Put in intermediate version of new SAM system. It's not stable yet, code

might be ugly, etc - please don't blame me for anything but instead try to fix
the code :-). Compiling of the new sam system can be enabled with the
configure option --with-sam

Removing passdb/passgrp.c as it's unused
fix typo in utils/testparm.c
(This used to be commit 4b7de5ee236c043e6169f137992baf09a95c6f2c)

5 files changed, 2591 insertions, 0 deletions

diff --git a/source3/sam/account.c b/source3/sam/account.c
new file mode 100644
index 0000000000..1fec9966f6
--- /dev/null
+++ b/source3/sam/account.c
@@ -0,0 +1,301 @@
+/* 
+   Unix SMB/CIFS implementation.
+   Password and authentication handling
+   Copyright (C) Jeremy Allison 		1996-2001
+   Copyright (C) Luke Kenneth Casson Leighton 	1996-1998
+   Copyright (C) Gerald (Jerry) Carter		2000-2001
+   Copyright (C) Andrew Bartlett		2001-2002
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_PASSDB
+
+/************************************************************
+ Fill the SAM_USER_HANDLE with default values.
+ ***********************************************************/
+
+static void sam_fill_default_user(SAM_USER_HANDLE *user)
+{
+	ZERO_STRUCT(user->private); /* Don't touch the talloc context */
+
+        /* Don't change these timestamp settings without a good reason.
+           They are important for NT member server compatibility. */
+
+	user->private.init_flag		    = FLAG_SAM_UNINIT;
+
+	/* FIXME: We should actually call get_nt_time_max() or sthng 
+	 * here */
+	unix_to_nt_time(&(user->private.logoff_time),get_time_t_max());
+	unix_to_nt_time(&(user->private.kickoff_time),get_time_t_max());
+	unix_to_nt_time(&(user->private.pass_must_change_time),get_time_t_max());
+	user->private.unknown_1 = 0x00ffffff; 	/* don't know */
+	user->private.logon_divs = 168; 	/* hours per week */
+	user->private.hours_len = 21; 		/* 21 times 8 bits = 168 */
+	memset(user->private.hours, 0xff, user->private.hours_len); /* available at all hours */
+	user->private.unknown_2 = 0x00000000; /* don't know */
+	user->private.unknown_3 = 0x000004ec; /* don't know */
+}	
+
+static void destroy_sam_talloc(SAM_USER_HANDLE **user) 
+{
+	if (*user) {
+		talloc_destroy((*user)->mem_ctx);
+		*user = NULL;
+	}
+}
+
+
+/**********************************************************************
+ Alloc memory and initialises a SAM_USER_HANDLE on supplied mem_ctx.
+***********************************************************************/
+
+NTSTATUS sam_init_user_talloc(TALLOC_CTX *mem_ctx, SAM_USER_HANDLE **user)
+{
+	SMB_ASSERT(*user != NULL);
+
+	if (!mem_ctx) {
+		DEBUG(0,("sam_init_user_talloc: mem_ctx was NULL!\n"));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	*user=(SAM_USER_HANDLE *)talloc(mem_ctx, sizeof(SAM_USER_HANDLE));
+
+	if (*user==NULL) {
+		DEBUG(0,("sam_init_user_talloc: error while allocating memory\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	(*user)->mem_ctx = mem_ctx;
+
+	(*user)->free_fn = NULL;
+
+	sam_fill_default_user(*user);
+	
+	return NT_STATUS_OK;
+}
+
+
+/*************************************************************
+ Alloc memory and initialises a struct sam_passwd.
+ ************************************************************/
+
+NTSTATUS sam_init_user(SAM_USER_HANDLE **user)
+{
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS nt_status;
+	
+	mem_ctx = talloc_init_named("passdb internal SAM_USER_HANDLE allocation");
+
+	if (!mem_ctx) {
+		DEBUG(0,("sam_init_user: error while doing talloc_init()\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = sam_init_user_talloc(mem_ctx, user))) {
+		talloc_destroy(mem_ctx);
+		return nt_status;
+	}
+	
+	(*user)->free_fn = destroy_sam_talloc;
+
+	return NT_STATUS_OK;
+}
+
+/**
+ * Free the contets of the SAM_USER_HANDLE, but not the structure.
+ *
+ * Also wipes the LM and NT hashes and plaintext passwrod from 
+ * memory.
+ *
+ * @param user SAM_USER_HANDLE to free members of.
+ **/
+
+static void sam_free_user_contents(SAM_USER_HANDLE *user)
+{
+
+	/* Kill off sensitive data.  Free()ed by the
+	   talloc mechinism */
+
+	data_blob_clear_free(&(user->private.lm_pw));
+	data_blob_clear_free(&(user->private.nt_pw));
+	data_blob_clear_free(&(user->private.plaintext_pw));
+}
+
+
+/************************************************************
+ Reset the SAM_USER_HANDLE and free the NT/LM hashes.
+ ***********************************************************/
+
+NTSTATUS sam_reset_sam(SAM_USER_HANDLE *user)
+{
+	SMB_ASSERT(user != NULL);
+	
+	sam_free_user_contents(user);
+
+	sam_fill_default_user(user);
+
+	return NT_STATUS_OK;
+}
+
+
+/************************************************************
+ Free the SAM_USER_HANDLE and the member pointers.
+ ***********************************************************/
+
+NTSTATUS sam_free_user(SAM_USER_HANDLE **user)
+{
+	SMB_ASSERT(*user != NULL);
+
+	sam_free_user_contents(*user);
+	
+	if ((*user)->free_fn) {
+		(*user)->free_fn(user);
+	}
+
+	return NT_STATUS_OK;	
+}
+
+
+/**********************************************************
+ Encode the account control bits into a string.
+ length = length of string to encode into (including terminating
+ null). length *MUST BE MORE THAN 2* !
+ **********************************************************/
+
+char *sam_encode_acct_ctrl(uint16 acct_ctrl, size_t length)
+{
+	static fstring acct_str;
+	size_t i = 0;
+
+	acct_str[i++] = '[';
+
+	if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N';
+	if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D';
+	if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H';
+	if (acct_ctrl & ACB_TEMPDUP  ) acct_str[i++] = 'T'; 
+	if (acct_ctrl & ACB_NORMAL   ) acct_str[i++] = 'U';
+	if (acct_ctrl & ACB_MNS      ) acct_str[i++] = 'M';
+	if (acct_ctrl & ACB_WSTRUST  ) acct_str[i++] = 'W';
+	if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S';
+	if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L';
+	if (acct_ctrl & ACB_PWNOEXP  ) acct_str[i++] = 'X';
+	if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I';
+
+	for ( ; i < length - 2 ; i++ )
+		acct_str[i] = ' ';
+
+	i = length - 2;
+	acct_str[i++] = ']';
+	acct_str[i++] = '\0';
+
+	return acct_str;
+}     
+
+/**********************************************************
+ Decode the account control bits from a string.
+ **********************************************************/
+
+uint16 sam_decode_acct_ctrl(const char *p)
+{
+	uint16 acct_ctrl = 0;
+	BOOL finished = False;
+
+	/*
+	 * Check if the account type bits have been encoded after the
+	 * NT password (in the form [NDHTUWSLXI]).
+	 */
+
+	if (*p != '[')
+		return 0;
+
+	for (p++; *p && !finished; p++) {
+		switch (*p) {
+			case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ }
+			case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ }
+			case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ }
+			case 'T': { acct_ctrl |= ACB_TEMPDUP  ; break; /* 'T'emp account. */ } 
+			case 'U': { acct_ctrl |= ACB_NORMAL   ; break; /* 'U'ser account (normal). */ } 
+			case 'M': { acct_ctrl |= ACB_MNS      ; break; /* 'M'NS logon user account. What is this ? */ } 
+			case 'W': { acct_ctrl |= ACB_WSTRUST  ; break; /* 'W'orkstation account. */ } 
+			case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ } 
+			case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ } 
+			case 'X': { acct_ctrl |= ACB_PWNOEXP  ; break; /* No 'X'piry on password */ } 
+			case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ }
+            case ' ': { break; }
+			case ':':
+			case '\n':
+			case '\0': 
+			case ']':
+			default:  { finished = True; }
+		}
+	}
+
+	return acct_ctrl;
+}
+
+/*************************************************************
+ Routine to set 32 hex password characters from a 16 byte array.
+**************************************************************/
+
+void sam_sethexpwd(char *p, const unsigned char *pwd, uint16 acct_ctrl)
+{
+	if (pwd != NULL) {
+		int i;
+		for (i = 0; i < 16; i++)
+			slprintf(&p[i*2], 3, "%02X", pwd[i]);
+	} else {
+		if (acct_ctrl & ACB_PWNOTREQ)
+			safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
+		else
+			safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
+	}
+}
+
+/*************************************************************
+ Routine to get the 32 hex characters and turn them
+ into a 16 byte array.
