Merge branch 'master' of ssh://git.samba.org/data/git/samba into arc4

13 files changed, 363 insertions, 67 deletions

diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk
index cf41f9884a..41dd17e428 100644
--- a/source4/librpc/config.mk
+++ b/source4/librpc/config.mk
@@ -144,9 +144,9 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_COMPRESSION NDR_SECURITY NDR_SAMR ASN1_UTIL
 NDR_DRSUAPI_OBJ_FILES = $(gen_ndrsrcdir)/ndr_drsuapi.o $(ndrsrcdir)/ndr_drsuapi.o
 
 [SUBSYSTEM::NDR_DRSBLOBS]
-PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_DRSUAPI LIBCLI_DRSBLOBS
+PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_DRSUAPI
 
-NDR_DRSBLOBS_OBJ_FILES = $(gen_ndrsrcdir)/ndr_drsblobs.o
+NDR_DRSBLOBS_OBJ_FILES = $(gen_ndrsrcdir)/ndr_drsblobs.o $(ndrsrcdir)/ndr_drsblobs.o
 
 [SUBSYSTEM::NDR_SASL_HELPERS]
 PUBLIC_DEPENDENCIES = LIBNDR
diff --git a/source4/librpc/idl/dcerpc.idl b/source4/librpc/idl/dcerpc.idl
index 1c6574b11b..a78329d990 100644
--- a/source4/librpc/idl/dcerpc.idl
+++ b/source4/librpc/idl/dcerpc.idl
@@ -261,6 +261,7 @@ interface dcerpc
 	const uint8 DCERPC_PFC_FLAG_OBJECT_UUID		= 0x80; /* on valid guid is in the optional object field */
 
 	/* these offsets are needed by the signing code */
+	const uint8 DCERPC_PFC_OFFSET      =  3;
 	const uint8 DCERPC_DREP_OFFSET     =  4;
 	const uint8 DCERPC_FRAG_LEN_OFFSET =  8;
 	const uint8 DCERPC_AUTH_LEN_OFFSET = 10;
diff --git a/source4/librpc/idl/drsblobs.idl b/source4/librpc/idl/drsblobs.idl
index 6b1f649ff5..4274d2000a 100644
--- a/source4/librpc/idl/drsblobs.idl
+++ b/source4/librpc/idl/drsblobs.idl
@@ -409,24 +409,35 @@ interface drsblobs {
 		[size_is(1)] AuthenticationInformation array[];
 	} AuthenticationInformationArray;
 
+	/* This is nopull,nopush because we pass count down to the
+	 * manual parser of AuthenticationInformationArray */
 	typedef [public,nopull,nopush,noprint,gensize] struct {
 		uint32 count;
 		[relative] AuthenticationInformationArray *current;
 		[relative] AuthenticationInformationArray *previous;
 	} trustAuthInOutBlob;
 
-	typedef [public] struct {
-		uint8 confounder[512];
-		trustAuthInOutBlob outgoing;
-		trustAuthInOutBlob incoming;
-		[value(ndr_size_trustAuthInOutBlob(&outgoing, ndr->flags))] uint32 outgoing_size;
-		[value(ndr_size_trustAuthInOutBlob(&incoming, ndr->flags))] uint32 incoming_size;
-	} trustAuthInAndOutBlob;
-	
 	void decode_trustAuthInOut(
 		[in] trustAuthInOutBlob blob
 		);
 
+	typedef [public,gensize] struct {
+		uint32 count;
+		[relative] AuthenticationInformation *current[count];
+	} trustCurrentPasswords;
+
+	typedef [public,nopull] struct {
+		uint8 confounder[512];
+		[subcontext(0),subcontext_size(outgoing_size)] trustCurrentPasswords outgoing;
+		[subcontext(0),subcontext_size(incoming_size)] trustCurrentPasswords incoming;
+		[value(ndr_size_trustCurrentPasswords(&outgoing, ndr->flags))] uint32 outgoing_size;
+		[value(ndr_size_trustCurrentPasswords(&incoming, ndr->flags))] uint32 incoming_size;
+	} trustDomainPasswords;
+
+	void decode_trustDomainPasswords(
+		[in] trustDomainPasswords blob
+		);
+
 	typedef [public] struct {
 		uint32 marker;
 		DATA_BLOB data;
diff --git a/source4/librpc/idl/drsuapi.idl b/source4/librpc/idl/drsuapi.idl
index 0a5a081dd7..a41bc9cf19 100644
--- a/source4/librpc/idl/drsuapi.idl
+++ b/source4/librpc/idl/drsuapi.idl
@@ -877,7 +877,7 @@ interface drsuapi
 	} drsuapi_DsNameFlags;
 
