Merge branch 'master' of ssh://git.samba.org/data/git/samba into selftest

Conflicts:
	selftest/selftest.pl

27 files changed, 432 insertions, 706 deletions

diff --git a/source3/lib/async_sock.c b/source3/lib/async_sock.c
index 1a4c27ba20..ffba6de832 100644
--- a/source3/lib/async_sock.c
+++ b/source3/lib/async_sock.c
@@ -658,12 +658,13 @@ struct async_req *async_connect(TALLOC_CTX *mem_ctx, struct event_context *ev,
 
 	state->fde = event_add_fd(ev, state, fd,
 				  EVENT_FD_READ | EVENT_FD_WRITE,
-				  async_connect_callback, state);
+				  async_connect_callback, result);
 	if (state->fde == NULL) {
 		sys_fcntl_long(fd, F_SETFL, p->old_sockflags);
 		TALLOC_FREE(result);
 		return NULL;
 	}
+	result->private_data = state;
 
 	state->param.param_connect.fd = fd;
 	state->param.param_connect.address = address;
diff --git a/source3/lib/crc32.c b/source3/lib/crc32.c
deleted file mode 100644
index a4ae90c469..0000000000
--- a/source3/lib/crc32.c
+++ /dev/null
@@ -1,103 +0,0 @@
-/*-
- *  COPYRIGHT (C) 1986 Gary S. Brown.  You may use this program, or
- *  code or tables extracted from it, as desired without restriction.
- *
- *  First, the polynomial itself and its table of feedback terms.  The
- *  polynomial is
- *  X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0
- *
- *  Note that we take it "backwards" and put the highest-order term in
- *  the lowest-order bit.  The X^32 term is "implied"; the LSB is the
- *  X^31 term, etc.  The X^0 term (usually shown as "+1") results in
- *  the MSB being 1
- *
- *  Note that the usual hardware shift register implementation, which
- *  is what we're using (we're merely optimizing it by doing eight-bit
- *  chunks at a time) shifts bits into the lowest-order term.  In our
- *  implementation, that means shifting towards the right.  Why do we
- *  do it this way?  Because the calculated CRC must be transmitted in
- *  order from highest-order term to lowest-order term.  UARTs transmit
- *  characters in order from LSB to MSB.  By storing the CRC this way
- *  we hand it to the UART in the order low-byte to high-byte; the UART
- *  sends each low-bit to hight-bit; and the result is transmission bit
- *  by bit from highest- to lowest-order term without requiring any bit
- *  shuffling on our part.  Reception works similarly
- *
- *  The feedback terms table consists of 256, 32-bit entries.  Notes
- *
- *      The table can be generated at runtime if desired; code to do so
- *      is shown later.  It might not be obvious, but the feedback
- *      terms simply represent the results of eight shift/xor opera
- *      tions for all combinations of data and CRC register values
- *
- *      The values must be right-shifted by eight bits by the "updcrc
- *      logic; the shift must be unsigned (bring in zeroes).  On some
- *      hardware you could probably optimize the shift in assembler by
- *      using byte-swap instructions
- *      polynomial $edb88320
- *
- *
- * CRC32 code derived from work by Gary S. Brown.
- */
-
-#include "includes.h"
-
-static const uint32 crc32_tab[] = {
-	0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,
-	0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
-	0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,
-	0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
-	0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
-	0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
-	0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c,
-	0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
-	0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423,
-	0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
-	0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106,
-	0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
-	0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d,
-	0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
-	0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
-	0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
-	0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7,
-	0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
-	0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa,
-	0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
-	0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81,
-	0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
-	0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84,
-	0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
-	0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
-	0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
-	0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e,
-	0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
-	0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55,
-	0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
-	0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28,
-	0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
-	0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f,
-	0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
-	0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
-	0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
-	0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,
-	0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
-	0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc,
-	0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
-	0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693,
-	0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
-	0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d
-};
-
-uint32 crc32_calc_buffer(const char *buf, size_t size)
-{
-	const unsigned char *p;
-	uint32 crc;
-
-	p = (const unsigned char *)buf;
-	crc = ~0U;
-
-	while (size--)
-		crc = crc32_tab[(crc ^ *p++) & 0xFF] ^ (crc >> 8);
-
-	return crc ^ ~0U;
-}
diff --git a/source3/lib/ctdbd_conn.c b/source3/lib/ctdbd_conn.c
index 1ae23bcf82..5075476e94 100644
--- a/source3/lib/ctdbd_conn.c
+++ b/source3/lib/ctdbd_conn.c
@@ -260,7 +260,7 @@ static struct messaging_rec *ctdb_pull_messaging_rec(TALLOC_CTX *mem_ctx,
 	blob = data_blob_const(msg->data, msg->datalen);
 
 	ndr_err = ndr_pull_struct_blob(
-		&blob, result, result,
+		&blob, result, NULL, result,
 		(ndr_pull_flags_fn_t)ndr_pull_messaging_rec);
 
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -636,7 +636,7 @@ NTSTATUS ctdbd_messaging_send(struct ctdbd_connection *conn,
 	}
 
 	ndr_err = ndr_push_struct_blob(
-		&blob, mem_ctx, msg,
+		&blob, mem_ctx, NULL, msg,
 		(ndr_push_flags_fn_t)ndr_push_messaging_rec);
 
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
diff --git a/source3/lib/dbwrap_ctdb.c b/source3/lib/dbwrap_ctdb.c
index 63a5ce4de6..2818634b14 100644
--- a/source3/lib/dbwrap_ctdb.c
+++ b/source3/lib/dbwrap_ctdb.c
@@ -405,8 +405,9 @@ static struct db_record *db_ctdb_fetch_locked_transaction(struct db_ctdb_ctx *ct
 	return result;
 }
 
-static int db_ctdb_record_destructor(struct db_record *rec)
+static int db_ctdb_record_destructor(struct db_record **recp)
 {
+	struct db_record *rec = talloc_get_type_abort(*recp, struct db_record);
 	struct db_ctdb_transaction_handle *h = talloc_get_type_abort(
 		rec->private_data, struct db_ctdb_transaction_handle);
 	int ret = h->ctx->db->transaction_commit(h->ctx->db);
@@ -424,7 +425,7 @@ static struct db_record *db_ctdb_fetch_locked_persistent(struct db_ctdb_ctx *ctx
 							 TDB_DATA key)
 {
 	int res;
-	struct db_record *rec;
+	struct db_record *rec, **recp;
 
 	res = db_ctdb_transaction_start(ctx->db);
 	if (res == -1) {
@@ -438,7 +439,14 @@ static struct db_record *db_ctdb_fetch_locked_persistent(struct db_ctdb_ctx *ctx
 	}
 
