/
 	if (strcmp(aliasname, "Domain Admins") == 0 ||
@@ -1703,7 +1867,7 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta,
 	}
 
 	/* Map the group rid and gid */
-	g_rid = delta->group_info.gid.g_rid;
+	g_rid = r->rid;
 	groupmap->gidNumber = ldif_gid;
 	snprintf(groupmap->sambaSID, sizeof(groupmap->sambaSID),
 			"%s-%d", sid, g_rid);
@@ -1730,8 +1894,8 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta,
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta,
-					    SAM_DELTA_HDR *hdr_delta,
+static NTSTATUS fetch_groupmem_info_to_ldif(struct netr_DELTA_GROUP_MEMBER *r,
+					    uint32_t id_rid,
 					    GROUPMAP *groupmap,
 					    ACCOUNTMAP *accountmap,
 					    FILE *mod_fd, int alloced)
@@ -1741,8 +1905,8 @@ static NTSTATUS fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta,
 	int i, j, k;
 
 	/* Get the dn for the group */
-	if (delta->grp_mem_info.num_members > 0) {
-		group_rid = hdr_delta->target_rid;
+	if (r->num_rids > 0) {
+		group_rid = id_rid;
 		for (j=0; j<alloced; j++) {
 			if (groupmap[j].rid == group_rid) break;
 		}
@@ -1755,8 +1919,8 @@ static NTSTATUS fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta,
 		fprintf(mod_fd, "dn: %s\n", group_dn);
 
 		/* Get the cn for each member */
-		for (i=0; i<delta->grp_mem_info.num_members; i++) {
-			rid = delta->grp_mem_info.rids[i];
+		for (i=0; i < r->num_rids; i++) {
+			rid = r->rids[i];
 			for (k=0; k<alloced; k++) {
 				if (accountmap[k].rid == rid) break;
 			}
@@ -1786,15 +1950,19 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd,
 	const char *add_template = "/tmp/add.ldif.XXXXXX";
 	const char *mod_template = "/tmp/mod.ldif.XXXXXX";
 	fstring sid, domainname;
-	uint32 sync_context = 0;
 	NTSTATUS ret = NT_STATUS_OK, result;
 	int k;
 	TALLOC_CTX *mem_ctx;
-	SAM_DELTA_HDR *hdr_deltas;
-	SAM_DELTA_CTR *deltas;
 	uint32 num_deltas;
 	FILE *add_file = NULL, *mod_file = NULL, *ldif_file = NULL;
 	int num_alloced = 0, g_index = 0, a_index = 0;
+	const char *logon_server = pipe_hnd->cli->desthost;
+	const char *computername = global_myname();
+	struct netr_Authenticator credential;
+	struct netr_Authenticator return_authenticator;
+	enum netr_SamDatabaseID database_id = db_type;
+	uint16_t restart_state = 0;
+	uint32_t sync_context = 0;
 
 	/* Set up array for mapping accounts to groups */
 	/* Array element is the group rid */
@@ -1802,7 +1970,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd,
 
 	/* Set up array for mapping account rid's to cn's */
 	/* Array element is the account rid */
-	ACCOUNTMAP *accountmap = NULL; 
+	ACCOUNTMAP *accountmap = NULL;
 
 	if (!(mem_ctx = talloc_init("fetch_database"))) {
 		return NT_STATUS_NO_MEMORY;
@@ -1838,7 +2006,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd,
 		DEBUG(1, ("Could not open %s\n", mod_name));
 		ret = NT_STATUS_UNSUCCESSFUL;
 		goto done;
-	} 
+	}
 
 	/* Get the sid */
 	sid_to_fstring(sid, &dom_sid);
@@ -1894,23 +2062,41 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd,
 		d_fprintf(stderr, "Fetching PRIVS databases\n");
 		break;
 	default:
-		d_fprintf(stderr, 
-			  "Fetching unknown database type %u\n", 
+		d_fprintf(stderr,
+			  "Fetching unknown database type %u\n",
 			  db_type );
 		break;
 	}
 
 	do {
-		result = rpccli_netlogon_sam_sync(pipe_hnd, mem_ctx,
-						  db_type, sync_context,
-						  &num_deltas, &hdr_deltas, 
-						  &deltas);
-		if (!NT_STATUS_IS_OK(result) &&
-		    !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
-			ret = NT_STATUS_OK;
-			goto done; /* is this correct? jmcd */
+		struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL;
+
+		netlogon_creds_client_step(pipe_hnd->dc, &credential);
+
+		result = rpccli_netr_DatabaseSync2(pipe_hnd, mem_ctx,
+						   logon_server,
+						   computername,
+						   &credential,
+						   &return_authenticator,
+						   database_id,
+						   restart_state,
+						   &sync_context,
+						   &delta_enum_array,
+						   0xffff);
+
+		/* Check returned credentials. */
+		if (!netlogon_creds_client_check(pipe_hnd->dc,
+						 &return_authenticator.cred)) {
+			DEBUG(0,("credentials chain check failed\n"));
+			return NT_STATUS_ACCESS_DENIED;
 		}
 
+		if (NT_STATUS_IS_ERR(result)) {
+			break;
+		}
+
+		num_deltas = delta_enum_array->num_deltas;
+
 		/* Re-allocate memory for groupmap and accountmap arrays */
 		groupmap = SMB_REALLOC_ARRAY(groupmap, GROUPMAP,
 					     num_deltas+num_alloced);
@@ -1923,7 +2109,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd,
 		}
 
 		/* Initialize the new records */
-		memset(&groupmap[num_alloced], 0, 
+		memset(&groupmap[num_alloced], 0,
 		       sizeof(GROUPMAP)*num_deltas);
 		memset(&accountmap[num_alloced], 0,
 		       sizeof(ACCOUNTMAP)*num_deltas);
@@ -1933,73 +2119,60 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd,
 
 		/* Loop through the deltas */
 		for (k=0; k<num_deltas; k++) {
-			switch(hdr_deltas[k].type) {
-			case SAM_DELTA_DOMAIN_INFO:
+
+			union netr_DELTA_UNION u =
+				delta_enum_array->delta_enum[k].delta_union;
+			union netr_DELTA_ID_UNION id =
+				delta_enum_array->delta_enum[k].delta_id_union;
+
+			switch(delta_enum_array->delta_enum[k].delta_type) {
+			case NETR_DELTA_DOMAIN:
 				/* Is this case needed? */
-				unistr2_to_ascii(
-					domainname, 
-					&deltas[k].domain_info.uni_dom_name,
-					sizeof(domainname));
+				fstrcpy(domainname,
+					u.domain->domain_name.string);
 				break;
 
-			case SAM_DELTA_GROUP_INFO:
+			case NETR_DELTA_GROUP:
 				fetch_group_info_to_ldif(
-					&deltas[k], &groupmap[g_index],
+					u.group,
+					&groupmap[g_index],
 					add_file, sid, suffix);
 				g_index++;
 				break;
 
-			case SAM_DELTA_ACCOUNT_INFO:
+			case NETR_DELTA_USER:
 				fetch_account_info_to_ldif(
-					&deltas[k], groupmap, 
+					u.user, groupmap,
 					&accountmap[a_index], add_file,
 					sid, suffix, num_alloced);
 				a_index++;
 				break;
 
-			case SAM_DELTA_ALIAS_INFO:
+			case NETR_DELTA_ALIAS:
 				fetch_alias_info_to_ldif(
-					&deltas[k], &groupmap[g_index],
+					u.alias, &groupmap[g_index],
 					add_file, sid, suffix, db_type);
 				g_index++;
 				break;
 
-			case SAM_DELTA_GROUP_MEM:
+			case NETR_DELTA_GROUP_MEMBER:
 				fetch_groupmem_info_to_ldif(
-					&deltas[k], &hdr_deltas[k], 
-					groupmap, accountmap, 
+					u.group_member, id.rid,
+					groupmap, accountmap,
 					mod_file, num_alloced);
 				break;
 
-			case SAM_DELTA_ALIAS_MEM:
-				break;
-			case SAM_DELTA_POLICY_INFO:
-				break;
-			case SAM_DELTA_PRIVS_INFO:
-				break;
-			case SAM_DELTA_TRUST_DOMS:
-				/* Implemented but broken */
-				break;
-			case SAM_DELTA_SECRET_INFO:
-				/* Implemented but broken */
-				break;
-			case SAM_DELTA_RENAME_GROUP:
-				/* Not yet implemented */
-				break;
-			case SAM_DELTA_RENAME_USER:
-				/* Not yet implemented */
-				break;
-			case SAM_DELTA_RENAME_ALIAS:
-				/* Not yet implemented */
-				break;
-			case SAM_DELTA_DELETE_GROUP:
-				/* Not yet implemented */
-				break;
-			case SAM_DELTA_DELETE_USER:
-				/* Not yet implemented */
-				break;
-			case SAM_DELTA_MODIFIED_COUNT:
-				break;
+			case NETR_DELTA_ALIAS_MEMBER:
+			case NETR_DELTA_POLICY:
+			case NETR_DELTA_ACCOUNT:
+			case NETR_DELTA_TRUSTED_DOMAIN:
+			case NETR_DELTA_SECRET:
+			case NETR_DELTA_RENAME_GROUP:
+			case NETR_DELTA_RENAME_USER:
+			case NETR_DELTA_RENAME_ALIAS:
+			case NETR_DELTA_DELETE_GROUP:
+			case NETR_DELTA_DELETE_USER:
+			case NETR_DELTA_MODIFY_COUNT:
 			default:
 				break;
 			} /* end of switch */
@@ -2065,7 +2238,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd,
 		DEBUG(1,("unlink(%s) failed, error was (%s)\n",
 			 mod_name, strerror(errno)));
 	}
-	
+
 	if (ldif_file && (ldif_file != stdout)) {
 		fclose(ldif_file);
 	}
@@ -2079,15 +2252,15 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd,
 	return ret;
 }
 
-/** 
+/**
  * Basic usage function for 'net rpc vampire'
  * @param argc  Standard main() style argc
  * @param argc  Standard main() style argv.  Initial components are already
  *              stripped
  **/
 
-int rpc_vampire_usage(int argc, const char **argv) 
-{	
+int rpc_vampire_usage(int argc, const char **argv)
+{
 	d_printf("net rpc vampire [ldif [<ldif-filename>] [options]\n"
 		 "\t to pull accounts from a remote PDC where we are a BDC\n"
 		 "\t\t no args puts accounts in local passdb from smb.conf\n"
@@ -2100,13 +2273,13 @@ int rpc_vampire_usage(int argc, const char **argv)
 
 
 /* dump sam database via samsync rpc calls */
-NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, 
-				const char *domain_name, 
+NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid,
+				const char *domain_name,
 				struct cli_state *cli,
 				struct rpc_pipe_client *pipe_hnd,
-				TALLOC_CTX *mem_ctx, 
+				TALLOC_CTX *mem_ctx,
 				int argc,
-				const char **argv) 
+				const char **argv)
 {
         NTSTATUS result;
 	fstring my_dom_sid_str;
@@ -2120,7 +2293,7 @@ NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid,
 			 "workgroup=%s\n\n in your smb.conf?\n",
 			 domain_name,
 			 get_global_sam_name(),
-			 sid_to_fstring(my_dom_sid_str, 
+			 sid_to_fstring(my_dom_sid_str,
 					get_global_sam_sid()),
 			 domain_name, sid_to_fstring(rem_dom_sid_str,
 						     domain_sid),
diff --git a/source3/utils/net_rpc_service.c b/source3/utils/net_rpc_service.c
index a70ecf3c72..242d653017 100644
--- a/source3/utils/net_rpc_service.c
+++ b/source3/utils/net_rpc_service.c
@@ -1,30 +1,33 @@
-/* 
-   Samba Unix/Linux SMB client library 
-   Distributed SMB/CIFS Server Management Utility 
+/*
+   Samba Unix/Linux SMB client library
+   Distributed SMB/CIFS Server Management Utility
    Copyright (C) Gerald (Jerry) Carter          2005
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
- 
+
 #include "includes.h"
 #include "utils/net.h"
 
 
+#define CLI_SERVER_NAME_SLASH(_ctx, _p, _cli) \
+	_p = talloc_asprintf(_ctx, "\\\\%s", _cli->cli->desthost);
+
 /********************************************************************
 ********************************************************************/
 
 static WERROR query_service_state(struct rpc_pipe_client *pipe_hnd,
-				TALLOC_CTX *mem_ctx, 
+				TALLOC_CTX *mem_ctx,
 				POLICY_HND *hSCM,
 				const char *service,
 				uint32 *state )
@@ -32,24 +35,32 @@ static WERROR query_service_state(struct rpc_pipe_client *pipe_hnd,
 	POLICY_HND hService;
 	SERVICE_STATUS service_status;
 	WERROR result = WERR_GENERAL_FAILURE;
-	
+	NTSTATUS status;
+
 	/* now cycle until the status is actually 'watch_state' */
-	
-	result = rpccli_svcctl_open_service(pipe_hnd, mem_ctx, hSCM, &hService, 
-		service, SC_RIGHT_SVC_QUERY_STATUS );
 
-	if ( !W_ERROR_IS_OK(result) ) {
+	status = rpccli_svcctl_OpenServiceW(pipe_hnd, mem_ctx,
+					    hSCM,
+					    service,
+					    SC_RIGHT_SVC_QUERY_STATUS,
+					    &hService,
+					    &result);
+	if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result) ) {
 		d_fprintf(stderr, "Failed to open service.  [%s]\n", dos_errstr(result));
 		return result;
 	}
 
-	result = rpccli_svcctl_query_status(pipe_hnd, mem_ctx, &hService, &service_status  );
-	if ( W_ERROR_IS_OK(result) ) {
+	status = rpccli_svcctl_QueryServiceStatus(pipe_hnd, mem_ctx,
+						  &hService,
+						  &service_status,
+						  &result);
+
+	if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result) ) {
 		*state = service_status.state;
 	}
-	
+
 	rpccli_svcctl_CloseServiceHandle(pipe_hnd, mem_ctx, &hService, NULL);
-	
+
 	return result;
 }
 
@@ -57,17 +68,17 @@ static WERROR query_service_state(struct rpc_pipe_client *pipe_hnd,
 ********************************************************************/
 
 static WERROR watch_service_state(struct rpc_pipe_client *pipe_hnd,
-				TALLOC_CTX *mem_ctx, 
+				TALLOC_CTX *mem_ctx,
 				POLICY_HND *hSCM,
-				const char *service, 
+				const char *service,
 				uint32 watch_state,
 				uint32 *final_state )
 {
 	uint32 i;
 	uint32 state = 0;
 	WERROR result = WERR_GENERAL_FAILURE;
-	
-	
+
+
 	i = 0;
 	while ( (state != watch_state ) && i<30 ) {
 		/* get the status */
@@ -76,15 +87,15 @@ static WERROR watch_service_state(struct rpc_pipe_client *pipe_hnd,
 		if ( !W_ERROR_IS_OK(result) ) {
 			break;
 		}
-		
+
 		d_printf(".");
 		i++;
 		sys_usleep( 100 );
 	}
 	d_printf("\n");
-	
+
 	*final_state = state;
-	
+
 	return result;
 }
 
@@ -92,155 +103,187 @@ static WERROR watch_service_state(struct rpc_pipe_client *pipe_hnd,
 ********************************************************************/
 
 static WERROR control_service(struct rpc_pipe_client *pipe_hnd,
-				TALLOC_CTX *mem_ctx, 
+				TALLOC_CTX *mem_ctx,
 				POLICY_HND *hSCM,
-				const char *service, 
+				const char *service,
 				uint32 control,
 				uint32 watch_state )
 {
 	POLICY_HND hService;
 	WERROR result = WERR_GENERAL_FAILURE;
+	NTSTATUS status;
 	SERVICE_STATUS service_status;
 	uint32 state = 0;
-	
+
 	/* Open the Service */
-	
-	result = rpccli_svcctl_open_service(pipe_hnd, mem_ctx, hSCM, &hService, 
-		service, (SC_RIGHT_SVC_STOP|SC_RIGHT_SVC_PAUSE_CONTINUE) );
 
-	if ( !W_ERROR_IS_OK(result) ) {
+	status = rpccli_svcctl_OpenServiceW(pipe_hnd, mem_ctx,
+					    hSCM,
+					    service,
+					    (SC_RIGHT_SVC_STOP|SC_RIGHT_SVC_PAUSE_CONTINUE),
+					    &hService,
+					    &result);
+
+	if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result) ) {
 		d_fprintf(stderr, "Failed to open service.  [%s]\n", dos_errstr(result));
 		goto done;
 	}
-	
+
 	/* get the status */
 
-	result = rpccli_svcctl_control_service(pipe_hnd, mem_ctx, &hService, 
-		control, &service_status  );
-		
-	if ( !W_ERROR_IS_OK(result) ) {
+	status = rpccli_svcctl_ControlService(pipe_hnd, mem_ctx,
+					      &hService,
+					      control,
+					      &service_status,
+					      &result);
+
+	if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result) ) {
 		d_fprintf(stderr, "Control service request failed.  [%s]\n", dos_errstr(result));
 		goto done;
 	}
-	
+
 	/* loop -- checking the state until we are where we want to be */
-	
+
 	result = watch_service_state(pipe_hnd, mem_ctx, hSCM, service, watch_state, &state );
-		
+
 	d_printf("%s service is %s.\n", service, svc_status_string(state));
 
-done:	
+done:
 	rpccli_svcctl_CloseServiceHandle(pipe_hnd, mem_ctx, &hService, NULL);
-		
+
 	return result;
-}	
+}
 
 /********************************************************************
 ********************************************************************/
 
 static NTSTATUS rpc_service_list_internal(const DOM_SID *domain_sid,
-					const char *domain_name, 
+					const char *domain_name,
 					struct cli_state *cli,
 					struct rpc_pipe_client *pipe_hnd,
-					TALLOC_CTX *mem_ctx, 
+					TALLOC_CTX *mem_ctx,
 					int argc,
 					const char **argv )
 {
 	POLICY_HND hSCM;
 	ENUM_SERVICES_STATUS *services;
 	WERROR result = WERR_GENERAL_FAILURE;
+	NTSTATUS status;
 	fstring servicename;
 	fstring displayname;
 	uint32 num_services = 0;
+	const char *server_name;
 	int i;
-	
+
 	if (argc != 0 ) {
 		d_printf("Usage: net rpc service list\n");
 		return NT_STATUS_OK;
 	}
 
-	result = rpccli_svcctl_open_scm(pipe_hnd, mem_ctx, &hSCM, SC_RIGHT_MGR_ENUMERATE_SERVICE  );
-	if ( !W_ERROR_IS_OK(result) ) {
+	CLI_SERVER_NAME_SLASH(mem_ctx, server_name, pipe_hnd);
+	NT_STATUS_HAVE_NO_MEMORY(server_name);
+
+	status = rpccli_svcctl_OpenSCManagerW(pipe_hnd, mem_ctx,
+					      server_name,
+					      NULL,
+					      SC_RIGHT_MGR_ENUMERATE_SERVICE,
+					      &hSCM,
+					      &result);
+	if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
 		d_fprintf(stderr, "Failed to open Service Control Manager.  [%s]\n", dos_errstr(result));
 		return werror_to_ntstatus(result);
 	}
-	
+
 	result = rpccli_svcctl_enumerate_services(pipe_hnd, mem_ctx, &hSCM, SVCCTL_TYPE_WIN32,
 		SVCCTL_STATE_ALL, &num_services, &services );
-	
+
 	if ( !W_ERROR_IS_OK(result) ) {
 		d_fprintf(stderr, "Failed to enumerate services.  [%s]\n", dos_errstr(result));
 		goto done;
 	}
-	
+
 	if ( num_services == 0 )
 		d_printf("No services returned\n");
-	
+
 	for ( i=0; i<num_services; i++ ) {
 		rpcstr_pull( servicename, services[i].servicename.buffer, sizeof(servicename), -1, STR_TERMINATE );
 		rpcstr_pull( displayname, services[i].displayname.buffer, sizeof(displayname), -1, STR_TERMINATE );
-		
+
 		d_printf("%-20s    \"%s\"\n", servicename, displayname);
 	}
 
-done:	
+done:
 	rpccli_svcctl_CloseServiceHandle(pipe_hnd, mem_ctx, &hSCM, NULL);
-		
+
 	return werror_to_ntstatus(result);
-}	
+}
 
 /********************************************************************
 ********************************************************************/
 
 static NTSTATUS rpc_service_status_internal(const DOM_SID *domain_sid,
-						const char *domain_name, 
+						const char *domain_name,
 						struct cli_state *cli,
 						struct rpc_pipe_client *pipe_hnd,
-						TALLOC_CTX *mem_ctx, 
+						TALLOC_CTX *mem_ctx,
 						int argc,
 						const char **argv )
 {
 	POLICY_HND hSCM, hService;
 	WERROR result = WERR_GENERAL_FAILURE;
-	fstring servicename;
+	NTSTATUS status;
 	SERVICE_STATUS service_status;
 	SERVICE_CONFIG config;
 	fstring ascii_string;
-	
+	const char *server_name;
+
 	if (argc != 1 ) {
 		d_printf("Usage: net rpc service status <service>\n");
 		return NT_STATUS_OK;
 	}
 
-	fstrcpy( servicename, argv[0] );
-
 	/* Open the Service Control Manager */
-	
-	result = rpccli_svcctl_open_scm(pipe_hnd, mem_ctx, &hSCM, SC_RIGHT_MGR_ENUMERATE_SERVICE  );
-	if ( !W_ERROR_IS_OK(result) ) {
+	CLI_SERVER_NAME_SLASH(mem_ctx, server_name, pipe_hnd);
+	NT_STATUS_HAVE_NO_MEMORY(server_name);
+
+	status = rpccli_svcctl_OpenSCManagerW(pipe_hnd, mem_ctx,
+					      server_name,
+					      NULL,
+					      SC_RIGHT_MGR_ENUMERATE_SERVICE,
+					      &hSCM,
+					      &result);
+	if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
 		d_fprintf(stderr, "Failed to open Service Control Manager.  [%s]\n", dos_errstr(result));
 		return werror_to_ntstatus(result);
 	}
-	
+
 	/* Open the Service */
-	
-	result = rpccli_svcctl_open_service(pipe_hnd, mem_ctx, &hSCM, &hService, servicename, 
-		(SC_RIGHT_SVC_QUERY_STATUS|SC_RIGHT_SVC_QUERY_CONFIG) );
 
-	if ( !W_ERROR_IS_OK(result) ) {
+	status = rpccli_svcctl_OpenServiceW(pipe_hnd, mem_ctx,
+					    &hSCM,
+					    argv[0],
+					    (SC_RIGHT_SVC_QUERY_STATUS|SC_RIGHT_SVC_QUERY_CONFIG),
+					    &hService,
+					    &result);
+
+	if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result) ) {
 		d_fprintf(stderr, "Failed to open service.  [%s]\n", dos_errstr(result));
 		goto done;
 	}
-	
+
 	/* get the status */
 
-	result = rpccli_svcctl_query_status(pipe_hnd, mem_ctx, &hService, &service_status  );
-	if ( !W_ERROR_IS_OK(result) ) {
+	status = rpccli_svcctl_QueryServiceStatus(pipe_hnd, mem_ctx,
+						  &hService,
+						  &service_status,
+						  &result);
+
+	if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result) ) {
 		d_fprintf(stderr, "Query status request failed.  [%s]\n", dos_errstr(result));
 		goto done;
 	}
-	
-	d_printf("%s service is %s.\n", servicename, svc_status_string(service_status.state));
+
+	d_printf("%s service is %s.\n", argv[0], svc_status_string(service_status.state));
 
 	/* get the config */
 
@@ -284,28 +327,30 @@ static NTSTATUS rpc_service_status_internal(const DOM_SID *domain_sid,
 		d_printf("\tDisplay Name         = %s\n", ascii_string);
 	}
 
-done:	
+done:
         rpccli_svcctl_CloseServiceHandle(pipe_hnd, mem_ctx, &hService, NULL);
 	rpccli_svcctl_CloseServiceHandle(pipe_hnd, mem_ctx, &hSCM, NULL);
 
 	return werror_to_ntstatus(result);
-}	
+}
 
 /********************************************************************
 ********************************************************************/
 
 static NTSTATUS rpc_service_stop_internal(const DOM_SID *domain_sid,
-					const char *domain_name, 
+					const char *domain_name,
 					struct cli_state *cli,
 					struct rpc_pipe_client *pipe_hnd,
-					TALLOC_CTX *mem_ctx, 
+					TALLOC_CTX *mem_ctx,
 					int argc,
 					const char **argv )
 {
 	POLICY_HND hSCM;
 	WERROR result = WERR_GENERAL_FAILURE;
+	NTSTATUS status;
 	fstring servicename;
-	
+	const char *server_name;
+
 	if (argc != 1 ) {
 		d_printf("Usage: net rpc service status <service>\n");
 		return NT_STATUS_OK;
@@ -314,36 +359,45 @@ static NTSTATUS rpc_service_stop_internal(const DOM_SID *domain_sid,
 	fstrcpy( servicename, argv[0] );
 
 	/* Open the Service Control Manager */
-	
-	result = rpccli_svcctl_open_scm(pipe_hnd, mem_ctx, &hSCM, SC_RIGHT_MGR_ENUMERATE_SERVICE  );
-	if ( !W_ERROR_IS_OK(result) ) {
+	CLI_SERVER_NAME_SLASH(mem_ctx, server_name, pipe_hnd);
+	NT_STATUS_HAVE_NO_MEMORY(server_name);
+
+	status = rpccli_svcctl_OpenSCManagerW(pipe_hnd, mem_ctx,
+					      server_name,
+					      NULL,
+					      SC_RIGHT_MGR_ENUMERATE_SERVICE,
+					      &hSCM,
+					      &result);
+	if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
 		d_fprintf(stderr, "Failed to open Service Control Manager.  [%s]\n", dos_errstr(result));
 		return werror_to_ntstatus(result);
 	}
-	
-	result = control_service(pipe_hnd, mem_ctx, &hSCM, servicename, 
+
+	result = control_service(pipe_hnd, mem_ctx, &hSCM, servicename,
 		SVCCTL_CONTROL_STOP, SVCCTL_STOPPED );
-		
+
 	rpccli_svcctl_CloseServiceHandle(pipe_hnd, mem_ctx, &hSCM, NULL);
-		
+
 	return werror_to_ntstatus(result);
-}	
+}
 
 /********************************************************************
 ********************************************************************/
 
 static NTSTATUS rpc_service_pause_internal(const DOM_SID *domain_sid,
-					const char *domain_name, 
+					const char *domain_name,
 					struct cli_state *cli,
 					struct rpc_pipe_client *pipe_hnd,
-					TALLOC_CTX *mem_ctx, 
+					TALLOC_CTX *mem_ctx,
 					int argc,
 					const char **argv )
 {
 	POLICY_HND hSCM;
 	WERROR result = WERR_GENERAL_FAILURE;
+	NTSTATUS status;
 	fstring servicename;
-	
+	const char *server_name;
+
 	if (argc != 1 ) {
 		d_printf("Usage: net rpc service status <service>\n");
 		return NT_STATUS_OK;
@@ -352,36 +406,45 @@ static NTSTATUS rpc_service_pause_internal(const DOM_SID *domain_sid,
 	fstrcpy( servicename, argv[0] );
 
 	/* Open the Service Control Manager */
-	
-	result = rpccli_svcctl_open_scm(pipe_hnd, mem_ctx, &hSCM, SC_RIGHT_MGR_ENUMERATE_SERVICE  );
-	if ( !W_ERROR_IS_OK(result) ) {
+	CLI_SERVER_NAME_SLASH(mem_ctx, server_name, pipe_hnd);
+	NT_STATUS_HAVE_NO_MEMORY(server_name);
+
+	status = rpccli_svcctl_OpenSCManagerW(pipe_hnd, mem_ctx,
+					      server_name,
+					      NULL,
+					      SC_RIGHT_MGR_ENUMERATE_SERVICE,
+					      &hSCM,
+					      &result);
+	if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
 		d_fprintf(stderr, "Failed to open Service Control Manager.  [%s]\n", dos_errstr(result));
 		return werror_to_ntstatus(result);
 	}
-	
-	result = control_service(pipe_hnd, mem_ctx, &hSCM, servicename, 
+
+	result = control_service(pipe_hnd, mem_ctx, &hSCM, servicename,
 		SVCCTL_CONTROL_PAUSE, SVCCTL_PAUSED );
-		
+
 	rpccli_svcctl_CloseServiceHandle(pipe_hnd, mem_ctx, &hSCM, NULL);
-		
+
 	return werror_to_ntstatus(result);
-}	
+}
 
 /********************************************************************
 ********************************************************************/
 
 static NTSTATUS rpc_service_resume_internal(const DOM_SID *domain_sid,
-					const char *domain_name, 
+					const char *domain_name,
 					struct cli_state *cli,
 					struct rpc_pipe_client *pipe_hnd,
-					TALLOC_CTX *mem_ctx, 
+					TALLOC_CTX *mem_ctx,
 					int argc,
 					const char **argv )
 {
 	POLICY_HND hSCM;
 	WERROR result = WERR_GENERAL_FAILURE;
+	NTSTATUS status;
 	fstring servicename;
-	
+	const char *server_name;
+
 	if (argc != 1 ) {
 		d_printf("Usage: net rpc service status <service>\n");
 		return NT_STATUS_OK;
@@ -390,78 +453,100 @@ static NTSTATUS rpc_service_resume_internal(const DOM_SID *domain_sid,
 	fstrcpy( servicename, argv[0] );
 
 	/* Open the Service Control Manager */
-	
-	result = rpccli_svcctl_open_scm(pipe_hnd, mem_ctx, &hSCM, SC_RIGHT_MGR_ENUMERATE_SERVICE  );
-	if ( !W_ERROR_IS_OK(result) ) {
+	CLI_SERVER_NAME_SLASH(mem_ctx, server_name, pipe_hnd);
+	NT_STATUS_HAVE_NO_MEMORY(server_name);
+
+	status = rpccli_svcctl_OpenSCManagerW(pipe_hnd, mem_ctx,
+					      server_name,
+					      NULL,
+					      SC_RIGHT_MGR_ENUMERATE_SERVICE,
+					      &hSCM,
+					      &result);
+	if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
 		d_fprintf(stderr, "Failed to open Service Control Manager.  [%s]\n", dos_errstr(result));
 		return werror_to_ntstatus(result);
 	}
-	
-	result = control_service(pipe_hnd, mem_ctx, &hSCM, servicename, 
+
+	result = control_service(pipe_hnd, mem_ctx, &hSCM, servicename,
 		SVCCTL_CONTROL_CONTINUE, SVCCTL_RUNNING );
-		
+
 	rpccli_svcctl_CloseServiceHandle(pipe_hnd, mem_ctx, &hSCM, NULL);
-		
+
 	return werror_to_ntstatus(result);
-}	
+}
 