 	typedef [v1_enum] enum {
-		DRSUAPI_DS_NAME_FORMAT_UKNOWN			= 0,
+		DRSUAPI_DS_NAME_FORMAT_UNKNOWN			= 0,
 		DRSUAPI_DS_NAME_FORMAT_FQDN_1779		= 1,
 		DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT		= 2,
 		DRSUAPI_DS_NAME_FORMAT_DISPLAY			= 3,
@@ -970,7 +970,7 @@ interface drsuapi
 	typedef struct {
 		[charset(UTF16),string] uint16 *server_dn;
 		[charset(UTF16),string] uint16 *domain_dn;
-		uint32 unknown; /* 0x000000001 */
+		boolean32 commit;
 	} drsuapi_DsRemoveDSServerRequest1;
 
 	typedef [switch_type(int32)] union {
@@ -978,7 +978,7 @@ interface drsuapi
 	} drsuapi_DsRemoveDSServerRequest;
 
 	typedef struct {
-		WERROR status;
+		boolean32 last_dc_in_domain;
 	} drsuapi_DsRemoveDSServerResult1;
 
 	typedef [switch_type(int32)] union {
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
index 9a6e4a202c..4dce6d6d1e 100644
--- a/source4/librpc/idl/lsa.idl
+++ b/source4/librpc/idl/lsa.idl
@@ -140,12 +140,11 @@ import "misc.idl", "security.idl";
 
 	typedef struct {
 		uint32 percent_full;
-		uint32 log_size;
-		NTTIME retention_time;
+		uint32 maximum_log_size;
+		hyper  retention_time;
 		uint8  shutdown_in_progress;
-		NTTIME time_to_shutdown;
+		hyper  time_to_shutdown;
 		uint32 next_audit_record;
-		uint32 unknown;
 	} lsa_AuditLogInfo;
 
 	typedef [v1_enum] enum {
@@ -183,9 +182,13 @@ import "misc.idl", "security.idl";
 		lsa_String name;
 	} lsa_PDAccountInfo;
 
+	typedef [v1_enum] enum {
+		LSA_ROLE_BACKUP=2,
+		LSA_ROLE_PRIMARY=3
+	} lsa_Role;
+
 	typedef struct {
-		uint16 unknown; /* an midl padding bug? */
-		uint16 role;
+		lsa_Role role;
 	} lsa_ServerRole;
 
 	typedef struct {
@@ -204,7 +207,7 @@ import "misc.idl", "security.idl";
 
 	typedef struct {
 		hyper modified_id;
-		NTTIME db_create_time;
+		NTTIME_hyper db_create_time;
 	} lsa_ModificationInfo;
 
 	typedef struct {
@@ -212,7 +215,6 @@ import "misc.idl", "security.idl";
 	} lsa_AuditFullSetInfo;
 
 	typedef struct {
-		uint16 unknown; /* an midl padding bug? */
 		uint8 shutdown_on_full;
 		uint8 log_is_full;
 	} lsa_AuditFullQueryInfo;
@@ -243,7 +245,8 @@ import "misc.idl", "security.idl";
 		LSA_POLICY_INFO_DB=9,
 		LSA_POLICY_INFO_AUDIT_FULL_SET=10,
 		LSA_POLICY_INFO_AUDIT_FULL_QUERY=11,
-		LSA_POLICY_INFO_DNS=12
+		LSA_POLICY_INFO_DNS=12,
+		LSA_POLICY_INFO_DNS_INT=13
 	} lsa_PolicyInfo;
 
 	typedef [switch_type(uint16)] union {
@@ -259,6 +262,7 @@ import "misc.idl", "security.idl";
 		[case(LSA_POLICY_INFO_AUDIT_FULL_SET)]   lsa_AuditFullSetInfo   auditfullset;
 		[case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery;
 		[case(LSA_POLICY_INFO_DNS)]              lsa_DnsDomainInfo      dns;
+		[case(LSA_POLICY_INFO_DNS_INT)]          lsa_DnsDomainInfo      dns;
 	} lsa_PolicyInformation;
 
 	NTSTATUS lsa_QueryInfoPolicy (
@@ -387,7 +391,8 @@ import "misc.idl", "security.idl";
 		LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3,
 		LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY = 4,
 		LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY = 5,
-		LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6
+		LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6,
+		LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC = 7
 	} lsa_LookupNamesLevel;
 