 	/* destroy this transaction when we release the lock */
-	talloc_set_destructor((struct db_record *)talloc_new(rec), db_ctdb_record_destructor);
+	recp = talloc(rec, struct db_record *);
+	if (recp == NULL) {
+		ctx->db->transaction_cancel(ctx->db);
+		talloc_free(rec);
+		return NULL;
+	}
+	*recp = rec;
+	talloc_set_destructor(recp, db_ctdb_record_destructor);
 	return rec;
 }
 
diff --git a/source3/lib/debug.c b/source3/lib/debug.c
index d835ea7c17..d91b55dd23 100644
--- a/source3/lib/debug.c
+++ b/source3/lib/debug.c
@@ -578,7 +578,9 @@ void setup_logging(const char *pname, bool interactive)
 	stdout_logging = False;
 	if (dbf) {
 		x_fflush(dbf);
-		(void) x_fclose(dbf);
+                if (dbf != x_stdout) {
+                        (void) x_fclose(dbf);
+                }
 	}
 
 	dbf = NULL;
diff --git a/source3/lib/display_sec.c b/source3/lib/display_sec.c
index 67392e4568..5427a8173e 100644
--- a/source3/lib/display_sec.c
+++ b/source3/lib/display_sec.c
@@ -118,7 +118,7 @@ char *get_sec_mask_str(TALLOC_CTX *ctx, uint32 type)
 /****************************************************************************
  display sec_access structure
  ****************************************************************************/
-void display_sec_access(SEC_ACCESS *info)
+void display_sec_access(uint32_t *info)
 {
 	char *mask_str = get_sec_mask_str(NULL, *info);
 	printf("\t\tPermissions: 0x%x: %s\n", *info, mask_str ? mask_str : "");
diff --git a/source3/lib/dummysmbd.c b/source3/lib/dummysmbd.c
index dbe886e3d1..5c624bdebf 100644
--- a/source3/lib/dummysmbd.c
+++ b/source3/lib/dummysmbd.c
@@ -51,3 +51,18 @@ NTSTATUS can_delete_directory(struct connection_struct *conn,
 {
 	return NT_STATUS_OK;
 }
+
+bool change_to_root_user(void)
+{
+	return false;
+}
+
+struct event_context *smbd_event_context(void)
+{
+	return NULL;
+}
+
+struct messaging_context *smbd_messaging_context(void)
+{
+	return NULL;
+}
diff --git a/source3/lib/errmap_unix.c b/source3/lib/errmap_unix.c
index 2cd2386c5c..9adb237096 100644
--- a/source3/lib/errmap_unix.c
+++ b/source3/lib/errmap_unix.c
@@ -128,3 +128,139 @@ NTSTATUS map_nt_error_from_unix(int unix_error)
 	/* Default return */
 	return NT_STATUS_ACCESS_DENIED;
 }
+
+/* Return a UNIX errno from a NT status code */
+static const struct {
+	NTSTATUS status;
+	int error;
+} nt_errno_map[] = {
+        {NT_STATUS_ACCESS_VIOLATION, EACCES},
+        {NT_STATUS_INVALID_HANDLE, EBADF},
+        {NT_STATUS_ACCESS_DENIED, EACCES},
+        {NT_STATUS_OBJECT_NAME_NOT_FOUND, ENOENT},
+        {NT_STATUS_OBJECT_PATH_NOT_FOUND, ENOENT},
+        {NT_STATUS_SHARING_VIOLATION, EBUSY},
+        {NT_STATUS_OBJECT_PATH_INVALID, ENOTDIR},
+        {NT_STATUS_OBJECT_NAME_COLLISION, EEXIST},
+        {NT_STATUS_PATH_NOT_COVERED, ENOENT},
+	{NT_STATUS_UNSUCCESSFUL, EINVAL},
+	{NT_STATUS_NOT_IMPLEMENTED, ENOSYS},
+	{NT_STATUS_IN_PAGE_ERROR, EFAULT}, 
+	{NT_STATUS_BAD_NETWORK_NAME, ENOENT},
+#ifdef EDQUOT
+	{NT_STATUS_PAGEFILE_QUOTA, EDQUOT},
+	{NT_STATUS_QUOTA_EXCEEDED, EDQUOT},
+	{NT_STATUS_REGISTRY_QUOTA_LIMIT, EDQUOT},
+	{NT_STATUS_LICENSE_QUOTA_EXCEEDED, EDQUOT},
+#endif
+#ifdef ETIME
+	{NT_STATUS_TIMER_NOT_CANCELED, ETIME},
+#endif
+	{NT_STATUS_INVALID_PARAMETER, EINVAL},
+	{NT_STATUS_NO_SUCH_DEVICE, ENODEV},
+	{NT_STATUS_NO_SUCH_FILE, ENOENT},
+#ifdef ENODATA
+	{NT_STATUS_END_OF_FILE, ENODATA}, 
+#endif
+#ifdef ENOMEDIUM
+	{NT_STATUS_NO_MEDIA_IN_DEVICE, ENOMEDIUM}, 
+	{NT_STATUS_NO_MEDIA, ENOMEDIUM},
+#endif
+	{NT_STATUS_NONEXISTENT_SECTOR, ESPIPE}, 
+        {NT_STATUS_NO_MEMORY, ENOMEM},
+	{NT_STATUS_CONFLICTING_ADDRESSES, EADDRINUSE},
+	{NT_STATUS_NOT_MAPPED_VIEW, EINVAL},
+	{NT_STATUS_UNABLE_TO_FREE_VM, EADDRINUSE},
+	{NT_STATUS_ACCESS_DENIED, EACCES}, 
+	{NT_STATUS_BUFFER_TOO_SMALL, ENOBUFS},
+	{NT_STATUS_WRONG_PASSWORD, EACCES},
+	{NT_STATUS_LOGON_FAILURE, EACCES},
+	{NT_STATUS_INVALID_WORKSTATION, EACCES},
+	{NT_STATUS_INVALID_LOGON_HOURS, EACCES},
+	{NT_STATUS_PASSWORD_EXPIRED, EACCES},
+	{NT_STATUS_ACCOUNT_DISABLED, EACCES},
+	{NT_STATUS_DISK_FULL, ENOSPC},
+	{NT_STATUS_INVALID_PIPE_STATE, EPIPE},
+	{NT_STATUS_PIPE_BUSY, EPIPE},
+	{NT_STATUS_PIPE_DISCONNECTED, EPIPE},
+	{NT_STATUS_PIPE_NOT_AVAILABLE, ENOSYS},
+	{NT_STATUS_FILE_IS_A_DIRECTORY, EISDIR},
+	{NT_STATUS_NOT_SUPPORTED, ENOSYS},
+	{NT_STATUS_NOT_A_DIRECTORY, ENOTDIR},
+	{NT_STATUS_DIRECTORY_NOT_EMPTY, ENOTEMPTY},
+	{NT_STATUS_NETWORK_UNREACHABLE, ENETUNREACH},
+	{NT_STATUS_HOST_UNREACHABLE, EHOSTUNREACH},
+	{NT_STATUS_CONNECTION_ABORTED, ECONNABORTED},
+	{NT_STATUS_CONNECTION_REFUSED, ECONNREFUSED},
+	{NT_STATUS_TOO_MANY_LINKS, EMLINK},
+	{NT_STATUS_NETWORK_BUSY, EBUSY},
+	{NT_STATUS_DEVICE_DOES_NOT_EXIST, ENODEV},
+#ifdef ELIBACC
+	{NT_STATUS_DLL_NOT_FOUND, ELIBACC},
+#endif
+	{NT_STATUS_PIPE_BROKEN, EPIPE},
+	{NT_STATUS_REMOTE_NOT_LISTENING, ECONNREFUSED},
+	{NT_STATUS_NETWORK_ACCESS_DENIED, EACCES},
+	{NT_STATUS_TOO_MANY_OPENED_FILES, EMFILE},
+#ifdef EPROTO
+	{NT_STATUS_DEVICE_PROTOCOL_ERROR, EPROTO},
+#endif
+	{NT_STATUS_FLOAT_OVERFLOW, ERANGE},
+	{NT_STATUS_FLOAT_UNDERFLOW, ERANGE},
+	{NT_STATUS_INTEGER_OVERFLOW, ERANGE},
+	{NT_STATUS_MEDIA_WRITE_PROTECTED, EROFS},
+	{NT_STATUS_PIPE_CONNECTED, EISCONN},
+	{NT_STATUS_MEMORY_NOT_ALLOCATED, EFAULT},
+	{NT_STATUS_FLOAT_INEXACT_RESULT, ERANGE},
+	{NT_STATUS_ILL_FORMED_PASSWORD, EACCES},
+	{NT_STATUS_PASSWORD_RESTRICTION, EACCES},
+	{NT_STATUS_ACCOUNT_RESTRICTION, EACCES},
+	{NT_STATUS_PORT_CONNECTION_REFUSED, ECONNREFUSED},
+	{NT_STATUS_NAME_TOO_LONG, ENAMETOOLONG},
+	{NT_STATUS_REMOTE_DISCONNECT, ESHUTDOWN},