+**************************************************************/
+
+BOOL sam_gethexpwd(const char *p, unsigned char *pwd)
+{
+	int i;
+	unsigned char   lonybble, hinybble;
+	char           *hexchars = "0123456789ABCDEF";
+	char           *p1, *p2;
+	
+	if (!p)
+		return (False);
+	
+	for (i = 0; i < 32; i += 2) {
+		hinybble = toupper(p[i]);
+		lonybble = toupper(p[i + 1]);
+
+		p1 = strchr(hexchars, hinybble);
+		p2 = strchr(hexchars, lonybble);
+
+		if (!p1 || !p2)
+			return (False);
+
+		hinybble = PTR_DIFF(p1, hexchars);
+		lonybble = PTR_DIFF(p2, hexchars);
+
+		pwd[i / 2] = (hinybble << 4) | lonybble;
+	}
+	return (True);
+}
diff --git a/source3/sam/get_set_domain.c b/source3/sam/get_set_domain.c
new file mode 100644
index 0000000000..49a63f9fae
--- /dev/null
+++ b/source3/sam/get_set_domain.c
@@ -0,0 +1,263 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SAM_DOMAIN access routines
+   Copyright (C) Luke Kenneth Casson Leighton 	1996-1998
+   Copyright (C) Andrew Bartlett			2002
+   Copyright (C) Stefan (metze) Metzmacher	2002
+   Copyright (C) Jelmer Vernooij 			2002
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_SAM
+
+NTSTATUS sam_get_domain_sid(SAM_DOMAIN_HANDLE *domain, DOM_SID **sid)
+{
+	if (!domain || !sid) return NT_STATUS_UNSUCCESSFUL;
+
+	*sid = &domain->private.sid;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_num_users(SAM_DOMAIN_HANDLE *domain, uint32 *num_users)
+{
+	if (!domain || !num_users)return NT_STATUS_UNSUCCESSFUL;
+
+	*num_users = domain->private.num_users;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_num_groups(SAM_DOMAIN_HANDLE *domain, uint32 *num_groups)
+{
+	if (!domain || !num_groups)return NT_STATUS_UNSUCCESSFUL;
+
+	*num_groups = domain->private.num_groups;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_num_aliases(SAM_DOMAIN_HANDLE *domain, uint32 *num_aliases)
+{
+	if (!domain || !num_aliases)return NT_STATUS_UNSUCCESSFUL;
+
+	*num_aliases = domain->private.num_aliases;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_name(SAM_DOMAIN_HANDLE *domain, char **domain_name)
+{
+	if (!domain || !domain_name)return NT_STATUS_UNSUCCESSFUL;
+
+	*domain_name = domain->private.name;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_domain_name(SAM_DOMAIN_HANDLE *domain, char *domain_name)
+{
+	if (!domain)return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.name = talloc_strdup(domain->mem_ctx, domain_name);
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_server(SAM_DOMAIN_HANDLE *domain, char **server_name)
+{
+	if (!domain || !server_name)return NT_STATUS_UNSUCCESSFUL;
+
+	*server_name = domain->private.servername;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_domain_server(SAM_DOMAIN_HANDLE *domain, char *server_name)
+{
+	if (!domain)return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.servername = talloc_strdup(domain->mem_ctx, server_name);
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *max_passwordage)
+{
+	if (!domain || !max_passwordage)return NT_STATUS_UNSUCCESSFUL;
+
+	*max_passwordage = domain->private.max_passwordage;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *min_passwordage)
+{
+	if (!domain || !min_passwordage)return NT_STATUS_UNSUCCESSFUL;
+
+	*min_passwordage = domain->private.min_passwordage;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME *lockout_duration)
+{
+	if (!domain || !lockout_duration)return NT_STATUS_UNSUCCESSFUL;
+
+	*lockout_duration = domain->private.lockout_duration;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME *reset_lockout_count)
+{
+	if (!domain || !reset_lockout_count)return NT_STATUS_UNSUCCESSFUL;
+	
+	*reset_lockout_count = domain->private.reset_count;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 *min_passwordlength)
+{
+	if (!domain || !min_passwordlength)return NT_STATUS_UNSUCCESSFUL;
+
+	*min_passwordlength = domain->private.min_passwordlength;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 *password_history)
+{
+	if (!domain || !password_history)return NT_STATUS_UNSUCCESSFUL;
+
+	*password_history = domain->private.password_history;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 *lockout_count)
+{
+	if (!domain || !lockout_count)return NT_STATUS_UNSUCCESSFUL;
+
+	*lockout_count = domain->private.lockout_count;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL *force_logoff)
+{
+	if (!domain || !force_logoff)return NT_STATUS_UNSUCCESSFUL;
+
+	*force_logoff = domain->private.force_logoff;
+
+	return NT_STATUS_OK;
+}
+
+
+NTSTATUS sam_get_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL *login_pwdchange)
+{
+	if (!domain || !login_pwdchange)return NT_STATUS_UNSUCCESSFUL;
+
+	*login_pwdchange = domain->private.login_pwdchange;
+
+	return NT_STATUS_OK;
+}
+
+/* Set */
+
+NTSTATUS sam_set_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME max_passwordage)
+{
+	if (!domain)return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.max_passwordage = max_passwordage;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME min_passwordage)
+{
+	if (!domain)return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.min_passwordage = min_passwordage;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME lockout_duration)
+{
+	if (!domain)return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.lockout_duration = lockout_duration;
+
+	return NT_STATUS_OK;
+}
+NTSTATUS sam_set_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME reset_lockout_count)
+{
+	if (!domain)return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.reset_count = reset_lockout_count;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 min_passwordlength)
+{
+	if (!domain)return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.min_passwordlength = min_passwordlength;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 password_history)
+{
+	if (!domain) return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.password_history = password_history;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 lockout_count)
+{
+	if (!domain)return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.lockout_count = lockout_count;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL force_logoff)
+{
+	if (!domain)return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.force_logoff = force_logoff;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL login_pwdchange)
+{
+	if (!domain) return NT_STATUS_UNSUCCESSFUL;
+
+	domain->private.login_pwdchange = login_pwdchange;
+
+	return NT_STATUS_OK;
+}
diff --git a/source3/sam/get_set_group.c b/source3/sam/get_set_group.c
new file mode 100644
index 0000000000..51f91ada82
--- /dev/null
+++ b/source3/sam/get_set_group.c
@@ -0,0 +1,123 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SAM_USER_HANDLE access routines
+   Copyright (C) Andrew Bartlett			2002
+   Copyright (C) Stefan (metze) Metzmacher	2002
+   Copyright (C) Jelmer Vernooij 			2002
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_SAM
+
+/* sam group get functions */
+
+NTSTATUS sam_get_group_sid(const SAM_GROUP_HANDLE *group, DOM_SID **sid)
+{
+	if (!group || !sid) return NT_STATUS_UNSUCCESSFUL;
+
+	*sid = &group->private.sid;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_group_typ(const SAM_GROUP_HANDLE *group, uint32 *typ)
+{
+	if (!group || !typ) return NT_STATUS_UNSUCCESSFUL;
+
+	*typ = group->private.flags;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_group_name(const SAM_GROUP_HANDLE *group, char **group_name)
+{
+	if (!group) return NT_STATUS_UNSUCCESSFUL;
+
+	*group_name = group->private.name;
+
+	return NT_STATUS_OK;
+
+}
+NTSTATUS sam_get_group_comment(const SAM_GROUP_HANDLE *group, char **comment)
+{
+	if (!group) return NT_STATUS_UNSUCCESSFUL;
+
+	*comment = group->private.comment;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_group_priv_set(const SAM_GROUP_HANDLE *group, PRIVILEGE_SET *priv_set)
+{
+	if (!group) return NT_STATUS_UNSUCCESSFUL;
+
+	*priv_set = group->private.privileges;
+
+	return NT_STATUS_OK;
+}
+
+/* sam group set functions */
+
+NTSTATUS sam_set_group_sid(SAM_GROUP_HANDLE *group, DOM_SID *sid)
+{
+	if (!group) return NT_STATUS_UNSUCCESSFUL;
+
+	if (!sid) ZERO_STRUCT(group->private.sid);
+	else sid_copy(&(group->private.sid), sid);
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_group_typ(SAM_GROUP_HANDLE *group, uint32 typ)
+{
+	if (!group) return NT_STATUS_UNSUCCESSFUL;
+
+	group->private.flags = typ;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_group_name(SAM_GROUP_HANDLE *group, char *group_name)
+{
+	if (!group) return NT_STATUS_UNSUCCESSFUL;
+
+	group->private.name = talloc_strdup(group->mem_ctx, group_name);
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_group_comment(SAM_GROUP_HANDLE *group, char *comment)
+{
+	if (!group) return NT_STATUS_UNSUCCESSFUL;
+
+	group->private.comment = talloc_strdup(group->mem_ctx, comment);
+
+	return NT_STATUS_OK;
+
+}
+
+NTSTATUS sam_set_group_priv_set(SAM_GROUP_HANDLE *group, PRIVILEGE_SET *priv_set)
+{
+	if (!group) return NT_STATUS_UNSUCCESSFUL;
+
+	if (!priv_set) ZERO_STRUCT(group->private.privileges);
+	else memcpy(&(group->private.privileges), priv_set, sizeof(PRIVILEGE_SET));
+
+	return NT_STATUS_OK;
+}
diff --git a/source3/sam/get_set_user.c b/source3/sam/get_set_user.c
new file mode 100644
index 0000000000..e58afe6880
--- /dev/null
+++ b/source3/sam/get_set_user.c
@@ -0,0 +1,903 @@
+/* 
+   Unix SMB/CIFS implementation.