 	[public] NTSTATUS lsa_LookupNames (
@@ -1008,8 +1013,8 @@ import "misc.idl", "security.idl";
 		[in,out] lsa_TransSidArray2 *sids,
 		[in]         lsa_LookupNamesLevel level,
 		[in,out] uint32 *count,
-		[in]         uint32 unknown1,
-		[in]         uint32 unknown2
+		[in]         uint32 lookup_options,
+		[in]         uint32 client_revision /* LSA_CLIENT_REVISION* */
 		);
 
 	/* Function 0x3b */
@@ -1051,7 +1056,7 @@ import "misc.idl", "security.idl";
 		lsa_SidType sid_type;
 		dom_sid2 *sid;
 		uint32 sid_index;
-		uint32 unknown;
+		uint32 flags;
 	} lsa_TranslatedSid3;
 
 	typedef struct {
@@ -1067,8 +1072,8 @@ import "misc.idl", "security.idl";
 		[in,out] lsa_TransSidArray3 *sids,
 		[in]         lsa_LookupNamesLevel level,
 		[in,out] uint32 *count,
-		[in]         uint32 unknown1,
-		[in]         uint32 unknown2
+		[in]         uint32 lookup_options,
+		[in]         uint32 client_revision /* LSA_CLIENT_REVISION* */
 		);
 
 	/* Function 0x45 */
@@ -1147,6 +1152,11 @@ import "misc.idl", "security.idl";
 		[in]         uint32 unknown2
 		);
 
+	const int LSA_CLIENT_REVISION_NO_DNS     = 0x00000001;
+	const int LSA_CLIENT_REVISION_DNS        = 0x00000002;
+
+	const int LSA_LOOKUP_OPTIONS_NO_ISOLATED = 0x80000000;
+
 	/* Function 0x4d */
 	NTSTATUS lsa_LookupNames4(
 		[in,range(0,1000)] uint32 num_names,
@@ -1155,8 +1165,8 @@ import "misc.idl", "security.idl";
 		[in,out] lsa_TransSidArray3 *sids,
 		[in]         lsa_LookupNamesLevel level,
 		[in,out] uint32 *count,
-		[in]         uint32 unknown1,
-		[in]         uint32 unknown2
+		[in]         uint32 lookup_options,
+		[in]         uint32 client_revision /* LSA_CLIENT_REVISION* */
 		);
 
 	/* Function 0x4e */
diff --git a/source4/librpc/idl/misc.idl b/source4/librpc/idl/misc.idl
index 8331977398..791b86466c 100644
--- a/source4/librpc/idl/misc.idl
+++ b/source4/librpc/idl/misc.idl
@@ -30,9 +30,11 @@ interface misc
 	/* Only SEC_CHAN_WKSTA can forward requests to other domains. */
 
 	typedef [public] enum {
-		SEC_CHAN_WKSTA   = 2,
-		SEC_CHAN_DOMAIN  = 4,
-		SEC_CHAN_BDC     = 6
+		SEC_CHAN_NULL        = 0,
+		SEC_CHAN_WKSTA       = 2,
+		SEC_CHAN_DNS_DOMAIN  = 3,
+		SEC_CHAN_DOMAIN      = 4,
+		SEC_CHAN_BDC         = 6
 	} netr_SchannelType;
 
 	/* SAM database types */
diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl
index 8a36922fdd..22e90878e7 100644
--- a/source4/librpc/idl/netlogon.idl
+++ b/source4/librpc/idl/netlogon.idl
@@ -1100,6 +1100,16 @@ interface netlogon
 
 	/****************/
 	/* Function 0x1d */
+	typedef [bitmap32bit] bitmap {
+		NETR_TRUST_FLAG_IN_FOREST = 0x00000001,
+		NETR_TRUST_FLAG_OUTBOUND  = 0x00000002,
+		NETR_TRUST_FLAG_TREEROOT  = 0x00000004,
+		NETR_TRUST_FLAG_PRIMARY   = 0x00000008,
+		NETR_TRUST_FLAG_NATIVE    = 0x00000010,
+		NETR_TRUST_FLAG_INBOUND   = 0x00000020,
+		NETR_TRUST_FLAG_MIT_KRB5  = 0x00000080,
+		NETR_TRUST_FLAG_AES       = 0x00000100
+	} netr_TrustFlags;
 
 	typedef [flag(NDR_PAHEX)] struct {
 		uint16 length;
@@ -1128,25 +1138,60 @@ interface netlogon
 	} netr_DomainQuery;
 
