This commit includes part of the patch from metze posted to the list, and a few

of my own changes.

In particular:  I've added a SAM_ASSERT macro.  This expands to either
SMB_ASSERT() (which should help us track down bugs) or a return of
NT_STATUS_CHECK_FAIL.

Metze's changes are mostly to bring the code into line with current discussions
on things like adding users/groups, flags etc.

I've adjusted a fair bit of the 'const' in the SAM stuff.  Const is currently
used only for pointers, not for local variables or non-pointer paramters.  The
benifits and reasons for extending this further need discussion on
samba-technical.

Also, some of the 'context' paramters should not be const, to allow backend
modules to do fancy caching etc in them.

Andrew Bartlett
(This used to be commit e13bc432628a6131be082caedc75cd8a3d206e5a)

5 files changed, 179 insertions, 229 deletions

diff --git a/source3/sam/api.c b/source3/sam/api.c
index a941dcb0b9..5d850becce 100644
--- a/source3/sam/api.c
+++ b/source3/sam/api.c
@@ -120,7 +120,7 @@ NTSTATUS sam_get_domain_by_sid(const NT_USER_TOKEN *access_token, const uint32 a
 
 /* Account API */
 
-NTSTATUS sam_create_account(const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *domainsid, SAM_ACCOUNT_HANDLE **account)
+NTSTATUS sam_create_account(const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *domainsid, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
 {
 	SAM_CONTEXT *sam_context = sam_get_static_context(False);
 
@@ -128,7 +128,7 @@ NTSTATUS sam_create_account(const NT_USER_TOKEN *access_token, const uint32 acce
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	return sam_context->sam_create_account(sam_context, access_token, access_desired, domainsid, account);
+	return sam_context->sam_create_account(sam_context, access_token, access_desired, domainsid, account_name, acct_ctrl, account);
 }
 
 NTSTATUS sam_add_account(const DOM_SID *domainsid, const SAM_ACCOUNT_HANDLE *account)
@@ -164,7 +164,7 @@ NTSTATUS sam_delete_account(const SAM_ACCOUNT_HANDLE *account)
 	return sam_context->sam_delete_account(sam_context, account);
 }
 
-NTSTATUS sam_enum_accounts(const NT_USER_TOKEN *access_token, const DOM_SID *domain, int32 *account_count, SAM_ACCOUNT_ENUM **accounts)
+NTSTATUS sam_enum_accounts(const NT_USER_TOKEN *access_token, const DOM_SID *domain, uint16 acct_ctrl, uint32 *account_count, SAM_ACCOUNT_ENUM **accounts)
 {
 	SAM_CONTEXT *sam_context = sam_get_static_context(False);
 
@@ -172,7 +172,7 @@ NTSTATUS sam_enum_accounts(const NT_USER_TOKEN *access_token, const DOM_SID *dom
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	return sam_context->sam_enum_accounts(sam_context, access_token, domain, account_count, accounts);
+	return sam_context->sam_enum_accounts(sam_context, access_token, domain, acct_ctrl, account_count, accounts);
 }
 
 NTSTATUS sam_get_account_by_sid(const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account)
@@ -199,6 +199,17 @@ NTSTATUS sam_get_account_by_name(const NT_USER_TOKEN *access_token, const uint32
 
 /* Group API */
 
+NTSTATUS sam_create_group(const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *domainsid, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
+{
+	SAM_CONTEXT *sam_context = sam_get_static_context(False);
+
+	if (!sam_context) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
+	return sam_context->sam_create_group(sam_context, access_token, access_desired, domainsid, group_name, group_ctrl, group);
+}
+
 NTSTATUS sam_add_group(const DOM_SID *domainsid, const SAM_GROUP_HANDLE *group)
 {
 	SAM_CONTEXT *sam_context = sam_get_static_context(False);
@@ -232,7 +243,7 @@ NTSTATUS sam_delete_group(const SAM_GROUP_HANDLE *group)
 	return sam_context->sam_delete_group(sam_context, group);
 }
 
-NTSTATUS sam_enum_groups(const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, const uint32 type, uint32 *groups_count, SAM_GROUP_ENUM **groups)
+NTSTATUS sam_enum_groups(const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
 {
 	SAM_CONTEXT *sam_context = sam_get_static_context(False);
 
@@ -240,7 +251,7 @@ NTSTATUS sam_enum_groups(const NT_USER_TOKEN *access_token, const DOM_SID *domai
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	return sam_context->sam_enum_groups(sam_context, access_token, domainsid, type, groups_count, groups);
+	return sam_context->sam_enum_groups(sam_context, access_token, domainsid, group_ctrl, groups_count, groups);
 }
 
 NTSTATUS sam_get_group_by_sid(const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
@@ -298,7 +309,7 @@ NTSTATUS sam_enum_groupmembers(const SAM_GROUP_HANDLE *group, uint32 *members_co
 	return sam_context->sam_enum_groupmembers(sam_context, group, members_count, members);
 }
 
-NTSTATUS sam_get_groups_of_account(const SAM_ACCOUNT_HANDLE *account, const uint32 type, uint32 *group_count, SAM_GROUP_ENUM **groups)
+NTSTATUS sam_get_groups_of_sid(const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
 {
 	SAM_CONTEXT *sam_context = sam_get_static_context(False);
 
@@ -306,6 +317,6 @@ NTSTATUS sam_get_groups_of_account(const SAM_ACCOUNT_HANDLE *account, const uint
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	return sam_context->sam_get_groups_of_account(sam_context, account, type, group_count, groups);
+	return sam_context->sam_get_groups_of_sid(sam_context, access_token, sids, group_ctrl, group_count, groups);
 }
 
diff --git a/source3/sam/get_set_account.c b/source3/sam/get_set_account.c
index b0104fa1c3..7bbfe39e14 100644
--- a/source3/sam/get_set_account.c
+++ b/source3/sam/get_set_account.c
@@ -25,11 +25,11 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_SAM
 
-NTSTATUS sam_get_account_domain_sid(const SAM_ACCOUNT_HANDLE *sampass, DOM_SID **sid)
+NTSTATUS sam_get_account_domain_sid(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid)
 {
 	NTSTATUS status;
 	SAM_DOMAIN_HANDLE *domain;
-	if (!sampass || !sid) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(!sampass || !sid);
 
 	if (!NT_STATUS_IS_OK(status = sam_get_account_domain(sampass, &domain))){
 		DEBUG(0, ("sam_get_account_domain_sid: Can't get domain for account\n"));
@@ -39,11 +39,11 @@ NTSTATUS sam_get_account_domain_sid(const SAM_ACCOUNT_HANDLE *sampass, DOM_SID *
 	return sam_get_domain_sid(domain, sid);
 }
 
-NTSTATUS sam_get_account_domain_name(const SAM_ACCOUNT_HANDLE *sampass, char **domain_name)
+NTSTATUS sam_get_account_domain_name(const SAM_ACCOUNT_HANDLE *sampass, const char **domain_name)
 {
 	NTSTATUS status;
 	SAM_DOMAIN_HANDLE *domain;
-	if (!sampass || !domain_name) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass && domain_name);
 
 	if (!NT_STATUS_IS_OK(status = sam_get_account_domain(sampass, &domain))){
 		DEBUG(0, ("sam_get_account_domain_name: Can't get domain for account\n"));
@@ -55,7 +55,7 @@ NTSTATUS sam_get_account_domain_name(const SAM_ACCOUNT_HANDLE *sampass, char **d
 
