8 files changed, 65 insertions, 253 deletions
diff --git a/source3/include/ndr.h b/source3/include/ndr.h
deleted file mode 100644
index a416866ef2..0000000000
--- a/source3/include/ndr.h
+++ /dev/null
@@ -1 +0,0 @@
-/* dummy file to deal with pidl autogenerated ndr files */
diff --git a/source3/librpc/idl/idl_types.h b/source3/librpc/idl/idl_types.h
index f21f3e660d..9885ca5bf6 100644
--- a/source3/librpc/idl/idl_types.h
+++ b/source3/librpc/idl/idl_types.h
@@ -5,33 +5,16 @@
 #define STR_NOTERM	LIBNDR_FLAG_STR_NOTERM
 #define STR_NULLTERM	LIBNDR_FLAG_STR_NULLTERM
 #define STR_BYTESIZE	LIBNDR_FLAG_STR_BYTESIZE
-#define STR_FIXLEN32	LIBNDR_FLAG_STR_FIXLEN32
-#define STR_FIXLEN15	LIBNDR_FLAG_STR_FIXLEN15
 #define STR_CONFORMANT  LIBNDR_FLAG_STR_CONFORMANT
 #define STR_CHARLEN	LIBNDR_FLAG_STR_CHARLEN
 #define STR_UTF8	LIBNDR_FLAG_STR_UTF8
 
 /*
-  a UCS2 string prefixed with [size], 32 bits
-*/
-#define lstring		[flag(STR_SIZE4)] string
-
-/*
   a null terminated UCS2 string
 */
 #define nstring		[flag(STR_NULLTERM)] string
 
 /*
-  fixed length 32 character UCS-2 string
-*/
-#define string32	[flag(STR_FIXLEN32)] string
-
-/*
-  fixed length 16 character ascii string
-*/
-#define astring15       [flag(STR_ASCII|STR_FIXLEN15)] string
-
-/*
   an ascii string prefixed with [offset] [length], both 32 bits
   null terminated
 */
diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c
index 1cb0d50d02..cc2c69b27e 100644
--- a/source4/cldap_server/netlogon.c
+++ b/source4/cldap_server/netlogon.c
@@ -349,7 +349,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
 		if (version & NETLOGON_NT_VERSION_5EX_WITH_IP) {
 			/* Clearly this needs to be fixed up for IPv6 */
 			extra_flags = NETLOGON_NT_VERSION_5EX_WITH_IP;
-			netlogon->data.nt5_ex.sockaddr.sa_family    = 2;
+			netlogon->data.nt5_ex.sockaddr.sockaddr_family    = 2;
 			netlogon->data.nt5_ex.sockaddr.pdc_ip       = pdc_ip;
 			netlogon->data.nt5_ex.sockaddr.remaining = data_blob_talloc_zero(mem_ctx, 8);
 		}
diff --git a/source4/lib/samba3/config.mk b/source4/lib/samba3/config.mk
index e089149393..365347fe21 100644
--- a/source4/lib/samba3/config.mk
+++ b/source4/lib/samba3/config.mk
@@ -6,5 +6,3 @@ PRIVATE_DEPENDENCIES = CHARSET LIBSAMBA-UTIL
 ################################################
 
 SMBPASSWD_OBJ_FILES = $(libsrcdir)/samba3/smbpasswd.o
-
-$(eval $(call proto_header_template,$(libsrcdir)/samba3/samba3_smbpasswd_proto.h,$(SMBPASSWD_OBJ_FILES:.o=.c)))
diff --git a/source4/lib/samba3/samba3.h b/source4/lib/samba3/samba3.h
index aea87dac14..1a0ce04143 100644
--- a/source4/lib/samba3/samba3.h
+++ b/source4/lib/samba3/samba3.h
@@ -24,191 +24,9 @@
 #include "librpc/gen_ndr/samr.h"
 #include "param/param.h"
 