+   SAM_USER_HANDLE access routines
+   Copyright (C) Andrew Bartlett			2002
+   Copyright (C) Stefan (metze) Metzmacher	2002
+   Copyright (C) Jelmer Vernooij 			2002
+      
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_SAM
+
+NTSTATUS sam_get_user_domain_sid (const SAM_USER_HANDLE *sampass, DOM_SID **sid)
+{
+	NTSTATUS status;
+	SAM_DOMAIN_HANDLE *domain;
+	if (!sampass || !sid) return NT_STATUS_UNSUCCESSFUL;
+
+	if (!NT_STATUS_IS_OK(status = sam_get_user_domain(sampass, &domain))){
+		DEBUG(0, ("sam_get_user_domain_sid: Can't get domain for user\n"));
+		return status;
+	}
+
+	return sam_get_domain_sid(domain, sid);
+}
+
+NTSTATUS sam_get_user_domain_name (const SAM_USER_HANDLE *sampass, char **domain_name)
+{
+	NTSTATUS status;
+	SAM_DOMAIN_HANDLE *domain;
+	if (!sampass || !domain_name) return NT_STATUS_UNSUCCESSFUL;
+
+	if (!NT_STATUS_IS_OK(status = sam_get_user_domain(sampass, &domain))){
+		DEBUG(0, ("sam_get_user_domain_name: Can't get domain for user\n"));
+		return status;
+	}
+
+	return sam_get_domain_name(domain, domain_name);
+}
+
+NTSTATUS sam_get_user_acct_ctrl (const SAM_USER_HANDLE *sampass, uint16 *acct_ctrl)
+{
+	if(!sampass || !acct_ctrl)return NT_STATUS_UNSUCCESSFUL;
+
+	*acct_ctrl = sampass->private.acct_ctrl;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_logon_time (const SAM_USER_HANDLE *sampass, NTTIME *logon_time)
+{
+	if(!sampass || !logon_time)return NT_STATUS_UNSUCCESSFUL;
+
+	*logon_time = sampass->private.logon_time;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_logoff_time (const SAM_USER_HANDLE *sampass, NTTIME *logoff_time)
+{
+	if(!sampass || !logoff_time)return NT_STATUS_UNSUCCESSFUL;
+
+	*logoff_time = sampass->private.logoff_time;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_kickoff_time (const SAM_USER_HANDLE *sampass, NTTIME *kickoff_time)
+{
+	if (!sampass || !kickoff_time)return NT_STATUS_UNSUCCESSFUL;
+
+	*kickoff_time = sampass->private.kickoff_time;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_pass_last_set_time (const SAM_USER_HANDLE *sampass, NTTIME *pass_last_set_time)
+{
+	if (!sampass || !pass_last_set_time)return NT_STATUS_UNSUCCESSFUL;
+
+	*pass_last_set_time = sampass->private.pass_last_set_time;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_pass_can_change_time (const SAM_USER_HANDLE *sampass, NTTIME *pass_can_change_time)
+{
+	if (!sampass || !pass_can_change_time)return NT_STATUS_UNSUCCESSFUL;
+
+	*pass_can_change_time = sampass->private.pass_can_change_time;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_pass_must_change_time (const SAM_USER_HANDLE *sampass, NTTIME *pass_must_change_time)
+{
+	if (!sampass || !pass_must_change_time)return NT_STATUS_UNSUCCESSFUL;
+
+	*pass_must_change_time = sampass->private.pass_must_change_time;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_logon_divs (const SAM_USER_HANDLE *sampass, uint16 *logon_divs)
+{
+	if (!sampass || !logon_divs)return NT_STATUS_UNSUCCESSFUL;
+
+	*logon_divs = sampass->private.logon_divs;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_hours_len (const SAM_USER_HANDLE *sampass, uint32 *hours_len)
+{
+	if (!sampass || !hours_len)return NT_STATUS_UNSUCCESSFUL;
+
+	*hours_len = sampass->private.hours_len;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_hours (const SAM_USER_HANDLE *sampass, uint8 **hours)
+{
+	if (!sampass || !hours)return NT_STATUS_UNSUCCESSFUL;
+
+	*hours = sampass->private.hours;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_nt_pwd (const SAM_USER_HANDLE *sampass, DATA_BLOB *nt_pwd)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	SMB_ASSERT((!sampass->private.nt_pw.data) 
+		   || sampass->private.nt_pw.length == NT_HASH_LEN);
+
+	*nt_pwd = sampass->private.nt_pw;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_lm_pwd (const SAM_USER_HANDLE *sampass, DATA_BLOB *lm_pwd)
+{ 
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	SMB_ASSERT((!sampass->private.lm_pw.data) 
+		   || sampass->private.lm_pw.length == LM_HASH_LEN);
+
+	*lm_pwd = sampass->private.lm_pw;
+
+	return NT_STATUS_OK;
+}
+
+/* Return the plaintext password if known.  Most of the time
+   it isn't, so don't assume anything magic about this function.
+   
+   Used to pass the plaintext to sam backends that might 
+   want to store more than just the NTLM hashes.
+*/
+
+NTSTATUS sam_get_user_plaintext_pwd (const SAM_USER_HANDLE *sampass, DATA_BLOB **plain_pwd)
+{
+	if (!sampass || !plain_pwd)return NT_STATUS_UNSUCCESSFUL;
+
+	*plain_pwd = &(sampass->private.plaintext_pw);
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_sid(const SAM_USER_HANDLE *sampass, DOM_SID **sid)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*sid = &(sampass->private.user_sid);
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_pgroup(const SAM_USER_HANDLE *sampass, DOM_SID **sid)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*sid = &(sampass->private.group_sid);
+
+	return NT_STATUS_OK;
+}
+
+/**
+ * Get flags showing what is initalised in the SAM_USER_HANDLE
+ * @param sampass the SAM_USER_HANDLE in question
+ * @return the flags indicating the members initialised in the struct.
+ **/
+ 
+NTSTATUS sam_get_user_init_flag (const SAM_USER_HANDLE *sampass, uint32 *initflag)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*initflag = sampass->private.init_flag;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_name (const SAM_USER_HANDLE *sampass, char **username)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*username = sampass->private.username;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_domain (const SAM_USER_HANDLE *sampass, SAM_DOMAIN_HANDLE **domain)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*domain = sampass->private.domain;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_fullname (const SAM_USER_HANDLE *sampass, char **fullname)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*fullname = sampass->private.full_name;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_homedir (const SAM_USER_HANDLE *sampass, char **homedir)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*homedir = sampass->private.home_dir;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_unix_home_dir (const SAM_USER_HANDLE *sampass, char **uhomedir)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*uhomedir = sampass->private.unix_home_dir;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_dir_drive (const SAM_USER_HANDLE *sampass, char **dirdrive)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*dirdrive = sampass->private.dir_drive;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_logon_script (const SAM_USER_HANDLE *sampass, char **logon_script)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*logon_script = sampass->private.logon_script;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_profile_path (const SAM_USER_HANDLE *sampass, char **profile_path)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*profile_path = sampass->private.profile_path;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_description (const SAM_USER_HANDLE *sampass, char **description)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*description = sampass->private.acct_desc;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_workstations (const SAM_USER_HANDLE *sampass, char **workstations)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*workstations = sampass->private.workstations;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_unknown_str (const SAM_USER_HANDLE *sampass, char **unknown_str)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*unknown_str = sampass->private.unknown_str;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_munged_dial (const SAM_USER_HANDLE *sampass, char **munged_dial)
+{
+	if (!sampass)return NT_STATUS_UNSUCCESSFUL;
+
+	*munged_dial = sampass->private.munged_dial;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_unknown_1 (const SAM_USER_HANDLE *sampass, uint32 *unknown1)
+{
+	if (!sampass || !unknown1)return NT_STATUS_UNSUCCESSFUL;
+
+	*unknown1 = sampass->private.unknown_1;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_unknown_2 (const SAM_USER_HANDLE *sampass, uint32 *unknown2)
+{
+	if (!sampass || !unknown2)return NT_STATUS_UNSUCCESSFUL;
+
+	*unknown2 = sampass->private.unknown_2;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_get_user_unknown_3 (const SAM_USER_HANDLE *sampass, uint32 *unknown3)
+{
+	if (!sampass || !unknown3)return NT_STATUS_UNSUCCESSFUL;
+
+	*unknown3 = sampass->private.unknown_3;
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Collection of set...() functions for SAM_USER_HANDLE_INFO.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_acct_ctrl (SAM_USER_HANDLE *sampass, uint16 flags)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+		
+	sampass->private.acct_ctrl = flags;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_logon_time (SAM_USER_HANDLE *sampass, NTTIME mytime, BOOL store)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.logon_time = mytime;
+
+	if (store)
+		sam_set_user_init_flag(sampass, FLAG_SAM_LOGONTIME); 
+
+	return NT_STATUS_UNSUCCESSFUL;
+}
+
+NTSTATUS sam_set_user_logoff_time (SAM_USER_HANDLE *sampass, NTTIME mytime, BOOL store)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.logoff_time = mytime;
+
+	if (store)
+		sam_set_user_init_flag(sampass, FLAG_SAM_LOGOFFTIME); 
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_kickoff_time (SAM_USER_HANDLE *sampass, NTTIME mytime, BOOL store)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.kickoff_time = mytime;
+
+	if (store)
+		sam_set_user_init_flag(sampass, FLAG_SAM_KICKOFFTIME); 
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_pass_can_change_time (SAM_USER_HANDLE *sampass, NTTIME mytime, BOOL store)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.pass_can_change_time = mytime;
+
+	if (store)
+		sam_set_user_init_flag(sampass, FLAG_SAM_CANCHANGETIME); 
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_pass_must_change_time (SAM_USER_HANDLE *sampass, NTTIME mytime, BOOL store)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.pass_must_change_time = mytime;
+
+	if (store)
+		sam_set_user_init_flag(sampass, FLAG_SAM_MUSTCHANGETIME); 
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_pass_last_set_time (SAM_USER_HANDLE *sampass, NTTIME mytime)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.pass_last_set_time = mytime;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_hours_len (SAM_USER_HANDLE *sampass, uint32 len)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.hours_len = len;
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_logon_divs (SAM_USER_HANDLE *sampass, uint16 hours)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.logon_divs = hours;
+	return NT_STATUS_OK;
+}
+
+/**
+ * Set flags showing what is initalised in the SAM_USER_HANDLE
+ * @param sampass the SAM_USER_HANDLE in question
+ * @param flag The *new* flag to be set.  Old flags preserved
+ *             this flag is only added.  