 NTSTATUS sam_get_account_acct_ctrl(const SAM_ACCOUNT_HANDLE *sampass, uint16 *acct_ctrl)
 {
-	if(!sampass || !acct_ctrl) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass && acct_ctrl);
 
 	*acct_ctrl = sampass->private.acct_ctrl;
 
@@ -64,7 +64,7 @@ NTSTATUS sam_get_account_acct_ctrl(const SAM_ACCOUNT_HANDLE *sampass, uint16 *ac
 
 NTSTATUS sam_get_account_logon_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *logon_time)
 {
-	if(!sampass || !logon_time) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass && logon_time) ;
 
 	*logon_time = sampass->private.logon_time;
 
@@ -73,7 +73,7 @@ NTSTATUS sam_get_account_logon_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *l
 
 NTSTATUS sam_get_account_logoff_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *logoff_time)
 {
-	if(!sampass || !logoff_time) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass && logoff_time) ;
 
 	*logoff_time = sampass->private.logoff_time;
 
@@ -82,7 +82,7 @@ NTSTATUS sam_get_account_logoff_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *
 
 NTSTATUS sam_get_account_kickoff_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *kickoff_time)
 {
-	if (!sampass || !kickoff_time) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass && kickoff_time);
 
 	*kickoff_time = sampass->private.kickoff_time;
 
@@ -91,7 +91,7 @@ NTSTATUS sam_get_account_kickoff_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME
 
 NTSTATUS sam_get_account_pass_last_set_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_last_set_time)
 {
-	if (!sampass || !pass_last_set_time) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass && pass_last_set_time);
 
 	*pass_last_set_time = sampass->private.pass_last_set_time;
 
@@ -100,7 +100,7 @@ NTSTATUS sam_get_account_pass_last_set_time(const SAM_ACCOUNT_HANDLE *sampass, N
 
 NTSTATUS sam_get_account_pass_can_change_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_can_change_time)
 {
-	if (!sampass || !pass_can_change_time) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass && pass_can_change_time);
 
 	*pass_can_change_time = sampass->private.pass_can_change_time;
 
@@ -109,7 +109,7 @@ NTSTATUS sam_get_account_pass_can_change_time(const SAM_ACCOUNT_HANDLE *sampass,
 
 NTSTATUS sam_get_account_pass_must_change_time(const SAM_ACCOUNT_HANDLE *sampass, NTTIME *pass_must_change_time)
 {
-	if (!sampass || !pass_must_change_time) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass && pass_must_change_time);
 
 	*pass_must_change_time = sampass->private.pass_must_change_time;
 
@@ -118,7 +118,7 @@ NTSTATUS sam_get_account_pass_must_change_time(const SAM_ACCOUNT_HANDLE *sampass
 
 NTSTATUS sam_get_account_logon_divs(const SAM_ACCOUNT_HANDLE *sampass, uint16 *logon_divs)
 {
-	if (!sampass || !logon_divs) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass && logon_divs);
 
 	*logon_divs = sampass->private.logon_divs;
 
@@ -127,16 +127,16 @@ NTSTATUS sam_get_account_logon_divs(const SAM_ACCOUNT_HANDLE *sampass, uint16 *l
 
 NTSTATUS sam_get_account_hours_len(const SAM_ACCOUNT_HANDLE *sampass, uint32 *hours_len)
 {
-	if (!sampass || !hours_len) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass && hours_len);
 
 	*hours_len = sampass->private.hours_len;
 
 	return NT_STATUS_OK;
 }
 
-NTSTATUS sam_get_account_hours(const SAM_ACCOUNT_HANDLE *sampass, uint8 **hours)
+NTSTATUS sam_get_account_hours(const SAM_ACCOUNT_HANDLE *sampass, const uint8 **hours)
 {
-	if (!sampass || !hours) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass && hours);
 
 	*hours = sampass->private.hours;
 
@@ -145,7 +145,7 @@ NTSTATUS sam_get_account_hours(const SAM_ACCOUNT_HANDLE *sampass, uint8 **hours)
 
 NTSTATUS sam_get_account_nt_pwd(const SAM_ACCOUNT_HANDLE *sampass, DATA_BLOB *nt_pwd)
 {
-	if (!sampass) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	SMB_ASSERT((!sampass->private.nt_pw.data) 
 		   || sampass->private.nt_pw.length == NT_HASH_LEN);
@@ -157,7 +157,7 @@ NTSTATUS sam_get_account_nt_pwd(const SAM_ACCOUNT_HANDLE *sampass, DATA_BLOB *nt
 
 NTSTATUS sam_get_account_lm_pwd(const SAM_ACCOUNT_HANDLE *sampass, DATA_BLOB *lm_pwd)
 { 
-	if (!sampass) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	SMB_ASSERT((!sampass->private.lm_pw.data) 
 		   || sampass->private.lm_pw.length == LM_HASH_LEN);
@@ -176,25 +176,25 @@ NTSTATUS sam_get_account_lm_pwd(const SAM_ACCOUNT_HANDLE *sampass, DATA_BLOB *lm
 
 NTSTATUS sam_get_account_plaintext_pwd(const SAM_ACCOUNT_HANDLE *sampass, char **plain_pwd)
 {
-	if (!sampass || !plain_pwd) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass && plain_pwd);
 
 	*plain_pwd = sampass->private.plaintext_pw;
 
 	return NT_STATUS_OK;
 }
 
-NTSTATUS sam_get_account_sid(const SAM_ACCOUNT_HANDLE *sampass, DOM_SID **sid)
+NTSTATUS sam_get_account_sid(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid)
 {
-	if (!sampass) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	*sid = &(sampass->private.account_sid);
 
 	return NT_STATUS_OK;
 }
 
-NTSTATUS sam_get_account_pgroup(const SAM_ACCOUNT_HANDLE *sampass, DOM_SID **sid)
+NTSTATUS sam_get_account_pgroup(const SAM_ACCOUNT_HANDLE *sampass, const DOM_SID **sid)
 {
-	if (!sampass) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	*sid = &(sampass->private.group_sid);
 
@@ -209,7 +209,7 @@ NTSTATUS sam_get_account_pgroup(const SAM_ACCOUNT_HANDLE *sampass, DOM_SID **sid
  
 NTSTATUS sam_get_account_init_flag(const SAM_ACCOUNT_HANDLE *sampass, uint32 *initflag)
 {
-	if (!sampass) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	*initflag = sampass->private.init_flag;
 
@@ -218,7 +218,7 @@ NTSTATUS sam_get_account_init_flag(const SAM_ACCOUNT_HANDLE *sampass, uint32 *in
 
 NTSTATUS sam_get_account_name(const SAM_ACCOUNT_HANDLE *sampass, char **account_name)
 {
-	if (!sampass) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	*account_name = sampass->private.account_name;
 
@@ -227,7 +227,7 @@ NTSTATUS sam_get_account_name(const SAM_ACCOUNT_HANDLE *sampass, char **account_
 