-struct samba3_samaccount {
-	uint32_t logon_time,
-		logoff_time,
-		kickoff_time,
-		bad_password_time,
-		pass_last_set_time,
-		pass_can_change_time,
-		pass_must_change_time;
-	char *username;
-	char *domain;
-	char *nt_username;
-	char *dir_drive;
-	char *unknown_str;
-	char *munged_dial;
-	char *fullname;
-	char *homedir;
-	char *logon_script;
-	char *profile_path;
-	char *acct_desc;
-	char *workstations;
-	uint32_t user_rid, group_rid, hours_len, unknown_6;
-	uint16_t acct_ctrl, logon_divs;
-	uint16_t bad_password_count, logon_count;
-	struct samr_Password lm_pw, nt_pw;
-	uint8_t *nt_pw_hist_ptr;
-	uint8_t	*hours;
-};
-
-struct samba3_groupmapping {
-	gid_t gid;
-	struct dom_sid *sid;
-	int sid_name_use;
-	const char *nt_name;
-	const char *comment;
-};
-
-struct samba3_alias {
-	struct dom_sid *sid;
-	uint32_t member_count;
-	struct dom_sid **members;
-};
-
-struct samba3_groupdb {
-	uint32_t groupmap_count;
-	struct samba3_groupmapping *groupmappings;
-
-	uint32_t alias_count;
-	struct samba3_alias *aliases;
-};
-
-struct samba3_idmap_mapping
-{
-	enum { IDMAP_GROUP, IDMAP_USER } type;
-	uint32_t unix_id;
-	struct dom_sid *sid;
-};
-
-struct samba3_idmapdb
-{
-	/* High water marks */
-	uint32_t user_hwm;
-	uint32_t group_hwm;
-
-	uint32_t mapping_count;
-	struct samba3_idmap_mapping *mappings;
-};
-
-struct samba3_winsdb_entry 
-{
-	char *name;
-	int nb_flags;
-	int type;
-	time_t ttl;
-	uint32_t ip_count;
-	struct in_addr *ips;
-};
-
-struct samba3_policy
-{
-	uint32_t min_password_length;
-	uint32_t password_history;
-	uint32_t user_must_logon_to_change_password;
-	uint32_t maximum_password_age;
-	uint32_t minimum_password_age;
-	uint32_t lockout_duration;
-	uint32_t reset_count_minutes;
-	uint32_t bad_lockout_minutes;
-	uint32_t disconnect_time;
-	uint32_t refuse_machine_password_change;
-};
-
-struct samba3_regval {
-	char *name;
-	uint16_t		type;
-	DATA_BLOB 		data;
-};
-
-struct samba3_regkey {
-	char *name;
-	
-	uint32_t value_count;
-	struct samba3_regval *values;
-
-	uint32_t subkey_count;
-	char **subkeys;
-};
-
-struct samba3_regdb
-{
-	uint32_t key_count;
-	struct samba3_regkey *keys;
-};
-
-struct samba3_secrets
-{
-	struct cli_credentials *ipc_cred;
-	
-	uint32_t ldappw_count;
-	struct samba3_ldappw 
-	{
-		char *dn;
-		char *password;
-	} *ldappws;
-
-	uint32_t domain_count;
-	struct samba3_domainsecrets 
-	{
-		char *name;
-		struct dom_sid sid;
-		struct GUID guid;
-		char *plaintext_pw;
-		time_t last_change_time;
-		struct {
-			uint8_t hash[16];
-			time_t mod_time;
-		} hash_pw;
-		int sec_channel_type;
-	} *domains;
-
-	uint32_t trusted_domain_count;
-	struct samba3_trusted_dom_pass {
-		uint32_t uni_name_len;
-		const char *uni_name[32]; /* unicode domain name */
-		const char *pass;		/* trust relationship's password */
-		time_t mod_time;
-		struct dom_sid domain_sid;	/* remote domain's sid */
-	} *trusted_domains;
-
-	uint32_t afs_keyfile_count;
-
-	struct samba3_afs_keyfile {
-		uint32_t nkeys;
-		struct {
-			uint32_t kvno;
-			char key[8];
-		} entry[8];
-		char *cell;
-	} *afs_keyfiles;
-};
-
-struct samba3_share_info {
-	char *name;
-	struct security_descriptor secdesc;
-};
-
-struct samba3 
-{
-	struct param_context *configuration;
-
-	uint32_t winsdb_count;
-	struct samba3_winsdb_entry *winsdb_entries;
-	
-	uint32_t samaccount_count;
-	struct samba3_samaccount *samaccounts;
-
-	uint32_t share_count;
-	struct samba3_share_info *shares;
-
-	struct samba3_secrets secrets;
-	struct samba3_groupdb group;
-	struct samba3_idmapdb idmap;
-	struct samba3_policy policy;
-	struct samba3_regdb registry;
-};
-
-#include "lib/samba3/samba3_smbpasswd_proto.h"
+struct samr_Password *smbpasswd_gethexpwd(TALLOC_CTX *mem_ctx, const char *p);
+char *smbpasswd_sethexpwd(TALLOC_CTX *mem_ctx, struct samr_Password *pwd, uint16_t acb_info);
+uint16_t smbpasswd_decode_acb_info(const char *p);
+char *smbpasswd_encode_acb_info(TALLOC_CTX *mem_ctx, uint16_t acb_info);
 