 /********************************************************************
 ********************************************************************/
 
 static NTSTATUS rpc_service_start_internal(const DOM_SID *domain_sid,
-					const char *domain_name, 
+					const char *domain_name,
 					struct cli_state *cli,
 					struct rpc_pipe_client *pipe_hnd,
-					TALLOC_CTX *mem_ctx, 
+					TALLOC_CTX *mem_ctx,
 					int argc,
 					const char **argv )
 {
 	POLICY_HND hSCM, hService;
 	WERROR result = WERR_GENERAL_FAILURE;
-	fstring servicename;
+	NTSTATUS status;
 	uint32 state = 0;
-	
+	const char *server_name;
+
 	if (argc != 1 ) {
 		d_printf("Usage: net rpc service status <service>\n");
 		return NT_STATUS_OK;
 	}
 
-	fstrcpy( servicename, argv[0] );
-
 	/* Open the Service Control Manager */
-	
-	result = rpccli_svcctl_open_scm( pipe_hnd, mem_ctx, &hSCM, SC_RIGHT_MGR_ENUMERATE_SERVICE  );
-	if ( !W_ERROR_IS_OK(result) ) {
+	CLI_SERVER_NAME_SLASH(mem_ctx, server_name, pipe_hnd);
+	NT_STATUS_HAVE_NO_MEMORY(server_name);
+
+	status = rpccli_svcctl_OpenSCManagerW(pipe_hnd, mem_ctx,
+					      server_name,
+					      NULL,
+					      SC_RIGHT_MGR_ENUMERATE_SERVICE,
+					      &hSCM,
+					      &result);
+	if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result)) {
 		d_fprintf(stderr, "Failed to open Service Control Manager.  [%s]\n", dos_errstr(result));
 		return werror_to_ntstatus(result);
 	}
-	
+
 	/* Open the Service */
-	
-	result = rpccli_svcctl_open_service(pipe_hnd, mem_ctx, &hSCM, &hService, 
-		servicename, SC_RIGHT_SVC_START );
 
-	if ( !W_ERROR_IS_OK(result) ) {
+	status = rpccli_svcctl_OpenServiceW(pipe_hnd, mem_ctx,
+					    &hSCM,
+					    argv[0],
+					    SC_RIGHT_SVC_START,
+					    &hService,
+					    &result);
+
+	if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result) ) {
 		d_fprintf(stderr, "Failed to open service.  [%s]\n", dos_errstr(result));
 		goto done;
 	}
-	
+
 	/* get the status */
 
-	result = rpccli_svcctl_start_service(pipe_hnd, mem_ctx, &hService, NULL, 0 );
-	if ( !W_ERROR_IS_OK(result) ) {
+	status = rpccli_svcctl_StartServiceW(pipe_hnd, mem_ctx,
+					     &hService,
+					     0,
+					     NULL,
+					     &result);
+
+	if (!NT_STATUS_IS_OK(status) || !W_ERROR_IS_OK(result) ) {
 		d_fprintf(stderr, "Query status request failed.  [%s]\n", dos_errstr(result));
 		goto done;
 	}
-	
-	result = watch_service_state(pipe_hnd, mem_ctx, &hSCM, servicename, SVCCTL_RUNNING, &state  );
-	
+
+	result = watch_service_state(pipe_hnd, mem_ctx, &hSCM, argv[0], SVCCTL_RUNNING, &state  );
+
 	if ( W_ERROR_IS_OK(result) && (state == SVCCTL_RUNNING) )
-		d_printf("Successfully started service: %s\n", servicename );
+		d_printf("Successfully started service: %s\n", argv[0] );
 	else
-		d_fprintf(stderr, "Failed to start service: %s [%s]\n", servicename, dos_errstr(result) );
-	
-done:	
+		d_fprintf(stderr, "Failed to start service: %s [%s]\n", argv[0], dos_errstr(result) );
+
+done:
 	rpccli_svcctl_CloseServiceHandle(pipe_hnd, mem_ctx, &hService, NULL);
 	rpccli_svcctl_CloseServiceHandle(pipe_hnd, mem_ctx, &hSCM, NULL);
 
@@ -473,7 +558,7 @@ done:
 
 static int rpc_service_list( int argc, const char **argv )
 {
-	return run_rpc_command( NULL, PI_SVCCTL, 0, 
+	return run_rpc_command( NULL, PI_SVCCTL, 0,
 		rpc_service_list_internal, argc, argv );
 }
 
@@ -482,7 +567,7 @@ static int rpc_service_list( int argc, const char **argv )
 
 static int rpc_service_start( int argc, const char **argv )
 {
-	return run_rpc_command( NULL, PI_SVCCTL, 0, 
+	return run_rpc_command( NULL, PI_SVCCTL, 0,
 		rpc_service_start_internal, argc, argv );
 }
 
@@ -491,7 +576,7 @@ static int rpc_service_start( int argc, const char **argv )
 
 static int rpc_service_stop( int argc, const char **argv )
 {
-	return run_rpc_command( NULL, PI_SVCCTL, 0, 
+	return run_rpc_command( NULL, PI_SVCCTL, 0,
 		rpc_service_stop_internal, argc, argv );
 }
 
@@ -500,7 +585,7 @@ static int rpc_service_stop( int argc, const char **argv )
 
 static int rpc_service_resume( int argc, const char **argv )
 {
-	return run_rpc_command( NULL, PI_SVCCTL, 0, 
+	return run_rpc_command( NULL, PI_SVCCTL, 0,
 		rpc_service_resume_internal, argc, argv );
 }
 
@@ -509,7 +594,7 @@ static int rpc_service_resume( int argc, const char **argv )
 
 static int rpc_service_pause( int argc, const char **argv )
 {
-	return run_rpc_command( NULL, PI_SVCCTL, 0, 
+	return run_rpc_command( NULL, PI_SVCCTL, 0,
 		rpc_service_pause_internal, argc, argv );
 }
 
@@ -518,7 +603,7 @@ static int rpc_service_pause( int argc, const char **argv )
 
 static int rpc_service_status( int argc, const char **argv )
 {
-	return run_rpc_command( NULL, PI_SVCCTL, 0, 
+	return run_rpc_command( NULL, PI_SVCCTL, 0,
 		rpc_service_status_internal, argc, argv );
 }
 
@@ -533,14 +618,14 @@ static int net_help_service( int argc, const char **argv )
 	d_printf("net rpc service pause <service>    Pause a service\n");
 	d_printf("net rpc service resume <service>   Resume a paused service\n");
 	d_printf("net rpc service status <service>   View the current status of a service\n");
-	
+
 	return -1;
 }
 
 /********************************************************************
 ********************************************************************/
 
-int net_rpc_service(int argc, const char **argv) 
+int net_rpc_service(int argc, const char **argv)
 {
 	struct functable func[] = {
 		{"list", rpc_service_list},
@@ -551,9 +636,9 @@ int net_rpc_service(int argc, const char **argv)
 		{"status", rpc_service_status},
 		{NULL, NULL}
 	};
-	
+
 	if ( argc )
 		return net_run_function( argc, argv, func, net_help_service );
-		
+
 	return net_help_service( argc, argv );
 }
diff --git a/source3/utils/net_rpc_sh_acct.c b/source3/utils/net_rpc_sh_acct.c
index ac0ffca1f3..57640ca3a8 100644
--- a/source3/utils/net_rpc_sh_acct.c
+++ b/source3/utils/net_rpc_sh_acct.c
@@ -31,39 +31,46 @@ static NTSTATUS rpc_sh_acct_do(TALLOC_CTX *mem_ctx,
 			       int argc, const char **argv,
 			       int (*fn)(TALLOC_CTX *mem_ctx,
 					  struct rpc_sh_ctx *ctx,
-					  SAM_UNK_INFO_1 *i1,
-					  SAM_UNK_INFO_3 *i3,
-					  SAM_UNK_INFO_12 *i12,
+					  struct samr_DomInfo1 *i1,
+					  struct samr_DomInfo3 *i3,
+					  struct samr_DomInfo12 *i12,
 					  int argc, const char **argv))
 {
 	POLICY_HND connect_pol, domain_pol;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	SAM_UNK_CTR ctr1, ctr3, ctr12;
+	union samr_DomainInfo *info1 = NULL;
+	union samr_DomainInfo *info3 = NULL;
+	union samr_DomainInfo *info12 = NULL;
 	int store;
 
 	ZERO_STRUCT(connect_pol);
 	ZERO_STRUCT(domain_pol);
 
 	/* Get sam policy handle */
-	
-	result = rpccli_samr_connect(pipe_hnd, mem_ctx,
-				     MAXIMUM_ALLOWED_ACCESS, 
-				     &connect_pol);
+
+	result = rpccli_samr_Connect2(pipe_hnd, mem_ctx,
+				      pipe_hnd->cli->desthost,
+				      MAXIMUM_ALLOWED_ACCESS,
+				      &connect_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 	
 	/* Get domain policy handle */
-	
-	result = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &connect_pol,
-					 MAXIMUM_ALLOWED_ACCESS,
-					 ctx->domain_sid, &domain_pol);
+
+	result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
+					&connect_pol,
+					MAXIMUM_ALLOWED_ACCESS,
+					ctx->domain_sid,
+					&domain_pol);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
-	result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol,
-					    1, &ctr1);
+	result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
+					     &domain_pol,
+					     1,
+					     &info1);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		d_fprintf(stderr, "query_domain_info level 1 failed: %s\n",
@@ -71,8 +78,10 @@ static NTSTATUS rpc_sh_acct_do(TALLOC_CTX *mem_ctx,
 		goto done;
 	}
 
-	result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol,
-					    3, &ctr3);
+	result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
+					     &domain_pol,
+					     3,
+					     &info3);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		d_fprintf(stderr, "query_domain_info level 3 failed: %s\n",
@@ -80,8 +89,10 @@ static NTSTATUS rpc_sh_acct_do(TALLOC_CTX *mem_ctx,
 		goto done;
 	}
 
-	result = rpccli_samr_query_dom_info(pipe_hnd, mem_ctx, &domain_pol,
-					    12, &ctr12);
+	result = rpccli_samr_QueryDomainInfo(pipe_hnd, mem_ctx,
+					     &domain_pol,
+					     12,
+					     &info12);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		d_fprintf(stderr, "query_domain_info level 12 failed: %s\n",
@@ -89,8 +100,8 @@ static NTSTATUS rpc_sh_acct_do(TALLOC_CTX *mem_ctx,
 		goto done;
 	}
 
-	store = fn(mem_ctx, ctx, &ctr1.info.inf1, &ctr3.info.inf3,
-		   &ctr12.info.inf12, argc, argv);
+	store = fn(mem_ctx, ctx, &info1->info1, &info3->info3,
+		   &info12->info12, argc, argv);
 
 	if (store <= 0) {
 		/* Don't save anything */
@@ -99,16 +110,22 @@ static NTSTATUS rpc_sh_acct_do(TALLOC_CTX *mem_ctx,
 
 	switch (store) {
 	case 1:
-		result = rpccli_samr_set_domain_info(pipe_hnd, mem_ctx,
-						     &domain_pol, 1, &ctr1);
+		result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
+						   &domain_pol,
+						   1,
+						   info1);
 		break;
 	case 3:
-		result = rpccli_samr_set_domain_info(pipe_hnd, mem_ctx,
-						     &domain_pol, 3, &ctr3);
+		result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
+						   &domain_pol,
+						   3,
+						   info3);
 		break;
 	case 12:
-		result = rpccli_samr_set_domain_info(pipe_hnd, mem_ctx,
-						     &domain_pol, 12, &ctr12);
+		result = rpccli_samr_SetDomainInfo(pipe_hnd, mem_ctx,
+						   &domain_pol,
+						   12,
+						   info12);
 		break;
 	default:
 		d_fprintf(stderr, "Got unexpected info level %d\n", store);
@@ -118,18 +135,19 @@ static NTSTATUS rpc_sh_acct_do(TALLOC_CTX *mem_ctx,
 
  done:
 	if (is_valid_policy_hnd(&domain_pol)) {
-		rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol);
+		rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
 	}
 	if (is_valid_policy_hnd(&connect_pol)) {
-		rpccli_samr_close(pipe_hnd, mem_ctx, &connect_pol);
+		rpccli_samr_Close(pipe_hnd, mem_ctx, &connect_pol);
 	}
 
 	return result;
 }
 
 static int account_show(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
-			SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
-			SAM_UNK_INFO_12 *i12,
+			struct samr_DomInfo1 *i1,
+			struct samr_DomInfo3 *i3,
+			struct samr_DomInfo12 *i12,
 			int argc, const char **argv)
 {
 	if (argc != 0) {
@@ -137,40 +155,40 @@ static int account_show(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
 		return -1;
 	}
 
-	d_printf("Minimum password length: %d\n", i1->min_length_password);
-	d_printf("Password history length: %d\n", i1->password_history);
+	d_printf("Minimum password length: %d\n", i1->min_password_length);
+	d_printf("Password history length: %d\n", i1->password_history_length);
 
 	d_printf("Minimum password age: ");
-	if (!nt_time_is_zero(&i1->min_passwordage)) {
-		time_t t = nt_time_to_unix_abs(&i1->min_passwordage);
+	if (!nt_time_is_zero((NTTIME *)&i1->min_password_age)) {
+		time_t t = nt_time_to_unix_abs((NTTIME *)&i1->min_password_age);
 		d_printf("%d seconds\n", (int)t);
 	} else {
 		d_printf("not set\n");
 	}
 
 	d_printf("Maximum password age: ");
-	if (nt_time_is_set(&i1->expire)) {
-		time_t t = nt_time_to_unix_abs(&i1->expire);
+	if (nt_time_is_set((NTTIME *)&i1->max_password_age)) {
+		time_t t = nt_time_to_unix_abs((NTTIME *)&i1->max_password_age);
 		d_printf("%d seconds\n", (int)t);
 	} else {
 		d_printf("not set\n");
 	}
 
-	d_printf("Bad logon attempts: %d\n", i12->bad_attempt_lockout);
+	d_printf("Bad logon attempts: %d\n", i12->lockout_threshold);
 
-	if (i12->bad_attempt_lockout != 0) {
+	if (i12->lockout_threshold != 0) {
 
 		d_printf("Account lockout duration: ");
-		if (nt_time_is_set(&i12->duration)) {
-			time_t t = nt_time_to_unix_abs(&i12->duration);
+		if (nt_time_is_set(&i12->lockout_duration)) {
+			time_t t = nt_time_to_unix_abs(&i12->lockout_duration);
 			d_printf("%d seconds\n", (int)t);
 		} else {
 			d_printf("not set\n");
 		}
 
 		d_printf("Bad password count reset after: ");
-		if (nt_time_is_set(&i12->reset_count)) {
-			time_t t = nt_time_to_unix_abs(&i12->reset_count);
+		if (nt_time_is_set(&i12->lockout_window)) {
+			time_t t = nt_time_to_unix_abs(&i12->lockout_window);
 			d_printf("%d seconds\n", (int)t);
 		} else {
 			d_printf("not set\n");
@@ -178,7 +196,7 @@ static int account_show(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
 	}
 
 	d_printf("Disconnect users when logon hours expire: %s\n",
-		 nt_time_is_zero(&i3->logout) ? "yes" : "no");
+		 nt_time_is_zero(&i3->force_logoff_time) ? "yes" : "no");
 
 	d_printf("User must logon to change password: %s\n",
 		 (i1->password_properties & 0x2) ? "yes" : "no");
@@ -195,8 +213,9 @@ static NTSTATUS rpc_sh_acct_pol_show(TALLOC_CTX *mem_ctx,
 }
 
 static int account_set_badpw(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
-			     SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
-			     SAM_UNK_INFO_12 *i12,
+			     struct samr_DomInfo1 *i1,
+			     struct samr_DomInfo3 *i3,
+			     struct samr_DomInfo12 *i12,
 			     int argc, const char **argv)
 {
 	if (argc != 1) {
@@ -204,9 +223,9 @@ static int account_set_badpw(TALLOC_CTX *mem_ctx, struct rpc_sh_ctx *ctx,
 		return -1;
 	}
 
-	i12->bad_attempt_lockout = atoi(argv[0]);
+	i12->lockout_threshold = atoi(argv[0]);
 	d_printf("Setting bad password count to %d\n",
-		 i12->bad_attempt_lockout);
+		 i12->lockout_threshold);
 
 	return 12;
 }
@@ -222,8 +241,9 @@ static NTSTATUS rpc_sh_acct_set_badpw(TALLOC_CTX *mem_ctx,
 
 static int account_set_lockduration(TALLOC_CTX *mem_ctx,
 				    struct rpc_sh_ctx *ctx,
-				    SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
-				    SAM_UNK_INFO_12 *i12,
+				    struct samr_DomInfo1 *i1,
+				    struct samr_DomInfo3 *i3,
+				    struct samr_DomInfo12 *i12,
 				    int argc, const char **argv)
 {
 	if (argc != 1) {
@@ -231,9 +251,9 @@ static int account_set_lockduration(TALLOC_CTX *mem_ctx,
 		return -1;
 	}
 
-	unix_to_nt_time_abs(&i12->duration, atoi(argv[0]));
+	unix_to_nt_time_abs(&i12->lockout_duration, atoi(argv[0]));
 	d_printf("Setting lockout duration to %d seconds\n",
-		 (int)nt_time_to_unix_abs(&i12->duration));
+		 (int)nt_time_to_unix_abs(&i12->lockout_duration));
 
 	return 12;
 }
@@ -249,8 +269,9 @@ static NTSTATUS rpc_sh_acct_set_lockduration(TALLOC_CTX *mem_ctx,
 
 static int account_set_resetduration(TALLOC_CTX *mem_ctx,
 				     struct rpc_sh_ctx *ctx,
-				     SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
-				     SAM_UNK_INFO_12 *i12,
+				     struct samr_DomInfo1 *i1,
+				     struct samr_DomInfo3 *i3,
+				     struct samr_DomInfo12 *i12,
 				     int argc, const char **argv)
 {
 	if (argc != 1) {
@@ -258,9 +279,9 @@ static int account_set_resetduration(TALLOC_CTX *mem_ctx,
 		return -1;
 	}
 
-	unix_to_nt_time_abs(&i12->reset_count, atoi(argv[0]));
+	unix_to_nt_time_abs(&i12->lockout_window, atoi(argv[0]));
 	d_printf("Setting bad password reset duration to %d seconds\n",
-		 (int)nt_time_to_unix_abs(&i12->reset_count));
+		 (int)nt_time_to_unix_abs(&i12->lockout_window));
 
 	return 12;
 }
@@ -276,8 +297,9 @@ static NTSTATUS rpc_sh_acct_set_resetduration(TALLOC_CTX *mem_ctx,
 
 static int account_set_minpwage(TALLOC_CTX *mem_ctx,
 				struct rpc_sh_ctx *ctx,
-				SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
-				SAM_UNK_INFO_12 *i12,
+				struct samr_DomInfo1 *i1,
+				struct samr_DomInfo3 *i3,
+				struct samr_DomInfo12 *i12,
 				int argc, const char **argv)
 {
 	if (argc != 1) {
@@ -285,9 +307,9 @@ static int account_set_minpwage(TALLOC_CTX *mem_ctx,
 		return -1;
 	}
 
-	unix_to_nt_time_abs(&i1->min_passwordage, atoi(argv[0]));
+	unix_to_nt_time_abs((NTTIME *)&i1->min_password_age, atoi(argv[0]));
 	d_printf("Setting minimum password age to %d seconds\n",
-		 (int)nt_time_to_unix_abs(&i1->min_passwordage));
+		 (int)nt_time_to_unix_abs((NTTIME *)&i1->min_password_age));
 
 	return 1;
 }
@@ -303,8 +325,9 @@ static NTSTATUS rpc_sh_acct_set_minpwage(TALLOC_CTX *mem_ctx,
 
 static int account_set_maxpwage(TALLOC_CTX *mem_ctx,
 				struct rpc_sh_ctx *ctx,
-				SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
-				SAM_UNK_INFO_12 *i12,
+				struct samr_DomInfo1 *i1,
+				struct samr_DomInfo3 *i3,
+				struct samr_DomInfo12 *i12,
 				int argc, const char **argv)
 {
 	if (argc != 1) {
@@ -312,9 +335,9 @@ static int account_set_maxpwage(TALLOC_CTX *mem_ctx,
 		return -1;
 	}
 
-	unix_to_nt_time_abs(&i1->expire, atoi(argv[0]));
+	unix_to_nt_time_abs((NTTIME *)&i1->max_password_age, atoi(argv[0]));
 	d_printf("Setting maximum password age to %d seconds\n",
-		 (int)nt_time_to_unix_abs(&i1->expire));
+		 (int)nt_time_to_unix_abs((NTTIME *)&i1->max_password_age));
 
 	return 1;
 }
@@ -330,8 +353,9 @@ static NTSTATUS rpc_sh_acct_set_maxpwage(TALLOC_CTX *mem_ctx,
 
 static int account_set_minpwlen(TALLOC_CTX *mem_ctx,
 				struct rpc_sh_ctx *ctx,
-				SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
-				SAM_UNK_INFO_12 *i12,
+				struct samr_DomInfo1 *i1,
+				struct samr_DomInfo3 *i3,
+				struct samr_DomInfo12 *i12,
 				int argc, const char **argv)
 {
 	if (argc != 1) {
@@ -339,9 +363,9 @@ static int account_set_minpwlen(TALLOC_CTX *mem_ctx,
 		return -1;
 	}
 
-	i1->min_length_password = atoi(argv[0]);
+	i1->min_password_length = atoi(argv[0]);
 	d_printf("Setting minimum password length to %d\n",
-		 i1->min_length_password);
+		 i1->min_password_length);
 
 	return 1;
 }
@@ -357,8 +381,9 @@ static NTSTATUS rpc_sh_acct_set_minpwlen(TALLOC_CTX *mem_ctx,
 
 static int account_set_pwhistlen(TALLOC_CTX *mem_ctx,
 				 struct rpc_sh_ctx *ctx,
-				 SAM_UNK_INFO_1 *i1, SAM_UNK_INFO_3 *i3,
-				 SAM_UNK_INFO_12 *i12,
+				 struct samr_DomInfo1 *i1,
+				 struct samr_DomInfo3 *i3,
+				 struct samr_DomInfo12 *i12,
 				 int argc, const char **argv)
 {
 	if (argc != 1) {
@@ -366,9 +391,9 @@ static int account_set_pwhistlen(TALLOC_CTX *mem_ctx,
 		return -1;
 	}
 
-	i1->password_history = atoi(argv[0]);
+	i1->password_history_length = atoi(argv[0]);
 	d_printf("Setting password history length to %d\n",
-		 i1->password_history);
+		 i1->password_history_length);
 
 	return 1;
 }
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 6a702fc0cf..df2bf9753b 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1,23 +1,24 @@
-/* 
+/*
    Unix SMB/CIFS implementation.
 
    Winbind status program.
 
    Copyright (C) Tim Potter      2000-2003
    Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003-2004
-   Copyright (C) Francesco Chemolli <kinkie@kame.usr.dsi.unimi.it> 2000 
+   Copyright (C) Francesco Chemolli <kinkie@kame.usr.dsi.unimi.it> 2000
    Copyright (C) Robert O'Callahan 2006 (added cached credential code).
+   Copyright (C) Kai Blin <kai@samba.org> 2008
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
-   
+
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
-   
+
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@@ -28,7 +29,8 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_WINBIND
 
-#define SQUID_BUFFER_SIZE 2010
+#define INITIAL_BUFFER_SIZE 300
+#define MAX_BUFFER_SIZE 630000
 
 enum stdio_helper_mode {
 	SQUID_2_4_BASIC,
@@ -42,28 +44,56 @@ enum stdio_helper_mode {
 	NUM_HELPER_MODES
 };
 
-typedef void (*stdio_helper_function)(enum stdio_helper_mode stdio_helper_mode, 
-				     char *buf, int length);
+enum ntlm_auth_cli_state {
+	CLIENT_INITIAL = 0,
+	CLIENT_RESPONSE,
+	CLIENT_FINISHED,
+	CLIENT_ERROR
+};
+
+enum ntlm_auth_svr_state {
+	SERVER_INITIAL = 0,
+	SERVER_CHALLENGE,
+	SERVER_FINISHED,
+	SERVER_ERROR
+};
+
+struct ntlm_auth_state {
+	TALLOC_CTX *mem_ctx;
+	enum stdio_helper_mode helper_mode;
+	enum ntlm_auth_cli_state cli_state;
+	enum ntlm_auth_svr_state svr_state;
+	struct ntlmssp_state *ntlmssp_state;
+	uint32_t neg_flags;
+	char *want_feature_list;
+	bool have_session_key;
+	DATA_BLOB session_key;
+	DATA_BLOB initial_message;
+};
+
+typedef void (*stdio_helper_function)(struct ntlm_auth_state *state, char *buf,
+					int length);
 
-static void manage_squid_basic_request (enum stdio_helper_mode stdio_helper_mode, 
+static void manage_squid_basic_request (struct ntlm_auth_state *state,
 					char *buf, int length);
 
-static void manage_squid_ntlmssp_request (enum stdio_helper_mode stdio_helper_mode, 
-					  char *buf, int length);
+static void manage_squid_ntlmssp_request (struct ntlm_auth_state *state,
+					char *buf, int length);
 
-static void manage_client_ntlmssp_request (enum stdio_helper_mode stdio_helper_mode, 
-					   char *buf, int length);
+static void manage_client_ntlmssp_request (struct ntlm_auth_state *state,
+					char *buf, int length);
 
-static void manage_gss_spnego_request (enum stdio_helper_mode stdio_helper_mode, 
-				       char *buf, int length);
+static void manage_gss_spnego_request (struct ntlm_auth_state *state,
+					char *buf, int length);
 
-static void manage_gss_spnego_client_request (enum stdio_helper_mode stdio_helper_mode, 
-					      char *buf, int length);
+static void manage_gss_spnego_client_request (struct ntlm_auth_state *state,
+					char *buf, int length);
 
-static void manage_ntlm_server_1_request (enum stdio_helper_mode stdio_helper_mode, 
-					  char *buf, int length);
+static void manage_ntlm_server_1_request (struct ntlm_auth_state *state,
+					char *buf, int length);
 
-static void manage_ntlm_change_password_1_request(enum stdio_helper_mode helper_mode, char *buf, int length);
+static void manage_ntlm_change_password_1_request(struct ntlm_auth_state *state,
+					char *buf, int length);
 
 static const struct {
 	enum stdio_helper_mode mode;
@@ -123,7 +153,7 @@ static char winbind_separator(void)
 		d_printf("winbind separator was NULL!\n");
 		return *lp_winbind_separator();
 	}
-	
+
 	return sep;
 }
 
@@ -388,7 +418,7 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
 	}
 
 	if (flags & WBFLAG_PAM_UNIX_NAME) {
-		*unix_name = SMB_STRDUP((char *)response.extra_data.data);
+		*unix_name = SMB_STRDUP(response.data.auth.unix_username);
 		if (!*unix_name) {
 			winbindd_free_response(&response);
 			return NT_STATUS_NO_MEMORY;
@@ -679,14 +709,9 @@ static NTSTATUS do_ccache_ntlm_auth(DATA_BLOB initial_msg, DATA_BLOB challenge_m
 	return NT_STATUS_MORE_PROCESSING_REQUIRED;
 }
 
-static void manage_squid_ntlmssp_request(enum stdio_helper_mode stdio_helper_mode, 
-					 char *buf, int length) 
+static void manage_squid_ntlmssp_request(struct ntlm_auth_state *state,
+						char *buf, int length)
 {
-	static NTLMSSP_STATE *ntlmssp_state = NULL;
-	static char* want_feature_list = NULL;
-	static uint32 neg_flags = 0;
-	static bool have_session_key = False;
-	static DATA_BLOB session_key;
 	DATA_BLOB request, reply;
 	NTSTATUS nt_status;
 
@@ -699,8 +724,9 @@ static void manage_squid_ntlmssp_request(enum stdio_helper_mode stdio_helper_mod
 	if (strlen(buf) > 3) {
 		if(strncmp(buf, "SF ", 3) == 0){
 			DEBUG(10, ("Setting flags to negotioate\n"));
-			SAFE_FREE(want_feature_list);
-			want_feature_list = SMB_STRNDUP(buf+3, strlen(buf)-3);
+			TALLOC_FREE(state->want_feature_list);
+			state->want_feature_list = talloc_strdup(state->mem_ctx,
+					buf+3);
 			x_fprintf(x_stdout, "OK\n");
 			return;
 		}
@@ -710,9 +736,11 @@ static void manage_squid_ntlmssp_request(enum stdio_helper_mode stdio_helper_mod
 	}
 
 	if ((strncmp(buf, "PW ", 3) == 0)) {
-		/* The calling application wants us to use a local password (rather than winbindd) */
+		/* The calling application wants us to use a local password
+		 * (rather than winbindd) */
 
-		opt_password = SMB_STRNDUP((const char *)request.data, request.length);
+		opt_password = SMB_STRNDUP((const char *)request.data,
+				request.length);
 
 		if (opt_password == NULL) {
 			DEBUG(1, ("Out of memory\n"));
@@ -727,25 +755,33 @@ static void manage_squid_ntlmssp_request(enum stdio_helper_mode stdio_helper_mod
 	}
 
 	if (strncmp(buf, "YR", 2) == 0) {
-		if (ntlmssp_state)
-			ntlmssp_end(&ntlmssp_state);
+		if (state->ntlmssp_state)
+			ntlmssp_end(&state->ntlmssp_state);
+		state->svr_state = SERVER_INITIAL;
 	} else if (strncmp(buf, "KK", 2) == 0) {
-		
+		/* No special preprocessing required */
 	} else if (strncmp(buf, "GF", 2) == 0) {
 		DEBUG(10, ("Requested negotiated NTLMSSP flags\n"));
-		x_fprintf(x_stdout, "GF 0x%08lx\n", have_session_key?neg_flags:0l);
+
+		if (state->svr_state == SERVER_FINISHED) {
+			x_fprintf(x_stdout, "GF 0x%08x\n", state->neg_flags);
+		}
+		else {
+			x_fprintf(x_stdout, "BH\n");
+		}
 		data_blob_free(&request);
 		return;
 	} else if (strncmp(buf, "GK", 2) == 0) {
 		DEBUG(10, ("Requested NTLMSSP session key\n"));
-		if(have_session_key) {
-			char *key64 = base64_encode_data_blob(session_key);
+		if(state->have_session_key) {
+			char *key64 = base64_encode_data_blob(state->mem_ctx,
+					state->session_key);
 			x_fprintf(x_stdout, "GK %s\n", key64?key64:"<NULL>");
 			TALLOC_FREE(key64);
 		} else {
 			x_fprintf(x_stdout, "BH\n");
 		}
-			
+
 		data_blob_free(&request);
 		return;
 	} else {
@@ -754,65 +790,62 @@ static void manage_squid_ntlmssp_request(enum stdio_helper_mode stdio_helper_mod
 		return;
 	}
 
-	if (!ntlmssp_state) {
-		if (!NT_STATUS_IS_OK(nt_status = ntlm_auth_start_ntlmssp_server(&ntlmssp_state))) {
+	if (!state->ntlmssp_state) {
+		nt_status = ntlm_auth_start_ntlmssp_server(
+				&state->ntlmssp_state);
+		if (!NT_STATUS_IS_OK(nt_status)) {
 			x_fprintf(x_stdout, "BH %s\n", nt_errstr(nt_status));
 			return;
 		}
-		ntlmssp_want_feature_list(ntlmssp_state, want_feature_list);
+		ntlmssp_want_feature_list(state->ntlmssp_state,
+				state->want_feature_list);
 	}
 