 NTSTATUS sam_get_account_domain(const SAM_ACCOUNT_HANDLE *sampass, SAM_DOMAIN_HANDLE **domain)
 {
-	if (!sampass) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	*domain = sampass->private.domain;
 
@@ -236,7 +236,7 @@ NTSTATUS sam_get_account_domain(const SAM_ACCOUNT_HANDLE *sampass, SAM_DOMAIN_HA
 
 NTSTATUS sam_get_account_fullname(const SAM_ACCOUNT_HANDLE *sampass, char **fullname)
 {
-	if (!sampass) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	*fullname = sampass->private.full_name;
 
@@ -245,7 +245,7 @@ NTSTATUS sam_get_account_fullname(const SAM_ACCOUNT_HANDLE *sampass, char **full
 
 NTSTATUS sam_get_account_homedir(const SAM_ACCOUNT_HANDLE *sampass, char **homedir)
 {
-	if (!sampass) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	*homedir = sampass->private.home_dir;
 
@@ -254,7 +254,7 @@ NTSTATUS sam_get_account_homedir(const SAM_ACCOUNT_HANDLE *sampass, char **homed
 
 NTSTATUS sam_get_account_unix_home_dir(const SAM_ACCOUNT_HANDLE *sampass, char **uhomedir)
 {
-	if (!sampass) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	*uhomedir = sampass->private.unix_home_dir;
 
@@ -263,7 +263,7 @@ NTSTATUS sam_get_account_unix_home_dir(const SAM_ACCOUNT_HANDLE *sampass, char *
 
 NTSTATUS sam_get_account_dir_drive(const SAM_ACCOUNT_HANDLE *sampass, char **dirdrive)
 {
-	if (!sampass) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	*dirdrive = sampass->private.dir_drive;
 
@@ -272,7 +272,7 @@ NTSTATUS sam_get_account_dir_drive(const SAM_ACCOUNT_HANDLE *sampass, char **dir
 
 NTSTATUS sam_get_account_logon_script(const SAM_ACCOUNT_HANDLE *sampass, char **logon_script)
 {
-	if (!sampass) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	*logon_script = sampass->private.logon_script;
 
@@ -281,7 +281,7 @@ NTSTATUS sam_get_account_logon_script(const SAM_ACCOUNT_HANDLE *sampass, char **
 
 NTSTATUS sam_get_account_profile_path(const SAM_ACCOUNT_HANDLE *sampass, char **profile_path)
 {
-	if (!sampass) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	*profile_path = sampass->private.profile_path;
 
@@ -290,7 +290,7 @@ NTSTATUS sam_get_account_profile_path(const SAM_ACCOUNT_HANDLE *sampass, char **
 
 NTSTATUS sam_get_account_description(const SAM_ACCOUNT_HANDLE *sampass, char **description)
 {
-	if (!sampass) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	*description = sampass->private.acct_desc;
 
@@ -299,7 +299,7 @@ NTSTATUS sam_get_account_description(const SAM_ACCOUNT_HANDLE *sampass, char **d
 
 NTSTATUS sam_get_account_workstations(const SAM_ACCOUNT_HANDLE *sampass, char **workstations)
 {
-	if (!sampass) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	*workstations = sampass->private.workstations;
 
@@ -308,7 +308,7 @@ NTSTATUS sam_get_account_workstations(const SAM_ACCOUNT_HANDLE *sampass, char **
 
 NTSTATUS sam_get_account_unknown_str(const SAM_ACCOUNT_HANDLE *sampass, char **unknown_str)
 {
-	if (!sampass) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	*unknown_str = sampass->private.unknown_str;
 
@@ -317,7 +317,7 @@ NTSTATUS sam_get_account_unknown_str(const SAM_ACCOUNT_HANDLE *sampass, char **u
 
 NTSTATUS sam_get_account_munged_dial(const SAM_ACCOUNT_HANDLE *sampass, char **munged_dial)
 {
-	if (!sampass) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	*munged_dial = sampass->private.munged_dial;
 
@@ -326,7 +326,7 @@ NTSTATUS sam_get_account_munged_dial(const SAM_ACCOUNT_HANDLE *sampass, char **m
 
 NTSTATUS sam_get_account_unknown_1(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown1)
 {
-	if (!sampass || !unknown1) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass && unknown1);
 
 	*unknown1 = sampass->private.unknown_1;
 
@@ -335,7 +335,7 @@ NTSTATUS sam_get_account_unknown_1(const SAM_ACCOUNT_HANDLE *sampass, uint32 *un
 
 NTSTATUS sam_get_account_unknown_2(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown2)
 {
-	if (!sampass || !unknown2) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass && unknown2);
 
 	*unknown2 = sampass->private.unknown_2;
 
@@ -344,7 +344,7 @@ NTSTATUS sam_get_account_unknown_2(const SAM_ACCOUNT_HANDLE *sampass, uint32 *un
 
 NTSTATUS sam_get_account_unknown_3(const SAM_ACCOUNT_HANDLE *sampass, uint32 *unknown3)
 {
-	if (!sampass || !unknown3) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass && unknown3);
 
 	*unknown3 = sampass->private.unknown_3;
 
@@ -357,8 +357,7 @@ NTSTATUS sam_get_account_unknown_3(const SAM_ACCOUNT_HANDLE *sampass, uint32 *un
 
 NTSTATUS sam_set_account_acct_ctrl(SAM_ACCOUNT_HANDLE *sampass, uint16 flags)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 		
 	sampass->private.acct_ctrl = flags;
 
@@ -367,8 +366,7 @@ NTSTATUS sam_set_account_acct_ctrl(SAM_ACCOUNT_HANDLE *sampass, uint16 flags)
 
 NTSTATUS sam_set_account_logon_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	sampass->private.logon_time = mytime;
 
@@ -380,8 +378,7 @@ NTSTATUS sam_set_account_logon_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime,
 
 NTSTATUS sam_set_account_logoff_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	sampass->private.logoff_time = mytime;
 
@@ -393,8 +390,7 @@ NTSTATUS sam_set_account_logoff_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime,
 
 NTSTATUS sam_set_account_kickoff_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	sampass->private.kickoff_time = mytime;
 
@@ -406,8 +402,7 @@ NTSTATUS sam_set_account_kickoff_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime
 
 NTSTATUS sam_set_account_pass_can_change_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	sampass->private.pass_can_change_time = mytime;
 
@@ -419,8 +414,7 @@ NTSTATUS sam_set_account_pass_can_change_time(SAM_ACCOUNT_HANDLE *sampass, NTTIM
 
 NTSTATUS sam_set_account_pass_must_change_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime, BOOL store)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	sampass->private.pass_must_change_time = mytime;
 
@@ -432,8 +426,7 @@ NTSTATUS sam_set_account_pass_must_change_time(SAM_ACCOUNT_HANDLE *sampass, NTTI
 
 NTSTATUS sam_set_account_pass_last_set_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME mytime)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	sampass->private.pass_last_set_time = mytime;
 
@@ -442,8 +435,7 @@ NTSTATUS sam_set_account_pass_last_set_time(SAM_ACCOUNT_HANDLE *sampass, NTTIME
 