 #endif /* _SAMBA3_H */
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl
index 4dce6d6d1e..341489ed23 100644
--- a/source4/librpc/idl/lsa.idl
+++ b/source4/librpc/idl/lsa.idl
@@ -124,12 +124,27 @@ import "misc.idl", "security.idl";
 		lsa_QosInfo *sec_qos;
 	} lsa_ObjectAttribute;
 
+	typedef [public,bitmap32bit] bitmap {
+		LSA_POLICY_VIEW_LOCAL_INFORMATION	= 0x00000001,
+		LSA_POLICY_VIEW_AUDIT_INFORMATION	= 0x00000002,
+		LSA_POLICY_GET_PRIVATE_INFORMATION	= 0x00000004,
+		LSA_POLICY_TRUST_ADMIN			= 0x00000008,
+		LSA_POLICY_CREATE_ACCOUNT		= 0x00000010,
+		LSA_POLICY_CREATE_SECRET		= 0x00000020,
+		LSA_POLICY_CREATE_PRIVILEGE		= 0x00000040,
+		LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS	= 0x00000080,
+		LSA_POLICY_SET_AUDIT_REQUIREMENTS	= 0x00000100,
+		LSA_POLICY_AUDIT_LOG_ADMIN		= 0x00000200,
+		LSA_POLICY_SERVER_ADMIN			= 0x00000400,
+		LSA_POLICY_LOOKUP_NAMES			= 0x00000800
+	} lsa_PolicyAccessMask;
+
 	/* notice the screwup with the system_name - thats why MS created
 	   OpenPolicy2 */
 	[public] NTSTATUS lsa_OpenPolicy (
 		[in,unique]       uint16 *system_name,
 		[in]   lsa_ObjectAttribute *attr,
-		[in]       uint32 access_mask,
+		[in]   lsa_PolicyAccessMask access_mask,
 		[out]  policy_handle *handle
 		);
 	
diff --git a/source4/librpc/idl/nbt.idl b/source4/librpc/idl/nbt.idl
index 38a2b9596a..b001b0a500 100644
--- a/source4/librpc/idl/nbt.idl
+++ b/source4/librpc/idl/nbt.idl
@@ -291,7 +291,7 @@ interface nbt
 		[switch_is(smb_command)]   smb_body body;
 	} dgram_smb_packet;
 
-    	const uint32 DGRAM_SMB = 0xff534d42; /* 0xffSMB */
+	const uint32 DGRAM_SMB = 0xff534d42; /* 0xffSMB */
 
 	typedef [nodiscriminant] union {
 		[case(DGRAM_SMB)] dgram_smb_packet smb;
@@ -334,58 +334,57 @@ interface nbt
 
 	/******************************************
 	 * \MAILSLOT\NET\NETLOGON mailslot requests
-	 * and 
-	 * \MAILSLOT\NET\NTLOGON mailslot requests 
+	 * and
+	 * \MAILSLOT\NET\NTLOGON mailslot requests
 	 */
 
 	typedef [public,gensize] struct {
-		uint32			sa_family;
+		uint32			sockaddr_family;
 		[flag(NDR_BIG_ENDIAN)]	ipv4address pdc_ip;
 		[flag(NDR_REMAINING)]	DATA_BLOB remaining;
 	} nbt_sockaddr;
 