 	DEBUG(10, ("got NTLMSSP packet:\n"));
 	dump_data(10, request.data, request.length);
 
-	nt_status = ntlmssp_update(ntlmssp_state, request, &reply);
-	
+	nt_status = ntlmssp_update(state->ntlmssp_state, request, &reply);
+
 	if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-		char *reply_base64 = base64_encode_data_blob(reply);
+		char *reply_base64 = base64_encode_data_blob(state->mem_ctx,
+				reply);
 		x_fprintf(x_stdout, "TT %s\n", reply_base64);
 		TALLOC_FREE(reply_base64);
 		data_blob_free(&reply);
+		state->svr_state = SERVER_CHALLENGE;
 		DEBUG(10, ("NTLMSSP challenge\n"));
 	} else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCESS_DENIED)) {
 		x_fprintf(x_stdout, "BH %s\n", nt_errstr(nt_status));
 		DEBUG(0, ("NTLMSSP BH: %s\n", nt_errstr(nt_status)));
 
-		ntlmssp_end(&ntlmssp_state);
+		ntlmssp_end(&state->ntlmssp_state);
 	} else if (!NT_STATUS_IS_OK(nt_status)) {
 		x_fprintf(x_stdout, "NA %s\n", nt_errstr(nt_status));
 		DEBUG(10, ("NTLMSSP %s\n", nt_errstr(nt_status)));
 	} else {
-		x_fprintf(x_stdout, "AF %s\n", (char *)ntlmssp_state->auth_context);
+		x_fprintf(x_stdout, "AF %s\n",
+				(char *)state->ntlmssp_state->auth_context);
 		DEBUG(10, ("NTLMSSP OK!\n"));
-		
-		if(have_session_key)
-			data_blob_free(&session_key);
-		session_key = data_blob(ntlmssp_state->session_key.data, 
-				ntlmssp_state->session_key.length);
-		neg_flags = ntlmssp_state->neg_flags;
-		have_session_key = True;
+
+		if(state->have_session_key)
+			data_blob_free(&state->session_key);
+		state->session_key = data_blob(
+				state->ntlmssp_state->session_key.data,
+				state->ntlmssp_state->session_key.length);
+		state->neg_flags = state->ntlmssp_state->neg_flags;
+		state->have_session_key = true;
+		state->svr_state = SERVER_FINISHED;
 	}
 
 	data_blob_free(&request);
 }
 
-static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mode, 
-					 char *buf, int length) 
+static void manage_client_ntlmssp_request(struct ntlm_auth_state *state,
+					 	char *buf, int length)
 {
-	/* The statics here are *HORRIBLE* and this entire concept
-	   needs to be rewritten. Essentially it's using these statics
-	   as the state in a state machine. BLEEEGH ! JRA. */
-
-	static NTLMSSP_STATE *ntlmssp_state = NULL;
-	static DATA_BLOB initial_message;
-	static char* want_feature_list = NULL;
-	static uint32 neg_flags = 0;
-	static bool have_session_key = False;
-	static DATA_BLOB session_key;
 	DATA_BLOB request, reply;
 	NTSTATUS nt_status;
-	bool first = False;
-	
+
 	if (!opt_username || !*opt_username) {
 		x_fprintf(x_stderr, "username must be specified!\n\n");
 		exit(1);
@@ -827,8 +860,9 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo
 	if (strlen(buf) > 3) {
 		if(strncmp(buf, "SF ", 3) == 0) {
 			DEBUG(10, ("Looking for flags to negotiate\n"));
-			SAFE_FREE(want_feature_list);
-			want_feature_list = SMB_STRNDUP(buf+3, strlen(buf)-3);
+			talloc_free(state->want_feature_list);
+			state->want_feature_list = talloc_strdup(state->mem_ctx,
+					buf+3);
 			x_fprintf(x_stdout, "OK\n");
 			return;
 		}
@@ -840,7 +874,8 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo
 	if (strncmp(buf, "PW ", 3) == 0) {
 		/* We asked for a password and obviously got it :-) */
 
-		opt_password = SMB_STRNDUP((const char *)request.data, request.length);
+		opt_password = SMB_STRNDUP((const char *)request.data,
+				request.length);
 
 		if (opt_password == NULL) {
 			DEBUG(1, ("Out of memory\n"));
@@ -854,8 +889,8 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo
 		return;
 	}
 
-	if (!ntlmssp_state && use_cached_creds) {
-		/* check whether credentials are usable. */
+	if (!state->ntlmssp_state && use_cached_creds) {
+		/* check whether cached credentials are usable. */
 		DATA_BLOB empty_blob = data_blob_null;
 
 		nt_status = do_ccache_ntlm_auth(empty_blob, empty_blob, NULL);
@@ -866,30 +901,39 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo
 	}
 
 	if (opt_password == NULL && !use_cached_creds) {
-		
 		/* Request a password from the calling process.  After
-		   sending it, the calling process should retry asking for the negotiate. */
-		
+		   sending it, the calling process should retry asking for the
+		   negotiate. */
+
 		DEBUG(10, ("Requesting password\n"));
 		x_fprintf(x_stdout, "PW\n");
 		return;
 	}
 
 	if (strncmp(buf, "YR", 2) == 0) {
-		if (ntlmssp_state)
-			ntlmssp_end(&ntlmssp_state);
+		if (state->ntlmssp_state)
+			ntlmssp_end(&state->ntlmssp_state);
+		state->cli_state = CLIENT_INITIAL;
 	} else if (strncmp(buf, "TT", 2) == 0) {
-		
+		/* No special preprocessing required */
 	} else if (strncmp(buf, "GF", 2) == 0) {
 		DEBUG(10, ("Requested negotiated NTLMSSP flags\n"));
-		x_fprintf(x_stdout, "GF 0x%08lx\n", have_session_key?neg_flags:0l);
+
+		if(state->cli_state == CLIENT_FINISHED) {
+			x_fprintf(x_stdout, "GF 0x%08x\n", state->neg_flags);
+		}
+		else {
+			x_fprintf(x_stdout, "BH\n");
+		}
+
 		data_blob_free(&request);
 		return;
 	} else if (strncmp(buf, "GK", 2) == 0 ) {
 		DEBUG(10, ("Requested session key\n"));
 
-		if(have_session_key) {
-			char *key64 = base64_encode_data_blob(session_key);
+		if(state->cli_state == CLIENT_FINISHED) {
+			char *key64 = base64_encode_data_blob(state->mem_ctx,
+					state->session_key);
 			x_fprintf(x_stdout, "GK %s\n", key64?key64:"<NULL>");
 			TALLOC_FREE(key64);
 		}
@@ -905,67 +949,75 @@ static void manage_client_ntlmssp_request(enum stdio_helper_mode stdio_helper_mo
 		return;
 	}
 
-	if (!ntlmssp_state) {
-		if (!NT_STATUS_IS_OK(nt_status = ntlm_auth_start_ntlmssp_client(&ntlmssp_state))) {
+	if (!state->ntlmssp_state) {
+		nt_status = ntlm_auth_start_ntlmssp_client(
+				&state->ntlmssp_state);
+		if (!NT_STATUS_IS_OK(nt_status)) {
 			x_fprintf(x_stdout, "BH %s\n", nt_errstr(nt_status));
 			return;
 		}
-		ntlmssp_want_feature_list(ntlmssp_state, want_feature_list);
-		first = True;
-		initial_message = data_blob_null;
+		ntlmssp_want_feature_list(state->ntlmssp_state,
+				state->want_feature_list);
+		state->initial_message = data_blob_null;
 	}
 
 	DEBUG(10, ("got NTLMSSP packet:\n"));
 	dump_data(10, request.data, request.length);
 
-	if (use_cached_creds && !opt_password && !first) {
-		nt_status = do_ccache_ntlm_auth(initial_message, request, &reply);
+	if (use_cached_creds && !opt_password &&
+			(state->cli_state == CLIENT_RESPONSE)) {
+		nt_status = do_ccache_ntlm_auth(state->initial_message, request,
+				&reply);
 	} else {
-		nt_status = ntlmssp_update(ntlmssp_state, request, &reply);
+		nt_status = ntlmssp_update(state->ntlmssp_state, request,
+				&reply);
 	}
-	
+
 	if (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-		char *reply_base64 = base64_encode_data_blob(reply);
-		if (first) {
+		char *reply_base64 = base64_encode_data_blob(state->mem_ctx,
+				reply);
+		if (state->cli_state == CLIENT_INITIAL) {
 			x_fprintf(x_stdout, "YR %s\n", reply_base64);
-		} else { 
-			x_fprintf(x_stdout, "KK %s\n", reply_base64);
-		}
-		TALLOC_FREE(reply_base64);
-		if (first) {
-			initial_message = reply;
+			state->initial_message = reply;
+			state->cli_state = CLIENT_RESPONSE;
 		} else {
+			x_fprintf(x_stdout, "KK %s\n", reply_base64);
 			data_blob_free(&reply);
 		}
+		TALLOC_FREE(reply_base64);
 		DEBUG(10, ("NTLMSSP challenge\n"));
 	} else if (NT_STATUS_IS_OK(nt_status)) {
-		char *reply_base64 = base64_encode_data_blob(reply);
+		char *reply_base64 = base64_encode_data_blob(talloc_tos(),
+				reply);
 		x_fprintf(x_stdout, "AF %s\n", reply_base64);
 		TALLOC_FREE(reply_base64);
 
-		if(have_session_key)
-			data_blob_free(&session_key);
+		if(state->have_session_key)
+			data_blob_free(&state->session_key);
 
-		session_key = data_blob(ntlmssp_state->session_key.data, 
-				ntlmssp_state->session_key.length);
-		neg_flags = ntlmssp_state->neg_flags;
-		have_session_key = True;
+		state->session_key = data_blob(
+				state->ntlmssp_state->session_key.data,
+				state->ntlmssp_state->session_key.length);
+		state->neg_flags = state->ntlmssp_state->neg_flags;
+		state->have_session_key = true;
 
 		DEBUG(10, ("NTLMSSP OK!\n"));
-		if (ntlmssp_state)
-			ntlmssp_end(&ntlmssp_state);
+		state->cli_state = CLIENT_FINISHED;
+		if (state->ntlmssp_state)
+			ntlmssp_end(&state->ntlmssp_state);
 	} else {
 		x_fprintf(x_stdout, "BH %s\n", nt_errstr(nt_status));
 		DEBUG(0, ("NTLMSSP BH: %s\n", nt_errstr(nt_status)));
-		if (ntlmssp_state)
-			ntlmssp_end(&ntlmssp_state);
+		state->cli_state = CLIENT_ERROR;
+		if (state->ntlmssp_state)
+			ntlmssp_end(&state->ntlmssp_state);
 	}
 
 	data_blob_free(&request);
 }
 
-static void manage_squid_basic_request(enum stdio_helper_mode stdio_helper_mode, 
-				       char *buf, int length) 
+static void manage_squid_basic_request(struct ntlm_auth_state *state,
+					char *buf, int length)
 {
 	char *user, *pass;	
 	user=buf;
@@ -979,7 +1031,7 @@ static void manage_squid_basic_request(enum stdio_helper_mode stdio_helper_mode,
 	*pass='\0';
 	pass++;
 	
-	if (stdio_helper_mode == SQUID_2_5_BASIC) {
+	if (state->helper_mode == SQUID_2_5_BASIC) {
 		rfc1738_unescape(user);
 		rfc1738_unescape(pass);
 	}
@@ -1039,7 +1091,7 @@ static void offer_gss_spnego_mechs(void) {
 		return;
 	}
 
-	reply_base64 = base64_encode_data_blob(token);
+	reply_base64 = base64_encode_data_blob(talloc_tos(), token);
 	x_fprintf(x_stdout, "TT %s *\n", reply_base64);
 
 	TALLOC_FREE(reply_base64);
@@ -1048,8 +1100,8 @@ static void offer_gss_spnego_mechs(void) {
 	return;
 }
 
-static void manage_gss_spnego_request(enum stdio_helper_mode stdio_helper_mode, 
-				      char *buf, int length) 
+static void manage_gss_spnego_request(struct ntlm_auth_state *state,
+					char *buf, int length)
 {
 	static NTLMSSP_STATE *ntlmssp_state = NULL;
 	SPNEGO_DATA request, response;
@@ -1163,7 +1215,7 @@ static void manage_gss_spnego_request(enum stdio_helper_mode stdio_helper_mode,
 			char *principal;
 			DATA_BLOB ap_rep;
 			DATA_BLOB session_key;
-			PAC_DATA *pac_data = NULL;
+			struct PAC_DATA *pac_data = NULL;
 
 			if ( request.negTokenInit.mechToken.data == NULL ) {
 				DEBUG(1, ("Client did not provide Kerberos data\n"));
@@ -1276,7 +1328,7 @@ static void manage_gss_spnego_request(enum stdio_helper_mode stdio_helper_mode,
 		return;
 	}
 
-	reply_base64 = base64_encode_data_blob(token);
+	reply_base64 = base64_encode_data_blob(talloc_tos(), token);
 
 	x_fprintf(x_stdout, "%s %s %s\n",
 		  reply_code, reply_base64, reply_argument);
@@ -1343,7 +1395,7 @@ static bool manage_client_ntlmssp_init(SPNEGO_DATA spnego)
 	write_spnego_data(&to_server, &spnego);
 	data_blob_free(&spnego.negTokenInit.mechToken);
 
-	to_server_base64 = base64_encode_data_blob(to_server);
+	to_server_base64 = base64_encode_data_blob(talloc_tos(), to_server);
 	data_blob_free(&to_server);
 	x_fprintf(x_stdout, "KK %s\n", to_server_base64);
 	TALLOC_FREE(to_server_base64);
@@ -1401,7 +1453,7 @@ static void manage_client_ntlmssp_targ(SPNEGO_DATA spnego)
 	write_spnego_data(&to_server, &spnego);
 	data_blob_free(&request);
 
-	to_server_base64 = base64_encode_data_blob(to_server);
+	to_server_base64 = base64_encode_data_blob(talloc_tos(), to_server);
 	data_blob_free(&to_server);
 	x_fprintf(x_stdout, "KK %s\n", to_server_base64);
 	TALLOC_FREE(to_server_base64);
@@ -1490,7 +1542,7 @@ static bool manage_client_krb5_init(SPNEGO_DATA spnego)
 		return False;
 	}
 
-	reply_base64 = base64_encode_data_blob(to_server);
+	reply_base64 = base64_encode_data_blob(talloc_tos(), to_server);
 	x_fprintf(x_stdout, "KK %s *\n", reply_base64);
 
 	TALLOC_FREE(reply_base64);
@@ -1522,8 +1574,8 @@ static void manage_client_krb5_targ(SPNEGO_DATA spnego)
 
 #endif
 
-static void manage_gss_spnego_client_request(enum stdio_helper_mode stdio_helper_mode, 
-					     char *buf, int length) 
+static void manage_gss_spnego_client_request(struct ntlm_auth_state *state,
+						char *buf, int length)
 {
 	DATA_BLOB request;
 	SPNEGO_DATA spnego;
@@ -1660,8 +1712,8 @@ static void manage_gss_spnego_client_request(enum stdio_helper_mode stdio_helper
 	return;
 }
 
-static void manage_ntlm_server_1_request(enum stdio_helper_mode stdio_helper_mode, 
-					 char *buf, int length) 
+static void manage_ntlm_server_1_request(struct ntlm_auth_state *state,
+						char *buf, int length)
 {
 	char *request, *parameter;	
 	static DATA_BLOB challenge;
@@ -1853,7 +1905,8 @@ static void manage_ntlm_server_1_request(enum stdio_helper_mode stdio_helper_mod
 	}
 }
 
-static void manage_ntlm_change_password_1_request(enum stdio_helper_mode helper_mode, char *buf, int length)
+static void manage_ntlm_change_password_1_request(struct ntlm_auth_state *state,
+							char *buf, int length)
 {
 	char *request, *parameter;	
 	static DATA_BLOB new_nt_pswd;
@@ -2063,57 +2116,93 @@ static void manage_ntlm_change_password_1_request(enum stdio_helper_mode helper_
 	}
 }
 
-static void manage_squid_request(enum stdio_helper_mode helper_mode, stdio_helper_function fn) 
+static void manage_squid_request(struct ntlm_auth_state *state,
+		stdio_helper_function fn)
 {
-	char buf[SQUID_BUFFER_SIZE+1];
-	int length;
+	char *buf;
+	char tmp[INITIAL_BUFFER_SIZE+1];
+	int length, buf_size = 0;
 	char *c;
-	static bool err;
 
-	/* this is not a typo - x_fgets doesn't work too well under squid */
-	if (fgets(buf, sizeof(buf)-1, stdin) == NULL) {
-		if (ferror(stdin)) {
-			DEBUG(1, ("fgets() failed! dying..... errno=%d (%s)\n", ferror(stdin),
-				  strerror(ferror(stdin))));
-			
-			exit(1);    /* BIIG buffer */
-		}
-		exit(0);
-	}
-    
-	c=(char *)memchr(buf,'\n',sizeof(buf)-1);
-	if (c) {
-		*c = '\0';
-		length = c-buf;
-	} else {
-		err = 1;
-		return;
-	}
-	if (err) {
-		DEBUG(2, ("Oversized message\n"));
+	buf = talloc_strdup(state->mem_ctx, "");
+	if (!buf) {
+		DEBUG(0, ("Failed to allocate input buffer.\n"));
 		x_fprintf(x_stderr, "ERR\n");
-		err = 0;
-		return;
+		exit(1);
 	}
 
+	do {
+
+		/* this is not a typo - x_fgets doesn't work too well under
+		 * squid */
+		if (fgets(tmp, sizeof(tmp)-1, stdin) == NULL) {
+			if (ferror(stdin)) {
+				DEBUG(1, ("fgets() failed! dying..... errno=%d "
+					  "(%s)\n", ferror(stdin),
+					  strerror(ferror(stdin))));
+
+				exit(1);
+			}
+			exit(0);
+		}
+
+		buf = talloc_strdup_append_buffer(buf, tmp);
+		buf_size += INITIAL_BUFFER_SIZE;
+
+		if (buf_size > MAX_BUFFER_SIZE) {
+			DEBUG(2, ("Oversized message\n"));
+			x_fprintf(x_stderr, "ERR\n");
+			talloc_free(buf);
+			return;
+		}
+
+		c = strchr(buf, '\n');
+	} while (c == NULL);
+
+	*c = '\0';
+	length = c-buf;
+
 	DEBUG(10, ("Got '%s' from squid (length: %d).\n",buf,length));
 
 	if (buf[0] == '\0') {
 		DEBUG(2, ("Invalid Request\n"));
 		x_fprintf(x_stderr, "ERR\n");
+		talloc_free(buf);
 		return;
 	}
-	
-	fn(helper_mode, buf, length);
+
+	fn(state, buf, length);
+	talloc_free(buf);
 }
 
 
 static void squid_stream(enum stdio_helper_mode stdio_mode, stdio_helper_function fn) {
+	TALLOC_CTX *mem_ctx;
+	struct ntlm_auth_state *state;
+
 	/* initialize FDescs */
 	x_setbuf(x_stdout, NULL);
 	x_setbuf(x_stderr, NULL);
+
+	mem_ctx = talloc_init("ntlm_auth");
+	if (!mem_ctx) {
+		DEBUG(0, ("squid_stream: Failed to create talloc context\n"));
+		x_fprintf(x_stderr, "ERR\n");
+		exit(1);
+	}
+
+	state = talloc_zero(mem_ctx, struct ntlm_auth_state);
+	if (!state) {
+		DEBUG(0, ("squid_stream: Failed to talloc ntlm_auth_state\n"));
+		x_fprintf(x_stderr, "ERR\n");
+		exit(1);
+	}
+
+	state->mem_ctx = mem_ctx;
+	state->helper_mode = stdio_mode;
+
 	while(1) {
-		manage_squid_request(stdio_mode, fn);
+		manage_squid_request(state, fn);
 	}
 }
 
@@ -2233,7 +2322,8 @@ enum {
 		{ "use-cached-creds", 0, POPT_ARG_NONE, &use_cached_creds, OPT_USE_CACHED_CREDS, "Use cached credentials if no password is given"},
 		{ "diagnostics", 0, POPT_ARG_NONE, &diagnostics, OPT_DIAGNOSTICS, "Perform diagnostics on the authentictaion chain"},
 		{ "require-membership-of", 0, POPT_ARG_STRING, &require_membership_of, OPT_REQUIRE_MEMBERSHIP, "Require that a user be a member of this group (either name or SID) for authentication to succeed" },
-		POPT_COMMON_SAMBA
+		POPT_COMMON_CONFIGFILE
+		POPT_COMMON_VERSION
 		POPT_TABLEEND
 	};
 
@@ -2241,14 +2331,6 @@ enum {
 	load_case_tables();
 
 	dbf = x_stderr;
-	
-	/* Samba client initialisation */
-
-	if (!lp_load(get_dyn_CONFIGFILE(), True, False, False, True)) {
-		d_fprintf(stderr, "ntlm_auth: error opening config file %s. Error was %s\n",
-			get_dyn_CONFIGFILE(), strerror(errno));
-		exit(1);
-	}
 
 	/* Parse options */
 
@@ -2261,6 +2343,18 @@ enum {
 		return 1;
 	}
 
+	while((opt = poptGetNextOpt(pc)) != -1) {
+		/* Get generic config options like --configfile */
+	}
+
+	poptFreeContext(pc);
+
+	if (!lp_load(get_dyn_CONFIGFILE(), True, False, False, True)) {
+		d_fprintf(stderr, "ntlm_auth: error opening config file %s. Error was %s\n",
+			get_dyn_CONFIGFILE(), strerror(errno));
+		exit(1);
+	}
+
 	pc = poptGetContext(NULL, argc, (const char **)argv, long_options, 
 			    POPT_CONTEXT_KEEP_FIRST);
 
diff --git a/source3/utils/smbcontrol.c b/source3/utils/smbcontrol.c
index fe0c22911e..db2eefe1e2 100644
--- a/source3/utils/smbcontrol.c
+++ b/source3/utils/smbcontrol.c
@@ -1008,6 +1008,62 @@ static bool do_dump_event_list(struct messaging_context *msg_ctx,
 	return send_message(msg_ctx, pid, MSG_DUMP_EVENT_LIST, NULL, 0);
 }
 
+static bool do_winbind_dump_domain_list(struct messaging_context *msg_ctx,
+					const struct server_id pid,
+					const int argc, const char **argv)
+{
+	const char *domain = NULL;
+	int domain_len = 0;
+	struct server_id myid;
+	uint8_t *buf = NULL;
+	int buf_len = 0;
+
+	myid = pid_to_procid(sys_getpid());
+
+	if (argc < 1 || argc > 2) {
+		fprintf(stderr, "Usage: smbcontrol <dest> dump_domain_list "
+			"<domain>\n");
+		return false;
+	}
+
+	if (argc == 2) {
+		domain = argv[1];
+		domain_len = strlen(argv[1]) + 1;
+	}
+
+	messaging_register(msg_ctx, NULL, MSG_WINBIND_DUMP_DOMAIN_LIST,
+			   print_pid_string_cb);
+
+	buf_len = sizeof(myid)+domain_len;
+	buf = SMB_MALLOC_ARRAY(uint8_t, buf_len);
+	if (!buf) {
+		return false;
+	}
+
+	memcpy(buf, &myid, sizeof(myid));
+	memcpy(&buf[sizeof(myid)], domain, domain_len);
+
+	if (!send_message(msg_ctx, pid, MSG_WINBIND_DUMP_DOMAIN_LIST,
+			  buf, buf_len))
+	{
+		SAFE_FREE(buf);
+		return false;
+	}
+
+	wait_replies(msg_ctx, procid_to_pid(&pid) == 0);
+
+	/* No replies were received within the timeout period */
+
+	SAFE_FREE(buf);
+	if (num_replies == 0) {
+		printf("No replies received\n");
+	}
+
+	messaging_deregister(msg_ctx, MSG_WINBIND_DUMP_DOMAIN_LIST, NULL);
+
+	return num_replies;
+}
+
 static void winbind_validate_cache_cb(struct messaging_context *msg,
 				      void *private_data,
 				      uint32_t msg_type,
@@ -1150,6 +1206,7 @@ static const struct {
 	{ "dump-event-list", do_dump_event_list, "Dump event list"},
 	{ "validate-cache" , do_winbind_validate_cache,
 	  "Validate winbind's credential cache" },
+	{ "dump-domain-list", do_winbind_dump_domain_list, "Dump winbind domain list"},
 	{ "noop", do_noop, "Do nothing" },
 	{ NULL }
 };
diff --git a/source3/utils/smbfilter.c b/source3/utils/smbfilter.c
index 8db969722a..e128e1ce34 100644
--- a/source3/utils/smbfilter.c
+++ b/source3/utils/smbfilter.c
@@ -169,7 +169,9 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss)
 		if (num <= 0) continue;
 		
 		if (c != -1 && FD_ISSET(c, &fds)) {
-			if (!receive_smb_raw(c, packet, 0, 0, NULL)) {
+			size_t len;
+			if (!NT_STATUS_IS_OK(receive_smb_raw(
+						     c, packet, 0, 0, &len))) {
 				d_printf("client closed connection\n");
 				exit(0);
 			}
@@ -180,7 +182,9 @@ static void filter_child(int c, struct sockaddr_storage *dest_ss)
 			}			
 		}
 		if (s != -1 && FD_ISSET(s, &fds)) {
-			if (!receive_smb_raw(s, packet, 0, 0, NULL)) {
+			size_t len;
+			if (!NT_STATUS_IS_OK(receive_smb_raw(
+						     s, packet, 0, 0, &len))) {
 				d_printf("server closed connection\n");
 				exit(0);
 			}
diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index 07a6fbcf54..c6233b0869 100644
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -164,7 +164,9 @@ void cgi_load_variables(void)
 	open("/dev/null", O_RDWR);
 
 	if ((s=query_string) || (s=getenv("QUERY_STRING"))) {
-		for (tok=strtok(s,"&;");tok;tok=strtok(NULL,"&;")) {
+		char *saveptr;
+		for (tok=strtok_r(s, "&;", &saveptr); tok;
+		     tok=strtok_r(NULL, "&;", &saveptr)) {
 			p = strchr_m(tok,'=');
 			if (!p) continue;
 			
diff --git a/source3/web/neg_lang.c b/source3/web/neg_lang.c
index bb481306e7..82411000cd 100644
--- a/source3/web/neg_lang.c
+++ b/source3/web/neg_lang.c
@@ -74,7 +74,7 @@ void web_set_lang(const char *lang_string)
 	int lang_num, i;
 
 	/* build the lang list */
-	lang_list = str_list_make(lang_string, ", \t\r\n");
+	lang_list = str_list_make(talloc_tos(), lang_string, ", \t\r\n");
 	if (!lang_list) return;
 	
 	/* sort the list by priority */
@@ -100,7 +100,7 @@ void web_set_lang(const char *lang_string)
 		}
 		pl[i].string = SMB_STRDUP(lang_list[i]);
 	}
-	str_list_free(&lang_list);
+	TALLOC_FREE(lang_list);
 
 	qsort(pl, lang_num, sizeof(struct pri_list), &qsort_cmp_list);
 
diff --git a/source3/winbindd/idmap_nss.c b/source3/winbindd/idmap_nss.c
index 46c24d7fcb..e4acd9ce65 100644
--- a/source3/winbindd/idmap_nss.c
+++ b/source3/winbindd/idmap_nss.c
@@ -87,10 +87,10 @@ static NTSTATUS idmap_nss_unixids_to_sids(struct idmap_domain *dom, struct id_ma
 
 		/* by default calls to winbindd are disabled
 		   the following call will not recurse so this is safe */
-		winbind_on();
+		(void)winbind_on();
 		/* Lookup name from PDC using lsa_lookup_names() */
 		ret = winbind_lookup_name(dom->name, name, ids[i]->sid, &type);
-		winbind_off();
+		(void)winbind_off();
 
 		if (!ret) {
 			/* TODO: how do we know if the name is really not mapped,
@@ -153,9 +153,9 @@ static NTSTATUS idmap_nss_sids_to_unixids(struct idmap_domain *dom, struct id_ma
 