 NTSTATUS sam_set_account_hours_len(SAM_ACCOUNT_HANDLE *sampass, uint32 len)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	sampass->private.hours_len = len;
 	return NT_STATUS_OK;
@@ -451,8 +443,7 @@ NTSTATUS sam_set_account_hours_len(SAM_ACCOUNT_HANDLE *sampass, uint32 len)
 
 NTSTATUS sam_set_account_logon_divs(SAM_ACCOUNT_HANDLE *sampass, uint16 hours)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	sampass->private.logon_divs = hours;
 	return NT_STATUS_OK;
@@ -467,18 +458,16 @@ NTSTATUS sam_set_account_logon_divs(SAM_ACCOUNT_HANDLE *sampass, uint16 hours)
  
 NTSTATUS sam_set_account_init_flag(SAM_ACCOUNT_HANDLE *sampass, uint32 flag)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	sampass->private.init_flag |= flag;
 
 	return NT_STATUS_OK;
 }
 
-NTSTATUS sam_set_account_sid(SAM_ACCOUNT_HANDLE *sampass, DOM_SID *u_sid)
+NTSTATUS sam_set_account_sid(SAM_ACCOUNT_HANDLE *sampass, const DOM_SID *u_sid)
 {
-	if (!sampass || !u_sid)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass && u_sid);
 	
 	sid_copy(&sampass->private.account_sid, u_sid);
 
@@ -488,11 +477,10 @@ NTSTATUS sam_set_account_sid(SAM_ACCOUNT_HANDLE *sampass, DOM_SID *u_sid)
 	return NT_STATUS_OK;
 }
 
-NTSTATUS sam_set_account_sid_from_string(SAM_ACCOUNT_HANDLE *sampass, fstring u_sid)
+NTSTATUS sam_set_account_sid_from_string(SAM_ACCOUNT_HANDLE *sampass, const char *u_sid)
 {
 	DOM_SID new_sid;
-	if (!sampass || !u_sid)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass && u_sid);
 
 	DEBUG(10, ("sam_set_account_sid_from_string: setting account sid %s\n",
 		   u_sid));
@@ -510,10 +498,9 @@ NTSTATUS sam_set_account_sid_from_string(SAM_ACCOUNT_HANDLE *sampass, fstring u_
 	return NT_STATUS_OK;
 }
 
-NTSTATUS sam_set_account_pgroup_sid(SAM_ACCOUNT_HANDLE *sampass, DOM_SID *g_sid)
+NTSTATUS sam_set_account_pgroup_sid(SAM_ACCOUNT_HANDLE *sampass, const DOM_SID *g_sid)
 {
-	if (!sampass || !g_sid)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass && g_sid);
 
 	sid_copy(&sampass->private.group_sid, g_sid);
 
@@ -523,11 +510,10 @@ NTSTATUS sam_set_account_pgroup_sid(SAM_ACCOUNT_HANDLE *sampass, DOM_SID *g_sid)
 	return NT_STATUS_OK;
 }
 
-NTSTATUS sam_set_account_pgroup_string(SAM_ACCOUNT_HANDLE *sampass, fstring g_sid)
+NTSTATUS sam_set_account_pgroup_string(SAM_ACCOUNT_HANDLE *sampass, const char *g_sid)
 {
 	DOM_SID new_sid;
-	if (!sampass || !g_sid)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass && g_sid);
 
 	DEBUG(10, ("sam_set_group_sid_from_string: setting group sid %s\n",
 		   g_sid));
@@ -550,8 +536,7 @@ NTSTATUS sam_set_account_pgroup_string(SAM_ACCOUNT_HANDLE *sampass, fstring g_si
 
 NTSTATUS sam_set_account_domain(SAM_ACCOUNT_HANDLE *sampass, SAM_DOMAIN_HANDLE *domain)
 {	
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	sampass->private.domain = domain;
 
@@ -564,8 +549,7 @@ NTSTATUS sam_set_account_domain(SAM_ACCOUNT_HANDLE *sampass, SAM_DOMAIN_HANDLE *
 
 NTSTATUS sam_set_account_name(SAM_ACCOUNT_HANDLE *sampass, const char *account_name)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	DEBUG(10, ("sam_set_account_name: setting nt account_name %s, was %s\n", account_name, sampass->private.account_name));
 
@@ -580,8 +564,7 @@ NTSTATUS sam_set_account_name(SAM_ACCOUNT_HANDLE *sampass, const char *account_n
 
 NTSTATUS sam_set_account_fullname(SAM_ACCOUNT_HANDLE *sampass, const char *full_name)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	DEBUG(10, ("sam_set_account_fullname: setting full name %s, was %s\n", full_name, sampass->private.full_name));
 
@@ -596,8 +579,7 @@ NTSTATUS sam_set_account_fullname(SAM_ACCOUNT_HANDLE *sampass, const char *full_
 
 NTSTATUS sam_set_account_logon_script(SAM_ACCOUNT_HANDLE *sampass, const char *logon_script, BOOL store)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	DEBUG(10, ("sam_set_logon_script: from %s to %s\n", logon_script, sampass->private.logon_script));
 
@@ -614,8 +596,7 @@ NTSTATUS sam_set_account_logon_script(SAM_ACCOUNT_HANDLE *sampass, const char *l
 
 NTSTATUS sam_set_account_profile_path(SAM_ACCOUNT_HANDLE *sampass, const char *profile_path, BOOL store)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	DEBUG(10, ("sam_set_profile_path: setting profile path %s, was %s\n", profile_path, sampass->private.profile_path));
  
@@ -635,8 +616,7 @@ NTSTATUS sam_set_account_profile_path(SAM_ACCOUNT_HANDLE *sampass, const char *p
 
 NTSTATUS sam_set_account_dir_drive(SAM_ACCOUNT_HANDLE *sampass, const char *dir_drive, BOOL store)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	DEBUG(10, ("sam_set_dir_drive: setting dir drive %s, was %s\n", dir_drive,
 			sampass->private.dir_drive));
@@ -657,7 +637,7 @@ NTSTATUS sam_set_account_dir_drive(SAM_ACCOUNT_HANDLE *sampass, const char *dir_
 
 NTSTATUS sam_set_account_homedir(SAM_ACCOUNT_HANDLE *sampass, const char *home_dir, BOOL store)
 {
-	if (!sampass) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	DEBUG(10, ("sam_set_homedir: setting home dir %s, was %s\n", home_dir,
 		sampass->private.home_dir));
@@ -678,8 +658,7 @@ NTSTATUS sam_set_account_homedir(SAM_ACCOUNT_HANDLE *sampass, const char *home_d
 
 NTSTATUS sam_set_account_unix_homedir(SAM_ACCOUNT_HANDLE *sampass, const char *unix_home_dir)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	DEBUG(10, ("sam_set_unix_homedir: setting home dir %s, was %s\n", unix_home_dir,
 		sampass->private.unix_home_dir));
@@ -695,8 +674,7 @@ NTSTATUS sam_set_account_unix_homedir(SAM_ACCOUNT_HANDLE *sampass, const char *u
 
 NTSTATUS sam_set_account_acct_desc(SAM_ACCOUNT_HANDLE *sampass, const char *acct_desc)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	sampass->private.acct_desc = talloc_strdup(sampass->mem_ctx, acct_desc);
 