 	typedef struct {
+		/* these first 3 values come from the fact windows
+		   actually encodes this structure as a UNICODE_STRING
+		   - see MS-NRPC section 2.2.1.3.9 */
+		[value(8)] uint32 length;
+		[value(0)] uint32 dummy;
+		[value(8)] uint32 size;
+		netr_TrustFlags flags;
+		uint32 parent_index;
+		uint32 trust_type;
+		uint32 trust_attributes;
+	} netr_trust_extension;
+
+	typedef struct {
+		uint16 length; /* value is 16 when info != NULL, otherwise 0 */
+		[value(length)] uint16 size;   /* value is 16 when info != NULL, otherwise 0 */
+		netr_trust_extension *info;
+	} netr_trust_extension_container;
+
+	typedef struct {
 		lsa_String domainname;
 		lsa_String fulldomainname;
 		lsa_String forest;
 		GUID        guid;
 		dom_sid2    *sid;
-		netr_BinaryString unknown1[4];
-		uint32      unknown[4];
+		netr_trust_extension_container trust_extension;
+		lsa_String dummystring[3];
+		uint32     dummy[4];
 	} netr_DomainTrustInfo;
 
 	typedef struct {
+		uint32 policy_size;
+		[size_is(policy_size)] uint8 *policy;
+	} netr_LsaPolicyInfo;
+
+	typedef [public,bitmap32bit] bitmap {
+		NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS = 0x00000001,
+		NETR_WS_FLAG_HANDLES_SPN_UPDATE     = 0x00000002
+	} netr_WorkstationFlags;
+
+	typedef struct {
 		netr_DomainTrustInfo domaininfo;
 		uint32 num_trusts;
 		[size_is(num_trusts)] netr_DomainTrustInfo *trusts;
-		uint32 unknown[14]; /* room for expansion? */
+		netr_LsaPolicyInfo lsa_policy;
+		lsa_String dns_hostname;
+		lsa_String dummystring[3];
+		netr_WorkstationFlags workstation_flags;
+		uint32 supported_enc_types;
+		uint32 dummy[2];
 	} netr_DomainInfo1;
 
 	typedef union {
 		[case(1)] netr_DomainInfo1 *info1;
-		[case(2)] netr_DomainInfo1 *info1;
+		[case(2)] netr_DomainInfo1 *info2;
 	} netr_DomainInfo;
 	
 	NTSTATUS netr_LogonGetDomainInfo(
@@ -1230,14 +1275,6 @@ interface netlogon
 
 	/****************/
 	/* Function 0x24 */
-	typedef [bitmap32bit] bitmap {
-		NETR_TRUST_FLAG_IN_FOREST = 0x00000001,
-		NETR_TRUST_FLAG_OUTBOUND  = 0x00000002,
-		NETR_TRUST_FLAG_TREEROOT  = 0x00000004,
-		NETR_TRUST_FLAG_PRIMARY   = 0x00000008,
-		NETR_TRUST_FLAG_NATIVE    = 0x00000010,
-		NETR_TRUST_FLAG_INBOUND   = 0x00000020
-	} netr_TrustFlags;
 
 	typedef [v1_enum] enum {
 		NETR_TRUST_TYPE_DOWNLEVEL	= 1,
diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl
index 80efe46453..ac7641c0af 100644
--- a/source4/librpc/idl/security.idl
+++ b/source4/librpc/idl/security.idl
@@ -153,6 +153,7 @@ interface security
 	const string SID_CREATOR_OWNER_DOMAIN = "S-1-3";
 	const string SID_CREATOR_OWNER        = "S-1-3-0";
 	const string SID_CREATOR_GROUP        = "S-1-3-1";
+	const string SID_OWNER_RIGHTS         = "S-1-3-4";
 
 	/* SECURITY_NT_AUTHORITY */
 	const string NAME_NT_AUTHORITY            = "NT AUTHORITY";
@@ -172,9 +173,14 @@ interface security
 	const string SID_NT_TERMINAL_SERVER_USERS = "S-1-5-13";
 	const string SID_NT_REMOTE_INTERACTIVE    = "S-1-5-14";
 	const string SID_NT_THIS_ORGANISATION     = "S-1-5-15";
+	const string SID_NT_IUSR                  = "S-1-5-17";
 	const string SID_NT_SYSTEM                = "S-1-5-18";
 	const string SID_NT_LOCAL_SERVICE         = "S-1-5-19";
 	const string SID_NT_NETWORK_SERVICE       = "S-1-5-20";
+	const string SID_NT_DIGEST_AUTHENTICATION = "S-1-5-64-21";
+	const string SID_NT_NTLM_AUTHENTICATION   = "S-1-5-64-10";
+	const string SID_NT_SCHANNEL_AUTHENTICATION = "S-1-5-64-14";
+	const string SID_NT_OTHER_ORGANISATION    = "S-1-5-1000";
 