 		/* by default calls to winbindd are disabled
 		   the following call will not recurse so this is safe */
-		winbind_on();
+		(void)winbind_on();
 		ret = winbind_lookup_sid(ctx, ids[i]->sid, &dom_name, &name, &type);
-		winbind_off();
+		(void)winbind_off();
 
 		if (!ret) {
 			/* TODO: how do we know if the name is really not mapped,
diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c
new file mode 100644
index 0000000000..ab89e615f7
--- /dev/null
+++ b/source3/winbindd/idmap_tdb2.c
@@ -0,0 +1,1017 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   idmap TDB2 backend, used for clustered Samba setups.
+
+   This uses 2 tdb files. One is permanent, and is in shared storage
+   on the cluster (using "tdb:idmap2.tdb =" in smb.conf). The other is a
+   temporary cache tdb on local storage.
+
+   Copyright (C) Andrew Tridgell 2007
+
+   This is heavily based upon idmap_tdb.c, which is:
+
+   Copyright (C) Tim Potter 2000
+   Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
+   Copyright (C) Jeremy Allison 2006
+   Copyright (C) Simo Sorce 2003-2006
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "winbindd.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_IDMAP
+
+/* High water mark keys */
+#define HWM_GROUP  "GROUP HWM"
+#define HWM_USER   "USER HWM"
+
+static struct idmap_tdb2_state {
+	/* User and group id pool */
+	uid_t low_uid, high_uid;               /* Range of uids to allocate */
+	gid_t low_gid, high_gid;               /* Range of gids to allocate */
+	const char *idmap_script;
+} idmap_tdb2_state;
+
+
+
+/* tdb context for the local cache tdb */
+static TDB_CONTEXT *idmap_tdb2_tmp;
+
+/* handle to the permanent tdb */
+static struct db_context *idmap_tdb2_perm;
+
+/*
+  open the cache tdb
+ */
+static NTSTATUS idmap_tdb2_open_cache_db(void)
+{
+	const char *db_path;
+
+	if (idmap_tdb2_tmp) {
+		/* its already open */
+		return NT_STATUS_OK;
+	}
+
+	db_path = lock_path("idmap2_cache.tdb");
+
+	/* Open idmap repository */
+	if (!(idmap_tdb2_tmp = tdb_open_log(db_path, 0, TDB_CLEAR_IF_FIRST, O_RDWR|O_CREAT, 0644))) {
+		DEBUG(0, ("Unable to open cache idmap database '%s'\n", db_path));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+static NTSTATUS idmap_tdb2_alloc_load(void);
+
+/*
+  open the permanent tdb
+ */
+static NTSTATUS idmap_tdb2_open_perm_db(void)
+{
+	char *db_path;
+	
+	if (idmap_tdb2_perm) {
+		/* its already open */
+		return NT_STATUS_OK;
+	}
+
+	db_path = lp_parm_talloc_string(-1, "tdb", "idmap2.tdb", NULL);
+	if (db_path == NULL) {
+		/* fall back to the private directory, which, despite
+		   its name, is usually on shared storage */
+		db_path = talloc_asprintf(NULL, "%s/idmap2.tdb", lp_private_dir());
+	}
+	NT_STATUS_HAVE_NO_MEMORY(db_path);
+
+	/* Open idmap repository */
+	idmap_tdb2_perm = db_open(NULL, db_path, 0, TDB_DEFAULT,
+				  O_RDWR|O_CREAT, 0644);
+	TALLOC_FREE(db_path);
+
+	if (idmap_tdb2_perm == NULL) {
+		DEBUG(0, ("Unable to open permanent idmap database '%s'\n",
+			  db_path));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* load the ranges and high/low water marks */
+	return idmap_tdb2_alloc_load();
+}
+
+
+/*
+  load the idmap allocation ranges and high/low water marks
+*/
+static NTSTATUS idmap_tdb2_alloc_load(void)
+{
+	const char *range;
+	uid_t low_uid = 0;
+	uid_t high_uid = 0;
+	gid_t low_gid = 0;
+	gid_t high_gid = 0;
+
+	/* load ranges */
+	idmap_tdb2_state.low_uid = 0;
+	idmap_tdb2_state.high_uid = 0;
+	idmap_tdb2_state.low_gid = 0;
+	idmap_tdb2_state.high_gid = 0;
+
+	/* see if a idmap script is configured */
+	idmap_tdb2_state.idmap_script = lp_parm_const_string(-1, "idmap", "script", NULL);
+
+	if (idmap_tdb2_state.idmap_script) {
+		DEBUG(1, ("using idmap script '%s'\n", idmap_tdb2_state.idmap_script));
+	}
+
+	range = lp_parm_const_string(-1, "idmap alloc config", "range", NULL);
+	if (range && range[0]) {
+		unsigned low_id, high_id;
+		if (sscanf(range, "%u - %u", &low_id, &high_id) == 2) {
+			if (low_id < high_id) {
+				idmap_tdb2_state.low_gid = idmap_tdb2_state.low_uid = low_id;
+				idmap_tdb2_state.high_gid = idmap_tdb2_state.high_uid = high_id;
+			} else {
+				DEBUG(1, ("ERROR: invalid idmap alloc range [%s]", range));
+			}
+		} else {
+			DEBUG(1, ("ERROR: invalid syntax for idmap alloc config:range [%s]", range));
+		}
+	}
+
+	/* Create high water marks for group and user id */
+	if (lp_idmap_uid(&low_uid, &high_uid)) {
+		idmap_tdb2_state.low_uid = low_uid;
+		idmap_tdb2_state.high_uid = high_uid;
+	}
+
+	if (lp_idmap_gid(&low_gid, &high_gid)) {
+		idmap_tdb2_state.low_gid = low_gid;
+		idmap_tdb2_state.high_gid = high_gid;
+	}
+
+	if (idmap_tdb2_state.high_uid <= idmap_tdb2_state.low_uid) {
+		DEBUG(1, ("idmap uid range missing or invalid\n"));
+		DEBUGADD(1, ("idmap will be unable to map foreign SIDs\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	} else {
+		uint32 low_id;
+
+		if (((low_id = dbwrap_fetch_int32(idmap_tdb2_perm,
+						  HWM_USER)) == -1) ||
+		    (low_id < idmap_tdb2_state.low_uid)) {
+			if (dbwrap_store_int32(
+				    idmap_tdb2_perm, HWM_USER,
+				    idmap_tdb2_state.low_uid) == -1) {
+				DEBUG(0, ("Unable to initialise user hwm in idmap database\n"));
+				return NT_STATUS_INTERNAL_DB_ERROR;
+			}
+		}
+	}
+
+	if (idmap_tdb2_state.high_gid <= idmap_tdb2_state.low_gid) {
+		DEBUG(1, ("idmap gid range missing or invalid\n"));
+		DEBUGADD(1, ("idmap will be unable to map foreign SIDs\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	} else {
+		uint32 low_id;
+
+		if (((low_id = dbwrap_fetch_int32(idmap_tdb2_perm,
+						  HWM_GROUP)) == -1) ||
+		    (low_id < idmap_tdb2_state.low_gid)) {
+			if (dbwrap_store_int32(
+				    idmap_tdb2_perm, HWM_GROUP,
+				    idmap_tdb2_state.low_gid) == -1) {
+				DEBUG(0, ("Unable to initialise group hwm in idmap database\n"));
+				return NT_STATUS_INTERNAL_DB_ERROR;
+			}
+		}
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+/*
+  Initialise idmap alloc database. 
+*/
+static NTSTATUS idmap_tdb2_alloc_init(const char *params)
+{
+	/* nothing to do - we want to avoid opening the permanent
+	   database if possible. Instead we load the params when we
+	   first need it. */
+	return NT_STATUS_OK;
+}
+
+
+/*
+  Allocate a new id. 
+*/
+static NTSTATUS idmap_tdb2_allocate_id(struct unixid *xid)
+{
+	bool ret;
+	const char *hwmkey;
+	const char *hwmtype;
+	uint32_t high_hwm;
+	uint32_t hwm;
+	NTSTATUS status;
+
+	status = idmap_tdb2_open_perm_db();
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	/* Get current high water mark */
+	switch (xid->type) {
+
+	case ID_TYPE_UID:
+		hwmkey = HWM_USER;
+		hwmtype = "UID";
+		high_hwm = idmap_tdb2_state.high_uid;
+		break;
+
+	case ID_TYPE_GID:
+		hwmkey = HWM_GROUP;
+		hwmtype = "GID";
+		high_hwm = idmap_tdb2_state.high_gid;
+		break;
+
+	default:
+		DEBUG(2, ("Invalid ID type (0x%x)\n", xid->type));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if ((hwm = dbwrap_fetch_int32(idmap_tdb2_perm, hwmkey)) == -1) {
+		return NT_STATUS_INTERNAL_DB_ERROR;
+	}
+
+	/* check it is in the range */
+	if (hwm > high_hwm) {
+		DEBUG(1, ("Fatal Error: %s range full!! (max: %lu)\n", 
+			  hwmtype, (unsigned long)high_hwm));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* fetch a new id and increment it */
+	ret = dbwrap_change_uint32_atomic(idmap_tdb2_perm, hwmkey, &hwm, 1);
+	if (ret == -1) {
+		DEBUG(1, ("Fatal error while fetching a new %s value\n!", hwmtype));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	/* recheck it is in the range */
+	if (hwm > high_hwm) {
+		DEBUG(1, ("Fatal Error: %s range full!! (max: %lu)\n", 
+			  hwmtype, (unsigned long)high_hwm));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	
+	xid->id = hwm;
+	DEBUG(10,("New %s = %d\n", hwmtype, hwm));
+
+	return NT_STATUS_OK;
+}
+
+/*
+  Get current highest id. 
+*/
+static NTSTATUS idmap_tdb2_get_hwm(struct unixid *xid)
+{
+	const char *hwmkey;
+	const char *hwmtype;
+	uint32_t hwm;
+	uint32_t high_hwm;
+
+	/* Get current high water mark */
+	switch (xid->type) {
+
+	case ID_TYPE_UID:
+		hwmkey = HWM_USER;
+		hwmtype = "UID";
+		high_hwm = idmap_tdb2_state.high_uid;
+		break;
+
+	case ID_TYPE_GID:
+		hwmkey = HWM_GROUP;
+		hwmtype = "GID";
+		high_hwm = idmap_tdb2_state.high_gid;
+		break;
+
+	default:
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if ((hwm = dbwrap_fetch_int32(idmap_tdb2_perm, hwmkey)) == -1) {
+		return NT_STATUS_INTERNAL_DB_ERROR;
+	}
+
+	xid->id = hwm;
+
+	/* Warn if it is out of range */
+	if (hwm >= high_hwm) {
+		DEBUG(0, ("Warning: %s range full!! (max: %lu)\n", 
+			  hwmtype, (unsigned long)high_hwm));
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*
+  Set high id. 
+*/
+static NTSTATUS idmap_tdb2_set_hwm(struct unixid *xid)
+{
+	/* not supported, or we would invalidate the cache tdb on
+	   other nodes */
+	DEBUG(0,("idmap_tdb2_set_hwm not supported\n"));
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+/*
+  Close the alloc tdb 
+*/
+static NTSTATUS idmap_tdb2_alloc_close(void)
+{
+	/* don't actually close it */
+	return NT_STATUS_OK;
+}
+
+/*
+  IDMAP MAPPING TDB BACKEND
+*/
+struct idmap_tdb2_context {
+	uint32_t filter_low_id;
+	uint32_t filter_high_id;
+};
+
+/*
+  try fetching from the cache tdb, and if that fails then
+  fetch from the permanent tdb
+ */
+static TDB_DATA tdb2_fetch_bystring(TALLOC_CTX *mem_ctx, const char *keystr)
+{
+	TDB_DATA ret;
+	NTSTATUS status;
+
+	ret = tdb_fetch_bystring(idmap_tdb2_tmp, keystr);
+	if (ret.dptr != NULL) {
+		/* got it from cache */
+		unsigned char *tmp;
+
+		tmp = (unsigned char *)talloc_memdup(mem_ctx, ret.dptr,
+						     ret.dsize);
+		SAFE_FREE(ret.dptr);
+		ret.dptr = tmp;
+
+		if (ret.dptr == NULL) {
+			return make_tdb_data(NULL, 0);
+		}
+		return ret;
+	}
+	
+	status = idmap_tdb2_open_perm_db();
+	if (!NT_STATUS_IS_OK(status)) {
+		return ret;
+	}
+
+	/* fetch from the permanent tdb */
+	return dbwrap_fetch_bystring(idmap_tdb2_perm, mem_ctx, keystr);
+}
+
+/*
+  store into both databases
+ */
+static NTSTATUS tdb2_store_bystring(const char *keystr, TDB_DATA data, int flags)
+{
+	NTSTATUS ret;
+	NTSTATUS status = idmap_tdb2_open_perm_db();
+	if (!NT_STATUS_IS_OK(status)) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	ret = dbwrap_store_bystring(idmap_tdb2_perm, keystr, data, flags);
+	if (!NT_STATUS_IS_OK(ret)) {
+		ret = tdb_store_bystring(idmap_tdb2_tmp, keystr, data, flags) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	}
+	return ret;
+}
+
+/*
+  delete from both databases
+ */
+static NTSTATUS tdb2_delete_bystring(const char *keystr)
+{
+	NTSTATUS ret;
+	NTSTATUS status = idmap_tdb2_open_perm_db();
+	if (!NT_STATUS_IS_OK(status)) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	ret = dbwrap_delete_bystring(idmap_tdb2_perm, keystr);
+	if (!NT_STATUS_IS_OK(ret)) {
+		ret = tdb_delete_bystring(idmap_tdb2_tmp, keystr)  ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
+	}
+	return ret;
+}
+
+/*
+  Initialise idmap database. 
+*/
+static NTSTATUS idmap_tdb2_db_init(struct idmap_domain *dom)
+{
+	NTSTATUS ret;
+	struct idmap_tdb2_context *ctx;
+	char *config_option = NULL;
+	const char *range;
+	NTSTATUS status;
+
+	status = idmap_tdb2_open_cache_db();
+	NT_STATUS_NOT_OK_RETURN(status);
+
+	ctx = talloc(dom, struct idmap_tdb2_context);
+	if ( ! ctx) {
+		DEBUG(0, ("Out of memory!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	config_option = talloc_asprintf(ctx, "idmap config %s", dom->name);
+	if ( ! config_option) {
+		DEBUG(0, ("Out of memory!\n"));
+		ret = NT_STATUS_NO_MEMORY;
+		goto failed;
+	}
+
+	range = lp_parm_const_string(-1, config_option, "range", NULL);
+	if (( ! range) ||
+	    (sscanf(range, "%u - %u", &ctx->filter_low_id, &ctx->filter_high_id) != 2) ||
+	    (ctx->filter_low_id > ctx->filter_high_id)) {
+		ctx->filter_low_id = 0;
+		ctx->filter_high_id = 0;
+	}
+
+	dom->private_data = ctx;
+	dom->initialized = True;
+
+	talloc_free(config_option);
+	return NT_STATUS_OK;
+
+failed:
+	talloc_free(ctx);
+	return ret;
+}
+
+
+/*
+  run a script to perform a mapping
+
+  The script should the following command lines:
+
+      SIDTOID S-1-xxxx
+      IDTOSID UID xxxx
+      IDTOSID GID xxxx
+
+  and should return one of the following as a single line of text
+     UID:xxxx
+     GID:xxxx
+     SID:xxxx
+     ERR:xxxx
+ */
+static NTSTATUS idmap_tdb2_script(struct idmap_tdb2_context *ctx, struct id_map *map,
+				  const char *fmt, ...)
+{
+	va_list ap;
+	char *cmd;
+	FILE *p;
+	char line[64];
+	unsigned long v;
+
+	cmd = talloc_asprintf(ctx, "%s ", idmap_tdb2_state.idmap_script);
+	NT_STATUS_HAVE_NO_MEMORY(cmd);	
+
+	va_start(ap, fmt);
+	cmd = talloc_vasprintf_append(cmd, fmt, ap);
+	va_end(ap);
+	NT_STATUS_HAVE_NO_MEMORY(cmd);
+
+	p = popen(cmd, "r");
+	talloc_free(cmd);
+	if (p == NULL) {
+		return NT_STATUS_NONE_MAPPED;
+	}
+
+	if (fgets(line, sizeof(line)-1, p) == NULL) {
+		pclose(p);
+		return NT_STATUS_NONE_MAPPED;
+	}
+	pclose(p);
+
+	DEBUG(10,("idmap script gave: %s\n", line));
+
+	if (sscanf(line, "UID:%lu", &v) == 1) {
+		map->xid.id   = v;
+		map->xid.type = ID_TYPE_UID;
+	} else if (sscanf(line, "GID:%lu", &v) == 1) {
+		map->xid.id   = v;
+		map->xid.type = ID_TYPE_GID;		
+	} else if (strncmp(line, "SID:S-", 6) == 0) {
+		if (!string_to_sid(map->sid, &line[4])) {
+			DEBUG(0,("Bad SID in '%s' from idmap script %s\n",
+				 line, idmap_tdb2_state.idmap_script));
+			return NT_STATUS_NONE_MAPPED;			
+		}
+	} else {
+		DEBUG(0,("Bad reply '%s' from idmap script %s\n",
+			 line, idmap_tdb2_state.idmap_script));
+		return NT_STATUS_NONE_MAPPED;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+
+/*
+  Single id to sid lookup function. 
+*/
+static NTSTATUS idmap_tdb2_id_to_sid(struct idmap_tdb2_context *ctx, struct id_map *map)
+{
+	NTSTATUS ret;
+	TDB_DATA data;
+	char *keystr;
+
+	if (!ctx || !map) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* apply filters before checking */
+	if ((ctx->filter_low_id && (map->xid.id < ctx->filter_low_id)) ||
+	    (ctx->filter_high_id && (map->xid.id > ctx->filter_high_id))) {
+		DEBUG(5, ("Requested id (%u) out of range (%u - %u). Filtered!\n",
+				map->xid.id, ctx->filter_low_id, ctx->filter_high_id));
+		return NT_STATUS_NONE_MAPPED;
+	}
+
+	switch (map->xid.type) {
+
+	case ID_TYPE_UID:
+		keystr = talloc_asprintf(ctx, "UID %lu", (unsigned long)map->xid.id);
+		break;
+		
+	case ID_TYPE_GID:
+		keystr = talloc_asprintf(ctx, "GID %lu", (unsigned long)map->xid.id);
+		break;
+
+	default:
+		DEBUG(2, ("INVALID unix ID type: 0x02%x\n", map->xid.type));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	/* final SAFE_FREE safe */
+	data.dptr = NULL;
+
+	if (keystr == NULL) {
+		DEBUG(0, ("Out of memory!\n"));
+		ret = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	DEBUG(10,("Fetching record %s\n", keystr));
+
+	/* Check if the mapping exists */
+	data = tdb2_fetch_bystring(keystr, keystr);
+
+	if (!data.dptr) {
+		fstring sidstr;
+
+		DEBUG(10,("Record %s not found\n", keystr));
+		if (idmap_tdb2_state.idmap_script == NULL) {
+			ret = NT_STATUS_NONE_MAPPED;
+			goto done;
+		}
+
+		ret = idmap_tdb2_script(ctx, map, "IDTOSID %s", keystr);
+
+		/* store it on shared storage */
+		if (!NT_STATUS_IS_OK(ret)) {
+			goto done;
+		}
+
+		if (sid_to_fstring(sidstr, map->sid)) {
+			/* both forward and reverse mappings */
+			tdb2_store_bystring(keystr,
+					    string_term_tdb_data(sidstr), 
+					    TDB_REPLACE);
+			tdb2_store_bystring(sidstr,
+					    string_term_tdb_data(keystr), 
+					    TDB_REPLACE);
+		}
+		goto done;
+	}
+		
+	if (!string_to_sid(map->sid, (const char *)data.dptr)) {
+		DEBUG(10,("INVALID SID (%s) in record %s\n",
+			(const char *)data.dptr, keystr));
+		ret = NT_STATUS_INTERNAL_DB_ERROR;
+		goto done;
+	}
+
+	DEBUG(10,("Found record %s -> %s\n", keystr, (const char *)data.dptr));
+	ret = NT_STATUS_OK;
+
+done:
+	talloc_free(keystr);
+	return ret;
+}
+
+
+/*
+ Single sid to id lookup function. 
+*/
+static NTSTATUS idmap_tdb2_sid_to_id(struct idmap_tdb2_context *ctx, struct id_map *map)
+{
+	NTSTATUS ret;
+	TDB_DATA data;
+	char *keystr;
+	unsigned long rec_id = 0;
+
+	if ((keystr = sid_string_talloc(ctx, map->sid)) == NULL) {
+		DEBUG(0, ("Out of memory!\n"));
+		ret = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	DEBUG(10,("Fetching record %s\n", keystr));
+
+	/* Check if sid is present in database */
+	data = tdb2_fetch_bystring(keystr, keystr);
+	if (!data.dptr) {
+		fstring idstr;
+
+		DEBUG(10,(__location__ " Record %s not found\n", keystr));
+
+		if (idmap_tdb2_state.idmap_script == NULL) {
+			ret = NT_STATUS_NONE_MAPPED;
+			goto done;
+		}
+			
+		ret = idmap_tdb2_script(ctx, map, "SIDTOID %s", keystr);
+		/* store it on shared storage */
+		if (!NT_STATUS_IS_OK(ret)) {
+			goto done;
+		}
+
+		snprintf(idstr, sizeof(idstr), "%cID %lu", 
+			 map->xid.type == ID_TYPE_UID?'U':'G',
+			 (unsigned long)map->xid.id);
+		/* store both forward and reverse mappings */
+		tdb2_store_bystring(keystr, string_term_tdb_data(idstr),
+				    TDB_REPLACE);
+		tdb2_store_bystring(idstr, string_term_tdb_data(keystr),
+				    TDB_REPLACE);
+		goto done;
+	}
+
+	/* What type of record is this ? */
+	if (sscanf((const char *)data.dptr, "UID %lu", &rec_id) == 1) { /* Try a UID record. */
+		map->xid.id = rec_id;
+		map->xid.type = ID_TYPE_UID;
+		DEBUG(10,("Found uid record %s -> %s \n", keystr, (const char *)data.dptr ));
+		ret = NT_STATUS_OK;
+
+	} else if (sscanf((const char *)data.dptr, "GID %lu", &rec_id) == 1) { /* Try a GID record. */
+		map->xid.id = rec_id;
+		map->xid.type = ID_TYPE_GID;
+		DEBUG(10,("Found gid record %s -> %s \n", keystr, (const char *)data.dptr ));
+		ret = NT_STATUS_OK;
+
+	} else { /* Unknown record type ! */
+		DEBUG(2, ("Found INVALID record %s -> %s\n", keystr, (const char *)data.dptr));
+		ret = NT_STATUS_INTERNAL_DB_ERROR;
+	}
+	
+	/* apply filters before returning result */
+	if ((ctx->filter_low_id && (map->xid.id < ctx->filter_low_id)) ||
+	    (ctx->filter_high_id && (map->xid.id > ctx->filter_high_id))) {
+		DEBUG(5, ("Requested id (%u) out of range (%u - %u). Filtered!\n",
+				map->xid.id, ctx->filter_low_id, ctx->filter_high_id));
+		ret = NT_STATUS_NONE_MAPPED;
+	}
+
+done:
+	talloc_free(keystr);
+	return ret;
+}
+
+/*
+  lookup a set of unix ids. 
+*/
+static NTSTATUS idmap_tdb2_unixids_to_sids(struct idmap_domain *dom, struct id_map **ids)
+{
+	struct idmap_tdb2_context *ctx;
+	NTSTATUS ret;
+	int i;
+
+	/* make sure we initialized */
+	if ( ! dom->initialized) {
+		ret = idmap_tdb2_db_init(dom);
+		if ( ! NT_STATUS_IS_OK(ret)) {
+			return ret;
+		}
+	}
+
+	ctx = talloc_get_type(dom->private_data, struct idmap_tdb2_context);
+
+	for (i = 0; ids[i]; i++) {
+		ret = idmap_tdb2_id_to_sid(ctx, ids[i]);
+		if ( ! NT_STATUS_IS_OK(ret)) {
+
+			/* if it is just a failed mapping continue */
+			if (NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED)) {
+
+				/* make sure it is marked as unmapped */
+				ids[i]->status = ID_UNMAPPED;
+				continue;
+			}
+			
+			/* some fatal error occurred, return immediately */
+			goto done;
+		}
+
+		/* all ok, id is mapped */
+		ids[i]->status = ID_MAPPED;
+	}
+
+	ret = NT_STATUS_OK;
+
+done:
+	return ret;
+}
+
+/*
+  lookup a set of sids. 
+*/
+static NTSTATUS idmap_tdb2_sids_to_unixids(struct idmap_domain *dom, struct id_map **ids)
+{
+	struct idmap_tdb2_context *ctx;
+	NTSTATUS ret;
+	int i;
+
+	/* make sure we initialized */
+	if ( ! dom->initialized) {
+		ret = idmap_tdb2_db_init(dom);
+		if ( ! NT_STATUS_IS_OK(ret)) {
+			return ret;
+		}
+	}
+
+	ctx = talloc_get_type(dom->private_data, struct idmap_tdb2_context);
+
+	for (i = 0; ids[i]; i++) {
+		ret = idmap_tdb2_sid_to_id(ctx, ids[i]);
+		if ( ! NT_STATUS_IS_OK(ret)) {
+
+			/* if it is just a failed mapping continue */
+			if (NT_STATUS_EQUAL(ret, NT_STATUS_NONE_MAPPED)) {
+
+				/* make sure it is marked as unmapped */
+				ids[i]->status = ID_UNMAPPED;
+				continue;
+			}
+			
+			/* some fatal error occurred, return immediately */
+			goto done;
+		}
+
+		/* all ok, id is mapped */
+		ids[i]->status = ID_MAPPED;
+	}
+
+	ret = NT_STATUS_OK;
+
+done:
+	return ret;
+}
+
+
+/*
+  set a mapping. 
+*/
+static NTSTATUS idmap_tdb2_set_mapping(struct idmap_domain *dom, const struct id_map *map)
+{
+	struct idmap_tdb2_context *ctx;
+	NTSTATUS ret;
+	TDB_DATA data;
+	char *ksidstr, *kidstr;
+	struct db_record *update_lock = NULL;
+	struct db_record *rec = NULL;
+
+	/* make sure we initialized */
+	if ( ! dom->initialized) {
+		ret = idmap_tdb2_db_init(dom);
+		if ( ! NT_STATUS_IS_OK(ret)) {
+			return ret;
+		}
+	}
+
+	if (!map || !map->sid) {
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	ksidstr = kidstr = NULL;
+	data.dptr = NULL;
+
+	/* TODO: should we filter a set_mapping using low/high filters ? */
+	
+	ctx = talloc_get_type(dom->private_data, struct idmap_tdb2_context);
+
+	switch (map->xid.type) {
+
+	case ID_TYPE_UID:
+		kidstr = talloc_asprintf(ctx, "UID %lu", (unsigned long)map->xid.id);
+		break;
+		
+	case ID_TYPE_GID:
+		kidstr = talloc_asprintf(ctx, "GID %lu", (unsigned long)map->xid.id);
+		break;
+
+	default:
+		DEBUG(2, ("INVALID unix ID type: 0x02%x\n", map->xid.type));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (kidstr == NULL) {
+		DEBUG(0, ("ERROR: Out of memory!\n"));
+		ret = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	if (!(ksidstr = sid_string_talloc(ctx, map->sid))) {
+		DEBUG(0, ("Out of memory!\n"));
+		ret = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
+
+	DEBUG(10, ("Storing %s <-> %s map\n", ksidstr, kidstr));
+
+	/*
+	 * Get us the update lock. This is necessary to get the lock orders
+	 * right, we need to deal with two records under a lock.
+	 */
+
+	if (!(update_lock = idmap_tdb2_perm->fetch_locked(
+		      idmap_tdb2_perm, ctx,
+		      string_term_tdb_data("UPDATELOCK")))) {
+		DEBUG(10,("Failed to lock record %s\n", ksidstr));
+		ret = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	/*
+	 * *DELETE* previous mappings if any. *
+	 */
+
+	/* First delete indexed on SID */
+
+	if (((rec = idmap_tdb2_perm->fetch_locked(
+		     idmap_tdb2_perm, update_lock,
+		     string_term_tdb_data(ksidstr))) != NULL)
+	    && (rec->value.dsize != 0)) {
+		struct db_record *rec2;
+
+		if ((rec2 = idmap_tdb2_perm->fetch_locked(
+			     idmap_tdb2_perm, update_lock, rec->value))
+		    != NULL) {
+			rec2->delete_rec(rec2);
+			TALLOC_FREE(rec2);
+		}
+
+		rec->delete_rec(rec);
+
+		tdb_delete(idmap_tdb2_tmp, rec->key);
+		tdb_delete(idmap_tdb2_tmp, rec->value);
+	}
+	TALLOC_FREE(rec);
+
+	/* Now delete indexed on unix ID */
+
+	if (((rec = idmap_tdb2_perm->fetch_locked(
+		     idmap_tdb2_perm, update_lock,
+		     string_term_tdb_data(kidstr))) != NULL)
+	    && (rec->value.dsize != 0)) {
+		struct db_record *rec2;
+
+		if ((rec2 = idmap_tdb2_perm->fetch_locked(
+			     idmap_tdb2_perm, update_lock, rec->value))
+		    != NULL) {
+			rec2->delete_rec(rec2);
+			TALLOC_FREE(rec2);
+		}
+
+		rec->delete_rec(rec);
+
+		tdb_delete(idmap_tdb2_tmp, rec->key);
+		tdb_delete(idmap_tdb2_tmp, rec->value);
+	}
+	TALLOC_FREE(rec);
+
+	if (!NT_STATUS_IS_OK(tdb2_store_bystring(ksidstr, string_term_tdb_data(kidstr),
+				TDB_INSERT))) {
+		DEBUG(0, ("Error storing SID -> ID\n"));
+		ret = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+	if (!NT_STATUS_IS_OK(tdb2_store_bystring(kidstr, string_term_tdb_data(ksidstr),
+				TDB_INSERT))) {
+		DEBUG(0, ("Error storing ID -> SID\n"));
+		/* try to remove the previous stored SID -> ID map */
+		tdb2_delete_bystring(ksidstr);
+		ret = NT_STATUS_UNSUCCESSFUL;
+		goto done;
+	}
+
+	DEBUG(10,("Stored %s <-> %s\n", ksidstr, kidstr));
+	ret = NT_STATUS_OK;
+
+done:
+	talloc_free(ksidstr);
+	talloc_free(kidstr);
+	SAFE_FREE(data.dptr);
+	TALLOC_FREE(update_lock);
+	return ret;
+}
+
+/*
+  remove a mapping. 
+*/
+static NTSTATUS idmap_tdb2_remove_mapping(struct idmap_domain *dom, const struct id_map *map)
+{
+	/* not supported as it would invalidate the cache tdb on other
+	   nodes */
+	DEBUG(0,("idmap_tdb2_remove_mapping not supported\n"));
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+/*
+  Close the idmap tdb instance
+*/
+static NTSTATUS idmap_tdb2_close(struct idmap_domain *dom)
+{
+	/* don't do anything */
+	return NT_STATUS_OK;
+}
+
+
+/*
+  Dump all mappings out
+*/
+static NTSTATUS idmap_tdb2_dump_data(struct idmap_domain *dom, struct id_map **maps, int *num_maps)
+{
+	DEBUG(0,("idmap_tdb2_dump_data not supported\n"));
+	return NT_STATUS_NOT_SUPPORTED;
+}
+
+static struct idmap_methods db_methods = {
+	.init            = idmap_tdb2_db_init,
+	.unixids_to_sids = idmap_tdb2_unixids_to_sids,
+	.sids_to_unixids = idmap_tdb2_sids_to_unixids,
+	.set_mapping     = idmap_tdb2_set_mapping,
+	.remove_mapping  = idmap_tdb2_remove_mapping,
+	.dump_data       = idmap_tdb2_dump_data,
+	.close_fn        = idmap_tdb2_close
+};
+
+static struct idmap_alloc_methods db_alloc_methods = {
+	.init        = idmap_tdb2_alloc_init,
+	.allocate_id = idmap_tdb2_allocate_id,
+	.get_id_hwm  = idmap_tdb2_get_hwm,
+	.set_id_hwm  = idmap_tdb2_set_hwm,
+	.close_fn    = idmap_tdb2_alloc_close
+};
+
+NTSTATUS idmap_tdb2_init(void)
+{
+	NTSTATUS ret;
+
+	/* register both backends */
+	ret = smb_register_idmap_alloc(SMB_IDMAP_INTERFACE_VERSION, "tdb2", &db_alloc_methods);
+	if (! NT_STATUS_IS_OK(ret)) {
+		DEBUG(0, ("Unable to register idmap alloc tdb2 module: %s\n", get_friendly_nt_error_msg(ret)));
+		return ret;
+	}
+
+	return smb_register_idmap(SMB_IDMAP_INTERFACE_VERSION, "tdb2", &db_methods);
+}
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 5e9900d1d6..615f4a918e 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -1227,6 +1227,10 @@ int main(int argc, char **argv, char **envp)
 			   MSG_WINBIND_VALIDATE_CACHE,
 			   winbind_msg_validate_cache);
 
+	messaging_register(winbind_messaging_context(), NULL,
+			   MSG_WINBIND_DUMP_DOMAIN_LIST,
+			   winbind_msg_dump_domain_list);
+
 	netsamlogon_cache_init(); /* Non-critical */
 	