 	typedef [bitmap32bit,public] bitmap {
-		NBT_SERVER_PDC           = 0x00000001,
-		NBT_SERVER_GC            = 0x00000004,
-		NBT_SERVER_LDAP          = 0x00000008,
-		NBT_SERVER_DS            = 0x00000010,
-		NBT_SERVER_KDC           = 0x00000020,
-		NBT_SERVER_TIMESERV      = 0x00000040,
-		NBT_SERVER_CLOSEST       = 0x00000080,
-		NBT_SERVER_WRITABLE      = 0x00000100, 
-		NBT_SERVER_GOOD_TIMESERV = 0x00000200,
-		NBT_SERVER_NDNC          = 0x00000400,
-		NBT_SERVER_SEL_SEC_DOM_6 = 0x00000800,
-		NBT_SERVER_FUL_SEC_DOM_6 = 0x00001000,
-		NBT_SERVER_DS_DNS_CONTR  = 0x04000000,
-		NBT_SERVER_DS_DNS_DOMAIN = 0x02000000,
-		NBT_SERVER_DS_DNS_FOREST = 0x01000000
+		NBT_SERVER_PDC				= 0x00000001,
+		NBT_SERVER_GC				= 0x00000004,
+		NBT_SERVER_LDAP				= 0x00000008,
+		NBT_SERVER_DS				= 0x00000010,
+		NBT_SERVER_KDC				= 0x00000020,
+		NBT_SERVER_TIMESERV			= 0x00000040,
+		NBT_SERVER_CLOSEST			= 0x00000080,
+		NBT_SERVER_WRITABLE			= 0x00000100,
+		NBT_SERVER_GOOD_TIMESERV		= 0x00000200,
+		NBT_SERVER_NDNC				= 0x00000400,
+		NBT_SERVER_SELECT_SECRET_DOMAIN_6	= 0x00000800,
+		NBT_SERVER_FULL_SECRET_DOMAIN_6		= 0x00001000,
+		NBT_SERVER_DS_DNS_CONTR  		= 0x04000000,
+		NBT_SERVER_DS_DNS_DOMAIN 		= 0x02000000,
+		NBT_SERVER_DS_DNS_FOREST 		= 0x01000000
 	} nbt_server_type;
 
 	typedef [bitmap32bit,public] bitmap {
-		NETLOGON_NT_VERSION_1   =  0x00000001,
-		NETLOGON_NT_VERSION_5   =  0x00000002,
-		NETLOGON_NT_VERSION_5EX =  0x00000004,
-		NETLOGON_NT_VERSION_5EX_WITH_IP = 0x00000008,
-		NETLOGON_NT_VERSION_WITH_CLOSEST_SITE = 0x00000010,
-		NETLOGON_NT_VERSION_AVIOD_NT4EMUL = 0x01000000,
-		NETLOGON_NT_VERSION_PDC = 0x10000000,
-		NETLOGON_NT_VERSION_IP = 0x20000000,
-		NETLOGON_NT_VERSION_LOCAL = 0x40000000,
-		NETLOGON_NT_VERSION_GC = 0x80000000
+		NETLOGON_NT_VERSION_1			= 0x00000001,
+		NETLOGON_NT_VERSION_5			= 0x00000002,
+		NETLOGON_NT_VERSION_5EX			= 0x00000004,
+		NETLOGON_NT_VERSION_5EX_WITH_IP		= 0x00000008,
+		NETLOGON_NT_VERSION_WITH_CLOSEST_SITE	= 0x00000010,
+		NETLOGON_NT_VERSION_AVIOD_NT4EMUL	= 0x01000000,
+		NETLOGON_NT_VERSION_PDC			= 0x10000000,
+		NETLOGON_NT_VERSION_IP			= 0x20000000,
+		NETLOGON_NT_VERSION_LOCAL		= 0x40000000,
+		NETLOGON_NT_VERSION_GC			= 0x80000000
 	} netlogon_nt_version_flags;
 
-
 	typedef [enum16bit,public] enum {
 		LOGON_PRIMARY_QUERY               = 7,	/* Was also NETLOGON_QUERY_FOR_PDC */
 		NETLOGON_ANNOUNCE_UAS             = 10,
 		NETLOGON_RESPONSE_FROM_PDC        = 12,
 		LOGON_SAM_LOGON_REQUEST           = 18, /* Was also NETLOGON_QUERY_FOR_PDC2, NTLOGON_SAM_LOGON */
 		LOGON_SAM_LOGON_RESPONSE          = 19, /* Was also NTLOGON_SAM_LOGON_REPLY */
-		LOGON_SAM_LOGON_PAUSE_RESPONSE    = 20, 
+		LOGON_SAM_LOGON_PAUSE_RESPONSE    = 20,
 		LOGON_SAM_LOGON_USER_UNKNOWN      = 21, /* Was also NTLOGON_SAM_LOGON_REPLY15 */
 		LOGON_SAM_LOGON_RESPONSE_EX       = 23,  /* was NETLOGON_RESPONSE_FROM_PDC2     */
-		LOGON_SAM_LOGON_PAUSE_RESPONSE_EX = 24, 
+		LOGON_SAM_LOGON_PAUSE_RESPONSE_EX = 24,
 		LOGON_SAM_LOGON_USER_UNKNOWN_EX   = 25 /* was NETLOGON_RESPONSE_FROM_PDC_USER */
 	} netlogon_command;
 