+	{NT_STATUS_CONNECTION_DISCONNECTED, ECONNABORTED},
+	{NT_STATUS_CONNECTION_RESET, ENETRESET},
+#ifdef ENOTUNIQ
+	{NT_STATUS_IP_ADDRESS_CONFLICT1, ENOTUNIQ},
+	{NT_STATUS_IP_ADDRESS_CONFLICT2, ENOTUNIQ},
+#endif
+	{NT_STATUS_PORT_MESSAGE_TOO_LONG, EMSGSIZE},
+	{NT_STATUS_PROTOCOL_UNREACHABLE, ENOPROTOOPT},
+	{NT_STATUS_ADDRESS_ALREADY_EXISTS, EADDRINUSE},
+	{NT_STATUS_PORT_UNREACHABLE, EHOSTUNREACH},
+	{NT_STATUS_IO_TIMEOUT, ETIMEDOUT},
+	{NT_STATUS_RETRY, EAGAIN},
+#ifdef ENOTUNIQ
+	{NT_STATUS_DUPLICATE_NAME, ENOTUNIQ},
+#endif
+#ifdef ECOMM
+	{NT_STATUS_NET_WRITE_FAULT, ECOMM},
+#endif
+#ifdef EXDEV
+	{NT_STATUS_NOT_SAME_DEVICE, EXDEV},
+#endif
+	{NT_STATUS(0), 0}
+};
+
+int map_errno_from_nt_status(NTSTATUS status)
+{
+	int i;
+	DEBUG(10,("map_errno_from_nt_status: 32 bit codes: code=%08x\n",
+		NT_STATUS_V(status)));
+
+	/* Status codes without this bit set are not errors */
+
+	if (!(NT_STATUS_V(status) & 0xc0000000)) {
+		return 0;
+	}
+
+	for (i=0;nt_errno_map[i].error;i++) {
+		if (NT_STATUS_V(nt_errno_map[i].status) ==
+			    NT_STATUS_V(status)) {
+			return nt_errno_map[i].error;
+		}
+	}
+
+	/* for all other cases - a default code */
+	return EINVAL;
+}
diff --git a/source3/lib/hmacmd5.c b/source3/lib/hmacmd5.c
deleted file mode 100644
index 86db3aa236..0000000000
--- a/source3/lib/hmacmd5.c
+++ /dev/null
@@ -1,135 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   HMAC MD5 code for use in NTLMv2
-   Copyright (C) Luke Kenneth Casson Leighton 1996-2000
-   Copyright (C) Andrew Tridgell 1992-2000
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/* taken direct from rfc2104 implementation and modified for suitable use
- * for ntlmv2.
- */
-
-#include "includes.h"
-
-/***********************************************************************
- the rfc 2104 version of hmac_md5 initialisation.
-***********************************************************************/
-
-void hmac_md5_init_rfc2104(const unsigned char *key, int key_len, HMACMD5Context *ctx)
-{
-        int i;
-	unsigned char tk[16];
-
-        /* if key is longer than 64 bytes reset it to key=MD5(key) */
-        if (key_len > 64) {
-                struct MD5Context tctx;
-
-                MD5Init(&tctx);
-                MD5Update(&tctx, key, key_len);
-                MD5Final(tk, &tctx);
-
-                key = tk;
-                key_len = 16;
-        }
-
-        /* start out by storing key in pads */
-        ZERO_STRUCT(ctx->k_ipad);
-        ZERO_STRUCT(ctx->k_opad);
-        memcpy( ctx->k_ipad, key, key_len);
-        memcpy( ctx->k_opad, key, key_len);
-
-        /* XOR key with ipad and opad values */
-        for (i=0; i<64; i++) {
-                ctx->k_ipad[i] ^= 0x36;
-                ctx->k_opad[i] ^= 0x5c;
-        }
-
-        MD5Init(&ctx->ctx);
-        MD5Update(&ctx->ctx, ctx->k_ipad, 64);  
-}
-
-/***********************************************************************
- the microsoft version of hmac_md5 initialisation.
-***********************************************************************/
-
-void hmac_md5_init_limK_to_64(const unsigned char* key, int key_len,
-			HMACMD5Context *ctx)
-{
-        int i;
-
-        /* if key is longer than 64 bytes truncate it */
-        if (key_len > 64) {
-                key_len = 64;
-        }
-
-        /* start out by storing key in pads */
-        ZERO_STRUCT(ctx->k_ipad);
-        ZERO_STRUCT(ctx->k_opad);
-        memcpy( ctx->k_ipad, key, key_len);
-        memcpy( ctx->k_opad, key, key_len);
-
-        /* XOR key with ipad and opad values */
-        for (i=0; i<64; i++) {
-                ctx->k_ipad[i] ^= 0x36;
-                ctx->k_opad[i] ^= 0x5c;
-        }
-
-        MD5Init(&ctx->ctx);
-        MD5Update(&ctx->ctx, ctx->k_ipad, 64);  
-}
-
-/***********************************************************************
- update hmac_md5 "inner" buffer
-***********************************************************************/
-
-void hmac_md5_update(const unsigned char *text, int text_len, HMACMD5Context *ctx)
-{
-        MD5Update(&ctx->ctx, text, text_len); /* then text of datagram */
-}
-
-/***********************************************************************
- finish off hmac_md5 "inner" buffer and generate outer one.
-***********************************************************************/
-void hmac_md5_final(unsigned char *digest, HMACMD5Context *ctx)
-
-{
-        struct MD5Context ctx_o;
-
-        MD5Final(digest, &ctx->ctx);          
-
-        MD5Init(&ctx_o);
-        MD5Update(&ctx_o, ctx->k_opad, 64);   
-        MD5Update(&ctx_o, digest, 16); 
-        MD5Final(digest, &ctx_o);
-}
-
-/***********************************************************
- single function to calculate an HMAC MD5 digest from data.
- use the microsoft hmacmd5 init method because the key is 16 bytes.
-************************************************************/
-
-void hmac_md5( unsigned char key[16], const unsigned char *data, int data_len,
-	       unsigned char *digest)
-{
-	HMACMD5Context ctx;
-	hmac_md5_init_limK_to_64(key, 16, &ctx);
-	if (data_len != 0)
-	{
-		hmac_md5_update(data, data_len, &ctx);
-	}
-	hmac_md5_final(digest, &ctx);
-}
-
diff --git a/source3/lib/ldb/common/ldb.c b/source3/lib/ldb/common/ldb.c
index 743711b967..c8aa6afdfc 100644
--- a/source3/lib/ldb/common/ldb.c
+++ b/source3/lib/ldb/common/ldb.c
@@ -787,6 +787,7 @@ int ldb_search(struct ldb_context *ldb,
 done:
 	if (ret != LDB_SUCCESS) {
 		talloc_free(res);
+		res = NULL;
 	}
 