 	/* SECURITY_BUILTIN_DOMAIN_RID */
 	const string NAME_BUILTIN                  = "BUILTIN";
diff --git a/source4/librpc/ndr/ndr_drsblobs.c b/source4/librpc/ndr/ndr_drsblobs.c
new file mode 100644
index 0000000000..aecb0c3b16
--- /dev/null
+++ b/source4/librpc/ndr/ndr_drsblobs.c
@@ -0,0 +1,213 @@
+/* 
+   Unix SMB/CIFS implementation.
+
+   Manually parsed structures found in the DRS protocol
+
+   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2008
+   
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+   
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+   
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_drsblobs.h"
+
+/* parser auto-generated by pidl, then hand-modified by abartlet */
+
+/* Modified to have 'count' specified */
+static enum ndr_err_code ndr_push_AuthenticationInformationArray_with_count(struct ndr_push *ndr, int ndr_flags, int count, 
+								 const struct AuthenticationInformationArray *r)
+{
+	uint32_t cntr_array_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		for (cntr_array_0 = 0; cntr_array_0 < count; cntr_array_0++) {
+			NDR_CHECK(ndr_push_AuthenticationInformation(ndr, NDR_SCALARS, &r->array[cntr_array_0]));
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		for (cntr_array_0 = 0; cntr_array_0 < count; cntr_array_0++) {
+			NDR_CHECK(ndr_push_AuthenticationInformation(ndr, NDR_BUFFERS, &r->array[cntr_array_0]));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+/* Modified to have 'count' specified, and to allocate the array */
+static enum ndr_err_code ndr_pull_AuthenticationInformationArray_with_count(struct ndr_pull *ndr, int ndr_flags, int count, struct AuthenticationInformationArray *r)
+{
+	uint32_t cntr_array_0;
+	TALLOC_CTX *_mem_save_array_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_PULL_ALLOC_N(ndr, r->array, count);
+		_mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr);
+		NDR_PULL_SET_MEM_CTX(ndr, r->array, 0);
+		for (cntr_array_0 = 0; cntr_array_0 < count; cntr_array_0++) {
+			NDR_CHECK(ndr_pull_AuthenticationInformation(ndr, NDR_SCALARS, &r->array[cntr_array_0]));
+		}
+		NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0);
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		for (cntr_array_0 = 0; cntr_array_0 < count; cntr_array_0++) {
+			NDR_CHECK(ndr_pull_AuthenticationInformation(ndr, NDR_BUFFERS, &r->array[cntr_array_0]));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+/* Modified to have 'count' specified */
+_PUBLIC_ void ndr_print_AuthenticationInformationArray_with_count(struct ndr_print *ndr, const char *name, int count, const struct AuthenticationInformationArray *r)
+{
+	uint32_t cntr_array_0;
+	ndr_print_struct(ndr, name, "AuthenticationInformationArray");
+	ndr->depth++;
+	ndr->print(ndr, "%s: ARRAY(%d)", "array", (int)1);
+	ndr->depth++;
+	for (cntr_array_0=0;cntr_array_0<count;cntr_array_0++) {
+		char *idx_0=NULL;
+		if (asprintf(&idx_0, "[%d]", cntr_array_0) != -1) {
+			ndr_print_AuthenticationInformation(ndr, "array", &r->array[cntr_array_0]);
+			free(idx_0);
+		}
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+/* Modified to call AuthenticationInformationArray with 'count' specified */
+_PUBLIC_ enum ndr_err_code ndr_push_trustAuthInOutBlob(struct ndr_push *ndr, int ndr_flags, const struct trustAuthInOutBlob *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_push_align(ndr, 4));
+		NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count));
+		NDR_CHECK(ndr_push_relative_ptr1(ndr, r->current));
+		NDR_CHECK(ndr_push_relative_ptr1(ndr, r->previous));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->current) {
+			NDR_CHECK(ndr_push_relative_ptr2(ndr, r->current));
+			NDR_CHECK(ndr_push_AuthenticationInformationArray_with_count(ndr, NDR_SCALARS|NDR_BUFFERS, r->count, r->current));
+		}
+		if (r->previous) {
+			NDR_CHECK(ndr_push_relative_ptr2(ndr, r->previous));
+			NDR_CHECK(ndr_push_AuthenticationInformationArray_with_count(ndr, NDR_SCALARS|NDR_BUFFERS, r->count, r->previous));
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_trustAuthInOutBlob(struct ndr_pull *ndr, int ndr_flags, struct trustAuthInOutBlob *r)