 	/* clear the cached list of trusted domains */
diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h
index 6bf6e6c68f..b812d69aeb 100644
--- a/source3/winbindd/winbindd.h
+++ b/source3/winbindd/winbindd.h
@@ -164,9 +164,9 @@ struct winbindd_domain {
 	fstring alt_name;                      /* alt Domain name, if any (FQDN for ADS) */
 	fstring forest_name;                   /* Name of the AD forest we're in */
 	DOM_SID sid;                           /* SID for this domain */
-	uint32 domain_flags;                   /* Domain flags from rpc_ds.h */
-	uint32 domain_type;                    /* Domain type from rpc_ds.h */
-	uint32 domain_trust_attribs;           /* Trust attribs from rpc_ds.h */
+	uint32 domain_flags;                   /* Domain flags from netlogon.h */
+	uint32 domain_type;                    /* Domain type from netlogon.h */
+	uint32 domain_trust_attribs;           /* Trust attribs from netlogon.h */
 	bool initialized;		       /* Did we already ask for the domain mode? */
 	bool native_mode;                      /* is this a win2k domain in native mode ? */
 	bool active_directory;                 /* is this a win2k active directory ? */
@@ -301,15 +301,15 @@ struct winbindd_methods {
 	NTSTATUS (*sequence_number)(struct winbindd_domain *domain, uint32 *seq);
 
 	/* return the lockout policy */
-	NTSTATUS (*lockout_policy)(struct winbindd_domain *domain, 
+	NTSTATUS (*lockout_policy)(struct winbindd_domain *domain,
  				   TALLOC_CTX *mem_ctx,
-				   SAM_UNK_INFO_12 *lockout_policy);
- 
+				   struct samr_DomInfo12 *lockout_policy);
+
 	/* return the lockout policy */
-	NTSTATUS (*password_policy)(struct winbindd_domain *domain, 
+	NTSTATUS (*password_policy)(struct winbindd_domain *domain,
 				    TALLOC_CTX *mem_ctx,
-				    SAM_UNK_INFO_1 *password_policy);
- 
+				    struct samr_DomInfo1 *password_policy);
+
 	/* enumerate trusted domains */
 	NTSTATUS (*trusted_domains)(struct winbindd_domain *domain,
 				    TALLOC_CTX *mem_ctx,
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index f963669825..0900d56987 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -421,7 +421,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
 	char *sidstr;
 	uint32 group_rid;
 	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
-	NET_USER_INFO_3 *user;
+	struct netr_SamInfo3 *user = NULL;
 
 	DEBUG(3,("ads: query_user\n"));
 
@@ -437,11 +437,11 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
 		DEBUG(5,("query_user: Cache lookup succeeded for %s\n", 
 			 sid_string_dbg(sid)));
 
-		sid_compose(&info->user_sid, &domain->sid, user->user_rid);
-		sid_compose(&info->group_sid, &domain->sid, user->group_rid);
+		sid_compose(&info->user_sid, &domain->sid, user->base.rid);
+		sid_compose(&info->group_sid, &domain->sid, user->base.primary_gid);
 				
-		info->acct_name = unistr2_to_ascii_talloc(mem_ctx, &user->uni_user_name);
-		info->full_name = unistr2_to_ascii_talloc(mem_ctx, &user->uni_full_name);
+		info->acct_name = talloc_strdup(mem_ctx, user->base.account_name.string);
+		info->full_name = talloc_strdup(mem_ctx, user->base.full_name.string);
 		
 		nss_get_info_cached( domain, sid, mem_ctx, NULL, NULL, 
 			      &info->homedir, &info->shell, &info->full_name, 
@@ -1157,12 +1157,11 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
 				DOM_SID **dom_sids)
 {
 	NTSTATUS 		result = NT_STATUS_UNSUCCESSFUL;
-	struct ds_domain_trust	*domains = NULL;
-	int			count = 0;
+	struct netr_DomainTrustList trusts;
 	int			i;
 	uint32			flags;	
 	struct rpc_pipe_client *cli;
-	uint32                 fr_flags = (DS_DOMAIN_IN_FOREST | DS_DOMAIN_TREE_ROOT);	
+	uint32                 fr_flags = (NETR_TRUST_FLAG_IN_FOREST | NETR_TRUST_FLAG_TREEROOT);
 	int ret_count;
 	
 	DEBUG(3,("ads: trusted_domains\n"));
@@ -1179,11 +1178,11 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
 	if ( domain->primary ||
 		((domain->domain_flags&fr_flags) == fr_flags) ) 
 	{
-		flags = DS_DOMAIN_DIRECT_OUTBOUND | 
-			DS_DOMAIN_DIRECT_INBOUND | 
-			DS_DOMAIN_IN_FOREST;
+		flags = NETR_TRUST_FLAG_OUTBOUND |
+			NETR_TRUST_FLAG_INBOUND |
+			NETR_TRUST_FLAG_IN_FOREST;
 	} else {
-		flags = DS_DOMAIN_IN_FOREST;
+		flags = NETR_TRUST_FLAG_IN_FOREST;
 	}	
 
 	result = cm_connect_netlogon(domain, &cli);
@@ -1194,29 +1193,27 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
 			  domain->name, nt_errstr(result)));
 		return NT_STATUS_UNSUCCESSFUL;
 	}
-	
-	if ( NT_STATUS_IS_OK(result) ) {
-		result = rpccli_ds_enum_domain_trusts(cli, mem_ctx,
-						      cli->cli->desthost, 
-						      flags, &domains,
-						      (unsigned int *)&count);
-	}
-	
-	if ( NT_STATUS_IS_OK(result) && count) {
+
+	result = rpccli_netr_DsrEnumerateDomainTrusts(cli, mem_ctx,
+						      cli->cli->desthost,
+						      flags,
+						      &trusts,
+						      NULL);
+	if ( NT_STATUS_IS_OK(result) && trusts.count) {
 
 		/* Allocate memory for trusted domain names and sids */
 
-		if ( !(*names = TALLOC_ARRAY(mem_ctx, char *, count)) ) {
+		if ( !(*names = TALLOC_ARRAY(mem_ctx, char *, trusts.count)) ) {
 			DEBUG(0, ("trusted_domains: out of memory\n"));
 			return NT_STATUS_NO_MEMORY;
 		}
 
-		if ( !(*alt_names = TALLOC_ARRAY(mem_ctx, char *, count)) ) {
+		if ( !(*alt_names = TALLOC_ARRAY(mem_ctx, char *, trusts.count)) ) {
 			DEBUG(0, ("trusted_domains: out of memory\n"));
 			return NT_STATUS_NO_MEMORY;
 		}
 
-		if ( !(*dom_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, count)) ) {
+		if ( !(*dom_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, trusts.count)) ) {
 			DEBUG(0, ("trusted_domains: out of memory\n"));
 			return NT_STATUS_NO_MEMORY;
 		}
@@ -1225,7 +1222,7 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
 
 
 		ret_count = 0;		
-		for (i = 0; i < count; i++) {
+		for (i = 0; i < trusts.count; i++) {
 			struct winbindd_domain d;
 			
 			/* drop external trusts if this is not our primary 
@@ -1233,24 +1230,24 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
 			   domains may be less that the ones actually trusted
 			   by the DC. */
 
-			if ( (domains[i].trust_attributes == DS_DOMAIN_TRUST_ATTRIB_QUARANTINED_DOMAIN) && 
+			if ( (trusts.array[i].trust_attributes == NETR_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN) &&
 			     !domain->primary ) 
 			{
 				DEBUG(10,("trusted_domains: Skipping external trusted domain "
 					  "%s because it is outside of our primary domain\n",
-					  domains[i].netbios_domain));				
+					  trusts.array[i].netbios_name));
 				continue;				
 			}
 			
-			(*names)[ret_count] = domains[i].netbios_domain;
-			(*alt_names)[ret_count] = domains[i].dns_domain;
-			sid_copy(&(*dom_sids)[ret_count], &domains[i].sid);
+			(*names)[ret_count] = CONST_DISCARD(char *, trusts.array[i].netbios_name);
+			(*alt_names)[ret_count] = CONST_DISCARD(char *, trusts.array[i].dns_name);
+			sid_copy(&(*dom_sids)[ret_count], trusts.array[i].sid);
 
 			/* add to the trusted domain cache */
 
-			fstrcpy( d.name,  domains[i].netbios_domain );
-			fstrcpy( d.alt_name, domains[i].dns_domain );			
-			sid_copy( &d.sid, &domains[i].sid );
+			fstrcpy( d.name,  trusts.array[i].netbios_name);
+			fstrcpy( d.alt_name, trusts.array[i].dns_name);
+			sid_copy( &d.sid, trusts.array[i].sid);
 
 			/* This gets a little tricky.  If we are
 			   following a transitive forest trust, then
@@ -1269,9 +1266,9 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
 				   we have the current trust flags and
 				   attributes */
 
-				d.domain_flags = domains[i].flags;
-				d.domain_type = domains[i].trust_type;
-				d.domain_trust_attribs = domains[i].trust_attributes;
+				d.domain_flags = trusts.array[i].trust_flags;
+				d.domain_type = trusts.array[i].trust_type;
+				d.domain_trust_attribs = trusts.array[i].trust_attributes;
 			} else {
 				/* Look up the record in the cache */
 				struct winbindd_tdc_domain *parent;
diff --git a/source3/winbindd/winbindd_async.c b/source3/winbindd/winbindd_async.c
index ab32ee0c76..2ff5ef230d 100644
--- a/source3/winbindd/winbindd_async.c
+++ b/source3/winbindd/winbindd_async.c
@@ -283,9 +283,8 @@ static void lookupname_recv2(TALLOC_CTX *mem_ctx, bool success,
 		     enum lsa_SidType type) =
 		(void (*)(void *, bool, const DOM_SID *, enum lsa_SidType))c;
 	DOM_SID sid;
-	struct lookupname_state *s = talloc_get_type_abort( private_data, 
+	struct lookupname_state *s = talloc_get_type_abort( private_data,
 							    struct lookupname_state );
-	
 
 	if (!success) {
 		DEBUG(5, ("Could not trigger lookup_name\n"));
@@ -311,7 +310,7 @@ static void lookupname_recv2(TALLOC_CTX *mem_ctx, bool success,
 }
 
 /********************************************************************
- This is the first callback after contacting our own domain 
+ This is the first callback after contacting our own domain
 ********************************************************************/
 
 static void lookupname_recv(TALLOC_CTX *mem_ctx, bool success,
@@ -322,7 +321,7 @@ static void lookupname_recv(TALLOC_CTX *mem_ctx, bool success,
 		     enum lsa_SidType type) =
 		(void (*)(void *, bool, const DOM_SID *, enum lsa_SidType))c;
 	DOM_SID sid;
-	struct lookupname_state *s = talloc_get_type_abort( private_data, 
+	struct lookupname_state *s = talloc_get_type_abort( private_data,
 							    struct lookupname_state );	
 
 	if (!success) {
@@ -334,8 +333,8 @@ static void lookupname_recv(TALLOC_CTX *mem_ctx, bool success,
 	if (response->result != WINBINDD_OK) {
 		/* Try again using the forest root */
 		struct winbindd_domain *root_domain = find_root_domain();
-		struct winbindd_request request;		
-		
+		struct winbindd_request request;
+
 		if ( !root_domain ) {
 			DEBUG(5,("lookupname_recv: unable to determine forest root\n"));
 			cont(s->caller_private_data, False, NULL, SID_NAME_UNKNOWN);
@@ -346,7 +345,7 @@ static void lookupname_recv(TALLOC_CTX *mem_ctx, bool success,
 		request.cmd = WINBINDD_LOOKUPNAME;
 
 		fstrcpy( request.data.name.dom_name, s->dom_name );
-		fstrcpy( request.data.name.name, s->name );		
+		fstrcpy( request.data.name.name, s->name );
 
 		do_async_domain(mem_ctx, root_domain, &request, lookupname_recv2,
 				(void *)cont, s);
@@ -381,7 +380,7 @@ void winbindd_lookupname_async(TALLOC_CTX *mem_ctx,
 {
 	struct winbindd_request request;
 	struct winbindd_domain *domain;
-	struct lookupname_state *s;	
+	struct lookupname_state *s;
 
 	if ( (domain = find_lookup_domain_from_name(dom_name)) == NULL ) {
 		DEBUG(5, ("Could not find domain for name '%s'\n", dom_name));
@@ -403,6 +402,11 @@ void winbindd_lookupname_async(TALLOC_CTX *mem_ctx,
 
 	s->dom_name = talloc_strdup( s, dom_name );
 	s->name     = talloc_strdup( s, name );
+	if (!s->dom_name || !s->name) {
+		cont(private_data, False, NULL, SID_NAME_UNKNOWN);
+		return;
+	}
+
 	s->caller_private_data = private_data;
 
 	do_async_domain(mem_ctx, domain, &request, lookupname_recv,
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index c293861492..4d81ee3960 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -908,7 +908,9 @@ static void wcache_save_user(struct winbindd_domain *domain, NTSTATUS status, WI
 	centry_free(centry);
 }
 
-static void wcache_save_lockout_policy(struct winbindd_domain *domain, NTSTATUS status, SAM_UNK_INFO_12 *lockout_policy)
+static void wcache_save_lockout_policy(struct winbindd_domain *domain,
+				       NTSTATUS status,
+				       struct samr_DomInfo12 *lockout_policy)
 {
 	struct cache_entry *centry;
 
@@ -916,18 +918,20 @@ static void wcache_save_lockout_policy(struct winbindd_domain *domain, NTSTATUS
 	if (!centry)
 		return;
 
-	centry_put_nttime(centry, lockout_policy->duration);
-	centry_put_nttime(centry, lockout_policy->reset_count);
-	centry_put_uint16(centry, lockout_policy->bad_attempt_lockout);
+	centry_put_nttime(centry, lockout_policy->lockout_duration);
+	centry_put_nttime(centry, lockout_policy->lockout_window);
+	centry_put_uint16(centry, lockout_policy->lockout_threshold);
 
 	centry_end(centry, "LOC_POL/%s", domain->name);
-	
+
 	DEBUG(10,("wcache_save_lockout_policy: %s\n", domain->name));
 
 	centry_free(centry);
 }
 
-static void wcache_save_password_policy(struct winbindd_domain *domain, NTSTATUS status, SAM_UNK_INFO_1 *policy)
+static void wcache_save_password_policy(struct winbindd_domain *domain,
+					NTSTATUS status,
+					struct samr_DomInfo1 *policy)
 {
 	struct cache_entry *centry;
 
@@ -935,14 +939,14 @@ static void wcache_save_password_policy(struct winbindd_domain *domain, NTSTATUS
 	if (!centry)
 		return;
 
-	centry_put_uint16(centry, policy->min_length_password);
-	centry_put_uint16(centry, policy->password_history);
+	centry_put_uint16(centry, policy->min_password_length);
+	centry_put_uint16(centry, policy->password_history_length);
 	centry_put_uint32(centry, policy->password_properties);
-	centry_put_nttime(centry, policy->expire);
-	centry_put_nttime(centry, policy->min_passwordage);
+	centry_put_nttime(centry, policy->max_password_age);
+	centry_put_nttime(centry, policy->min_password_age);
 
 	centry_end(centry, "PWD_POL/%s", domain->name);
-	
+
 	DEBUG(10,("wcache_save_password_policy: %s\n", domain->name));
 
 	centry_free(centry);
@@ -2131,55 +2135,56 @@ skip_save:
 /* get lockout policy */
 static NTSTATUS lockout_policy(struct winbindd_domain *domain,
  			       TALLOC_CTX *mem_ctx,
-			       SAM_UNK_INFO_12 *policy){
+			       struct samr_DomInfo12 *policy)
+{
  	struct winbind_cache *cache = get_cache(domain);
  	struct cache_entry *centry = NULL;
  	NTSTATUS status;
- 
+
 	if (!cache->tdb)
 		goto do_query;
- 
+
 	centry = wcache_fetch(cache, domain, "LOC_POL/%s", domain->name);
-	
+
 	if (!centry)
  		goto do_query;
- 
-	policy->duration = centry_nttime(centry);
-	policy->reset_count = centry_nttime(centry);
-	policy->bad_attempt_lockout = centry_uint16(centry);
- 
+
+	policy->lockout_duration = centry_nttime(centry);
+	policy->lockout_window = centry_nttime(centry);
+	policy->lockout_threshold = centry_uint16(centry);
+
  	status = centry->status;
- 
+
 	DEBUG(10,("lockout_policy: [Cached] - cached info for domain %s status: %s\n",
 		domain->name, nt_errstr(status) ));
- 
+
  	centry_free(centry);
  	return status;
- 
+
 do_query:
 	ZERO_STRUCTP(policy);
- 
+
 	/* Return status value returned by seq number check */
 
  	if (!NT_STATUS_IS_OK(domain->last_status))
  		return domain->last_status;
-	
+
 	DEBUG(10,("lockout_policy: [Cached] - doing backend query for info for domain %s\n",
 		domain->name ));
- 
-	status = domain->backend->lockout_policy(domain, mem_ctx, policy); 
- 
+
+	status = domain->backend->lockout_policy(domain, mem_ctx, policy);
+
 	/* and save it */
  	refresh_sequence_number(domain, false);
 	wcache_save_lockout_policy(domain, status, policy);
- 
+
  	return status;
 }
- 
+
 /* get password policy */
 static NTSTATUS password_policy(struct winbindd_domain *domain,
 				TALLOC_CTX *mem_ctx,
-				SAM_UNK_INFO_1 *policy)
+				struct samr_DomInfo1 *policy)
 {
 	struct winbind_cache *cache = get_cache(domain);
 	struct cache_entry *centry = NULL;
@@ -2187,17 +2192,17 @@ static NTSTATUS password_policy(struct winbindd_domain *domain,
 
 	if (!cache->tdb)
 		goto do_query;
- 
+
 	centry = wcache_fetch(cache, domain, "PWD_POL/%s", domain->name);
-	
+
 	if (!centry)
 		goto do_query;
 
-	policy->min_length_password = centry_uint16(centry);
-	policy->password_history = centry_uint16(centry);
+	policy->min_password_length = centry_uint16(centry);
+	policy->password_history_length = centry_uint16(centry);
 	policy->password_properties = centry_uint32(centry);
-	policy->expire = centry_nttime(centry);
-	policy->min_passwordage = centry_nttime(centry);
+	policy->max_password_age = centry_nttime(centry);
+	policy->min_password_age = centry_nttime(centry);
 
 	status = centry->status;
 
@@ -2214,11 +2219,11 @@ do_query:
 
 	if (!NT_STATUS_IS_OK(domain->last_status))
 		return domain->last_status;
-	
+
 	DEBUG(10,("password_policy: [Cached] - doing backend query for info for domain %s\n",
 		domain->name ));
 
-	status = domain->backend->password_policy(domain, mem_ctx, policy); 
+	status = domain->backend->password_policy(domain, mem_ctx, policy);
 
 	/* and save it */
 	refresh_sequence_number(domain, false);
@@ -2243,7 +2248,7 @@ static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf,
 /* Invalidate the getpwnam and getgroups entries for a winbindd domain */
 
 void wcache_invalidate_samlogon(struct winbindd_domain *domain, 
-				NET_USER_INFO_3 *info3)
+				struct netr_SamInfo3 *info3)
 {
 	struct winbind_cache *cache;
 
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 908228717e..0f536cdfb8 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -570,8 +570,8 @@ static bool get_dc_name_via_netlogon(struct winbindd_domain *domain,
 	WERROR werr;
 	TALLOC_CTX *mem_ctx;
 	unsigned int orig_timeout;
-	char *tmp = NULL;
-	char *p;
+	const char *tmp = NULL;
+	const char *p;
 
 	/* Hmmmm. We can only open one connection to the NETLOGON pipe at the
 	 * moment.... */
@@ -602,48 +602,60 @@ static bool get_dc_name_via_netlogon(struct winbindd_domain *domain,
 	orig_timeout = cli_set_timeout(netlogon_pipe->cli, 35000);
 
 	if (our_domain->active_directory) {
-		struct DS_DOMAIN_CONTROLLER_INFO *domain_info = NULL;
-
-		werr = rpccli_netlogon_dsr_getdcname(netlogon_pipe,
-						     mem_ctx,
-						     our_domain->dcname,
-						     domain->name,
-						     NULL,
-						     NULL,
-						     DS_RETURN_DNS_NAME,
-						     &domain_info);
+		struct netr_DsRGetDCNameInfo *domain_info = NULL;
+
+		result = rpccli_netr_DsRGetDCName(netlogon_pipe,
+						  mem_ctx,
+						  our_domain->dcname,
+						  domain->name,
+						  NULL,
+						  NULL,
+						  DS_RETURN_DNS_NAME,
+						  &domain_info,
+						  &werr);
 		if (W_ERROR_IS_OK(werr)) {
-			fstrcpy(tmp, domain_info->domain_controller_name);
+			tmp = talloc_strdup(
+				mem_ctx, domain_info->dc_unc);
+			if (tmp == NULL) {
+				DEBUG(0, ("talloc_strdup failed\n"));
+				talloc_destroy(mem_ctx);
+				return false;
+			}
 			if (strlen(domain->alt_name) == 0) {
 				fstrcpy(domain->alt_name,
 					domain_info->domain_name);
 			}
 			if (strlen(domain->forest_name) == 0) {
 				fstrcpy(domain->forest_name,
-					domain_info->dns_forest_name);
+					domain_info->forest_name);
 			}
 		}
 	} else {
-
-		werr = rpccli_netlogon_getanydcname(netlogon_pipe,
-						    mem_ctx,
-						    our_domain->dcname,
-						    domain->name,
-						    &tmp);
+		result = rpccli_netr_GetAnyDCName(netlogon_pipe, mem_ctx,
+						  our_domain->dcname,
+						  domain->name,
+						  &tmp,
+						  &werr);
 	}
 
 	/* And restore our original timeout. */
 	cli_set_timeout(netlogon_pipe->cli, orig_timeout);
 
-	talloc_destroy(mem_ctx);
+	if (!NT_STATUS_IS_OK(result)) {
+		DEBUG(10,("rpccli_netr_GetAnyDCName failed: %s\n",
+			nt_errstr(result)));
+		talloc_destroy(mem_ctx);
+		return false;
+	}
 
 	if (!W_ERROR_IS_OK(werr)) {
-		DEBUG(10, ("rpccli_netlogon_getanydcname failed: %s\n",
+		DEBUG(10,("rpccli_netr_GetAnyDCName failed: %s\n",
 			   dos_errstr(werr)));
-		return False;
+		talloc_destroy(mem_ctx);
+		return false;
 	}
 
-	/* cli_netlogon_getanydcname gives us a name with \\ */
+	/* rpccli_netr_GetAnyDCName gives us a name with \\ */
 	p = tmp;
 	if (*p == '\\') {
 		p+=1;
@@ -654,7 +666,9 @@ static bool get_dc_name_via_netlogon(struct winbindd_domain *domain,
 
 	fstrcpy(dcname, p);
 
-	DEBUG(10, ("rpccli_netlogon_getanydcname returned %s\n", dcname));
+	talloc_destroy(mem_ctx);
+
+	DEBUG(10,("rpccli_netr_GetAnyDCName returned %s\n", dcname));
 
 	if (!resolve_name(dcname, dc_ss, 0x20)) {
 		return False;
@@ -672,8 +686,22 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain,
 				char **machine_krb5_principal)
 {
 	const char *account_name;
+	const char *name = NULL;
+	
+	/* If we are a DC and this is not our own domain */
 
-	if (!get_trust_pw_clear(domain->name, machine_password,
+	if (IS_DC) {
+		name = domain->name;
+	} else {
+		struct winbindd_domain *our_domain = find_our_domain();
+
+		if (!our_domain)
+			return NT_STATUS_INVALID_SERVER_STATE;		
+		
+		name = our_domain->name;		
+	}	
+	
+	if (!get_trust_pw_clear(name, machine_password,
 				&account_name, NULL))
 	{
 		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
@@ -687,11 +715,15 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain,
 
 	/* this is at least correct when domain is our domain,
 	 * which is the only case, when this is currently used: */
-	if ((machine_krb5_principal != NULL) &&
-	    (asprintf(machine_krb5_principal, "%s$@%s", account_name,
-		      domain->alt_name) == -1))
+	if (machine_krb5_principal != NULL)
 	{
-		return NT_STATUS_NO_MEMORY;
+		if (asprintf(machine_krb5_principal, "%s$@%s",
+			     account_name, domain->alt_name) == -1)
+		{
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		strupper_m(*machine_krb5_principal);
 	}
 
 	return NT_STATUS_OK;
@@ -1691,12 +1723,11 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain )
 {
 	struct winbindd_domain *our_domain;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
-	struct ds_domain_trust *domains = NULL;
-	int count = 0;
+	struct netr_DomainTrustList trusts;
 	int i;
-	uint32 flags = (DS_DOMAIN_IN_FOREST | 
-			DS_DOMAIN_DIRECT_OUTBOUND | 
-			DS_DOMAIN_DIRECT_INBOUND);
+	uint32 flags = (NETR_TRUST_FLAG_IN_FOREST |
+			NETR_TRUST_FLAG_OUTBOUND |
+			NETR_TRUST_FLAG_INBOUND);
 	struct rpc_pipe_client *cli;
 	TALLOC_CTX *mem_ctx = NULL;
 
@@ -1738,27 +1769,35 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain )
 		return False;
 	}	
 
-	result = rpccli_ds_enum_domain_trusts(cli, mem_ctx,
-					      cli->cli->desthost, 
-					      flags, &domains,
-					      (unsigned int *)&count);
+	result = rpccli_netr_DsrEnumerateDomainTrusts(cli, mem_ctx,
+						      cli->cli->desthost,
+						      flags,
+						      &trusts,
+						      NULL);
+	if (!NT_STATUS_IS_OK(result)) {
+		DEBUG(0,("set_dc_type_and_flags_trustinfo: "
+			"failed to query trusted domain list: %s\n",
+			nt_errstr(result)));
+		talloc_destroy(mem_ctx);
+		return false;
+	}
 
 	/* Now find the domain name and get the flags */
 
-	for ( i=0; i<count; i++ ) {
-		if ( strequal( domain->name, domains[i].netbios_domain ) ) {			
-			domain->domain_flags          = domains[i].flags;
-			domain->domain_type           = domains[i].trust_type;
-			domain->domain_trust_attribs  = domains[i].trust_attributes;
-						
-			if ( domain->domain_type == DS_DOMAIN_TRUST_TYPE_UPLEVEL )
+	for ( i=0; i<trusts.count; i++ ) {
+		if ( strequal( domain->name, trusts.array[i].netbios_name) ) {
+			domain->domain_flags          = trusts.array[i].trust_flags;
+			domain->domain_type           = trusts.array[i].trust_type;
+			domain->domain_trust_attribs  = trusts.array[i].trust_attributes;
+
+			if ( domain->domain_type == NETR_TRUST_TYPE_UPLEVEL )
 				domain->active_directory = True;
 
 			/* This flag is only set if the domain is *our* 
 			   primary domain and the primary domain is in
 			   native mode */
 
-			domain->native_mode = (domain->domain_flags & DS_DOMAIN_NATIVE_MODE);
+			domain->native_mode = (domain->domain_flags & NETR_TRUST_FLAG_NATIVE);
 
 			DEBUG(5, ("set_dc_type_and_flags_trustinfo: domain %s is %sin "
 				  "native mode.\n", domain->name, 
@@ -1794,18 +1833,13 @@ static bool set_dc_type_and_flags_trustinfo( struct winbindd_domain *domain )
 static void set_dc_type_and_flags_connect( struct winbindd_domain *domain )
 {
 	NTSTATUS 		result;
-	DS_DOMINFO_CTR		ctr;
+	WERROR werr;
 	TALLOC_CTX              *mem_ctx = NULL;
 	struct rpc_pipe_client  *cli;
 	POLICY_HND pol;
+	union dssetup_DsRoleInfo info;
+	union lsa_PolicyInformation *lsa_info = NULL;
 
-	const char *domain_name = NULL;
-	const char *dns_name = NULL;
-	const char *forest_name = NULL;
-	DOM_SID *dom_sid = NULL;	
-
-	ZERO_STRUCT( ctr );
-	
 	if (!connection_ok(domain)) {
 		return;
 	}
@@ -1819,24 +1853,25 @@ static void set_dc_type_and_flags_connect( struct winbindd_domain *domain )
 
 	DEBUG(5, ("set_dc_type_and_flags_connect: domain %s\n", domain->name ));
 
-	cli = cli_rpc_pipe_open_noauth(domain->conn.cli, PI_LSARPC_DS,
+	cli = cli_rpc_pipe_open_noauth(domain->conn.cli, PI_DSSETUP,
 				       &result);
 
 	if (cli == NULL) {
 		DEBUG(5, ("set_dc_type_and_flags_connect: Could not bind to "
-			  "PI_LSARPC_DS on domain %s: (%s)\n",
+			  "PI_DSSETUP on domain %s: (%s)\n",
 			  domain->name, nt_errstr(result)));
 
 		/* if this is just a non-AD domain we need to continue
 		 * identifying so that we can in the end return with
 		 * domain->initialized = True - gd */
 
-		goto no_lsarpc_ds;
+		goto no_dssetup;
 	}
 
-	result = rpccli_ds_getprimarydominfo(cli, mem_ctx,
-					     DsRolePrimaryDomainInfoBasic,
-					     &ctr);
+	result = rpccli_dssetup_DsRoleGetPrimaryDomainInformation(cli, mem_ctx,
+								  DS_ROLE_BASIC_INFORMATION,
+								  &info,
+								  &werr);
 	cli_rpc_pipe_close(cli);
 
 	if (!NT_STATUS_IS_OK(result)) {
@@ -1845,26 +1880,26 @@ static void set_dc_type_and_flags_connect( struct winbindd_domain *domain )
 			  domain->name, nt_errstr(result)));
 
 		/* older samba3 DCs will return DCERPC_FAULT_OP_RNG_ERROR for
-		 * every opcode on the LSARPC_DS pipe, continue with
-		 * no_lsarpc_ds mode here as well to get domain->initialized
+		 * every opcode on the DSSETUP pipe, continue with
+		 * no_dssetup mode here as well to get domain->initialized
 		 * set - gd */
 
 		if (NT_STATUS_V(result) == DCERPC_FAULT_OP_RNG_ERROR) {
-			goto no_lsarpc_ds;
+			goto no_dssetup;
 		}
 
 		TALLOC_FREE(mem_ctx);
 		return;
 	}
-	
-	if ((ctr.basic->flags & DSROLE_PRIMARY_DS_RUNNING) &&
-	    !(ctr.basic->flags & DSROLE_PRIMARY_DS_MIXED_MODE)) {
+
+	if ((info.basic.flags & DS_ROLE_PRIMARY_DS_RUNNING) &&
+	    !(info.basic.flags & DS_ROLE_PRIMARY_DS_MIXED_MODE)) {
 		domain->native_mode = True;
 	} else {
 		domain->native_mode = False;
 	}
 