 	*_res = res;
diff --git a/source3/lib/md4.c b/source3/lib/md4.c
deleted file mode 100644
index bae0091e36..0000000000
--- a/source3/lib/md4.c
+++ /dev/null
@@ -1,174 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   a implementation of MD4 designed for use in the SMB authentication protocol
-   Copyright (C) Andrew Tridgell 1997-1998.
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-
-/* NOTE: This code makes no attempt to be fast! 
-
-   It assumes that a int is at least 32 bits long
-*/
-
-#if 0
-static uint32 A, B, C, D;
-#else
-#define A (state[0])
-#define B (state[1])
-#define C (state[2])
-#define D (state[3])
-#endif
-
-static uint32 F(uint32 X, uint32 Y, uint32 Z)
-{
-	return (X&Y) | ((~X)&Z);
-}
-
-static uint32 G(uint32 X, uint32 Y, uint32 Z)
-{
-	return (X&Y) | (X&Z) | (Y&Z); 
-}
-
-static uint32 H(uint32 X, uint32 Y, uint32 Z)
-{
-	return X^Y^Z;
-}
-
-static uint32 lshift(uint32 x, int s)
-{
-	x &= 0xFFFFFFFF;
-	return ((x<<s)&0xFFFFFFFF) | (x>>(32-s));
-}
-
-#define ROUND1(a,b,c,d,k,s) a = lshift(a + F(b,c,d) + X[k], s)
-#define ROUND2(a,b,c,d,k,s) a = lshift(a + G(b,c,d) + X[k] + (uint32)0x5A827999,s)
-#define ROUND3(a,b,c,d,k,s) a = lshift(a + H(b,c,d) + X[k] + (uint32)0x6ED9EBA1,s)
-
-/* this applies md4 to 64 byte chunks */
-static void mdfour64(uint32_t *state, uint32 *M)
-{
-	int j;
-	uint32 AA, BB, CC, DD;
-	uint32 X[16];
-
-	for (j=0;j<16;j++)
-		X[j] = M[j];
-
-	AA = A; BB = B; CC = C; DD = D;
-
-        ROUND1(A,B,C,D,  0,  3);  ROUND1(D,A,B,C,  1,  7);  
-	ROUND1(C,D,A,B,  2, 11);  ROUND1(B,C,D,A,  3, 19);
-        ROUND1(A,B,C,D,  4,  3);  ROUND1(D,A,B,C,  5,  7);  
-	ROUND1(C,D,A,B,  6, 11);  ROUND1(B,C,D,A,  7, 19);
-        ROUND1(A,B,C,D,  8,  3);  ROUND1(D,A,B,C,  9,  7);  
-	ROUND1(C,D,A,B, 10, 11);  ROUND1(B,C,D,A, 11, 19);
-        ROUND1(A,B,C,D, 12,  3);  ROUND1(D,A,B,C, 13,  7);  
-	ROUND1(C,D,A,B, 14, 11);  ROUND1(B,C,D,A, 15, 19);	
-
-        ROUND2(A,B,C,D,  0,  3);  ROUND2(D,A,B,C,  4,  5);  
-	ROUND2(C,D,A,B,  8,  9);  ROUND2(B,C,D,A, 12, 13);
-        ROUND2(A,B,C,D,  1,  3);  ROUND2(D,A,B,C,  5,  5);  
-	ROUND2(C,D,A,B,  9,  9);  ROUND2(B,C,D,A, 13, 13);
-        ROUND2(A,B,C,D,  2,  3);  ROUND2(D,A,B,C,  6,  5);  
-	ROUND2(C,D,A,B, 10,  9);  ROUND2(B,C,D,A, 14, 13);
-        ROUND2(A,B,C,D,  3,  3);  ROUND2(D,A,B,C,  7,  5);  
-	ROUND2(C,D,A,B, 11,  9);  ROUND2(B,C,D,A, 15, 13);
-
-	ROUND3(A,B,C,D,  0,  3);  ROUND3(D,A,B,C,  8,  9);  
-	ROUND3(C,D,A,B,  4, 11);  ROUND3(B,C,D,A, 12, 15);
-        ROUND3(A,B,C,D,  2,  3);  ROUND3(D,A,B,C, 10,  9);  
-	ROUND3(C,D,A,B,  6, 11);  ROUND3(B,C,D,A, 14, 15);
-        ROUND3(A,B,C,D,  1,  3);  ROUND3(D,A,B,C,  9,  9);  
-	ROUND3(C,D,A,B,  5, 11);  ROUND3(B,C,D,A, 13, 15);
-        ROUND3(A,B,C,D,  3,  3);  ROUND3(D,A,B,C, 11,  9);  
-	ROUND3(C,D,A,B,  7, 11);  ROUND3(B,C,D,A, 15, 15);
-
-	A += AA; B += BB; C += CC; D += DD;
-	
-	A &= 0xFFFFFFFF; B &= 0xFFFFFFFF;
-	C &= 0xFFFFFFFF; D &= 0xFFFFFFFF;
-
-	for (j=0;j<16;j++)
-		X[j] = 0;
-}
-
-static void copy64(uint32 *M, const unsigned char *in)
-{
-	int i;
-
-	for (i=0;i<16;i++)
-		M[i] = (in[i*4+3]<<24) | (in[i*4+2]<<16) |
-			(in[i*4+1]<<8) | (in[i*4+0]<<0);
-}
-
-static void copy4(unsigned char *out, uint32 x)
-{
-	out[0] = x&0xFF;
-	out[1] = (x>>8)&0xFF;
-	out[2] = (x>>16)&0xFF;
-	out[3] = (x>>24)&0xFF;
-}
-
-/* produce a md4 message digest from data of length n bytes */
-void mdfour(unsigned char *out, const unsigned char *in, int n)
-{
-	unsigned char buf[128];
-	uint32 M[16];
-	uint32 state[4];
-	uint32 b = n * 8;
-	int i;
-
-	A = 0x67452301;
-	B = 0xefcdab89;
-	C = 0x98badcfe;
-	D = 0x10325476;
-
-	while (n > 64) {
-		copy64(M, in);
-		mdfour64(state, M);
-		in += 64;
-		n -= 64;
-	}
-
-	for (i=0;i<128;i++)
-		buf[i] = 0;
-	memcpy(buf, in, n);
-	buf[n] = 0x80;
-	
-	if (n <= 55) {
-		copy4(buf+56, b);
-		copy64(M, buf);
-		mdfour64(state, M);
-	} else {
-		copy4(buf+120, b); 
-		copy64(M, buf);
-		mdfour64(state, M);
-		copy64(M, buf+64);
-		mdfour64(state, M);
-	}
-
-	for (i=0;i<128;i++)
-		buf[i] = 0;
-	copy64(M, buf);
-
-	copy4(out, A);
-	copy4(out+4, B);
-	copy4(out+8, C);
-	copy4(out+12, D);
-}
-
-
diff --git a/source3/lib/md5.c b/source3/lib/md5.c
deleted file mode 100644
index 2121b17047..0000000000
--- a/source3/lib/md5.c
+++ /dev/null
@@ -1,247 +0,0 @@
-/*
- * This code implements the MD5 message-digest algorithm.
- * The algorithm is due to Ron Rivest.  This code was
- * written by Colin Plumb in 1993, no copyright is claimed.
- * This code is in the public domain; do with it what you wish.
- *
- * Equivalent code is available from RSA Data Security, Inc.
- * This code has been tested against that, and is equivalent,
- * except that you don't need to include two pages of legalese
- * with every copy.
- *
- * To compute the message digest of a chunk of bytes, declare an
- * MD5Context structure, pass it to MD5Init, call MD5Update as
- * needed on buffers full of bytes, and then call MD5Final, which
- * will fill a supplied 16-byte array with the digest.
- */
-
-/* This code slightly modified to fit into Samba by 
-   abartlet@samba.org Jun 2001 */
-
-#include "includes.h"
-
-#include "md5.h"
-
-static void MD5Transform(uint32 buf[4], uint32 const in[16]);
-
-/*
- * Note: this code is harmless on little-endian machines.
- */
-static void byteReverse(unsigned char *buf, unsigned longs)
-{
-    uint32 t;
-    do {
-	t = (uint32) ((unsigned) buf[3] << 8 | buf[2]) << 16 |
-	    ((unsigned) buf[1] << 8 | buf[0]);
-	*(uint32 *) buf = t;
-	buf += 4;
-    } while (--longs);
-}
-
-/*
- * Start MD5 accumulation.  Set bit count to 0 and buffer to mysterious
- * initialization constants.
- */
-void MD5Init(struct MD5Context *ctx)
-{
-    ctx->buf[0] = 0x67452301;
-    ctx->buf[1] = 0xefcdab89;
-    ctx->buf[2] = 0x98badcfe;
-    ctx->buf[3] = 0x10325476;
-
-    ctx->bits[0] = 0;
-    ctx->bits[1] = 0;
-}
-
-/*
- * Update context to reflect the concatenation of another buffer full
- * of bytes.
- */
-void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len)
-{
-    register uint32 t;
-
-    /* Update bitcount */
-
-    t = ctx->bits[0];
-    if ((ctx->bits[0] = t + ((uint32) len << 3)) < t)
-	ctx->bits[1]++;		/* Carry from low to high */
-    ctx->bits[1] += len >> 29;
-
-    t = (t >> 3) & 0x3f;	/* Bytes already in shsInfo->data */
-
-    /* Handle any leading odd-sized chunks */
-
-    if (t) {
-	unsigned char *p = (unsigned char *) ctx->in + t;
-
-	t = 64 - t;
-	if (len < t) {
-	    memmove(p, buf, len);
-	    return;
-	}
-	memmove(p, buf, t);
-	byteReverse(ctx->in, 16);
-	MD5Transform(ctx->buf, (uint32 *) ctx->in);
-	buf += t;
-	len -= t;
-    }
-    /* Process data in 64-byte chunks */
-