+ **/
+ 
+NTSTATUS sam_set_user_init_flag (SAM_USER_HANDLE *sampass, uint32 flag)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.init_flag |= flag;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_sid (SAM_USER_HANDLE *sampass, DOM_SID *u_sid)
+{
+	if (!sampass || !u_sid)
+		return NT_STATUS_UNSUCCESSFUL;
+	
+	sid_copy(&sampass->private.user_sid, u_sid);
+
+	DEBUG(10, ("sam_set_user_sid: setting user sid %s\n", 
+		    sid_string_static(&sampass->private.user_sid)));
+	
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_sid_from_string (SAM_USER_HANDLE *sampass, fstring u_sid)
+{
+	DOM_SID new_sid;
+	if (!sampass || !u_sid)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10, ("sam_set_user_sid_from_string: setting user sid %s\n",
+		   u_sid));
+
+	if (!string_to_sid(&new_sid, u_sid)) { 
+		DEBUG(1, ("sam_set_user_sid_from_string: %s isn't a valid SID!\n", u_sid));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	 
+	if (!NT_STATUS_IS_OK(sam_set_user_sid(sampass, &new_sid))) {
+		DEBUG(1, ("sam_set_user_sid_from_string: could not set sid %s on SAM_USER_HANDLE!\n", u_sid));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_pgroup_sid (SAM_USER_HANDLE *sampass, DOM_SID *g_sid)
+{
+	if (!sampass || !g_sid)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sid_copy(&sampass->private.group_sid, g_sid);
+
+	DEBUG(10, ("sam_set_group_sid: setting group sid %s\n", 
+		    sid_string_static(&sampass->private.group_sid)));
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_pgroup_string (SAM_USER_HANDLE *sampass, fstring g_sid)
+{
+	DOM_SID new_sid;
+	if (!sampass || !g_sid)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10, ("sam_set_group_sid_from_string: setting group sid %s\n",
+		   g_sid));
+
+	if (!string_to_sid(&new_sid, g_sid)) { 
+		DEBUG(1, ("sam_set_group_sid_from_string: %s isn't a valid SID!\n", g_sid));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	 
+	if (!NT_STATUS_IS_OK(sam_set_user_pgroup_sid(sampass, &new_sid))) {
+		DEBUG(1, ("sam_set_group_sid_from_string: could not set sid %s on SAM_USER_HANDLE!\n", g_sid));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the domain name.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_domain(SAM_USER_HANDLE *sampass, SAM_DOMAIN_HANDLE *domain)
+{	
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.domain = domain;
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's NT name.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_username(SAM_USER_HANDLE *sampass, const char *nt_username)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10, ("sam_set_user_username: setting nt username %s, was %s\n", nt_username, sampass->private.username));
+
+	sampass->private.username = talloc_strdup(sampass->mem_ctx, nt_username);
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's full name.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_fullname(SAM_USER_HANDLE *sampass, const char *full_name)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10, ("sam_set_user_fullname: setting full name %s, was %s\n", full_name, sampass->private.full_name));
+
+	sampass->private.full_name = talloc_strdup(sampass->mem_ctx, full_name);
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's logon script.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_logon_script(SAM_USER_HANDLE *sampass, const char *logon_script, BOOL store)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10, ("sam_set_logon_script: from %s to %s\n", logon_script, sampass->private.logon_script));
+
+	sampass->private.logon_script = talloc_strdup(sampass->mem_ctx, logon_script);
+	
+	sam_set_user_init_flag(sampass, FLAG_SAM_LOGONSCRIPT);
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's profile path.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_profile_path (SAM_USER_HANDLE *sampass, const char *profile_path, BOOL store)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10, ("sam_set_profile_path: setting profile path %s, was %s\n", profile_path, sampass->private.profile_path));
+ 
+	sampass->private.profile_path = talloc_strdup(sampass->mem_ctx, profile_path);
+		
+	if (store) {
+		DEBUG(10, ("sam_set_profile_path: setting profile path sam flag!\n"));
+		sam_set_user_init_flag(sampass, FLAG_SAM_PROFILE);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's directory drive.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_dir_drive (SAM_USER_HANDLE *sampass, const char *dir_drive, BOOL store)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10, ("sam_set_dir_drive: setting dir drive %s, was %s\n", dir_drive,
+			sampass->private.dir_drive));
+ 
+	sampass->private.dir_drive = talloc_strdup(sampass->mem_ctx, dir_drive);
+		
+	if (store) {
+		DEBUG(10, ("sam_set_dir_drive: setting dir drive sam flag!\n"));
+		sam_set_user_init_flag(sampass, FLAG_SAM_DRIVE);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's home directory.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_homedir (SAM_USER_HANDLE *sampass, const char *home_dir, BOOL store)
+{
+	if (!sampass) return NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10, ("sam_set_homedir: setting home dir %s, was %s\n", home_dir,
+		sampass->private.home_dir));
+ 
+	sampass->private.home_dir = talloc_strdup(sampass->mem_ctx, home_dir);
+		
+	if (store) {
+		DEBUG(10, ("sam_set_homedir: setting home dir sam flag!\n"));
+		sam_set_user_init_flag(sampass, FLAG_SAM_SMBHOME);
+	}
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's unix home directory.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_unix_homedir (SAM_USER_HANDLE *sampass, const char *unix_home_dir)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10, ("sam_set_unix_homedir: setting home dir %s, was %s\n", unix_home_dir,
+		sampass->private.unix_home_dir));
+ 
+	sampass->private.unix_home_dir = talloc_strdup(sampass->mem_ctx, unix_home_dir);
+		
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's account description.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_acct_desc (SAM_USER_HANDLE *sampass, const char *acct_desc)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.acct_desc = talloc_strdup(sampass->mem_ctx, acct_desc);
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's workstation allowed list.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_workstations (SAM_USER_HANDLE *sampass, const char *workstations)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	DEBUG(10, ("sam_set_workstations: setting workstations %s, was %s\n", workstations,
+			sampass->private.workstations));
+ 
+	sampass->private.workstations = talloc_strdup(sampass->mem_ctx, workstations);
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's 'unknown_str', whatever the heck this actually is...