-no_lsarpc_ds:
+no_dssetup:
 	cli = cli_rpc_pipe_open_noauth(domain->conn.cli, PI_LSARPC, &result);
 
 	if (cli == NULL) {
@@ -1882,54 +1917,65 @@ no_lsarpc_ds:
 	if (NT_STATUS_IS_OK(result)) {
 		/* This particular query is exactly what Win2k clients use 
 		   to determine that the DC is active directory */
-		result = rpccli_lsa_query_info_policy2(cli, mem_ctx, &pol,
-						       12, &domain_name,
-						       &dns_name, &forest_name,
-						       NULL, &dom_sid);
+		result = rpccli_lsa_QueryInfoPolicy2(cli, mem_ctx,
+						     &pol,
+						     LSA_POLICY_INFO_DNS,
+						     &lsa_info);
 	}
 
 	if (NT_STATUS_IS_OK(result)) {
 		domain->active_directory = True;
 
-		if (domain_name)
-			fstrcpy(domain->name, domain_name);
+		if (lsa_info->dns.name.string) {
+			fstrcpy(domain->name, lsa_info->dns.name.string);
+		}
 
-		if (dns_name)
-			fstrcpy(domain->alt_name, dns_name);
+		if (lsa_info->dns.dns_domain.string) {
+			fstrcpy(domain->alt_name,
+				lsa_info->dns.dns_domain.string);
+		}
 
 		/* See if we can set some domain trust flags about
 		   ourself */
 
-		if ( forest_name ) {
-			fstrcpy(domain->forest_name, forest_name);		
+		if (lsa_info->dns.dns_forest.string) {
+			fstrcpy(domain->forest_name,
+				lsa_info->dns.dns_forest.string);
 
 			if (strequal(domain->forest_name, domain->alt_name)) {
-				domain->domain_flags = DS_DOMAIN_TREE_ROOT;
+				domain->domain_flags = NETR_TRUST_FLAG_TREEROOT;
 			}
 		}
 
-		if (dom_sid) 
-			sid_copy(&domain->sid, dom_sid);
+		if (lsa_info->dns.sid) {
+			sid_copy(&domain->sid, lsa_info->dns.sid);
+		}
 	} else {
 		domain->active_directory = False;
 
 		result = rpccli_lsa_open_policy(cli, mem_ctx, True, 
 						SEC_RIGHTS_MAXIMUM_ALLOWED,
 						&pol);
-			
-		if (!NT_STATUS_IS_OK(result))
+
+		if (!NT_STATUS_IS_OK(result)) {
 			goto done;
-			
-		result = rpccli_lsa_query_info_policy(cli, mem_ctx, 
-						      &pol, 5, &domain_name, 
-						      &dom_sid);
-			
+		}
+
+		result = rpccli_lsa_QueryInfoPolicy(cli, mem_ctx,
+						    &pol,
+						    LSA_POLICY_INFO_ACCOUNT_DOMAIN,
+						    &lsa_info);
+
 		if (NT_STATUS_IS_OK(result)) {
-			if (domain_name)
-				fstrcpy(domain->name, domain_name);
 
-			if (dom_sid) 
-				sid_copy(&domain->sid, dom_sid);
+			if (lsa_info->account_domain.name.string) {
+				fstrcpy(domain->name,
+					lsa_info->account_domain.name.string);
+			}
+
+			if (lsa_info->account_domain.sid) {
+				sid_copy(&domain->sid, lsa_info->account_domain.sid);
+			}
 		}
 	}
 done:
@@ -2076,13 +2122,14 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
 		  "pipe: user %s\\%s\n", domain->name,
 		  domain_name, machine_account));
 
-	result = rpccli_samr_connect(conn->samr_pipe, mem_ctx,
-				     SEC_RIGHTS_MAXIMUM_ALLOWED,
-				     &conn->sam_connect_handle);
+	result = rpccli_samr_Connect2(conn->samr_pipe, mem_ctx,
+				      conn->samr_pipe->cli->desthost,
+				      SEC_RIGHTS_MAXIMUM_ALLOWED,
+				      &conn->sam_connect_handle);
 	if (NT_STATUS_IS_OK(result)) {
 		goto open_domain;
 	}
-	DEBUG(10,("cm_connect_sam: ntlmssp-sealed rpccli_samr_connect "
+	DEBUG(10,("cm_connect_sam: ntlmssp-sealed rpccli_samr_Connect2 "
 		  "failed for domain %s, error was %s. Trying schannel\n",
 		  domain->name, nt_errstr(result) ));
 	cli_rpc_pipe_close(conn->samr_pipe);
@@ -2110,13 +2157,14 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
 	DEBUG(10,("cm_connect_sam: connected to SAMR pipe for domain %s using "
 		  "schannel.\n", domain->name ));
 
-	result = rpccli_samr_connect(conn->samr_pipe, mem_ctx,
-				     SEC_RIGHTS_MAXIMUM_ALLOWED,
-				     &conn->sam_connect_handle);
+	result = rpccli_samr_Connect2(conn->samr_pipe, mem_ctx,
+				      conn->samr_pipe->cli->desthost,
+				      SEC_RIGHTS_MAXIMUM_ALLOWED,
+				      &conn->sam_connect_handle);
 	if (NT_STATUS_IS_OK(result)) {
 		goto open_domain;
 	}
-	DEBUG(10,("cm_connect_sam: schannel-sealed rpccli_samr_connect failed "
+	DEBUG(10,("cm_connect_sam: schannel-sealed rpccli_samr_Connect2 failed "
 		  "for domain %s, error was %s. Trying anonymous\n",
 		  domain->name, nt_errstr(result) ));
 	cli_rpc_pipe_close(conn->samr_pipe);
@@ -2132,23 +2180,24 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
 		goto done;
 	}
 
-	result = rpccli_samr_connect(conn->samr_pipe, mem_ctx,
-				     SEC_RIGHTS_MAXIMUM_ALLOWED,
-				     &conn->sam_connect_handle);
+	result = rpccli_samr_Connect2(conn->samr_pipe, mem_ctx,
+				      conn->samr_pipe->cli->desthost,
+				      SEC_RIGHTS_MAXIMUM_ALLOWED,
+				      &conn->sam_connect_handle);
 	if (!NT_STATUS_IS_OK(result)) {
-		DEBUG(10,("cm_connect_sam: rpccli_samr_connect failed "
+		DEBUG(10,("cm_connect_sam: rpccli_samr_Connect2 failed "
 			  "for domain %s Error was %s\n",
 			  domain->name, nt_errstr(result) ));
 		goto done;
 	}
 
  open_domain:
-	result = rpccli_samr_open_domain(conn->samr_pipe,
-					 mem_ctx,
-					 &conn->sam_connect_handle,
-					 SEC_RIGHTS_MAXIMUM_ALLOWED,
-					 &domain->sid,
-					 &conn->sam_domain_handle);
+	result = rpccli_samr_OpenDomain(conn->samr_pipe,
+					mem_ctx,
+					&conn->sam_connect_handle,
+					SEC_RIGHTS_MAXIMUM_ALLOWED,
+					&domain->sid,
+					&conn->sam_domain_handle);
 
  done:
 
@@ -2291,7 +2340,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
 	struct winbindd_cm_conn *conn;
 	NTSTATUS result;
 
-	uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
+	uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
 	uint8  mach_pwd[16];
 	uint32  sec_chan_type;
 	const char *account_name;
diff --git a/source3/winbindd/winbindd_creds.c b/source3/winbindd/winbindd_creds.c
index 62facb6769..9c7acd64e6 100644
--- a/source3/winbindd/winbindd_creds.c
+++ b/source3/winbindd/winbindd_creds.c
@@ -29,11 +29,11 @@
 NTSTATUS winbindd_get_creds(struct winbindd_domain *domain,
 			    TALLOC_CTX *mem_ctx,
 			    const DOM_SID *sid,
-			    NET_USER_INFO_3 **info3,
+			    struct netr_SamInfo3 **info3,
 			    const uint8 *cached_nt_pass[NT_HASH_LEN],
 			    const uint8 *cred_salt[NT_HASH_LEN])
 {
-	NET_USER_INFO_3 *info;
+	struct netr_SamInfo3 *info;
 	NTSTATUS status;
 
 	status = wcache_get_creds(domain, mem_ctx, sid, cached_nt_pass, cred_salt);
@@ -56,7 +56,7 @@ NTSTATUS winbindd_store_creds(struct winbindd_domain *domain,
 			      TALLOC_CTX *mem_ctx, 
 			      const char *user, 
 			      const char *pass, 
-			      NET_USER_INFO_3 *info3,
+			      struct netr_SamInfo3 *info3,
 			      const DOM_SID *user_sid)
 {
 	NTSTATUS status;
@@ -66,10 +66,10 @@ NTSTATUS winbindd_store_creds(struct winbindd_domain *domain,
 	if (info3 != NULL) {
 	
 		DOM_SID sid;
-		sid_copy(&sid, &(info3->dom_sid.sid));
-		sid_append_rid(&sid, info3->user_rid);
+		sid_copy(&sid, info3->base.domain_sid);
+		sid_append_rid(&sid, info3->base.rid);
 		sid_copy(&cred_sid, &sid);
-		info3->user_flgs |= LOGON_CACHED_ACCOUNT;
+		info3->base.user_flags |= NETLOGON_CACHED_ACCOUNT;
 		
 	} else if (user_sid != NULL) {
 	
@@ -138,7 +138,7 @@ NTSTATUS winbindd_update_creds_by_info3(struct winbindd_domain *domain,
 				        TALLOC_CTX *mem_ctx,
 				        const char *user,
 				        const char *pass,
-				        NET_USER_INFO_3 *info3)
+				        struct netr_SamInfo3 *info3)
 {
 	return winbindd_store_creds(domain, mem_ctx, user, pass, info3, NULL);
 }
diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
index 778886d8e2..2b756b24d1 100644
--- a/source3/winbindd/winbindd_dual.c
+++ b/source3/winbindd/winbindd_dual.c
@@ -34,20 +34,22 @@
 #define DBGC_CLASS DBGC_WINBIND
 
 extern bool override_logfile;
+extern struct winbindd_methods cache_methods;
 
 /* Read some data from a client connection */
 
 static void child_read_request(struct winbindd_cli_state *state)
 {
-	ssize_t len;
+	NTSTATUS status;
 
 	/* Read data */
 
-	len = read_data(state->sock, (char *)&state->request,
-			sizeof(state->request), NULL);
+	status = read_data(state->sock, (char *)&state->request,
+			   sizeof(state->request));
 
-	if (len != sizeof(state->request)) {
-		DEBUG(len > 0 ? 0 : 3, ("Got invalid request length: %d\n", (int)len));
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(3, ("child_read_request: read_data failed: %s\n",
+			  nt_errstr(status)));
 		state->finished = True;
 		return;
 	}
@@ -71,11 +73,12 @@ static void child_read_request(struct winbindd_cli_state *state)
 	/* Ensure null termination */
 	state->request.extra_data.data[state->request.extra_len] = '\0';
 
-	len = read_data(state->sock, state->request.extra_data.data,
-			state->request.extra_len, NULL);
+	status= read_data(state->sock, state->request.extra_data.data,
+			  state->request.extra_len);
 
-	if (len != state->request.extra_len) {
-		DEBUG(0, ("Could not read extra data\n"));
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("Could not read extra data: %s\n",
+			  nt_errstr(status)));
 		state->finished = True;
 		return;
 	}
@@ -480,7 +483,6 @@ void winbind_child_died(pid_t pid)
 	child->event.fd = 0;
 	child->event.flags = 0;
 	child->pid = 0;
-	SAFE_FREE(child->logfilename);
 
 	schedule_async_request(child);
 }
@@ -677,6 +679,88 @@ void winbind_msg_dump_event_list(struct messaging_context *msg_ctx,
 
 }
 
+void winbind_msg_dump_domain_list(struct messaging_context *msg_ctx,
+				  void *private_data,
+				  uint32_t msg_type,
+				  struct server_id server_id,
+				  DATA_BLOB *data)
+{
+	TALLOC_CTX *mem_ctx;
+	const char *message = NULL;
+	struct server_id *sender = NULL;
+	const char *domain = NULL;
+	char *s = NULL;
+	NTSTATUS status;
+	struct winbindd_domain *dom = NULL;
+
+	DEBUG(5,("winbind_msg_dump_domain_list received.\n"));
+
+	if (!data || !data->data) {
+		return;
+	}
+
+	if (data->length < sizeof(struct server_id)) {
+		return;
+	}
+
+	mem_ctx = talloc_init("winbind_msg_dump_domain_list");
+	if (!mem_ctx) {
+		return;
+	}
+
+	sender = (struct server_id *)data->data;
+	if (data->length > sizeof(struct server_id)) {
+		domain = (const char *)data->data+sizeof(struct server_id);
+	}
+
+	if (domain) {
+
+		DEBUG(5,("winbind_msg_dump_domain_list for domain: %s\n",
+			domain));
+
+		message = NDR_PRINT_STRUCT_STRING(mem_ctx, winbindd_domain,
+						  find_domain_from_name_noinit(domain));
+		if (!message) {
+			talloc_destroy(mem_ctx);
+			return;
+		}
+
+		messaging_send_buf(msg_ctx, *sender,
+				   MSG_WINBIND_DUMP_DOMAIN_LIST,
+				   (uint8_t *)message, strlen(message) + 1);
+
+		talloc_destroy(mem_ctx);
+
+		return;
+	}
+
+	DEBUG(5,("winbind_msg_dump_domain_list all domains\n"));
+
+	for (dom = domain_list(); dom; dom=dom->next) {
+		message = NDR_PRINT_STRUCT_STRING(mem_ctx, winbindd_domain, dom);
+		if (!message) {
+			talloc_destroy(mem_ctx);
+			return;
+		}
+
+		s = talloc_asprintf_append(s, "%s\n", message);
+		if (!s) {
+			talloc_destroy(mem_ctx);
+			return;
+		}
+	}
+
+	status = messaging_send_buf(msg_ctx, *sender,
+				    MSG_WINBIND_DUMP_DOMAIN_LIST,
+				    (uint8_t *)s, strlen(s) + 1);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0,("failed to send message: %s\n",
+		nt_errstr(status)));
+	}
+
+	talloc_destroy(mem_ctx);
+}
+
 static void account_lockout_policy_handler(struct event_context *ctx,
 					   struct timed_event *te,
 					   const struct timeval *now,
@@ -686,7 +770,7 @@ static void account_lockout_policy_handler(struct event_context *ctx,
 		(struct winbindd_child *)private_data;
 	TALLOC_CTX *mem_ctx = NULL;
 	struct winbindd_methods *methods;
-	SAM_UNK_INFO_12 lockout_policy;
+	struct samr_DomInfo12 lockout_policy;
 	NTSTATUS result;
 
 	DEBUG(10,("account_lockout_policy_handler called\n"));
@@ -878,6 +962,13 @@ static bool fork_domain_child(struct winbindd_child *child)
 	struct winbindd_cli_state state;
 	struct winbindd_domain *domain;
 
+	if (child->domain) {
+		DEBUG(10, ("fork_domain_child called for domain '%s'\n",
+			   child->domain->name));
+	} else {
+		DEBUG(10, ("fork_domain_child called without domain.\n"));
+	}
+
 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, fdpair) != 0) {
 		DEBUG(0, ("Could not open child pipe: %s\n",
 			  strerror(errno)));
@@ -947,6 +1038,8 @@ static bool fork_domain_child(struct winbindd_child *child)
 			     MSG_WINBIND_ONLINESTATUS, NULL);
 	messaging_deregister(winbind_messaging_context(),
 			     MSG_DUMP_EVENT_LIST, NULL);
+	messaging_deregister(winbind_messaging_context(),
+			     MSG_WINBIND_DUMP_DOMAIN_LIST, NULL);
 
 	/* Handle online/offline messages. */
 	messaging_register(winbind_messaging_context(), NULL,
@@ -991,6 +1084,16 @@ static bool fork_domain_child(struct winbindd_child *child)
 			child);
 	}
 
+	/* Special case for Winbindd on a Samba DC,
+	 * We want to make sure the child can connect to smbd
+	 * but not the main daemon */
+
+	if (child->domain && child->domain->internal && IS_DC) {
+		child->domain->internal = False;
+		child->domain->methods = &cache_methods;
+		child->domain->online = False;
+	}
+
 	while (1) {
 
 		int ret;
diff --git a/source3/winbindd/winbindd_locator.c b/source3/winbindd/winbindd_locator.c
index 05bd74af25..10a6c5afeb 100644
--- a/source3/winbindd/winbindd_locator.c
+++ b/source3/winbindd/winbindd_locator.c
@@ -58,7 +58,7 @@ static enum winbindd_result dual_dsgetdcname(struct winbindd_domain *domain,
 					     struct winbindd_cli_state *state)
 {
 	NTSTATUS result;
-	struct DS_DOMAIN_CONTROLLER_INFO *info = NULL;
+	struct netr_DsRGetDCNameInfo *info = NULL;
 	const char *dc = NULL;
 
 	state->request.domain_name
@@ -67,22 +67,22 @@ static enum winbindd_result dual_dsgetdcname(struct winbindd_domain *domain,
 	DEBUG(3, ("[%5lu]: dsgetdcname for %s\n", (unsigned long)state->pid,
 		  state->request.domain_name));
 
-	result = dsgetdcname(state->mem_ctx, NULL, state->request.domain_name,
+	result = dsgetdcname(state->mem_ctx, state->request.domain_name,
 			     NULL, NULL, state->request.flags, &info);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		return WINBINDD_ERROR;
 	}
 
-	if (info->domain_controller_address) {
-		dc = info->domain_controller_address;
+	if (info->dc_address) {
+		dc = info->dc_address;
 		if ((dc[0] == '\\') && (dc[1] == '\\')) {
 			dc += 2;
 		}
 	}
 
-	if ((!dc || !is_ipaddress_v4(dc)) && info->domain_controller_name) {
-		dc = info->domain_controller_name;
+	if ((!dc || !is_ipaddress_v4(dc)) && info->dc_unc) {
+		dc = info->dc_unc;
 	}
 
 	if (!dc || !*dc) {
diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c
index 76f2554122..c22da3e8ef 100644
--- a/source3/winbindd/winbindd_misc.c
+++ b/source3/winbindd/winbindd_misc.c
@@ -231,8 +231,8 @@ void winbindd_getdcname(struct winbindd_cli_state *state)
 enum winbindd_result winbindd_dual_getdcname(struct winbindd_domain *domain,
 					     struct winbindd_cli_state *state)
 {
-	char *dcname_slash = NULL;
-	char *p;
+	const char *dcname_slash = NULL;
+	const char *p;
 	struct rpc_pipe_client *netlogon_pipe;
 	NTSTATUS result;
 	WERROR werr;
@@ -259,19 +259,29 @@ enum winbindd_result winbindd_dual_getdcname(struct winbindd_domain *domain,
 
 	req_domain = find_domain_from_name_noinit(state->request.domain_name);
 	if (req_domain == domain) {
-		werr = rpccli_netlogon_getdcname(netlogon_pipe, state->mem_ctx,
-						 domain->dcname,
-						 state->request.domain_name,
-						 &dcname_slash);
+		result = rpccli_netr_GetDcName(netlogon_pipe,
+					       state->mem_ctx,
+					       domain->dcname,
+					       state->request.domain_name,
+					       &dcname_slash,
+					       &werr);
 	} else {
-		werr = rpccli_netlogon_getanydcname(netlogon_pipe, state->mem_ctx,
-						    domain->dcname,
-						    state->request.domain_name,
-						    &dcname_slash);
+		result = rpccli_netr_GetAnyDCName(netlogon_pipe,
+						  state->mem_ctx,
+						  domain->dcname,
+						  state->request.domain_name,
+						  &dcname_slash,
+						  &werr);
 	}
 	/* And restore our original timeout. */
 	cli_set_timeout(netlogon_pipe->cli, orig_timeout);
 
+	if (!NT_STATUS_IS_OK(result)) {
+		DEBUG(5,("Error requesting DCname for domain %s: %s\n",
+			state->request.domain_name, nt_errstr(result)));
+		return WINBINDD_ERROR;
+	}
+
 	if (!W_ERROR_IS_OK(werr)) {
 		DEBUG(5, ("Error requesting DCname for domain %s: %s\n",
 			state->request.domain_name, dos_errstr(werr)));
diff --git a/source3/winbindd/winbindd_ndr.c b/source3/winbindd/winbindd_ndr.c
new file mode 100644
index 0000000000..842c915c5f
--- /dev/null
+++ b/source3/winbindd/winbindd_ndr.c
@@ -0,0 +1,153 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  winbindd debug helper
+ *  Copyright (C) Guenther Deschner 2008
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include "winbindd.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_WINBIND
+
+/****************************************************************
+****************************************************************/
+
+void ndr_print_winbindd_child(struct ndr_print *ndr,
+			      const char *name,
+			      const struct winbindd_child *r)
+{
+	ndr_print_struct(ndr, name, "winbindd_child");
+	ndr->depth++;
+	ndr_print_ptr(ndr, "next", r->next);
+	ndr_print_ptr(ndr, "prev", r->prev);
+	ndr_print_uint32(ndr, "pid", (uint32_t)r->pid);
+#if 0
+	ndr_print_winbindd_domain(ndr, "domain", r->domain);
+#else
+	ndr_print_ptr(ndr, "domain", r->domain);
+#endif
+	ndr_print_string(ndr, "logfilename", r->logfilename);
+	/* struct fd_event event; */
+	ndr_print_ptr(ndr, "lockout_policy_event", r->lockout_policy_event);
+	ndr_print_ptr(ndr, "requests", r->requests);
+	ndr_print_ptr(ndr, "table", r->table);
+	ndr->depth--;
+}
+
+/****************************************************************
+****************************************************************/
+
+void ndr_print_winbindd_cm_conn(struct ndr_print *ndr,
+				const char *name,
+				const struct winbindd_cm_conn *r)
+{
+	ndr_print_struct(ndr, name, "winbindd_cm_conn");
+	ndr->depth++;
+	ndr_print_ptr(ndr, "cli", r->cli);
+	ndr_print_ptr(ndr, "samr_pipe", r->samr_pipe);
+	ndr_print_policy_handle(ndr, "sam_connect_handle", &r->sam_connect_handle);
+	ndr_print_policy_handle(ndr, "sam_domain_handle", &r->sam_domain_handle);
+	ndr_print_ptr(ndr, "lsa_pipe", r->lsa_pipe);
+	ndr_print_policy_handle(ndr, "lsa_policy", &r->lsa_policy);
+	ndr_print_ptr(ndr, "netlogon_pipe", r->netlogon_pipe);
+	ndr->depth--;
+}
+
+/****************************************************************
+****************************************************************/
+
+void ndr_print_winbindd_methods(struct ndr_print *ndr,
+				const char *name,
+				const struct winbindd_methods *r)
+{
+#ifdef HAVE_ADS
+	extern struct winbindd_methods ads_methods;
+#endif
+	extern struct winbindd_methods msrpc_methods;
+	extern struct winbindd_methods passdb_methods;
+	extern struct winbindd_methods reconnect_methods;
+	extern struct winbindd_methods cache_methods;
+
+	ndr_print_struct(ndr, name, "winbindd_methods");
+	ndr->depth++;
+
+	if (r == NULL) {
+		ndr_print_string(ndr, name, "(NULL)");
+		ndr->depth--;
+		return;
+	}
+
+	if (r == &msrpc_methods) {
+		ndr_print_string(ndr, name, "msrpc_methods");
+#ifdef HAVE_ADS
+	} else if (r == &ads_methods) {
+		ndr_print_string(ndr, name, "ads_methods");
+#endif
+	} else if (r == &passdb_methods) {
+		ndr_print_string(ndr, name, "passdb_methods");
+	} else if (r == &reconnect_methods) {
+		ndr_print_string(ndr, name, "reconnect_methods");
+	} else if (r == &cache_methods) {
+		ndr_print_string(ndr, name, "cache_methods");
+	} else {
+		ndr_print_string(ndr, name, "UNKNOWN");
+	}
+	ndr->depth--;
+}
+
+/****************************************************************
+****************************************************************/
+
+void ndr_print_winbindd_domain(struct ndr_print *ndr,
+			       const char *name,
+			       const struct winbindd_domain *r)
+{
+	if (!r) {
+		return;
+	}
+
+	ndr_print_struct(ndr, name, "winbindd_domain");
+	ndr->depth++;
+	ndr_print_string(ndr, "name", r->name);
+	ndr_print_string(ndr, "alt_name", r->alt_name);
+	ndr_print_string(ndr, "forest_name", r->forest_name);
+	ndr_print_dom_sid(ndr, "sid", &r->sid);
+	ndr_print_netr_TrustFlags(ndr, "domain_flags", r->domain_flags);
+	ndr_print_netr_TrustType(ndr, "domain_type", r->domain_type);
+	ndr_print_netr_TrustAttributes(ndr, "domain_trust_attribs", r->domain_trust_attribs);
+	ndr_print_bool(ndr, "initialized", r->initialized);
+	ndr_print_bool(ndr, "native_mode", r->native_mode);
+	ndr_print_bool(ndr, "active_directory", r->active_directory);
+	ndr_print_bool(ndr, "primary", r->primary);
+	ndr_print_bool(ndr, "internal", r->internal);
+	ndr_print_bool(ndr, "online", r->online);
+	ndr_print_time_t(ndr, "startup_time", r->startup_time);
+	ndr_print_bool(ndr, "startup", r->startup);
+	ndr_print_winbindd_methods(ndr, "methods", r->methods);
+	ndr_print_winbindd_methods(ndr, "backend", r->backend);
+	ndr_print_ptr(ndr, "private_data", r->private_data);
+	ndr_print_string(ndr, "dcname", r->dcname);
+	ndr_print_sockaddr_storage(ndr, "dcaddr", &r->dcaddr);
+	ndr_print_time_t(ndr, "last_seq_check", r->last_seq_check);
+	ndr_print_uint32(ndr, "sequence_number", r->sequence_number);
+	ndr_print_NTSTATUS(ndr, "last_status", r->last_status);
+	ndr_print_winbindd_cm_conn(ndr, "conn", &r->conn);
+	ndr_print_winbindd_child(ndr, "child", &r->child);
+	ndr_print_uint32(ndr, "check_online_timeout", r->check_online_timeout);
+	ndr_print_ptr(ndr, "check_online_event", r->check_online_event);
+	ndr->depth--;
+}
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 525096b0a2..ef5a312eea 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -29,139 +29,162 @@
 
 static NTSTATUS append_info3_as_txt(TALLOC_CTX *mem_ctx,
 				    struct winbindd_cli_state *state,
-				    NET_USER_INFO_3 *info3)
+				    struct netr_SamInfo3 *info3)
 {
-	fstring str_sid;
+	char *ex;
+	size_t size;
+	uint32_t i;
 
 	state->response.data.auth.info3.logon_time =
-		nt_time_to_unix(info3->logon_time);
+		nt_time_to_unix(info3->base.last_logon);
 	state->response.data.auth.info3.logoff_time =
-		nt_time_to_unix(info3->logoff_time);
+		nt_time_to_unix(info3->base.last_logoff);
 	state->response.data.auth.info3.kickoff_time =
-		nt_time_to_unix(info3->kickoff_time);
+		nt_time_to_unix(info3->base.acct_expiry);
 	state->response.data.auth.info3.pass_last_set_time =
-		nt_time_to_unix(info3->pass_last_set_time);
+		nt_time_to_unix(info3->base.last_password_change);
 	state->response.data.auth.info3.pass_can_change_time =
-		nt_time_to_unix(info3->pass_can_change_time);
+		nt_time_to_unix(info3->base.allow_password_change);
 	state->response.data.auth.info3.pass_must_change_time =
-		nt_time_to_unix(info3->pass_must_change_time);
-
-	state->response.data.auth.info3.logon_count = info3->logon_count;
-	state->response.data.auth.info3.bad_pw_count = info3->bad_pw_count;
-
-	state->response.data.auth.info3.user_rid = info3->user_rid;
-	state->response.data.auth.info3.group_rid = info3->group_rid;
-	sid_to_fstring(str_sid, &(info3->dom_sid.sid));
-	fstrcpy(state->response.data.auth.info3.dom_sid, str_sid);
-
-	state->response.data.auth.info3.num_groups = info3->num_groups;
-	state->response.data.auth.info3.user_flgs = info3->user_flgs;
-
-	state->response.data.auth.info3.acct_flags = info3->acct_flags;
-	state->response.data.auth.info3.num_other_sids = info3->num_other_sids;
-
-	unistr2_to_ascii(state->response.data.auth.info3.user_name,
-		&info3->uni_user_name,
-		sizeof(state->response.data.auth.info3.user_name));
-	unistr2_to_ascii(state->response.data.auth.info3.full_name,
-		&info3->uni_full_name,
-		sizeof(state->response.data.auth.info3.full_name));
-	unistr2_to_ascii(state->response.data.auth.info3.logon_script,
-		&info3->uni_logon_script,
-		sizeof(state->response.data.auth.info3.logon_script));
-	unistr2_to_ascii(state->response.data.auth.info3.profile_path,
-		&info3->uni_profile_path,
-		sizeof(state->response.data.auth.info3.profile_path));
-	unistr2_to_ascii(state->response.data.auth.info3.home_dir,
-		&info3->uni_home_dir,
-		sizeof(state->response.data.auth.info3.home_dir));
-	unistr2_to_ascii(state->response.data.auth.info3.dir_drive,
-		&info3->uni_dir_drive,
-		sizeof(state->response.data.auth.info3.dir_drive));
-
-	unistr2_to_ascii(state->response.data.auth.info3.logon_srv,
-		&info3->uni_logon_srv,
-		sizeof(state->response.data.auth.info3.logon_srv));
-	unistr2_to_ascii(state->response.data.auth.info3.logon_dom,
-		&info3->uni_logon_dom,
-		sizeof(state->response.data.auth.info3.logon_dom));
+		nt_time_to_unix(info3->base.force_password_change);
+
+	state->response.data.auth.info3.logon_count = info3->base.logon_count;
+	state->response.data.auth.info3.bad_pw_count = info3->base.bad_password_count;
+
+	state->response.data.auth.info3.user_rid = info3->base.rid;
+	state->response.data.auth.info3.group_rid = info3->base.primary_gid;
+	sid_to_fstring(state->response.data.auth.info3.dom_sid, info3->base.domain_sid);
+
+	state->response.data.auth.info3.num_groups = info3->base.groups.count;
+	state->response.data.auth.info3.user_flgs = info3->base.user_flags;
+
+	state->response.data.auth.info3.acct_flags = info3->base.acct_flags;
+	state->response.data.auth.info3.num_other_sids = info3->sidcount;
+
+	fstrcpy(state->response.data.auth.info3.user_name,
+		info3->base.account_name.string);
+	fstrcpy(state->response.data.auth.info3.full_name,
+		info3->base.full_name.string);
+	fstrcpy(state->response.data.auth.info3.logon_script,
+		info3->base.logon_script.string);
+	fstrcpy(state->response.data.auth.info3.profile_path,
+		info3->base.profile_path.string);
+	fstrcpy(state->response.data.auth.info3.home_dir,
+		info3->base.home_directory.string);
+	fstrcpy(state->response.data.auth.info3.dir_drive,
+		info3->base.home_drive.string);
+
+	fstrcpy(state->response.data.auth.info3.logon_srv,
+		info3->base.logon_server.string);
+	fstrcpy(state->response.data.auth.info3.logon_dom,
+		info3->base.domain.string);
+
+	ex = talloc_strdup(mem_ctx, "");
+	NT_STATUS_HAVE_NO_MEMORY(ex);
+
+	for (i=0; i < info3->base.groups.count; i++) {
+		ex = talloc_asprintf_append_buffer(ex, "0x%08X:0x%08X\n",
+						   info3->base.groups.rids[i].rid,
+						   info3->base.groups.rids[i].attributes);
+		NT_STATUS_HAVE_NO_MEMORY(ex);
+	}
+
+	for (i=0; i < info3->sidcount; i++) {
+		char *sid;
+
+		sid = dom_sid_string(mem_ctx, info3->sids[i].sid);
+		NT_STATUS_HAVE_NO_MEMORY(sid);
+
+		ex = talloc_asprintf_append_buffer(ex, "%s:0x%08X\n",
+						   sid,
+						   info3->sids[i].attributes);
+		NT_STATUS_HAVE_NO_MEMORY(ex);
+
+		talloc_free(sid);
+	}
+
+	size = talloc_get_size(ex);
+
+	SAFE_FREE(state->response.extra_data.data);
+	state->response.extra_data.data = SMB_MALLOC(size);
+	if (!state->response.extra_data.data) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	memcpy(state->response.extra_data.data, ex, size);
+	talloc_free(ex);
+
+	state->response.length += size;
 
 	return NT_STATUS_OK;
 }
 
 static NTSTATUS append_info3_as_ndr(TALLOC_CTX *mem_ctx,
 				    struct winbindd_cli_state *state,
-				    NET_USER_INFO_3 *info3)
+				    struct netr_SamInfo3 *info3)
 {
-	prs_struct ps;
-	uint32 size;
-	if (!prs_init(&ps, 256 /* Random, non-zero number */, mem_ctx, MARSHALL)) {
-		return NT_STATUS_NO_MEMORY;
-	}
-	if (!net_io_user_info3("", info3, &ps, 1, 3, False)) {
-		prs_mem_free(&ps);
-		return NT_STATUS_UNSUCCESSFUL;
+	DATA_BLOB blob;
+	enum ndr_err_code ndr_err;
+
+	ndr_err = ndr_push_struct_blob(&blob, mem_ctx, info3,
+				       (ndr_push_flags_fn_t)ndr_push_netr_SamInfo3);
+	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+		DEBUG(0,("append_info3_as_ndr: failed to append\n"));
+		return ndr_map_error2ntstatus(ndr_err);
 	}
 