-    while (len >= 64) {
-	memmove(ctx->in, buf, 64);
-	byteReverse(ctx->in, 16);
-	MD5Transform(ctx->buf, (uint32 *) ctx->in);
-	buf += 64;
-	len -= 64;
-    }
-
-    /* Handle any remaining bytes of data. */
-
-    memmove(ctx->in, buf, len);
-}
-
-/*
- * Final wrapup - pad to 64-byte boundary with the bit pattern 
- * 1 0* (64-bit count of bits processed, MSB-first)
- */
-void MD5Final(unsigned char digest[16], struct MD5Context *ctx)
-{
-    unsigned int count;
-    unsigned char *p;
-
-    /* Compute number of bytes mod 64 */
-    count = (ctx->bits[0] >> 3) & 0x3F;
-
-    /* Set the first char of padding to 0x80.  This is safe since there is
-       always at least one byte free */
-    p = ctx->in + count;
-    *p++ = 0x80;
-
-    /* Bytes of padding needed to make 64 bytes */
-    count = 64 - 1 - count;
-
-    /* Pad out to 56 mod 64 */
-    if (count < 8) {
-	/* Two lots of padding:  Pad the first block to 64 bytes */
-	memset(p, 0, count);
-	byteReverse(ctx->in, 16);
-	MD5Transform(ctx->buf, (uint32 *) ctx->in);
-
-	/* Now fill the next block with 56 bytes */
-	memset(ctx->in, 0, 56);
-    } else {
-	/* Pad block to 56 bytes */
-	memset(p, 0, count - 8);
-    }
-    byteReverse(ctx->in, 14);
-
-    /* Append length in bits and transform */
-    ((uint32 *) ctx->in)[14] = ctx->bits[0];
-    ((uint32 *) ctx->in)[15] = ctx->bits[1];
-
-    MD5Transform(ctx->buf, (uint32 *) ctx->in);
-    byteReverse((unsigned char *) ctx->buf, 4);
-    memmove(digest, ctx->buf, 16);
-    memset(ctx, 0, sizeof(ctx));	/* In case it's sensitive */
-}
-
-/* The four core functions - F1 is optimized somewhat */
-
-/* #define F1(x, y, z) (x & y | ~x & z) */
-#define F1(x, y, z) (z ^ (x & (y ^ z)))
-#define F2(x, y, z) F1(z, x, y)
-#define F3(x, y, z) (x ^ y ^ z)
-#define F4(x, y, z) (y ^ (x | ~z))
-
-/* This is the central step in the MD5 algorithm. */
-#define MD5STEP(f, w, x, y, z, data, s) \
-	( w += f(x, y, z) + data,  w = w<<s | w>>(32-s),  w += x )
-
-/*
- * The core of the MD5 algorithm, this alters an existing MD5 hash to
- * reflect the addition of 16 longwords of new data.  MD5Update blocks
- * the data and converts bytes into longwords for this routine.
- */
-static void MD5Transform(uint32 buf[4], uint32 const in[16])
-{
-    register uint32 a, b, c, d;
-
-    a = buf[0];
-    b = buf[1];
-    c = buf[2];
-    d = buf[3];
-
-    MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7);
-    MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
-    MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17);
-    MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
-    MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
-    MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12);
-    MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17);
-    MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22);
-    MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7);
-    MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
-    MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
-    MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
-    MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7);
-    MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
-    MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
-    MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
-
-    MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5);
-    MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9);
-    MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
-    MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
-    MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5);
-    MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9);
-    MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
-    MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
-    MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
-    MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
-    MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
-    MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20);
-    MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
-    MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
-    MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14);
-    MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
-
-    MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4);
-    MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11);
-    MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
-    MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
-    MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4);
-    MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
-    MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
-    MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
-    MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
-    MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
-    MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
-    MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23);
-    MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
-    MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
-    MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
-    MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
-
-    MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6);
-    MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10);
-    MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
-    MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21);
-    MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
-    MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
-    MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
-    MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21);
-    MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
-    MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
-    MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15);
-    MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
-    MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6);
-    MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
-    MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
-    MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21);
-
-    buf[0] += a;
-    buf[1] += b;
-    buf[2] += c;
-    buf[3] += d;
-}
diff --git a/source3/lib/messages_local.c b/source3/lib/messages_local.c
index f436afc2ff..9f7f88f783 100644
--- a/source3/lib/messages_local.c
+++ b/source3/lib/messages_local.c
@@ -160,7 +160,7 @@ static NTSTATUS messaging_tdb_fetch(TDB_CONTEXT *msg_tdb,
 	blob = data_blob_const(data.dptr, data.dsize);
 