+ ********************************************************************/
+
+NTSTATUS sam_set_user_unknown_str (SAM_USER_HANDLE *sampass, const char *unknown_str)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.unknown_str = talloc_strdup(sampass->mem_ctx, unknown_str);
+		
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's dial string.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_munged_dial (SAM_USER_HANDLE *sampass, const char *munged_dial)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.munged_dial = talloc_strdup(sampass->mem_ctx, munged_dial);
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's NT hash.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_nt_pwd (SAM_USER_HANDLE *sampass, DATA_BLOB data)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.nt_pw = data;
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's LM hash.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_lm_pwd (SAM_USER_HANDLE *sampass, DATA_BLOB data)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.lm_pw = data;
+
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's plaintext password only (base procedure, see helper
+ below)
+ ********************************************************************/
+
+NTSTATUS sam_set_user_plaintext_pw_only (SAM_USER_HANDLE *sampass, DATA_BLOB data)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.plaintext_pw = data;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_unknown_1 (SAM_USER_HANDLE *sampass, uint32 unkn)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.unknown_1 = unkn;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_unknown_2 (SAM_USER_HANDLE *sampass, uint32 unkn)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.unknown_2 = unkn;
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_unknown_3 (SAM_USER_HANDLE *sampass, uint32 unkn)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	sampass->private.unknown_3 = unkn;
+	return NT_STATUS_OK;
+}
+
+NTSTATUS sam_set_user_hours (SAM_USER_HANDLE *sampass, const uint8 *hours)
+{
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+
+	if (!hours) {
+		memset ((char *)sampass->private.hours, 0, MAX_HOURS_LEN);
+		return NT_STATUS_OK;
+	}
+	
+	memcpy (sampass->private.hours, hours, MAX_HOURS_LEN);
+
+	return NT_STATUS_OK;
+}
+
+/* Helpful interfaces to the above */
+
+/*********************************************************************
+ Sets the last changed times and must change times for a normal
+ password change.
+ ********************************************************************/
+
+NTSTATUS sam_set_user_pass_changed_now (SAM_USER_HANDLE *sampass)
+{
+	uint32 expire;
+	NTTIME temptime;
+
+	if (!sampass)
+		return NT_STATUS_UNSUCCESSFUL;
+	
+	unix_to_nt_time(&temptime, time(NULL));
+	if (!NT_STATUS_IS_OK(sam_set_user_pass_last_set_time (sampass, temptime)))
+		return NT_STATUS_UNSUCCESSFUL;
+
+	if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire) 
+	    || (expire==(uint32)-1)) {
+
+		get_nttime_max(&temptime);
+		if (!NT_STATUS_IS_OK(sam_set_user_pass_must_change_time (sampass, temptime, False)))
+			return NT_STATUS_UNSUCCESSFUL;
+
+	} else {
+		/* FIXME: Add expire to temptime */
+		
+		if (!NT_STATUS_IS_OK(sam_get_user_pass_last_set_time(sampass,&temptime)) || !NT_STATUS_IS_OK(sam_set_user_pass_must_change_time (sampass, temptime,True)))
+			return NT_STATUS_UNSUCCESSFUL;
+	}
+	
+	return NT_STATUS_OK;
+}
+
+/*********************************************************************
+ Set the user's PLAINTEXT password.  Used as an interface to the above.
+ Also sets the last change time to NOW.
+ ********************************************************************/
+
+NTSTATUS sam_set_plaintext_passwd (SAM_USER_HANDLE *sampass, const char *plaintext)
+{
+	DATA_BLOB data;
+	uchar new_lanman_p16[16];
+	uchar new_nt_p16[16];
+
+	if (!sampass || !plaintext)
+		return NT_STATUS_UNSUCCESSFUL;
+	
+	nt_lm_owf_gen (plaintext, new_nt_p16, new_lanman_p16);
+
+	data = data_blob(new_nt_p16, 16);
+	if (!NT_STATUS_IS_OK(sam_set_user_nt_pwd (sampass, data)))
+		return NT_STATUS_UNSUCCESSFUL;
+
+	data = data_blob(new_lanman_p16, 16);
+
+	if (!NT_STATUS_IS_OK(sam_set_user_lm_pwd (sampass, data)))
+		return NT_STATUS_UNSUCCESSFUL;
+	
+	if (!NT_STATUS_IS_OK(sam_set_user_pass_changed_now (sampass)))
+		return NT_STATUS_UNSUCCESSFUL;
+
+	return NT_STATUS_OK;
+}
+
diff --git a/source3/sam/interface.c b/source3/sam/interface.c
new file mode 100644
index 0000000000..6adf213d27
--- /dev/null
+++ b/source3/sam/interface.c
@@ -0,0 +1,1001 @@
+/*
+   Unix SMB/CIFS implementation.
+   Password and authentication handling
+   Copyright (C) Andrew Bartlett			2002
+   Copyright (C) Jelmer Vernooij			2002
+   Copyright (C) Stefan (metze) Metzmacher	2002
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_SAM
+
+/** List of various built-in sam modules */
+
+const struct sam_init_function_entry builtin_sam_init_functions[] = {
+	{ NULL, NULL}
+};
+
+/* FIXME: wrapper functions : context_* */
+
+/******************************************************************
+  context_sam_* functions are used to link the external SAM interface
+  with the internal backends. These functions lookup the appropriate
+  backends for the domain and pass on to the function in sam_methods
+  in the selected backend
+ *******************************************************************/
+
+NTSTATUS sam_get_methods_by_sid(const struct sam_context *context, struct sam_methods **sam_method, const DOM_SID *domainsid)
+{
+	struct sam_methods *tmp_methods;
+
+	DEBUG(5,("sam_get_methods_by_sid: %d\n", __LINE__));
+
+	if ((!context) || (!context->methods))
+	{
+		DEBUG(2,("sam_get_methods_by_sid: invalid sam_context specified!\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	tmp_methods = context->methods;
+
+	while (tmp_methods)
+	{
+		if (sid_equal(domainsid, &tmp_methods->domain->private.sid))
+		{
+			(*sam_method) = tmp_methods;
+			return NT_STATUS_OK;
+		}
+		tmp_methods = tmp_methods->next;
+	}
+
+	DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", sid_string_static(domainsid)));
+
+	return NT_STATUS_NO_SUCH_DOMAIN;
+}
+
+NTSTATUS sam_get_methods_by_name(const struct sam_context *context, struct sam_methods **sam_method, const char *domainname)
+{
+	struct sam_methods *tmp_methods;
+
+	DEBUG(5,("sam_get_methods_by_name: %d\n", __LINE__));
+
+	if ((!context) || (!context->methods))
+	{
+		DEBUG(2,("sam_get_methods_by_sid: invalid sam_context specified!\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	tmp_methods = context->methods;
+
+	while (tmp_methods)
+	{
+		if (strcmp(domainname, tmp_methods->domain->private.name))
+		{
+			(*sam_method) = tmp_methods;
+			return NT_STATUS_OK;
+		}
+		tmp_methods = tmp_methods->next;
+	}
+
+	DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", domainname));
+
+	return NT_STATUS_NO_SUCH_DOMAIN;
+}
+
+NTSTATUS context_sam_get_sec_desc(const struct sam_context *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd)
+{
+	struct sam_methods *tmp_methods;
+//	DOM_SID            *domainsid;
+	NTSTATUS            nt_status;
+
+	DEBUG(5,("context_sam_get_sec_desc: %d\n", __LINE__));
+
+	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
+		DEBUG(4,("sam_get_methods_by_sid failed\n"));
+		return nt_status;
+	}
+
+	if (!tmp_methods->sam_get_sec_desc) {
+		DEBUG(3, ("context_sam_get_sec_desc: sam_methods of the domain did not specify sam_get_sec_desc\n"));
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_sec_desc(tmp_methods, access_token, sid, sd))) {
+		DEBUG(4,("context_sam_get_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname));
+		return nt_status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS context_sam_set_sec_desc(const struct sam_context *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd)
+{
+	struct sam_methods *tmp_methods;
+//	DOM_SID            *domainsid;
+	NTSTATUS            nt_status;
+
+	DEBUG(5,("context_sam_set_sec_desc: %d\n", __LINE__));
+
+	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
+		DEBUG(4,("sam_get_methods_by_sid failed\n"));
+		return nt_status;
+	}
+
+	if (!tmp_methods->sam_set_sec_desc) {
+		DEBUG(3, ("context_sam_set_sec_desc: sam_methods of the domain did not specify sam_set_sec_desc\n"));
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_set_sec_desc(tmp_methods, access_token, sid, sd))) {
+		DEBUG(4,("context_sam_set_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname));
+		return nt_status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+NTSTATUS context_sam_lookup_name(const struct sam_context *context, const NT_USER_TOKEN *access_token, const char *domain, const char *name, DOM_SID **sid, uint32 *type)
+{
+	struct sam_methods *tmp_methods;