@@ -709,8 +687,7 @@ NTSTATUS sam_set_account_acct_desc(SAM_ACCOUNT_HANDLE *sampass, const char *acct
 
 NTSTATUS sam_set_account_workstations(SAM_ACCOUNT_HANDLE *sampass, const char *workstations)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	DEBUG(10, ("sam_set_workstations: setting workstations %s, was %s\n", workstations,
 			sampass->private.workstations));
@@ -726,8 +703,7 @@ NTSTATUS sam_set_account_workstations(SAM_ACCOUNT_HANDLE *sampass, const char *w
 
 NTSTATUS sam_set_account_unknown_str(SAM_ACCOUNT_HANDLE *sampass, const char *unknown_str)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	sampass->private.unknown_str = talloc_strdup(sampass->mem_ctx, unknown_str);
 		
@@ -740,8 +716,7 @@ NTSTATUS sam_set_account_unknown_str(SAM_ACCOUNT_HANDLE *sampass, const char *un
 
 NTSTATUS sam_set_account_munged_dial(SAM_ACCOUNT_HANDLE *sampass, const char *munged_dial)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	sampass->private.munged_dial = talloc_strdup(sampass->mem_ctx, munged_dial);
 	return NT_STATUS_OK;
@@ -751,10 +726,9 @@ NTSTATUS sam_set_account_munged_dial(SAM_ACCOUNT_HANDLE *sampass, const char *mu
  Set the account's NT hash.
  ********************************************************************/
 
-NTSTATUS sam_set_account_nt_pwd(SAM_ACCOUNT_HANDLE *sampass, DATA_BLOB data)
+NTSTATUS sam_set_account_nt_pwd(SAM_ACCOUNT_HANDLE *sampass, const DATA_BLOB data)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	sampass->private.nt_pw = data;
 
@@ -765,10 +739,9 @@ NTSTATUS sam_set_account_nt_pwd(SAM_ACCOUNT_HANDLE *sampass, DATA_BLOB data)
  Set the account's LM hash.
  ********************************************************************/
 
-NTSTATUS sam_set_account_lm_pwd(SAM_ACCOUNT_HANDLE *sampass, DATA_BLOB data)
+NTSTATUS sam_set_account_lm_pwd(SAM_ACCOUNT_HANDLE *sampass, const DATA_BLOB data)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	sampass->private.lm_pw = data;
 
@@ -782,8 +755,7 @@ NTSTATUS sam_set_account_lm_pwd(SAM_ACCOUNT_HANDLE *sampass, DATA_BLOB data)
 
 NTSTATUS sam_set_account_plaintext_pwd(SAM_ACCOUNT_HANDLE *sampass, const char *plain_pwd)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	sampass->private.plaintext_pw = talloc_strdup(sampass->mem_ctx, plain_pwd);
 
@@ -792,8 +764,7 @@ NTSTATUS sam_set_account_plaintext_pwd(SAM_ACCOUNT_HANDLE *sampass, const char *
 
 NTSTATUS sam_set_account_unknown_1(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	sampass->private.unknown_1 = unkn;
 
@@ -802,8 +773,7 @@ NTSTATUS sam_set_account_unknown_1(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn)
 
 NTSTATUS sam_set_account_unknown_2(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	sampass->private.unknown_2 = unkn;
 
@@ -812,8 +782,7 @@ NTSTATUS sam_set_account_unknown_2(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn)
 
 NTSTATUS sam_set_account_unknown_3(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	sampass->private.unknown_3 = unkn;
 	return NT_STATUS_OK;
@@ -821,8 +790,7 @@ NTSTATUS sam_set_account_unknown_3(SAM_ACCOUNT_HANDLE *sampass, uint32 unkn)
 
 NTSTATUS sam_set_account_hours(SAM_ACCOUNT_HANDLE *sampass, const uint8 *hours)
 {
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 
 	if (!hours) {
 		memset ((char *)sampass->private.hours, 0, MAX_HOURS_LEN);
@@ -846,8 +814,7 @@ NTSTATUS sam_set_account_pass_changed_now(SAM_ACCOUNT_HANDLE *sampass)
 	uint32 expire;
 	NTTIME temptime;
 
-	if (!sampass)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass);
 	
 	unix_to_nt_time(&temptime, time(NULL));
 	if (!NT_STATUS_IS_OK(sam_set_account_pass_last_set_time(sampass, temptime)))
@@ -881,8 +848,7 @@ NTSTATUS sam_set_account_passwd(SAM_ACCOUNT_HANDLE *sampass, const char *plainte
 	uchar new_lanman_p16[16];
 	uchar new_nt_p16[16];
 
-	if (!sampass || !plaintext)
-		return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(sampass && plaintext);
 	
 	nt_lm_owf_gen(plaintext, new_nt_p16, new_lanman_p16);
 
diff --git a/source3/sam/get_set_domain.c b/source3/sam/get_set_domain.c
index 8ca876524a..c70a4a3f09 100644
--- a/source3/sam/get_set_domain.c
+++ b/source3/sam/get_set_domain.c
@@ -25,9 +25,9 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_SAM
 
-NTSTATUS sam_get_domain_sid(SAM_DOMAIN_HANDLE *domain, DOM_SID **sid)
+NTSTATUS sam_get_domain_sid(SAM_DOMAIN_HANDLE *domain, const DOM_SID **sid)
 {
-	if (!domain || !sid) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain &&sid);
 
 	*sid = &(domain->private.sid);
 
@@ -36,7 +36,7 @@ NTSTATUS sam_get_domain_sid(SAM_DOMAIN_HANDLE *domain, DOM_SID **sid)
 
 NTSTATUS sam_get_domain_num_accounts(SAM_DOMAIN_HANDLE *domain, uint32 *num_accounts)
 {
-	if (!domain || !num_accounts) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain &&num_accounts);
 
 	*num_accounts = domain->private.num_accounts;
 
@@ -45,7 +45,7 @@ NTSTATUS sam_get_domain_num_accounts(SAM_DOMAIN_HANDLE *domain, uint32 *num_acco
 
 NTSTATUS sam_get_domain_num_groups(SAM_DOMAIN_HANDLE *domain, uint32 *num_groups)
 {
-	if (!domain || !num_groups) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain &&num_groups);
 
 	*num_groups = domain->private.num_groups;
 
@@ -54,25 +54,25 @@ NTSTATUS sam_get_domain_num_groups(SAM_DOMAIN_HANDLE *domain, uint32 *num_groups
 
 NTSTATUS sam_get_domain_num_aliases(SAM_DOMAIN_HANDLE *domain, uint32 *num_aliases)
 {
-	if (!domain || !num_aliases) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain &&num_aliases);
 
 	*num_aliases = domain->private.num_aliases;
 
 	return NT_STATUS_OK;
 }
 
-NTSTATUS sam_get_domain_name(SAM_DOMAIN_HANDLE *domain, char **domain_name)
+NTSTATUS sam_get_domain_name(SAM_DOMAIN_HANDLE *domain, const char **domain_name)
 {
-	if (!domain || !domain_name) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain &&domain_name);
 