 	ndr_err = ndr_pull_struct_blob(
-		&blob, result, result,
+		&blob, result, NULL, result,
 		(ndr_pull_flags_fn_t)ndr_pull_messaging_array);
 
 	SAFE_FREE(data.dptr);
@@ -203,7 +203,7 @@ static NTSTATUS messaging_tdb_store(TDB_CONTEXT *msg_tdb,
 	}
 
 	ndr_err = ndr_push_struct_blob(
-		&blob, mem_ctx, array,
+		&blob, mem_ctx, NULL, array,
 		(ndr_push_flags_fn_t)ndr_push_messaging_array);
 
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
diff --git a/source3/lib/netapi/examples/user/user_modalsset.c b/source3/lib/netapi/examples/user/user_modalsset.c
index 57e1ef70ea..c6958a9012 100644
--- a/source3/lib/netapi/examples/user/user_modalsset.c
+++ b/source3/lib/netapi/examples/user/user_modalsset.c
@@ -95,6 +95,7 @@ int main(int argc, const char **argv)
 		case 1:
 		case 2:
 		case 3:
+			break;
 		case 1001:
 			u1001.usrmod1001_min_passwd_len = 0;
 			buffer = (uint8_t *)&u1001;
diff --git a/source3/lib/netapi/file.c b/source3/lib/netapi/file.c
index 036af32f38..0d66be0eb1 100644
--- a/source3/lib/netapi/file.c
+++ b/source3/lib/netapi/file.c
@@ -47,7 +47,8 @@ WERROR NetFileClose_r(struct libnetapi_ctx *ctx,
 					    r->in.server_name,
 					    r->in.fileid,
 					    &werr);
-	if (!W_ERROR_IS_OK(werr)) {
+	if (!NT_STATUS_IS_OK(status)) {
+		werr = ntstatus_to_werror(status);
 		goto done;
 	}
 
diff --git a/source3/lib/netapi/getdc.c b/source3/lib/netapi/getdc.c
index 07a6544af1..76c0d0be2a 100644
--- a/source3/lib/netapi/getdc.c
+++ b/source3/lib/netapi/getdc.c
@@ -58,6 +58,10 @@ WERROR NetGetDCName_r(struct libnetapi_ctx *ctx,
 				       r->in.domain_name,
 				       (const char **)r->out.buffer,
 				       &werr);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		werr = ntstatus_to_werror(status);
+	}
  done:
 
 	return werr;
diff --git a/source3/lib/netapi/share.c b/source3/lib/netapi/share.c
index 1d0e1810f1..e6aed36064 100644
--- a/source3/lib/netapi/share.c
+++ b/source3/lib/netapi/share.c
@@ -271,7 +271,8 @@ WERROR NetShareDel_r(struct libnetapi_ctx *ctx,
 					   r->in.net_name,
 					   r->in.reserved,
 					   &werr);
-	if (!W_ERROR_IS_OK(werr)) {
+	if (!NT_STATUS_IS_OK(status)) {
+		werr = ntstatus_to_werror(status);
 		goto done;
 	}
 
diff --git a/source3/lib/netapi/tests/Makefile.in b/source3/lib/netapi/tests/Makefile.in
index 0145753212..659f82c9d8 100644
--- a/source3/lib/netapi/tests/Makefile.in
+++ b/source3/lib/netapi/tests/Makefile.in
@@ -44,7 +44,7 @@ bin/.dummy:
 
 CMDLINE_OBJ = common.o
 NETAPIBUFFER_OBJ = netapibuffer.o
-NETAPITEST_OBJ = netapitest.o netlocalgroup.o netuser.o netgroup.o netdisplay.o netshare.o $(CMDLINE_OBJ)
+NETAPITEST_OBJ = netapitest.o netlocalgroup.o netuser.o netgroup.o netdisplay.o netshare.o netfile.o $(CMDLINE_OBJ)
 
 bin/netapitest@EXEEXT@: $(BINARY_PREREQS) $(NETAPITEST_OBJ)
 	@echo Linking $@
diff --git a/source3/lib/netapi/tests/common.h b/source3/lib/netapi/tests/common.h
index 5a320321ba..9320840909 100644
--- a/source3/lib/netapi/tests/common.h
+++ b/source3/lib/netapi/tests/common.h
@@ -41,6 +41,8 @@ NET_API_STATUS netapitest_display(struct libnetapi_ctx *ctx,
 				  const char *hostname);
 NET_API_STATUS netapitest_share(struct libnetapi_ctx *ctx,
 				const char *hostname);
+NET_API_STATUS netapitest_file(struct libnetapi_ctx *ctx,
+			       const char *hostname);
 
 #ifndef ARRAY_SIZE
 #define ARRAY_SIZE(a) (sizeof(a)/sizeof(a[0]))
diff --git a/source3/lib/netapi/tests/netapitest.c b/source3/lib/netapi/tests/netapitest.c
index 87144020f5..4a38f721d8 100644
--- a/source3/lib/netapi/tests/netapitest.c
+++ b/source3/lib/netapi/tests/netapitest.c
@@ -84,6 +84,11 @@ int main(int argc, const char **argv)
 		goto out;
 	}
 