+	NTSTATUS            nt_status;
+
+	DEBUG(5,("context_sam_lookup_name: %d\n", __LINE__));
+
+	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
+		DEBUG(4,("sam_get_methods_by_name failed\n"));
+		return nt_status;
+	}
+
+	if (!tmp_methods->sam_lookup_name) {
+		DEBUG(3, ("context_sam_lookup_name: sam_methods of the domain did not specify sam_lookup_name\n"));
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_name(tmp_methods, access_token, name, sid, type))) {
+		DEBUG(4,("context_sam_lookup_name for %s\\%s in backend %s failed\n",
+				 tmp_methods->domain->private.name, name, tmp_methods->backendname));
+		return nt_status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS context_sam_lookup_sid(const struct sam_context *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, char **name, uint32 *type)
+{
+	struct sam_methods *tmp_methods;
+	uint32             rid;
+	NTSTATUS            nt_status;
+	DOM_SID				domainsid;
+
+	DEBUG(5,("context_sam_lookup_sid: %d\n", __LINE__));
+
+	sid_copy(&domainsid, sid);
+	if (!sid_split_rid(&domainsid, &rid)) {
+		DEBUG(3,("context_sam_lookup_sid: failed to split the sid\n"));
+		return NT_STATUS_INVALID_SID;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
+		DEBUG(4,("sam_get_methods_by_sid failed\n"));
+		return nt_status;
+	}
+
+	if (!tmp_methods->sam_lookup_sid) {
+		DEBUG(3, ("context_sam_lookup_sid: sam_methods of the domain did not specify sam_lookup_sid\n"));
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_sid(tmp_methods, access_token, sid, name, type))) {
+		DEBUG(4,("context_sam_lookup_name for %s in backend %s failed\n",
+				 sid_string_static(sid), tmp_methods->backendname));
+		return nt_status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+NTSTATUS context_sam_update_domain(const struct sam_context *context, const SAM_DOMAIN_HANDLE *domain)
+{
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS context_sam_enum_domains(const struct sam_context *context, const NT_USER_TOKEN *access_token, int32 *domain_count, DOM_SID **domains, char ***domain_names)
+{
+	struct sam_methods *tmp_methods;
+	NTSTATUS            nt_status;
+
+	SEC_DESC            *sd;
+	size_t              sd_size;
+	uint32              acc_granted;
+	int                 i = 0;
+
+	DEBUG(5,("context_sam_enum_domains: %d\n", __LINE__));
+
+	if ((!context)|| (!context->methods)) {
+		DEBUG(2,("context_sam_enum_domains: invalid sam_context specified!\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
+		DEBUG(4,("samr_make_sam_obj_sd failed\n"));
+		return nt_status;
+	}
+
+	if (!se_access_check(sd, access_token, SAMR_ACCESS_ENUM_DOMAINS, &acc_granted, &nt_status)) {
+		DEBUG(3,("context_sam_enum_domains: ACCESS DENIED\n"));
+			return nt_status;
+	}
+
+	tmp_methods= context->methods;
+
+	while (tmp_methods)
+	{
+		(*domain_count)++;
+		tmp_methods= tmp_methods->next;
+	}
+
+	DEBUG(6,("context_sam_enum_domains: enumerating %d domains\n", (*domain_count)));
+
+	tmp_methods = context->methods;
+
+	if (((*domains) = malloc( sizeof(DOM_SID) * (*domain_count))) == NULL) {
+		DEBUG(0,("context_sam_enum_domains: Out of memory allocating domain list\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	if (((*domain_names) = malloc( sizeof(char*) * (*domain_count))) == NULL) {
+		DEBUG(0,("context_sam_enum_domains: Out of memory allocating domain list\n"));
+		SAFE_FREE((*domains));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	while (tmp_methods)
+	{
+
+		DEBUGADD(7,("    [%d] %s: %s\n", i, tmp_methods->domain->private.name, sid_string_static(&tmp_methods->domain->private.sid)));
+		sid_copy(domains[i],&tmp_methods->domain->private.sid);
+		if(asprintf(&(*domain_names[i]),"%s",tmp_methods->domain->private.name) < 0) {
+			DEBUG(0,("context_sam_enum_domains: asprintf failed"));
+			SAFE_FREE((*domains));
+			SAFE_FREE((*domain_names));
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		i++;
+		tmp_methods= tmp_methods->next;
+
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS context_sam_lookup_domain(const struct sam_context *context, const NT_USER_TOKEN *access_token, const char *domain, DOM_SID **domainsid)
+{
+	struct sam_methods *tmp_methods;
+	NTSTATUS            nt_status;
+
+	SEC_DESC           *sd;
+	size_t              sd_size;
+	uint32              acc_granted;
+
+	DEBUG(5,("context_sam_lookup_domain: %d\n", __LINE__));
+
+	if ((!context)|| (!context->methods)) {
+		DEBUG(2,("context_sam_lookup_domain: invalid sam_context specified!\n"));
+		return NT_STATUS_INVALID_PARAMETER;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
+		DEBUG(4,("samr_make_sam_obj_sd failed\n"));
+		return nt_status;
+	}
+
+	if (!se_access_check(sd, access_token, SAMR_ACCESS_OPEN_DOMAIN, &acc_granted, &nt_status)) {
+		DEBUG(3,("context_sam_lookup_domain: ACCESS DENIED\n"));
+			return nt_status;
+	}
+
+	tmp_methods= context->methods;
+
+	while (tmp_methods)
+	{
+		if (strcmp(domain, tmp_methods->domain->private.name) == 0) {
+			sid_copy((*domainsid), &tmp_methods->domain->private.sid);
+			return NT_STATUS_OK;
+		}
+		tmp_methods= tmp_methods->next;
+	}
+
+	return NT_STATUS_NO_SUCH_DOMAIN;
+}
+
+
+NTSTATUS context_sam_get_domain_by_sid(const struct sam_context *context, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain)
+{
+	struct sam_methods *tmp_methods;
+	NTSTATUS            nt_status;
+
+	DEBUG(5,("context_sam_get_domain_by_sid: %d\n", __LINE__));
+
+	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
+		DEBUG(4,("sam_get_methods_by_sid failed\n"));
+		return nt_status;
+	}
+
+	if (!tmp_methods->sam_get_domain_handle) {
+		DEBUG(3, ("context_sam_get_domain_by_sid: sam_methods of the domain did not specify sam_get_domain_handle\n"));
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_domain_handle(tmp_methods, access_token, access_desired, domain))) {
+		DEBUG(4,("context_sam_get_domain_by_sid for %s in backend %s failed\n",
+				 sid_string_static(domainsid), tmp_methods->backendname));
+		return nt_status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS context_sam_create_user(const struct sam_context *context, const NT_USER_TOKEN *access_token, const uint32 access_desired, DOM_SID *domainsid, SAM_USER_HANDLE **user)
+{
+	struct sam_methods *tmp_methods;
+	NTSTATUS            nt_status;
+
+	DEBUG(5,("context_sam_create_user: %d\n", __LINE__));
+
+	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
+		DEBUG(4,("sam_get_methods_by_sid failed\n"));
+		return nt_status;
+	}
+
+	if (!tmp_methods->sam_create_user) {
+		DEBUG(3, ("context_sam_create_user: sam_methods of the domain did not specify sam_create_user\n"));
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_user(tmp_methods, access_token, access_desired, user))) {
+		DEBUG(4,("context_sam_create_user in backend %s failed\n",
+				 tmp_methods->backendname));
+		return nt_status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS context_sam_add_user(const struct sam_context *context, const SAM_USER_HANDLE *user)
+{
+	DOM_SID		domainsid;
+	DOM_SID		*usersid;
+	struct sam_methods *tmp_methods;
+	uint32		rid;
+	NTSTATUS status;
+
+	if (!NT_STATUS_IS_OK(status = sam_get_user_sid(user, &usersid))) {
+		DEBUG(0,("Can't get user SID\n"));
+		return status;
+	}
+
+	sid_copy(&domainsid, usersid);
+	if (!sid_split_rid(&domainsid, &rid)) {
+		DEBUG(3,("context_sam_get_user_by_sid: failed to split the sid\n"));
+		return NT_STATUS_INVALID_SID;
+	}
+
+	if (!NT_STATUS_IS_OK(status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
+		DEBUG(4,("sam_get_methods_by_sid failed\n"));
+		return status;
+	}
+
+	if (!tmp_methods->sam_add_user) {
+		DEBUG(3, ("context_sam_add_user: sam_methods of the domain did not specify sam_add_user\n"));
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (!NT_STATUS_IS_OK(status = tmp_methods->sam_add_user(tmp_methods, user))){
+		DEBUG(4,("context_sam_add_user in backend %s failed\n",
+				 tmp_methods->backendname));
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS context_sam_update_user(const struct sam_context *context, const SAM_USER_HANDLE *user)
+{
+	DOM_SID		domainsid;
+	struct sam_methods *tmp_methods;
+	DOM_SID		*usersid;
+	uint32		rid;
+	NTSTATUS status;
+
+	if (!NT_STATUS_IS_OK(status = sam_get_user_sid(user, &usersid))) {
+		DEBUG(0,("Can't get user SID\n"));
+		return status;
+	}
+
+	sid_copy(&domainsid, usersid);
+	if (!sid_split_rid(&domainsid, &rid)) {
+		DEBUG(3,("context_sam_get_user_by_sid: failed to split the sid\n"));
+		return NT_STATUS_INVALID_SID;
+	}
+
+	if (!NT_STATUS_IS_OK(status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
+		DEBUG(4,("sam_get_methods_by_sid failed\n"));
+		return status;
+	}
+	
+	if (!tmp_methods->sam_update_user) {