+{
+	uint32_t _ptr_current;
+	TALLOC_CTX *_mem_save_current_0;
+	uint32_t _ptr_previous;
+	TALLOC_CTX *_mem_save_previous_0;
+	if (ndr_flags & NDR_SCALARS) {
+		NDR_CHECK(ndr_pull_align(ndr, 4));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count));
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_current));
+		if (_ptr_current) {
+			NDR_PULL_ALLOC(ndr, r->current);
+			NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->current, _ptr_current));
+		} else {
+			r->current = NULL;
+		}
+		NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_previous));
+		if (_ptr_previous) {
+			NDR_PULL_ALLOC(ndr, r->previous);
+			NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->previous, _ptr_previous));
+		} else {
+			r->previous = NULL;
+		}
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+		if (r->current) {
+			uint32_t _relative_save_offset;
+			_relative_save_offset = ndr->offset;
+			NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->current));
+			_mem_save_current_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->current, 0);
+			NDR_CHECK(ndr_pull_AuthenticationInformationArray_with_count(ndr, NDR_SCALARS|NDR_BUFFERS, r->count, r->current));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_current_0, 0);
+			ndr->offset = _relative_save_offset;
+		}
+		if (r->previous) {
+			uint32_t _relative_save_offset;
+			_relative_save_offset = ndr->offset;
+			NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->previous));
+			_mem_save_previous_0 = NDR_PULL_GET_MEM_CTX(ndr);
+			NDR_PULL_SET_MEM_CTX(ndr, r->previous, 0);
+			NDR_CHECK(ndr_pull_AuthenticationInformationArray_with_count(ndr, NDR_SCALARS|NDR_BUFFERS, r->count, r->previous));
+			NDR_PULL_SET_MEM_CTX(ndr, _mem_save_previous_0, 0);
+			ndr->offset = _relative_save_offset;
+		}
+	}
+	return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_trustAuthInOutBlob(struct ndr_print *ndr, const char *name, const struct trustAuthInOutBlob *r)
+{
+	ndr_print_struct(ndr, name, "trustAuthInOutBlob");
+	ndr->depth++;
+	ndr_print_uint32(ndr, "count", r->count);
+	ndr_print_ptr(ndr, "current", r->current);
+	ndr->depth++;
+	if (r->current) {
+		ndr_print_AuthenticationInformationArray_with_count(ndr, "current", r->count, r->current);
+	}
+	ndr->depth--;
+	ndr_print_ptr(ndr, "previous", r->previous);
+	ndr->depth++;
+	if (r->previous) {
+		ndr_print_AuthenticationInformationArray_with_count(ndr, "previous", r->count, r->previous);
+	}
+	ndr->depth--;
+	ndr->depth--;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_pull_trustDomainPasswords(struct ndr_pull *ndr, int ndr_flags, struct trustDomainPasswords *r)
+{
+	if (ndr_flags & NDR_SCALARS) {
+		uint32_t offset;
+		NDR_PULL_ALIGN(ndr, 4);
+		NDR_PULL_NEED_BYTES(ndr, 8);
+		
+		offset = ndr->offset;
+		ndr->offset = ndr->data_size - 8;
+
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->outgoing_size));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->incoming_size));
+
+		ndr->offset = offset;
+		NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->confounder, 512));
+		{
+			struct ndr_pull *_ndr_outgoing;
+			NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_outgoing, 0, r->outgoing_size));
+			NDR_CHECK(ndr_pull_trustCurrentPasswords(_ndr_outgoing, NDR_SCALARS|NDR_BUFFERS, &r->outgoing));
+			NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_outgoing, 0, r->outgoing_size));
+		}
+		{
+			struct ndr_pull *_ndr_incoming;
+			NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_incoming, 0, r->incoming_size));
+			NDR_CHECK(ndr_pull_trustCurrentPasswords(_ndr_incoming, NDR_SCALARS|NDR_BUFFERS, &r->incoming));
+			NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_incoming, 0, r->incoming_size));
+		}
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->outgoing_size));
+		NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->incoming_size));
+	}
+	if (ndr_flags & NDR_BUFFERS) {
+	}
+	return NDR_ERR_SUCCESS;
+}
+
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index 5bbcc5e91c..4e07cc7b57 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -33,9 +33,7 @@
 