+	status = netapitest_file(ctx, hostname);
+	if (status) {
+		goto out;
+	}
+
  out:
 	if (status != 0) {
 		printf("testsuite failed with: %s\n",
diff --git a/source3/lib/netapi/tests/netfile.c b/source3/lib/netapi/tests/netfile.c
new file mode 100644
index 0000000000..36ee8288ee
--- /dev/null
+++ b/source3/lib/netapi/tests/netfile.c
@@ -0,0 +1,143 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  NetFile testsuite
+ *  Copyright (C) Guenther Deschner 2008
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <sys/types.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <netapi.h>
+
+#include "common.h"
+
+static NET_API_STATUS test_netfileenum(const char *hostname,
+				       uint32_t level)
+{
+	NET_API_STATUS status;
+	uint32_t entries_read = 0;
+	uint32_t total_entries = 0;
+	uint32_t resume_handle = 0;
+	uint8_t *buffer = NULL;
+	int i;
+
+	struct FILE_INFO_2 *i2;
+	struct FILE_INFO_3 *i3;
+
+	printf("testing NetFileEnum level %d\n", level);
+
+	do {
+		status = NetFileEnum(hostname,
+				     NULL,
+				     NULL,
+				     level,
+				     &buffer,
+				     (uint32_t)-1,
+				     &entries_read,
+				     &total_entries,
+				     &resume_handle);
+		if (status == 0 || status == ERROR_MORE_DATA) {
+			switch (level) {
+				case 2:
+					i2 = (struct FILE_INFO_2 *)buffer;
+					break;
+				case 3:
+					i3 = (struct FILE_INFO_3 *)buffer;
+					break;
+				default:
+					return -1;
+			}
+
+			for (i=0; i<entries_read; i++) {
+
+				switch (level) {
+					case 2:
+					case 3:
+						break;
+					default:
+						break;
+				}
+
+				switch (level) {
+					case 2:
+						i2++;
+						break;
+					case 3:
+						i3++;
+						break;
+				}
+			}
+			NetApiBufferFree(buffer);
+		}
+	} while (status == ERROR_MORE_DATA);
+
+	if (status) {
+		return status;
+	}
+
+	return 0;
+}
+
+NET_API_STATUS netapitest_file(struct libnetapi_ctx *ctx,
+			       const char *hostname)
+{
+	NET_API_STATUS status = 0;
+	uint8_t *buffer = NULL;
+	uint32_t levels[] = { 2, 3 };
+	uint32_t enum_levels[] = { 2, 3 };
+	int i;
+
+	printf("NetFile tests\n");
+
+	/* test enum */
+
+	for (i=0; i<ARRAY_SIZE(enum_levels); i++) {
+
+		status = test_netfileenum(hostname, enum_levels[i]);
+		if (status) {
+			NETAPI_STATUS(ctx, status, "NetFileEnum");
+			goto out;
+		}
+	}
+
+	/* basic queries */
+#if 0
+	for (i=0; i<ARRAY_SIZE(levels); i++) {
+
+		printf("testing NetFileGetInfo level %d\n", levels[i]);
+
+		status = NetFileGetInfo(hostname, fid, levels[i], &buffer);
+		if (status && status != 124) {
+			NETAPI_STATUS(ctx, status, "NetFileGetInfo");
+			goto out;
+		}
+	}
+#endif
+
+	status = 0;
+
+	printf("NetFile tests succeeded\n");
+ out:
+	if (status != 0) {
+		printf("NetFile testsuite failed with: %s\n",
+			libnetapi_get_error_string(ctx, status));
+	}
+
+	return status;
+}
diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c
index 7d0c47f331..fcb87b77be 100644
--- a/source3/lib/netapi/user.c
+++ b/source3/lib/netapi/user.c
@@ -108,18 +108,18 @@ static void convert_USER_INFO_X_to_samr_user_info21(struct USER_INFO_X *infoX,
 			      infoX->usriX_workstations,
 			      infoX->usriX_usr_comment,
 			      &zero_parameters,
-			      0,
+			      infoX->usriX_user_id,
 			      infoX->usriX_primary_group_id,
 			      infoX->usriX_flags,
 			      fields_present,
 			      zero_logon_hours,
-			      0,
-			      0,
+			      infoX->usriX_bad_pw_count,
+			      infoX->usriX_num_logons,
 			      infoX->usriX_country_code,
+			      infoX->usriX_code_page,
 			      0,
 			      0,
-			      0,
-			      0);
+			      infoX->usriX_password_expired);
 }
 
 /****************************************************************
@@ -132,6 +132,7 @@ static NTSTATUS construct_USER_INFO_X(uint32_t level,
 	struct USER_INFO_0 *u0 = NULL;
 	struct USER_INFO_1 *u1 = NULL;
 	struct USER_INFO_2 *u2 = NULL;
+	struct USER_INFO_3 *u3 = NULL;
 	struct USER_INFO_1003 *u1003 = NULL;
 	struct USER_INFO_1006 *u1006 = NULL;
 	struct USER_INFO_1007 *u1007 = NULL;
@@ -193,6 +194,37 @@ static NTSTATUS construct_USER_INFO_X(uint32_t level,
 			uX->usriX_country_code	= u2->usri2_country_code;
 			uX->usriX_code_page	= u2->usri2_code_page;
 			break;
+		case 3:
+			u3 = (struct USER_INFO_3 *)buffer;
+			uX->usriX_name		= u3->usri3_name;
+			uX->usriX_password_age	= u3->usri3_password_age;
+			uX->usriX_priv		= u3->usri3_priv;
+			uX->usriX_home_dir	= u3->usri3_home_dir;
+			uX->usriX_comment	= u3->usri3_comment;
+			uX->usriX_flags		= u3->usri3_flags;
+			uX->usriX_script_path	= u3->usri3_script_path;
+			uX->usriX_auth_flags	= u3->usri3_auth_flags;
+			uX->usriX_full_name	= u3->usri3_full_name;
+			uX->usriX_usr_comment	= u3->usri3_usr_comment;
+			uX->usriX_parms		= u3->usri3_parms;
+			uX->usriX_workstations	= u3->usri3_workstations;
+			uX->usriX_last_logon	= u3->usri3_last_logon;
+			uX->usriX_last_logoff	= u3->usri3_last_logoff;
+			uX->usriX_acct_expires	= u3->usri3_acct_expires;
+			uX->usriX_max_storage	= u3->usri3_max_storage;
+			uX->usriX_units_per_week= u3->usri3_units_per_week;
+			uX->usriX_logon_hours	= u3->usri3_logon_hours;
+			uX->usriX_bad_pw_count	= u3->usri3_bad_pw_count;
+			uX->usriX_num_logons	= u3->usri3_num_logons;
+			uX->usriX_logon_server	= u3->usri3_logon_server;
+			uX->usriX_country_code	= u3->usri3_country_code;
+			uX->usriX_code_page	= u3->usri3_code_page;
+			uX->usriX_user_id	= u3->usri3_user_id;
+			uX->usriX_primary_group_id = u3->usri3_primary_group_id;
+			uX->usriX_profile	= u3->usri3_profile;
+			uX->usriX_home_dir_drive = u3->usri3_home_dir_drive;
+			uX->usriX_password_expired = u3->usri3_password_expired;
+			break;
 		case 1003:
 			u1003 = (struct USER_INFO_1003 *)buffer;
 			uX->usriX_password	= u1003->usri1003_password;
@@ -237,7 +269,6 @@ static NTSTATUS construct_USER_INFO_X(uint32_t level,
 			u1053 = (struct USER_INFO_1053 *)buffer;
 			uX->usriX_home_dir_drive = u1053->usri1053_home_dir_drive;
 			break;
-		case 3:
 		case 4:
 		default:
 			return NT_STATUS_INVALID_INFO_CLASS;
@@ -1753,9 +1784,17 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx,
 			user_mask = SAMR_USER_ACCESS_SET_ATTRIBUTES |
 				    SAMR_USER_ACCESS_GET_GROUPS;
 			break;
+		case 3:
+			user_mask = STD_RIGHT_READ_CONTROL_ACCESS |
+				    STD_RIGHT_WRITE_DAC_ACCESS |
+				    SAMR_USER_ACCESS_GET_GROUPS |
+				    SAMR_USER_ACCESS_SET_PASSWORD |
+				    SAMR_USER_ACCESS_SET_ATTRIBUTES |
+				    SAMR_USER_ACCESS_GET_ATTRIBUTES |
+				    SAMR_USER_ACCESS_SET_LOC_COM;
+			break;
 		case 1:
 		case 2:
-		case 3:
 		case 4:
 		case 21:
 		case 22:
diff --git a/source3/lib/readline.c b/source3/lib/readline.c
index 254f55c86a..cafb5a9f62 100644
--- a/source3/lib/readline.c
+++ b/source3/lib/readline.c
@@ -45,6 +45,24 @@
 #  define RL_COMPLETION_CAST
 #endif /* HAVE_NEW_LIBREADLINE */
 