+		DEBUG(3, ("context_sam_update_user: sam_methods of the domain did not specify sam_update_user\n"));
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (!NT_STATUS_IS_OK(status = tmp_methods->sam_update_user(tmp_methods, user))){
+		DEBUG(4,("context_sam_update_user in backend %s failed\n",
+				 tmp_methods->backendname));
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS context_sam_delete_user(const struct sam_context *context, SAM_USER_HANDLE *user)
+{
+	DOM_SID		domainsid;
+	struct sam_methods *tmp_methods;
+	DOM_SID		*usersid;
+	uint32		rid;
+	NTSTATUS status;
+
+	if (!NT_STATUS_IS_OK(status = sam_get_user_sid(user, &usersid))) {
+		DEBUG(0,("Can't get user SID\n"));
+		return status;
+	}
+
+	sid_copy(&domainsid, usersid);
+	if (!sid_split_rid(&domainsid, &rid)) {
+		DEBUG(3,("context_sam_get_user_by_sid: failed to split the sid\n"));
+		return NT_STATUS_INVALID_SID;
+	}
+
+	if (!NT_STATUS_IS_OK(status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
+		DEBUG(4,("sam_get_methods_by_sid failed\n"));
+		return status;
+	}
+
+	if (!tmp_methods->sam_delete_user) {
+		DEBUG(3, ("context_sam_delete_user: sam_methods of the domain did not specify sam_delete_user\n"));
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (!NT_STATUS_IS_OK(status = tmp_methods->sam_delete_user(tmp_methods, user))){
+		DEBUG(4,("context_sam_delete_user in backend %s failed\n",
+				 tmp_methods->backendname));
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS context_sam_enum_users(const struct sam_context *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, int32 *user_count, SAM_USER_ENUM **users)
+{
+	struct sam_methods *tmp_methods;
+	NTSTATUS            nt_status;
+
+	DEBUG(5,("context_sam_enum_users: %d\n", __LINE__));
+
+	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
+		DEBUG(4,("sam_get_methods_by_sid failed\n"));
+		return nt_status;
+	}
+
+	if (!tmp_methods->sam_enum_users) {
+		DEBUG(3, ("context_sam_enum_users: sam_methods of the domain did not specify sam_enum_users\n"));
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_users(tmp_methods, access_token, user_count, users))) {
+		DEBUG(4,("context_sam_enum_users for domain %s in backend %s failed\n",
+				 tmp_methods->domain->private.name, tmp_methods->backendname));
+		return nt_status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+
+NTSTATUS context_sam_get_user_by_sid(const struct sam_context *context, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *usersid, SAM_USER_HANDLE **user)
+{
+	struct sam_methods *tmp_methods;
+	uint32              rid;
+	DOM_SID				domainsid;
+	NTSTATUS            nt_status;
+
+	DEBUG(5,("context_sam_get_user_by_sid: %d\n", __LINE__));
+
+	sid_copy(&domainsid, usersid);
+	if (!sid_split_rid(&domainsid, &rid)) {
+		DEBUG(3,("context_sam_get_user_by_sid: failed to split the sid\n"));
+		return NT_STATUS_INVALID_SID;
+	}
+
+
+	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
+		DEBUG(4,("sam_get_methods_by_sid failed\n"));
+		return nt_status;
+	}
+
+	if (!tmp_methods->sam_get_user_by_sid) {
+		DEBUG(3, ("context_sam_get_user_by_sid: sam_methods of the domain did not specify sam_get_user_by_sid\n"));
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_user_by_sid(tmp_methods, access_token, access_desired, usersid, user))) {
+		DEBUG(4,("context_sam_get_user_by_sid for %s in backend %s failed\n",
+				 sid_string_static(usersid), tmp_methods->backendname));
+		return nt_status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS context_sam_get_user_by_name(const struct sam_context *context, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *domain, const char *name, SAM_USER_HANDLE **user)
+{
+	struct sam_methods *tmp_methods;
+	NTSTATUS            nt_status;
+
+	DEBUG(5,("context_sam_get_user_by_name: %d\n", __LINE__));
+
+	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
+		DEBUG(4,("sam_get_methods_by_name failed\n"));
+		return nt_status;
+	}
+
+	if (!tmp_methods->sam_get_user_by_name) {
+		DEBUG(3, ("context_sam_get_user_by_name: sam_methods of the domain did not specify sam_get_user_by_name\n"));
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_user_by_name(tmp_methods, access_token, access_desired, name, user))) {
+		DEBUG(4,("context_sam_get_user_by_name for %s\\%s in backend %s failed\n",
+				 domain, name, tmp_methods->backendname));
+		return nt_status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS context_sam_create_group(const struct sam_context *context, const NT_USER_TOKEN *access_token, const uint32 access_desired, const uint32 type, DOM_SID *sid, SAM_GROUP_HANDLE **group)
+{
+	struct sam_methods *tmp_methods;
+	NTSTATUS            nt_status;
+
+	DEBUG(5,("context_sam_create_group: %d\n", __LINE__));
+
+	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
+		DEBUG(4,("sam_get_methods_by_sid failed\n"));
+		return nt_status;
+	}
+
+	if (!tmp_methods->sam_create_group) {
+		DEBUG(3, ("context_sam_create_group: sam_methods of the domain did not specify sam_create_group\n"));
+		return NT_STATUS_UNSUCCESSFUL; 
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_group(tmp_methods, access_token, access_desired, type, group))) {
+		DEBUG(4,("context_sam_create_group in backend %s failed\n",
+				 tmp_methods->backendname));
+		return nt_status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS context_sam_add_group(const struct sam_context *context, const SAM_GROUP_HANDLE *group)
+{
+	DOM_SID		domainsid;
+	DOM_SID		*groupsid;
+	struct sam_methods *tmp_methods;
+	uint32		rid;
+	NTSTATUS status;
+
+	if (!NT_STATUS_IS_OK(status = sam_get_group_sid(group, &groupsid))) {
+		DEBUG(0,("Can't get group SID\n"));
+		return status;
+	}
+
+	sid_copy(&domainsid, groupsid);
+	if (!sid_split_rid(&domainsid, &rid)) {
+		DEBUG(3,("context_sam_get_group_by_sid: failed to split the sid\n"));
+		return NT_STATUS_INVALID_SID;
+	}
+
+	if (!NT_STATUS_IS_OK(status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
+		DEBUG(4,("sam_get_methods_by_sid failed\n"));
+		return status;
+	}
+
+	if (!tmp_methods->sam_add_group) {
+		DEBUG(3, ("context_sam_add_group: sam_methods of the domain did not specify sam_add_group\n"));
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (!NT_STATUS_IS_OK(status = tmp_methods->sam_add_group(tmp_methods, group))){
+		DEBUG(4,("context_sam_add_group in backend %s failed\n",
+				 tmp_methods->backendname));
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS context_sam_update_group(const struct sam_context *context, const DOM_SID *domainsid, const SAM_GROUP_HANDLE *group)
+{
+	DOM_SID		domainsid;
+	DOM_SID		*groupsid;
+	struct sam_methods *tmp_methods;
+	uint32		rid;
+	NTSTATUS status;
+
+	if (!NT_STATUS_IS_OK(status = sam_get_group_sid(group, &groupsid))) {
+		DEBUG(0,("Can't get group SID\n"));
+		return status;
+	}
+
+	sid_copy(&domainsid, groupsid);
+	if (!sid_split_rid(&domainsid, &rid)) {
+		DEBUG(3,("context_sam_get_group_by_sid: failed to split the sid\n"));
+		return NT_STATUS_INVALID_SID;
+	}
+
+	if (!NT_STATUS_IS_OK(status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
+		DEBUG(4,("sam_get_methods_by_sid failed\n"));
+		return status;
+	}
+
+	if (!tmp_methods->sam_update_group) {
+		DEBUG(3, ("context_sam_update_group: sam_methods of the domain did not specify sam_update_group\n"));
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (!NT_STATUS_IS_OK(status = tmp_methods->sam_update_group(tmp_methods, group))){
+		DEBUG(4,("context_sam_update_group in backend %s failed\n",
+				 tmp_methods->backendname));
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS context_sam_delete_group(const struct sam_context *context, SAM_GROUP_HANDLE **groupsid)
+{
+	DOM_SID		domainsid;
+	struct sam_methods *tmp_methods;
+	DOM_SID		*groupsid;
+	uint32		rid;
+	NTSTATUS status;
+
+	if (!NT_STATUS_IS_OK(status = sam_get_group_sid(group, &groupsid))) {
+		DEBUG(0,("Can't get group SID\n"));
+		return status;
+	}
+
+	sid_copy(&domainsid, groupsid);
+	if (!sid_split_rid(&domainsid, &rid)) {
+		DEBUG(3,("context_sam_get_group_by_sid: failed to split the sid\n"));
+		return NT_STATUS_INVALID_SID;
+	}
+
+	if (!NT_STATUS_IS_OK(status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
+		DEBUG(4,("sam_get_methods_by_sid failed\n"));
+		return status;
+	}
+
+	if (!tmp_methods->sam_delete_group) {
+		DEBUG(3, ("context_sam_delete_group: sam_methods of the domain did not specify sam_delete_group\n"));
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (!NT_STATUS_IS_OK(status = tmp_methods->sam_delete_group(tmp_methods, group))){
+		DEBUG(4,("context_sam_delete_group in backend %s failed\n",
+				 tmp_methods->backendname));