 	*domain_name = domain->private.name;
 
 	return NT_STATUS_OK;
 }
 
-NTSTATUS sam_get_domain_server(SAM_DOMAIN_HANDLE *domain, char **server_name)
+NTSTATUS sam_get_domain_server(SAM_DOMAIN_HANDLE *domain, const char **server_name)
 {
-	if (!domain || !server_name) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain &&server_name);
 
 	*server_name = domain->private.servername;
 
@@ -81,7 +81,7 @@ NTSTATUS sam_get_domain_server(SAM_DOMAIN_HANDLE *domain, char **server_name)
 
 NTSTATUS sam_get_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *max_passwordage)
 {
-	if (!domain || !max_passwordage) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain &&max_passwordage);
 
 	*max_passwordage = domain->private.max_passwordage;
 
@@ -90,7 +90,7 @@ NTSTATUS sam_get_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *max_passwo
 
 NTSTATUS sam_get_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *min_passwordage)
 {
-	if (!domain || !min_passwordage) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain &&min_passwordage);
 
 	*min_passwordage = domain->private.min_passwordage;
 
@@ -99,7 +99,7 @@ NTSTATUS sam_get_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME *min_passwo
 
 NTSTATUS sam_get_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME *lockout_duration)
 {
-	if (!domain || !lockout_duration) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain &&lockout_duration);
 
 	*lockout_duration = domain->private.lockout_duration;
 
@@ -108,7 +108,7 @@ NTSTATUS sam_get_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME *lock
 
 NTSTATUS sam_get_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME *reset_lockout_count)
 {
-	if (!domain || !reset_lockout_count) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain &&reset_lockout_count);
 	
 	*reset_lockout_count = domain->private.reset_count;
 
@@ -117,7 +117,7 @@ NTSTATUS sam_get_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME *reset_loc
 
 NTSTATUS sam_get_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 *min_passwordlength)
 {
-	if (!domain || !min_passwordlength) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain &&min_passwordlength);
 
 	*min_passwordlength = domain->private.min_passwordlength;
 
@@ -126,7 +126,7 @@ NTSTATUS sam_get_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 *min_pas
 
 NTSTATUS sam_get_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 *password_history)
 {
-	if (!domain || !password_history) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain &&password_history);
 
 	*password_history = domain->private.password_history;
 
@@ -135,7 +135,7 @@ NTSTATUS sam_get_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 *password_
 
 NTSTATUS sam_get_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 *lockout_count)
 {
-	if (!domain || !lockout_count) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain &&lockout_count);
 
 	*lockout_count = domain->private.lockout_count;
 
@@ -144,7 +144,7 @@ NTSTATUS sam_get_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 *lockout
 
 NTSTATUS sam_get_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL *force_logoff)
 {
-	if (!domain || !force_logoff) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain &&force_logoff);
 
 	*force_logoff = domain->private.force_logoff;
 
@@ -154,7 +154,7 @@ NTSTATUS sam_get_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL *force_logo
 
 NTSTATUS sam_get_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL *login_pwdchange)
 {
-	if (!domain || !login_pwdchange) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain && login_pwdchange);
 
 	*login_pwdchange = domain->private.login_pwdchange;
 
@@ -163,9 +163,9 @@ NTSTATUS sam_get_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL *login_p
 
 /* Set */
 
-NTSTATUS sam_set_domain_name(SAM_DOMAIN_HANDLE *domain, char *domain_name)
+NTSTATUS sam_set_domain_name(SAM_DOMAIN_HANDLE *domain, const char *domain_name)
 {
-	if (!domain) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain);
 
 	domain->private.name = talloc_strdup(domain->mem_ctx, domain_name);
 
@@ -175,7 +175,7 @@ NTSTATUS sam_set_domain_name(SAM_DOMAIN_HANDLE *domain, char *domain_name)
 
 NTSTATUS sam_set_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME max_passwordage)
 {
-	if (!domain) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain);
 
 	domain->private.max_passwordage = max_passwordage;
 
@@ -184,7 +184,7 @@ NTSTATUS sam_set_domain_max_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME max_passwor
 
 NTSTATUS sam_set_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME min_passwordage)
 {
-	if (!domain) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain);
 
 	domain->private.min_passwordage = min_passwordage;
 
@@ -193,7 +193,7 @@ NTSTATUS sam_set_domain_min_pwdage(SAM_DOMAIN_HANDLE *domain, NTTIME min_passwor
 
 NTSTATUS sam_set_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME lockout_duration)
 {
-	if (!domain) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain);
 
 	domain->private.lockout_duration = lockout_duration;
 
@@ -201,7 +201,7 @@ NTSTATUS sam_set_domain_lockout_duration(SAM_DOMAIN_HANDLE *domain, NTTIME locko
 }
 NTSTATUS sam_set_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME reset_lockout_count)
 {
-	if (!domain) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain);
 
 	domain->private.reset_count = reset_lockout_count;
 
@@ -210,7 +210,7 @@ NTSTATUS sam_set_domain_reset_count(SAM_DOMAIN_HANDLE *domain, NTTIME reset_lock
 
 NTSTATUS sam_set_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 min_passwordlength)
 {
-	if (!domain) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain);
 
 	domain->private.min_passwordlength = min_passwordlength;
 
@@ -219,7 +219,7 @@ NTSTATUS sam_set_domain_min_pwdlength(SAM_DOMAIN_HANDLE *domain, uint16 min_pass
 
 NTSTATUS sam_set_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 password_history)
 {
-	if (!domain) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain);
 
 	domain->private.password_history = password_history;
 
@@ -228,7 +228,7 @@ NTSTATUS sam_set_domain_pwd_history(SAM_DOMAIN_HANDLE *domain, uint16 password_h
 
 NTSTATUS sam_set_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 lockout_count)
 {
-	if (!domain) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain);
 
 	domain->private.lockout_count = lockout_count;
 
@@ -237,7 +237,7 @@ NTSTATUS sam_set_domain_lockout_count(SAM_DOMAIN_HANDLE *domain, uint16 lockout_
 
 NTSTATUS sam_set_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL force_logoff)
 {
-	if (!domain) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain);
 
 	domain->private.force_logoff = force_logoff;
 
@@ -246,16 +246,16 @@ NTSTATUS sam_set_domain_force_logoff(SAM_DOMAIN_HANDLE *domain, BOOL force_logof
 
 NTSTATUS sam_set_domain_login_pwdchange(SAM_DOMAIN_HANDLE *domain, BOOL login_pwdchange)
 {
-	if (!domain) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain);
 
 	domain->private.login_pwdchange = login_pwdchange;
 
 	return NT_STATUS_OK;
 }
 
-NTSTATUS sam_set_domain_server(SAM_DOMAIN_HANDLE *domain, char *server_name)
+NTSTATUS sam_set_domain_server(SAM_DOMAIN_HANDLE *domain, const char *server_name)
 {
-	if (!domain) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(domain);
 
 	domain->private.servername = talloc_strdup(domain->mem_ctx, server_name);
 
diff --git a/source3/sam/get_set_group.c b/source3/sam/get_set_group.c
index dac5ffca9f..11ea9258a7 100644
--- a/source3/sam/get_set_group.c
+++ b/source3/sam/get_set_group.c
@@ -27,97 +27,80 @@
 