-	size = prs_data_size(&ps);
 	SAFE_FREE(state->response.extra_data.data);
-	state->response.extra_data.data = SMB_MALLOC(size);
+	state->response.extra_data.data = SMB_MALLOC(blob.length);
 	if (!state->response.extra_data.data) {
-		prs_mem_free(&ps);
+		data_blob_free(&blob);
 		return NT_STATUS_NO_MEMORY;
 	}
-	memset( state->response.extra_data.data, '\0', size );
-	prs_copy_all_data_out((char *)state->response.extra_data.data, &ps);
-	state->response.length += size;
-	prs_mem_free(&ps);
+
+	memset(state->response.extra_data.data, '\0', blob.length);
+	memcpy(state->response.extra_data.data, blob.data, blob.length);
+	state->response.length += blob.length;
+
+	data_blob_free(&blob);
+
 	return NT_STATUS_OK;
 }
 
 static NTSTATUS append_unix_username(TALLOC_CTX *mem_ctx,
 				     struct winbindd_cli_state *state,
-				     const NET_USER_INFO_3 *info3,
+				     const struct netr_SamInfo3 *info3,
 				     const char *name_domain,
 				     const char *name_user)
 {
 	/* We've been asked to return the unix username, per
 	   'winbind use default domain' settings and the like */
 
-	fstring username_out;
 	const char *nt_username, *nt_domain;
 
-	if (!(nt_domain = unistr2_to_ascii_talloc(mem_ctx,
-				       &info3->uni_logon_dom))) {
+	nt_domain = talloc_strdup(mem_ctx, info3->base.domain.string);
+	if (!nt_domain) {
 		/* If the server didn't give us one, just use the one
 		 * we sent them */
 		nt_domain = name_domain;
 	}
 
-	if (!(nt_username = unistr2_to_ascii_talloc(mem_ctx,
-					 &info3->uni_user_name))) {
+	nt_username = talloc_strdup(mem_ctx, info3->base.account_name.string);
+	if (!nt_username) {
 		/* If the server didn't give us one, just use the one
 		 * we sent them */
 		nt_username = name_user;
 	}
 
-	fill_domain_username(username_out, nt_domain, nt_username,
-			     True);
+	fill_domain_username(state->response.data.auth.unix_username,
+			     nt_domain, nt_username, True);
 
-	DEBUG(5,("Setting unix username to [%s]\n", username_out));
-
-	SAFE_FREE(state->response.extra_data.data);
-	state->response.extra_data.data = SMB_STRDUP(username_out);
-	if (!state->response.extra_data.data) {
-		return NT_STATUS_NO_MEMORY;
-	}
-	state->response.length +=
-		strlen((const char *)state->response.extra_data.data)+1;
+	DEBUG(5,("Setting unix username to [%s]\n",
+		state->response.data.auth.unix_username));
 
 	return NT_STATUS_OK;
 }
 
 static NTSTATUS append_afs_token(TALLOC_CTX *mem_ctx,
 				 struct winbindd_cli_state *state,
-				 const NET_USER_INFO_3 *info3,
+				 const struct netr_SamInfo3 *info3,
 				 const char *name_domain,
 				 const char *name_user)
 {
@@ -185,8 +208,8 @@ static NTSTATUS append_afs_token(TALLOC_CTX *mem_ctx,
 		DOM_SID user_sid;
 		fstring sidstr;
 
-		sid_copy(&user_sid, &info3->dom_sid.sid);
-		sid_append_rid(&user_sid, info3->user_rid);
+		sid_copy(&user_sid, info3->base.domain_sid);
+		sid_append_rid(&user_sid, info3->base.rid);
 		sid_to_fstring(sidstr, &user_sid);
 		afsname = talloc_string_sub(mem_ctx, afsname,
 					    "%s", sidstr);
@@ -223,7 +246,7 @@ static NTSTATUS append_afs_token(TALLOC_CTX *mem_ctx,
 }
 
 static NTSTATUS check_info3_in_group(TALLOC_CTX *mem_ctx,
-				     NET_USER_INFO_3 *info3,
+				     struct netr_SamInfo3 *info3,
 				     const char *group_sid)
 /**
  * Check whether a user belongs to a group or list of groups.
@@ -327,7 +350,7 @@ struct winbindd_domain *find_auth_domain(struct winbindd_cli_state *state,
 	if (IS_DC) {
 		domain = find_domain_from_name_noinit(domain_name);
 		if (domain == NULL) {
-			DEBUG(3, ("Authentication for domain [%s] refused"
+			DEBUG(3, ("Authentication for domain [%s] refused "
 				  "as it is not a trusted domain\n", 
 				  domain_name));
 		}
@@ -373,7 +396,7 @@ static NTSTATUS fillup_password_policy(struct winbindd_domain *domain,
 {
 	struct winbindd_methods *methods;
 	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
-	SAM_UNK_INFO_1 password_policy;
+	struct samr_DomInfo1 password_policy;
 
 	if ( !winbindd_can_contact_domain( domain ) ) {
 		DEBUG(5,("fillup_password_policy: No inbound trust to "
@@ -389,28 +412,28 @@ static NTSTATUS fillup_password_policy(struct winbindd_domain *domain,
 	}
 
 	state->response.data.auth.policy.min_length_password =
-		password_policy.min_length_password;
+		password_policy.min_password_length;
 	state->response.data.auth.policy.password_history =
-		password_policy.password_history;
+		password_policy.password_history_length;
 	state->response.data.auth.policy.password_properties =
 		password_policy.password_properties;
 	state->response.data.auth.policy.expire	=
-		nt_time_to_unix_abs(&(password_policy.expire));
-	state->response.data.auth.policy.min_passwordage = 
-		nt_time_to_unix_abs(&(password_policy.min_passwordage));
+		nt_time_to_unix_abs((NTTIME *)&(password_policy.max_password_age));
+	state->response.data.auth.policy.min_passwordage =
+		nt_time_to_unix_abs((NTTIME *)&(password_policy.min_password_age));
 
 	return NT_STATUS_OK;
 }
 
 static NTSTATUS get_max_bad_attempts_from_lockout_policy(struct winbindd_domain *domain, 
 							 TALLOC_CTX *mem_ctx, 
-							 uint16 *max_allowed_bad_attempts)
+							 uint16 *lockout_threshold)
 {
 	struct winbindd_methods *methods;
 	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
-	SAM_UNK_INFO_12 lockout_policy;
+	struct samr_DomInfo12 lockout_policy;
 
-	*max_allowed_bad_attempts = 0;
+	*lockout_threshold = 0;
 
 	methods = domain->methods;
 
@@ -419,7 +442,7 @@ static NTSTATUS get_max_bad_attempts_from_lockout_policy(struct winbindd_domain
 		return status;
 	}
 
-	*max_allowed_bad_attempts = lockout_policy.bad_attempt_lockout;
+	*lockout_threshold = lockout_policy.lockout_threshold;
 
 	return NT_STATUS_OK;
 }
@@ -430,7 +453,7 @@ static NTSTATUS get_pwd_properties(struct winbindd_domain *domain,
 {
 	struct winbindd_methods *methods;
 	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
-	SAM_UNK_INFO_1 password_policy;
+	struct samr_DomInfo1 password_policy;
 
 	*password_properties = 0;
 
@@ -537,7 +560,7 @@ static uid_t get_uid_from_state(struct winbindd_cli_state *state)
 
 static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
 					    struct winbindd_cli_state *state,
-					    NET_USER_INFO_3 **info3)
+					    struct netr_SamInfo3 **info3)
 {
 #ifdef HAVE_KRB5
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
@@ -705,17 +728,17 @@ failed:
 static bool check_request_flags(uint32_t flags)
 {
 	uint32_t flags_edata = WBFLAG_PAM_AFS_TOKEN |
-			       WBFLAG_PAM_UNIX_NAME |
+			       WBFLAG_PAM_INFO3_TEXT |
 			       WBFLAG_PAM_INFO3_NDR;
 
 	if ( ( (flags & flags_edata) == WBFLAG_PAM_AFS_TOKEN) ||
 	     ( (flags & flags_edata) == WBFLAG_PAM_INFO3_NDR) ||
-	     ( (flags & flags_edata) == WBFLAG_PAM_UNIX_NAME) ||
+	     ( (flags & flags_edata) == WBFLAG_PAM_INFO3_TEXT)||
 	      !(flags & flags_edata) ) {
 		return True;
 	}
 
-	DEBUG(1,("check_request_flags: invalid request flags\n"));
+	DEBUG(1,("check_request_flags: invalid request flags[0x%08X]\n",flags));
 
 	return False;
 }
@@ -724,7 +747,7 @@ static bool check_request_flags(uint32_t flags)
 ****************************************************************/
 
 static NTSTATUS append_data(struct winbindd_cli_state *state,
-			    NET_USER_INFO_3 *info3,
+			    struct netr_SamInfo3 *info3,
 			    const char *name_domain,
 			    const char *name_user)
 {
@@ -733,14 +756,14 @@ static NTSTATUS append_data(struct winbindd_cli_state *state,
 
 	if (flags & WBFLAG_PAM_USER_SESSION_KEY) {
 		memcpy(state->response.data.auth.user_session_key,
-		       info3->user_sess_key,
+		       info3->base.key.key,
 		       sizeof(state->response.data.auth.user_session_key)
 		       /* 16 */);
 	}
 
 	if (flags & WBFLAG_PAM_LMKEY) {
 		memcpy(state->response.data.auth.first_8_lm_hash,
-		       info3->lm_sess_key,
+		       info3->base.LMSessKey.key,
 		       sizeof(state->response.data.auth.first_8_lm_hash)
 		       /* 8 */);
 	}
@@ -841,7 +864,7 @@ void winbindd_pam_auth(struct winbindd_cli_state *state)
 
 NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
 				       struct winbindd_cli_state *state,
-				       NET_USER_INFO_3 **info3)
+				       struct netr_SamInfo3 **info3)
 {
 	NTSTATUS result = NT_STATUS_LOGON_FAILURE;
 	uint16 max_allowed_bad_attempts; 
@@ -851,7 +874,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
 	uchar new_nt_pass[NT_HASH_LEN];
 	const uint8 *cached_nt_pass;
 	const uint8 *cached_salt;
-	NET_USER_INFO_3 *my_info3;
+	struct netr_SamInfo3 *my_info3;
 	time_t kickoff_time, must_change_time;
 	bool password_good = False;
 #ifdef HAVE_KRB5
@@ -923,43 +946,43 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
 		/* User *DOES* know the password, update logon_time and reset
 		 * bad_pw_count */
 	
-		my_info3->user_flgs |= LOGON_CACHED_ACCOUNT;
+		my_info3->base.user_flags |= NETLOGON_CACHED_ACCOUNT;
 	
-		if (my_info3->acct_flags & ACB_AUTOLOCK) {
+		if (my_info3->base.acct_flags & ACB_AUTOLOCK) {
 			return NT_STATUS_ACCOUNT_LOCKED_OUT;
 		}
 	
-		if (my_info3->acct_flags & ACB_DISABLED) {
+		if (my_info3->base.acct_flags & ACB_DISABLED) {
 			return NT_STATUS_ACCOUNT_DISABLED;
 		}
 	
-		if (my_info3->acct_flags & ACB_WSTRUST) {
+		if (my_info3->base.acct_flags & ACB_WSTRUST) {
 			return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT;
 		}
 	
-		if (my_info3->acct_flags & ACB_SVRTRUST) {
+		if (my_info3->base.acct_flags & ACB_SVRTRUST) {
 			return NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT;
 		}
 	
-		if (my_info3->acct_flags & ACB_DOMTRUST) {
+		if (my_info3->base.acct_flags & ACB_DOMTRUST) {
 			return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT;
 		}
 
-		if (!(my_info3->acct_flags & ACB_NORMAL)) {
+		if (!(my_info3->base.acct_flags & ACB_NORMAL)) {
 			DEBUG(0,("winbindd_dual_pam_auth_cached: whats wrong with that one?: 0x%08x\n", 
-				my_info3->acct_flags));
+				my_info3->base.acct_flags));
 			return NT_STATUS_LOGON_FAILURE;
 		}
 
-		kickoff_time = nt_time_to_unix(my_info3->kickoff_time);
+		kickoff_time = nt_time_to_unix(my_info3->base.acct_expiry);
 		if (kickoff_time != 0 && time(NULL) > kickoff_time) {
 			return NT_STATUS_ACCOUNT_EXPIRED;
 		}
 
-		must_change_time = nt_time_to_unix(my_info3->pass_must_change_time);
+		must_change_time = nt_time_to_unix(my_info3->base.force_password_change);
 		if (must_change_time != 0 && must_change_time < time(NULL)) {
 			/* we allow grace logons when the password has expired */
-			my_info3->user_flgs |= LOGON_GRACE_LOGON;
+			my_info3->base.user_flags |= NETLOGON_GRACE_LOGON;
 			/* return NT_STATUS_PASSWORD_EXPIRED; */
 			goto success;
 		}
@@ -967,7 +990,7 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
 #ifdef HAVE_KRB5
 		if ((state->request.flags & WBFLAG_PAM_KRB5) &&
 		    ((tdc_domain = wcache_tdc_fetch_domain(state->mem_ctx, name_domain)) != NULL) &&
-		    (tdc_domain->trust_type & DS_DOMAIN_TRUST_TYPE_UPLEVEL)) {
+		    (tdc_domain->trust_type & NETR_TRUST_TYPE_UPLEVEL)) {
 
 			uid_t uid = -1;
 			const char *cc = NULL;
@@ -1030,8 +1053,8 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
 		/* FIXME: we possibly should handle logon hours as well (does xp when
 		 * offline?) see auth/auth_sam.c:sam_account_ok for details */
 
-		unix_to_nt_time(&my_info3->logon_time, time(NULL));
-		my_info3->bad_pw_count = 0;
+		unix_to_nt_time(&my_info3->base.last_logon, time(NULL));
+		my_info3->base.bad_password_count = 0;
 
 		result = winbindd_update_creds_by_info3(domain,
 							state->mem_ctx,
@@ -1058,14 +1081,14 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
 	}
 
 	/* increase counter */
-	my_info3->bad_pw_count++;
+	my_info3->base.bad_password_count++;
 
 	if (max_allowed_bad_attempts == 0) {
 		goto failed;
 	}
 
 	/* lockout user */
-	if (my_info3->bad_pw_count >= max_allowed_bad_attempts) {
+	if (my_info3->base.bad_password_count >= max_allowed_bad_attempts) {
 
 		uint32 password_properties;
 
@@ -1074,9 +1097,9 @@ NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain,
 			DEBUG(10,("winbindd_dual_pam_auth_cached: failed to get password properties.\n"));
 		}
 
-		if ((my_info3->user_rid != DOMAIN_USER_RID_ADMIN) || 
-		    (password_properties & DOMAIN_LOCKOUT_ADMINS)) {
-			my_info3->acct_flags |= ACB_AUTOLOCK;
+		if ((my_info3->base.rid != DOMAIN_USER_RID_ADMIN) ||
+		    (password_properties & DOMAIN_PASSWORD_LOCKOUT_ADMINS)) {
+			my_info3->base.acct_flags |= ACB_AUTOLOCK;
 		}
 	}
 
@@ -1097,7 +1120,7 @@ failed:
 
 NTSTATUS winbindd_dual_pam_auth_kerberos(struct winbindd_domain *domain,
 					 struct winbindd_cli_state *state, 
-					 NET_USER_INFO_3 **info3)
+					 struct netr_SamInfo3 **info3)
 {
 	struct winbindd_domain *contact_domain;
 	fstring name_domain, name_user;
@@ -1156,7 +1179,7 @@ done:
 
 NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
 					 struct winbindd_cli_state *state,
-					 NET_USER_INFO_3 **info3)
+					 struct netr_SamInfo3 **info3)
 {
 
 	struct rpc_pipe_client *netlogon_pipe;
@@ -1170,18 +1193,10 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
 	fstring name_domain, name_user;
 	bool retry;
 	NTSTATUS result;
-	NET_USER_INFO_3 *my_info3;
-
-	ZERO_STRUCTP(info3);
+	struct netr_SamInfo3 *my_info3 = NULL;
 
 	*info3 = NULL;
 
-	my_info3 = TALLOC_ZERO_P(state->mem_ctx, NET_USER_INFO_3);
-	if (my_info3 == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-
 	DEBUG(10,("winbindd_dual_pam_auth_samlogon\n"));
 	
 	/* Parse domain and username */
@@ -1289,7 +1304,7 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
 							   chal,
 							   lm_resp,
 							   nt_resp,
-							   my_info3);
+							   &my_info3);
 		attempts += 1;
 
 		/* We have to try a second time as cm_connect_netlogon
@@ -1323,16 +1338,14 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
 	 * caller, we look up the account flags ourselve - gd */
 
 	if ((state->request.flags & WBFLAG_PAM_INFO3_TEXT) && 
-	    (my_info3->acct_flags == 0) && NT_STATUS_IS_OK(result)) {
+	    (my_info3->base.acct_flags == 0) && NT_STATUS_IS_OK(result)) {
 
 		struct rpc_pipe_client *samr_pipe;
 		POLICY_HND samr_domain_handle, user_pol;
-		SAM_USERINFO_CTR *user_ctr;
+		union samr_UserInfo *info = NULL;
 		NTSTATUS status_tmp;
 		uint32 acct_flags;
 
-		ZERO_STRUCT(user_ctr);
-
 		status_tmp = cm_connect_sam(contact_domain, state->mem_ctx, 
 					    &samr_pipe, &samr_domain_handle);
 
@@ -1342,10 +1355,11 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
 			goto done;
 		}
 
-		status_tmp = rpccli_samr_open_user(samr_pipe, state->mem_ctx, 
-						   &samr_domain_handle,
-						   MAXIMUM_ALLOWED_ACCESS,
-						   my_info3->user_rid, &user_pol);
+		status_tmp = rpccli_samr_OpenUser(samr_pipe, state->mem_ctx,
+						  &samr_domain_handle,
+						  MAXIMUM_ALLOWED_ACCESS,
+						  my_info3->base.rid,
+						  &user_pol);
 
 		if (!NT_STATUS_IS_OK(status_tmp)) {
 			DEBUG(3, ("could not open user handle on SAMR pipe: %s\n",
@@ -1353,28 +1367,30 @@ NTSTATUS winbindd_dual_pam_auth_samlogon(struct winbindd_domain *domain,
 			goto done;
 		}
 
-		status_tmp = rpccli_samr_query_userinfo(samr_pipe, state->mem_ctx, 
-							&user_pol, 16, &user_ctr);
+		status_tmp = rpccli_samr_QueryUserInfo(samr_pipe, state->mem_ctx,
+						       &user_pol,
+						       16,
+						       &info);
 
 		if (!NT_STATUS_IS_OK(status_tmp)) {
 			DEBUG(3, ("could not query user info on SAMR pipe: %s\n",
 				nt_errstr(status_tmp)));
-			rpccli_samr_close(samr_pipe, state->mem_ctx, &user_pol);
+			rpccli_samr_Close(samr_pipe, state->mem_ctx, &user_pol);
 			goto done;
 		}
 
-		acct_flags = user_ctr->info.id16->acb_info;
+		acct_flags = info->info16.acct_flags;
 
 		if (acct_flags == 0) {
-			rpccli_samr_close(samr_pipe, state->mem_ctx, &user_pol);
+			rpccli_samr_Close(samr_pipe, state->mem_ctx, &user_pol);
 			goto done;
 		}
 
-		my_info3->acct_flags = acct_flags;
+		my_info3->base.acct_flags = acct_flags;
 
 		DEBUG(10,("successfully retrieved acct_flags 0x%x\n", acct_flags));
 
-		rpccli_samr_close(samr_pipe, state->mem_ctx, &user_pol);
+		rpccli_samr_Close(samr_pipe, state->mem_ctx, &user_pol);
 	}
 
 	*info3 = my_info3;
@@ -1388,8 +1404,8 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain,
 	NTSTATUS result = NT_STATUS_LOGON_FAILURE;
 	NTSTATUS krb5_result = NT_STATUS_OK;	
 	fstring name_domain, name_user;
-	NET_USER_INFO_3 *info3 = NULL;
-	
+	struct netr_SamInfo3 *info3 = NULL;
+
 	/* Ensure null termination */
 	state->request.data.auth.user[sizeof(state->request.data.auth.user)-1]='\0';
 
@@ -1484,7 +1500,7 @@ sam_logon:
 			DEBUG(10,("winbindd_dual_pam_auth_samlogon succeeded\n"));
 			/* add the Krb5 err if we have one */
 			if ( NT_STATUS_EQUAL(krb5_result, NT_STATUS_TIME_DIFFERENCE_AT_DC ) ) {
-				info3->user_flgs |= LOGON_KRB5_FAIL_CLOCK_SKEW;				
+				info3->base.user_flags |= LOGON_KRB5_FAIL_CLOCK_SKEW;
 			}
 			goto process_result;
 		} 
@@ -1544,8 +1560,8 @@ process_result:
 		   the cache entry by storing the seq_num for the wrong
 		   domain). */
 		if ( domain->primary ) {			
-			sid_compose(&user_sid, &info3->dom_sid.sid, 
-				    info3->user_rid);
+			sid_compose(&user_sid, info3->base.domain_sid,
+				    info3->base.rid);
 			cache_name2sid(domain, name_domain, name_user, 
 				       SID_NAME_USER, &user_sid);
 		}
@@ -1710,7 +1726,7 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
 						 struct winbindd_cli_state *state) 
 {
 	NTSTATUS result;
-        NET_USER_INFO_3 info3;
+	struct netr_SamInfo3 *info3 = NULL;
 	struct rpc_pipe_client *netlogon_pipe;
 	const char *name_user = NULL;
 	const char *name_domain = NULL;
@@ -1788,7 +1804,6 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
 	}
 
 	do {
-		ZERO_STRUCT(info3);
 		retry = False;
 
 		netlogon_pipe = NULL;
@@ -1842,12 +1857,12 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
 
 	if (NT_STATUS_IS_OK(result)) {
 
-		netsamlogon_cache_store(name_user, &info3);
-		wcache_invalidate_samlogon(find_domain_from_name(name_domain), &info3);
+		netsamlogon_cache_store(name_user, info3);
+		wcache_invalidate_samlogon(find_domain_from_name(name_domain), info3);
 
 		/* Check if the user is in the right group */
 
-		if (!NT_STATUS_IS_OK(result = check_info3_in_group(state->mem_ctx, &info3,
+		if (!NT_STATUS_IS_OK(result = check_info3_in_group(state->mem_ctx, info3,
 							state->request.data.auth_crap.require_membership_of_sid))) {
 			DEBUG(3, ("User %s is not in the required group (%s), so "
 				  "crap authentication is rejected\n",
@@ -1856,7 +1871,7 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
 			goto done;
 		}
 
-		result = append_data(state, &info3, name_domain, name_user);
+		result = append_data(state, info3, name_domain, name_user);
 		if (!NT_STATUS_IS_OK(result)) {
 			goto done;
 		}
@@ -1938,8 +1953,8 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact
 	POLICY_HND dom_pol;
 	struct rpc_pipe_client *cli;
 	bool got_info = False;
-	SAM_UNK_INFO_1 info;
-	SAMR_CHANGE_REJECT reject;
+	struct samr_DomInfo1 *info = NULL;
+	struct samr_ChangeReject *reject = NULL;
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	fstring domain, user;
 
@@ -1967,24 +1982,29 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact
 		goto done;
 	}
 
-	result = rpccli_samr_chgpasswd3(cli, state->mem_ctx, user, newpass, oldpass, &info, &reject);
+	result = rpccli_samr_chgpasswd3(cli, state->mem_ctx,
+					user,
+					newpass,
+					oldpass,
+					&info,
+					&reject);
 
  	/* Windows 2003 returns NT_STATUS_PASSWORD_RESTRICTION */
 
 	if (NT_STATUS_EQUAL(result, NT_STATUS_PASSWORD_RESTRICTION) ) {
-		state->response.data.auth.policy.min_length_password = 
-			info.min_length_password;
-		state->response.data.auth.policy.password_history = 
-			info.password_history;
-		state->response.data.auth.policy.password_properties = 
-			info.password_properties;
-		state->response.data.auth.policy.expire = 
-			nt_time_to_unix_abs(&info.expire);
-		state->response.data.auth.policy.min_passwordage = 
-			nt_time_to_unix_abs(&info.min_passwordage);
-
-		state->response.data.auth.reject_reason = 
-			reject.reject_reason;
+		state->response.data.auth.policy.min_length_password =
+			info->min_password_length;
+		state->response.data.auth.policy.password_history =
+			info->password_history_length;
+		state->response.data.auth.policy.password_properties =
+			info->password_properties;
+		state->response.data.auth.policy.expire =
+			nt_time_to_unix_abs((NTTIME *)&info->max_password_age);
+		state->response.data.auth.policy.min_passwordage =
+			nt_time_to_unix_abs((NTTIME *)&info->min_password_age);
+
+		state->response.data.auth.reject_reason =
+			reject->reason;
 
 		got_info = True;
 	}
diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c
index 29db8be857..7c1d7bd71b 100644
--- a/source3/winbindd/winbindd_passdb.c
+++ b/source3/winbindd/winbindd_passdb.c
@@ -338,7 +338,7 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
 
 static NTSTATUS lockout_policy(struct winbindd_domain *domain,
 			       TALLOC_CTX *mem_ctx,
-			       SAM_UNK_INFO_12 *policy)
+			       struct samr_DomInfo12 *policy)
 {
 	/* actually we have that */
 	return NT_STATUS_NOT_IMPLEMENTED;
@@ -346,14 +346,14 @@ static NTSTATUS lockout_policy(struct winbindd_domain *domain,
 
 static NTSTATUS password_policy(struct winbindd_domain *domain,
 				TALLOC_CTX *mem_ctx,
-				SAM_UNK_INFO_1 *policy)
+				struct samr_DomInfo1 *policy)
 {
 	uint32 min_pass_len,pass_hist,password_properties;
 	time_t u_expire, u_min_age;
 	NTTIME nt_expire, nt_min_age;
 	uint32 account_policy_temp;
 
-	if ((policy = TALLOC_ZERO_P(mem_ctx, SAM_UNK_INFO_1)) == NULL) {
+	if ((policy = TALLOC_ZERO_P(mem_ctx, struct samr_DomInfo1)) == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
@@ -385,8 +385,12 @@ static NTSTATUS password_policy(struct winbindd_domain *domain,
 	unix_to_nt_time_abs(&nt_expire, u_expire);
 	unix_to_nt_time_abs(&nt_min_age, u_min_age);
 
-	init_unk_info1(policy, (uint16)min_pass_len, (uint16)pass_hist, 
-	               password_properties, nt_expire, nt_min_age);
+	init_samr_DomInfo1(policy,
+			   (uint16)min_pass_len,
+			   (uint16)pass_hist,
+			   password_properties,
+			   nt_expire,
+			   nt_min_age);
 
 	return NT_STATUS_OK;
 }
diff --git a/source3/winbindd/winbindd_reconnect.c b/source3/winbindd/winbindd_reconnect.c
index a1f96a0359..25debccc5a 100644
--- a/source3/winbindd/winbindd_reconnect.c
+++ b/source3/winbindd/winbindd_reconnect.c
@@ -247,7 +247,7 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
 /* find the lockout policy of a domain */
 static NTSTATUS lockout_policy(struct winbindd_domain *domain, 
 			       TALLOC_CTX *mem_ctx,
-			       SAM_UNK_INFO_12 *policy)
+			       struct samr_DomInfo12 *policy)
 {
 	NTSTATUS result;
 
@@ -262,7 +262,7 @@ static NTSTATUS lockout_policy(struct winbindd_domain *domain,
 /* find the password policy of a domain */
 static NTSTATUS password_policy(struct winbindd_domain *domain, 
 				TALLOC_CTX *mem_ctx,
-				SAM_UNK_INFO_1 *policy)
+				struct samr_DomInfo1 *policy)
 {
  	NTSTATUS result;
  
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 34ba0498e0..2a7704c8a5 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -6,6 +6,7 @@
    Copyright (C) Tim Potter 2000-2001,2003
    Copyright (C) Andrew Tridgell 2001
    Copyright (C) Volker Lendecke 2005
+   Copyright (C) Guenther Deschner 2008 (pidl conversion)
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -63,24 +64,26 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
 	do {
 		uint32 num_dom_users, j;
 		uint32 max_entries, max_size;
-		SAM_DISPINFO_CTR ctr;
-		SAM_DISPINFO_1 info1;
+		uint32_t total_size, returned_size;
 
-		ZERO_STRUCT( ctr );
-		ZERO_STRUCT( info1 );
-		ctr.sam.info1 = &info1;
+		union samr_DispInfo disp_info;
 
 		/* this next bit is copied from net_user_list_internal() */
 
 		get_query_dispinfo_params(loop_count, &max_entries,
 					  &max_size);
 