+		return status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS context_sam_enum_groups(const struct sam_context *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, const uint32 type, uint32 *groups_count, SAM_GROUP_ENUM **groups)
+{
+	struct sam_methods *tmp_methods;
+	NTSTATUS            nt_status;
+
+	DEBUG(5,("context_sam_enum_groups: %d\n", __LINE__));
+
+	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
+		DEBUG(4,("sam_get_methods_by_sid failed\n"));
+		return nt_status;
+	}
+
+	if (!tmp_methods->sam_enum_users) {
+		DEBUG(3, ("context_sam_enum_groups: sam_methods of the domain did not specify sam_enum_groups\n"));
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groups(tmp_methods, access_token, type, groups_count, groups))) {
+		DEBUG(4,("context_sam_enum_groups for domain %s in backend %s failed\n",
+				 tmp_methods->domain->private.name, tmp_methods->backendname));
+		return nt_status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS context_sam_get_group_by_sid(const struct sam_context *context, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
+{
+	struct sam_methods *tmp_methods;
+	uint32              rid;
+	NTSTATUS            nt_status;
+	DOM_SID				domainsid;
+
+	DEBUG(5,("context_sam_get_group_by_sid: %d\n", __LINE__));
+
+	sid_copy(&domainsid, groupsid);
+	if (!sid_split_rid(&domainsid, &rid)) {
+		DEBUG(3,("context_sam_get_group_by_sid: failed to split the sid\n"));
+		return NT_STATUS_INVALID_SID;
+	}
+
+
+	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
+		DEBUG(4,("sam_get_methods_by_sid failed\n"));
+		return nt_status;
+	}
+
+	if (!tmp_methods->sam_get_group_by_sid) {
+		DEBUG(3, ("context_sam_get_group_by_sid: sam_methods of the domain did not specify sam_get_group_by_sid\n"));
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_sid(tmp_methods, access_token, access_desired, groupsid, group))) {
+		DEBUG(4,("context_sam_get_group_by_sid for %s in backend %s failed\n",
+				 sid_string_static(groupsid), tmp_methods->backendname));
+		return nt_status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS context_sam_get_group_by_name(const struct sam_context *context, const NT_USER_TOKEN *access_token, const uint32 access_desired, const char *domain, const char *name, SAM_GROUP_HANDLE **group)
+{
+	struct sam_methods *tmp_methods;
+	NTSTATUS            nt_status;
+
+	DEBUG(5,("context_sam_get_group_by_name: %d\n", __LINE__));
+
+	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
+		DEBUG(4,("sam_get_methods_by_name failed\n"));
+		return nt_status;
+	}
+
+	if (!tmp_methods->sam_get_group_by_name) {
+		DEBUG(3, ("context_sam_get_group_by_name: sam_methods of the domain did not specify sam_get_group_by_name\n"));
+		return NT_STATUS_NOT_IMPLEMENTED;
+	}
+
+	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_name(tmp_methods, access_token, access_desired, name, group))) {
+		DEBUG(4,("context_sam_get_group_by_name for %s\\%s in backend %s failed\n",
+				 domain, name, tmp_methods->backendname));
+		return nt_status;
+	}
+
+	return NT_STATUS_OK;
+}
+
+NTSTATUS context_sam_add_member_to_group(const struct sam_context *context, SAM_GROUP_HANDLE *group, SAM_GROUP_MEMBER *member)
+{
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+NTSTATUS context_sam_delete_member_from_group(const struct sam_context *context, SAM_GROUP_HANDLE *group, SAM_GROUP_MEMBER *member)
+{
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS context_sam_enum_groupmembers(const struct sam_context *context, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
+{
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS context_sam_get_groups_of_user(const struct sam_context *context, const SAM_USER_HANDLE *user, const uint32 type, uint32 *group_count, SAM_GROUP_ENUM **groups)
+{
+	return NT_STATUS_NOT_IMPLEMENTED;
+}
+
+
+/******************************************************************
+  Free and cleanup a sam context, any associated data and anything
+  that the attached modules might have associated.
+ *******************************************************************/
+
+void free_sam_context(struct sam_context **context)
+{
+	struct sam_methods *sam_selected = (*context)->methods;
+
+	while (sam_selected){
+		if (sam_selected->free_private_data) {
+			sam_selected->free_private_data(&(sam_selected->private_data));
+		}
+		sam_selected = sam_selected->next;
+	}
+
+	talloc_destroy((*context)->mem_ctx);
+	*context = NULL;
+}
+
+/******************************************************************
+  Make a sam_methods from scratch
+ *******************************************************************/
+
+NTSTATUS make_sam_context_list(struct sam_context **context, char **selected)
+{
+	int i = 0;
+	struct sam_methods *curmethods, *tmpmethods;
+	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+
+	if (!NT_STATUS_IS_OK(nt_status = make_sam_context(context))) {
+		return nt_status;
+	}                                                                           
+	while (selected[i]){
+		/* Try to initialise sam */
+		DEBUG(5,("Trying to load: %s\n", selected[i]));
+		if (!NT_STATUS_IS_OK(nt_status = make_sam_methods_name(&curmethods, *context, selected[i]))) {
+			DEBUG(1, ("Loading %s failed!\n", selected[i]));
+			free_sam_context(context);
+			return nt_status;
+		}
+		curmethods->parent = *context;
+		DLIST_ADD_END((*context)->methods, curmethods, tmpmethods);
+		i++;
+																	    }
+    return NT_STATUS_OK;
+}
+
+NTSTATUS make_sam_methods_name(struct sam_methods **methods, struct sam_context *context, const char *selected)
+{
+	char *module_name = smb_xstrdup(selected);
+	char *module_location = NULL, *p;
+	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
+	int i;
+
+	p = strchr(module_name, ':');
+
+	if (p) {
+		*p = 0;
+		module_location = p+1;
+		trim_string(module_location, " ", " ");
+	}
+
+	trim_string(module_name, " ", " ");
+
+	DEBUG(5,("Attempting to find an sam backend to match %s (%s)\n", selected, module_name));
+	for (i = 0; builtin_sam_init_functions[i].name; i++)
+	{
+		if (strequal(builtin_sam_init_functions[i].name, module_name))
+		{
+			DEBUG(5,("Found sam backend %s (at pos %d)\n", module_name, i));
+			nt_status = builtin_sam_init_functions[i].init(context, methods, module_location);
+			if (NT_STATUS_IS_OK(nt_status)) {
+				DEBUG(5,("sam backend %s has a valid init\n", selected));
+			} else {
+				DEBUG(0,("sam backend %s did not correctly init (error was %s)\n", selected, nt_errstr(nt_status)));
+			}
+			SAFE_FREE(module_name);
+			return nt_status;
+			break; /* unreached */
+		}
+	}
+
+	/* No such backend found */
+	SAFE_FREE(module_name);
+	return NT_STATUS_INVALID_PARAMETER;
+}
+
+/******************************************************************
+  Make a sam_context from scratch.
+ *******************************************************************/
+
+NTSTATUS make_sam_context(struct sam_context **context) 
+{
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_init_named("sam_context internal allocation context");
+
+	if (!mem_ctx) {
+		DEBUG(0, ("make_sam_context: talloc init failed!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}		
+
+	*context = talloc(mem_ctx, sizeof(**context));
+	if (!*context) {
+		DEBUG(0, ("make_sam_context: talloc failed!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ZERO_STRUCTP(*context);
+
+	(*context)->mem_ctx = mem_ctx;
+
+	/* FIXME */
+
+	(*context)->free_fn = free_sam_context;
+
+	return NT_STATUS_OK;
+}
+
+
+/******************************************************************
+  Return an already initialised sam_context, to facilitate backward 
+  compatibility (see functions below).
+ *******************************************************************/
+
+struct sam_context *sam_get_static_context(BOOL reload) 
+{
+	static struct sam_context *sam_context = NULL;
+
+	if ((sam_context) && (reload)) {
+		sam_context->free_fn(&sam_context);
+		if (!NT_STATUS_IS_OK(make_sam_context_list(&sam_context, lp_sam_backend()))) {
+			return NULL;
+		}
+	}
+
+	if (!sam_context) {
+		if (!NT_STATUS_IS_OK(make_sam_context_list(&sam_context, lp_sam_backend()))) {
+			return NULL;
+		}
+	}
+
+	return sam_context;
+}
+
+/***************************************************************
+  Initialize the static context (at smbd startup etc). 
+
+  If uninitialised, context will auto-init on first use.
+ ***************************************************************/
+
+BOOL initialize_sam(BOOL reload)
+{	
+	return (sam_get_static_context(reload) != NULL);
+}
+
+
+NTSTATUS make_sam_methods(TALLOC_CTX *mem_ctx, SAM_METHODS **methods) 
+{
+	*methods = talloc(mem_ctx, sizeof(struct sam_methods));
+
+	if (!*methods) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	ZERO_STRUCTP(*methods);
+
+	return NT_STATUS_OK;
+}