 _PUBLIC_ NTSTATUS dcerpc_init(void)
 {
-	gensec_init(global_loadparm);
-
-	return NT_STATUS_OK;
+	return gensec_init(global_loadparm);
 }
 
 static void dcerpc_connection_dead(struct dcerpc_connection *conn, NTSTATUS status);
@@ -334,6 +332,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
 	DATA_BLOB creds2;
 	size_t payload_length;
 	enum ndr_err_code ndr_err;
+	size_t hdr_size = DCERPC_REQUEST_LENGTH;
 
 	/* non-signed packets are simpler */
 	if (sig_size == 0) {
@@ -367,6 +366,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
 
 	if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) {
 		ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT;
+		hdr_size += 16;
 	}
 
 	ndr_err = ndr_push_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt);
@@ -415,7 +415,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
 	case DCERPC_AUTH_LEVEL_PRIVACY:
 		status = gensec_seal_packet(c->security_state.generic_state, 
 					    mem_ctx, 
-					    blob->data + DCERPC_REQUEST_LENGTH, 
+					    blob->data + hdr_size,
 					    payload_length,
 					    blob->data,
 					    blob->length,
@@ -428,7 +428,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c,
 	case DCERPC_AUTH_LEVEL_INTEGRITY:
 		status = gensec_sign_packet(c->security_state.generic_state, 
 					    mem_ctx, 
-					    blob->data + DCERPC_REQUEST_LENGTH, 
+					    blob->data + hdr_size,
 					    payload_length, 
 					    blob->data,
 					    blob->length,
diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c
index 318b8fe36d..b117a98270 100644
--- a/source4/librpc/rpc/dcerpc_connect.c
+++ b/source4/librpc/rpc/dcerpc_connect.c
@@ -121,6 +121,7 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CT
 	conn->in.workgroup		= lp_workgroup(lp_ctx);
 
 	lp_smbcli_options(lp_ctx, &conn->in.options);
+	lp_smbcli_session_options(lp_ctx, &conn->in.session_options);
 
 	/*
 	 * provide proper credentials - user supplied, but allow a
@@ -137,7 +138,7 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CT
 
 	/* send smb connect request */
 	conn_req = smb_composite_connect_send(conn, s->io.pipe->conn, 
-					      lp_resolve_context(lp_ctx), 
+					      s->io.resolve_ctx,
 					      s->io.pipe->conn->event_ctx);
 	if (composite_nomem(conn_req, c)) return c;
 
diff --git a/source4/librpc/rpc/dcerpc_secondary.c b/source4/librpc/rpc/dcerpc_secondary.c
index abc67ad38b..b4d5d05b61 100644
--- a/source4/librpc/rpc/dcerpc_secondary.c
+++ b/source4/librpc/rpc/dcerpc_secondary.c
@@ -95,13 +95,14 @@ _PUBLIC_ struct composite_context* dcerpc_secondary_connection_send(struct dcerp
 							 s->binding->host,
 							 s->binding->target_hostname,
 							 atoi(s->binding->endpoint),
-							 lp_resolve_context(global_loadparm));
+							 dcerpc_resolve_ctx(s->pipe->conn));
 		composite_continue(c, pipe_tcp_req, continue_open_tcp, c);
 		return c;
 
 	case NCALRPC:
-		pipe_ncalrpc_req = dcerpc_pipe_open_pipe_send(s->pipe2->conn, lp_ncalrpc_dir(global_loadparm), 
-							      s->binding->endpoint);
+	case NCACN_UNIX_STREAM:
+		pipe_ncalrpc_req = dcerpc_pipe_open_unix_stream_send(s->pipe2->conn, 
+							      dcerpc_unix_socket_path(s->pipe->conn));
 		composite_continue(c, pipe_ncalrpc_req, continue_open_pipe, c);
 		return c;
 
diff --git a/source4/librpc/rpc/dcerpc_sock.c b/source4/librpc/rpc/dcerpc_sock.c
index 7480beae33..1e2b4cde48 100644
--- a/source4/librpc/rpc/dcerpc_sock.c
+++ b/source4/librpc/rpc/dcerpc_sock.c
@@ -39,6 +39,9 @@ struct sock_private {
 
 	struct packet_context *packet;
 	uint32_t pending_reads;
+
+	struct resolve_context *resolve_ctx;
+	const char *path; /* For ncacn_unix_sock and ncalrpc */
 };
 