 /* sam group get functions */
 
-NTSTATUS sam_get_group_sid(const SAM_GROUP_HANDLE *group, DOM_SID **sid)
+NTSTATUS sam_get_group_sid(const SAM_GROUP_HANDLE *group, const DOM_SID **sid)
 {
-	if (!group || !sid) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(group && sid);
 
 	*sid = &(group->private.sid);
 
 	return NT_STATUS_OK;
 }
 
-NTSTATUS sam_get_group_typ(const SAM_GROUP_HANDLE *group, uint32 *typ)
+NTSTATUS sam_get_group_ctrl(const SAM_GROUP_HANDLE *group, uint32 *group_ctrl)
 {
-	if (!group || !typ) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(group && group_ctrl);
 
-	*typ = group->private.flags;
+	*group_ctrl = group->private.group_ctrl;
 
 	return NT_STATUS_OK;
 }
 
-NTSTATUS sam_get_group_name(const SAM_GROUP_HANDLE *group, char **group_name)
+NTSTATUS sam_get_group_name(const SAM_GROUP_HANDLE *group, const char **group_name)
 {
-	if (!group) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(group);
 
-	*group_name = group->private.name;
+	*group_name = group->private.group_name;
 
 	return NT_STATUS_OK;
 
 }
-NTSTATUS sam_get_group_comment(const SAM_GROUP_HANDLE *group, char **comment)
+NTSTATUS sam_get_group_comment(const SAM_GROUP_HANDLE *group, const char **group_desc)
 {
-	if (!group) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(group);
 
-	*comment = group->private.comment;
-
-	return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_group_priv_set(const SAM_GROUP_HANDLE *group, PRIVILEGE_SET *priv_set)
-{
-	if (!group) return NT_STATUS_UNSUCCESSFUL;
-
-	*priv_set = group->private.privileges;
+	*group_desc = group->private.group_desc;
 
 	return NT_STATUS_OK;
 }
 
 /* sam group set functions */
 
-NTSTATUS sam_set_group_sid(SAM_GROUP_HANDLE *group, DOM_SID *sid)
+NTSTATUS sam_set_group_sid(SAM_GROUP_HANDLE *group, const DOM_SID *sid)
 {
-	if (!group) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(group);
 
-	if (!sid) ZERO_STRUCT(group->private.sid);
-	else sid_copy(&(group->private.sid), sid);
+	if (!sid) 
+		ZERO_STRUCT(group->private.sid);
+	else 
+		sid_copy(&(group->private.sid), sid);
 
 	return NT_STATUS_OK;
 }
 
-NTSTATUS sam_set_group_typ(SAM_GROUP_HANDLE *group, uint32 typ)
+NTSTATUS sam_set_group_group_ctrl(SAM_GROUP_HANDLE *group, uint32 group_ctrl)
 {
-	if (!group) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(group);
 
-	group->private.flags = typ;
+	group->private.group_ctrl = group_ctrl;
 
 	return NT_STATUS_OK;
 }
 
-NTSTATUS sam_set_group_name(SAM_GROUP_HANDLE *group, char *group_name)
+NTSTATUS sam_set_group_name(SAM_GROUP_HANDLE *group, const char *group_name)
 {
-	if (!group) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(group);
 
-	group->private.name = talloc_strdup(group->mem_ctx, group_name);
+	group->private.group_name = talloc_strdup(group->mem_ctx, group_name);
 
 	return NT_STATUS_OK;
 }
 
-NTSTATUS sam_set_group_comment(SAM_GROUP_HANDLE *group, char *comment)
+NTSTATUS sam_set_group_description(SAM_GROUP_HANDLE *group, const char *group_desc)
 {
-	if (!group) return NT_STATUS_UNSUCCESSFUL;
+	SAM_ASSERT(group);
 
-	group->private.comment = talloc_strdup(group->mem_ctx, comment);
+	group->private.group_desc = talloc_strdup(group->mem_ctx, group_desc);
 
 	return NT_STATUS_OK;
 
 }
-
-NTSTATUS sam_set_group_priv_set(SAM_GROUP_HANDLE *group, PRIVILEGE_SET *priv_set)
-{
-	if (!group) return NT_STATUS_UNSUCCESSFUL;
-
-	if (!priv_set) ZERO_STRUCT(group->private.privileges);
-	else memcpy(&(group->private.privileges), priv_set, sizeof(PRIVILEGE_SET));
-
-	return NT_STATUS_OK;
-}
diff --git a/source3/sam/interface.c b/source3/sam/interface.c
index ef2a4d5f8a..9ba273e6f3 100644
--- a/source3/sam/interface.c
+++ b/source3/sam/interface.c
@@ -48,11 +48,8 @@ NTSTATUS sam_get_methods_by_sid(const SAM_CONTEXT *context, SAM_METHODS **sam_me
 
 	DEBUG(5,("sam_get_methods_by_sid: %d\n", __LINE__));
 
-	if ((!context) || (!context->methods))
-	{
-		DEBUG(2,("sam_get_methods_by_sid: invalid sam_context specified!\n"));
-		return NT_STATUS_INVALID_PARAMETER;
-	}
+	/* invalid sam_context specified */
+	SAM_ASSERT(context && context->methods)
 
 	tmp_methods = context->methods;
 
@@ -77,11 +74,8 @@ NTSTATUS sam_get_methods_by_name(const SAM_CONTEXT *context, SAM_METHODS **sam_m
 
 	DEBUG(5,("sam_get_methods_by_name: %d\n", __LINE__));
 
-	if ((!context) || (!context->methods))
-	{
-		DEBUG(2,("sam_get_methods_by_sid: invalid sam_context specified!\n"));
-		return NT_STATUS_INVALID_PARAMETER;
-	}
+	/* invalid sam_context specified */
+	SAM_ASSERT(context && context->methods)
 
 	tmp_methods = context->methods;
 
@@ -229,10 +223,8 @@ NTSTATUS context_sam_enum_domains(const SAM_CONTEXT *context, const NT_USER_TOKE
 
 	DEBUG(5,("context_sam_enum_domains: %d\n", __LINE__));
 
-	if ((!context)|| (!context->methods)) {
-		DEBUG(2,("context_sam_enum_domains: invalid sam_context specified!\n"));
-		return NT_STATUS_INVALID_PARAMETER;
-	}
+	/* invalid sam_context specified */
+	SAM_ASSERT(context && context->methods)
 
 	if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
 		DEBUG(4,("samr_make_sam_obj_sd failed\n"));
@@ -298,10 +290,8 @@ NTSTATUS context_sam_lookup_domain(const SAM_CONTEXT *context, const NT_USER_TOK
 
 	DEBUG(5,("context_sam_lookup_domain: %d\n", __LINE__));
 
-	if ((!context)|| (!context->methods)) {
-		DEBUG(2,("context_sam_lookup_domain: invalid sam_context specified!\n"));
-		return NT_STATUS_INVALID_PARAMETER;
-	}
+	/* invalid sam_context specified */
+	SAM_ASSERT(context && context->methods)
 
 	if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
 		DEBUG(4,("samr_make_sam_obj_sd failed\n"));
@@ -354,7 +344,7 @@ NTSTATUS context_sam_get_domain_by_sid(const SAM_CONTEXT *context, const NT_USER
 	return NT_STATUS_OK;
 }
 