-		result = rpccli_samr_query_dispinfo(cli, mem_ctx, &dom_pol,
-						    &start_idx, 1,
-						    &num_dom_users,
-						    max_entries, max_size,
-						    &ctr);
-
+		result = rpccli_samr_QueryDisplayInfo(cli, mem_ctx,
+						      &dom_pol,
+						      1,
+						      start_idx,
+						      max_entries,
+						      max_size,
+						      &total_size,
+						      &returned_size,
+						      &disp_info);
+		num_dom_users = disp_info.info1.count;
+		start_idx += disp_info.info1.count;
 		loop_count++;
 
 		*num_entries += num_dom_users;
@@ -93,14 +96,13 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
 		}
 
 		for (j = 0; j < num_dom_users; i++, j++) {
-			fstring username, fullname;
-			uint32 rid = ctr.sam.info1->sam[j].rid_user;
-			
-			unistr2_to_ascii( username, &(&ctr.sam.info1->str[j])->uni_acct_name, sizeof(username));
-			unistr2_to_ascii( fullname, &(&ctr.sam.info1->str[j])->uni_full_name, sizeof(fullname));
-			
-			(*info)[i].acct_name = talloc_strdup(mem_ctx, username );
-			(*info)[i].full_name = talloc_strdup(mem_ctx, fullname );
+
+			uint32_t rid = disp_info.info1.entries[j].rid;
+
+			(*info)[i].acct_name = talloc_strdup(mem_ctx,
+				disp_info.info1.entries[j].account_name.string);
+			(*info)[i].full_name = talloc_strdup(mem_ctx,
+				disp_info.info1.entries[j].full_name.string);
 			(*info)[i].homedir = NULL;
 			(*info)[i].shell = NULL;
 			sid_compose(&(*info)[i].user_sid, &domain->sid, rid);
@@ -149,19 +151,22 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
 		return status;
 
 	do {
-		struct acct_info *info2 = NULL;
+		struct samr_SamArray *sam_array = NULL;
 		uint32 count = 0;
 		TALLOC_CTX *mem_ctx2;
+		int g;
 
 		mem_ctx2 = talloc_init("enum_dom_groups[rpc]");
 
 		/* start is updated by this call. */
-		status = rpccli_samr_enum_dom_groups(cli, mem_ctx2, &dom_pol,
-						     &start,
-						     0xFFFF, /* buffer size? */
-						     &info2, &count);
+		status = rpccli_samr_EnumDomainGroups(cli, mem_ctx2,
+						      &dom_pol,
+						      &start,
+						      &sam_array,
+						      0xFFFF, /* buffer size? */
+						      &count);
 
-		if (!NT_STATUS_IS_OK(status) && 
+		if (!NT_STATUS_IS_OK(status) &&
 		    !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
 			talloc_destroy(mem_ctx2);
 			break;
@@ -175,7 +180,13 @@ static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
 			return NT_STATUS_NO_MEMORY;
 		}
 
-		memcpy(&(*info)[*num_entries], info2, count*sizeof(*info2));
+		for (g=0; g < count; g++) {
+
+			fstrcpy((*info)[*num_entries + g].acct_name,
+				sam_array->entries[g].name.string);
+			(*info)[*num_entries + g].rid = sam_array->entries[g].idx;
+		}
+
 		(*num_entries) += count;
 		talloc_destroy(mem_ctx2);
 	} while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES));
@@ -210,18 +221,21 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
 		return result;
 
 	do {
-		struct acct_info *info2 = NULL;
+		struct samr_SamArray *sam_array = NULL;
 		uint32 count = 0, start = *num_entries;
 		TALLOC_CTX *mem_ctx2;
+		int g;
 
 		mem_ctx2 = talloc_init("enum_dom_local_groups[rpc]");
 
-		result = rpccli_samr_enum_als_groups( cli, mem_ctx2, &dom_pol,
-						      &start, 0xFFFF, &info2,
-						      &count);
-					  
+		result = rpccli_samr_EnumDomainAliases(cli, mem_ctx2,
+						       &dom_pol,
+						       &start,
+						       &sam_array,
+						       0xFFFF, /* buffer size? */
+						       &count);
 		if (!NT_STATUS_IS_OK(result) &&
-		    !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES) ) 
+		    !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES) )
 		{
 			talloc_destroy(mem_ctx2);
 			return result;
@@ -235,7 +249,13 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
 			return NT_STATUS_NO_MEMORY;
 		}
 
-		memcpy(&(*info)[*num_entries], info2, count*sizeof(*info2));
+		for (g=0; g < count; g++) {
+
+			fstrcpy((*info)[*num_entries + g].acct_name,
+				sam_array->entries[g].name.string);
+			(*info)[*num_entries + g].rid = sam_array->entries[g].idx;
+		}
+
 		(*num_entries) += count;
 		talloc_destroy(mem_ctx2);
 
@@ -408,9 +428,9 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	POLICY_HND dom_pol, user_pol;
-	SAM_USERINFO_CTR *ctr;
+	union samr_UserInfo *info = NULL;
 	uint32 user_rid;
-	NET_USER_INFO_3 *user;
+	struct netr_SamInfo3 *user;
 	struct rpc_pipe_client *cli;
 
 	DEBUG(3,("rpc: query_user sid=%s\n", sid_string_dbg(user_sid)));
@@ -430,14 +450,14 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
 		DEBUG(5,("query_user: Cache lookup succeeded for %s\n", 
 			sid_string_dbg(user_sid)));
 
-		sid_compose(&user_info->user_sid, &domain->sid, user->user_rid);
+		sid_compose(&user_info->user_sid, &domain->sid, user->base.rid);
 		sid_compose(&user_info->group_sid, &domain->sid,
-			    user->group_rid);
+			    user->base.primary_gid);
 				
-		user_info->acct_name = unistr2_to_ascii_talloc(mem_ctx,
-						    &user->uni_user_name);
-		user_info->full_name = unistr2_to_ascii_talloc(mem_ctx,
-						    &user->uni_full_name);
+		user_info->acct_name = talloc_strdup(mem_ctx,
+						     user->base.account_name.string);
+		user_info->full_name = talloc_strdup(mem_ctx,
+						     user->base.full_name.string);
 		
 		TALLOC_FREE(user);
 						
@@ -469,29 +489,33 @@ static NTSTATUS query_user(struct winbindd_domain *domain,
 		return result;
 
 	/* Get user handle */
-	result = rpccli_samr_open_user(cli, mem_ctx, &dom_pol,
-				       SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid,
-				       &user_pol);
+	result = rpccli_samr_OpenUser(cli, mem_ctx,
+				      &dom_pol,
+				      SEC_RIGHTS_MAXIMUM_ALLOWED,
+				      user_rid,
+				      &user_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		return result;
 
 	/* Get user info */
-	result = rpccli_samr_query_userinfo(cli, mem_ctx, &user_pol,
-					    0x15, &ctr);
+	result = rpccli_samr_QueryUserInfo(cli, mem_ctx,
+					   &user_pol,
+					   0x15,
+					   &info);
 
-	rpccli_samr_close(cli, mem_ctx, &user_pol);
+	rpccli_samr_Close(cli, mem_ctx, &user_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		return result;
 
 	sid_compose(&user_info->user_sid, &domain->sid, user_rid);
 	sid_compose(&user_info->group_sid, &domain->sid,
-		    ctr->info.id21->group_rid);
-	user_info->acct_name = unistr2_to_ascii_talloc(mem_ctx, 
-					    &ctr->info.id21->uni_user_name);
-	user_info->full_name = unistr2_to_ascii_talloc(mem_ctx, 
-					    &ctr->info.id21->uni_full_name);
+		    info->info21.primary_gid);
+	user_info->acct_name = talloc_strdup(mem_ctx,
+					     info->info21.account_name.string);
+	user_info->full_name = talloc_strdup(mem_ctx,
+					     info->info21.full_name.string);
 	user_info->homedir = NULL;
 	user_info->shell = NULL;
 	user_info->primary_gid = (gid_t)-1;
@@ -508,7 +532,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	POLICY_HND dom_pol, user_pol;
 	uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
-	DOM_GID *user_groups;
+	struct samr_RidWithAttributeArray *rid_array = NULL;
 	unsigned int i;
 	uint32 user_rid;
 	struct rpc_pipe_client *cli;
@@ -545,17 +569,22 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 		return result;
 
 	/* Get user handle */
-	result = rpccli_samr_open_user(cli, mem_ctx, &dom_pol,
-					des_access, user_rid, &user_pol);
+	result = rpccli_samr_OpenUser(cli, mem_ctx,
+				      &dom_pol,
+				      des_access,
+				      user_rid,
+				      &user_pol);
 
 	if (!NT_STATUS_IS_OK(result))
 		return result;
 
 	/* Query user rids */
-	result = rpccli_samr_query_usergroups(cli, mem_ctx, &user_pol, 
-					   num_groups, &user_groups);
+	result = rpccli_samr_GetGroupsForUser(cli, mem_ctx,
+					      &user_pol,
+					      &rid_array);
+	*num_groups = rid_array->count;
 
-	rpccli_samr_close(cli, mem_ctx, &user_pol);
+	rpccli_samr_Close(cli, mem_ctx, &user_pol);
 
 	if (!NT_STATUS_IS_OK(result) || (*num_groups) == 0)
 		return result;
@@ -567,9 +596,9 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 	for (i=0;i<(*num_groups);i++) {
 		sid_copy(&((*user_grpsids)[i]), &domain->sid);
 		sid_append_rid(&((*user_grpsids)[i]),
-				user_groups[i].g_rid);
+				rid_array->rids[i].rid);
 	}
-	
+
 	return NT_STATUS_OK;
 }
 
@@ -580,11 +609,10 @@ NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain,
 {
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	POLICY_HND dom_pol;
-	DOM_SID2 *query_sids;
 	uint32 num_query_sids = 0;
 	int i;
 	struct rpc_pipe_client *cli;
-	uint32 *alias_rids_query, num_aliases_query;
+	struct samr_Ids alias_rids_query;
 	int rangesize = MAX_SAM_ENTRIES_W2K;
 	uint32 total_sids = 0;
 	int num_queries = 1;
@@ -606,6 +634,9 @@ NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain,
 
 	do {
 		/* prepare query */
+		struct lsa_SidArray sid_array;
+
+		ZERO_STRUCT(sid_array);
 
 		num_query_sids = MIN(num_sids - total_sids, rangesize);
 
@@ -613,45 +644,48 @@ NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain,
 			num_queries, num_query_sids));	
 
 		if (num_query_sids) {
-			query_sids = TALLOC_ARRAY(mem_ctx, DOM_SID2, num_query_sids);
-			if (query_sids == NULL) {
+			sid_array.sids = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_SidPtr, num_query_sids);
+			if (sid_array.sids == NULL) {
 				return NT_STATUS_NO_MEMORY;
 			}
 		} else {
-			query_sids = NULL;
+			sid_array.sids = NULL;
 		}
 
 		for (i=0; i<num_query_sids; i++) {
-			sid_copy(&query_sids[i].sid, &sids[total_sids++]);
-			query_sids[i].num_auths = query_sids[i].sid.num_auths;
+			sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sids[total_sids++]);
+			if (!sid_array.sids[i].sid) {
+				TALLOC_FREE(sid_array.sids);
+				return NT_STATUS_NO_MEMORY;
+			}
 		}
+		sid_array.num_sids = num_query_sids;
 
 		/* do request */
-
-		result = rpccli_samr_query_useraliases(cli, mem_ctx, &dom_pol,
-						       num_query_sids, query_sids,
-						       &num_aliases_query, 
-						       &alias_rids_query);
+		result = rpccli_samr_GetAliasMembership(cli, mem_ctx,
+							&dom_pol,
+							&sid_array,
+							&alias_rids_query);
 
 		if (!NT_STATUS_IS_OK(result)) {
 			*num_aliases = 0;
 			*alias_rids = NULL;
-			TALLOC_FREE(query_sids);
+			TALLOC_FREE(sid_array.sids);
 			goto done;
 		}
 
 		/* process output */
 
-		for (i=0; i<num_aliases_query; i++) {
+		for (i=0; i<alias_rids_query.count; i++) {
 			size_t na = *num_aliases;
-			if (!add_rid_to_array_unique(mem_ctx, alias_rids_query[i], 
+			if (!add_rid_to_array_unique(mem_ctx, alias_rids_query.ids[i],
 						alias_rids, &na)) {
 				return NT_STATUS_NO_MEMORY;
 			}
 			*num_aliases = na;
 		}
 
-		TALLOC_FREE(query_sids);
+		TALLOC_FREE(sid_array.sids);
 
 		num_queries++;
 
@@ -678,9 +712,10 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
         uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
 	uint32 *rid_mem = NULL;
 	uint32 group_rid;
-	unsigned int j;
+	unsigned int j, r;
 	struct rpc_pipe_client *cli;
 	unsigned int orig_timeout;
+	struct samr_RidTypeArray *rids = NULL;
 
 	DEBUG(10,("rpc: lookup_groupmem %s sid=%s\n", domain->name,
 		  sid_string_dbg(group_sid)));
@@ -700,8 +735,11 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
 	if (!NT_STATUS_IS_OK(result))
 		return result;
 
-        result = rpccli_samr_open_group(cli, mem_ctx, &dom_pol,
-					des_access, group_rid, &group_pol);
+        result = rpccli_samr_OpenGroup(cli, mem_ctx,
+				       &dom_pol,
+				       des_access,
+				       group_rid,
+				       &group_pol);
 
         if (!NT_STATUS_IS_OK(result))
 		return result;
@@ -714,18 +752,21 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
 
 	orig_timeout = cli_set_timeout(cli->cli, 35000);
 
-        result = rpccli_samr_query_groupmem(cli, mem_ctx,
-					    &group_pol, num_names, &rid_mem,
-					    name_types);
+        result = rpccli_samr_QueryGroupMember(cli, mem_ctx,
+					      &group_pol,
+					      &rids);
 
 	/* And restore our original timeout. */
 	cli_set_timeout(cli->cli, orig_timeout);
 
-	rpccli_samr_close(cli, mem_ctx, &group_pol);
+	rpccli_samr_Close(cli, mem_ctx, &group_pol);
 
         if (!NT_STATUS_IS_OK(result))
 		return result;
 
+	*num_names = rids->count;
+	rid_mem = rids->rids;
+
 	if (!*num_names) {
 		names = NULL;
 		name_types = NULL;
@@ -750,38 +791,40 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
 	if (*num_names>0 && (!*names || !*name_types))
 		return NT_STATUS_NO_MEMORY;
 
-        for (i = 0; i < *num_names; i += MAX_LOOKUP_RIDS) {
-                int num_lookup_rids = MIN(*num_names - i, MAX_LOOKUP_RIDS);
-                uint32 tmp_num_names = 0;
-                char **tmp_names = NULL;
-                uint32 *tmp_types = NULL;
+	for (i = 0; i < *num_names; i += MAX_LOOKUP_RIDS) {
+		int num_lookup_rids = MIN(*num_names - i, MAX_LOOKUP_RIDS);
+		struct lsa_Strings tmp_names;
+		struct samr_Ids tmp_types;
 
-                /* Lookup a chunk of rids */
+		/* Lookup a chunk of rids */
 
-                result = rpccli_samr_lookup_rids(cli, mem_ctx,
-						 &dom_pol,
-						 num_lookup_rids,
-						 &rid_mem[i],
-						 &tmp_num_names,
-						 &tmp_names, &tmp_types);
+		result = rpccli_samr_LookupRids(cli, mem_ctx,
+						&dom_pol,
+						num_lookup_rids,
+						&rid_mem[i],
+						&tmp_names,
+						&tmp_types);
 
 		/* see if we have a real error (and yes the
 		   STATUS_SOME_UNMAPPED is the one returned from 2k) */
-		
+
                 if (!NT_STATUS_IS_OK(result) &&
 		    !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED))
 			return result;
-			
-                /* Copy result into array.  The talloc system will take
-                   care of freeing the temporary arrays later on. */
 
-                memcpy(&(*names)[i], tmp_names, sizeof(char *) * 
-                       tmp_num_names);
+		/* Copy result into array.  The talloc system will take
+		   care of freeing the temporary arrays later on. */
 
-                memcpy(&(*name_types)[i], tmp_types, sizeof(uint32) *
-                       tmp_num_names);
-		
-                total_names += tmp_num_names;
+		if (tmp_names.count != tmp_types.count) {
+			return NT_STATUS_UNSUCCESSFUL;
+		}
+
+		for (r=0; r<tmp_names.count; r++) {
+			(*names)[i+r] = CONST_DISCARD(char *, tmp_names.names[r].string);
+			(*name_types)[i+r] = tmp_types.ids[r];
+		}
+
+		total_names += tmp_names.count;
         }
 
         *num_names = total_names;
@@ -867,7 +910,7 @@ static int get_ldap_sequence_number(struct winbindd_domain *domain, uint32 *seq)
 static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
 {
 	TALLOC_CTX *mem_ctx;
-	SAM_UNK_CTR ctr;
+	union samr_DomainInfo *info = NULL;
 	NTSTATUS result;
 	POLICY_HND dom_pol;
 	bool got_seq_num = False;
@@ -918,21 +961,27 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
 
 	/* Query domain info */
 
-	result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 8, &ctr);
+	result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+					     &dom_pol,
+					     8,
+					     &info);
 
 	if (NT_STATUS_IS_OK(result)) {
-		*seq = ctr.info.inf8.seq_num;
+		*seq = info->info8.sequence_num;
 		got_seq_num = True;
 		goto seq_num;
 	}
 
 	/* retry with info-level 2 in case the dc does not support info-level 8
-	 * (like all older samba2 and samba3 dc's - Guenther */
+	 * (like all older samba2 and samba3 dc's) - Guenther */
+
+	result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+					     &dom_pol,
+					     2,
+					     &info);
 
-	result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 2, &ctr);
-	
 	if (NT_STATUS_IS_OK(result)) {
-		*seq = ctr.info.inf2.seq_num;
+		*seq = info->info2.sequence_num;
 		got_seq_num = True;
 	}
 
@@ -980,22 +1029,22 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
 	result = STATUS_MORE_ENTRIES;
 
 	while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
-		uint32 start_idx, num;
-		char **tmp_names;
-		DOM_SID *tmp_sids;
+		uint32 start_idx;
 		int i;
+		struct lsa_DomainList dom_list;
 
-		result = rpccli_lsa_enum_trust_dom(cli, mem_ctx,
-						   &lsa_policy, &enum_ctx,
-						   &num, &tmp_names,
-						   &tmp_sids);
+		result = rpccli_lsa_EnumTrustDom(cli, mem_ctx,
+						 &lsa_policy,
+						 &enum_ctx,
+						 &dom_list,
+						 (uint32_t)-1);
 
 		if (!NT_STATUS_IS_OK(result) &&
 		    !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES))
 			break;
 
 		start_idx = *num_domains;
-		*num_domains += num;
+		*num_domains += dom_list.count;
 		*names = TALLOC_REALLOC_ARRAY(mem_ctx, *names,
 					      char *, *num_domains);
 		*dom_sids = TALLOC_REALLOC_ARRAY(mem_ctx, *dom_sids,
@@ -1006,9 +1055,9 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
 		    (*alt_names == NULL))
 			return NT_STATUS_NO_MEMORY;
 
-		for (i=0; i<num; i++) {
-			(*names)[start_idx+i] = tmp_names[i];
-			(*dom_sids)[start_idx+i] = tmp_sids[i];
+		for (i=0; i<dom_list.count; i++) {
+			(*names)[start_idx+i] = CONST_DISCARD(char *, dom_list.domains[i].name.string);
+			(*dom_sids)[start_idx+i] = *dom_list.domains[i].sid;
 			(*alt_names)[start_idx+i] = talloc_strdup(mem_ctx, "");
 		}
 	}
@@ -1016,14 +1065,14 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain,
 }
 
 /* find the lockout policy for a domain */
-NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain, 
+NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
 			      TALLOC_CTX *mem_ctx,
-			      SAM_UNK_INFO_12 *lockout_policy)
+			      struct samr_DomInfo12 *lockout_policy)
 {
 	NTSTATUS result;
 	struct rpc_pipe_client *cli;
 	POLICY_HND dom_pol;
-	SAM_UNK_CTR ctr;
+	union samr_DomainInfo *info = NULL;
 
 	DEBUG(10,("rpc: fetch lockout policy for %s\n", domain->name));
 
@@ -1038,15 +1087,18 @@ NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
 		goto done;
 	}
 
-	result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 12, &ctr);
+	result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+					     &dom_pol,
+					     12,
+					     &info);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
-	*lockout_policy = ctr.info.inf12;
+	*lockout_policy = info->info12;
 
-	DEBUG(10,("msrpc_lockout_policy: bad_attempt_lockout %d\n", 
-		ctr.info.inf12.bad_attempt_lockout));
+	DEBUG(10,("msrpc_lockout_policy: lockout_threshold %d\n",
+		info->info12.lockout_threshold));
 
   done:
 
@@ -1054,14 +1106,14 @@ NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain,
 }
 
 /* find the password policy for a domain */
-NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, 
+NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,
 			       TALLOC_CTX *mem_ctx,
-			       SAM_UNK_INFO_1 *password_policy)
+			       struct samr_DomInfo1 *password_policy)
 {
 	NTSTATUS result;
 	struct rpc_pipe_client *cli;
 	POLICY_HND dom_pol;
-	SAM_UNK_CTR ctr;
+	union samr_DomainInfo *info = NULL;
 
 	DEBUG(10,("rpc: fetch password policy for %s\n", domain->name));
 
@@ -1076,15 +1128,18 @@ NTSTATUS msrpc_password_policy(struct winbindd_domain *domain,
 		goto done;
 	}
 
-	result = rpccli_samr_query_dom_info(cli, mem_ctx, &dom_pol, 1, &ctr);
+	result = rpccli_samr_QueryDomainInfo(cli, mem_ctx,
+					     &dom_pol,
+					     1,
+					     &info);
 	if (!NT_STATUS_IS_OK(result)) {
 		goto done;
 	}
 
-	*password_policy = ctr.info.inf1;
+	*password_policy = info->info1;
 
-	DEBUG(10,("msrpc_password_policy: min_length_password %d\n", 
-		ctr.info.inf1.min_length_password));
+	DEBUG(10,("msrpc_password_policy: min_length_password %d\n",
+		info->info1.min_password_length));
 
   done:
 
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index dc48fdef8b..038bafbe4e 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -41,7 +41,7 @@ extern struct winbindd_methods passdb_methods;
    individual winbindd_domain structures cannot be made.  Keep a copy of
    the domain name instead. */
 
-static struct winbindd_domain *_domain_list;
+static struct winbindd_domain *_domain_list = NULL;
 
 /**
    When was the last scan of trusted domains done?
@@ -82,9 +82,6 @@ static bool is_internal_domain(const DOM_SID *sid)
 	if (sid == NULL)
 		return False;
 
-	if ( IS_DC )
-		return sid_check_is_builtin(sid);
-
 	return (sid_check_is_domain(sid) || sid_check_is_builtin(sid));
 }
 
@@ -93,9 +90,6 @@ static bool is_in_internal_domain(const DOM_SID *sid)
 	if (sid == NULL)
 		return False;
 
-	if ( IS_DC )
-		return sid_check_is_in_builtin(sid);
-
 	return (sid_check_is_in_our_domain(sid) || sid_check_is_in_builtin(sid));
 }
 
@@ -218,7 +212,7 @@ static void add_trusted_domains( struct winbindd_domain *domain )
 	TALLOC_CTX *mem_ctx;
 	struct winbindd_request *request;
 	struct winbindd_response *response;
-	uint32 fr_flags = (DS_DOMAIN_TREE_ROOT|DS_DOMAIN_IN_FOREST);	
+	uint32 fr_flags = (NETR_TRUST_FLAG_TREEROOT|NETR_TRUST_FLAG_IN_FOREST);
 
 	struct trustdom_state *state;
 
@@ -391,8 +385,8 @@ static void rescan_forest_root_trusts( void )
 		   the domain_list() as our primary domain may not 
 		   have been initialized. */
 
-		if ( !(dom_list[i].trust_flags & DS_DOMAIN_TREE_ROOT) )	{
-			continue;			
+		if ( !(dom_list[i].trust_flags & NETR_TRUST_FLAG_TREEROOT) ) {
+			continue;
 		}
 	
 		/* Here's the forest root */
@@ -456,10 +450,10 @@ static void rescan_forest_trusts( void )
 
 		if ( d && (d->internal || d->primary ) )
 			continue;		
-		
-		if ( (flags & DS_DOMAIN_DIRECT_INBOUND) &&
-		     (type == DS_DOMAIN_TRUST_TYPE_UPLEVEL) &&
-		     (attribs == DS_DOMAIN_TRUST_ATTRIB_FOREST_TRANSITIVE) )
+
+		if ( (flags & NETR_TRUST_FLAG_INBOUND) &&
+		     (type == NETR_TRUST_TYPE_UPLEVEL) &&
+		     (attribs == NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE) )
 		{
 			/* add the trusted domain if we don't know
 			   about it */
@@ -571,7 +565,7 @@ enum winbindd_result init_child_connection(struct winbindd_domain *domain,
 		/* The primary domain has to find the DC name itself */
 		request->cmd = WINBINDD_INIT_CONNECTION;
 		fstrcpy(request->domain_name, domain->name);
-		request->data.init_conn.is_primary = domain->internal ? False : True;
+		request->data.init_conn.is_primary = domain->primary ? true : false;
 		fstrcpy(request->data.init_conn.dcname, "");
 		async_request(mem_ctx, &domain->child, request, response,
 			      init_child_recv, state);
@@ -770,8 +764,8 @@ void check_domain_trusted( const char *name, const DOM_SID *user_sid )
 	   forest trust */
 
 	domain->active_directory = True;
-	domain->domain_flags = DS_DOMAIN_DIRECT_OUTBOUND;
-	domain->domain_type  = DS_DOMAIN_TRUST_TYPE_UPLEVEL;
+	domain->domain_flags = NETR_TRUST_FLAG_OUTBOUND;
+	domain->domain_type  = NETR_TRUST_TYPE_UPLEVEL;
 	domain->internal = False;
 	domain->online = True;	
 
@@ -1278,7 +1272,7 @@ NTSTATUS lookup_usergroups_cached(struct winbindd_domain *domain,
 				  const DOM_SID *user_sid,
 				  uint32 *p_num_groups, DOM_SID **user_sids)
 {
-	NET_USER_INFO_3 *info3 = NULL;
+	struct netr_SamInfo3 *info3 = NULL;
 	NTSTATUS status = NT_STATUS_NO_MEMORY;
 	int i;
 	size_t num_groups = 0;
@@ -1296,13 +1290,13 @@ NTSTATUS lookup_usergroups_cached(struct winbindd_domain *domain,
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 	}
 
-	if (info3->num_groups == 0) {
+	if (info3->base.groups.count == 0) {
 		TALLOC_FREE(info3);
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 	
 	/* always add the primary group to the sid array */
-	sid_compose(&primary_group, &info3->dom_sid.sid, info3->user_rid);
+	sid_compose(&primary_group, info3->base.domain_sid, info3->base.rid);
 	
 	status = add_sid_to_array(mem_ctx, &primary_group, user_sids,
 				  &num_groups);
@@ -1311,9 +1305,9 @@ NTSTATUS lookup_usergroups_cached(struct winbindd_domain *domain,
 		return status;
 	}
 
-	for (i=0; i<info3->num_groups; i++) {
-		sid_copy(&group_sid, &info3->dom_sid.sid);
-		sid_append_rid(&group_sid, info3->gids[i].g_rid);
+	for (i=0; i < info3->base.groups.count; i++) {
+		sid_copy(&group_sid, info3->base.domain_sid);
+		sid_append_rid(&group_sid, info3->base.groups.rids[i].rid);
 
 		status = add_sid_to_array(mem_ctx, &group_sid, user_sids,
 					  &num_groups);
@@ -1325,13 +1319,13 @@ NTSTATUS lookup_usergroups_cached(struct winbindd_domain *domain,
 
 	/* Add any Universal groups in the other_sids list */
 
-	for (i=0; i<info3->num_other_sids; i++) {
+	for (i=0; i < info3->sidcount; i++) {
 		/* Skip Domain local groups outside our domain.
 		   We'll get these from the getsidaliases() RPC call. */
-		if (info3->other_sids_attrib[i] & SE_GROUP_RESOURCE)
+		if (info3->sids[i].attributes & SE_GROUP_RESOURCE)
 			continue;
 
-		status = add_sid_to_array(mem_ctx, &info3->other_sids[i].sid,
+		status = add_sid_to_array(mem_ctx, info3->sids[i].sid,
 					  user_sids, &num_groups);
 		if (!NT_STATUS_IS_OK(status)) {
 			TALLOC_FREE(info3);
@@ -1386,31 +1380,56 @@ void ws_name_return( char *name, char replace )
 /*********************************************************************
  ********************************************************************/
 
-bool winbindd_can_contact_domain( struct winbindd_domain *domain )
+bool winbindd_can_contact_domain(struct winbindd_domain *domain)
 {
+	struct winbindd_tdc_domain *tdc = NULL;
+	TALLOC_CTX *frame = talloc_stackframe();
+	bool ret = false;
+
 	/* We can contact the domain if it is our primary domain */
 
-	if ( domain->primary )
-		return True;
+	if (domain->primary) {
+		return true;
+	}
 
-	/* Can always contact a domain that is in out forest */
+	/* Trust the TDC cache and not the winbindd_domain flags */
 
-	if ( domain->domain_flags & DS_DOMAIN_IN_FOREST )
-		return True;	
+	if ((tdc = wcache_tdc_fetch_domain(frame, domain->name)) == NULL) {
+		DEBUG(10,("winbindd_can_contact_domain: %s not found in cache\n",
+			  domain->name));
+		return false;
+	}
 
-	/* We cannot contact the domain if it is running AD and
-	   we have no inbound trust */
+	/* Can always contact a domain that is in out forest */
 
-	if ( domain->active_directory && 
-	     ((domain->domain_flags&DS_DOMAIN_DIRECT_INBOUND) != DS_DOMAIN_DIRECT_INBOUND) ) 
-	{
-		return False;
+	if (tdc->trust_flags & NETR_TRUST_FLAG_IN_FOREST) {
+		ret = true;
+		goto done;
 	}
 	
+	/*
+	 * On a _member_ server, we cannot contact the domain if it
+	 * is running AD and we have no inbound trust.
+	 */
+
+	if (!IS_DC && 
+	     domain->active_directory &&
+	    ((tdc->trust_flags & NETR_TRUST_FLAG_INBOUND) != NETR_TRUST_FLAG_INBOUND))
+	{
+		DEBUG(10, ("winbindd_can_contact_domain: %s is an AD domain "
+			   "and we have no inbound trust.\n", domain->name));
+		goto done;
+	}
+
 	/* Assume everything else is ok (probably not true but what
 	   can you do?) */
+
+	ret = true;	
+
+done:	
+	talloc_destroy(frame);
 	
-	return True;	
+	return ret;	
 }
 
 /*********************************************************************