 
@@ -307,6 +310,7 @@ static struct composite_context *dcerpc_pipe_open_socket_send(TALLOC_CTX *mem_ct
 						       struct resolve_context *resolve_context,
 						       struct socket_address *server,
 						       const char *target_hostname,
+						       const char *full_path,
 						       enum dcerpc_transport_t transport)
 {
 	struct composite_context *c;
@@ -334,6 +338,9 @@ static struct composite_context *dcerpc_pipe_open_socket_send(TALLOC_CTX *mem_ct
 
 	talloc_steal(s->sock, s->socket_ctx);
 
+	s->sock->resolve_ctx = resolve_context;
+	s->sock->path = talloc_reference(s->sock, full_path);
+
 	conn_req = socket_connect_send(s->socket_ctx, NULL, s->server, 0, 
 				       resolve_context, 
 				       c->event_ctx);
@@ -386,6 +393,7 @@ static void continue_ip_resolve_name(struct composite_context *ctx)
 	sock_ipv4_req = dcerpc_pipe_open_socket_send(c, s->conn,
 						     s->resolve_ctx,
 						     s->srvaddr, s->target_hostname,
+						     NULL,
 						     NCACN_IP_TCP);
 	composite_continue(c, sock_ipv4_req, continue_ipv4_open_socket, c);
 }
@@ -561,6 +569,7 @@ struct composite_context *dcerpc_pipe_open_unix_stream_send(struct dcerpc_connec
 	sock_unix_req = dcerpc_pipe_open_socket_send(c, s->conn, 
 						     NULL,
 						     s->srvaddr, NULL,
+						     s->path,
 						     NCALRPC);
 	composite_continue(c, sock_unix_req, continue_unix_open_socket, c);
 	return c;
@@ -579,13 +588,6 @@ NTSTATUS dcerpc_pipe_open_unix_stream_recv(struct composite_context *c)
 }
 
 
-struct pipe_np_state {
-	char *full_path;
-	struct socket_address *srvaddr;
-	struct dcerpc_connection *conn;
-};
-
-
 /*
   Stage 2 of dcerpc_pipe_open_pipe_send: receive socket open request
 */
@@ -612,13 +614,13 @@ struct composite_context* dcerpc_pipe_open_pipe_send(struct dcerpc_connection *c
 
 	struct composite_context *c;
 	struct composite_context *sock_np_req;
-	struct pipe_np_state *s;
+	struct pipe_unix_state *s;
 
 	/* composite context allocation and setup */
 	c = composite_create(conn, conn->event_ctx);
 	if (c == NULL) return NULL;
 
-	s = talloc_zero(c, struct pipe_np_state);
+	s = talloc_zero(c, struct pipe_unix_state);
 	if (composite_nomem(s, c)) return c;
 	c->private_data = s;
 
@@ -628,15 +630,15 @@ struct composite_context* dcerpc_pipe_open_pipe_send(struct dcerpc_connection *c
 	s->conn = conn;
 
 	string_replace(canon, '/', '\\');
-	s->full_path = talloc_asprintf(canon, "%s/%s", ncalrpc_dir, canon);
-	if (composite_nomem(s->full_path, c)) return c;
+	s->path = talloc_asprintf(canon, "%s/%s", ncalrpc_dir, canon);
+	if (composite_nomem(s->path, c)) return c;
 
 	/* prepare server address using path and transport name */
-	s->srvaddr = socket_address_from_strings(conn, "unix", s->full_path, 0);
+	s->srvaddr = socket_address_from_strings(conn, "unix", s->path, 0);
 	if (composite_nomem(s->srvaddr, c)) return c;
 
 	/* send socket open request */
-	sock_np_req = dcerpc_pipe_open_socket_send(c, s->conn, NULL, s->srvaddr, NULL, NCALRPC);
+	sock_np_req = dcerpc_pipe_open_socket_send(c, s->conn, NULL, s->srvaddr, NULL, s->path, NCALRPC);
 	composite_continue(c, sock_np_req, continue_np_open_socket, c);
 	return c;
 }
@@ -662,3 +664,15 @@ NTSTATUS dcerpc_pipe_open_pipe(struct dcerpc_connection *conn, const char *ncalr
 	struct composite_context *c = dcerpc_pipe_open_pipe_send(conn, ncalrpc_dir, identifier);
 	return dcerpc_pipe_open_pipe_recv(c);
 }
+
+const char *dcerpc_unix_socket_path(struct dcerpc_connection *p)
+{
+	struct sock_private *sock = (struct sock_private *)p->transport.private_data;
+	return sock->path;
+}
+
+struct resolve_context *dcerpc_resolve_ctx(struct dcerpc_connection *p)
+{
+	struct sock_private *sock = (struct sock_private *)p->transport.private_data;
+	return sock->resolve_ctx;
+}