-NTSTATUS context_sam_create_account(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const uint32 access_desired, DOM_SID *domainsid, SAM_ACCOUNT_HANDLE **account)
+NTSTATUS context_sam_create_account(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *domainsid, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
 {
 	SAM_METHODS	*tmp_methods;
 	NTSTATUS	nt_status;
@@ -371,7 +361,7 @@ NTSTATUS context_sam_create_account(const SAM_CONTEXT *context, const NT_USER_TO
 		return NT_STATUS_NOT_IMPLEMENTED;
 	}
 
-	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_account(tmp_methods, access_token, access_desired, account))) {
+	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_account(tmp_methods, access_token, access_desired, account_name, acct_ctrl, account))) {
 		DEBUG(4,("context_sam_create_account in backend %s failed\n",
 				 tmp_methods->backendname));
 		return nt_status;
@@ -383,7 +373,7 @@ NTSTATUS context_sam_create_account(const SAM_CONTEXT *context, const NT_USER_TO
 NTSTATUS context_sam_add_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
 {
 	DOM_SID		domainsid;
-	DOM_SID		*accountsid;
+	const DOM_SID		*accountsid;
 	SAM_METHODS	*tmp_methods;
 	uint32		rid;
 	NTSTATUS	nt_status;
@@ -422,7 +412,7 @@ NTSTATUS context_sam_update_account(const SAM_CONTEXT *context, const SAM_ACCOUN
 {
 	DOM_SID		domainsid;
 	SAM_METHODS	*tmp_methods;
-	DOM_SID		*accountsid;
+	const DOM_SID		*accountsid;
 	uint32		rid;
 	NTSTATUS	nt_status;
 
@@ -460,7 +450,7 @@ NTSTATUS context_sam_delete_account(const SAM_CONTEXT *context, const SAM_ACCOUN
 {
 	DOM_SID		domainsid;
 	SAM_METHODS	*tmp_methods;
-	DOM_SID		*accountsid;
+	const DOM_SID	*accountsid;
 	uint32		rid;
 	NTSTATUS	nt_status;
 
@@ -494,7 +484,7 @@ NTSTATUS context_sam_delete_account(const SAM_CONTEXT *context, const SAM_ACCOUN
 	return NT_STATUS_OK;
 }
 
-NTSTATUS context_sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, int32 *account_count, SAM_ACCOUNT_ENUM **accounts)
+NTSTATUS context_sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl, int32 *account_count, SAM_ACCOUNT_ENUM **accounts)
 {
 	SAM_METHODS	*tmp_methods;
 	NTSTATUS	nt_status;
@@ -511,7 +501,7 @@ NTSTATUS context_sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOK
 		return NT_STATUS_NOT_IMPLEMENTED;
 	}
 
-	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_accounts(tmp_methods, access_token, account_count, accounts))) {
+	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_accounts(tmp_methods, access_token, acct_ctrl, account_count, accounts))) {
 		DEBUG(4,("context_sam_enum_accounts for domain %s in backend %s failed\n",
 				 tmp_methods->domain->private.name, tmp_methods->backendname));
 		return nt_status;
@@ -582,14 +572,14 @@ NTSTATUS context_sam_get_account_by_name(const SAM_CONTEXT *context, const NT_US
 	return NT_STATUS_OK;
 }
 
-NTSTATUS context_sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const uint32 access_desired, const uint32 type, DOM_SID *sid, SAM_GROUP_HANDLE **group)
+NTSTATUS context_sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const uint32 access_desired, const DOM_SID *domainsid, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
 {
 	SAM_METHODS	*tmp_methods;
 	NTSTATUS	nt_status;
 
 	DEBUG(5,("context_sam_create_group: %d\n", __LINE__));
 
-	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
+	if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
 		DEBUG(4,("sam_get_methods_by_sid failed\n"));
 		return nt_status;
 	}
@@ -599,7 +589,7 @@ NTSTATUS context_sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKE
 		return NT_STATUS_UNSUCCESSFUL; 
 	}
 
-	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_group(tmp_methods, access_token, access_desired, type, group))) {
+	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_group(tmp_methods, access_token, access_desired, group_name, group_ctrl, group))) {
 		DEBUG(4,("context_sam_create_group in backend %s failed\n",
 				 tmp_methods->backendname));
 		return nt_status;
@@ -611,7 +601,7 @@ NTSTATUS context_sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKE
 NTSTATUS context_sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
 {
 	DOM_SID		domainsid;
-	DOM_SID		*groupsid;
+	const DOM_SID		*groupsid;
 	SAM_METHODS	*tmp_methods;
 	uint32		rid;
 	NTSTATUS	nt_status;
@@ -649,7 +639,7 @@ NTSTATUS context_sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDL
 NTSTATUS context_sam_update_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
 {
 	DOM_SID		domainsid;
-	DOM_SID		*groupsid;
+	const DOM_SID		*groupsid;
 	struct sam_methods *tmp_methods;
 	uint32		rid;
 	NTSTATUS nt_status;
@@ -688,7 +678,7 @@ NTSTATUS context_sam_delete_group(const SAM_CONTEXT *context, const SAM_GROUP_HA
 {
 	DOM_SID		domainsid;
 	SAM_METHODS 	*tmp_methods;
-	DOM_SID		*groupsid;
+	const DOM_SID	*groupsid;
 	uint32		rid;
 	NTSTATUS	nt_status;
 
@@ -722,7 +712,7 @@ NTSTATUS context_sam_delete_group(const SAM_CONTEXT *context, const SAM_GROUP_HA
 	return NT_STATUS_OK;
 }
 
-NTSTATUS context_sam_enum_groups(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, const uint32 type, uint32 *groups_count, SAM_GROUP_ENUM **groups)
+NTSTATUS context_sam_enum_groups(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
 {
 	SAM_METHODS	*tmp_methods;
 	NTSTATUS	nt_status;
@@ -739,7 +729,7 @@ NTSTATUS context_sam_enum_groups(const SAM_CONTEXT *context, const NT_USER_TOKEN
 		return NT_STATUS_NOT_IMPLEMENTED;
 	}
 
-	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groups(tmp_methods, access_token, type, groups_count, groups))) {
+	if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groups(tmp_methods, access_token, group_ctrl, groups_count, groups))) {
 		DEBUG(4,("context_sam_enum_groups for domain %s in backend %s failed\n",
 				 tmp_methods->domain->private.name, tmp_methods->backendname));
 		return nt_status;
@@ -823,7 +813,7 @@ NTSTATUS context_sam_enum_groupmembers(const SAM_CONTEXT *context, const SAM_GRO
 	return NT_STATUS_NOT_IMPLEMENTED;
 }
 
-NTSTATUS context_sam_get_groups_of_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account, const uint32 type, uint32 *group_count, SAM_GROUP_ENUM **groups)
+NTSTATUS context_sam_get_groups_of_sid(const SAM_CONTEXT *context, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
 {
 	return NT_STATUS_NOT_IMPLEMENTED;
 }