@@ -437,7 +436,7 @@ interface nbt
 		nbt_server_type      server_type;
 		netlogon_nt_version_flags    nt_version;
 		uint16               lmnt_token;
-		uint16               lm20_token;		
+		uint16               lm20_token;
 	} NETLOGON_SAM_LOGON_RESPONSE;
 
 	/* response from pdc hand marshaled (we have an additional
@@ -458,11 +457,11 @@ interface nbt
 		nbt_string           client_site;
 
 		/* Optional on NETLOGON_NT_VERSION_5EX_WITH_IP */
-		 [value(ndr_size_nbt_sockaddr(&sockaddr, ndr->flags))] uint8 sockaddr_size; 
-		 [subcontext(0),subcontext_size(sockaddr_size)] nbt_sockaddr sockaddr;
-		
+		[value(ndr_size_nbt_sockaddr(&sockaddr, ndr->flags))] uint8 sockaddr_size;
+		[subcontext(0),subcontext_size(sockaddr_size)] nbt_sockaddr sockaddr;
+
 		/* Optional on NETLOGON_NT_VERSION_WITH_CLOSEST_SITE */
-		 nbt_string           next_closest_site;
+		nbt_string           next_closest_site;
 
 		netlogon_nt_version_flags               nt_version;
 		uint16               lmnt_token;
@@ -548,7 +547,7 @@ interface nbt
 	/********************************************************/
 	typedef bitmap svcctl_ServerType svcctl_ServerType;
 
-	typedef [enum8bit] enum { 
+	typedef [enum8bit] enum {
 		HostAnnouncement 	= 1,
 		AnnouncementRequest	= 2,
 		Election		= 8,
@@ -576,7 +575,7 @@ interface nbt
 
 	typedef struct {
 		uint8 Unused;
-		astring ResponseName; 
+		astring ResponseName;
 	} nbt_browse_announcement_request;
 
 	typedef struct {
@@ -584,7 +583,7 @@ interface nbt
 		uint32 Criteria;
 		uint32 UpTime; /* In milliseconds */
 		uint32 Reserved; /* Must be zero */
-		astring ServerName; 
+		astring ServerName;
 	} nbt_browse_election_request;
 
 	typedef struct {
@@ -649,6 +648,6 @@ interface nbt
 
 	typedef [public,flag(NDR_NOALIGN)] struct {
 		nbt_browse_opcode opcode;
-		[switch_is(opcode)] nbt_browse_payload payload;	
+		[switch_is(opcode)] nbt_browse_payload payload;
 	} nbt_browse_packet;
 }
diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c
index 23b0554c4f..2c95d46058 100644
--- a/source4/torture/ldap/cldap.c
+++ b/source4/torture/ldap/cldap.c
@@ -280,10 +280,10 @@ static bool test_cldap_netlogon_flags(struct torture_context *tctx,
 		printf("NBT_SERVER_GOOD_TIMESERV ");
 	if (server_type & NBT_SERVER_NDNC)
 		printf("NBT_SERVER_NDNC ");
-	if (server_type & NBT_SERVER_SEL_SEC_DOM_6)
-		printf("NBT_SERVER_SEL_SEC_DOM_6 ");
-	if (server_type & NBT_SERVER_FUL_SEC_DOM_6)
-		printf("NBT_SERVER_FUL_SEC_DOM_6 ");
+	if (server_type & NBT_SERVER_SELECT_SECRET_DOMAIN_6)
+		printf("NBT_SERVER_SELECT_SECRET_DOMAIN_6");
+	if (server_type & NBT_SERVER_FULL_SECRET_DOMAIN_6)
+		printf("NBT_SERVER_FULL_SECRET_DOMAIN_6");
 	if (server_type & NBT_SERVER_DS_DNS_CONTR)
 		printf("NBT_SERVER_DS_DNS_CONTR ");
 	if (server_type & NBT_SERVER_DS_DNS_DOMAIN)