+static bool smb_rl_done;
+
+#if HAVE_LIBREADLINE
+/*
+ * MacOS/X does not have rl_done in readline.h, but
+ * readline.so has it
+ */
+extern int rl_done;
+#endif
+
+void smb_readline_done(void)
+{
+	smb_rl_done = true;
+#if HAVE_LIBREADLINE
+	rl_done = 1;
+#endif
+}
+
 /****************************************************************************
  Display the prompt and wait for input. Call callback() regularly
 ****************************************************************************/
@@ -69,7 +87,7 @@ static char *smb_readline_replacement(const char *prompt, void (*callback)(void)
 		return NULL;
 	}
 
-	while (1) {
+	while (!smb_rl_done) {
 		timeout.tv_sec = 5;
 		timeout.tv_usec = 0;
 
@@ -87,6 +105,7 @@ static char *smb_readline_replacement(const char *prompt, void (*callback)(void)
 			callback();
 		}
 	}
+	return NULL;
 }
 
 /****************************************************************************
diff --git a/source3/lib/secace.c b/source3/lib/secace.c
index 8760a6109a..9f5a0c02ba 100644
--- a/source3/lib/secace.c
+++ b/source3/lib/secace.c
@@ -55,7 +55,7 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src)
 ********************************************************************/
 
 void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, enum security_ace_type type,
-		  uint32 mask, uint8 flag)
+		  uint32_t mask, uint8 flag)
 {
 	t->type = type;
 	t->flags = flag;
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c
index 44ae23271e..52ff067d6a 100644
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@@ -249,7 +249,7 @@ NTSTATUS marshall_sec_desc(TALLOC_CTX *mem_ctx,
 	enum ndr_err_code ndr_err;
 
 	ndr_err = ndr_push_struct_blob(
-		&blob, mem_ctx, secdesc,
+		&blob, mem_ctx, NULL, secdesc,
 		(ndr_push_flags_fn_t)ndr_push_security_descriptor);
 
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -285,7 +285,7 @@ NTSTATUS unmarshall_sec_desc(TALLOC_CTX *mem_ctx, uint8 *data, size_t len,
 	blob = data_blob_const(data, len);
 
 	ndr_err = ndr_pull_struct_blob(
-		&blob, result, result,
+		&blob, result, NULL, result,
 		(ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
 
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -512,7 +512,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
 		if (!inherit)
 			continue;
 
-		init_sec_access(&new_ace->access_mask, ace->access_mask);
+		new_ace->access_mask = ace->access_mask;
 		init_sec_ace(new_ace, &ace->trustee, ace->type,
 			     new_ace->access_mask, new_flags);
 
@@ -546,14 +546,3 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
 
 	return sdb;
 }
-
-/*******************************************************************
- Sets up a SEC_ACCESS structure.
-********************************************************************/
-
-void init_sec_access(uint32 *t, uint32 mask)
-{
-	*t = mask;
-}
-
-
diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c
index 33f66ca47f..298655e181 100644
--- a/source3/lib/sharesec.c
+++ b/source3/lib/sharesec.c
@@ -124,7 +124,7 @@ static bool share_info_db_init(void)
 
 SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def_access)
 {
-	SEC_ACCESS sa;
+	uint32_t sa;
 	SEC_ACE ace;
 	SEC_ACL *psa = NULL;
 	SEC_DESC *psd = NULL;
@@ -132,7 +132,7 @@ SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def
 
 	se_map_generic(&spec_access, &file_generic_mapping);
 
-	init_sec_access(&sa, def_access | spec_access );
+	sa = (def_access | spec_access );
 	init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
 
 	if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) {
@@ -332,7 +332,7 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd)
 	}
 
 	for (i = 0; i < num_aces; i++) {
-		SEC_ACCESS sa;
+		uint32_t sa;
 		uint32 g_access;
 		uint32 s_access;
 		DOM_SID sid;
@@ -380,7 +380,7 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd)
 		pacl++; /* Go past any ',' */
 
 		se_map_generic(&s_access, &file_generic_mapping);
-		init_sec_access(&sa, g_access | s_access );
+		sa = (g_access | s_access);
 		init_sec_ace(&ace_list[i], &sid, type, sa, 0);
 	}
 
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index 87e70bb95b..7e461556b3 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -30,7 +30,7 @@ extern NT_USER_TOKEN anonymous_token;
 static uint32 check_ace(SEC_ACE *ace, const NT_USER_TOKEN *token, uint32 acc_desired, 
 			NTSTATUS *status)
 {
-	uint32 mask = ace->access_mask;
+	uint32_t mask = ace->access_mask;
 
 	/*
 	 * Inherit only is ignored.
@@ -176,6 +176,24 @@ void se_map_generic(uint32 *access_mask, const struct generic_mapping *mapping)
 	}
 }
 
+/* Map generic access rights to object specific rights for all the ACE's
+ * in a security_acl.
+ */
+
+void security_acl_map_generic(struct security_acl *sa,
+				const struct generic_mapping *mapping)
+{
+	unsigned int i;
+
+	if (!sa) {
+		return;
+	}
+
+	for (i = 0; i < sa->num_aces; i++) {
+		se_map_generic(&sa->aces[i].access_mask, mapping);
+	}
+}
+
 /* Map standard access rights to object specific rights.  This technique is
    used to give meaning to assigning read, write, execute and all access to
    objects.  Each type of object has its own mapping of standard to object
@@ -328,7 +346,6 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
 	DOM_SID act_sid;
 
 	SEC_ACE ace[3];
-	SEC_ACCESS mask;
 
 	SEC_ACL *psa = NULL;
 
@@ -339,13 +356,14 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
 	sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
 
 	/*basic access for every one*/
-	init_sec_access(&mask, GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ);
-	init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
+		GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ, 0);
 
 	/*full access for builtin aliases Administrators and Account Operators*/
-	init_sec_access(&mask, GENERIC_RIGHTS_SAM_ALL_ACCESS);
-	init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
-	init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+	init_sec_ace(&ace[1], &adm_sid,
+		SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0);
+	init_sec_ace(&ace[2], &act_sid,
+		SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0);
 
 	if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
 		return NT_STATUS_NO_MEMORY;